Privacy policy

March 2019

1.    PRIVACY POLICY

1.1    Information We May Collect

We collect personal information to offer you products and services.  We also use it to decide if you qualify for our products and services.  We also collect information to service your account.  The type of information we collect depends on the products or services you ask for and may include

  • Information we receive from you on applications and related forms (such as name, address, social security number, assets, income or other personal or medical information);
  • Information about your transactions and relationships with us and our family of companies (such as products or services purchased, account balances and payment history);
  • Information we receive from consumer reporting agencies (such as credit relationships and history);
  • Information we receive from outside sources in order to issue and service your policies (such as motor vehicle reports, medical information from your providers and other public information);

1.2    Information We May Disclose and to Whom We May Disclose Information

We may share some or all of your personal information without your permission as permitted by law to persons or companies such as:

  • Your agent or broker;
  • Banks;
  • Reinsurance Companies;
  • Firms that assist us in the servicing of your policies;
  • Firms that assist in the printing or delivering of statements and notices;
  • Affiliates in our family of companies that market our products or services on our behalf; and
  • Financial companies with which we have joint marketing agreements.

We may disclose some or all of the personal information about current or former customers, but only as allowed by law, in response to:

  • Law enforcement agencies or governmental inquiries;
  • Subpoena;
  • Legal requirements;
  • State or federal regulators; or
  • Auditors.

We do not sell any of your personal information to any third party.  We will not share personal health information without your permission, except as allowed or required by law.  You are entitled to receive a record of the disclosures of your personal information that we have made within the two years before your request.  The request must be in writing.  If the state you live in requires us to provide you with an opportunity to opt out of the sharing of your personal information or to obtain your consent before doing so, such notice we will provided.

1.3    Safety and Security of Your Personal Information

We have physical, electronic and procedural safeguards in place to meet state and federal regulations to protect your personal information.  We also have procedures in place that limit access to personal information about you to those employees, representatives and service providers who need to know such information in order to assist in issuing, servicing and administering products and services on your behalf. 
 
We reserve the right to revise, amend, or modify this policy at any time.  If we make any material changes in our privacy policy, we will provide current customers a revised notice.

This statement is provided on behalf of LOMBARD INTERNATIONAL and our family of companies

  • Lombard International Life Assurance Company;
  • Lombard International Life Assurance Company of New York;
  • Lombard International Distribution Company;
  • Lombard International Agency;
  • Lombard International Administration Services Company, LLC;
  • LIAS Administration Fee Issuer LLC.

2.    PRIVACY SHIELD POLICY

2.1    Purpose/background of the Policy

This policy defines the principles and standards that are implemented by Lombard International to protect the EU data processed by any of the Group’s entities located in the US.

It applies to all staff and directors, including permanent and temporary employees working under the organisation’s contract of employment, employees on fixed term and specified purpose contracts, agency temporary staff, contractors, consultants, new starters, any person being granted temporary access and international assignees, where appropriate.

This policy equally applies to all users when they are required to travel on business outside the jurisdiction of the organisation or for those working in any of its branches or subsidiaries IRM of their geographical location.

2.2    Policy governance

The Enterprise Risk Group (US) has the final authority to approve the policy as per the delegation of the Board of Directors. They delegate to Information Security Office the responsibility to design, review and propose amendments to this policy.

This policy shall be reviewed annually.

The policy shall be communicated appropriately and effectively and made easily accessible to all relevant functions and departments.

3.    POLICY STATEMENTS

Lombard International Holdings US, Inc. and other entities in its family of companies, (together "Lombard International" “we,” “our,” and “us”), complies with the EU-U.S. Privacy Shield Framework. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data (as defined below) from European Union member countries.  Lombard International has certified that it adheres to the Privacy Shield Principles of Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement, and Liability.  If there is any conflict between the policies in this Lombard International Privacy Shield Policy (“Privacy Shield Policy”, “the Policy”) and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification page, please visit www.privacyshield.gov.

3.1    Definitions

  •  “Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”);
  • Data Subject” means an identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  •  “Sensitive Personal Data” means Personal Data regarding an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, physical or mental health, or sexual life.

3.2    Scope

This Privacy Shield Policy applies to Personal Data transferred from European Union member countries to Lombard International’s operations in the U.S. in reliance on the respective Privacy Shield framework and does not apply to Personal Data transferred under Standard Contractual Clauses or any approved derogation from the EU law.

The following table lists the types and purposes of Personal Data that are included in the scope of this Policy (the list is not exhaustive):

TYPE OF DATA PURPOSE OF DATA
Client Personal Data To provide support and additional services from our US entities
Employee Personal Data To facilitate the global governance of human resources, taking into account that this function is located in the US
Personal Data for EU applicants for recruitment To allow our global HR function to support the EU recruitment process
Personal Data of EU vendors and partners To align and consolidate the third party collaboration and communication services
Personal Data of EU residents interacting by web and e-mail To improve our service availability and to align and consolidate our communication services


All Personal Data will be processed in line with the requirements of the GDPR, for the purpose of collection and only by the US entities listed below. The processing of Personal Data by third parties can only be permitted with the written agreement of the European data controller, observing all legal requirements applicable at that time.

The scope includes Lombard International US Holdings, Inc. (“Lombard International”) and our family of companies:

  • Lombard International Life Assurance Company;
  • Lombard International Life Assurance Company of New York;
  • Lombard International Distribution Company;
  • Lombard International Agency;
  • Lombard International Administration Services Company, LLC;
  • LIAS Administration Fee Issuer LLC.


All employees of Lombard International that have access in the US to Personal Data covered by this Privacy Shield Policy are responsible for conducting themselves in accordance with this Privacy Shield Policy.  Moreover, Lombard International has implemented a group-wide governance framework defining the information security, confidentiality and privacy requirements applicable to all group entities.  Lombard International commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.

3.3    Purpose

The purpose of the Personal Data transferred to Lombard International’s operations in the U.S. is to provide services relating to client relationship management and employee relationship management. 

3.4    Notice

Lombard International notifies Data Subjects covered by this Privacy Shield Policy about its data practices regarding Personal Data received by Lombard International in the U.S. from European Union member countries in reliance on the respective Privacy Shield framework, including the types of Personal Data it collects about them, the purposes for which it collects and uses such Personal Data, the types of third parties to which it discloses such Personal Data and the purposes for which it does so, the rights of Data Subjects to access their Personal Data, the choices and means that Lombard International offers for limiting its use and disclosure of such Personal Data, how Lombard International’s obligations under the Privacy Shield are enforced, and how Data Subjects can contact us with any inquiries or complaints.  We do not transfer the Personal Data received from the EU entities to any other parties outside the Lombard International group.

3.5    Choice

If Personal Data covered by this Privacy Shield Policy is to be used for a new purpose that is materially different from that for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a non-group third party, Lombard International will provide Data Subjects with an opportunity to choose whether to have their Personal Data so used or disclosed. Requests to opt out of such uses or disclosures of Personal Data should be sent to: dataprotection@lombardinternational.com

If Sensitive Personal Data covered by this Privacy Shield Policy is to be used for a new purpose that is different from that for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a third party, Lombard International will obtain the Data Subject’s explicit consent prior to such use or disclosure.

3.6    Liability for Onward Transfer 

There is no onward transfer of Personal Data received from the EU entities to any other parties outside the Lombard International group. 

If we transfer Personal Data to our Lombard International group entities that are not covered by this policy, Lombard International will comply with the Privacy Shield Principles for all such onward transfers of Personal Data from the EU, including the onward transfer liability provisions.

3.7    Security

Lombard International maintains an information security management system that has received the ISO/IEC 27001:2013 certification. The information security management system covers all our locations worldwide and is centrally managed from Luxembourg, ensuring that the US entities have a similar security level as our EU entities. Lombard International has implemented measures to protect Personal Data in its possession to ensure a level of security appropriate to the risk of loss, misuse, unauthorized access, disclosure, alteration, and destruction.  These measures take into account the nature of the personal Data and the risks involved in its processing, as well as best practices in the industry for security and data protection.

3.8    Data Integrity and Purpose Limitation

Lombard International limits the collection of Personal Data covered by this Privacy Shield Policy to information that is relevant for the purposes of processing. We do not process such Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the Data Subject.

Lombard International takes reasonable and appropriate measures to comply with the requirement under the Privacy Shield to retain Personal Data in identifiable form only for as long as it serves the purpose of processing, unless a longer retention period is required by law, and it adheres to the Privacy Shield principles for as long as it retains such Personal Data. 

Lombard International may disclose some or all of the Personal Data, but only as allowed by law, in response to law enforcement agencies or governmental inquiries, subpoena, legal requirements, state or federal regulators or auditors. 

3.9    Access

Data Subjects whose Personal Data is covered by this Privacy Shield Policy have the right to access such Personal Data and to correct, amend, or delete such Personal Data if it is inaccurate or has been processed in violation of the Privacy Shield Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the Data Subject’s privacy, or where the rights of persons other than the Data Subject would be violated).  Requests for access, correction, amendment, or deletion should be sent to: dataprotection@lombardinternational.com

3.10    Recourse, Enforcement and Liability 

Lombard International’s participation in the EU-U.S. Privacy Shield Framework Privacy Shield Framework is subject to investigation and enforcement by the Federal Trade Commission.

In compliance with the Privacy Shield Principles, Lombard International commits to resolve complaints about your privacy and our collection or use of your Personal Data. Data Subjects with inquiries or complaints regarding this Privacy Shield Policy should first contact Lombard International at: dataprotection@lombardinternational.com.

As the Personal and Client Data that might be accessed by our US entities is provided mostly by our Luxembourg entity, Lombard International has further committed to refer unresolved Privacy Shield complaints to Luxembourg National Commission for Data Protection, an alternative dispute resolution provider located in the Luxembourg. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit CNPD – https://cnpd.public.lu for more information or to file a complaint.  The services of Luxembourg National Commission for Data Protection are provided at no cost to you.

Under certain conditions detailed in the Privacy Shield, Data Subjects may be able to invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission.

Lombard International agrees to periodically review and verify its compliance with the Privacy Shield Principles, and to remedy any issues arising out of failure to comply with the Privacy Shield Principles. Lombard International acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of Privacy Shield participants.

3.11    Changes to this Privacy Shield Policy

This Privacy Shield Policy may be amended from time to time consistent with the requirements of the Privacy Shield. Appropriate notice regarding such amendments will be given. 

3.12    Contact

For any questions concerning this Privacy Shield Policy you may send an email to the following email address: dataprotection@lombardinternational.com.

4.    EXCEPTIONS TO THIS POLICY

No exceptions have been identified and/or approved.