The RiverStone companies, its subsidiaries and affiliates (“we” or “us”) is committed to protecting the privacy of the individuals we encounter in conducting our business. “Personal Information” is information that identifies and relates to you or other individuals (such as your dependents). Our aim is responsible handling of Personal Information, balancing the benefits of activities like research and data analytics with our other commitments, including transparency and non-discrimination.
Last Updated: October, 2017
We do not engage in the collection of Personal Information about your online activities over time and across third-party websites or online services and do not allow third parties to collect Personal Information about your online activities over time and across third-party websites when you use our online services. We do not respond to web browser “do not track signals.”
Who To Contact About Questions Concerning Your Privacy & Personal Information
If you have any questions about our use of your Personal Information you can Compliance_Line@trg.com or write to:
Office of General Counsel
250 Commercial Street, Suite 5000,
Manchester, New Hampshire
United States of America
Personal Information That We Collect
Depending on your relationship with us (for example, as a consumer policyholder; insured person benefiting under another policyholder’s policy, or claimant; witness; commercial broker or appointed representative; or other person relating to our business), Personal Information collected about you and your dependents may include, but is not limited to:
General identification and contact information
Your name; address; e-mail and telephone details; gender; marital status; family status; date of birth; passwords on our systems; educational background; physical attributes; activity records, such as driving records; photos; employment history, skills and experience; professional licenses and affiliations; relationship to the policyholder, insured or claimant; and date and cause of death, injury or disability.
Identification Numbers Issued By Government Bodies Or Agencies
Social Security or national insurance number; passport number; tax identification number; military identification number; or driver’s or other license number.
Other Sensitive Information
In certain cases, we may receive sensitive information about you. In addition, we may obtain information about your criminal record or civil litigation history in the process of preventing, detecting and investigating fraud or otherwise. We may also obtain sensitive information if you voluntarily provide it to us (for example, if you express preferences regarding medical treatment based on your religious beliefs).
Recordings of telephone calls to our representatives.
Information Enabling Us To Provide Services
Location and identification of property insured (for example, property address, vehicle license plate or identification number); travel plans; age categories of individuals you wish to insure; policy and claim numbers; coverage/peril details; cause of loss; prior accident or loss history; your status as director or partner, or other ownership or management interest in an organization; and other insurance you hold.
Information from Other Sources
To improve the quality of our services, and to carry out research and analysis, we and our service providers may supplement the Personal Information we collect with information from other sources, such as publicly available information from social media services, commercially available sources and information from our affiliates or business partners.
How We Use Personal Information
- Communicate with you and others as part of our business.
- Send you important information.
- Make decisions about whether to provide insurance and assistance services, and other products and services which we may offer, and provide such products and services, including claim assessment, processing and settlement; and, where applicable, manage claim disputes.
- Assess your eligibility for payment plans, and process your premium and other payments.
- Provide improved quality, training and security (for example, with respect to recorded or monitored phone calls to our contact numbers).
- Prevent, detect and investigate crime, including fraud and money laundering, and analyze and manage other commercial risks.
- Provide marketing information to you (including information about other products and services offered by selected third-party partners) in accordance with preferences you have expressed.
- Manage our infrastructure and business operations, and comply with internal policies and procedures, including those relating to auditing; finance and accounting; billing and collections; IT systems; data and website hosting; data analytics; business continuity; and records, document and print management.
- Resolve complaints, and handle requests for data access or correction.
- Comply with applicable laws and regulatory obligations (including laws outside your country of residence), such as those relating to anti-money laundering, sanctions and antiterrorism where applicable; comply with legal process; and respond to requests from public and governmental authorities (including those outside your country of residence).
- Establish and defend legal rights; protect our operations or those of any of our group companies or business partners, our rights, privacy, safety or property, and/or that of our group companies, you or others; and pursue available remedies or limit our damages.
There may be other ways in which personal information is collected or transferred or stored, as such this policy is subject to change, improvements and updates without notice.
International Transfer of Personal Information
Other Insurance And Distribution Parties
Our Service Providers
Governmental Authorities And Third Parties Involved In Court Action
Other Third Parties
RiverStone will take appropriate technical, physical, legal and organizational measures, which are consistent with applicable privacy and data security laws. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any Personal Information you might have with us has been compromised), please immediately notify us.
Social Security Numbers
We take our responsibility to safeguard your information seriously and employ multiple safeguards in order to help insure that your information is protected as it is transmitted from your computer and stored on our computers at RiverStone.
Once your information reaches our servers we protect it in many ways including storing the information on secure servers and using a device known as a firewall which protects your information by detecting and preventing un-authorized access to the information.
Working with our firewalls and other mechanisms we also protect your information by only allowing access to your information by employees and authorized parties who have a legitimate and verified need to access the information in order to service your requests and administer policies and claims.
Questions and Concerns
Please contact us as set out in the “Who to Contact About Your Personal Information” section above with any such requests or if you have any questions or concerns about how we process Personal Information.
Third Party Privacy Practices
Use of Services by Minors
This Website is not directed to individuals under the age of eighteen (18), and we request that these individuals not provide Personal Information through this Website.
APPLICATION OF THIS PROTOCOL
RiverStone Holdings Limited, together with other members of its group, including but not limited to RiverStone Insurance Limited, RiverStone Insurance (UK) Limited, RiverStone Management Limited and RiverStone Managing Agency Limited (together the “RiverStone Europe Group” or “we” or “us“) are committed to compliance with data protection laws. This protocol (“Privacy Protocol“) sets out the RiverStone Europe Group’s personal information collection and sharing practices in relation to the personal information relating to policyholders or claimants and their agents and relatives (“you“) that we collect and use for the administration of insurance policies and products that we insure or reinsure.
This Privacy Protocol is intended to explain our privacy practices and covers the following areas:
- what personal information about you we may hold or collect;
- how we may use your personal information;
- who we may disclose your personal information to;
- how we protect your personal information;
- contacting us and your rights to access and update your personal information; and
- how changes to this Privacy Protocol will be made.
The RiverStone Europe Group’s website at www.trg.com (the “Site“) contains links to other third party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you provide any personal information to such third party websites.
INFORMATION WE MAY COLLECT ABOUT YOU
- We may collect and process the following personal information about you:
- information that you provide by filling in forms or uploading onto the Site;
- information including your name, address, contact details, details relating to the claim (which depending on the nature of the claim may include medical reports and reports of criminal convictions or crime) that you, your employer or organisation who we insure or a third party claimant provide to us in relation to the administration of an insurance policy that we insure or re-insure;
- information relating to any criminal or fraudulent activities provided to us by you or third parties (such as anti-fraud agencies or other insurers);
- if you contact us, we may keep a record of that correspondence or details of any conversation we may have with you; and
- details of your visits to the Site and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.
- We may collect and process the following personal information about you:
USES MADE OF YOUR PERSONAL INFORMATION
- We may use your personal information in the following ways:
- to decide whether to enter into any proposed transaction with you or your employer or organisation that we insure and to administer insurance products where you are the policyholder or a person involved in any claim, including in certain circumstances, disclosing such information to third party anti-fraud agencies for the purposes of detecting and preventing fraud and crime (as further set out in paragraph 3 below);
- to identify you and to carry out any identity checks as may be required by applicable law and regulation and best practice at any given time;
- to recover any payments due to us and where necessary to enforce such recovery through the engagement of payment collection agencies or taking other legal action (including the commencement and carrying out of legal and court proceedings);
- to analyse it in order to better understand the service we provide and in order to better understand our business;
- to notify you about changes to our services; and
- to ensure that content from our Site is presented in the most effective manner for you and for your device.
- We may use your personal information in the following ways:
DISCLOSURES TO THIRD PARTIES
- We may also permit selected third parties and agents to use your personal information, for the purposes set out in paragraph 2 above who will be subject to obligations to process such information in compliance with the same safeguards that we deploy. Specific examples are set out in paragraphs 4.2 to 4.6 below but do not in any way limit this paragraph 3.1. All such disclosures will only be made in accordance with applicable laws, including banking secrecy laws.
- If false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies or other insurers and may be recorded by us or by them.
- Law enforcement agencies may access and use this information.
- We and other organisations may also access and use this information to prevent fraud and other crimes, for example when:
- deciding whether to make a payment to you under an insurance policy;
- taking steps to recover payments due to us (as outlined in paragraph 2 above); and
- checking details of job applicants and employees.
- We, and other organisations that may access and use information recorded by fraud prevention agencies, may do so from other countries.
- In the event that the RiverStone Europe Group (or a part thereof) is (i) subject to negotiations for the transfer of business or (ii) is transferred to another party or undergoes a re-organisation, you agree that any of your personal information which it holds may be disclosed to such party (or its advisors) as part of any due diligence process or transferred to that re-organised entity or third party and used for the same purposes or for the purpose of analysing any proposed sale or re-organisation.
- We may disclose your personal information to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or in order to enable the RiverStone Europe Group to comply with its regulatory requirements or dialogue with its regulators as applicable.
TRANSMISSION, STORAGE AND SECURITY OF YOUR PERSONAL INFORMATION
- No data transmission over the internet or website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal information in accordance with applicable data protection legislative requirement.
- All your information is stored on our secure servers (or secure hard copies) and accessed and used subject to our security policies and standard.
- Your personal information may be accessed by staff or suppliers in, transferred to, and/or stored at a destination outside the European Economic Area (“EEA“) in which data protection laws may be of a lower standard than in the EEA. Regardless of location or whether the person is an employee or contractor we will impose the same data protection safeguards that we deploy inside the EEA.
- We will retain your personal information for as long as is necessary for the processing purpose for which they were collected. Certain claims details and correspondence may be retained until the time limit for any legal challenges to the claims has expired or in order to comply with regulatory requirements regarding the retention of such data. Data may also be retained for or included in analysis carried out by the RiverStone Europe Group with respect to its own business.
YOUR RIGHTS AND CONTACTING US
- The Data Protection Act 1998 gives you the right to access certain personal information held about you. Your right of access can be exercised in accordance with the act. Any access request may be subject to a fee to meet our costs in providing you with details of the personal information we hold about you.
- We will use reasonable endeavours to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to the personal information that you have provided to us by contacting us as set out in paragraph 7.2 below.
- A member company of the RiverStone Europe Group is the data controller in respect of your personal information processed by us under this Privacy Protocol. That member company has delegated the administration of its data protection duties to RiverStone Management Limited for the purposes of corresponding with individuals whose personal information the RiverStone Europe Group holds and uses.
- We can be contacted in relation to your rights or any questions you may have in respect of this Privacy Protocol or our processing of your personal information at the following addresses:
Data Protection Officer
RiverStone Management Limited
161-163 Preston Road
CHANGES TO OUR PRIVACY PROTOCOL
- We may change the content of our website or services without notice, and consequently our Privacy Protocol may change at any time in the future. We therefore encourage you to review it from time to time to stay informed of how we are using personal information.