Privacy Policy

Effective Date: February 24, 2020

This Privacy Policy describes how Starr and its subsidiaries and affiliates (“Starr,” “we”, “our”, or “us”) collect, use, and share personal information collected both online (e.g., from this website) and offline (e.g., in person at conferences and events or through our client service channels) (collectively, the “Services”).

Further notices highlighting certain uses we wish to make of your personal information together with the ability to opt in or out of selected uses may also be provided when we collect personal information from you.

Depending on where you are located, the controller of your personal information under this policy will be different. Please see here for a list of which Starr entities will be controllers in which countries. In addition to the foregoing, Starr Insurance Holdings, Inc. may also act as controller. We can confirm which processing activities are undertaken by which entity should you request this.

Click on the links below to jump to the different sections of our Privacy Policy.

How we collect personal information

We may collect personal information from various sources including:
  • directly from you, such as information you provide to us when you inquire or purchase our products and use our Services. Where you are providing us with personal information other than yourself, you agree to provide this notice to them;
  • from our vendors; partners; and third parties who we work with to provide the Services such as brokers, third party administrators, loss adjusters, coverholders, etc;
  • from companies and organizations that partner with us to deliver Services;
  • during conversations and correspondences between you and our representatives, including our agents;
  • automatically, from your use of our website or apps, such as your IP address, usage data, and geolocation data; and
  • other sources such as public databases, social media platforms, and other third parties.

The third parties we collect personal information from may include third party companies such as credit reporting agencies, law enforcement agencies and other government entities. We may collect personal information about you from our group companies. From time to time, we may use or augment the personal information we have about you with information obtained from other sources, such as public databases, social media platforms and other third parties. For example, we may use such third party information to confirm contact information or to better understand your interests by associating demographic information with the information you have provided.

Automated Collection

We automatically collect some information and data about your computer and mobile devices when you visit our website. To collect this information, we may use cookies, web beacons, and similar technologies. For more information about how we use cookies, please visit this site.

At this time, we do not respond to Do-Not-Track signals.

Information We Collect

We may collect different types of personal information, including:
  • contact information, such as first and last name, telephone number, postal and billing address;
  • demographic information such gender, marital status, employment and occupation details, and income;
  • financial information and other information required to process your transaction such as financial account details and numbers;
  • information necessary to verify your identity and provide you with our products and Services, such as driver’s license number, passport number, national insurance number and social security number;
  • username and password for any account you may create with Starr
  • family details such as information about beneficiaries (e.g., spouse, child, joint applicant, next of kin, dependent, trustee, etc.);
  • information necessary to process claims such as health information, medical history, and treatment plans;
  • background information to the extent permitted by applicable laws, we may obtain reports from public records of criminal convictions;
  • professional licensure information and details;
  • geolocation data; and
  • usage information, such as IP address, operating system, and date, time, and length of stay on our website

We may aggregate and/or irreversibly de-identify personal information collected in connection with the Services and use it for any purpose, including product and service development and improvement activities.

Special Categories of Personal Information

Some of the categories of personal information that we collect are sensitive personal information (also known as special categories of personal information). In particular, we may process data concerning health in connection with the administration of insurance policies and any claims.

In some circumstances, we (and other insurance market participants) may need to collect and use this sensitive personal information and information relating to criminal convictions and offences. Where this is required, unless another ground applies, your consent to this processing is necessary for us to provide you with the relevant Services and you hereby consent to such processing. Although you may withdraw your consent at any time (please see the “Your Rights and Choices” section of this Privacy Policy for further information about how to do this).

How We Use Personal Information

We use personal information for the purposes set out below.

With respect to individuals located in the EU/UK, use of personal information must be based on one of a number of legal bases and we are required to set out the grounds in respect of each use. In the list below, we have set out the legal bases that apply to the purposes for which we use your personal information. You can find an explanation of each of these legal bases at Appendix 1 of this Privacy Policy.

  • To administer your policy and to manage, process, defend/prosecute and/or investigate claims.
  • To allow you to apply for our products and Services and to evaluate your eligibility for such products and Services, and to process your applications to use our products and Services (including setting you up as a client which may include fraud, sanctions, credit and anti-money laundering checks).
  • To contact you regarding renewals, evaluate risks and pay associated premiums as required.
  • To communicate with you about our Services, including to fulfill your requests, respond to your inquiries, and to inform you of changes related to our products and Services
  • Legal bases for above purposes: contract performance, legitimate interests (in order to allow us to perform our obligations and provide our services to you). With respect to special categories of personal information, where we cannot rely on another ground such as legal claims or substantial public interest (e.g. to prevent and detect crime/fraud), we rely on consent.

    • To provide you with information about our products and Services, including to personalize such communications to present products and offers tailored to your interests and eligibility. For further information, please see the “Marketing” section below.

    Legal bases for the above purpose: legitimate interests (in order to allow us to market to you) or consent (where this is required by law).

    • To prevent fraud, including by confirming your identity and location. If false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies and may be recorded by us or by them.
    • To comply with our legal obligations and to exercise and defend our legal rights.

    Legal bases for the above purposes: legal obligations, legitimate interests (to comply with our obligation and cooperate with law enforcement and regulatory authorities), legal claims. With respect to special categories of personal information, where we cannot rely on another ground including legal claims or substantial public interest (to prevent and detect crime/fraud) we rely on consent.

    • To improve our products and Services
    • In the event we sell or transfer or restructure all or a portion of our business or assets, or conduct negotiations relating to the foregoing. If we engage in such a sale or transfer, we will make reasonable efforts to direct the recipient (and their advisors) to use your personal information in a manner that is consistent with this Privacy Policy. After such a sale or transfer, you may contact the recipient with any inquiries concerning the recipient’s privacy practices.

    Legal bases for the above purposes: legitimate interests (in order to allow us to improve our Service or change our business (as applicable).

    As mentioned above, we may also use and share de-identified personal information for any other legitimate purposes, including product and service development and improvement activities. We base this de-identification on the ground that it is within our legitimate interests (to enable us to improve our business, products and Services).

    How We Share Personal Information

    We may share your personal information for the purposes (and the legal bases) set out above as follows:
    • within our company and with our affiliates and with other insurers and reinsurers who help us manage our risk;
    • with service providers that perform Services on our behalf, including for the purposes of operating our website, assisting us to perform business functions, claims handling, and operations, and professional services such as legal advisors, accountants and consultants;
    • with select partners we may collaborate with;
    • with other parties with your consent and at your direction; and
    • we reserve the right to disclose your personal information as required by law, when we believe disclosure is necessary or appropriate to comply with a regulatory requirement, judicial proceeding, court order, government request, or legal process served on us, or to protect the safety, rights, or property of our customers, the public, us or others.

    Automated Decisions

    Your personal information may be profiled to assess risk and patterns. We may make automated decisions about you based on such profiles where such decisions are required or authorized by law or where necessary for the performance of a contract with you, for example for sanctions, fraud prevention and money laundering purposes.

    We may use criteria such as demographics, employment status and other related factors to determine your eligibility to purchase Starr products and Services on an automated basis or without human/manual intervention by comparing such factors against those used to develop our different risk profiles. The outcome of such decision may include an effect on the rates you are charged, and may limit your ability to obtain products and Services from us.

    Subject to local legal requirements and limitations, you have a right to object to our use of automated decision-making or request an automated decision to be reviewed by a human being.

    Marketing

    We (or our service providers and advertising partners) may send you direct marketing communications and information about our products and services that we consider may be of interest to you and, where required by law, we will ask for your consent at the time we collect your personal information to conduct any of these types of marketing. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us as set out in the “Contact Us” section below.

    Marketing profiles: Please note that we may use or augment the personal information we have about you with information obtained from other sources, such as public databases, social media platforms and other third parties to provide you with tailored marketing communications.

    You have the right to opt out of such analysis of your personal information that we use to tailor the direct marketing that we send to you, at any time. You can exercise this right by contacting us as set out in the “Contact Us” section below.

    Please note that we also carry out digital advertising campaigns from time to time that do not rely on your personal information. Subject to any local law requirements, your opt-out will not have effect on such advertising campaign.

    If you opt out of receiving marketing or commercial communications, we retain the right to send you non-marketing communications such as correspondence about your relationship with us, information about transactions, or notifying you of updates to our Privacy Policy or Terms of Use.

    Your Rights and Choices

    You may have the right to access and correct your personal information as described below. Individuals in certain jurisdictions, (e.g., EU, UK), may have certain additional rights and choices regarding our processing of their personal information.

    We reserve the right to verify your identity in connection with any requests regarding personal information to help ensure that we provide the information we maintain to the individuals to whom it pertains, and allow only those individuals or their authorized representatives to exercise rights with respect to that information. Please note that your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g., the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). We endeavor to comply with your request as soon as reasonably practicable and in compliance with all applicable laws.

    • Access and correction of your personal information: You may access the personal information we maintain about you by submitting a request to us using the contact details below. If we grant your request, we will provide you with a copy of the personal information we maintain about you in the ordinary course of business, in a commonly used format. You may request access to correct any errors in your personal information. We may reject your request to access or correct personal information, as permitted by applicable law. If we reject your request, we will notify you of the reason(s) for the rejection.
    • Portability of your personal information: Under certain conditions, you may request that we transfer your personal information to another entity in the format in which we maintain it in the ordinary course of business. We may reject your request, as permitted by applicable law. If we reject your request, we will notify you of the reason(s) for the rejection.
    • Deletion of personal information: You may request that we delete your personal information that we no longer have a lawful basis to use. We may reject your request, as permitted by applicable law. For example, Starr may be required by legal other reasons to retain your personal information in its business records. If we reject your request, we will notify you of the reason(s) for the rejection.
    • Objection to processing of personal information. Under certain conditions, you may have the right to object to our processing of personal information about you, including our use of your personal information for marketing purposes and marketing profiles.
    • Restrict the processing of your personal information. Under certain conditions, you may have the right to require us to restrict the processing of your personal information.
    • Do not sell my personal information. We may sell personal information that we collect about you, in accordance with all applicable requirements, including law, regulation, and this Privacy Policy. You shall have the right, at any time, to direct us not to sell your personal information. We may refer to this right as “the right to opt-out.” We shall not sell the personal information of consumers if we have actual knowledge that the consumer is less than 16 years of age, unless the consumer, in the case of consumers between 13 and 16 years of age, or the consumer's parent or guardian, in the case of consumers who are less than 13 years of age, has affirmatively authorized the sale of the personal information. We shall not sell your personal information if you direct us not to, or in the case of a minor’s personal information, if we have not received consent to sell the information, unless you subsequently provide express authorization for the sale of your personal information.
    • Withdrawal of consent: If Starr relies on your consent for the processing of your personal information, we will obtain your consent at the time we collect your personal information. To the extent provided by applicable law, you may withdraw any consent previously provided to us, or object at any time on legitimate grounds, to the processing of your personal information. We will apply these preferences going forward. In some circumstances, withdrawing consent to our use or disclosure of your personal information will mean that Starr may no longer be able to provide you with the Services.

    Please contact us using the contact details below in the “Contact Us” section if you would like to exercise any of these rights or request more information. Where required by applicable law, we will notify you if we reject your request and notify you of the reasons we are unable to honor your request. With respect to individuals located in the EU/UK, where we are unable to resolve an inquiry or a complaint, you have the right to contact the data protection regulator in the European country in which you are based. A list of the data protection regulators and their contact details can be found here.

    International Transfers of Personal Information

    Any personal information you provide to us may be stored and processed, transferred between and accessed from the United States (including our group companies and our external IT service providers), and other countries which may not guarantee the same level of protection of personal information as the one in which you reside. However, we will handle your personal information in accordance with this Privacy Policy regardless of where your personal information is stored/accessed.

    We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information. Where required by certain jurisdictions, we will transfer your personal information subject to jurisdiction-approved safeguards, such as standard contractual clauses. For example, where you are located in the EU/UK, we will transfer your personal information subject to approved safeguards unless we are permitted under EU data protection law to make such transfers without such formalities.

    How We Protect Personal Information

    We maintain reasonable administrative, technical and physical safeguards designed to protect the personal information we maintain against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. However, because no security measure is 100% effective, unauthorized entry or use, hardware or software failure, and other factors may compromise the security of information about you at any time, and to the extent permitted by applicable law, we bear no liability for uses or disclosures of personal information or other data arising in connection with theft of the information or other malicious actions.

    Retention

    We retain personal information for the period necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by applicable law. Please note that we often need to retain certain data for recordkeeping purposes, for purposes connected with the establishment, exercise or defense of legal claims and/or to complete any transactions that you began prior to requesting a change or deletion. In addition, there may be certain data (including personal information) that we may not allow you to review for legal, security or other reasons.

    Third Party Links

    Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices. Please check these policies before you submit any personal information to such third party websites.

    Children’s Privacy

    Starr does not knowingly collect personal information from children under 13. If a parent or guardian becomes aware that his or her child has provided us with personal information without their consent, he or she should contact us at dataprotection@starrcompanies.com. If we become aware that a child under 13 has provided us with personal information, we will delete such personal information from our files.

    Changes to this Policy

    We may change this Privacy Policy from time to time. If we do so, we will post the updated policy on our sites and will indicate when the Privacy Policy was last revised and, if required by law, notify you of the changes. If we make any material changes, we will provide you with additional notice. You should periodically review our current Privacy Policy to stay informed of our personal information practices.

    Personal Information of Other Individuals

    If you provide personal information to us regarding other individuals, you agree: (a) to inform the individual about the content of this Privacy Policy, and any other of our applicable privacy notices provided to you; and (b) to obtain any legally-required consent of personal information about the individual in accordance with this Privacy Policy, other privacy notices, and applicable law and/or regulation.

    Contact us

    If you have any questions about this Privacy Policy, any concerns or a complaint regarding the treatment of your personal information or a possible breach of your personal information, please contact us at dataprotection@starrcompanies.com:

    Starr Companies Compliance Director
    399 Park Ave
    New York, NY, 10022

    Details of our EU Data Protection Officer are as follows:
    Data Protection Officer
    4th Floor, 30 Fenchurch Avenue
    London, EC3M 5AD
    ukgdpr@starrcompanies.com

    APPENDIX 1

    Lawful bases under EU law (this only applies to individuals located within the EU/UK)

    1.1 The main lawful bases for our use of personal information are as follows:

    1. Consent: where you have consented to our use of your personal information. You may withdraw your consent to the use of your personal information by contacting us as per the “Contact us” section of the privacy policy. If you do so, we may be unable to provide a service that requires the use of such personal information.
    2. Contract performance: where we are required to collect and handle your personal information in order to provide you with the services that we have contractually agreed to provide to you.
    3. Legal obligation: where we need to use your personal information to comply with our legal obligations;
    4. Legal claims: where your personal information is necessary for us to establish, exercise of defend any legal claims; and
    5. Legitimate interests: where we have a legitimate interest in using your personal information. We will only rely on this lawful basis if we consider that our interest in using your personal information for the relevant purpose is not outweighed by any interests that you may have, or any prejudice that you may suffer, from the relevant use of your personal information.
    6. The main lawful bases for our use of your special categories of personal information are as follows:

    7. Legal claims: where your personal information is necessary for us to establish, exercise of defend any legal claims;
    8. Substantial public interest: where we need to process your personal information for reasons of substantial public interest set out in EU law or the laws of the member state in which you are based;
    9. Explicit consent: You have given your explicit consent to the processing of that personal information for one or more specified purposes. You are free to withdraw your consent by contacting us as per the “Contact us” section of the privacy policy. If you do so, we may be unable to provide a service that requires the use of such personal information.