Job Applicant Data Privacy Notice

The Starr Group is committed to protecting the privacy and security of your Personal Data.

This privacy notice describes how Starr Group entities collect and use Personal Data about you during the recruitment process with us, in accordance with applicable Data Protection Laws, including the EU General Data Protection Regulation (EU GDPR), the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and the Data Use and Access Act.

Depending on the role for which you apply, your personal data will be processed by one or more of the following group companies, each acting as an independent data controller:

• Starr Underwriting Agents Limited
• Starr Europe Insurance Limited
• Starr Europe Underwriting Agents Limited
• SWAG
• IQUW Administration Services Limited

Each of the above entities is referred to in this privacy notice as the "Company" , "we", or "our".This means that we are responsible for deciding how we hold and use Personal Data about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

• Data Protection principles

  • We will comply with Data Protection Laws. This says that the Personal Data we hold about you must be:
    • Used lawfully, fairly and in a transparent way.
    • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
    • Relevant to the purposes we have told you about and limited only to those purposes.
    • Accurate and kept up to date.
    • Kept only as long as necessary for the purposes we have told you about.
    • Kept securely.

• Information we may collect about you

  • Personal Data: We may collect the following and process the following Personal Data about you, whether such information is provided by you or by a third party:
    • Your biographical information ► including your name, gender, date of birth, location of previous employment or workplace, previous job history, education details;
    • Your contact information ► including your home address, telephone number(s), personal email address, next of kin and emergency contact information;
    • Your identification information ► including your national identification number, driving licence, passport information, national insurance/social security number;
    • Your recruitment information ► including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process;
    • Your performance information ► including management metrics, appraisals, feedback, and disciplinary and grievance information from previous employers; and
    • Communications and internet information ► including your correspondence in connection with your application and CCTV footage where you attend our premises.
  • Special Categories of Personal Data: Depending on the jurisdiction and role for which you
  • apply, we may also collect Special Categories of Personal Data about you strictly where permitted by law and necessary for recruitment purposes, including:
    • Health information and medical records, such as fitness to work assessments, disability related adjustments;
    • Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions; and
    • Criminal convictions data, where required for regulatory obligations, suitability assessments or legally mandated checks.
  • Note that in very specific circumstances and in respect of a very limited number of individuals we may also collect Sensitive Personal Data relating to genetic information and biometric data. This is, however, done on a very exceptional basis only and only when permitted by law.

• How is your Personal Data collected?

  • We typically collect Personal Data about you through the application and recruitment process, either directly from you or sometimes from an employment or recruitment agency, or background screening provider. We may sometimes collect additional information from third parties including former employers, credit reference agencies or other background check agencies, referees, training and certification bodies, benefits and pension administrators, public registers, and regulators, as relevant to the purpose.

• What legal basis do we have for using your Personal Data and what are the purposes of the processing?

  • We have specified the situations in which we may use your Personal Data. For each use, we note the legal basis for processing your Personal Data. Some of the processing purposes will overlap and there may be several legal basis which justify the processing of your Personal Data.
    • To manage recruitment ► including eligibility for work, vetting, and hires.

      Legal basis: Contract performance, legitimate interests (to enable us to effectively recruit staff).

    • To manage your entitlement to work ► including right to work status.

      Legal basis: Contract performance, legitimate interests (to enable us to effectively recruit staff).

    • For security purposes ► for providing network and IT support, security and user authentication.

      Legal basis: Contract performance, legitimate interests (to enable us to ensure the security of our systems).

    • To prevent data losses ► this includes monitoring activities within our business network in order to ensure that we do not lose sensitive data from the company.

      Legal basis: Legitimate interests (to enable us to ensure the prevention and detection of data losses).

    • To comply with our legal obligations ► we may disclose your Personal Data in connection with proceedings or investigations involving you or other employees, workers and contractors, anywhere in the world to third parties, such as public authorities, law enforcement agencies, regulators and third party litigants (these third parties will process your Personal Data for their own purposes and not on our instructions).

      Legal basis: Contract performance, legal obligations, legitimate interests (to enable us to cooperate with law enforcement and regulatory authorities).

    • To review our business structure ► We may use your Personal Data for business management and planning purposes, including accounting, internal audits, and related activities that support the effective operation of our business.

      Legal basis: Contract performance, legal obligations, legitimate interests (to enable us to effectively manage and operate our business).

    • To conduct certain checks on you, such as credit checks and anti-fraud checks ► we may access and use your Personal Data to conduct, credit checks and checks to prevent fraud and money laundering. If false or inaccurate information is provided and fraud is identified or suspected, details may be passed to law enforcement agencies and/or relevant authorities including credit reference agencies and fraud prevention agencies. We will also record this.

      Legal basis: Legal obligation, legitimate interests (to assist with the prevention of crime and fraud).

    • To monitor equal opportunities ► managing ethnic, gender and disability and information as part of our equal opportunities monitoring processes.

      Legal basis: Legal obligation, legitimate interests.

  • We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
  • Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

• How we use Special Categories of Personal Data

  • "Special Categories" of Personal Data require higher levels of protection. The collection, storage and use of this type of personal data is, in principle, not permitted. We may only process special categories of Personal Data where there is legal basis for processing such Personal Data and one of the following specific conditions is met:
    • With your explicit written consent to the processing of those Personal Data for one or more specified purposes.
    • Where we need to carry out our legal obligations and in line with our Data Privacy and Information Handling Policy.
    • Where it is needed in the public interest, such as for equal opportunities monitoring, and in line with our Data Privacy and Information Handling Policy.
    • Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.
    • Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.
  • We will process your Special Categories of Personal Data in the following ways:
    • To ensure health and safety in the workplace ► Information about your physical or mental health, or disability status, may be used to make reasonable adjustments to the recruitment process.
    • To ensure Equal Opportunity Monitoring ► We will use information about your race or national or ethnic origin to ensure meaningful equal opportunity monitoring and reporting and data to identify trends for diversity, equity, and inclusion purposes.
  • Depending on the jurisdiction and role for which you apply, we may not need your consent if we process Special Categories of Personal Data in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.

• Criminal convictions

  • We may only use information relating to criminal convictions where the law requires us to do so. This will usually be where such processing is necessary to carry out our legal and regulatory obligations and provided we do so in line with our Data Privacy and Information Handling Policy.
  • Less commonly, we may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.
  • Where screening is necessary for integrity-sensitive roles, we will collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us. Details of applicable roles, the legal basis and safeguards are available upon request. We will use information about criminal convictions and offences in the following ways (non-exhaustively):
    • To comply with our obligations to our regulators, including implementation and compliance with the Senior Insurance Managers Regime (as amended from time to time), applications and notifications in respect of senior insurance management functions, senior insurance functions and key function holders, the carrying out of fitness and propriety assessments, compliance with regulatory conduct standards / rules and the provision and updating of regulatory references.
    • As an employer when considering your obligations to us as an employee, whether under contract, common law or otherwise. For example, whether any conviction could amount to misconduct or gross misconduct.

• Sharing your data

  • We may share your Personal Data with other entities in the Starr Group or third parties where required by law, where it is necessary to manage the recruitment process or where we have another legitimate interest in doing so.
  • "Third parties" includes third-party service providers (including contractors and designated agents). The following activities are carried out by third-party service providers: employment screening, health screening/assessments, payroll and taxation processing, and IT-related services.
  • All our third-party service providers and other entities part of the Starr Group are required to take appropriate security measures to protect your Personal Data in line with our policies. We do not allow our third-party service providers to use your Personal Data for their own purposes.
  • We may share your Personal Data with other entities in the Starr Group as part of our recruitment process, regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data.
  • We will generally store your Personal Data in the country in which you apply for employment. However, your personal data may also be accessed and stored in other jurisdictions where members of our group operate. Where we transfer Personal Data outside the European Economic Area, we ensure an adequate level of protection through one or more of the following: adequacy decisions, Standard Contractual Clauses, or other lawful safeguards.
  • Please contact the Data Protection Officer if you would like to obtain a copy of the safeguards we apply in relation to the export of your Personal Data.

• Security of Data

  • We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality. Details of these measures are available upon request.
  • We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

• Retention of Data

  • We keep records of your data for no longer than is required to comply with statutory retention periods or is necessary for the purpose for which we obtained them. In particular, recruitment data is retained for up to 12 months after the organisation has communicated to you the outcome of the recruitment process.
  • If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice (Employee Privacy Notice).

• Updating your Personal Data

  • We will use reasonable endeavours to ensure that your Personal Data is accurate. In order to assist us with this, you should notify us of any changes to your Personal Data that you have provided to us by contacting the International Human Resources team.

• Rights relating to your Personal Data

  • You have certain rights in relation to your Personal Data. Please be aware that certain exceptions apply to the exercise of these rights and so you will not be able to exercise these in all situations.
    • Access: You have a right to be provided with access to any data held about you by the Company generally within one month of your request.
    • Rectification: You can ask us to have inaccurate Personal Data amended.
    • Erasure: You can ask us to erase Personal Data in certain circumstances and we will take reasonable steps to inform other controllers that are processing the data that you have requested the erasure of any links to, copies or replication of it.
    • Restriction: You can require certain Personal Data to be marked as restricted whilst complaints are resolved (for example where you want us to establish the accuracy or reason for processing the information) and also restrict processing in certain other circumstances.
    • Portability: You can ask us to transmit the Personal Data that you have provided to us and we still hold about you to a third party electronically.
  • If you want to review, verify, correct or request erasure of your Personal Data, object to the processing of your Personal Data, or request that we transfer a copy of your Personal Data to another party, please contact the Data Protection Officer.
  • You also have the following additional rights:
    • Withdrawal of consent: In the limited circumstances where you may have provided your consent to the processing of your Personal Data, you have the right to withdraw any consents to processing that you have given us and prevent further processing if there is no other ground under which the Company can process your Personal Data.
    • Raise a complaint: You can raise a complaint about our processing of your Personal Data by contacting the Data Protection Officer. If you are not satisfied with our response, you can raise a complaint to the Data Protection Authority in your jurisdiction.

• Data Protection Officer

  • The Company has a designated Data Protection Officer who should be contacted if you have any queries regarding the operation of this Privacy Notice or want to exercise any of your data subject rights. The contact details are set out below:

    Data Protection Officer Location: Starr Companies, 30 Fenchurch Avenue, London, EC3M 5AD, United Kingdom Email: ukgdpr@starrcompanies.com

• Changes to this privacy notice

  • We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your Personal Data.