Privacy Policy

CNA Hardy Privacy Statement

The following explains how we CNA Hardy (Controllers) intend to use the information you provide in your application, along with your rights, our reasons for requesting it and who will have access to it.

As defined by the General Data Protection Regulation (GDPR) CNA Hardy, 20 Fenchurch Street, Floor 13, London is the Data Controller and ultimately responsible for ensuring the data you provide is kept secure, processed correctly and that you understand your legal rights in relation to the data you provide. As part of our Data Controller responsibilities we have an assigned Data Protection Officer (or equivalent). Christian Taylor can be contacted at

The recruitment software we use via this website is supplied by Net-Worx (2001) Ltd (trading as networx) and they are defined as a Data Processor under the GDPR. They will only process your data in accordance with our instructions.

networx can be contacted at: The Engine House, Wharfebank Business Centre, Ilkley Rd, Otley LS21 3JP.

The Data Protection Officer for networx is Rob Baker and can be contacted at

What information do we collect from you?

We collect information that is specifically provided by you as part of an application process. We will collect the following (but not limited to):

  • Name, address, email, telephone number
  • CV (if applicable)
  • Equal opportunities monitoring information (defined as special categories data) - this information is purely for statistical analysis and monitoring purposes
  • Answers to application questions
  • Any other information you wish to provide in support of your application

By agreeing to this privacy statement, you are allowing us to form a contract that will mean we can use your details and information presented so that we can assess your suitability for employment with us and carry out our statistical analysis.

Why do we collect this information and who do we share it with?

Details you provide in this application:

  • Will be held on our computer systems and may be downloaded by us
  • Will be used to deal with your application
  • Will be made available to us and our processors
  • Will be used for communication with you regarding the vacancy
  • Will be used to satisfy legal requirements
  • Will be used for statistical analysis
  • Will be held and may be used to contact you about other vacancies

We will store your application data for 6 months after the vacancy has closed. After this period, it will be fully anonymised.

This website is made available by CNA Hardy for use by all persons who wish to visit it including but not limited to candidates interested in job roles and recruiters acting on job candidates behalf. CNA Hardy is a trading name of CNA Insurance Company Limited and/or Hardy Underwriting Group PLC (which includes Hardy (Underwriting Agencies) Limited and Hardy Underwriting Asia PTE).


In this Website Privacy Statement, the terms “we”, “us” and “our” mean the CNA Hardy company/ies in your country and (where relevant) their branch offices which are physically located in your country. The terms “you” and “your” mean any visitors and users of this website or individuals who otherwise interact with us in connection with our business.


See\privacy   for our legal entity and branch office names and registered contact details. 

Introduction to this Website Privacy Statement

We are committed to good information handling principles and to protecting your Personal Information including but not limited to when it is processed on electronic instruments and devices. A large number of individuals interact with our business and visit our website. This Website Privacy Statement is directed at all individuals who visit this recruitment website, including representatives of candidates, representatives of our current or potential business partners, individuals working for suppliers of goods or services to us, potential job candidates, and others (including their directors, officers, owners and shareholders, as relevant). This Website Privacy Statement describes our current policies and practices with regard to Personal Information collected by us through the website and otherwise in connection with our business and services (whether this is collected directly from you or third parties). Personal Information may be collected from you directly when

The meaning of Personal Information


“Personal Information” has the same meaning as personal data.  Personal data is defined in data privacy laws applicable in your country.  It includes any information relating to an identified or identifiable natural person (or in some jurisdictions, information related to a legal entity).  This means any individual or legal entity who can be identified directly or indirectly by reference to an identifier such as name, identification number, location data, online identifiers (for example, IP addresses – if they can be used to identify you) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 


Put simply, this includes data which either by itself or with other data held by us or available to us, can be used to identify you directly or indirectly. 


Personal Information also includes special categories of personal data.  This is data about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation or certain personality profiles (as relevant). It also includes details of any criminal convictions or offences.


IP addresses: For information about how and why these are processed, what they are used for and to whom they are disclosed, please refer to our Cookie Policy


Important notice about international transfers including to the United States


Due to the global nature of our business, your Personal Information will be transferred to third parties located in other countries, including outside the European Economic Area.  “Third parties” in this context may include any of the persons mentioned in “Disclosure of your Personal Information to third parties” below.  These other countries will either have different data protection laws than your country of residence or they will not have data protection laws.  They may not be deemed by the European Commission as providing adequate protection for Personal Information. 


In particular, we transfer Personal Information to our group companies who are located in the United States.  A list of all group companies is available online at the following address:\privacy .  The United States is not deemed by the European Commission to have adequate protections for Personal Information. It is possible that U.S. defence and security authorities, among others, may gain access to the Personal Information in line with local laws.


Steps will be taken to put in place safeguards (including around security) to protect your Personal Information when it is in these other countries.  This includes use of European Model Clause contracts, including addendums in accordance with the requirements under applicable local laws. You can find out what EU Model Clauses are online at the following address:  If you have any questions please contact us (details below).   Please note commercially sensitive information may be removed/blanked out from copies supplied to you.

The categories of Personal Information we may collect

Personal Information collected from you or relevant third party sources may include the following, where you have provided such to us, however we will not ask you to provide any special category data such as health or medical conditions as a requirement of applying for any role at CNA Hardy:

  • your full name, postal address, e-mail address, employer/business and professional information, job titles, telephone and fax numbers, IP addresses and other device related identifiers;
  • payment card and  bank account details including sort code and account number if we need to make a payment to you;
  • to the extent allowed by the law, criminal conviction or offence details including any actual or suspected fraud, money laundering or other crime which you may have committed; and
  • any other Personal Information which you voluntarily provide to us from time to time.

We sometimes supplement the information that you provide with information that is received from third parties. For instance, if inaccurate post codes are received, we will use third party software to fix them.

Personal Information about other persons

Where you wish to provide us with Personal Information about another person, including  the persons you act on behalf of, you must ensure that you have their prior permission to do this. You must also share with them a copy of this Website Privacy Statement as well as any other relevant privacy statements before you ask them for this permission.  If for any reason you give us this Personal Information without first seeking authorisation from the other individuals to whom it relates, it is essential that you seek their permission as soon as you possibly can and if they do not give their permission you must tell us immediately.

The purposes for which we use and process Personal Information

We ask for and process only for data that is adequate, relevant and not excessive for those purposes. When we ask you for Personal Information, we endeavour to tell you the purposes for which we will process that data where appropriate.

CNA Hardy may use and otherwise process Personal Information for some or all of the following purposes:

  1. processing job applications;
  2. to process your request for information or to exercise any of your rights under privacy laws;
  3. to diagnose any problems with our server and administer our website;
  4. for market research and analysis and developing statistics;
  5. for compliance with legal and regulatory requirements and good governance obligations including processing which is necessary for compliance with our legal obligations laid down by European Union law (where relevant) and (where permitted and justified) by national laws in all of our countries; 
  6. for establishment and defence of legal rights and in connection with claims; and
  7. subject to local applicable laws, for monitoring and recording of telephone calls and email communications where necessary for compliance with regulatory rules or self-regulatory practices or procedures relevant to our business, to prevent or detect crime, and security purposes, and, with your consent where that is required under local applicable laws, for quality and training purposes, market research and analysis and developing statistics. In some cases, alternatives to consent may apply to justify this (if and to the extent this activity occurs in your country). You will be notified of any call recording in advance of such a call or in additional notices where that is required.  


The legal basis for our use and other processing of your Personal Information under applicable data privacy laws


We have described above the purposes for which we may use and otherwise process your Personal Information in connection with the website or for our business purposes. We are required by law to indicate to you the legal basis for this use and other processing.  This will include (as relevant):


  1. in order that we may perform our obligations under any contract with you;
  2. processing for legitimate interests provided these are not overridden by your interests and fundamental rights and freedoms (this includes our own legitimate interests and those of other entities and branches in our group of companies in particular this is relevant when we use and process your Personal Information in order to respond to your enquiries and to address our good governance obligations;
  3. processing which is necessary for compliance with our legal obligations laid down by European Union law (where relevant) and (where permitted and justified) by national laws in all of our countries;  and
  4. processing as necessary for the establishment, exercise or defence of legal claims or rights.


Your consent may also be a lawful reason for processing your Personal Information in certain cases.  This means your freely given, specific, informed and unambiguous consent.  For instance, where we seek your consent in order to send you direct marketing communications (see below) or where special categories of personal data are processed.  You should be aware that you are entitled under applicable data privacy law to withdraw your consent, where that has been given, at any time.  You should be aware that if you do this and if there is no alternative lawful reason for us to rely on to justify the relevant use or other processing on your Personal Information, this may affect our ability to complete the delivery of our service to you through this website or to answer your queries raised through this website.


In summary, we need certain categories of Personal Information because that is necessary in order to administer any contract with you (where relevant).  Certain other Personal Information is processed for our legitimate interests in cases where this does not result in prejudice to you.  Certain other Personal Information is processed based on a consent.     

Data anonymisation and use of aggregated information

We may convert your Personal Information into statistical or aggregated data in such a way as to ensure that you are not identified or identifiable from that data.  We may use this aggregated data to conduct market research and analysis, including to produce statistical research and reports.  We may share aggregated data in several ways, including for the same reasons as we might share Personal Information (see “Disclosure of your Personal Information to third parties” below).

In particular, CNA Hardy uses technology to collect anonymous information about the use of this website. For example:

  1. we use technology to track which pages of our website visitors view. We also use technology to determine which web browsers our visitors use. This technology does not identify you personally, it simply enables us to compile statistics about our visitors and their use of our website.
  2. certain pages of this website may contain hyperlinks to other pages of it. CNA Hardy may use technology to track how often these links are used and which pages on our website our visitors choose to view. Again this technology does not identify you personally — it simply enables us to compile statistics about the use of these hyperlinks.

We use this anonymous data to improve the content and functionality of this website and consider areas and subjects which are attracting interest so that we can focus our e-mail updates (for those that wish to receive such communications). This allows us to better understand our website visitors’ interest areas generally and therefore to improve our website and the insurance related products and services we offer.

In addition, please refer to the Cookies Policy on our website:

Disclosure of your Personal Information to third parties

CNA Hardy may disclose your Personal Information to third parties, including but not limited to as follows:

  1. within our group of companies and (if you are located in a jurisdiction where we have branch operations), to our local branch operations for the purposes of use described in this Website Privacy Statement;
  2. to our business partners in order to deliver our products and services;
  3. to third parties who are supply services to us and who help us and our group of companies to operate our business. For example, sometimes a third party may have access to your Personal Information in order to support our information technology or to handle mailings on our behalf;
  4. to our legal and other professional advisers;
  5. as necessary in order to comply with a legal requirement (including, where appropriate and permitted by national law of the Data Subject, any imposed on our group companies in the United States), for the administration of justice, to protect vital interests, to protect the security or integrity of our databases or this website, to take precautions against legal liability;
  6. to regulatory authorities, courts and governmental agencies to comply with legal orders, legal or regulatory requirements and government requests; and
  7. in the context of a sale of all or part of our group of companies or transfer of business assets

Monitoring of calls and other communications


To help improve our service and in the interests of security, upon your consent where that is required, we may monitor and record phone calls.  You will be notified of any call recording at the outset of such a call where that is required.  For more information see “The purposes for which we use and process Personal Information” above.

Retention period or criteria used to determine the retention period

We keep your Personal Information for as long as it is necessary to do so to fulfil the purposes for which it was collected as described above. 

The criteria we use to determine data retention periods for Personal Information includes the following: (i) Retention in case of queries.  We will retain it for a reasonable period after the relationship between us has ceased (up to 6 months) in case of queries from you; (ii) Retention in case of claims.  We will retain it for the period in which you might legally bring claims against us if and to the extent we have entered into any contract with you (in the UK this means we will retain it for 6 years.  This period will vary depending on your local country; (iii) Retention in accordance with legal and regulatory requirements. 


If you would like further information about our data retention practices please contact us (see “Contact Us” below).


Your rights under data privacy laws

You have various rights under data privacy laws in your country.  These may include (as relevant):  

  1. The right to obtain confirmation as to whether or not your Personal Information is processed and, where that is the case, the right to request access the Personal Information we hold about you and obtain a copy of it in a structured, commonly used and machine-readable format and transmit such data to another controller, in the cases provided for by applicable law. Unless required otherwise by the applicable law, we may refuse access if it would interfere with the privacy rights of other persons or adversely affect their rights and freedoms.
  2. You have also the right to be informed: i. of the source of your personal data; ii. of the purposes and methods of the processing; iii. of the logic applied to the processing, if the latter is carried by electronic means; iv. of the data identity of the data controller and of the data processor/s, if appointed, and the local privacy representative, if any; v. of the entities or categories of entities to whom or which your personal data may be communicated.
  3. You have the right to rectification including to require us to correct inaccurate Personal Information; the right to request restriction of processing concerning you or to object to processing of your Personal Information; the right to request the erasure anonymization or blocking of your Personal Information if processed unlawfully or where it is no longer necessary for us to retain it; the right to be told about any changes of your Personal Information that have been notified to the entities to whom or which the Personal Information was communicated or disseminated, unless this requirement is impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
  4. You have the right to data portability including to obtain Personal Information in a commonly used machine readable format in certain circumstances such as where our processing of it is based on a consent. 
  5. You have the right to object, in whole or in part, on legitimate grounds, to the processing of your Personal Information; the right to object to the processing of your Personal Information, where it is made for the purpose of sending advertising materials or direct marketing or selling or for the performance of market or commercial communication surveys.
  6. You have the right to object to automated decision making including profiling (if any) that has a legal or significant effect on you as an individual; and the right to withdraw your consent to any processing for which you have previously given that consent. 

Please see “Contact Us” if you wish to exercise any of these rights (as relevant).

Links to Other Websites

This website may contain hyperlinks to websites that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of these third-party websites or any association with their operators. We do not control these websites and are not responsible for their data or privacy practices. We urge you to review any privacy policy and cookie policy posted on any site you visit before using the site or providing any Personal Information.

Updated and changes to this Website Privacy Statement

We are continually improving our methods of communication and adding new functionality and features to this website and to our existing services. Because of these ongoing changes, changes in the law and the changing nature of technology, our data practices, and this Website Data Privacy Statement will change from time to time. We encourage you to check this page frequently.

Please click this link to access the previous version of this Website Privacy Statement.

Contact Details

If you wish to exercise your data privacy related rights against us in the UK, please e-mail:  Alternatively, write to Data Protection Officer, General Counsel Department, 13th Floor, 20 Fenchurch Street, London, EC3M 3BY.  For our office locations and contact details outside the UK please go to:\privacy


We welcome comments about this Privacy Statement. Please use the same contact details as above for this purpose.


If the CNA Hardy company processing your personal information is located in France, please note the following.  To exercise your rights you must e-mail:


Your right to lodge complaints with the data privacy supervisory authority in your country


Without prejudice to any other administrative or judicial remedy you might have, you have the right to lodge a complaint with the relevant data protection supervisory authority in your country if you consider that we have infringed applicable data privacy laws when processing your Personal Information.  This means the country where you are habitually resident, where you work or where the alleged infringement took place.  Here are the names of the supervisory authorities and how you can locate their contact details for this purpose:




If the CNA Hardy company processing your personal information is located in Italy, please note the following.


Your Personal Information will be processed by the Country Manager who is duly instructed and in charge of the relevant processing at CNA Hardy in Italy.


Last updated: 16.06.2017

How can I access the information you hold about me? Your rights

We are dedicated to providing reasonable access to visitors who wish to review the personal information retained when they apply via our website site and correct any inaccuracies it may contain. If you choose to register, you may access your profile, correct and update your details, or withdraw your details at any time. To do this, you can access your personal profile by using the secure login. In all cases we will treat requests to access information or change information in accordance with applicable legal requirements.

You have the following rights in relation to the way in which we deal with your personal data:

  • the right of erasure or to be forgotten
  • the right to rectification if information is inaccurate or out of date
  • the right of data portability (to obtain and reuse your personal data)
  • the right to object to networx and the controller and processors handling of your personal data
  • the right to withdraw your consent with regards to the handling of your personal data
  • you have the right to ask for a copy of the information we hold about you (Subject Access Request - S.A.R)
  • You have the right to lodge a complaint with a supervisory authority - the ICO

Within your candidate account, you can also use the Download Data feature to generate an XML file of the current data we hold on you that you have provided and/or have access to within the account.

Where you exercise your right to object or withdraw your consent we may process your personal data without your knowledge or consent where we are permitted or required by law or regulatory requirements to do so. In such a case, we will not process more personal data than is required under the circumstances.

If you are not satisfied by our actions, you can seek recourse through our internal complaints procedure. If you remain dissatisfied, you have the right to refer the matter to the Information Commissioner ( or seek recourse through the courts.