FIS Privacy Group
| Furness Insurance Services Ltd | having its registered office in London (UK), 106, Fenchurch Street EC3M 5JF, Register Code 07161867, in the person of its legal representative |
| International Professional Risks Ltd | having its registered office in London (UK), 106, Fenchurch Street EC3M 5JF, Register Code 04935842, in the person of its legal representative |
| Furness Underwriting Ltd | having its registered office in London (UK), 106, Fenchurch Street EC3M 5JF, Register Code 06308306, in the person of its legal representative |
| CHP Legal Ltd | having its registered office in London (UK), 106, Fenchurch Street EC3M 5JF, Register Code 07359628, in the person of its legal representative |
| International Professional Risks Europe Srl | having its registered office in Bruxelles (Belgio), Bastion Tower – Level 20 Place du Champ de Mars 5, 1050, Register Code 0696.787.028, in the person of its legal representative |
| Furness Underwriting Europe Srl | having its registered office in Bruxelles (Belgio), Bastion Tower – Level 20 Place du Champ de Mars 5, 1050, Register Code 0696.787.325, in the person of its legal representative |
| Furness Underwriting SRL | having its registered office in Milano (ITA), Via Cassanese 47, C.F. / Partita I.V.A. 13260310969, in the person of its legal representative |
| CHP Legal SRL | having its registered office in Milano (ITA), Via Cassanese n. 47, C.F. / Partita IVA 03392081208, in the person of its legal representative |
| Furness Iberia SL | having its registered office in Madrid (SPA), Calle Orense núm. 81, (28020), CIF B01663392, in the person of its legal representative |
Purpose of this notification
The company Furness Insurance Services, with registered office at 106 Fenchurch Street, London EC3M 5JF, United Kingdom, together with the other companies indicated in the epigraph, entered into a Joint Controllers Agreement for the processing of personal data on 1.2.2025, in accordance with current legislation on the protection of personal data pursuant to art. 26 of Regulation 2016/679/EU (hereinafter also “GDPR”) and the UK GDPR, with which the “FIS Privacy Group” was established (hereinafter also referred to simply as the “Group”), and the methods of processing personal data shared by the Group have been established, a single and common DPO has been appointed (lawyer Maria Sofia Amalfitano – pursuant to art. 37 of EU Regulation 679/2016 and UK GDPR), and the various responsibilities have been distributed, with the clarification, contained in the aforementioned agreement (art. 10, co. 2), for which “It is understood that each Joint Controller will be responsible for any sanctions imposed by the Authorities or for damages caused to third parties as a result of data processing carried out by the same individual Joint Controller not in accordance with the Data Protection Management System (DPMS) adopted by the Group”.
Furness Insurance Services (hereinafter also referred to simply as the “Data Controller” or “Joint Controller” in the FIS Privacy Group), has developed a secure website and web services (hereinafter the “Website”) which insurance brokers can access to enter various data, including data relating to the contracting parties and/or beneficiaries and relevant risks, submit a request for a quote, prepare insurance policies and certificates, and notify and manage claims (hereinafter the “Services”).
The FIS Privacy Group is committed to respecting and protecting your privacy and wants you to feel safe both when simply browsing the website owned by the joint owner FIS, and in the event you decide to provide your personal data to use the services made available to its Users and/or Customers.
With this policy, the FIS Privacy Group intends to provide some information on the processing of personal data relating to Users who visit or consult the website accessible by telematic means starting from the address www.fisg.co.uk (the “Website”). The information is provided only for the websites of companies belonging to the FIS Privacy Group and not for other websites that may be consulted by the user through links (for which please refer to the respective privacy policies). The reproduction or use of pages, materials and information contained within the Site, by any means and on any medium, is not permitted without the prior written consent of the company that owns the site. Copying and/or printing is permitted for personal and non-commercial use only (for requests and clarifications, contact the Data Controller or the DPO at the addresses below). Other uses of the content, services and information on this site are not permitted.
With regard to the content offered and the information provided, the Data Controller will ensure that the contents of the Site are reasonably updated and revised, without offering any guarantee on the adequacy, accuracy or completeness of the information provided, explicitly declining any responsibility for any errors and omissions in the information provided on the Site and App.
Source – Navigation data
The FIS Privacy Group informs you that the personal data you provide and acquired together with the request for information and/or contact, registration to the site and use of services via smartphone or any other tool used to access the internet, as well as the data necessary to provide such services, including navigation data and data used for the possible purchase of services offered by the Data Controller or other companies in the FIS Privacy Group, but also data regarding the so-called “navigation of” the site by Users, will be processed in compliance with applicable regulations. The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of the Internet. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the “IP addresses” or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the web server, the size of the file obtained in response, the numerical code indicating the status of the response given by the web server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check the correct functioning of the website of the Data Controller. It should be noted that the aforementioned data could be used to ascertain responsibility in the event of computer crimes against the site of the Data Controller or other sites connected to it: except for this possibility, data on web contacts currently do not persist for more than a few days.
Source: Data supplied by the user
The Data Controller collects, stores and processes your personal data for the purpose of providing the services offered on the Site, or for legal obligations. With regard to some specific Services, Promotions, etc., the Data Controller may also process your data for commercial purposes. In such cases, specific, separate, optional and always revocable consent will be requested in the manner and using the contact details indicated below.
The optional, explicit and voluntary sending of e-mails to the addresses indicated in the appropriate section of the Website, as well as the completion of questionnaires (e.g. forms), communication via chat, social networks, call centers, etc., involves the subsequent acquisition of some of your personal data, including that collected through the use of related services, which is necessary to respond to requests. We also inform you that when using the mobile connection to access digital content and services offered directly by the Data Controller or by other companies of the FIS Privacy Group, or by our Partners, it may be necessary to transfer your personal data to such third parties. We would like to point out that you may access the Site or connect to areas where you may be able to publish information using blogs or bulletin boards, communicate with others, for example by coming from the Company page on Facebook®, LinkedIn®, YouTube®, and other social networking sites, review products and offers, and post comments or content. Before interacting with these areas, we invite you to carefully read the General Conditions of Use, keeping in mind that, in certain circumstances, the published information can be viewed by anyone with Internet access and all the information you include in your publications can be read, collected and used by third parties.
The Owner will collect and process information about you (as an individual) that allows you to be identified. The Owner may also be able to collect and process information about other people in the same way if you choose to provide it to them.
This information may be classified as “Personal Data” and collected by the Data Controller if you provide it (for example, when registering your account, or to use the Services indicated on this site).
The Personal Data that can be processed by the Data Controller through the Site or other tools/methods are as follows:
a. Name, contact details and other personal data
In various sections of the Site – including, in particular, when creating an account on the Site or filling in a Form – you will be asked to enter information such as your name, telephone number, e-mail address, gender, date of birth, country of residence and address, as well as, in some cases, information relating to the company you currently work for and the position you hold.
In addition, whenever you participate in surveys that may be available on the Site, as well as whenever you communicate with the Owner through the contact forms on the Site, the Owner may collect additional information that you provide.
This is also the case for additional information that you may decide to provide in other dedicated sections of the Site.
b. Application
When registering to apply for a position with the Owner, in the “Send your application” section of the Website (where available), you will also be asked to provide various types of Personal Data, including professional / employment data (e.g. CV, cover letter, professional qualifications, availability to start, professional social media URLs, etc.).
You may also be asked for optional information such as your marital status, gender and date of birth.
c. Special categories of personal data
Some areas of the Site provide you with free text fields where you can communicate certain information to the Data Controller through specific Forms.
It is possible to use these areas to disclose (inadvertently or not) some sensitive (“particular”) categories of personal data, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. The content you share in these fields may also (inadvertently or otherwise) include other types of special information about you, such as your genetic data, biometric data, or data concerning your health, sex life, sexual orientation, or disabilities.
The Owner expressly asks you not to disclose any special personal data in these free text fields on the Site, unless it is strictly necessary. Please note that if you do share special data, the Owner will need your explicit consent.
When registering to apply, you will also be asked to provide (optionally) additional Personal Data, identified as “job specific information”.
d. Personal data of other people
As mentioned in the previous section, some areas of the Website and Forms include specific fields as well as free text fields in which you can write messages to the Data Controller, or in any case allow you to enter various types of data on the Website. These messages and content may (inadvertently or on purpose) include Personal Data relating to other people.
In other sections of the Website, you will be asked to submit Personal Data relating to third parties, such as other contact persons at your company, colleagues, clients, insured persons, complainants, counterparties and/or insurers.
In the event that you share Personal Data relating to other people, you will be considered an independent data controller of such Personal Data and will assume all inherent legal obligations and responsibilities. The Owner shall be considered indemnified from any complaints or requests for compensation for damages that may derive from the processing of such Personal Data, caused by third parties whose information was provided through the Site.
Since the Data Controller does not collect this information directly from third parties (but collects it, indirectly, from you), it must ensure that it has obtained consent; otherwise, it must ensure that there are other appropriate reasons on which to rely to legally provide this information to the Data Controller.
e. Navigation data
The operation of websites, as is standard with any website on the Internet, involves the use of computer systems and software procedures, which collect information about the users of the websites as part of their normal operation. Although the Owner does not collect this information in order to link it to specific users, it is still possible to identify those users either directly via that information or by using other information collected – as such that information is also considered Personal Data.
This information includes several parameters related to the operating system and the IT environment, including your IP address, location (country), the domain names of your computer, the URI (Uniform Resource Identifier) addresses of the resources you request on the website, the time of such requests, the method used to submit them to the server, the size of the file obtained in response to a request, the numerical code indicating the status of the response sent by the server (successful, error, etc.), and so on.
This data is used to compile statistical information on the use of the Site, as well as to ensure its correct functioning and to identify any faults and/or abuse of the Site.
f. Cookies
Cookies are small text files that can be sent to and registered on your computer by the websites you visit, to then be re-sent to the same sites during subsequent visits. These cookies allow the websites to “remember” your actions and preferences (such as login data, language, font size, other display settings, etc.) so you do not have to reset these settings when you return to the website or when you navigate between pages.
For more details, please refer to our Cookie Policy attached.
Purpose of processing and legal basis
The data is processed for the following purposes:
1) Strictly connected with and necessary for browsing the website www.fisg.co.uk, the services developed and made available by the Owner, the use of the related information services, the management of requests for information (such as, for example, contacting the User, managing contacts and sending messages) and booking of the requested services, such as entering your personal data for invoicing, acquiring and confirming the booking of one or more services and products, as well as the execution of the same by the persons in charge of the Data Controller, and examining the curriculum vitae and getting in touch with users who have submitted their application through the website (“Recruitment”);
2) Related to the fulfillment of obligations established by EU and national regulations or by sector regulations, such as for example the communication of data for invoicing, and to collect the user’s preferences relating to privacy, respond to requests or executive actions, protect one’s rights and interests (or those of Users or third parties), identify any malicious or fraudulent activities;
3) Direct marketing, i.e. sending advertising material and updates on prices and offers, carrying out market research or commercial communication of the services offered by the Data Controller, also by sending the Furness Insurance Services Ltd newsletter (“Newsletter”), or to speed up the offer sending procedures in case of a new service request to the Data Controller or to sites connected to it, to collect information on the deactivation of interest-based advertising;
4) Analysis, construction and management of the web platform (or Application), to obtain statistical information on the use of the services (most visited pages, number of visitors per hour or day, geographical areas of origin, etc.)
5) Checking the correct functioning of the services offered, protection from spam and bots, tag management;
6) Indirect marketing, with the transmission of data to third-party partners for the promotion of their products and services, i.e. through interaction with social networks and external platforms.
The provision of data for the purposes referred to in points 1) and 2) in response to a user request or as required by a specific regulatory provision is mandatory and, failing that, it will not be possible to receive the information and access any services requested; with regard to points 3), 4), 5) and 6) of this Policy, consent to the processing of data by the user is instead free and optional and can always be revoked without consequences on the usability of the products and services, except for the impossibility for the Data Controller to keep updated on new initiatives or on particular promotions or advantages that may be available to users.
The Data Controller may send commercial communications relating to products and/or services similar to those already provided, pursuant to Directive 2002/58/EU, using the e-mail or paper contact details provided by you on such occasions, which you may object to using the methods and contact details indicated below.
Methods and logic of treatment, storage times and safety measures for use
The processing is also carried out with the aid of electronic or automated means and is performed by the FIS Privacy Group and/or by third parties that the Data Controller may use to store, manage and transmit the data. The data processing will be carried out with organizational and elaboration logics of your personal data, also related to the logs originated by the access and use of the services made available via web, of the products and services used related to the purposes indicated above and, in any case, in such a way to guarantee the security and confidentiality of the data. The personal data processed will be kept for the time required by law and in any case for a maximum period not exceeding 120 months, unless the data subject objects. Again with regard to data security, in the sections of the website set up for particular services, where personal data is requested from the user, the data is encrypted using a security technology called Secure Sockets Layer, abbreviated to SSL. SSL technology encodes the information before it is exchanged via the Internet between the user’s computer and the central systems of the Data Controller, making it unintelligible to unauthorized parties and thus guaranteeing the confidentiality of the information transmitted; and the Data Controller only keeps the minimum set of information necessary to manage any disputes, and generally for no more than three months. Precisely with reference to the aspects of personal data protection, the user is invited, pursuant to art. 33 of the GDPR, to report to the Company any circumstances or events from which a potential “personal data breach” may arise, in order to allow an immediate evaluation and the adoption of any actions aimed at countering such an event, by sending a communication to dpo@fisg.co. uk or by contacting the Data Controller or the DPO. The measures adopted by the Data Controller do not exempt the user from paying the necessary attention to the use, where required, of passwords/PINs of adequate complexity, which must be updated periodically, especially if they are feared to have been violated/known by third parties, as well as to be carefully guarded and made inaccessible to third parties, in order to avoid improper and unauthorized use.
Scope of communication and data transfer
For the pursuit of the aforementioned purposes, the Data Controller may communicate and have the personal data of users/customers processed, in Italy and abroad, by other companies in the Group, or by third parties with whom it has relationships, where these third parties provide services at its request. These third parties will only be provided with the information necessary to perform the services requested, and all measures will be taken to protect your personal data. The data may be transferred outside the European Economic Area if this is necessary for the management of your contractual relationship. In this case, the recipients of the data will be subject to protection and security obligations equivalent to those guaranteed by the Data Controller. In the case of using services offered directly by Partners, only the data strictly necessary for their execution will be provided. In any case, only the data necessary for the pursuit of the intended purposes will be communicated and, where required, the guarantees applicable to data transfers to third countries will be applied. Your personal data may also be disclosed to our commercial service providers, for marketing reasons, appointed as external data processors for this purpose. Furthermore, personal data may be communicated to the competent public bodies and authorities for the purpose of fulfilling regulatory obligations or ascertaining responsibility in the event of computer crimes against the site, as well as communicated to or allocated to third parties (in the capacity of data processors or, in the case of electronic communication service providers, autonomous data controllers) that provide IT and telematic services (e.g.: hosting services, website management and development) and that the Company uses to perform tasks and activities of a technical and organizational nature that are essential for the functioning of the website. The subjects belonging to the above categories operate as separate Data Controllers or as Data Processors appointed for this purpose by the Company.
Furthermore, personal data may be accessed by the Data Controller’s employees/consultants who are specifically trained and appointed as Data Processors or External Data Processors.
The categories of recipients to whom the data may be communicated are available by contacting the Data Controller and the DPO at the addresses indicated below.
Rights of data subjects
You may exercise your rights at any time, by sending an email to privacy@fisg.co.uk, including the right to:
- a) access your personal data, obtaining evidence of the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom the data may be communicated, the applicable retention period, and the existence of automated decision-making processes;
- b) obtain the correction of inaccurate personal data concerning you without delay;
- c) obtain, in the cases provided for, the deletion of your data;
- d) obtain the limitation of the processing or to oppose it, when possible;
- e) to request the portability of the data you have provided to the Data Controller, i.e. to receive them in a structured, commonly used and machine-readable format, also to transmit those data to another controller, within the limits and with the constraints set forth in art. 20 of the GDPR.
Furthermore, you may lodge a complaint with the Personal Data Protection Authority pursuant to art. 77 of the GDPR. For the processing referred to in points 3), 4), 5) and 6) of the purposes, the user may at any time revoke consent and exercise the right to object to direct marketing (in “traditional” and “automated” form).
The opposition, unless otherwise specified, will refer to both traditional and automated communications.
Responsibility for data processing
The data controller is Furness Insurance Services Ltd, with registered office in London (UK), 106, Fenchurch Street EC3M 5JF, Registration Code 07161867, in the person of the legal representative Mr. BERNARDO GOZZI, E-mail info@fisg.co. uk, Tel. +44 (0)20 3384 0084.
FIS Privacy Group – dpo@fisg.co.uk
DPO, Maria Sofia Amalfitano, Lawyer
email sofia.studiolegalefalanga_ext@fisg.co.uk
Use of the Website, including the versions designed for tablets and/or smartphones, by the User implies full knowledge and acceptance of the content and any indications included in this version of the information published by the Data Controller at the time the site is accessed. The Data Controller informs that this policy can be modified without notice, by informing Users on this page and, if possible, on this Application as well as, if technically and legally feasible, by sending a notification to Users through one of the contact details held by the Data Controller. If the changes affect processing activities performed on the basis of the User’s consent, the Owner will collect new consent from the User, where necessary. It is strongly recommended to check this page often, referring to the date of the last modification indicated at the bottom.
Data Controller
Furness Insurance Services Ltd