Gallagher is the brand name for companies forming part of Arthur J. Gallagher & Co., and its affiliates and subsidiaries (collectively, "we," "our," "us," or "Gallagher").
This Privacy Notice describes how we may collect and process personal information in relation to the services we offer as well as your access to and use of our websites, apps and/or portals. If you would like to receive a copy of this Privacy Notice in your local language, please email GC_generalinfo@ajg.com or GC_Compliance@ajg.com.
This Privacy Notice applies to Gallagher and all of its affiliates and subsidiaries (collectively, "we," "our," "us," or "Gallagher").
In this Privacy Notice we identify the personal data that we may collect about you and how we may use that data. This Privacy Notice applies to any personal data you provide to Gallagher and any personal data we may collect from other sources, unless you are provided a more specific privacy statement at the time of data collection. This Privacy Notice does not apply to any third-party sites linked to Gallagher's websites or any websites that have their own privacy notice. If you provide personal data to us about other people, you must provide them with a copy of this Privacy Notice and obtain any consent required for the processing of that person's data.
The following sections will guide you through our practices for the collection, usage and disclosure of your personal data:
- Who we are
- How we process your personal data
- How we protect your personal data
- How we protect your personal data when sending it abroad
- Marketing activities
- Profiling and automated decision making
- How long we keep your personal data
- Your personal data rights
- Contact us
- Updates to this Privacy Notice
Please refer to your applicable country section below for additional information.
1. Who we are
We a global professional services company providing a range of insurance brokerage, risk management, consulting and related services through its various affiliates and subsidiaries.
2. How we process your personal data
2.1 Individuals in scope of this Privacy Notice
This Privacy Notice provides information for those individuals whose personal data we process, including:
- Business contacts such as brokers, (re)insurers, loss adjusters, experts instructed in relation to claims, service providers, suppliers, professional advisors, conference attendees, visitors to our offices, government officials and authorities
- Customers such as those in respect of insurance policies we place as part of our core insurance business activities (e.g., parties covered under the policies, potential beneficiaries of the policies, claimants and other parties involved in claims in respect of the policies) and any other customers in relation to our various service offerings
- Users of our websites, portals and apps
- Other individuals such as those requesting marketing information, making general inquiries, entering competitions or promotions, or whose images we use in marketing or are captured on CCTV
2.2 How we collect your personal data
We may collect your personal data in a number of ways, which vary based on how you interact with us. The following summarizes our various collection points:
- Directly from you or your authorized representative such as when you provide your personal data to us, including from any of our websites, portals, apps, surveys, live events, employment inquires, market research, and other direct communications and/or solicitations
- From our clients such as commercial clients, (re)insurers, network partners and third-party service providers
- Publicly available sources such as social media platforms, property and assets registers, and claims and convictions records
- Gallagher affiliate companies
- Government authorities such as police and regulators
- Background checks and screening tools such as insurance industry fraud prevention and detection databases, credit agencies and sanctions screening tools
- Other third parties
2.3 Personal data we collect
We may collect the following types of personal data depending on the purpose of your interaction with us:
- Basic personal and demographic information such as your name, date of birth, age, gender, marital status, and race
- Contact information such as your address, telephone number and email address
- Unique identifiers such as identification numbers issued by government bodies or agencies (e.g., your national identifier number or social security number, passport number, ID number, tax identification number, driver's license number)
- Employment information such as your job title, employer, employment status, salary information, employment benefits, employment history and professional certifications
- Financial information such as your bank account numbers, credit card numbers, brokerage account numbers, transaction information, tax information, details of your income, property, assets, investments, pension and benefits, debts, and creditworthiness
- Policy information such as your policy number, policy start and end dates, premiums, individual terms, claims history and claims data, mid-term adjustments, reasons for cancellation and risk profile
- Commercial information such as records of your personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
- Events or meeting information such as details about your visits to our offices (including CCTV), your interest in and attendance at events or meetings, audio recordings, photographs or videos captured during meetings or calls with you
- Special category data such as data relating to your health, genetic or biometric data, sex life, sexual orientation, gender identity, racial or ethnic origin, political opinions, religious or philosophical beliefs and trade union membership
- Criminal records information such as criminal charges or convictions, including driving offences, or confirmation of clean criminal records
- Professional disciplinary information
- Personal information received from background checks and sanctions screenings
- Marketing information such as your consent to or opt out from receiving marketing communications from us and/or third parties and your marketing preferences
- Website and communication usage information such as username, password, information collected by visiting our websites or collected through cookies and other tracking technologies including your IP address, domain name, your browser version and operating system, traffic data, location data, browsing time, social media information such as interactions with our social media presence
2.4 How we use your personal data
Depending on the purpose of your interaction with us, we may use your personal data to:
- Perform services for you or our clients
- Provide the services and fulfill our contractual obligations, including providing services which you may not have personally requested but were requested by our client(s) and require us to interact, directly or indirectly, with you
- Facilitate and enable placement of policies or services for our clients and to assist in the ongoing management of such policies or services, including premium management, renewals, adjustments, cancellations and claims management
- Advise our clients on the management of their business risks, affairs and insurance arrangements and administer claims
- Manage our business operations
- Enter into business relationships and perform due diligence and background checks such as fraud, trade sanctions screening, credit and anti-money laundering checks
- Create, maintain, customize and secure your account with us
- Maintain accounting records, analyze financial results, comply with internal audit requirements, receive professional advice, apply for and make claims on our own insurance policies
- Conduct data analytics, surveys, benchmarking, and risk modelling to understand risk exposures and experience, for purposes of creating anonymised (de-identified and aggregate) industry or sector-wide reports, to share within Gallagher's group of companies and third parties
- Communicate and market to you
- Communicate with you regarding your account or changes to our policies, terms and conditions, respond to any inquiries you may have, and send you invitations for events or meetings
- Advertise, market and promote our services, including by email, post or telephone; send you newsletters, offers or other information we think may interest you; and offer and administer promotions
- Monitor usage of our website and personalize your website or app experience and the marketing messages we send you to deliver content, product and service offerings relevant to your interests, including targeted offers and ads through our website, third-party sites, and via email or text message (with your consent, where required by law)
- Comply with legal obligations
- Comply with national security or law enforcement requirements, discovery requests, or where otherwise required or permitted by applicable laws, court orders, government regulations, or regulatory authorities
- Exercise and defend ours, yours or third parties' legal rights
- Monitor and prevent fraud or wrongdoing
- Maintain the safety, security, quality, and integrity of our products, services, and systems to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and debug or identify and repair errors that impair existing intended functionality
- Monitor the safety and security of our premises, employees and visitors
- Improve our services
- Develop, enhance, expand or modify our services through research and development
- Monitor, review, assess and improve our technology systems, including any websites, apps, portals, and social media platforms
- Improve quality, training and security (for example, with respect to recorded calls)
- Mergers and acquisitions
- Facilitate commercial transactions, including a reorganization, merger, sale of all or a portion of our assets, a joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings). Should such a sale or transfer occur, we will use reasonable efforts to ensure the entity to which we transfer your personal data uses it in a manner consistent with this Privacy Notice.
If we intend to use your personal data for any other purpose not described in this Privacy Notice or which is not compatible with the purpose for which it was collected, we will contact you and let you know of that purpose, which may include the need to satisfy our legal and regulatory obligations. Where we require your consent to the processing, we will request it in advance.
2.5 Legal basis for processing personal data
Local law and regulation may require us to have a legal basis to process your personal data. In most cases our legal basis for processing your personal data will be one of the following:
- Legitimate Business Interest, such as seeking to and entering into or performing our contractual duties, maintaining our business records, keeping records of insurance policies we place, and analyzing and improving our business model and services. When using your personal data for these purposes, we ensure our business need does not conflict with the rights afforded to you under applicable laws.
- For the performance of a contract with you or in order to take steps at your request prior to entering into that contract.
- Compliance with legal obligations.
- Fraud detection or prevention.
- Consent, such as when we have to obtain your consent to process your personal data.
When we process sensitive personal data, sometimes referred to as special category data, our legal basis will be one of the following:
- As required to establish, exercise or defend legal claims.
- As necessary for insurance operations when it is in the substantial public interest, where applicable under local data protection laws.
- You have given us your explicit consent--where we receive sensitive person data or special category data indirectly, the third party is responsible for obtaining your explicit consent to enable us to collect and use your data for the purposes described in this Privacy Notice.
2.6 Who we share your personal data with
We may share your personal data for the purposes of your interaction with us and as described in this Privacy Notice within Gallagher's group of companies, such as for the provision of our services, general business operations, marketing, data analytics, surveys, benchmarking, and compliance with applicable laws.
We may also share your personal data for the purpose of your interaction with us or for any of the purposes described in this Privacy Notice with the following third parties:
- Professional Advisors such as underwriters, actuaries, claims handlers and investigators, surveyors, loss adjustors/assessors, accident investigators, specialist risk advisors, pension providers, banks and other lenders (including premium finance providers), health professionals, lawyers, accountants, auditors, tax advisors, consultants
- Business partners such as customers, (re)insurance companies, brokers, other insurance intermediaries, claims handlers or other companies who act as insurance distributors
- Providers of insurance broking platforms
- Service providers such as IT software, security and cloud suppliers, finance and payment providers, marketing agencies, external venue providers, document management providers, telephony providers, debt collection agencies, background check and credit reference agencies
- Fraud detection agencies who operate and maintain fraud detection registers
- Industry bodies
- Insurers who provide our own insurance
- Regulators and law enforcement agencies such as police, judicial bodies, governments, quasi-governmental authorities
- Asset purchasers such as those who may purchase or to whom we may transfer, our assets and business
When we share personal data with third parties, we require those third parties (where applicable) to maintain a comparable level of protection of personal data as set out in this Privacy Notice by the use of contractual requirements or other means. On request and where required by law, we will confirm the name of each third party to which your personal data has, or will be, transferred. To the fullest extent permitted by applicable law, we disclaim all liability for the use of your personal data by third parties.
Our website, apps and portals are not intended for children, and we do knowingly collect, use, or disclose information of children under the age of 13 without the consent of their parents or legal guardians. In the event that we learn that we have inadvertently collected personal information from a child under the age of 13, we will delete that information as quickly as possible.
3. How we protect your personal data
We use a range of organizational and technical security measures to protect your personal data, including the following:
- Restricted access to those who need to know for the purposes set out in our underlying agreement or this Privacy Notice
- Firewalls to block unauthorized traffic to the servers
- Physical servers located in secure locations and accessible only by authorized personnel
- Internal procedures governing the storage, access and disclosure of your personal data
- Additional safeguards as may be required by applicable laws in the jurisdictions where we process your personal data
Please note that where we have given you (or you have chosen) a password, you are responsible for keeping the password confidential. Please do not share your password with anyone.
4. How we protect your personal data when sending it internationally
We operate as a global business and from time to time may need to transmit your personal data across borders, including within Gallagher's group of companies and to certain third parties, including our partners and service providers. This sharing allows us to provide you services as set out in our underlying agreement or as otherwise indicated in this Privacy Notice. The laws that apply to the country where the data is transferred may not be equivalent to that in your local jurisdiction (or in the jurisdiction in which we provide the services). Transfers of personal data will be subject to appropriate safeguards to ensure an adequate level of protection and compliance with applicable law. Please contact us using the details provided under the Contact Us section if you would like further information regarding the steps we take to protect your personal data when sending it internationally.
5. Marketing activities
From time to time, we may provide you with information about our products or services or those of our partners that we think will be of interest to you. We may send you this information by email, LinkedIn, SMS, text, post or we may contact you by telephone. We may also share your personal data with other Gallagher group companies so that they can provide you with information about their products and services we believe will be of interest to you. We ensure that our marketing activities comply with all applicable legal requirements. In some cases, this may mean that we ask for your consent in advance of sending you marketing materials.
You can opt out of receiving marketing communications from us at any time. For example, you can click on the "unsubscribe" link in our marketing emails to unsubscribe from those emails. Alternatively, please contact us using the details provided under the Contact Us section. In such circumstances, we will continue to send you service-related communications where necessary.
6. Profiling and automated decision making
Insurance market participants benchmark insured, beneficiary and claimant attributes and risk factors, and insured event likelihoods in order to determine insurance limits, insurance premiums and fraud patterns. This means that we may compile and analyze data in respect of insureds, beneficiaries and claimants to model such likelihoods. In doing so, we may use personal and commercial data in order to create the models and/or match that data against the models (profiling) to determine both the risk and the premium price based on similar exposures and risks. We also use this information to help us advise insurance companies about the typical levels of insurance coverage that our clients may have in place.
We will only make automated decisions about you where:
- Such decisions are necessary for entering into a contract (e.g. we may decide not to offer services to you, the types or amount of services that are suitable for you, or how much to charge you for services based on your credit history or financial or related information we have collected about you;
- Such decisions are required or authorized by law (e.g. fraud prevention purposes); or
- You give your consent for us to carry out automated decision-making.
These automated decisions may have a legal or similar effect on you, namely, your eligibility for or access to products or services.
We may also make automated decisions based on your personal data or browsing history to send you personalized offers, discounts or recommendations, subject to any applicable local laws and regulations. These automated decisions will not have legal or similar effects for you.
Subject to local laws and regulations, you can contact us to request further information about our automated decision-making, object to our use of automated decision-making, or request that an automated decision be reviewed by a human being.
7. How long we keep your personal data
We keep your personal data for as long as reasonably necessary to fulfill the purposes set out in this Privacy Notice based on business needs and legal requirements. When we no longer need your personal data, we de-identify or aggregate the data (in which case we may retain this de-identified or aggregated data for analytics purposes) or securely destroy it. Please note that de-identified or aggregated data is not treated as personal data under this Privacy Notice.
We have a detailed retention policy that governs how long we hold different types of information. Please contact us using the details provided under the Contact Us section for further information regarding how long we keep your personal data.
8. Your personal data rights
Based on the jurisdiction in which you reside, and subject to permitted exemptions, you may have certain rights in relation to your personal data. We are committed to respecting your personal data rights arising from applicable data protection laws and have listed some of the common rights below. Some jurisdictions offer additional rights and require us to provide contact details of local data protection authorities. Please refer to your country-specific sections for additional information.
You can exercise your rights by contacting us using the details provided in the Contact Us section. We will usually not charge you for processing these requests. There may be cases where we are unable to comply with your request (e.g. via a permitted exemption or where the request would conflict with our obligation to comply with other legal requirements). We will tell you the reason if we cannot comply with your request and we will always respond to any request you make.
We encourage you to contact us if you have any concerns with how we use your personal data and we will do our best to resolve your concerns. However, you may have a right to complain to a local data protection authority if you believe that any use of your personal data by us is in breach of data protection laws and/or regulations. Such action by you will not affect any other legal rights or remedies that you may have.
Your right to access
You are entitled to a copy of the personal data we hold about you and certain details of how we use it.
Your right to correction
We take reasonable steps to ensure that information we hold about you is accurate and complete. However, you can ask us to amend or update your personal data if you believe this is not the case.
Your right to erasure (be forgotten)
You have the right to ask us to erase your personal data in certain circumstances (e.g., where you withdraw your consent or where the personal data we collected is no longer necessary for the original purpose). This request will be balanced against other factors (e.g. our legitimate need to retain the personal data, such as for our compliance with regulatory and/or legal obligations).
Your right to restriction of processing
In certain circumstances, you are entitled to ask us to stop processing your personal data (e.g., where you think that we no longer need to use your personal data or where you think that the personal data we hold about you may be inaccurate).
Your right to data portability
You have the right, under certain circumstances, to ask that we transfer personal data that you have provided to us directly back to you or to another third party of your choice.
Your right to object to processing, including marketing
You have the right to object to your personal data being processed where we rely on legitimate interest as a legal ground to process your personal data and we cannot demonstrate overriding compelling legitimate grounds of our own. You can ask us to stop sending you marketing messages at any time. You can do this by clicking on the "unsubscribe" link in our marketing emails or by contacting us directly by using the details set out in the Contact Us section. If you opt out of receiving marketing messages, we may still send you service-related communications where necessary.
Your right to object to automated decision-making
You can ask us to review the decision if you have been subject to an automated decision using your personal data.
Your right to withdraw consent
If we ask for your consent for certain uses of your personal data then you have the right to withdraw your consent to further use of your personal data.
Your right to lodge a complaint with the data protection authority
You have a right to complain to the applicable regulatory authority if you believe that any use of your personal data by us is in breach of applicable data protection laws and/or regulations.
9. Contact us
Please contact us if you have any questions about how we collect and process your personal data. You may contact us by writing to GC_generalinfo@ajg.com or GC_compliance@ajg.com. Please note the following person responsible for the protection of personal data within Gallagher:
Data Protection Officer
10. Updates to this Privacy Notice
We may update this Privacy Notice from time to time. When we make updates, we will post the current version on our website and will revise the version date located at the beginning of the Privacy Notice. We encourage you to review this Privacy Notice periodically so that you will be aware of our current privacy practices.
Country specific privacy information
In certain countries where we have a registered legal entity, we are required to provide privacy information specific to the laws and regulations of the jurisdiction. In this section, we provide country specific information including, where applicable, the legal entities responsible for processing your personal data, the personal data rights available to you and data protection authority contact information.