Insly Limited (“we” or “us”) are committed to protecting and respecting your privacy.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us and your choices regarding the personal data we may hold about you. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
The privacy policy is based on European Union’s General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter “GDPR”).
By visiting www.insly.com you are accepting and consenting to the practices described in this policy.
Customer means person or his or her representative who uses Insly Software or services.
Visitor means person visiting the Website.
Personal Data means any information related to an identified or identifiable natural person.
Client Data means any data Customer inserts, uploads or otherwise stores in the Software.
“we” or “us” means Insly (Insly Ltd, Companies House number 09139615, locations Salisbury House, London Wall, London EC2M 5QZ).
Website means Insly Website www.insly.com.
Software means integrated cloud computing solution www.insly.com for administrating insurance proposals, policies and related documents, including applications, software, hardware, Personal Data bases, interfaces, associated media, documentation, updates, new releases, and other components or materials provided therewith.
Services means services offered by Insly related to the use of the Software.
Licence means Legal Agreement between Customer and Insly for use of the Software and Services.
All Terms given in the singular are also applicable in the plural.
We may collect and process the following data about you:
3.1 Information you give us. You may give us information about you by filling in forms on our Website or any sub-domain thereof, including, but not limited to, signup.insly.com, login.insly.com and clientname.insly.com (our site), or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our site, subscribe to our Services, use our Software and when you report a problem with our site. The information you give us may include your name, address, e-mail address, phone number, and financial and credit card information.
3.2 Information we collect about you. With regard to each of your visits to the Website we may automatically collect the following information:
3.2.1 technical information, including the Internet Protocol (IP) address used to connect to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
3.2.2 information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
3.3 Information from other sources (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies).
3.4 Information collected by Customers. A Customer may insert, upload or otherwise store Client Data, which may contain Personal Data, in the Software. Insly has no direct relationship with the individuals whose Personal Data is hosted in the Software as part of Client Data. Each Customer is responsible for providing notice to its customers and third persons concerning the purpose for which Customer collects their Personal Data and how this Personal Data is processed in or through the Software as part of Client Data.
We use the information that we collect in a variety of ways in providing our Services and operating our business, including the following:
4.1 Provision of Services
4.1.1 We use the information, with the exception of Client Data, to operate, maintain, enhance and provide you with all aspects of the Software and Services, to carry out our obligations under the Licence and to provide you with the information, products and services that you request from us.
4.1.2 We process Client Data only at the request of the Customer and in accordance with the directions provided by the Customer who owns the respective Client Data.
4.2 Improvements of Services
We may use the information for administering our Website, analyzing the preferences of Customers and Visitors and for improving our Software, Services and Website, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
4.3 Communications
4.3.1 We may use Personal Data (e.g. email or phone number) to contact you for administrative purposes, such as customer service (e.g. responding to customer queries), sending service notices (such as information about Software changes, maintenance, new features, etc.) or informing about contractual rights and obligations.
4.3.2 We may also contact you with updates on promotions or events related to our Software, Services or to the services offered by our partners. You have the right to opt out from receiving any promotional communications, see “IX Your choices“.
4.4 Cookies
Our site uses cookies. A cookie is a small file of letters and numbers that we put on your computer if you agree. These cookies allow us to distinguish you from other users of our Website, which helps us to provide you with a good experience when you browse our site and also allows us to improve our site. The cookies we use are “analytical” cookies. They allow us to recognise and count the number of Visitors and to see how Visitors move around the site when they are using it. This helps us to improve the way our site works, for example by ensuring that Visitors can easily find what they are looking for.
5.1 Privacy and the protection of Personal Data is of the upmost importance to us and we ensure the security of Personal Data in accordance with existing legislation (e.g. GDPR) and good business practice.
5.2 Measures used to ensure the protection of Personal Data include, but are not limited to: organisational, physical and information technology security measures that cover the protection of IT infrastructure, computer and communications networks, technical equipment, employees, offices and information with the aim of ensuring a high level of risk mitigation and preventing threats of Personal Data leaks and losses.
5.3 In operations, Personal Data protection is regulated through internal security rules which ensure that only authorised employees are able to process Personal Data and only to the required extent.
We may under certain circumstances be required to disclose Personal Data to following parties:
6.1 In events required by law at the request of the authorities (e.g. law enforcement agencies, courts, enforcement officers, tax authorities, supervisory authorities);
6.2 to insurance companies, insurance brokers, credit institutions and credit intermediaries, where required for the performance of the Licence;
6.3 to legal and financial advisors, auditors, debt recovery undertakings and other authorised processors where required for provision of the Service, performance of our obligations and protection of our rights.
7.1 We process the Personal Data within the European Union (EU) and the European Economic Area (EEA), but in certain cases the Personal Data can be transferred to and processed in countries located outside the territory.
7.2 The transfer and processing of the Personal Data outside the EU and the EEA may take place for the purpose of performance of a legal duty, oligations deriving from the Licence or under other circumstances with the consent of the Customer, provided that the following safeguards are ensured: a valid Contract with standard terms drafted by the EU or an approved code of conduct, approved certifications and other measures and conditions by which the Personal Data recipient or the country of its location ensures a sufficient level of Personal Data protection which is in compliance with the GDPR as per decision of the European Commission and whereby the recipient has been certified on the basis of the Privacy Shield (applicable to Personal Data recipients located in the United States). On request, the Customer can obtain more detailed information on the transfer of the Personal Data outside the EU and EEA.
8.1 We do not process the Personal Data for longer than the purpose of use of the Personal Data has been fulfilled, usually until the expiry of the Licence and the applicable Termination Period and thereafter on the basis of legitimate interest and for performing statutory duties (e.g. duties arising from accounting, private legal grounds, etc.).
According to the law, you have the right to:
9.1 receive information from us about the extent and use of the processing of the Personal Data;
9.2 demand that we terminate the use of, correct or delete your Personal Data;
9.3 grant or withdraw consent to use the Personal Data for direct marketing or other marketing purposes;
9.4 for the purpose of protecting the Personal Data, contact the Personal Data protection authority or seek judicial protection;
9.5 claim justified compensation for proven damage caused to you as a result of unlawful use of the Personal Data;
9.6 demand that no decisions based merely on automated processing be made with regard to you.
Insly does not own, control or direct the use of any of the Client Data stored or processed by a Customer via the Software. Only the Customer is entitled to access, retrieve and direct the use of such Client Data. We are largely unaware of what Client Data is actually being stored or made available by a Customer to the Software and do not directly access such Client Data except as authorized by the Customer or as necessary to provide Services to the Customer.
Because we do not collect or determine the use of any Personal Data contained in the Client Data and because it does not determine the purposes for which such Personal Data is collected, the means of collecting such Personal Data, or the uses of such Personal Data, Insly is not acting in the capacity of data controller in terms of the GDPR and does not have the associated responsibilities under the GDPR. Insly should be considered only as a processor on behalf of its Customers as to any Client Data containing Personal Data that is subject to the requirements of the GDPR. Except, as provided in this Privacy Policy, Insly does not independently cause Client Data containing Personal Data stored in connection with the Software to be transferred or otherwise made available to third parties, except to third party subcontractors who may process such data on behalf of Insly in connection with our provision of Services to Customers. Such actions are performed or authorized only by the applicable Customers.
The Customer is the data controller under the GDPR for any Client Data containing Personal Data, meaning that such party controls the manner of how such Personal Data is collected and used as well as the determination of the purposes and means of the processing of such Personal Data.
We are not responsible for the content of the Personal Data contained in the Client Data or other information stored on Software at the discretion of the Customer nor is Insly responsible for the manner in which the Customer collects, handles disclosure, distributes or otherwise processes such information.
11.1 Our contact person for submission of notices, queries and declarations of intent: info@insly.com.
11.2 Data Protection Officer e-mail address is support@insly.com.
12.1 Insly has the right to revise the privacy policy by informing Customers at least one month in advance via the Website https://www.insly.com.
12.2 The privacy policy enters into force on 25 May 2018.
Rules for the processing of personal data of job applicants
1. Introduction
1.1 Insly’s rules for the processing and protection of personal data (hereinafter the Rules) determine how Insly OÜ and Insly Ltd (hereinafter together Insly) process the personal data of a person who applies for employment (hereinafter the Candidate).
1.2 Personal data protection rules are based on the EU data protection regulation (Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, General Data Protection Regulation or GDPR)) and Estonian data protection regulations.
1.3 Personal data processors are the following: Insly OÜ, registry code 12514106, Lõõtsa 8 11415 Tallinn (the processor) and Insly Ltd, registry code 09139615, address 33 Queen Street, London, EC4R 1AP (the controller).
2. Purpose of processing personal data
2.1 Insly processes personal data of candidates to receive, review, and analyse applications, organise interviews with candidates, test and evaluate the candidates, conduct background checks, make decisions on concluding an employment contract, and other purposes related to the application process.
3. List of personal data of candidates which are processed by Insly:
3.1 To review job applications and arrange job interviews: first and last name, personal identification code, date of birth, postal and e-mail address, phone number, education, previous employers and period of working, introductory photo and video footage;
3.2 Background information, feedback from previous employers, data related to capabilities and skills, results of testing and evaluation, and other data that determine the applicant’s suitability for the job.
3.3 If testing is automated, then the candidate has the right to object to the testing results if he or she is not selected.
3.4 Submitting data on civil status, children, emergency contact person, nationality, driving licence, hobbies, or personal life activities is voluntary.
3.5 If it is necessary to know whether the candidate’s health will allow him or her to work, Insly has the right to ask the candidate’s confirmation about the absence of listed medical conditions.
3.6 Insly has the right to make inquiries to third persons and criminal records database as well as use social media, search engines, information portals, and other electronic solutions to search information for previous actions of the candidate and to process that data.
4. Insly is obliged to:
4.1 comply with the principles of legality, purposefulness, minimum use, restriction of use, data quality, security, and individual participation when processing personal data;
4.2 give the candidate access to his or her personal data;
4.3 ensure that personal data are accurate and up to date;
4.4 process and storage personal data until their purpose is fulfilled or in accordance with the consent of the candidate;
4.5 allow the candidate to take back his or her consent for personal data processing;
4.6 implement safeguards to protect personal data against accidental loss or alteration and inadvertent or unauthorised processing, disclosure, or destruction;
4.7 transfer personal data to third persons only for purposes referred to in these rules and ensure the security of the data transfer. Insly shall transfer personal data to personnel solution service providers, consultation and advertisement companies, cloud and IT service providers, and other service providers. Insly shall use, among other things, the personnel solutions of U.S. companies by transferring personal data under the Privacy Shield decision;
4.8 store personal data for a period not exceeding 1 (one) year after the end of the application process or, on the basis of the employee’s consent, until the end of his or her interest in job candidacy. Interest in job candidacy means that the employee is interested in storing his or her personal data in Insly’s database of job applicants to receive job offers and invitations to apply in the future.
5. The candidate has the right to:
5.1 take back the consent for personal data processing after the end of the application process;
5.2 have access to his or her personal data that are processed by Insly and receive information on the transfer of personal data;
5.3 demand the correction of inaccurate data;
5.4 demand the termination of personal data processing when leaving the application process.
6. Consent for personal data processing
6.1 By signing the job application or a personnel card, the candidate gives to Insly the consent for the processing, publishing, and transferring of his or her personal data to the extent described in these rules for the processing and protecting personal data, including consent for publishing and transferring his or her photos, videos, audio, and other recordings, making audio and other recordings, and processing his or her medical data.
6.2 The candidate consents to storing his or her personal data until the end of the application process or until the end of his or her interest in job candidacy, which lasts for 10 (ten) years after the expiry of the application.
6.3 The candidate confirms that he or she has examined these rules and Insly’s rules for processing personal data, has understood this information, and agrees to it.