Privacy Policy

Who We Are


This Privacy Policy explains how Trust Compass Insurance S.A.L. (“Trust Compass,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you visit www.trust-compass.com (the “Site”) or contact us about our insurance products and services.

  • Data controller: Trust Compass Insurance S.A.L.
  • Registered office: [Insert full registered address]
  • Group affiliation: Member of Nest Investments (Holdings)
  • Contact: [privacy@trust-compass.com] | [Insert telephone] | [Insert postal address]
  • Data Protection Contact/DPO (if appointed): [Insert name/contact]

This Policy applies to visitors, prospective customers, policyholders, beneficiaries, claimants, intermediaries (e.g., brokers), and others whose data we process via the Site or related channels.


Scope


We process personal information when you:

  • Browse or use the Site and its forms.
  • Request quotes, information, or support about products (e.g., General Insurance, Engineering Insurance).
  • Purchase, manage, or renew a policy.
  • Submit or manage a claim.
  • Communicate with us by email, phone, or offline.


Personal Information We Collect


We collect information from you, automatically from your device, and from third parties.

  • Information you provide:
  • Identification and contact: name, date/place of birth, nationality, address, email, phone, ID/passport numbers.
  • Policy/quote: product interests, risk details, underwriting information, coverage selections, beneficiaries, employer details (if group).
  • Claims: forms, incident descriptions, evidence (photos, invoices, repair quotes), police/accident reports, witness statements.
  • Financial: premium amounts, payment method, billing details.
  • Correspondence and preferences: inquiries, feedback, marketing preferences, consent records.
  • Special categories and sensitive data (only as permitted by law):
  • Health data for underwriting/claims.
  • Criminal offence data (e.g., fraud prevention, investigations).
  • Government identifiers for verification/compliance.
  • Information collected automatically:
  • Device/usage: IP address, browser type, device identifiers, pages visited, timestamps, referring URLs, feature interactions.
  • Cookies and similar technologies for essential functionality, security, preferences, and analytics. See “Cookies and Similar Technologies.”
  • [If applicable] Office visits: CCTV footage and visitor logs for security and safety.
  • Information from third parties:
  • Brokers/agents, business partners, reinsurers.
  • Medical providers/assessors, loss adjusters, repair networks.
  • Payment processors and financial institutions.
  • Regulators/authorities and law enforcement (as lawful).
  • Public sources/databases for KYC, sanctions, fraud prevention, and risk assessment.


Why We Use Personal Information (Legal Bases)


  • Insurance lifecycle and service delivery:
  • Quotes, underwriting, policy administration, premium collection, claims.
  • Legal bases: contract performance or pre‑contract steps; legitimate interests; legal obligations.
  • Compliance, fraud prevention, and risk management:
  • KYC/AML, sanctions screening, detecting/preventing fraud, regulatory requests, audits, disputes.
  • Legal bases: legal obligations; legitimate interests; legal claims.
  • Communications and customer support:
  • Responding to inquiries, policy/claims communications, service notices.
  • Legal bases: contract performance; legitimate interests.
  • Improving Site and services:
  • Analytics, quality improvements, security monitoring, performance optimization.
  • Legal bases: legitimate interests; consent where required (e.g., non‑essential cookies).
  • Marketing (where permitted):
  • Product news, offers, events; manage opt‑ins/opt‑outs.
  • Legal bases: consent (where required) or legitimate interests with right to opt out.
  • Processing special categories (e.g., health data):
  • Underwriting/claims, fraud prevention, regulatory compliance.
  • Legal bases: explicit consent where required; necessity for insurance purposes; legal claims; substantial public interest where applicable.
  • Automated decision-making/profiling [if applicable]:
  • Risk assessment or fraud detection using automated tools.
  • Your rights: request human review, express your view, and contest decisions, where required by law.


Cookies and Similar Technologies


  • Types:
  • Strictly necessary: core Site functions and security.
  • Preferences: language, region.
  • Analytics: usage insights to improve performance.
  • Marketing: campaign effectiveness (used only if applicable and permitted).
  • Your choices:
  • Manage cookies via your browser and our cookie banner/preferences center.
  • Non‑essential cookies are optional; disabling them may limit certain features.
  • See our Cookie Policy for details on each cookie and retention periods.


How We Share Personal Information


We share data only as needed with safeguards:

  • Group companies: Nest Investments (Holdings) affiliates for centralized functions/support.
  • Reinsurers and insurance market participants: for underwriting, risk placement, claims.
  • Claims ecosystem: adjusters, assessors, medical providers, repairers, assistance providers.
  • Intermediaries: brokers and agents involved in your policy. In many cases, brokers act as independent controllers—see their privacy notices.
  • Service providers: IT hosting, analytics, communications, document management, payment processing, professional advisors (legal, audit).
  • Regulators and authorities: as required by law or to protect rights, safety, and security.
  • Business transfers: in a merger, restructuring, or asset sale under confidentiality.
  • We do not sell personal information.


International Data Transfers


Your data may be processed in other countries. We implement appropriate safeguards per applicable law (e.g., contractual protections, due diligence, security measures). For EEA/UK data subjects, we rely on recognized transfer mechanisms such as Standard Contractual Clauses and/or the UK IDTA. You can request information about relevant safeguards.


Retention


We retain personal information only as long as necessary for:

  • Policy administration and claims handling.
  • Legal limitation periods and mandatory retention under insurance, tax, and commercial laws.
  • Security, fraud prevention, and audits.

When no longer needed, we delete, anonymize, or securely archive per law. A high-level schedule:

  • Policy and claim files: policy/claim lifecycle + statutory limitation period.
  • KYC/AML records: per legal minimums.
  • Web logs/analytics: typically 12–24 months (aggregated thereafter).


Your Privacy Rights


Depending on your jurisdiction, you may have the right to:

  • Access your data and receive a copy.
  • Correct inaccurate or incomplete data.
  • Delete data, subject to legal allowances.
  • Object to or restrict processing (including direct marketing).
  • Withdraw consent where processing relies on consent.
  • Request portability of data you provided.
  • Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects, unless permitted by law and with safeguards.

To exercise rights, contact [privacy@trust-compass.com]. We will verify your identity and respond within applicable timelines. You may also lodge a complaint with the competent supervisory authority in your jurisdiction: [Insert authority name/contact].


Security


We use appropriate technical and organizational measures, including access controls, encryption in transit and at rest (where applicable), network security, staff training, and incident response. While no method is 100% secure, we assess and improve controls regularly and will notify authorities/individuals of significant breaches as required by law.


Children’s Privacy


Our Site and services are not directed to children. We may process information about minors only where necessary for insurance products (e.g., beneficiaries) and with authorization from a parent or legal guardian, as required by law.


Third‑Party Links


Our Site may link to third‑party websites or services. Their privacy practices are their own. Please review their privacy notices.


Changes to This Policy


We may update this Policy from time to time. The “Last updated” date indicates the most recent changes. Material changes will be highlighted on this page or communicated appropriately.


Contact Us


Trust Compass Insurance S.A.L.
Address: [Insert full address]
Email: [privacy@trust-compass.com]
Phone: [Insert phone number]
Data Protection Contact/DPO (if appointed): [Insert contact details]

Legal note: This document is a general template and not legal advice. Please have qualified counsel adapt it to your actual data flows, Lebanon Law No. 81/2018, and any cross‑border/sector‑specific obligations.