Cookies & Privacy Policy

Your privacy is very important to us. Accordingly, we have developed this Policy in order for you to understand how we collect, use, communicate and disclose and make use of personal information. The following outlines our privacy policy.
  • Before or at the time of collecting personal information, we will identify the purposes for which information is being collected.
  • We will collect and use of personal information solely with the objective of fulfilling those purposes specified by us and for other compatible purposes, unless we obtain the consent of the individual concerned or as required by law.
  • We will only retain personal information as long as necessary for the fulfillment of those purposes.
  • We will collect personal information by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned.
  • Personal data should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete, and up-to-date.
  • We will protect personal information by reasonable security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
  • We will make readily available to customers information about our policies and practices relating to the management of personal information.

We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained.

General Data Privacy Notice Legal framework for protecting your personal data This data privacy notice is written to comply with the European Union General Data Protection Regulation (GDPR). GDPR gives control to citizens and residents over their personal data.

Data Controller Name: SIGCo
Phone: +44 (0) 1624-664-095
Address: Level 2, Samuel Harris House, 5-11 St. Georges Street, Douglas, Isle of Man, IM1 1AJ

Data Protection Officer  Email:
Address: 90 Fenchurch Street, London, EC3M 4ST, United Kingdom

Data Controller's Lines of Business SIGCo as a controller for all lines of businesses under ownership or management. These businesses are:
  1. SIGCo (IoM) Limited
  2. SIGCo Management (IoM) Limited
  3. SIGCo Management Services (IoM) Limited
  4. SIGCo Ltd.
  5. SIGCo Management (Bermuda) Limited

How data is used  SIGCo may process personal information as part of its insurance and financial services businesses: underwriting, reinsurance, claims, finance, marketing, renewals, contract review, risk management and employment.

Personal data profile categories processed SIGCo maintains personal data for:
  1. Advisers, consultants and other professional experts
  2. Business associates, other professional bodies, advisers
  3. Business contacts
  4. Complainants and enquirers
  5. Customers and clients
  6. Employees
  7. Employers and employees of other organisations
  8. Members and beneficiaries
  9. Offenders and suspected offenders
  10. Relatives, guardians
  11. Shareholders
  12. Suppliers and services providers
  13. Subjects of claims, investigations, proceedings and other claim related profiles
  14. Trustees
  15. Witnesses

Automated decision making SIGCo does not use automated decision making.

The legal bases we use for lawful processing  In order for SIGCo to conduct business and fulfil its legal, regulatory and contractual obligations, it needs to perform legitimate and fundamental processing. These are:
  1. Establishing contracts
  2. Maintaining contracts
  3. Provision of all contracted services
  4. Invoicing, remittance, payments, collections
  5. Non-promotional communications
  6. Marketing and other promotional communications
  7. Risk management contract review
  8. Response to Subject Access Requests
  9. Performance measurement
  10. IT support services
  11. Business Continuity Planning
  12. Legal and regulatory obligations
  13. Responding to enquiries, requests and complaints
  14. Employment processing
The categories of people who will access or receive the data SIGCo sometimes needs to share the personal information it processes with individuals themselves and also with other organisations. Below is a description of the types of organisations with which SIGCo may need to share some of the personal information it processes.
  1. Agents and brokers
  2. Business associates, other professional bodies, advisers
  3. Central / local government
  4. Claimants, beneficiaries, assignees and payees
  5. Claims investigators
  6. Complainants, enquirers
  7. Courts and tribunals
  8. Credit reference, debt collection and tracing agencies
  9. Current, past and prospective employers
  10. Customers and clients
  11. Data processors
  12. Debt collection and tracing agencies
  13. Education and examining bodies
  14. Employment and recruitment agencies
  15. Family, associates and representatives of the person whose personal data we are processing
  16. Financial organisations and advisers
  17. Healthcare professionals, social and welfare organisations
  18. Law enforcement and prosecuting authorities
  19. Ombudsman and regulatory authorities
  20. Other companies in the same group
  21. Pension schemes 
  22. Police forces
  23. Private investigators
  24. Professional advisers
  25. Share Administrators
  26. Suppliers and services providers
  27. Survey and research organisations
  28. Trade associations, professional bodies, employer associations

The countries where data will be stored, processed and transferred Your personal data collected by SIGCo may be stored and processed in the United Kingdom or any other country in which SIGCo or associated third parties maintain facilities. Should SIGCo need to transfer your personal data, SIGCo will take all reasonable measures to safeguard the transfer of your personal data to third parties in a manner that complies with the GDPR.

How long the data will be retained  Retention of specific records may be necessary for one or more of the following reasons:
  1. To fulfil statutory or other regulatory requirements.
  2. To evidence events/agreements in case of disputes.
  3. To meet our operational needs.
  4. To meet any historical purposes.

Personal data that is collected and subsequently never used for any business purpose will be reviewed and may be destroyed at SIGCo's discretion.

What happens if the data isn't collected Your personal data is required for communication and setting up a contractual agreement to provide products and services. Without this data SIGCo will not be able to communicate with you or enter into a contractual agreement with you. This includes both business and employment contracts.

SIGCo needs personal data to:
  1. enable consensual bilateral communications;
  2. engage in pre-contractual activities;
  3. honour contractual obligations; and
  4. enable it to employ people.

Without this data, SIGCo will not be able to perform these four primary activities.

The right to withdraw consent In situations where SIGCo requests and receives your consent to perform processing, we are also obliged to stop such processing if you decide to withdraw your consent. Withdrawing consent is as straightforward as giving consent. Withdrawing consent cannot be back-dated so it has no effect on processing already performed during the period of consent.

The right to access, change, delete, restrict, object, request a copy You have rights regarding the personal data we store on your behalf. These are:
  1. access to a copy of your personal data;
  2. object to processing that you object to; 
  3. stop receiving direct marketing material;
  4. object to decisions being taken by automated means;
  5. have inaccurate personal data rectified, blocked, erased or destroyed;
  6. lodge a complaint with the Information Commissioner’s Office;
  7. claim compensation for damages caused by a breach of the GDPR.

Should you ever wish to exercise any of these rights, please contact the Data Protection Officer.

The right to complain to the regulator

You have the right to lodge a complaint with the Information Commissioner’s Office if you think that your personal data has been inappropriately used.
Date: 05/17/2018