Privacy Policy

  • Introduction

Furness Insurance Services Limited (the “Data Controller”) is committed to ensuring that any personal data received from the users of this website (“Website”) is protected and handled in accordance with applicable data protection laws.

In general, any information and data provided to the Data Controller over the Website, acquired in the use of services such as: the registration procedure, the request for products and services, information or estimates, access to the registration procedure (which is reserved for users who have the quality of insurance brokers or intermediaries), filling out the forms provided in order to notify a claim or to request any of the insurance services provided through the Website (“Forms”) or which is otherwise gathered via the Website by the Data Controller in the context of the use of the Data Controller’s services (“Services”), will be processed by the Data Controller in a lawful, fair and transparent manner.

  1. Data Controller

The Data Controller, as identified at the top of this Privacy Policy, is the Data Controller regarding all personal data processing carried out through the Website.

  • Personal Data processed

When you use the Website, the Data Controller will collect and process information regarding you (as an individual) which allows you to be identified either by itself or together with other information which has been collected. The Data Controller may also be able to collect and process information regarding other persons in this same manner, assuming you choose to provide it to the Data Controller.

This information may be classified as “Personal Data” and can be collected by the Data Controller when you choose to provide it (e.g., when you sign up for an account to receive the Data Controller’s Services).

Personal Data that can be processed by the Data Controller through the Website are as follows:

a. Name, contact details and other Personal Data

In various sections of the Website – in particular, if you decide to create an account on the Website or when you fill out a Form – you will be asked to submit information such as your name, phone number, e-mail address, gender, date of birth, country of residence and address, as well as, in certain cases, information related to the company you currently work for and your position in that company.

In addition, whenever you participate in surveys that may be available on the Website, as well as whenever you communicate with the Data Controller through the contact details provided on the Website, the Data Controller may collect additional information that you choose to provide. This is also the case regarding any information you choose to disclose in certain sections of the Website which allow you to fill out a Form or to contact the Data Controller directly.

b. Job applications

When registering to apply for a position within the Data Controller, in the “Careers” section of the Website (where available), you will also be asked to provide different types of Personal Data, including professional and employment details (e.g. resume, cover letter, professional qualifications, availability to start, professional social media URLs, etc.).

You are also asked to provide other job-specific information, including your marital status, gender and date of birth, which may help to give more insight of you as a candidate – however, this is entirely optional and not mandatory.

c. Special categories of Personal Data

Certain areas of the Website provide you with some free text fields where you can describe to the Data Controller some information that you need to communicate to the Data Controller as required in the Forms, or otherwise allow you to post various types of content on the Website, which may contain Personal Data.

You may use such areas to disclose (inadvertently or not) some sensitive (“particular”) categories of Personal Data, such as data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. The content you upload in these fields may also (inadvertently or not) include other types of particular information relating to you, such as your genetic data, biometric data or data concerning your health, sex life or sexual orientation or any disabilities you may have.

The Data Controller asks that you do not disclose any particular Personal Data in these free text fields on the Website unless it is strictly necessary. If so, please mind that the Data Controller needs your explicit consent to process this type of Personal Data (e.g. by declaring that you consent in the free text field), if you decide, nonetheless, to share it.

d. Other persons’ Personal Data

As mentioned in the previous section, certain areas of the Website and of the Forms include specific fields as well as free text fields where you can write messages to the Data Controller, or otherwise allow you to insert various types of data on the Website. These messages and content may (inadvertently or on purpose) include Personal Data related to other persons.

In other sections of the Website, you are asked to submit Personal Data related to third parties, such as other contacts in your company, colleagues, clients, policyholders, claimants, counterparties and/or insurers.

In any situation where you decide to share Personal Data related to other persons, you will be considered as an independent data controller regarding the Personal Data and must assume all inherent legal obligations and responsibilities. This means that you must fully indemnify the Data Controller against any complaints, claims or demands for compensation for damages which may arise from the processing of this Personal Data, brought by the third parties whose information you provide through the Website.

As the Data Controller does not collect this information directly from third parties (but rather collects them, indirectly, from you), you must make sure that you have the third parties’ consent before providing any information regarding them to the Data Controller; if not, then you must make sure there are some other appropriate grounds on which you can rely to lawfully give this information to the Data Controller.

e. Browsing Data

The Websites operation, as is standard with any websites on the Internet, involves the use of computer systems and software procedures, which collect information about the Websites users as part of their routine operation. While the Data Controller does not collect this information to link it to specific users, it is still possible to identify those users either directly via that information, or by using other information collected – as such, this information must also be considered Personal Data.

This information includes several parameters related to your operating system and IT environment, including your IP address, location (country), the domain names of your computer, the URI (Uniform Resource Identifier) addresses of resources you request on the Website, the time of requests made, the method used to submit requests to the server, the dimensions of the file obtained in response to a request, the numerical code indicating the status of the response sent by the server (successful, error, etc.), and so on.

These data are used to compile statistical information on the use of the Website, as well as to ensure its correct operation and identify any faults and/or abuse of the Website.

f. Cookies

Cookies are small text files that may be sent to and registered on your computer by the websites you visit, to then be re-sent to those same sites when you visit them again. It is due to these cookies that those websites can “remember” your actions and preferences (e.g. login data, language, font size, other display settings, etc.), so that you do not need to configure them again when you next visit the website, or when you change pages within a website.

For more details, please refer to our Cookies Policy.

Purposes of processing and lawful basis for processing

The Data Controller intends to use your Personal Data, collected through the Website, for the following purposes:

  • To verify your identity and assist you in case you lose or forget your login details for any of the Data Controller’s registration services, by maintaining a registered user profile and to provide any other Services which you may request (“Service Provision”). The lawful basis for this process is to perform a contract with the data subject. It is not mandatory for you to give the Data Controller your Personal Data for these purposes; however, if you do not, the Data Controller will not be able to provide any Services to you.
  • To examine applicant’s resumes / CVs and to get in contact with applicants who have submitted their application via the Website (“Recruitment”). The lawful basis for this process can be one of the followings: necessary to perform a contract with you as data subject – compliance with legal obligations which the Data Controller is subject to, in relation to employment law – Legitimate interests of the Data Controller – your consent as data subject.

Processing for this purpose is needed for the Data Controller to be able to consider offering you a position and, therefore, is necessary to take steps at your request before (potentially) entering into a contract. It is not mandatory for you to give the Data Controller your Personal Data for these purposes; however, if you do not, the Data Controller will not be able to consider your candidacies.

  • Sending newsletters regarding information of interest about the services offered and about initiatives promoted by the company (“Newsletter”). The lawful basis that allows us to process your data is your consent exercised through the opt-in operation.
  • For compliance with laws which impose upon the Data Controller the collection and/or further processing of certain types of Personal Data and to prevent and detect any misuse of the Website, or any fraudulent activities carried out through the Website (“Compliance”). The lawful basis for this process is legal obligation.
  • Recipients of Personal Data

Your Personal Data may be shared with the following list of persons / entities (“Recipients”):

  • Persons, companies or professional firms providing the Data Controller with advice and consultancy regarding for example accounting, administrative, legal, tax, financial and debt collection matters related to the provision of the Services.
  • Entities engaged to provide the Services (e.g., hosting providers or e-mail platform providers).
  • Persons authorized to perform technical maintenance (including maintenance of network equipment and electronic communications networks).
  • Persons authorized by the Data Controller to process Personal Data needed to carry out activities strictly related to the provision of the Services, who have undertaken an obligation of confidentiality or are subject to an appropriate legal obligation of confidentiality (e.g., employees of the Data Controller).
  • Other companies within the Data Controller Group.
  • Public entities, bodies or authorities to whom your Personal Data may be disclosed, in accordance with the applicable law or binding orders of those entities, bodies or authorities.
  • Transfer of Personal Data

Your Personal Data may be transferred to Recipients located in several different countries. The Data Controller implements appropriate safeguards to ensure the lawfulness and security of these Personal Data transfers, such as by relying on adequacy decisions from the European Commission, standard data protection clauses adopted by the European Commission, or other safeguards or conditions considered adequate to the transfer at hand.

  • Retention of Personal Data

We will retain your personal information for as long as is reasonably necessary to fulfil the relevant purposes set out in this Privacy Policy. The retention period will be primarily determined by relevant legal and regulatory obligation and/or duration of our business relationship with you, your employer, or another associated party. We maintain and regularly update our Data Retention Policy with a detailed retention schedule. We will securely delete or erase your personal information if there is no valid business reason for retaining your data. In exceptional circumstances, we may retain your personal information for longer periods of time if we reasonably believe there is a prospect of litigation, in the event of any complaints or if there is another valid business reason the data will be needed in the future.

  • Data subjects’ rights

You have certain rights as a data subject which you can exercise in relation to the information, we hold about you. If you make a request to exercise any of your rights, we reserve the right to ask you for a proof of your identity. We aim to acknowledge your request as soon as possible and will address your query within one month from your request.

You have the following rights:

The right to access

If we are processing your data, you are entitled to a confirmation, a copy of your data, and information about purposes of processing – who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, where your data is from and how you can make a complaint.

The right to rectification

If you believe that the personal information we hold about you is inaccurate or incomplete, you can request for it to be rectified.

The right to erasure

If you withdraw your consent, terminate a contract with us or you believe the personal information is no longer necessary for the purposes for which it was collected, you may request for your data to be deleted. However, this will need to be balanced against other factors, for example, there may be certain regulatory obligations which mean we cannot comply with your request.

The right to restrict processing

You can ask us to restrict (i.e. keep but not use) your personal data, but only where:

  • Its accuracy is contested, to allow us to verify its accuracy; or
    • The processing is unlawful, but you do not want it erased; or
    • It is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
    • You have exercised the right to object, and verification of overriding grounds is pending.

We can continue to use your personal data following a request for restriction, where we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.

The right to data portability

If we have collected your information under a contract or your consent, you could request us to transfer your personal information to provide it to another third party of your choice.

The right to object

You have the right to object at any time the processing of your personal data where it is necessary for the performance of a task carried out in the public interest, or in the exercise of an official authority vested in the controller. You may also object where the processing is necessary for the purposes of the legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms – in particular, if you are a child.

The right to withdraw consent

If we have processed your personal information under your consent, you could withdraw it at any time.

We do not have to comply with a request where it would adversely affect the rights and freedoms of other individuals.

  • Contact details of the Data Protection Officer

You can also exercise your rights described above by sending a written request to the Data Controller at the following address:

  • Complaints

If you are not satisfied with our response or believe we are not processing your personal data in accordance with legal requirements you can make a complaint to the relevant Data Protection Authority.

  • Amendments

This Privacy Policy entered into force on 25/05/2018. The Data Controller reserves the right to amend this Privacy Policy partly or fully, or simply to update its content, e.g., due to changes in applicable law. The Data Controller, therefore, invites you to regularly visit this Privacy Policy to acquaint yourself with the latest, updated version of the Privacy Policy, so that you may remain constantly informed on how the Data Controller collects and uses Personal Data.

Cookie Policy


The Cookies Policy applies to our use of “cookies” in connection with the website and our online platforms (the “Websites”). We use cookies on our Websites to help make your visits more effective, so we’d like to explain more about how and why we use them. By continuing to browse our Websites without adjusting your browser settings to block cookies (for information about how to do this please see below), you are agreeing to our use of cookies.

1. Who we are

Furness Insurance Services Limited (the “Data Controller”) registered office is 106 Fenchurch Street, Londres EC3M 5JF, United Kingdom. The Data Controller can be contacted by post at the address indicated above or by e-mail at

2. What are cookies

Cookies are small text files that may be sent to and registered on your computer by the websites you visit, to then be re-sent to those same sites when you visit them again. It is due to these cookies that those websites can “remember” your actions and preferences (e.g., login data, language, font size, other display settings, etc.), so that you do not need to configure them again when you next visit the website, or when you change pages within a website.

Cookies are used for electronic authentication, monitoring of sessions and storage of information regarding your activities when accessing a website. They may also contain a unique ID code which allows tracking of your browsing activities within a website, for statistical or advertising purposes. Some operations within a website may not be able to be performed without the use of cookies which, in certain cases, are technically necessary for the operation of the website.

When browsing a website, you may also receive cookies from websites or web servers other than the website being visited (i.e., “third-party cookies”).

There are different types of cookies, depending on their characteristics and functions, which may be stored on your computer for different periods: “session cookies”, which are automatically deleted when you close your browser, and “persistent cookies”, which will remain on your device until their pre-set expiration period passes.

According to the law which may be applicable to you, your consent may not always be necessary for cookies to be used on a website. In particular, “technical cookies” – i.e., cookies which are only used to send messages through an electronic communications network, or which are needed to provide services you request – typically do not require this consent. This includes browsing or session cookies (used to allow users to login) and functional cookies (used to remember choices made by a user when accessing the website, such as language or products selected for purchase).

On the other hand, “profiling cookies” – i.e., cookies used to create profiles on users and to send advertising messages in line with the preferences revealed by users while browsing websites – typically require specific consent from users, although this may vary according to the applicable law.

3. What cookies we use and why

The Website could use the following types of cookies: 

Browsing or session cookies, which are strictly necessary for the website operation, and/or to allow you to use the website content and Services.

Analytics cookies, which allow the Data Controller to understand how users make use of the Website, and to track traffic to and from the Website.

Functional cookies, which are used to activate specific Website functions and to configure the Website according to your choices (e.g., language), to improve your experience.

Profiling cookies, which are used to observe the preferences you reveal through your use of the Website and to send you advertising messages in line with those preferences.

In detail, the cookies present on our Website are as follows:

Technical nameCookie type, function and purposeExpires after
pll_languageHTTP, Preferences/Functional, Determine the preferred language of the visitor1 year
_gaHTTP, Statistics/Analytics, Register a unique ID to generate statistical data on how the visitor uses the website2 years
_gatHTTP, Statistics/Analytics, Used by Google Analytics to throttle request rate1 day
_gidHTTP, Statistics/Analytics, Register a unique ID to generate statistical data on how the visitor uses the website1 day
PHPSESSIDPHP, Necessary,  store and identify a users’ unique session IDSession

4. Cookies set by Third Party websites

The Data Controller also uses third-party cookies – i.e., cookies from websites/web servers other than the Website, owned by third parties. These third parties will either act as independent data controllers from the Data Controller regarding their cookies (using the data they collect for their purposes and under terms defined by them) or as data processors for the Data Controller (processing personal data on the Data Controller’s behalf). For further information on how these third parties may use your information, please refer to their privacy policies.

5. How to control and delete cookies

If you wish to restrict or block the cookies which are set by the Data Controller, or indeed any other website, you can do this through your browser settings.  The “Help” function within your browser should tell you how. Your cookies preferences will be reset if different browsers are used to access the Website.

CAUTION: If you block or delete technical and/or functional cookies used by the Website, the Website may become impossible to browse, certain services or functions of the Website may become unavailable or other malfunctions may occur. In this case, you may have to modify or manually enter some information or preferences every time you visit the Website.

6. Further information

If you share the use of a device, accepting or rejecting the use of cookies will affect all users of that device.

This policy is reviewed every 6 months and the date of the last update of the same is reported below.

      Last update: 31.01.2023.