Effective date: 7 August 2024
1 Introduction
This notice describes how Lloyd’s, as a data controller, collects, uses, shares and retains the personal information you provide, and informs you about your choices regarding use, access and correction of your personal information.
Lloyd’s is committed to ensuring that any personal data it receives is protected and handled in accordance with applicable data protection laws.
For the purposes of this Privacy Notice, references to “we,” “us” or “our” shall refer to Lloyd’s.
About the Dive-In Festival: Dive-In is a global movement in the insurance sector to support the development of inclusive workplace cultures. Its mission is to enable people to achieve their potential by raising awareness of the business case and promoting positive action for diversity in all its forms. Since its birth in 2015, Dive In has grown exponentially, reaching global heights with events taking place across 41 countries world-wide, attracting more than 30,000 people. Dive-In promotes year-round best practice in diversity and inclusion with tools and advice that culminate in an annual three-day festival in September. Events are hosted in insurance firms of all types and sizes, all around the world.
This privacy notice also applies to our reverse mentoring scheme as well as our new outreach initiative; Dive-In to Insurance. Both initiatives have been developed to further develop inclusion within the insurance sector.
2 Who we are
The Society of Lloyd’s (Lloyd’s) is incorporated by the Lloyd’s Acts 1871 to 1982, and our principal place of business is at One Lime Street, London EC3M 7HA.
3 What personal information we process about you
The personal information we hold is restricted to your name, job title, business email, country and, on occasions, dietary requirements.
During your registration, you may decide to provide us with optional Diversity and Inclusion information of which we may use to conduct research but only after we have removed any identifying characteristics
Please note that on occasions:
- photography may take place, and videos recorded, during an event;
- your details may be made available to other attendees in a guest list or similar.
4 Why we collect your personal information and the lawful basis for processing
Your personal details will be processed to support the communication and management of the Lloyd’s run Dive-In Festival events. The lawful basis which allows us to process your data is our legitimate interests as it is in the legitimate interests of Lloyd's to carry out this type of event, including training sessions, seminars and "meet the market” workshops, to members of the Lloyd's market and other individuals in the insurance sector to help facilitate our reverse mentoring scheme and other miscellaneous reasons related to the management of the festival.
If, at the event, we plan to record videos or take photos of you individually or of you in small groups, we will ask for your consent. We will also notify you at the event about the photography and video recording taking place. Also, for promotional purposes, we may publish these recordings on our Lloyds.com website and related social media sites.
If you for any reason do not wish to be included in any footage, please inform us at the time and we will try to exclude an image or recording of you if possible.
5 Who we are sharing your data with
For general business administration, efficiency and accuracy purposes your personal information might be shared with Lloyd’s offices (including overseas subsidiaries) connected with the event, and for event management purposes.
To help manage our events, we may share your personal information with third party service providers such as IT software suppliers, event organisers and others who are co-hosting or sponsoring the event. We require all our service providers to respect the confidentiality and security of personal data. With your consent, we may share your personal data with our event partners to provide you with a monthly newsletter and other related Diversity & Inclusion communications we think you may be interested in. You can opt in to receive these messages by selecting the tick box on the festival registration page and you can change your mind at any time by unsubscribing either through the link in the email containing the newsletter, or by contacting us at Diveinfestival@lloyds.com
Third party service provider | Service provided | Relevant Locations/ Transfers |
Push Far | Mentoring platform | UK |
Cvent | Registration and streaming site | Global |
We may be under legal or regulatory obligations to share your personal data with courts, regulators and law enforcement bodies.
6 How long we keep your data
We will retain your personal information for as long as is reasonably necessary to fulfil the relevant purposes set out in this Privacy Notice The retention period will primarily be determined by relevant legal and regulatory obligation and/or duration of our business relationship with you, your employer or another associated party.
We maintain and update regularly our data retention policy with a detailed retention schedule. We will securely delete or erase your personal data if there is no valid business or regulatory reason for retaining your data. In exceptional circumstances, we may retain your personal data for longer periods of time if we reasonably believe there is a prospect of litigation, in the event of any complaints, or there is another valid business reason the data will be needed in the future.
7 International transfers
If you are based in a country outside of the European Union, we will share your personal information with our local third-party event leads, who may contact you for the purposes of event coordination.
If you are based in the European Union or UK, we may need to share your personal information with Lloyd’s subsidiaries who may be based outside of the European Union. We may also allow our service providers, who may also be located outside the EU, access to your personal information. In addition, we may also make other disclosures of your personal information overseas, for example if we receive a legal or regulatory request from a foreign law enforcement body.
We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests:
- We will only transfer your personal information to countries which are recognised as providing an adequate level of legal protection, or where we can be satisfied that alternative arrangements are in place to protect your privacy rights.
- Transfers to Lloyd’s overseas offices will be covered by standard contractual clauses, adopted by the European Commission which gives specific contractual protections designed to ensure that your personal information receives an adequate and consistent level of protection.
- Transfers to service providers and other third parties will always be protected by contractual commitments and where appropriate further assurances.
- Any requests for information we receive from law enforcement or regulators is carefully checked before personal information is disclosed.
Information relating to the safeguards in place for all international transfers can be obtained by writing to the DPO, whose details can be found in Section 9.
8 Your rights
You have certain rights as an individual which you can exercise in relation to the information we hold about you. If you make a request to exercise any of your rights we reserve the right to ask you for a proof of your identity. We aim to acknowledge your request as soon as possible and will address your query within one month from your request.
You have the following rights:
The right to access
You are entitled to a confirmation whether we are processing your data, a copy of your data, and information about purposes of processing, who do we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, where we got your data from and how you can make a complaint.
The right to rectification
If you believe the personal information we hold about you is inaccurate or incomplete you can request for it to be rectified.
The right to erasure
If you withdraw your consent, terminate a contract with us or you believe the personal information is no longer necessary for the purposes for which it was collected, you may request your data to be deleted. However, this will need to be balanced against other factors, for example there may be certain regulatory obligations which mean we cannot comply with your request.
The right to restriction of processing
You can ask us to restrict (i.e. keep but not use) your personal data, but only where:
- Its accuracy is contested, to allow us to verify its accuracy; or
- The processing is unlawful, but you do not want it erased; or
- It is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- You have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal data following a request for restriction, where we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.
The right to data portability
If we collected your information under a contract or your consent, you can request from us to transfer your personal information to provide it to another third party of your choice.
The right to object
You have the right to object at any time to processing of your personal data where processing is necessary for the performance of a task carried out in the public interest, or in the exercise of an official authority vested in the controller. You may also object where the processing is necessary for the purposes of the legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms, in particular where you are a child.
The right to withdraw consent
If we processed your personal information under your consent, you can withdraw it any time.
We do not have to comply with a request where it would adversely affect the rights and freedoms of other individuals.
9 Contact details of the Data Protection Officer
If you have any questions relating to data protection that you believe we will be able to answer, please contact our Data Protection Officer:
Data Protection Officer
Lloyd’s
1 Lime Street
EC3M 7HA, London
Email: data.protection@lloyds.com
10 Complaints
If you are not satisfied with our response or believe we are not processing your personal data in accordance with legal requirements you can make a complaint to relevant Data Protection Authority. Our Lead Authority within the European Union is the UK Information Commissioner’s Office.