This privacy notice is intended to provide you with details of how we collect and use your personal data, as well as explaining your rights as a data subject, in accordance with the Data Protection Laws.

Except where expressly stated this privacy notice applies to the Standard Club Group and the North Group (collectively referred to as NorthStandard, or the NorthStandard Group).

Who is our Data Protection Officer?

The data protection laws include: the UK Data Protection Act 2018 , the UK GDPR (as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulation 2019, (UK GDPR) Regulation (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (General Data Protection Regulation “GDPR”),the Irish Data Protection Act 2018 (Irish Act) and the Singapore Personal Data Protection Act 2012, as amended by the Personal Data Protection (Amendment) Act 2020 (the Act) (the Singapore Act).

We have a Data Protection Team which forms part of the NorthStandard Compliance team and the NorthStandard Legal team.

Our Data Protection Team oversees compliance with data protection law and its contact details are: dataprotection@north-standard.com.

For the Standard Club Group, we have the following relevant local registrations:

In the UK and EEA, Personal data is defined as:

‘Any information relating to an identified or identifiable natural person’

1. What information do we collect about you?

As part of providing services to you we may collect personal data and special category data.

2. Who do we share information about you with?

The sharing of personal data is required to support our business activities and to provide a service to you, along with ensuring that we meet applicable statutory or regulatory requirements.

We have detailed below a list of the type of recipients we may share information about you with as the specific recipients may change from time to time.

We do not share all information for all individuals with every third party and the list is subject to constant review and change. We will also not disclose your personal data to a third party unless we are satisfied that we either have your consent or there is a lawful reason for doing so.

If required a full list of the names of all parties that we share information is available from the Data Protection Officer (see details above).

List of recipients

  • Employees and directors of NorthStandard who need access to the personal data to perform their role within NorthStandard.

  • Financial services regulators who oversee the activities of authorised insurance businesses.

  • Government agencies, public bodies or authorities who deal with taxation, such as HMRC.

  • Public bodies or law enforcement agencies who are concerned with anti- money laundering, anti-bribery, financial sanctions activity and disclosure and barring services.

  • Third parties as required under the relevant Insolvency Act requirements.

  • Corporate registrars who are legally required to hold certain company information.

  • Credit referencing, screening and background checking agencies who provide credit, background and financial service checks.

  • Reinsurers involved with the reinsurance of NorthStandard business.

  • Our corporate insurers if required under the terms of the policy placed with them.

  • NorthStandard auditors and internal auditors.

  • Professional advisors such as lawyers, arbitrators, accounting firms, tax advisers and actuaries, who provide support in operating our business.

  • Brokers, intermediaries, agents, surveyors and correspondents who may provide initial and on-going support with our insurance business.

  • Our company bankers, custodians and investment managers who hold funds and/or make and receive payments on our behalf.

  • Website and internet service providers who provide support and hosting for our internet and intranet services.

  • Information technology (IT) support companies who provide day to day maintenance and support for our IT and database services.

  • Digital agencies who provide marketing and communication support.

  • Workflow management service providers.

  • Recruitment agencies and platforms we may deal with during the recruitment process.

  • Printers and publishers who provide electronic and paper-based solutions for company publications.

  • Learning, development and training service providers.

  • Embassies who provide visa processing services for overseas travel or work abroad.

  • Current or prospective NorthStandard members or policyholders.

  • International Group of Protection and Indemnity Clubs.

  • Software application and IT service providers who provide services to NorthStandard.

  • Facilities and corporate travel suppliers.

  • Any company within NorthStandard. For further information please click here.

3. Where do we send information about you to?

NorthStandard operates a number of branches and subsidiaries worldwide. We may transfer information we hold about you to one or more of these locations (overseas transfer) if required to fulfil the purposes set out above. We will only do this if one of the following conditions applies to the overseas transfer:-

  • it is necessary in order for us to perform a contract between you and us;

  • it is necessary in order for us to take measures to enter into a contract with you where you have requested us to do so;

  • it is necessary for us to establish, exercise or defend legal claims; or

If none of the conditions listed above apply, you have explicitly consented to the overseas transfer.

Cross-Border Data Transfers

Where permitted by applicable law, we may transfer the personal data we collect about you to the United States and other jurisdictions that may not be deemed to provide the same level of data protection as your home country.

If you are located in the United Kingdom or the European Economic Area, we have implemented the relevant data transfer mechanism from article 46 of the GDPR to secure the transfer of your personal data to the United States and other jurisdictions.

We will always keep records of where your data has been sent outside of the United Kingdom or the European Economic Area.

If you are not located in the United Kingdome or the European Economic Area, please refer to section 6 below.

4. How long do we store information about you for?

We are a regulated financial services entity and as such we are subject to prescribed retention periods in relation to personal data. We are also required to retain personal data to comply with limitation periods prescribed by law.

We operate a data retention policy for each jurisdiction in which we operate which sets out the specific periods we will hold information for and when we need to destroy information that we no longer require for legal, regulatory or commercial reasons.

Generally, our retention period will be up to six years. However, this may be longer in some instances, for example when dealing with a claim, or for other jurisdictions.

Overall the criteria used to establish the period for which personal data will be stored is determined by regulatory or legal requirements. This is also supported by each of the NorthStandard group’s data retention policies which provides that such information must not be kept for any longer than necessary to fulfil the purposes for which it was collected.

Further details are available from dataprotection@north-standard.com.

5. What are your rights?

Under the GDPR, you have the following rights:

  • Right of information– Controller must advise the data subject of how personal data is processed;

  • Right of access– request access to any personal data we hold about you;

  • Right of rectification– have any personal data which we hold about you which is inaccurate or incomplete rectified;

  • Right to be forgotten– have personal data erased in certain circumstances. This right does not apply, for example, where the processing is necessary (i) to comply with a legal obligation or (ii) for the establishment, exercise or defence of legal claims;

  • Right to restriction of processing– have the processing of your personal data restricted in certain circumstances. This right does not apply, for example, where we continue to use your personal data (i) for the establishment, exercise or defence of legal claims or (ii) to protect the rights of another;

  • Right of portability– to be provided with the personal data that you have supplied to us in a portable format that can be transmitted to another organisation without hindrance but in each case where (i) the processing is carried out by automated means and (ii) the processing is based on your consent or on the performance of a contract with you;

  • Right to object– object to certain types of processing, including processing based on legitimate interests, automated processing (which includes profiling) and processing for direct marketing purposes; and

  • Right to object to automated processing , including profiling– not be subject to a decision that is based solely on automated processing which produces a legal effect or which has a similar significant effect for you.

If you wish to exercise any of the rights set out above, you must make the request in writing to the Data Protection Officer (Details above). Please note some of these rights are restricted in some circumstances.

If you have provided your consent to any of the processing of your personal data, you have the right to withdraw your consent to that processing at any time. Please contact the Data Protection Officer if you wish to do so.

Some aspects of processing personal data in insurance may also fall within the ‘public interest’ lawful basis. Where we rely on our legitimate interests, we will always balance them against the rights and freedoms of the people whose personal data we process. If their rights override our legitimate interests we will cease to process personal data where we are relying solely on this to process personal data.

6. For individuals located outside of the EU

How do I make a complaint to a supervisory authority?

Any breach of the Data Protection Laws will be taken seriously and if you consider that the data protection principles have not been followed in respect of personal data about yourself or others you have the right to lodge a complaint with the relevant data protection supervisory authority.

If you are unsatisfied with our response to any issues that you raise, you have the right to make a complaint with the data protection authority in your jurisdiction.

The United Kingdom’s data protection supervisory authority is the Information Commissioner’s Office. If you have any issues with our processing of your personal data and would like to make a complaint, you may contact the Information Commissioner’s Office on 0303 123 1113 or at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom.

NorthStandard Group’s EU data protection supervisory authority is the Office of the Data Protection Commissioner. If you have any issues with our processing of your personal data and would like to make a complaint, you may contact the Office of the Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois or at info@dataprotection.ie.

Cookie Policy

A cookie is a small file which asks permission to be place on your computer’s hard drive. For full details of our cookie policy please refer to our main internet site or click here.

Changes to the Policy

This Policy was published on 20 January 2024. We reserve the right to make changes to this policy as required.

If you require this privacy notice information to be provided to you in paper form please contact:

Our Data Protection Team, at dataprotection@north-standard.com.