Introduction

We are committed to protecting the privacy of all persons whose personal information we handle or process. The following notice outlines how we safeguard personal information:

As used in this policy, terms such as “we”, “our” and “Company” refer to the operations of Pacific Life Re International Limited and/or Pacific Life Re Services Limited which are based in the UK and/or relate to policyholders who are based in the UK reinsured by Pacific Life Re International Limited or its UK branch. Pacific Life Re International Limited has operations which are outside the UK, or do not deal with policyholders in the UK, which are not covered by this privacy notice.

This privacy notice is not intended for individuals connected with, or employed by, cedants, insurance intermediaries and consultants, and other professional third parties, such as retrocessionnaires and service providers, with whom the Pacific Life Re Division has a business relationship.

The Company’s main business is the provision of life and health reinsurance services to insurance companies. Reinsurance is essentially insurance for insurers. It is common for insurance companies to reduce the risk associated with a life insurance or annuity policy, or the benefits paid to a pension scheme member, by reinsuring some of the risk with a reinsurer.

In the course of providing reinsurance services the Company receives personal information from life insurance companies regarding individuals insured by them, individuals who have applied for insurance cover, and/or individual members of pension schemes whose overall liabilities have been insured by the relevant pension scheme trustees.

We refer to these individuals as ‘policyholders’ and their personal information as ‘policyholder information’.

The Company may itself also obtain reinsurance for some of the risks that it has reinsured. The provision of reinsurance services to reinsurers is known as ‘retrocession’ and the providers are known as ‘retrocessionaires’. In order to obtain retrocession cover the Company will typically share policyholder information with retrocessionaires.

Set out below are further details of the policyholder information we receive and the ways in which we use that information for the purposes of providing reinsurance services and obtaining retrocession.

What personal information do we collect?

We collect, store, and use the following kinds of policyholder information:

• Basic personal details such as name, address and date of birth
• Details of insurance policies and other insurance-related services policyholders have applied for or received
• Information about policyholders’ claims and incidents that are subject to an insurance claim

In certain circumstances we may request and/or receive "sensitive" personal information about policyholders. For example, we may need access to health records for the purposes of deciding whether and on what terms we will reinsure a risk or to process reinsurance claims payable to our insurance company clients, or we may need details of any court or HMRC judgments for the purposes of preventing, detecting and investigating fraud.

Please see below for a more detailed list of sensitive policyholder information we may collect:

• Details of policyholders’ current or former physical or mental health
• Details of policyholders’ current and former marital status
• Details regarding policyholders’ criminal offences, including alleged offences, criminal proceedings, outcomes and sentences
• Information about policyholders’ health including treatment and
• care they may have received or need
• Information about policyholders’ family history of illness or medical treatment

How do we use your personal information?

We will only use policyholder information for the following purposes:

• Discussion, negotiation and conclusion of reinsurance agreements (including retrocession)
• Deciding whether to provide reinsurance cover in relation to an individual or group of policyholders
• Administration, implementation and management of reinsurance and retrocession agreements
• Determining whether claims or other amounts are payable under reinsurance or retrocession agreements
• Establishing, exercising or defending our legal rights in connection with reinsurance or retrocession agreements, for example when we are faced with any legal claims or where we want to pursue any legal claims ourselves
• The detection and prevention of fraud and prevention of financial crime
• Any uses permitted by specific legal exemptions to process personal information for insurance purposes. A specific exemption applies where we need to process sensitive policyholder information as an essential part of providing insurance cover, for example using health data to assess whether to provide reinsurance cover or pay reinsurance claims
• Other business activities relating to reinsurance. These include, for example, financial reporting, compliance with legal and regulatory requirements, and research and statistical analysis to support and improve the Company’s reinsurance services and those of its affiliates, ensuring that our processes, procedures and systems are as efficient as possible and enhancing the service that we provide

Where it is possible and proportionate to do so, we use pseudonymised data to carry out these purposes. Pseudonymisation is a recognised data minimisation technique that enables the Company’s employees and agents to use policyholder information without being able to personally identity the policyholders concerned.

We do not use policyholder information to contact policyholders or allow any other person to do so on our behalf.

Our legal basis for processing

When we handle, use and store any information about physical or mental health or criminal convictions of policyholders and this is essential for the provision of our reinsurance services then we rely on our specific legal right to process such information for insurance purposes under UK law.

We rely on the ‘legitimate interests’ basis for processing under UK law. Financial backing and expertise from reinsurers improves the quality, cost-effectiveness and availability of products and services provided to new and existing policyholders. We take steps such as data minimisation to ensure that our use of data is proportionate and to respect the rights and interests of policyholders.

In order to provide reinsurance services required by the insurance industry, we need to be able to use policyholder information for the purposes set out in the preceding section. Our processing of policyholder personal data is therefore necessary for the performance of the underlying insurance contracts which we reinsure.

Finally, in some relatively limited circumstances we will need to use policyholder information to be able to comply with our legal obligations (for example, to deal with any legal proceedings which may arise, and to establish or exercise our legal rights or defend against legal claims).

When do we disclose your personal information?

We only share policyholder information where it is lawful and necessary to do so in connection with the provision of reinsurance services.

We may disclose policyholder information under the following circumstances:

• Third-party service providers: We share information with third- parties to facilitate the provision of certain reinsurance services, for example, medical officers who help us to assess health claims. These companies and/or individuals are authorised to use policyholder information only as necessary to provide these services.
• Group companies: We may provide policyholder information to our affiliated companies for the purpose of facilitating the provision of reinsurance services.
• Compliance with laws and legal proceedings: We may need to disclose policyholder information when we respond to court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims or to meet our legal and regulatory obligations.
  
• Retrocession companies: In a small number of cases we share personal information with retrocessionaires who provide us with retrocession services. These companies will process policyholder information in accordance with the terms of their own privacy policies.

Policyholders should contact us using the contact details set out below if they require further information regarding third parties to whom we have disclosed their policyholder data.

International transfers

We may transfer policyholder information to third party data processors located in countries that are outside the UK and European Economic Area (EEA) in connection with the above purposes.

Countries which are outside the UK and EEA may not offer the same level of data protection. Accordingly, when we transfer personal information outside the UK and EEA we:

• Include the standard contractual data protection clauses produced by the UK Regulator for transferring personal information outside the UK into its contracts with those third parties (these are the clauses approved under Article 46.2 of the UK General Data Protection Regulation (UK GDPR); or
• Ensure that the country in which policyholder information is handled has been deemed "adequate" as set out in Chapter 5. Article 45 of UK GDPR
• Policyholders should contact us using the contact details set out below if they require further information regarding circumstances in which we have transferred their policyholder data to countries outside the European Economic Area.

How is your personal information protected?

We have in place physical, electronic, and procedural safeguards to protect personal information that we hold against unauthorised disclosure or unlawful processing. Safeguards include only holding personal information on secure servers, the use of encryption, firewalls and access controls and the separation of duties within our organisation to ensure appropriate organisational controls are in place. When processing policyholder information we seek to use only pseudonymised data where knowledge of a policyholder’s identity is not required.

How long is your personal information retained?

Our retention periods for personal information are based on our legitimate interests and other legal requirements.

We retain personal information for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purposes. For example, we retain information relating to an insurance policy and related correspondence until the time limit for claims arising from the relevant insurance policy has expired (usually the life of the policy plus 6 years), or to comply with legal requirements regarding the retention of such information.

When we delete policyholder information it may persist on backup or archival media for legal, tax or business continuity purposes.

Access to your personal information

Subject to any relevant exemptions, policyholders are entitled to see a copy of the personal information we hold about them and to request details of how we use policyholder information including any disclosures made. To exercise the rights to access policyholder information, policyholders should contact us at the email address below. There will not usually be a charge for dealing with these requests.

Policyholder information will usually be provided to policyholders in writing, unless otherwise requested. Where a request is made by electronic means, policyholder information will be provided by electronic means where possible.

Right to rectification

We take reasonable steps to ensure that policyholder information that we hold is reliable and as accurate and complete as is appropriate for its intended use. Policyholders are entitled to ask us to update or amend any inaccuracies in the personal information that we hold about them. To request us to update or amend any personal information, policyholders should contact us at the address below.

Other rights

Under certain conditions, policyholders may also have the right to:

• Request deletion of any policyholder information that we are no longer legally entitled to retain
• Object to any processing of policyholder information based on the legal ground of ‘legitimate interests’ unless our reason for undertaking that processing outweighs any prejudice to a policyholder’s data protection rights
• Restrict how we use policyholder information whilst a complaint is being investigated

Please note - We will inform you if the request will take longer than the permitted 30 days and provide an estimated date for completion.

Your right to complain to the Information Commissioner’s Office

If a policyholder is not satisfied with our use of their policyholder information, our response to any exercise of policyholder rights set out above, or if a policyholder believes us to be in breach of our data protection obligations, then such policyholder has the right to complain to the Information Commissioner’s Office here.

Revisions to this privacy notice

We may update this privacy policy from time-to-time.

Contact

Any person who has any questions about this privacy policy or our use of personal data, may contact us at the email address below

Pacific Life Re International Limited, UK Branch is registered as a UK establishment with number BR022755 and authorised and regulated by the PRA and FCA (FRN: 933671) with offices at Tower Bridge House, St Katharine’s Way, London E1W 1BA. Pacific Life Re International Limited is an exempted company limited by shares under the laws of Bermuda with registered number 55099 and is regulated by the Bermuda Monetary Authority and has its principal office at 5th Floor West, Point House, 6 Front Street Hamilton Bermuda HM 11

Our Data Protection Officer's contact details are: Email: dpo@pacificlifere.com.

Last updated May 2024