General Data Privacy Notice
Legal framework for protecting your personal data
This data privacy notice is written to comply with the European Union General Data Protection Regulation (GDPR). GDPR gives control to citizens and residents over their personal data.
Data Controller
• Name: TheJudgeLimited (“TheJudge”)
• Phone: +44 (0)207 283 4646
• Email: matthew.amey@thejudgeglobal.com
• Address: 90 Fenchurch Street London EC3M 4ST United Kingdom
Data Protection Officer
• Email: matthew.amey@thejudgeglobal.com
• Address: 90 Fenchurch Street London EC3M 4ST United Kingdom
For TJ Versicherungsmakler GmbH (Germany)
Data Controller
• Name: TJ Versicherungsmakler GmbH
• Phone: +49 40 2000 322 20
• Email: tomas.schmidt@thejudgeglobal.com
• Address: Neumühlen 15, 22763 Hamburg (Germany)
Data Protection Officer
• Email: tomas.schmidt@thejudgeglobal.com
• Address: Neumühlen 15, 22763 Hamburg (Germany)
Data Controller’s Lines of Business
TheJudge is the data controller for all lines of businesses under ownership or management.
How data is used
TheJudge may process personal information as part of its financial services businesses: underwriting, reinsurance, legal services, loss prevention, document processing, finance, marketing, contract review, risk management and employment.
Personal data profile categories processed
TheJudge maintains personal data for:
- Subjects of claims, investigations, proceedings etc.
- Advisers, consultants and other professional experts
- Business associates, other professional bodies, advisers
- Business contacts
- Complainants and enquirers
- Customers and clients
- Employees
- Employers and employees of other organisations
- Members and beneficiaries
- Offenders and suspected offenders
- Relatives, guardians
- Shareholders
- Suppliers and services providers
- Subjects of claims, investigations, proceedings and other claim related profiles
- Trustees
- Witnesses
Automated decision making
TheJudge does not use automated decision making.
The legal bases we use for lawful processing
In order forTheJudge to conduct business and fulfil its legal, regulatory and contractual obligations, it needs to perform legitimate and fundamental processing. These are:
1. Establishing contracts
2. Maintaining contracts
3. Provision of all contracted services
4. Invoicing, remittance, payments, collections
5. Non-promotional communications
6. Marketing and other promotional communications
7. Risk management contract review
8. Response to Subject Access Requests
9. Performance measurement
10. IT support services
11. Business Continuity Planning
12. Legal and regulatory obligations
13. Responding to enquiries, requests and complaints
14. Employment processing
The categories of people who will access or receive the data
TheJudge sometimes needs to share the personal information it processes with individuals themselves and also with other organisations. Below is a description of the types of organisations with which TheJudgemay need to share some of the personal information it processes.
1. Agents and brokers
2. Business associates, other professional bodies, advisers
3. Central / local government
4. Claimants, beneficiaries, assignees and payees
5. Claims investigators
6. Complainants, enquirers
7. Courts and tribunals
8. Credit reference, debt collection and tracing agencies
9. Current, past and prospective employers
10. Customers and clients
11. Data processors
12. Debt collection and tracing agencies
13. Education and examining bodies
14. Employment and recruitment agencies
15. Family, associates and representatives of the person whose personal data we are processing
16. Financial organisations and advisers
17. Healthcare professionals, social and welfare organisations
18. Law enforcement and prosecuting authorities
19. Ombudsman and regulatory authorities
20. Other companies in the same group
21. Pension schemes
22. Police forces
23. Private investigators
24. Professional advisers
25. Share Administrators
26. Suppliers and services providers
27. Survey and research organisations
28. Trade associations, professional bodies, employer associations
The countries where data will be stored, processed and transferred
Your personal data collected by TheJudge may be stored and processed in the United Kingdom or any other country in whichTheJudge or associated third parties maintain facilities.
Should TheJudge need to transfer your personal data, TheJudge will take all reasonable measures to safeguard the transfer of your personal data to third parties in a manner that complies with the GDPR.
How long the data will be retained
Retention of specific records may be necessary for one or more of the following reasons:
1. To fulfil statutory or other regulatory requirements.
2. To evidence events/agreements in case of disputes.
3. To meet our operational needs.
4. To meet any historical purposes.
Personal data that is collected and subsequently never used for any business purpose will be reviewed and may be destroyed at TheJudge’s discretion.
What happens if the data isn’t collected
Your personal data is required for communication and setting up a contractual agreement to provide products and services. Without this data TheJudge will not be able to communicate with you or enter into a contractual agreement with you. This includes both business and employment contracts.
TheJudge needs personal data to:
1. enable consensual bilateral communications;
2. engage in pre-contractual activities;
3. honour contractual obligations; and
4. enable it to employ people.
Without this data, TheJudge will not be able to perform these four primary activities.
The right to withdraw consent
In situations where TheJudge requests and receives your consent to perform processing, we are also obliged to stop such processing if you decide to withdraw your consent. Withdrawing consent is as straightforward as giving consent. Withdrawing consent cannot be back-dated so it has no effect on processing already performed during the period of consent
The right to access, change, delete, restrict, object, request a copy
You have rights regarding the personal data we store on your behalf. These are:
1. access to a copy of your personal data;
2. object to processing that you object to;
3. stop receiving direct marketing material;
4. object to decisions being taken by automated means;
5. have inaccurate personal data rectified, blocked, erased or destroyed;
6. lodge a complaint with the Information Commissioner’s Office;
7. claim compensation for damages caused by a breach of the GDPR.
Should you ever wish to exercise any of these rights, please contact the Data Protection Officer.
The right to complain to the regulator
You have the right to lodge a complaint with the Information Commissioner’s Office if you think that your personal data has been inappropriately used.