Privacy Policy

Effective Date: June 30, 2023

This Privacy Policy describes how Starr and its subsidiaries and affiliates (“Starr,” “we”, “our”, or “us”) collect, use, disclose and share personal information collected both online (e.g., from this website) and offline (e.g., in person at conferences and events or through our client service channels) (collectively, the “Services”).

Further notices highlighting certain uses we wish to make of your personal information together with the ability to opt-in or opt-out of selected uses may also be provided when we collect personal information from you.

Depending on where you are located, the controller of your personal information under this policy and the applicable law will be different. Please see here for a list of which Starr entities will be controllers in which countries. In addition to the foregoing, Starr Insurance Holdings, Inc. may also act as controller. We can confirm which processing activities are undertaken by which entity should you request this.

How We Collect Personal Information

We may collect personal information from various sources including:

  • directly from you, such as information you provide to us when you inquire or purchase our products and use our Services. Where you are providing us with personal information other than yourself, you agree to provide this notice to them;
  • from our vendors; partners; and third parties who we work with to provide the Services such as brokers, third party administrators, loss adjusters, coverholders, etc.;
  • from companies and organizations that partner with us to deliver Services;
  • during conversations and correspondences between you and our representatives, including but not limited to our agents;
  • automatically, from your use of our website or apps, such as your IP address, usage data, and geolocation data, etc.; and
  • other sources such as public databases, social media platforms, and other third parties.

The third parties we collect personal information from may include third party companies such as credit reporting agencies, law enforcement agencies and other government entities. We may also collect personal information about you from our group companies. From time to time, we may use or augment the personal information we have about you with information obtained from other sources, such as public databases, social media platforms and other third parties. For example, we may use such third -party information to confirm contact information or to better understand your interests by associating demographic information with the information you have provided.

Automated Collection

We automatically collect some information and data about your computer and mobile devices when you visit our website. To collect this information, we may use cookies, web beacons, and similar technologies. For more information about how we use cookies, please visit this site.

At this time, we do not respond to Do-Not-Track signals.

Information We Collect

We may collect different types of personal information, including:

  • contact information, such as first and last name, telephone number, postal and billing address;
  • demographic information such as gender, marital status, employment and occupation details, and income;
  • financial information and other information required to process your transaction such as financial account details and numbers;
  • information necessary to verify your identity and provide you with our products and Services, such as driver’s license number, passport number, national insurance number, and social security number;
  • username and password for any account you may create with Starr;
  • family details such as information about beneficiaries (e.g., spouse, child, joint applicant, next of kin, dependent, trustee, etc.);
  • information necessary to process claims such as health information, medical history, and treatment plans;
  • background information to the extent permitted by applicable laws, we may obtain reports from public records of criminal convictions;
  • professional licensure information and details;
  • geolocation data;
  • usage information, such as IP address, operating system, and date, time, and length of stay on our website; and
  • Inferences drawn from any of the information described above to create a profile about an individual’s preferences, behavior, characteristics, and attitudes.

We may aggregate and/or irreversibly de-identify personal information collected in connection with the Services and use it for any purpose, including product and service development and improvement activities.

With respect to individuals located in Hong Kong and Thailand, please note that in order for us to provide our products and/or Services to you, it is mandatory that we require you to provide certain personal information, which is described to you on or before when we obtain such personal information. In the event that you do not provide such personal information, we may not be able to provide you with our products and/or Services or part thereof.

Special Categories of Personal Information

Some of the categories of personal information that we collect are sensitive personal information (also known as “special categories of personal information”). In particular, we may process data concerning your health in connection with the administration of insurance policies and any claims.

In some circumstances, we (and other insurance market participants) may need to collect and use this sensitive personal information and information relating to criminal convictions and offences. Where this is required, unless other legal grounds apply, your consent to this processing is necessary for us to provide you with the relevant Services and you hereby consent to such processing. Otherwise, we may not be able to provide you with the relevant Services or part thereof. However, you may withdraw your consent at any time (please see the “Your Rights and Choices” section of this Privacy Policy for further information about how to do this).

Starr does not sell sensitive personal information or disclose sensitive personal information to third parties to use for their own benefit.

How We Use Personal Information

We collect, use and disclose personal information for the purposes set out below.

With respect to individuals located in the EU/UK, Thailand and the Philippines, use of personal information must be based on one of a number of legal bases and we are required to set out the grounds in respect of each use. In the list below, we have set out the legal bases that apply to the purposes for which we use your personal information. You can find an explanation of each of these legal bases at Appendix 1 of this Privacy Policy.

  • To administer your policy and to manage, process, defend/prosecute and/or investigate claims.
  • To allow you to apply for our products and Services and to evaluate your eligibility for such products and Services, and to process your applications to use our products and Services (including setting you up as a client which may include fraud, sanctions, credit and anti-money laundering checks).
  • To contact you regarding renewals, evaluate risks and pay associated premiums as required.
  • To communicate with you about our Services, including to fulfill your requests, respond to your inquiries, and to inform you of changes related to our products and Services. Legal bases for above purposes: contract performance, legitimate interests (in order to allow us to perform our obligations and provide our services to you). With respect to special categories of personal information, where we cannot rely on another ground such as legal claims or substantial public interest (e.g., to prevent and detect crime/fraud), we rely on consent.
  • To provide you with information about our products and Services, including to personalize such communications to present products and offers tailored to your interests and eligibility. For further information, please see the “Marketing” section below. Legal bases for the above purpose: legitimate interests (in order to allow us to market to you) or consent (where this is required by law).
  • To prevent fraud, including by confirming your identity and location. If false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies and may be recorded by us or by them.
  • To comply with our legal obligations and to exercise and defend our legal rights. Legal bases for the above purposes: legal obligations, legitimate interests (to comply with our obligation and cooperate with law enforcement and regulatory authorities), legal claims. With respect to special categories of personal information, where we cannot rely on another ground including legal claims or substantial public interest (to prevent and detect crime/fraud) we rely on consent.
  • To improve our products and Services;
  • In the event we sell or transfer or restructure all or a portion of our business or assets, or conduct negotiations relating to the foregoing. If we engage in such a sale or transfer, we will make reasonable efforts to direct the recipient (and their advisors) to use your personal information in a manner that is consistent with this Privacy Policy. After such a sale or transfer, you may contact the recipient with any inquiries concerning the recipient’s privacy practices. Legal bases for the above purposes: legitimate interests (in order to allow us to improve our Service or change our business (as applicable).

As mentioned above, we may also use and share de-identified personal information for any other legitimate purposes, including product and service development and improvement activities. We base this de-identification on the ground that it is within our legitimate interests (to enable us to improve our business, products and Services).

How We Share Personal Information

We may share your personal information for the purposes (and the legal bases) set out above as follows:

  • within our company and with our affiliates and with other insurers and reinsurers who help us manage our risk;
  • with service providers that perform Services on our behalf, including for the purposes of operating our website, assisting us to perform business functions, claims handling, and operations, and professional services such as legal advisors, accountants and consultants;
  • with select insurer and reinsurer partners we may collaborate with;
  • with other parties with your consent and at your direction; and
  • we reserve the right to disclose your personal information as required by law, when we believe disclosure is necessary or appropriate to comply with a regulatory requirement, judicial proceeding, court order, government request, or legal process served on us, or to protect the safety, rights, or property of our customers, the public, us or others.
Automated Decisions

Your personal information may be profiled to assess risk and patterns. We may make automated decisions about you based on such profiles where such decisions are required or authorized by applicable law or where necessary for the performance of a contract with you, for example for sanctions, fraud prevention and money laundering purposes.

We may use criteria such as demographics, employment status and other related factors to determine your eligibility to purchase Starr products and Services on an automated basis or without human/manual intervention by comparing such factors against those used to develop our different risk profiles. The outcome of such decision may include an effect on the rates you are charged, and may limit your ability to obtain our products and Services .

Subject to local legal requirements and limitations, you have a right to object to our use of automated decision-making or request an automated decision to be reviewed by a human being.

Marketing

We (or our service providers and advertising partners) may send you direct marketing communications and information about our products and services that we consider may be of interest to you and, where required by law, we will ask for your consent at the time we collect your personal information to conduct any of these types of marketing. To the extent permitted by applicable law, we will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt-out by contacting us as set out in the “Contact Us” section below.

Marketing profiles: Please note that we may use or augment the personal information we have about you with information obtained from other sources, such as public databases, social media platforms and other third parties to provide you with tailored marketing communications.

You have the right to opt out of such analysis of your personal information that we use to tailor the direct marketing that we send to you, at any time. You can exercise this right by contacting us as set out in the “Contact Us” section below. Please note that we also carry out digital advertising campaigns from time to time that do not rely on your personal information. Subject to any local law requirements, your opt-out will not have effect on such advertising campaign. Additionally, when you request an opt-out, it may take some time to process the request. Therefore, it is possible that you may receive marketing communications scheduled prior to our receipt of your withdrawal of consent.

If you opt -out of or do not provide your consent to receiving marketing or commercial communications, we retain the right to send you non-marketing communications such as correspondence about your relationship with us, information about transactions, or notifying you of updates to our Privacy Policy or Terms of Use.

Your Rights and Choices

Depending on where you reside, you may have certain rights and choices regarding our collection, usage, disclosure or processing of your personal information. These rights and choices shall include but not limited to the following:

  • The right to access and know the categories of and sources from which we collect your personal information: You may request the categories of your personal information that we collect and the identity of the third-party sources that provide us with your personal information.
  • The right to access and correct your personal information: You may access the personal information we maintain about you by submitting a request to us using the contact details below. If we grant your request, we will provide you with a copy of the personal information we maintain about you in the ordinary course of business, in a commonly used format. Depending on the jurisdiction, we retain the right to charge a reasonable fee for such access. You may request access to correct any errors in your personal information, including sensitive personal information. Alternatively, and to the extent permitted by applicable law, we may delete your personal information in lieu of correction or redirect you to the appropriate source of such information for correction.
  • The right to portability of your personal information: Under certain conditions, you may request that we transfer your personal information to another entity in the format in which we maintain it in the ordinary course of business.
  • The right to request deletion of your personal information: You may request that we delete or anonymize your personal information that we no longer have a lawful basis to use.
  • The right to object to collection, usage, disclosure or processing of your personal information. Under certain conditions under the applicable law, you may have the right to object to our collection, usage, disclosure or processing of personal information about you, including our use of your personal information for marketing purposes and marketing profiles.
  • The right to restrict the processing and/or use of your personal information. Under certain conditions, you may have the right to restrict our processing and/or use of your personal information, including any sensitive personal information.
  • Withdrawal of consent: If Starr relies on your consent for the processing of your personal information, we will obtain your consent at the time we collect your personal information. To the extent provided by applicable law, you may withdraw any consent previously provided to us, or object at any time on legitimate grounds, to the processing of your personal information. We will apply these preferences going forward. In some circumstances, withdrawing consent to our use or disclosure of your personal information will mean that Starr may no longer be able to provide you with the Services.
  • The right to contact or file a complaint to the relevant authority: Depending on where you are located, you are able to contact or file a complaint to the relevant authority.

We will verify your identity in connection with any requests regarding your personal information and take steps designed to ensure that only you ( or your authorized representative(s)) exercise rights with respect such information. If you are an authorized agent making a request, we may require and request additional information to verify you are authorized to make the request.

We endeavor to comply with your request as soon as reasonably practicable and in compliance with all applicable laws. Please note, however, that your exercise of these rights may be subject to certain conditions and exemptions and permitted by applicable law. If we reject your request, we will endeavor to notify you of the reason(s) for the rejection.

Starr does not sell personal information or disclose personal Information to third parties to use for their own benefit; however, we allow certain companies to place tracking technologies like cookies on our websites. Those companies receive information about your interaction with our websites that is associated with your browser or device and may use that data to serve you relevant ads on our websites or others. To opt-out of this practice, please click here. For more information please see our Cookie Policy.

We will not restrict or deny you access to our Services because of the choices you make in connection with your personal information, but please note, certain choices may affect our ability to provide you with our Services. For example, we cannot delete all of your information if we are processing a claim on your behalf.

Please contact us using the contact details below in the “Contact Us” section if you would like to exercise any of these rights or request more information. Where required by applicable law, we will notify you if we reject your request and notify you of the reason(s) we are unable to honor your request. With respect to individuals located in the EU/UK, where we are unable to resolve an inquiry or a complaint, you have the right to contact the data protection regulator in the European country in which you are based. A list of the data protection regulators and their contact details can be found here. With respect to individuals located in the Philippines, where we are unable to resolve an inquiry or a complaint, you have the right to contact the National Privacy Commission.

With respect to individuals located in Thailand, where we are unable to resolve an inquiry, a complaint or you believe that we infringed applicable law, you have the right to contact or file a complaint to the Personal Data Protection Committee or other relevant authority.

International Transfers of Personal Information

Any personal information you provide to us may be stored and processed, transferred between and accessed from the United States (including our group companies and our external IT service providers), and other countries. However, we will handle your personal information in accordance with this Privacy Policy regardless of where your personal information is stored/accessed.

We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information. Where required by certain jurisdictions, we will transfer your personal information subject to jurisdiction-approved safeguards and in accordance with applicable law, such as standard contractual clauses. For example, if you are located in the EU/UK, we will transfer your personal information subject to approved safeguards unless we are permitted under applicable EU/UK data protection law to make such transfers without such formalities.

How We Protect Personal Information

We maintain reasonable administrative, technical and physical safeguards designed to protect the personal information we maintain against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. However, because no security measure is 100% effective, unauthorized entry or use, hardware or software failure, and other factors may compromise the security of information about you at any time, and to the extent permitted by applicable law, we bear no liability for uses or disclosures of personal information or other data arising in connection with theft of the information or other malicious actions.

Retention

We retain personal information for the period necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by applicable law. Please note that we often need to retain certain data for recordkeeping purposes, for purposes connected with the establishment, exercise, or defense of legal claims and/or to complete any transactions that you began prior to requesting a change or deletion. In addition, there may be certain data (including personal information) that we may not allow you to review for legal, security or other reasons. We periodically delete and/or destroy retained personal data in compliance with applicable obligations to do so.

Third Party Links

Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third-party website and we are not responsible for the privacy policies or the content of any third-party website. Third party websites are responsible for informing you about their own privacy practices. Please check these policies before you submit any personal information to such third-party websites.

Children's Privacy

Starr does not knowingly collect personal information from children under 13 (or children under 18 or 20 where the age of majority in the relevant country is 18 or 20 years old, or children who have not reached the age of majority, as the case may be). If a parent or guardian becomes aware that his or her child has provided us with personal information without their consent, he or she should contact us at dataprotection@starrcompanies.com. If we become aware that a child under 13 (or 18 or 20, or children who have not reached the age of majority, as the case may be) has provided us with personal information, we will delete such personal information from our files.

Changes to this Policy

We may change this Privacy Policy from time to time. If we do so, we will post the updated policy on our sites and will indicate when the Privacy Policy was last revised and, if required by applicable law, notify you of the changes. If we make any material changes, we will provide you with additional notice. You should periodically review our current Privacy Policy to stay informed of our personal information practices.

Personal Information of other Individuals

If you provide personal information to us regarding other individuals, you agree: (a) to inform the individual about the content of this Privacy Policy, and any other of our applicable privacy notices provided to you; and (b) to obtain any legally-required consent of personal information about the individual in accordance with this Privacy Policy, other privacy notices, and applicable law and/or regulation.

Contact Us

If you have any questions about this Privacy Policy, any concerns or a complaint regarding the treatment of your personal information or a possible breach of your personal information, please contact us at dataprotection@starrcompanies.com:

Starr Insurance Companies Compliance Director
399 Park Ave
New York, NY 10022

Details of our EU Data Protection Officer are as follows:
Data Protection Officer
4th Floor, 30 Fenchurch Avenue
London, EC3M 5AD
ukgdpr@starrcompanies.com

Appendix 1

Lawful bases under EU/UK law, the laws of Thailand and the laws of the Philippines (this only applies to individuals located within the EU/UK, Thailand and the Philippines)

1.1 The main lawful bases for our use of personal information are as follows:

  1. Consent: where you have consented to our use of your personal information. You may withdraw your consent to the use of your personal information by contacting us as per the “Contact us” section of the privacy policy. If you do so, we may be unable to provide a service that requires the use of such personal information.
  2. Contract performance: where we are required to collect and handle your personal information in order to provide you with the services that we have contractually agreed to provide to you.
  3. Legal obligation: where we need to use your personal information to comply with our legal obligations;
  4. Legal claims: where your personal information is necessary for us to establish, exercise of defend any legal claims; and
  5. Legitimate interests: where we have a legitimate interest in using your personal information. We will only rely on this lawful basis if we consider that our interest in using your personal information for the relevant purpose is not outweighed by any interests that you may have, or any prejudice that you may suffer, from the relevant use of your personal information.
    The main lawful bases for our use of your special categories of personal information are as follows:
    1. Legal claims: where your special categories of personal information is necessary for us to establish, exercise of defend any legal claims;
    2. Substantial public interest (EU law and Thailand only): where we need to process your special categories of personal information for reasons of substantial public interest set out in EU law, the laws of the member state in which you are based or the laws of Thailand;
    3. Explicit consent: you have given your explicit consent to the processing of that special categories of personal information for one or more specified purposes. You are free to withdraw your consent by contacting us as per the “Contact us” section of the privacy policy. If you do so, we may be unable to provide a service that requires the use of such special categories of personal information.
Appendix 2

California Residents

Below are the categories of Personal Information about California residents that Starr collected and disclosed for a business purpose in the past twelve (12) months. We collect these categories of personal information from the sources described in the “How We Collect Personal Information” and “Automated Collection” sections above, and for the purposes described in the “How We Use Personal Information” referenced above. Please note that our collection, use, and disclosure of your personal information will vary depending on the circumstances and nature of our interactions or relationship with you.

Disclosures: We may disclose for a business purpose each of the categories of personal information described in the table below to the following categories of other entities: advertising networks, advisors, affiliates, agents, auditors, banks, consultants, counsel, courts, government entities, law enforcement, operating systems/platforms, regulators, reinsurers, representatives, service providers, and tribunals.

Category of Personal Information & Examples Examples Collected Disclosed for Business Purpose(s)
Name, Contact Information, and Other Identifiers Real name, alias, residential address, mailing address, phone number, date of birth, social security number, tax identification number, passport number, driver’s license or state identification card number, email address, Internet Protocol address, online identifiers (e.g., usernames or handles), insurance policy number, and financial and payment information as described below. Yes Yes
Account Information and Customer Records Username, email, and password used to access a Starr account. A paper or electronic record containing personal information, as well as information, provided by a reinsurance or insurance broker/agent for underwriting purposes, and information detailed in a list of claims, including the categories of information referenced in this table. Yes Yes
Financial and Payment Information Financial or payment information used to complete a transaction, such as bank account number, payment card number, and payment history. Yes Yes
Characteristics of Protected Classifications Under California Law Age (40 years or older), race, national ancestry, national origin, citizenship, religion or creed, marital status, pregnancy, medical condition, physical or mental disability, sex, sexual orientation, and veteran or military status. Yes Yes
Sensitive Personal Information including Health and Biometric Information Criminal records, medical records and/or history (e.g., including conditions, diagnoses, genetic information, and biometric information that contains identifying information, such as measurements of physical characteristics, blood pressure, sleep, health, or exercise data. Yes Yes
Audio, Video, and Other Electronic Data Audio recordings, including phone calls, video records, and photographs. Yes Yes
Usage Data / Internet Activity Internet or other electronic network activity information regarding interactions with portals, Internet websites, applications, or advertisements, including, but not limited to, Internet Protocol address, browsing history, clickstream data, search history, and content of public posts. Yes Yes
Non-Public Educational Information Education records, that are directly related to a student and maintained by an educational institution or party acting on its behalf (e.g., grades, transcripts, class lists, schedules, student identification codes, and disciplinary records). Yes Yes
Employment Information Employment history, qualifications, credentials, licenses, disciplinary record, and participation information. Yes Yes
Inferences Drawn from Other Personal Information Inferences drawn from any of the information identified above to make a profile of a California resident, including preferences, behavior, characteristics, and attitudes Yes Yes