Privacy Notice

DATA PRIVACY

In accordance with Articles 13 and 14 of the European General Data Protection Regulation (“GDPR”) effective May 25, 2018, Everest has updated its Privacy Notice below to provide full transparency in the processing of personal data and advise you about your rights under the GDPR.

EVEREST PRIVACY NOTICE

Section 1 – Introduction

This notice is intended to explain how information about you ("Personal Data") will be handled by Everest through its subsidiaries and affiliates (the "Company", "we", "us" and "our") and on our behalf by our third party service providers.

For the purposes of this notice and data protection legislation, the Company is the controller of your Personal Data.

Section 2 – Where We Might Collect Your Personal Data From

Much of the information we hold will have been provided by you, but we may also collect your Personal Data from various other sources, including:

your representative through the policy application process;
your family members, employer or representative;
other (re)insurance market participants;
credit reference agencies;
if applicable, anti-fraud databases, sanctions lists, court judgments and other databases;
if applicable, government agencies; or
in the event of a claim, third parties including the other party to the claim (claimant/defendant), witnesses, experts (including medical experts), loss adjustors, lawyers, and claims handlers.

The categories of Personal Data we obtain from third parties may include background data, underwriting data, claims data, payment data and health data.

Section 3 – The Personal Data We May Collect About You

Please note that the below list of Personal Data we may collect about you, while intended to be as complete and accurate as reasonably possible, is not exhaustive and may be updated from time to time in accordance with Section 8 of this notice.

In order for us to provide (re)insurance quotes, (re)insurance policies, and/or deal with any claims or complaints, we need to collect and process personal data about you. We may collect and process some or all of the following personal data about you:

Background Data including Title, Gender, Name, Phone Number, Email Address, Home Address, Date of Birth, Marital Status, Government Identification Numbers – National Insurance, Social Security, Passport, Tax, Driver’s license etc., Emergency contact name and mobile/home number;

Family Information including Name of spouse/partner, Name of children, Date of birth in respect of spouse/partner/children, phone numbers;

Financial Data including Bank information, tax information, credit history and credit score;

Special Categories of Personal Data including data concerning your health and/or wellbeing (where appropriate).

Criminal Conviction data including Data relating to criminal convictions or offences (we will only collect this Personal Data from you when we are instructed by an official authority to do so or when we are authorised by EU or EU member state law to do so);

Claims Data including previous claims and previous policy numbers.

Section 4 – How & Why We Process Your Personal Data

The following details the legal bases for which and why we collect, obtain and process your Personal Data, and describes those with whom we may share your Personal Data with.

A. Necessary for Performance of a Contract

Legal Basis:	It is necessary to process your Personal Data to enter into and perform our contract of (re)insurance with you or handle (re)insurance claims involving you.
Purposes:	We may collect your Personal Data for the following purposes: Quotation/Inception Setting you up as a client, including possible fraud, sanctions, credit and anti-money laundering checks Evaluating the risks to be covered and matching to appropriate policy/premium Payment of premium where the (re)insured/policyholder is an individual Policy Administration Client care, including communicating with you and sending you updates Payments to and from individuals Claims Processing Managing insurance and reinsurance claims Defending or prosecuting legal claims Investigation or prosecuting of fraud Renewals Contacting you to renew the (re)insurance policy Evaluating the risks to be covered and matching to appropriate policy/premium Payment of premium where the (re)insured/policyholder is an individual
Recipients:	Brokers Managing General Agents Third Party Claim Administrators Company affiliates
IMPORTANT:	You are obliged to provide us with your Personal Data as it is necessary for the performance of our contract. Failure to do so could affect or delay the processing of claims or other obligations under a (re)insurance contract.

B. Compliance with a Legal Obligation

Legal Basis	It is necessary to process your Personal Data in order to comply with the legal obligations which apply to us as (re)insurance providers.
Purposes	To ensure compliance with regulatory obligations.
Recipients	Regulatory authorities Law enforcement agencies Public bodies Insurance providers

C. Legitimate Interests

Legal Basis	It is necessary for the purposes of our legitimate business interest to process your Personal Data. We therefore rely on this legal basis to collect and otherwise use your personal data.
Purposes	To facilitate corporate reorganisation and/or the acquisition or sale of some or all of the Company or the Company's assets in the event such is contemplated General risk modelling of the Company
Recipients	Prospective sellers or buyers of business assets.

D. To Defend a Legal Claim

Legal Basis	It is necessary for us to collect and process your Personal Data to investigate, establish, exercise or defend legal claims.
Purposes	To investigate, establish, exercise or defend a legal claim To assist the courts in acting in their judicial capacity.
Recipients	Legal advisers Regulatory authorities Law enforcement agencies

Section 5 – International Transfers

We may need to transfer your personal information to our affiliates, agents or contractors, which are located outside of the European Economic Area (the "EEA"). Those transfers would always be made in compliance with all applicable privacy requirements, including the GDPR.

In limited and necessary circumstances, your Personal Data may be transferred outside of the European Economic Area (the " EEA") to comply with our legal or contractual requirements.

We use Model Clauses to ensure the security of your Personal Data when we transfer your Personal Data outside the EEA. You can direct any queries you may have in relation to data transfers to: DataPrivacy@everestglobal.com

Section 6 – Retention of Your Personal Data

We will keep your Personal Data only for so long as is necessary and for the purpose for which it was collected. In particular, for so long as there is any possibility that either you or we may wish to bring a legal claim under this (re)insurance, or where we are required to keep your personal data due to EU or member state law.

Section 7 – Your Rights

You have a number of rights with regard to your Personal Data and the table below sets out the rights which you have to address any concerns or queries with us about our processing of your Personal Data.

You can exercise any of these rights by submitting a request to: DataPrivacy@everestglobal.com

Right of Access:	You have the right to request a copy of the Personal Data held by us about you and to access the following information in relation to the processing of your Personal Data: (1) the purposes of processing; (2) the categories of Personal Data concerned; (3) the recipients of your Personal Data; (4) the period for which your Personal Data will be stored; (5) the existence of your right to lodge a complaint with the Office of the Data Protection Commissioner; and (6) the source of your Personal Data; We will only charge you for making such an access request where we feel your request is unjustified or excessive.
Right of Rectification:	You have the right to request that we amend any inaccurate Personal Data that we have about you.
Right to Erasure:	You have the right to ask us to erase your Personal Data where: (1) it is no longer necessary to perform the contract; (2) you withdraw your consent and there is no other legal basis permitting us to process your Personal Data; (3) you object and we have no overriding legitimate grounds; (4) your Personal Data have been unlawfully processed; or (5) it must be erased to comply with a legal obligation. Please note that erasure may not be complete or immediate to the extent that some of your Personal Data is necessary for the performance of your contract of employment with the Company.
Right to Restriction of Processing:	You have the right to ask us to restrict processing your Personal Data in the following situations: (1) where you contest the accuracy of your Personal Data; (2) where the processing is unlawful and you do not want us to delete your Personal Data; (3) where we no longer need your Personal Data but you require the data in relation to a legal claim; or (4) where you have objected to us processing your Personal Data pending verification as to whether or not our legitimate interests override your interests or in connection with legal proceedings. When you exercise this right we may only store your Personal Data and not further process the data unless you consent or the processing is necessary in relation to a legal claim or to protect the rights of another person or legal person or for reasons of important public interest.
Right to Data Portability:	You may request us to provide you with your Personal Data which you have given us in a structured, commonly used and machine-readable format and you may request us to transmit your Personal Data directly to another data controller where this is technically feasible. This right only arises where: (1) we process your Personal Data with your consent or where it is necessary to perform our contract with you; and (2) the processing is carried out by automated means.
Right to Withdraw Consent:	If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
Right to Object:	You have a right to object at any time to the processing of your Personal Data where we process your Personal Data on the legal basis of pursuing our legitimate interests.

In certain circumstances where we are authorised to do so, we may need to restrict the above rights in order to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. to maintain legal privilege).

You have the right to lodge a complaint with Everest at DataPrivacy@everestglobal.com or with a data protection agency of your choice with regards to us processing your Personal Data.

For complaints involving Everest Reinsurance (Bermuda), Ltd. – UK Branch or Everest Advisors (UK), Ltd., you may contact the Information Commissioner’s Office:

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745
Fax: 01625 524 510

For complaints involving Everest Insurance (Ireland), dac or Everest Reinsurance Company (Ireland), dac, you may contact the Data Protection Commission:

Canal House,
Station Road,
Portarlington,
R32 AP23,
County Laois,
Ireland
Phone: +353 (0) 761 104 800;
LoCall: 1890 25 22 31;
email: info@dataprotection.ie
Website: www.dataprotection.ie

We may ask you to verify your identification where you exercise any of these rights.

Section 8 –Contact Details of Controller and Changes to this Notice

If you have any concerns as to how your data is processed you can contact: DataPrivacy@everestglobal.com

If we amend this notice, in whole or part, at our sole discretion, any changes will be effective upon the date set out on the updated notice as will be reasonably notified to you.