Privacy Policy

Author(s): Legal and Compliance
Last review date: 2024 – December
Next review date: 2025 – December

1. Who Are We

The Validus Group consists of various legal entities, including Validus Risk Management Limited, Validus Europe AS, Validus NA Inc, Validus USA, Inc, Validus Group Limited and Validus Risk Management Asia Pte Ltd. The “Validus Group”, “we”, “our” or “us” means the Validus entity responsible for the collection and use of personal data depending on the jurisdiction. The Validus Group may process certain personal data about you, depending on the scope of your specific relationship with us. This processing of personal data is regulated under the: Data Protection Act of the United Kingdom, General Data Protection Regulation (2016/679), including the Law on the Processing of Personal Data applicable in Norway ( together the GDPR) and the e-Privacy Directive (2002/58/EC), which both apply across the European Union, Personal Data Protection Act (PDPA), Personal Information Protection and Electronic Documents Act (the PIPEDA), New York Privacy Act (together referred to as the Data Protection Laws). We are responsible as ‘data controller’ of your personal data for the purposes of those laws.

2. What Does This Privacy Notice Cover?

This privacy notice (the “Privacy Notice”) will apply when you:

• directly and/or indirectly use our services as a potential or current client;
• visit and use our website;
• apply for a role with us; and
• have been contacted through our direct marketing strategy, either via phone or email.

3. Data Protection Principles

We take your privacy seriously and we are committed to collecting and using your personal data fairly and in accordance with requirements of applicable data protection legislation. We will comply with the principles set out in the Data Protection Laws, which state that the personal data we hold about you must be:

• used lawfully, fairly and in a transparent way;
• with your consent, a request for which shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language;
• collected only for valid purposes that we have clearly explained to you;
• relevant to the purposes we have told you about and limited only to those purposes;
• accurate and kept up to date;
• kept only as long as necessary for the purposes we have told you about; and
• kept securely.

Personal data means any information about an individual from which that person can be identified.

4. Personal Data We Collect About You

We may ask for and collect from you personally identifiable and other information at certain points via our website and via your relationship and interactions with us. We may collect, use, store, transfer or otherwise process different kinds of data about you, as follows:

• Identity data including your name, date of birth, place of birth, gender, nationality, copies of your identity card, passport and/or driving licence, right to work and, where offered to us, data relating to your education and employment background.
• Contact data including your billing/registered/residential address, email address, telephone number and emergency contact information.
• Client-related data including business information, relationship with you (or with a client of whom you are an employee or other staff member), information about any shareholdings, business contact details.
• Financial data including your bank account details, your tax status information, your tax identification number and your fiscal residence.
• Other background identification data including evidence of beneficial ownership and source of funds to comply with our client due diligence, know your customer (“KYC”) and anti-money laundering regulations and collected as part of our client acceptance and ongoing monitoring procedures as required by law.
• Usage data including data obtained through your use of our website or interface that we provide to you through our website as well as data collected through cookies, server logs and other similar tracking technologies.

We may collect data relating to criminal convictions and offences subject to compliance with the strict conditions set out under the applicable data protection legislation.

5. How and Why We Collect / Use Personal Data

We use your personal data mainly to: interact with you; to provide you with support services; to make it easy to navigate our website; to improve our website and our products; and to offer you content and services that might interest you. Your information may be stored and processed by us in the following ways and for the following purposes (by way of a non-exhaustive list):

• understanding your needs and interests;
• allowing you to use and access the functionality provided by our website services;
• communicating with you, where you have requested or consented, regarding any service or any other situation where you have engaged us to provide you with information;
• recording of incoming and outgoing calls for training, monitoring, and security purposes;
• identification verification, money laundering and other checks to confirm your identity and to ensure that the investments which we handle for you are done in compliance with our legal obligations;
• reviewing and improving the performance of our website and your use of it (including any personalisation which you may have indicated and which we have retained using cookies;
• managing and administering our business;
• complying and assessing compliance with applicable law, rules and regulations and internal policies and procedures;
• administering and maintaining databases that store information;
• for marketing communications (where it is lawful for us to do so and where you have not objected to the use of your information for these purposes);
• identifying and evaluating candidates for potential employment, as well as for future roles that may become available;
• maintaining records in relation to recruiting and hiring;
• conducting background checks (if you receive an offer from us) including, to the extent permitted by applicable law, criminal history checks;
• to deal with requests from you to exercise your rights under data protection laws; or
• managing event registrations, including limited data sharing with co-hosts and venues for event administration purposes.

Where we need to collect, or you are required by law or contract to provide, personal data, and you fail to provide the personal data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to decline to provide or receive the relevant services.

6. Who Your Personal Data May Be Shared With?

We may share your personal information with other group companies, affiliates and other third parties to help us process your personal information for the purposes set out in this Privacy Notice. This may include:

• contractors, sub-contractors, business partners, introducers, suppliers and/or service providers that help us perform our business functions;
• law enforcement agencies in connection with any investigation to help prevent unlawful activity;
• legal representatives and consultants in situations where expert advice and legal opinions are required;
• processors that maintain our IT systems; and / or
• event partners and venues, but only if you sign up for an event and only to help organise and run the event; for example, to manage guest lists or cater to any dietary or accessibility needs.

Your personal data is never sold and any personal data that is shared is in line with the Data Protection Laws.

7. How Long Your Personal Data Will Be Kept

We will maintain your personal data through-out the lifecycle of the contract. We may need to keep your data for a longer period where we need to retain personal data to comply with legal or regulatory requirements, such as to help us respond to complaints or preventing fraud and financial crime. If we are not required to retain the personal data, we will destroy, delete or anonymise it at the point it is no longer required.

8. Keeping Your Personal Data Secure

We store your personal data in a secure environment. We have appropriate security measures in place to prevent personal data from being lost, accessed or used in an unauthorised way, including encryption and other forms of security. We limit access to your personal data to those who have a genuine business need to know it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Whilst we will use all reasonable efforts to secure your personal data, in using the website you acknowledge the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of personal data that is transferred from you.

9. Storage, Transfers and Retention -Outside of the United Kingdom

To operate our business, your personal data may be transferred to and stored in locations outside of the UK, such as the European Economic Area. When we do this, we will ensure the recipient entity has an appropriate level of protection and that the transfer is lawful through controls, such as Standard Contractual Clauses. We may need to transfer your data in this way to carry out our contractual obligations to you, to fulfil a legal obligation and/or for our legitimate interests. In such instances, we will only share the personal data with those who have the right to see the personal data.

10. Marketing

We would like to send you information about our services and our business, which may be of interest to you. Such information could be sent by post, email, or telephone.

We will ask whether you would like us to send you marketing messages on the first occasion that you provide any relevant contact information. If you do opt in to receive such marketing from us, you can opt out at any time (see section 12 below: ‘What rights do you have?’ for further information). If you have any queries about how to opt out, or if you are receiving messages, you do not want to, you can contact us using the details provided below.

11. Your Rights

We would like to make sure you are fully aware of all your data protection rights.

The right to access –  You have the right to request us for copies of your personal data and how we process the data. This is called a data subject access request and you can make a request by writing to us using the contact details below. We may require further information from you in order to verify your identity before disclosing any personal information to you.

The right to rectification – You have the right to request that we correct any personal data you believe is inaccurate. You also have the right to request we complete personal data you believe is incomplete.

The right to erasure – You have the right to request that we erase your personal data, under certain conditions. If you enforce this right at the same time as you object to the processing we will have to maintain basic identification data to ensure we do not contact you again.

The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to our processing of your personal data, this means if you do not want to be contacted for the purposes set out in this notice then we will stop processing your data.

The right to data portability – You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.

If you wish to exercise any of the rights set out above, you can contact us using the details at the end of this Privacy Notice. If you make a request, we have one month to respond to you..

From time to time, we may have other methods to unsubscribe (opt-out) from any direct marketing including, for example, unsubscribe buttons or weblinks. If such are offered, please note that there may be some period after selecting to unsubscribe in which marketing may still be received while your request is being processed.

12. Changes to the Privacy Notice

We may update or amend this Privacy Notice from time to time. You should check this Privacy Notice frequently to ensure you are aware of the most recent version that will apply each time you access this website. We will also attempt to notify users of any changes by:

• Email if you have opted to receive emails; and/or
• A notice on the website header.

13. Contacting Us

If you have any questions about this Privacy Notice or the personal data we hold about you, please contact us by:

• Email – landc@validusrm.com
• Post – 3rd Floor, 22, 24 Torrington Pl, London WC1E 7LY

14. Complaints

If you have any complaints about this Privacy Notice or the personal data we hold about you, please contact us by reaching out to the above contact information. We are committed to working with you to achieve a fair resolution of any complaint or concern about your privacy. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time.

If you are unsatisfied by our response, you can contact the Information Commissioners Office (ICO) by contacting:

• Contact number: 0303 123 1113
• Website: https://ico.org.uk/make-a-complaint/