This website is not intended for children and we do not knowingly collect data relating to children.
What Information Do We Collect?
We may collect information from you or your representative, including agents and brokers, that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you. We may share this information with Third Party Suppliers for a legal business purpose. The type of personal information we collect depends on the context in which your information is collected. In particular, we may collect some or all of the following categories of personal information:
- Identifiers (PII) such as name, email address, phone, address, financial information / bank account, corporate title, insurance policy information.
- Commercial information, including records of products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies.
- Technical information, including internet or other electronic network activity regarding your interaction with our Web site or applications (including IP address).
- Miscellaneous information, including inferences drawn from any of the information identified above.
Special categories of personal data
We may collect or process any types of sensitive data.
Special categories of personal information (sometimes referred to as “sensitive personal information”), includes:
- information about your personal characteristics and circumstances of a sensitive nature such as your racial or ethnic origin;
- your membership of a professional association or trade union; and
- your health records (such as your medical history, and information, prescription history, death certificate and reports on medical diagnoses, tests and treatment, Medicare / Medicaid eligibility).
Sources of information we collect
We collect information from a variety of sources:
- From you directly;
- From other insurance / reinsurance companies that we work with;
- From third party claims handlers who are involved in a claim or assist us in investigating or processing claims, including external claims data collectors and verifiers, and counsel retained by us;
- From our business partners with whom we work to provide insurance products;
- From public sources, such as public databases (where permitted by law);
- From cover-holders, insurance brokers or other intermediaries; and
- From third party evidence providers.
How we use your personal information and the basis on which we use it
We will only use your personal data when the law allows us to. Most commonly we use the information you provide to:
- to provide our services and fulfil our contractual obligations to you and other third parties;
- to review, process and manage claims;
- to conduct data analysis, which helps us assess risks, price our products appropriately and improve our services;
- to operate our business activities;
- to perform administrative activities in connection with our services; and
- to audit our business.
Please note that where it is necessary for us to process your personal data for the performance of a contract, or to take steps prior to entering into a contract, your failure to provide data when reasonably requested of you could prevent us from being able to enter into a contract with you, or being able to subsequently to perform our obligations under an existing contract that is in place.
We must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:
a) to complete necessary contractual checks to ensure that we can assess your suitability for our insurance products;
b) to fulfil our contractual obligations to you, and to ensure that invoices are paid correctly. Failure to provide this information may prevent or delay the fulfilment of these contractual obligations;
c) to comply with our obligations, such as due diligence and reporting obligations, and responding to binding requests from regulators, law enforcement authorities or other government authorities; or
d) to meet our legitimate interests, for example to improve our services, to ensure we price our products appropriately, to manage risk, to manage our business efficiently, to perform audits, and to maintain accurate records. When we process personal information to meet our legitimate interests, we always balance these against your fundamental rights and freedoms and put in place robust safeguards to ensure that your privacy is protected.
How and where we will store or transfer your personal information
Trium Cyber will never sell your personal information.
We may disclose your personal information to third parties in the following circumstances:
- where you expressly provide us with your explicit consent to do so;
- to professional service providers, such as lawyers, for the purpose of receiving advice;
- where we are required to disclose such information because of contractual, legal or regulatory requirements; and
- to third parties we engage to provide services and business functions.
If we share any of your personal information with a third party, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s legal obligations.
Information Security and Storage
We have implemented technical and operational security measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing.
We retain your personal information for as long as we have a relationship with you, and for a period thereafter, in line with internal policies.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.
If you would like further details about how long we retain your personal information, please contact Trium Cyber as indicated below.
Protection of Personal Information
Your Rights Under Data Privacy Regulations
Trium Cyber adheres to all relevant Data Privacy regulations in the jurisdictions in which we operate. In accordance with applicable law relevant to your location, you may have certain rights over your personal information, including, under certain circumstances:
- a right to access the personal information we hold about you;
- to seek rectification or erasure of such personal information;
- to restrict or object to our processing of such personal information;
- to withdraw consent from our processing of your personal information;
- to opt out of the sale or transfer of your data;
- a right to request transfer of your data;
- a right against automated decision making; or
- to lodge a complaint with an applicable supervisory authority (e.g. ICO in the UK).
If you wish to exercise any applicable rights, or have any other inquiries or complaints in relation to data collected, please refer to the “Contact Us” section below. We aim to respond to requests, or provide a reason for delay or decline where legally permitted, within one month of receipt. Unless unreasonable, unduly burdensome or otherwise legally allowed, requests will generally be handled free of charge.
Automated decisions & Artificial Intelligence
Website Use Information & Cookies
Hyperlinks and Third-Party Sites
EU / EEA Residents
Transferring Your Data Outside Of The EU
The personal data that we collect about you may be transferred to, and stored at, one or more countries outside the EEA or outside the jurisdiction in which you reside. It may also be processed by staff operating outside the EEA (or outside the jurisdiction in which you reside) who work for Trium Cyber or for our Third Party Suppliers. In such cases, Trium Cyber will take appropriate steps to ensure an adequate level of data protection in the country of the recipient as required under the GDPR (or as required under local laws in your jurisdiction) and as described in this Notice.
If Trium Cyber cannot ensure such an adequate level of data protection, your personal data will only be transferred outside the EEA (or outside the jurisdiction in which you reside) if you have given your prior consent to such transfer and any local law requirements for the transfer have been satisfied. Your personal data is currently processed in Trium Cyber’s operating jurisdictions (including the UK and US) and India.
Transferring your data outside of the UK
The personal data that we collect about you may be transferred to, or stored at, one or more of Trium Cyber’s locations outside of the UK.
Transfers of your personal data to the EEA
Following the UK’s departure from the EU, the EU authorities have made an adequacy decision in respect of the UK. This means that the UK is deemed to provide an essentially equivalent level of protection for personal data to that which exists within the EU. In turn, the UK Government has made an adequacy decision in respect of the EU. On that basis, data can flow freely between the two areas.
Please note that the UK’s adequacy status has been limited to a period of 4 years from 1 January 2021.
Transfers of your personal data to jurisdictions outside of the UK and EEA
We may transfer your personal data outside UK to the United States. There is no adequacy decision in respect of the United States. This means that the United States is not deemed to provide an adequate level of protection for your personal information.
However, to ensure that your personal information does receive an adequate level of protection if we transfer it to third parties we have put in place the following appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects UK law on data protection:
- specific contractual protections approved for use by the UK Information Commissioner’s Office to ensure that your data is adequately protected.
Any other transfers outside the UK or EEA will be made subject to similar safeguards above.
UK / EU / EEA Data Subject Requests
If you wish to invoke any of your rights under relevant Privacy regulations or to make a general enquiry regarding Trium Cyber’s approach to securing your data, please refer to the “Contact Us” section above.
Please note that only you or someone that you authorize to act on your behalf may submit these requests.
In response to such request, we may ask you to verify your identity or to provide additional information that helps us to understand your request better. Once we have the necessary information from you regarding proof of identity, or in the case of an agent, proof of authorization, and your request is valid, we will respond to you as soon as possible but no later than within 30 days unless the number and complexity of the requests made be deemed excessively high, in which case we may extend this time by a maximum of a further two months. We will inform you if we need to make use of this additional time and why we need to do so as soon as is practicably possible.
Legal basis for processing your personal information:
More information on the most common legal basis that we may rely on are set out in the table below.