Careers at
The Lancashire Group - Home
The Lancashire Group - Home

Privacy Policy

At Lancashire we are committed to protecting and safeguarding your privacy whenever we are handling your Personal Information. This privacy notice is part of this commitment and aims to provide you with an overview of how and why we might collect, use, or disclose your Personal Information. It also provides information about your rights and choices when it comes to your information when it is in our care. 

About this notice and us

This notice was last updated on May 15th, 2025 and is effective from May 28th, 2025. 

In this notice references to “Lancashire”, “we”, “our” or “us” are to the entity within the Lancashire group of companies that uses your Personal Information.

This notice applies to any current (or former) employee about whom we may collect and use Personal Information for the purposes of managing our employment relationship with you, meeting our legal and regulatory obligations as an employer and running our business. Normally when we do this Lancashire will be the controller of your Personal Information, meaning we are responsible for determining how your information is used by us and accountable for following applicable privacy and data protection laws when we do so. 

If, as an employee, you are applying for a different role within Lancashire then please refer to our Candidate Privacy Notice.
 
All privacy and data protection queries are handled centrally by:
Lancashire Insurance Services Limited, 20 Fenchurch Street, London, EC3M 3BY, UK.
You may contact us by email privacy@lancashiregroup.com.
[Also, if you are in the United States, by our toll-free number +1 (855) 316 2685.]
 
The types of Personal Information we collect, use and disclose and why

To enable us to run our business and operate our employment policies and procedures we may collect, use or disclose the following categories of Personal Information about you:
  • individual details (such as name, address, contact details, gender, date of birth);
  • identification details (which may include IDs issued by government agencies or official bodies); 
  • financial information (such as bank and payment details);
  • employment details (such as employer and role, salary and benefits, job history, education and qualifications, references, screening);
  • Sensitive Personal Information (see definitions section at the end of this notice);
  • credit or anti-fraud data (including sanctions or financial crime related information from shared fraud databases);
  • preferences, for how we contact you or permissions for marketing; and other transactional information (such as your interactions and communications with us).

Our policy is to follow the proportionality or data minimisation principles common to most privacy and data protection laws, by only collecting or using the least amount of Personal Information necessary for each purpose.

For the purpose of managing our employment or contractual relationship with you (including pay, benefits, expenses and absence management) we may collect, use or disclose all of the categories of Personal Information listed above.

In addition:

For the purpose of complying with legal requirements and our financial and regulatory obligations as your employer we may collect, use or disclose:
  • individual details;
  • identification details;
  • financial information;
  • employment details;
  • Sensitive Personal Information;
  • credit and anti-fraud data; and
  • transactional information.

For the purpose of monitoring, understanding and improving our employment practices or the safe and secure operation of our business (IT) systems, operations and facilities we may collect, use or disclose:
  • individual details;
  • identification details;
  • financial information;
  • employment details;
  • Sensitive Personal Information; and
  • transactional information.
 
Your rights

Under privacy and data protection laws we must identify the ‘lawful basis’ for our processing (also known as condition for use) of your Personal Information. Which lawful basis we rely on for each purpose (as listed in the next section) may affect your rights as set out below.

You may have certain rights as an individual, which you can exercise for Personal Information we hold or plan to hold about you. If you make a request to exercise any of your rights, we reserve the right to ask you for a proof of your identity, including asking for Personal Information such as your name and employee reference to compare against our business records. To exercise your rights, please contact us using one of the contact methods given in the ‘About this notice and us’ section above. We aim to acknowledge your request as soon as possible and to address your query within one month from your request.

We offer you the following rights: 

Your right to access (request to know): You are entitled to a confirmation as to how we are processing or using your Personal Information, a copy of your Personal Information, and information about the purposes we are processing or using it for, who we disclose it to, whether we may transfer it abroad and how we protect it if so, how long we keep it for, what rights you have, where we get your data from and how you can make a complaint.

We may have to decline a request due to legal restrictions. This could include, but is not limited to the fact that: 
  • the information is subject to solicitor or attorney client privilege;
  • providing the information would reveal Personal Information about a third party; or
  • providing the information could compromise the investigation of a (legal) claim. 
Your right to rectification (request to correct): If you believe the Personal Information we hold about you is inaccurate or incomplete, you can request for it to be rectified.

Your right to erasure (right to be forgotten, request to delete or destroy): You have the right to ask us to erase your Personal Information in certain circumstances, for example, if you believe it is no longer needed for the purposes for which it was collected. However, this will need to be balanced against other factors that require us to retain Personal Information. For example, there may be certain legal or regulatory obligations that may prevent us from completing your request.

Your right to data portability: If you provided us with Personal Information, you can ask us to transfer that Personal Information to another third party of your choice.

Your right to restrict and/or object to processing (or block): You have the the right to restrict and/or object to the processing or use of your Personal Information in certain circumstances. For example, where the processing relies on our legitimate interests as the lawful basis for processing or condition for use, you also have an absolute right to block your Personal Information being used for direct marketing.

The right to human intervention: If we are processing or using your Personal Information to make decisions concerning you that are fully automated, you may have the right to request that this automated decision is reviewed. You have the right to make this request, but there is no relevant activity currently undertaken by us of this nature.

The right to withdraw consent: If we are processing or using your Personal Information under your consent, you can withdraw consent for any further communication or use of the information collected; assuming it is no longer needed for the purposes it was collected.

The right to complain: If you are unhappy with how we have responded to you exercising any of the rights listed in the notice, you have the right to complain to the applicable supervisory authority. See the ‘How to complain’ section of this notice below.

Notice at collection and additional information and rights for California residents

We collect the categories of Personal Information as defined under “the type of personal information we collect, use and disclose and why” section above. We do not sell or share your Personal Information, including having no actual knowledge of any selling or sharing of the Personal Information of anyone under 16 years of age, and we retain your Personal Information as described under “how we store your personal information” section below.

We further advise you that:

Your right to non-discrimination or retaliation: When you exercise any of your rights as detailed in this notice, we will not discriminate or retaliate against you.

Your right to limit use and disclosure of sensitive personal information:  We will only collect, use, or disclose your Sensitive Personal Information to the extent it is necessary for the purposes set out in this notice, and we do not use your Sensitive Personal Information to infer characteristics about you or for purposes beyond those specified under applicable law. You have the right to make this request, but there is no relevant activity to limit in response to such a request.
 
Your right to opt-out of the sharing or selling of information:  We have not and do not “sell” your Personal Information nor “share” it for “cross-context behavioral advertising” (as each of those terms are defined under the California Consumer Privacy Act (“CCPA”)), including the Personal Information of those under the age of sixteen years. You have the right to make this request, but there is no relevant activity to opt you out of in response to such request.

Your right to use an authorized agent: You may designate an authorized agent to exercise any of these rights on your behalf. To designate an agent, please email a signed authorization to privacy@lancashiregroup.com.

Please note that we currently do not respond to Do Not Track or other privacy preference signals, such as the Global Privacy Control given that we do not operate tracking technologies for the purposes of behavioral advertising or direct marketing.

Our lawful bases for the collection and use of your Personal Information

The lawful basis (or conditions for use) that we rely on are described below:
 
Consent: you have been supplied with all the relevant information and given or indicated your permission - the standard of consent required may vary depending on which privacy and data protection laws apply to our relationship with you (e.g. based on your country of residence or where processing takes place and whether this involves use of Sensitive Personal Information).
Contract: we have to collect, use or disclose the information because it is necessary for the performance of a contract (to which you are a party). 
Employment purpose: where necessary in the context of your potential employment relationship with us (to the extent permitted by applicable privacy and data protection laws). 
Legal obligation: we have to collect or use your information to comply with the law (and our associated regulatory obligations) or as otherwise legally permitted.
Legitimate interests: we are collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone (or in a way that might prejudice the rights of the individual). We list what the legitimate interests concerned are for each purpose listed in this notice below.
Vital interests: where use or disclosure of Personal Information is necessary to protect your vital interests (or those of another person).
 
For each purpose listed in this notice, the lawful bases we rely on are as follows:
 
Managing our employment or contractual relationship with you
Contract; legal obligation (and to the extent permitted by employment and social security and social protection law or applicable privacy laws) and employment purpose.
Complying with legal requirements and our financial and regulatory obligations
Legal obligation; consent (to the extent required and appropriate); vital interests (only by exception, e.g. in the event of a medical emergency at work and you are unable to communicate properly with us).
Monitoring, understanding and improving our employment practices
Employment purpose; legal obligation; legitimate interests (which are: to be able to run the business efficiently; attract and retain employees though better understanding of the workforce; enable us to adapt and thrive in a competitive environment by supporting, developing and rewarding employees).
Safe and secure operation of our business (IT) systems, operations and facilities
Legitimate interests (which are: security of our systems and electronic communications; defending or prosecuting legal claims; to safeguard the property and well-being of our organisation, employees and others).
 
Where we get Personal Information from

For the purposes described in this notice, Personal Information may be collected by us either:
  • from you directly (because you provide this or through monitoring your use of our systems, devices and access to our premises); or
  • from your agents (such as recruitment agencies, your referees, legal representatives); or
  • from our agents (such as your manager or external service providers who assist with delivery of our employment processes); or 
  • other sources: from government agencies, reference agencies (financial, fraud or criminal), social networks or other publicly available sources (where necessary and to the extent legally permitted).
Who we disclose to or exchange Personal Information with

We may disclose the above categories of your Personal Information for any of the uses or business purposes described in this notice with:
  • our processors or service providers, who help us to operate, review and provide our employment processes for the purposes set out in this notice or who provide professional advice (we contractually or otherwise require all such organisations to respect the confidentiality and security of any Personal Information they are given access to and check their compliance);
  • regulators, law enforcement, or government bodies (to the extent such disclosures are legally permitted or obliged); and
  • other entities within the Lancashire group (who assist in the above purposes).
We do not sell and only disclose your Personal Information to processors and third parties to enable us to deliver our services and not for them to be able to use your information for their own purposes (unless they have a separate agreement with you). Your Personal Information is not used by us for other purposes (not listed in this notice) without your knowledge and agreement.

How we store your Personal Information 

Your Personal Information is securely stored and protected by appropriate administrative procedures and technical controls, in line with industry practices.

How long we keep your Personal Information will be determined by what information is collected and the purpose or purposes it was collected for (in accordance with this notice). The factors to be considered include how long it is needed:
  •  if you are a current or former Lancashire employee;
  • to comply with our legal, accounting, and regulatory obligations - applicable laws may vary depending on the location, country or legal jurisdiction in which you are or were employed (or were resident when providing your information);
  • to further satisfy required periods set (or as permitted) by law or as expected by our regulators; and
  • to defend or protect our legal rights.
Our policy is to follow the storage limitation principle common to most privacy and data protection laws, meaning that when your Personal Information is no longer needed for the above considerations, it will be securely erased or deleted or otherwise de-identified.

If you would like to know more about how long your information will be retained, please contact us using one of the contact methods given in the ‘About this notice and us’ section above.

International transfers of information

Due to the global nature of our business and the technologies we rely on, your Personal Information may be transferred, stored, or otherwise processed outside of the country or jurisdiction of origin by and between us, our processors, or service providers for the purposes set out in this notice. All such transfers are conducted in accordance with the relevant legal requirements and safeguards for the transfer and adequate protection of Personal Information outside of the UK or the originating jurisdiction, as applicable.

If you would like to know more about such transfers, please contact us using one of the contact methods given in the ‘About this notice and us’ section above.

How to complain

If you have any questions or concerns about our use of your Personal Information or if you would like to appeal any of our decisions in response to one of your requests, you may contact us using the details shown in the “About this notice and us” section of this notice.
 
You also have the right to complain to an applicable supervisory authority (or regulator) if you remain unhappy with how we have used your data or responded to your rights request:

which in the UK is the:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF, UK
which in Bermuda is the:
Office of the Privacy Commissioner for Bermuda, Maxwell Roberts Building, 4th Floor, 1 Church Street, Hamilton, HM11, Bermuda
and which in Australia is the:
Office of the Australian Information Commissioner, GPO Box 5288, Sydney, NSW 2001, Australia
or for the United States or any other jurisdiction you may wish to contact the relevant supervisory authority taking into account:
the location where the processing your complaint relates to occurred, where you live or the state or territory in which you work and the law and regulations applicable to your complaint.
 
Glossary of Terms

Personal Information - information that relates to or describes an identified or identifiable individual, where that individual is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person

Sensitive Personal Information – is subset of Personal Information that describes certain types information that are more sensitive in nature and which generally require greater protection - by security and specific conditions for processing or use of such data being needed for it to be lawful (for example, your explicit, prior consent or a legal obligation).

Under UK privacy and data protection law (and similarly Australia) the types of Sensitive Personal Information would be:

  • Special categories of personal data, which are: racial or ethnic origin; political opinions; religious or philosophical beliefs; professional affiliation or membership; genetic information; biometric information; health (physical or mental including disability); sex life; sexual orientation; and
  • criminal convictions or offences.
For Bermuda this would mean Personal Information relating to:

an individual’s place of origin, race, colour, national or ethnic origin, sex, sexual orientation, sexual life, marital status, physical or mental disability, physical or mental health, family status, religious beliefs, political opinions, trade union membership, biometric information or genetic information

For the United States:

a number of the recently enacted state privacy laws, as well as the California Privacy Rights Act (CPRA), include certain obligations for businesses that process Sensitive Personal Information. The precise definition varies under each state law but, at a high level, includes data elements such as Social Security numbers or other government issued IDs, biometric or genetic data, information regarding race and ethnicity, sexual orientation data, religious beliefs, physical or mental health information and in some cases financial details (such as personal bank and payment details).