1. Introduction
This Data Privacy Statement covers the Personal Data practices of Tryggingamiðlun Íslands ehf.
“TMI” company details:
Registered Office: Hlíðasmári 11, 201 Kópavogur, Iceland.
Trading Office: Hlíðasmári 11, 201 Kópavogur, Iceland.
Lloyd’s status Approved Coverholder (PIN: 113846 CJK)
FME Register Number: 690597-2849
Company ID Number: 690597-2849
TMI is committed to protecting your privacy. This Data Privacy Statement explains how TMI
processes and protects the Personal Data information we collect, how we meet our obligations
regarding data protection and the rights of our customers in respect of their Personal Data in
compliance with the General Data Protection Regulation (EU 2016/279).
To arrange insurance cover, handle insurance claims, and provide related services, TMI and other
participants in the insurance industry are required to use and share Personal Data. For an overview of
how and why the insurance industry is required to use and share Personal Data please see the
Insurance Market Core Uses Information Notice hosted on the website of a UK insurance industry
association, the Lloyd’s Market Association (the LMA Notice). TMI use of Personal Data is
consistent with the LMA Notice.
2. Personal Data that TMI Process
Personal Data
TMI may collect Personal Data such as:
– your name
– ID number / date of birth
– gender
– contact details, including address, email, telephone numbers
– marital status
– financial details, including payment card number, bank account number and account details, income and other financial information
– employment details, including job title and employment history
– Identification details issued by government bodies or agencies
– relationship to the policyholder, insured, beneficiary or claimant
Sensitive Personal Data
TMI may also collect Sensitive Personal Data about you such as:
– health information, including health status, injury or disability information, medical procedures performed, current or former physical or mental medical conditions, relevant personal habits (e.g. smoking or consumption of alcohol), prescription information, medical history (including family members)
– genetic and biometric data
– criminal convictions
3. How TMI use Personal Data
TMI use your Personal Data for the primary purpose of arranging and administering Insurance
cover. This includes:
– Identifying suitable Insurers and arranging Insurance quotes or contracts based on the instructions of your broker or intermediary
– Underwriting your Insurance policy, assessing your suitability for a product, issuing quotes, on behalf of Insurers
– Handling your claim or assessing your claim on behalf of Insurers
– Assessing any complaint against TMI
– Handling your complaint or assessing your complaint against Insurers or their agents
– Conducting checks for fraud, money laundering, bribery, tax evasion, actions and other illegal activities
– Analysing data, identifying trends to assist in improving our services or offerings
– For Compliance with our legal and regulatory duties

4. TMI’s processing and disclosure of your Personal Data
TMI has implemented reasonable and proportionate physical, technical and administrative
security standards to ensure all Personal Data will be collected and processed securely and
protected against unauthorised or unlawful processing and against accidental loss, misuse,
destruction or damage.
Personal Data will be provided to TMI’s business partners, service providers and Lloyd’s of
London in connection with the provisions of our products and services. In addition, TMI may
disclose Personal Data to respond to law enforcement and government official requests, External
Dispute Resolution schemes and Ombudsman, legal action, professional and regulatory bodies
and to any other parties if required or permitted by law.
TMI will also transfer your Personal Data in instances where the Insurance Intermediary acting
on your behalf appoints a new service provider to take over any services provided by TMI.
Personal Data may be transferred to any country, including countries outside the European
Economic Area (EEA), for processing, storage, administration or any other use stated in this Data
Privacy Statement. The purpose and processing in connection with any transfer will comply with
the General Data Protection Regulations and Personal Data handled in countries outside EEA
will either receive the same level of protection as if processed in the EEA or adequate safeguards
will be provided for.
TMI has implemented reasonable and proportionate physical, technical and administrative
security to protect the Personal Data.
5. TMI Website usage
In some instances, TMI will automatically collect certain types of Personal Data when you visit
our website. Automated technologies may include the use of Web server logs to collect IP
addresses, “cookies” and Web beacons.. The collection of this Personal Data will allow us to
improve the effectiveness of our Website including refining the content.
6. Your rights
TMI strive to maintain Personal Data that is accurate, complete and current.
Under certain conditions, you have the right to request:
– Further information about how TMI processes your Personal Data
– A copy of your Personal Data that TMI maintain. Note: Under normal circumstances
this information will be provided free of charge, however, TMI have the right to charge for any manifestly unfounded or excessive requests
– Any incomplete or inaccurate Personal Data is updated
– The deletion of Personal Data that TMI no longer have legal ground to process
– Where processing is based on consent, withdraw consent (although TMI may still store the Personal Data)
Requests may be sent to TMI at:
The Data Protection Officer
Hlíðasmári 11
201 Kópavogur
Iceland
Email: [email protected]
These rights are subject to certain exemptions to safeguard the public interest, for example the
prevention or detection of crime, and TMI’s interests, for example maintenance of legal
privilege.
TMI will respond to most requests within 30 days.
Personal Data requested from TMI will be provided in a format that allows you to move, copy or
transfer Personal Data in a safe and secure way, retaining full usability and between normal IT
environments.
If TMI are unable to resolve you request or if you have a complaint about how your Personal data
has been stored, processed or disclosed by TMI you may contact the Icelandic data protection
authority – Persónuvernd:
https://www.personuvernd.is/information-in-english/
7. Personal Data Retention
TMI’s retention periods for Personal Data are based on business needs and legal requirements.
TMI retain Personal Data for as long as is necessary for the processing purpose(s) for which the
information was collected, and any other permissible, related purpose.
When Personal Data is no longer needed, TMI will either irreversibly anonymise the data (in
which case we may further retain and use the anonymised information) or securely destroy the
Personal Data.
8. Consent
In order to arrange insurance cover, handle insurance claims, and provide related services, unless
another legal basis applies, TMI will rely on your and / or the data subjects consent to process
Sensitive Personal Data including criminal conviction records.
This consent enables TMI to share this Data with other parties to be able to provide the services
requested of TMI by the insurance intermediary acting on your behalf. Without consent TMI
will not be able to provide the services requested by the insurance intermediary on your behalf.
Where information is provided to TMI about a person or persons other than yourself, you agree
to notify them of our use of their Personal Data and obtain consent for the use of Sensitive
Personal Data. You further agree to make them aware of where the TMI Data Privacy Statement
is available and recommend it is read.
Any individual may withdraw their consent at any time by contacting TMI as per the contact
details including within Section 6 of this Data Privacy Statement. It is recommended that you
firstly contact the insurance intermediary that acts on your behalf.
Withdrawing consent may result in the insurance coverage not being able to continue and / or
claims to not be administered.

Access .pdf version of our Privacy Statement
28.05.2018