PFLA Privacy Notice


This privacy notice describes how PFLA Limited (“we”, “us”, or “our”) collects and processes Personal Information when we provide underwriting and other forms of insurance services ("Services") to our clients.

Insurance involves the use and disclosure of Personal Information by various insurance market participants such as intermediaries, insurers and reinsurers. The London Insurance Market Core Uses Information Notice sets out those core necessary Personal Information uses and disclosures. Our core uses and disclosures are consistent with the London Market Core Uses Information Notice. We recommend you review this notice.

In providing the Services, we may be required to process Personal Information of individual policyholders and claimants, individuals named in an insurance policy, or individuals that are beneficiaries of, or have made claims under, an insurance policy, or individuals who are involved in an incident giving rise to an insurance claim. We also process Personal Information of individuals who are employees, contractors and representatives of our clients. This privacy notice applies to any individual whose Personal Information we process in the course of providing the Services (each a "data subject" or "you").


This privacy notice applies when we collect your Personal Information in the course of offering or administering our Services, and it applies to all Personal Information we collect or process about you.

Your Personal Information maybe transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for Personal Information under European Union law. We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details provided under the "Contact and Comments" section below. Last updated: 31 May 2019

“Personal Information” is information that identifies you as an individual or relates to an identifiable individual.

We may collect your Personal Information in the following ways:
• Our client may provide your Personal Information to us. When a client provides us with Personal Information about you, we ask that the client provides a copy of this privacy notice to you before doing so.
• You may provide your Personal Information directly to us (for example to engage us to provide a quote on your risks and to arrange, place and manage mid-term amendments or changes to insurance policies for you and when you notify us of a claim).
• Your Personal Information may be provided to us by other parties, for example the insurer(s), brokers, your employer, a family member, any other third person who may be applying for a policy which names you as the insured or your solicitors.
• We may collect your Personal Information from other sources, including public sources. This may include consulting public registers, social media and other online sources, credit reference agencies and other reputable organisations.

The Personal Information we may collect will depend on the type of Service we are providing and the relationship between us, but may include:
name and contact information;
demographic information, for example gender, age, date and place of birth, marital status, nationality, hobbies, family composition, education/work histories and dependents;
personal identification documentation and related information, for example birth certificates, passport information, utility bills, national identifiers, licences (including driver or pilot), tax identification number and employee identification numbers;
financial information and account details, for example bank account numbers, card data used for billing, transaction information, salary or wage details, insured amounts, credit history, credit reference information and credit score and account log-in information and passwords for accessing insurance policy, claim and other accounts;
information related to the provision of the Services, for example policy information, relationship to the policyholder, claims information, history and information relating to incidents giving rise to claims and related losses, status as company officer or director, or partner, or other ownership or management interest in an organisation, history of disputes, civil or criminal proceedings or formal investigations involving you, and information about other insurance held;
human resources data, for example job title and role, benefits and compensation information, dependent/beneficiary information, educational, academic and professional qualifications information, skills and experience, employment details, professional licences, memberships and affiliations, emergency contact information and performance management information;
communications with you, or statements made by or about you; and
photographs and video recordings, for example images (including photographs and pictures) or video recordings created in connection with our insurance or other business activities, including for claims assessment, administration and settlement, claim disputes, or for other relevant purposes as permitted by law, as well as CCTV recordings captured by equipment on our premises.

Some of the categories of information that we collect are special categories of Personal Information ("Sensitive Personal Information"). These include your health records (such as your medical history and reports on medical diagnoses, injuries and treatment); information about your personal characteristics and circumstances of a sensitive nature such as your racial or ethnic origin, trade union membership, sex life, mental and physical health and genetic information; and criminal records, fines and other like judicial records.

We may collect publicly available information such as information available on social media platforms, information about your registered property or assets and information about claims and convictions on public record.

We must have a legal basis to process your Personal Information. In most cases the legal basis will be one of the following:
• for performance of a contract with you or in order to take steps at your request prior to entering into a contract;
• for our legitimate interests, for example to provide our Services to our clients, to improve our Services, manage our risks, maintain accurate transaction records, and manage our business in an efficient way;
• for the legitimate interests of our clients and other third parties (for example, to prevent and detect suspicions of fraud); or
• to comply with our legal obligations such as due diligence and reporting obligations.

We process Sensitive Personal Information on the following legal bases:
• your consent, where consent is required by law (in which case our client will obtain your explicit consent to collect and use the data for the purposes described in this privacy notice). You may withdraw your consent at any time by contacting us using the details at the end of this privacy notice;
• to establish, exercise or defend legal claims; or
• where legislation otherwise permits us to process Sensitive Personal Information (for example, where the processing is necessary for insurance purposes).

Where we rely on our legitimate business interests or the legitimate interests of a third party to justify the purposes for using your Personal Information, our legitimate interests will usually be:
• pursuit of our commercial activities and objectives, or those of a third party (for example, by carrying out direct marketing);
• compliance with applicable legal and regulatory obligations, and any guidelines, standards and codes of conduct (for example, by carrying out background checks or otherwise preventing, detecting or investigating fraud or money laundering);
• improvement and development of our business operations and service offering, or those of a third party;
• protection of our business, shareholders, employees and customers, or those of a third party (for example, ensuring IT network and information security, enforcing claims, including debt collection); and
• analysing competition in the market for our services (for example, by carrying out research, including market research).

We may need to collect, use and disclose Personal Information in connection with matters of important public interest, for instance when complying with our obligations under anti-money laundering and terrorist financing laws and regulations, and other laws and regulations aimed at preventing financial crime.  In these cases, the legal justification for our use of Personal Information is that the use is necessary for matters of public interest. Additional justifications may also apply depending on the circumstances.

We use your Personal Information:
• to communicate with you and other individuals;
• to provide the Services, and fulfil our contractual obligations to clients;
• to make assessments and decisions (automated and non-automated, including by profiling individuals) about the provision and terms of insurance;
• to help develop new services and to enhance, improve or modify our products and services, provide staff training and maintain information security;
• to prevent, detect and investigate crime, including fraud and money laundering, and analyse and manage other commercial risks;
• to carry out background checks and conduct due diligence;
• to conduct research and data analysis, including analysis of our customer base and other individuals whose Personal Information we collect, complete market research, including customer satisfaction surveys, and assess the risks faced by our business, in accordance with applicable law (including obtaining consent where required);
• to manage our business operations and IT infrastructure, in line with our internal policies and procedures, including those relating to administration, finance and accounting, billing and collections, IT systems operation, data and website hosting, data analytics, business continuity, records management, document and print management and auditing;
• to operate and expand our business activities;
• to provide marketing information in accordance with preferences you have told us about;
• to manage complaints, feedback and queries, and handle requests for data access or correction, or the exercise of other rights relating to Personal Information;
• to exercise, defend or protect our legal rights or the rights of our clients or third parties; and
• to comply with legal and professional obligations and to cooperate with regulatory bodies.The way we analyse Personal Information for the purposes of risk assessment, fraud prevention and detection, and to report to our clients as part of the Services may involve profiling, which means that we may process your Personal Information using software that is able to evaluate your personal aspects and predict risks or outcomes.  If you are an insured person, the underwriting process may include profiling, details of which would be available from your insurer. We may also aggregate or anonymise information about you. Aggregated or anonymised data is not capable of being used to identify individuals and is not treated as Personal Information under this privacy notice.

We work with many third parties, to help manage our business and deliver services. These third parties may from time to time need to have access to your Personal Information.

We may share your Personal Information with third parties under the following circumstances:
• to our group companies for the uses and purposes set out above;
• to other insurance and insurance distribution parties, for example insurers, reinsurers, insurance and reinsurance brokers and other intermediaries and agents;
• to our clients, intermediaries, advisers and business partners for the purposes of fulfilling our contractual obligations to clients, for example to deliver the Services;
• to third party service providers, for example medical and security professionals, accountants, actuaries, auditors, experts, lawyers and other professional advisors; call centre service providers; IT systems, support and hosting service providers; printing, advertising, marketing and market research, and data analysis service providers; banks and financial institutions that service our accounts; third party claim administrators; document and records management providers; claim investigators and adjusters; and other third party vendors and outsourced service providers that assist us in carrying out business activities;
• to other third parties, for example payees, credit bureaus, credit reporting agencies, other people involved in an incident that is the subject of a claim and assistance providers who can help provide you with assistance in the event of a claim;  
• to government authorities, regulators, law enforcement agencies and third parties involved in legal proceedings, including where we are obliged to disclose your Personal Information under applicable law or regulation, which may include laws outside your country of residence; and
in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).

PFLA Limited maintains appropriate technical and organizational security measures to protect the security of your data against loss, misuse, unauthorized access, disclosure or alteration. These measures are aimed at ensuring the ongoing integrity and confidentiality of Personal Information. We evaluate these measures on a regular basis to ensure the security of the processing.

We will retain your Personal Information for as long as is reasonably necessary for the purposes listed in this privacy notice. When we no longer need your Personal Information in connection with the Services, we will then retain your Personal Information for a period of time that reasonably allows us to comply with our regulatory obligations and to commence or defend legal claims. We may retain aggregated or anonymised data (which is not treated as Personal Information under this privacy notice) for longer.

PFLA Limited is the controller responsible for the Personal Information we collect and process.

If you would like to review, correct, update, suppress, object to or restrict the processing of your Personal Information or request a copy of Personal Information about you, you may contact us by sending us an email at or sending your request by postal mail to the address provided in the “Contact and Comments” section below.

In your request, please make clear what Personal Information you would like to have changed, whether you would like to have your Personal Information suppressed from our database or otherwise let us know what limitations you would like to put on our use of your Personal Information.  For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request.  We will try to comply with your request as soon as reasonably practicable.  

Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the Information Commissioner's Office, at

You may request a copy of this privacy notice from us using the contact details set out below.

We may modify or update this privacy notice from time to time by notifying or providing a revised version to our clients. Where changes to this privacy notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will ask that our clients give you sufficient advance notice of these changes so that you have the opportunity to exercise your rights (e.g. to object to the processing).

If you have any questions or comments regarding this privacy notice, please contact us at 34 Lime Street, EC3M 7AT or at
Cyber for Financial Institutions
Financial Institutions, Commercial Entities and Cash In Transit

Operating from Room 795, Gallery 7, Lloyd's of London, 1 Lime Street, London, EC3M 7HA


Operating from Room 795, Gallery 7, Lloyd's of London, 1 Lime Street, London, EC3M 7HA

Operating from 34 Lime Street, London, EC3M 7AT

Lloyd's Consortium One:
Amtrust at Lloyd's
Axis Syndicate
Everest SyndicateLloyd's

Consortium Two:
Pembroke Syndicate
Acappella Syndicate
Everest Re

We are bound by the terms and conditions of the Lloyd’s of London claims office. All claims are agreed by the leader of the consortium, on its behalf. The leader has a team of more than ten professionals handling financial lines claims on a daily basis.

AmTrust at Lloyds

Hiscox Underwriting Limited

We are bound by the terms and conditions of the Lloyd’s of London claims office. All claims are agreed by the leader of the consortium, on its behalf. The leader has a team of more than ten professionals handling financial lines claims on a daily basis.

All claims are agreed by Hiscox Underwriting Limited