PCU GDPR Privacy Notice
This notice is for people who are located in the European Economic Area (“EEA”) and supplements our general Privacy Statement. Our processing of personal data of people who are in the EEA is governed by the General Data Protection Regulation (the “GDPR”), which applies from May 25, 2018. The GDPR requires us to provide certain information to you about your personal data, which we refer to in this notice as your personal information.
The data controller for this website is the PCU Compliance Team. For our contact information, see the section in our general Privacy Statement headed “How to Contact Us”.
Purposes of the processing
Personal information gathered through cookies is used for the purposes described in our Cookies Notice. Other than information described in our Cookies Notice, the only information collected through our website is personal information provided voluntarily by visitors for the purpose of receiving additional information or registering for a service or event. The personal information visitors may enter through our subscriptions page is used only to provide them with communications in specialty areas they select. When visitors register via our website for one of our events (including webinars and events hosted at our offices), we use the personal information they have provided solely for purposes of contacting them about the event, and to let them know about future events if they have indicated that they would like to receive that information. [We use the information provided by our visitors solely to respond to and process their requests.]
Lawful basis for the processing
Generally, we process personal information provided by visitors through our website on the basis of consent.
We may also process personal information on other bases permitted by the GDPR and applicable laws, such as when the processing is necessary for us to comply with our legal obligations.
Categories of personal information
We process the following information when provided voluntarily by our website visitors: name, email address, postal address and/or country, and telephone number. We also process automatically-gathered information as described in our Cookies Notice.
Recipients of your personal information
We use various service providers to manage our website and provide services such as event registration or managing e-mail communications. Our service providers change from time to time. Note that our service providers have entered into contracts with us that restrict what they can do with your personal information. If you would like specific information about our service providers who have received your information, please contact us at email@example.com and we will provide that information to you.
Information regarding the transfers of personal data outside of the European Economic Area (EEA)
Point Comfort Underwriter’s main administrative offices are based in the USA and that’s where we process personal information collected through our website. When you provide personal information to us, we request your consent to transfer that personal information to the USA. The USA does not have an adequacy decision from the European Commission, which means that the Commission has not determined that the laws of the USA provide adequate protection for personal information. Although the laws of the USA do not provide legal protection that is equivalent to EU data protection laws, we safeguard your personal information by treating it in accordance with this GDPR Privacy Notice. We take appropriate steps to protect your privacy and implement reasonable security measures to protect your personal information in storage. We use secure transmission methods to collect personal data through our website. We also enter into contracts with our data processors that require them to treat personal information in a manner that is consistent with this Notice.
Retention period for personal information
How long we retain personal information varies according to the type of information in question and the purpose for which it is used. We delete personal information within a reasonable period after we no longer need to use it for the purpose for which it was collected (or for any subsequent purpose that is compatible with the original purpose). This does not affect your right to request that we delete your personal data before the end of its retention period. We
may archive personal data (which means storing it in inactive files) for a certain period prior to its final deletion, as part of our ordinary business continuity procedures.
Your rights to access, correct, restrict or delete your personal data and object to processing
You have the right to request access to your personal data, to have your personal data corrected, restricted or deleted, and to object to our processing of your personal data. You also have the right of data portability, which means that you can request that we provide you (or a third party you designate) with a transferable copy of personal information that you have provided to us. Your rights may be subject to various limitations under the GDPR. If you wish to exercise any of these rights, or if you have any concerns about our processing of your personal data, please contact us in any of the ways listed in the section “How to Contact Us” in our general Privacy Notice.
The right to lodge a complaint with a supervisory authority
You have the right to file a complaint concerning our processing of your personal data with your national (or in some countries, regional) data protection authority. The EU Commission has a list here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
Absence of statutory or contractual requirement or other obligation to provide any personal data
Users of our website are under no statutory or contractual requirement or other obligation to provide personal information to us via our website.