Skip to main content

Insurance Audit & Risk privacy policy

The University of Exeter (the “University”) is a data controller and is committed to protecting your personal data and working in accordance with all relevant data protection legislation. Your data is used for the Insurance, Audit & Risk Team requirements, to issue insurance cover and complete insurance claims, for emergency response, and to support business continuity. This Privacy Notice explains how the Insurance Audit & Risk Team processes and uses the personal data we collect about our staff and students.

The type of personal data and sensitive personal data the University may process about you includes:

  • Name and your student or staff number
  • Contact details including phone numbers, email and other electronic identifiers
  • Training records
  • Date of birth
  • Gender
  • Nationality and your ethnic origin when travel insurance is requested and documents are required for a travel visa to be issued by the country to which you are travelling
  • Medical information that has been provided to the University in the event of a travel claim, employers liability claim or public liability claim.

Your personal data is collected by the University to enable the Insurance Audit & Risk Team to arrange the appropriate insurance and liaise with yourself and insurers following an insurance claim, and to contact you in an emergency or business continuity situation. The University collects your personal data from the following sources:

  • The information contained on your travel insurance application form and on insurance claim forms
  • The Trent HR self-service system
  • The University’s mobile phone records
  • The University’s First Aider records
  • The information supplied by third parties at our request

Here are some of the ways we will use your personal data, this is not exhaustive, but is intended to provide you with an idea of the things for which we may use your data:

  • To arrange your insurance
  • Any insurance claim being completed
  • Emergency response when an incident has occurred
  • Business continuity purposes.

Sensitive Personal Data

Some of the personal data the Insurance Audit & Risk Team processes about you will be “sensitive personal data”. This category of personal data will be subject to additional protections. Sensitive personal data is defined as information about your physical or mental health or condition, sexual life, or commission of or proceedings for any offence committed or alleged to have been committed by you. This information may be processed for one of the reasons set out above.

Information concerning your physical or mental health may be disclosed within the University so that a proper level of care and facilities may be provided. It will only be sent to people who need to know this information to support you. Wellbeing Or Occupational Health Services will contact staff or students declaring a disability to confidentially discuss available help.

In processing your personal data and/or sensitive personal data, the University may have reason to share your personal data and/or sensitive personal data with our Insurers and text alert provider. Some of these circumstances are as follows:

  • Your data may be shared with the University Insurers and Insurance Brokers to enable them to arrange and provide insurance cover and consider insurance claims
  • Information for the text alert system will also be held by a third party but will only ever be used in accordance with the University’s instructions
  • Emergency Travel Company (iJet) to enable them to send travel alerts to you whilst you are included within the University travel insurance policy.
  • Travel insurance – three years following your return from the trip
  • Travel insurance claims – three years following the settlement of the claim
  • Employers liability claims – three years after the settlement of the claim
  • Public liability claims – three years after the settlement of the claim
  • Public Liability incidents – three years after the incident, unless the injured party is a minor in which case the data will be retained until the injured party is 21
  • Motor claims – three years after the settlement of the claim
  • Marine goods in transit insurance – one year from the inception date of the insurance
  • Terrorism insurance – three years after the final date of cover
  • General enquiries – three years after the date of enquiry
  • Business continuity – emails containing telephone numbers three years

You have a number of rights in relation to your personal data. Read information about what these rights are and how to exercise them.

The University will endeavour to be transparent about its processing of your personal data. However, should you have any queries about the University’s processing of your personal data, further information may be obtained from the Information Governance Officer by emailing

If you think that any of your personal data held by the University is incorrect, please let us know so that we can update our records accordingly. You have the right to complain to the Information Commissioner if you have any concerns in respect of the handling of your personal data by the University.