Insly Limited (“we” or “us”) are committed to protecting and respecting your privacy.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us and your choices regarding the personal data we may hold about you. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
By visiting www.insly.com you are accepting and consenting to the practices described in this policy.
Customer means person or his or her representative who uses Insly Software or services.
Visitor means person visiting the Website.
Personal Data means any information related to an identified or identifiable natural person.
Client Data means any data Customer inserts, uploads or otherwise stores in the Software.
“we” or “us” means Insly (Insly Ltd, Companies House number 09139615, locations Salisbury House, London Wall, London EC2M 5QZ).
Website means Insly Website www.insly.com.
Software means integrated cloud computing solution www.insly.com for administrating insurance proposals, policies and related documents, including applications, software, hardware, Personal Data bases, interfaces, associated media, documentation, updates, new releases, and other components or materials provided therewith.
Services means services offered by Insly related to the use of the Software.
Licence means Legal Agreement between Customer and Insly for use of the Software and Services.
All Terms given in the singular are also applicable in the plural.
III INFORMATION WE MAY COLLECT ABOUT YOU
We may collect and process the following data about you:
3.1 Information you give us. You may give us information about you by filling in forms on our Website or any sub-domain thereof, including, but not limited to, signup.insly.com, login.insly.com and clientname.insly.com (our site), or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our site, subscribe to our Services, use our Software and when you report a problem with our site. The information you give us may include your name, address, e-mail address, phone number, and financial and credit card information.
3.2 Information we collect about you. With regard to each of your visits to the Website we may automatically collect the following information:
3.2.1 technical information, including the Internet Protocol (IP) address used to connect to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
3.2.2 information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
3.3 Information from other sources (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies).
3.4 Information collected by Customers. A Customer may insert, upload or otherwise store Client Data, which may contain Personal Data, in the Software. Insly has no direct relationship with the individuals whose Personal Data is hosted in the Software as part of Client Data. Each Customer is responsible for providing notice to its customers and third persons concerning the purpose for which Customer collects their Personal Data and how this Personal Data is processed in or through the Software as part of Client Data.
IV USES MADE OF THE INFORMATION
We use the information that we collect in a variety of ways in providing our Services and operating our business, including the following:
4.1 Provision of Services
4.1.1 We use the information, with the exception of Client Data, to operate, maintain, enhance and provide you with all aspects of the Software and Services, to carry out our obligations under the Licence and to provide you with the information, products and services that you request from us.
4.1.2 We process Client Data only at the request of the Customer and in accordance with the directions provided by the Customer who owns the respective Client Data.
4.2 Improvements of Services
We may use the information for administering our Website, analyzing the preferences of Customers and Visitors and for improving our Software, Services and Website, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
4.3.1 We may use Personal Data (e.g. email or phone number) to contact you for administrative purposes, such as customer service (e.g. responding to customer queries), sending service notices (such as information about Software changes, maintenance, new features, etc.) or informing about contractual rights and obligations.
4.3.2 We may also contact you with updates on promotions or events related to our Software, Services or to the services offered by our partners. You have the right to opt out from receiving any promotional communications, see “IX Your choices“.
V PROTECTION OF PERSONAL DATA
5.1 Privacy and the protection of Personal Data is of the upmost importance to us and we ensure the security of Personal Data in accordance with existing legislation (e.g. GDPR) and good business practice.
5.2 Measures used to ensure the protection of Personal Data include, but are not limited to: organisational, physical and information technology security measures that cover the protection of IT infrastructure, computer and communications networks, technical equipment, employees, offices and information with the aim of ensuring a high level of risk mitigation and preventing threats of Personal Data leaks and losses.
5.3 In operations, Personal Data protection is regulated through internal security rules which ensure that only authorised employees are able to process Personal Data and only to the required extent.
VI DISCLOSURE OF PERSONAL DATA
We may under certain circumstances be required to disclose Personal Data to following parties:
6.1 In events required by law at the request of the authorities (e.g. law enforcement agencies, courts, enforcement officers, tax authorities, supervisory authorities);
6.2 to insurance companies, insurance brokers, credit institutions and credit intermediaries, where required for the performance of the Licence;
6.3 to legal and financial advisors, auditors, debt recovery undertakings and other authorised processors where required for provision of the Service, performance of our obligations and protection of our rights.
VII. WHERE WE STORE YOUR PERSONAL DATA
7.1 We process the Personal Data within the European Union (EU) and the European Economic Area (EEA), but in certain cases the Personal Data can be transferred to and processed in countries located outside the territory.
7.2 The transfer and processing of the Personal Data outside the EU and the EEA may take place for the purpose of performance of a legal duty, oligations deriving from the Licence or under other circumstances with the consent of the Customer, provided that the following safeguards are ensured: a valid Contract with standard terms drafted by the EU or an approved code of conduct, approved certifications and other measures and conditions by which the Personal Data recipient or the country of its location ensures a sufficient level of Personal Data protection which is in compliance with the GDPR as per decision of the European Commission and whereby the recipient has been certified on the basis of the Privacy Shield (applicable to Personal Data recipients located in the United States). On request, the Customer can obtain more detailed information on the transfer of the Personal Data outside the EU and EEA.
VIII HOW LONG WE KEEP YOUR PERSONAL DATA
8.1 We do not process the Personal Data for longer than the purpose of use of the Personal Data has been fulfilled, usually until the expiry of the Licence and the applicable Termination Period and thereafter on the basis of legitimate interest and for performing statutory duties (e.g. duties arising from accounting, private legal grounds, etc.).
IX YOUR CHOICES
According to the law, you have the right to:
9.1 receive information from us about the extent and use of the processing of the Personal Data;
9.2 demand that we terminate the use of, correct or delete your Personal Data;
9.3 grant or withdraw consent to use the Personal Data for direct marketing or other marketing purposes;
9.4 for the purpose of protecting the Personal Data, contact the Personal Data protection authority or seek judicial protection;
9.5 claim justified compensation for proven damage caused to you as a result of unlawful use of the Personal Data;
9.6 demand that no decisions based merely on automated processing be made with regard to you.
X Data Controller and Data Processor
Insly does not own, control or direct the use of any of the Client Data stored or processed by a Customer via the Software. Only the Customer is entitled to access, retrieve and direct the use of such Client Data. We are largely unaware of what Client Data is actually being stored or made available by a Customer to the Software and do not directly access such Client Data except as authorized by the Customer or as necessary to provide Services to the Customer.
The Customer is the data controller under the GDPR for any Client Data containing Personal Data, meaning that such party controls the manner of how such Personal Data is collected and used as well as the determination of the purposes and means of the processing of such Personal Data.
We are not responsible for the content of the Personal Data contained in the Client Data or other information stored on Software at the discretion of the Customer nor is Insly responsible for the manner in which the Customer collects, handles disclosure, distributes or otherwise processes such information.
XI HOW TO CONTACT US
11.1 Our contact person for submission of notices, queries and declarations of intent: email@example.com.
11.2 Data Protection Officer e-mail address is firstname.lastname@example.org.
Rules for the processing of personal data of job applicants
1.1 Insly’s rules for the processing and protection of personal data (hereinafter the Rules) determine how Insly OÜ and Insly Ltd (hereinafter together Insly) process the personal data of a person who applies for employment (hereinafter the Candidate).
1.2 Personal data protection rules are based on the EU data protection regulation (Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, General Data Protection Regulation or GDPR)) and Estonian data protection regulations.
1.3 Personal data processors are the following: Insly OÜ, registry code 12514106, Lõõtsa 8 11415 Tallinn (the processor) and Insly Ltd, registry code 09139615, address Salisbury House, London Wall, London EC2M 5QZ (the controller).
2. Purpose of processing personal data
2.1 Insly processes personal data of candidates to receive, review, and analyse applications, organise interviews with candidates, test and evaluate the candidates, conduct background checks, make decisions on concluding an employment contract, and other purposes related to the application process.
3. List of personal data of candidates which are processed by Insly:
3.1 To review job applications and arrange job interviews: first and last name, personal identification code, date of birth, postal and e-mail address, phone number, education, previous employers and period of working, introductory photo and video footage;
3.2 Background information, feedback from previous employers, data related to capabilities and skills, results of testing and evaluation, and other data that determine the applicant’s suitability for the job.
3.3 If testing is automated, then the candidate has the right to object to the testing results if he or she is not selected.
3.4 Submitting data on civil status, children, emergency contact person, nationality, driving licence, hobbies, or personal life activities is voluntary.
3.5 If it is necessary to know whether the candidate’s health will allow him or her to work, Insly has the right to ask the candidate’s confirmation about the absence of listed medical conditions.
3.6 Insly has the right to make inquiries to third persons and criminal records database as well as use social media, search engines, information portals, and other electronic solutions to search information for previous actions of the candidate and to process that data.
4. Insly is obliged to:
4.1 comply with the principles of legality, purposefulness, minimum use, restriction of use, data quality, security, and individual participation when processing personal data;
4.2 give the candidate access to his or her personal data;
4.3 ensure that personal data are accurate and up to date;
4.4 process and storage personal data until their purpose is fulfilled or in accordance with the consent of the candidate;
4.5 allow the candidate to take back his or her consent for personal data processing;
4.6 implement safeguards to protect personal data against accidental loss or alteration and inadvertent or unauthorised processing, disclosure, or destruction;
4.7 transfer personal data to third persons only for purposes referred to in these rules and ensure the security of the data transfer. Insly shall transfer personal data to personnel solution service providers, consultation and advertisement companies, cloud and IT service providers, and other service providers. Insly shall use, among other things, the personnel solutions of U.S. companies by transferring personal data under the Privacy Shield decision;
4.8 store personal data for a period not exceeding 1 (one) year after the end of the application process or, on the basis of the employee’s consent, until the end of his or her interest in job candidacy. Interest in job candidacy means that the employee is interested in storing his or her personal data in Insly’s database of job applicants to receive job offers and invitations to apply in the future.
5. The candidate has the right to:
5.1 take back the consent for personal data processing after the end of the application process;
5.2 have access to his or her personal data that are processed by Insly and receive information on the transfer of personal data;
5.3 demand the correction of inaccurate data;
5.4 demand the termination of personal data processing when leaving the application process.
6. Consent for personal data processing
6.1 By signing the job application or a personnel card, the candidate gives to Insly the consent for the processing, publishing, and transferring of his or her personal data to the extent described in these rules for the processing and protecting personal data, including consent for publishing and transferring his or her photos, videos, audio, and other recordings, making audio and other recordings, and processing his or her medical data.
6.2 The candidate consents to storing his or her personal data until the end of the application process or until the end of his or her interest in job candidacy, which lasts for 10 (ten) years after the expiry of the application.
6.3 The candidate confirms that he or she has examined these rules and Insly’s rules for processing personal data, has understood this information, and agrees to it.