Terms and Conditions

 

Preamble

 

Access to imarket and insurer services is availabe through either a) an integrating application which allows direct access to specific services offered by the insurer bodies, or b) via autheticated internet access using a compatible web browser.

 

Introduction

 

Please read the following document carefully as it sets out the terms that apply to your use of imarket. It contains information that you require in order to use imarket correctly and sets out our and your responsibilities in connection with imarket.

 

1.         Definitions and Interpretations

 

All references in this document to "these terms" are references to these Terms and Conditions of Use.  In these terms:

 

1.1                 "we", "us" and "our" and "Polaris" refer to Polaris (UK) Limited (registered number 2911441) which is the operator of imarket and whose registered office and contact address is at 100 Fenchurch Street, London EC3M 5JD;

 

1.2                 "you" and "your" refer to each intermediary company or firm that is licenced by us to use imarket;

 

1.3                 "your designated system administrator" refers to the person(s) you have authorised to manage user system access within your system environment, and who may have access to powerful administration functions and operating system utilities;

 

1.4                 "your designated system administrator" refers to the person designated as such when you register with us to use imarket; and who manages user access privileges to imarket

 

1.5                 imarket means the portal which has been set up by us to enable you to access extranet sites, websites or other systems of certain insurance companies, Lloyd's syndicates and other companies providing insurance related services ("insurer bodies") and to facilitate the exchange of information between you and these insurer bodies.

 

1.6                 "imarket systems environment" means all computer systems, networks and databases controlled (including under agreements with service providers) by Polaris including but not restricted to hardware, data and software;

 

1.7                 "insurer body/bodies" has the meaning given in the definition of imarket;

 

1.8                 "insurer systems environment" means all computer systems, networks and databases controlled (including under agreements with service providers) by the insurer bodies including but not restricted to hardware, data and software;

 

1.9                 "integrating application" means an application provided by a third party software provider which is currently approved for use with imarket by Polaris;

 

1.10              "password" means the information required by a user which must be entered in conjunction with the user-id to successfully authenticate to imarket or integrating application;

 

1.11              "PCI" means "Polaris control information" and relates to unique security information used to identify and secure the transfer of information between your integrating application and imarket;

 

1.12              "relevant insurer sites" has the meaning given in Clause 7;

 

1.13              "software provider" means the supplier of an integrating application;

 

1.14              "user" means any individual authorised by you who has been given access to and use of imarket under any password allocated to you by us or allocated to any individual or person by your designated imarket administrator (as such passwords may be amended or changed by you or such other individual or person from time to time);

 

1.15              "user-id" means the unique code provided to a user and which will be used in conjunction with their password to authenticate to imarket or an approved integrating application;

 

1.16              "virus" means any program or piece of code which may either have any adverse effect on and/or cause or carry out any unwanted action on the imarket or insurer systems environment and which shall include but is not limited to any virus, worm, trojan horse, dropper or malicious code, as such terms are generally understood within the computer industry;

 

1.17              "your system environment" means all computer systems, networks and databases controlled (including under agreements with service providers) by you including but not restricted to hardware, data and software;

 

1.18              unless the context otherwise requires, words in the singular include the plural and vice versa, references to any gender shall include the other genders;

 

1.19              headings are for ease of reference only and are not intended to form part, or to affect the meaning or interpretation, of any of the provisions of these terms; and

 

1.20              these terms shall, upon your acceptance of them, apply to any use of imarket made by you and/or any user. You will be responsible for any and all use made of imarket by any user.

 

2.         Purpose and Registration

 

2.1               If you wish to use imarket you must register with us in order to be granted a licence to use imarket. Your registration is subject to your agreement to our which is available on imarket. Notwithstanding your completion of the registration process your right to deal with any insurer body via imarket will remain subject to the approval of that insurer body:

 

2.1.1          following your registration we shall notify you of (i) the services which you are licensed to use via imarket for the purpose of your business in accordance with these terms; and (ii) the password and user-id that will enable your designated imarket administrator to initially access these services and allocate further passwords to those individuals whom you authorise to use imarket on your behalf.

 

2.2               You warrant and represent that:

 

2.2.1          your registration is duly authorised by your company;

 

2.2.2          any registration details or other information provided to us is complete and accurate at the date provided; and

 

2.2.3          you will promptly update us of any changes to information provided to us to ensure that it remains complete and accurate.

 

2.3               You are responsible for administering user access to imarket and managing security in accordance with these terms in relation to:

 

2.3.1          your system environment; and

 

2.3.2          any integrating applications.

 

2.4               Where you are accessing imarket from an integrating application part of the registration process involves the issue and application of unique security credentials (PCI). These will uniquely identify your installation and be used to secure messages from your system environment to imarket.

 

2.5               You will be required to register your integrating application with Polaris and to reregister any such integrating application where it is necessary to do so in order to maintain security, including where:

 

2.5.1          you are aware or suspect that your secure access to imarket has been compromised in any way (including tampering with PCI); and/or

 

2.5.2          you have replaced or rebuilt equipment (for example your application server) on which PCI is located.

 

3.         User Conduct

 

3.1               You must use, and ensure that all users use, imarket for its intended purpose only and must not use, or allow others to use, imarket for any improper or unlawful purposes, including but not limited to the following:

 

3.1.1    the sending of messages which in our sole discretion are either grossly offensive, indecent, obscene, menacing, defamatory or infringe or are likely to infringe any third party intellectual property rights (including, but not limited to, trade marks, copyright or rights relating to domain names) or which breach generally accepted rules of netiquette and/or

 

3.1.2    the sending of any message or virus through imarket which causes or is likely to cause harm, in any degree, to imarket or other users or any other party's communication systems (for the avoidance of doubt you shall be liable for any harm caused by a virus introduced to imarket as a result of any message or document submitted by you, provided always that you will not be responsible for any harm caused by a virus which is already on imarket or which originates from another user or any other party's communication systems).

 

3.2               You are responsible for everything that you or any user transmit to or via imarket and at all times it remains your responsibility to comply with, and to ensure that all users also comply with, these terms. We are not responsible for monitoring material transmitted by you via imarket but we will be entitled at our discretion to remove anything which is transmitted via imarket which, in our opinion, is objectionable or does not comply with these terms and we shall not be liable to you or any third party in respect of our removal of any such material.

 

3.3               If you are using an integrating application you are responsible for ensuring that neither you nor any user attempt to copy, alter, access or tamper with the PCI in any way.

 

3.4               You shall ensure that you and your users use the integrating application in accordance with the instructions issued by the software provider as regards the appropriate and secure use of that application.

 

3.5               You shall not create, modify, delete (or attempt to do any such acts), any transactions or data relating to, associated with or for submission to imarket using any means other than those provided by imarket or via an integrating application.

 

3.6               You shall ensure that when requesting or creating each user access to imarket you have:

  • no reason to believe or suspect either (i) that the individual will not, may not or cannot comply with these terms or (ii) that the individual is not reliable, trustworthy and honest; and
  • taken all reasonable steps to establish that the individual has a sufficient level of skill, competency and knowledge in relation to imarket to access and use it properly and in accordance with these terms, and is otherwise suitable and appropriate to have such access and use.

If you become aware that any user is not abiding by any of these terms you shall remove their access to imarket immediately.

 

4.          Terms of Business

 

4.1               You agree and acknowledge that there are separate agreements in place (known as Terms of Business Agreements) to govern the commercial arrangements between you and Insurer bodies.  The effect of such agreements is unaffected by these conditions.

 

5.          Availability and Access

 

5.1               Whilst we have taken care in the preparation of imarket, as certain technical matters may be beyond our control, we cannot guarantee that you will have uninterrupted or error free access to all or any part of imarket or any services which are available on or via imarket at all times or that any defects will be remedied or that imarket or the server that makes imarket available are virus or bug free.

 

5.2               It is a condition of these terms that you shall only access or attempt to access imarket using equipment owned, leased, licensed, managed and secured by you. You shall not access or attempt to access or use imarket through any other means or medium, for any other purpose or using any other equipment.

 

5.3               We reserve the right to:

 

5.3.1          discontinue imarket without notice to you and without liability to you or any third party;

 

5.3.2          suspend your or any user's access to imarket and/or terminate your access to imarket and these terms without notice where (a) in our sole opinion you are in breach of imarket these terms; or (b) in our sole opinion your use of imarket circumvents the spirit and intention underlying these terms or fails to comply with the commonly accepted principles of behaviour for use of an internet site; or (c) you cease or threaten to cease to carry on business; or (d) you become insolvent, are adjudicated bankrupt or compound with or make any arrangement with or make a general assignment for the benefit of your creditors; or (e) you compulsorily or voluntarily enter into liquidation, except for the purposes of a bona fide reconstruction or amalgamation or with the prior written approval of the other parties; or (f) you have a receiver or manager appointed over a whole or a substantial part of your undertakings or assets; and

 

5.3.3          suspend your or any user access to imarket and/or terminate your access to imarket and these terms at any time by giving you at least 30 days notice.

 

6.         Amendments

 

6.1               We reserve the right to amend these terms from time to time without notice.  Any such amendment shall be effective once the revised terms have been posted on imarket.  As these terms may be updated from time to time, we suggest that you check them whenever you visit imarket.  If you do not agree with the amended terms you must discontinue using imarket.

 

6.2               We reserve the right to amend any of the content of imarket from time to time without notice to you.

 

7.          Links

 

imarket will provide you with direct access to extranet sites, websites or other services controlled by an insurer Body ("relevant insurer sites").  When you access a relevant insurer site, you are accessing a web site, extranet site or other services which is not under our control and we do not endorse or take responsibility for the content or any facilities or services made available on, or any information derived from, any such relevant insurer site and shall not be liable for any loss or damage that you may suffer as a result of or in connection with your access to any relevant insurer site or your use of any content, facilities or services made available on, or any information derived from, any relevant insurer site.  In addition, your use of a relevant insurer site shall be subject to the terms which relate to that relevant insurer site and, for your convenience, these may be accessed directly via the relevant link on imarket's Services Index.

 

8.          Trademarks

 

All brand, product and service names used on imarket are trademarks, trade names or service marks of Polaris unless otherwise stated. You may not distribute products or offer services under or by reference to or otherwise use or reproduce any such trade marks, trade names or service marks without the prior written permission of Polaris or the owner of such trade marks, trade names or service marks.

 

9.          Ownership of Content

 

Polaris is unless stated otherwise the owner of all copyright and database rights in imarket and its contents. You may not publish, distribute, extract, re-utilise or reproduce any part of imarket in any material form (including photocopying or storing it any medium by electronic means) other than in accordance with the limited use licence set out in our or as permitted by the Copyright Designs and Patents Act 1988 or the Copyright and Rights in Databases Regulations 1997 as applicable or any equivalent legislation as may apply in the UK.

 

10.        Disclaimer

 

10.1            Whilst we have taken care in the preparation of the contents of imarket, imarket and its contents are provided on an "as is" basis and to the fullest extent permitted by law all warranties (whether express or implied) in respect of imarket and its contents and your use of the same are excluded.  Except in the case of death or personal injury caused by our negligence we exclude liability (whether in contract or tort (including negligence or breach of statutory duty) or otherwise) for any losses sustained and arising out of or in connection with the use of imarket including without limitation, loss of profits, loss of revenue, loss of business, loss of business opportunity, loss of anticipated savings, loss of data or loss of goodwill (in all of these cases whether direct or indirect) and any indirect, economic, consequential or special loss.

 

10.2            We do not make any representation in represent of the information contained on or made available via imarket is accurate, comprehensive, verified or complete, and we shall accept no liability for the accuracy or completeness of the information contained on or made available via imarket or for any reliance placed by any person on the information.

 

10.3            We act solely as an electronic conduit, enabling you to communicate with and obtain information from insurer bodies and we have no authority to enter into contracts on your behalf or on the behalf of any insurer body. Accordingly we accept no responsibility for the fulfilment of any contract concluded or purported to be included via imarket or concluded as a result of information transmitted via imarket, and accept no responsibility for the failure of any user or other person to perform the terms of such contract.

 

11.       Security - Technical & Environmental

 

11.1      System Access Controls

 

Whilst your Software Provider will implement appropriate security controls within the integrating application, you are responsible for implementing the controls in these terms within your system environment prior to your use of the imarket. Your software provider may issue specific requirements in relation to the secure build, configuration and operation of their integrating application and your system environment. You agree to implement these requirements prior to making any further use of imarket.

 

11.1.1      You agree to implement physical and procedural controls over the physical security of your system environment and premises to guard against accidental or deliberate compromise, misuse or unauthorised access of or to systems or data. This will include but not be restricted to:

 

11.1.1.1     access control to premises;

 

11.1.1.2    provision of alarm systems;

 

11.1.1.3    protection of and restricted access to computer and communications equipment; and

 

11.1.1.4     secure information handling, storage and destruction.

 

11.1.2      If your designated imarket administrator and/or your designated system administrator has access to high level systems administration passwords, you shall ensure that such passwords are changed at least every 90 days and are not disabled.

 

11.1.3      You shall ensure that any manufacturer/supplier default or system generated passwords will be changed prior to an application or device being introduced to a live environment.

 

11.1.4      You shall ensure that access to an integrating application and your system environment is only granted when a valid user-id and password or token and pin code are provided by the user.

 

11.1.5      You shall issue a unique user-id and password to each user for the purpose of accessing your system environment and using imarket (either via the Internet or by accessing an approved integrating application) in accordance with these terms. You shall ensure that user-id and passwords are securely communicated to users.

 

11.1.6      You shall implement procedures and technical controls to ensure that only authenticated and authorised users have access to imarket and that the granting and use of such access are fully audited.

 

11.1.7      You shall ensure that allocation and approval of user access to imarket and any integrating application will be based on the work-related requirements of individuals and will be granted on the basis of the minimum authority required to do their job.

 

11.1.8      You shall conduct regular user reviews to ensure that access rights or authorities remain appropriate and that those that are excessive or no longer required are reduced or removed immediately. You shall delete unused accounts after 6 months of inactivity in such a way that the integrity of audit information is not compromised.

 

11.1.9      You shall ensure that access administration is limited to your designated system administrator and/or your designated imarket administrator with appropriately delegated administrative authority.

 

11.1.10     You shall ensure that passwords and any security credentials are not and cannot be displayed on a screen in a readable format when being entered.

 

11.1.11     You shall ensure that stored security information relating to your system environment (including but not restricted to user-ids, passwords and other records relating to access controls) are protected against unauthorised access and disclosure.

 

11.2      Virus Protection

 

11.2.1      You shall use reasonable endeavours to ensure that any data entered on to or routed via imarket shall be free of any virus.

 

11.2.2      You shall be responsible for protecting your system environment from contamination from any virus and shall implement and maintain appropriate protective measures to guard against the threat of computer viruses and malicious code vulnerabilities. This shall include but not be restricted to the installation and operation of up to date virus protection software, application of necessary security patches to operating systems, browsers and other software.

 

11.2.3      If you become aware that a virus has been introduced into the imarket systems environment through your access to or use of imarket you shall notify Polaris immediately on becoming aware of the same.

 

11.3      Secure Information Management

 

11.3.1      You shall securely erase imarket information, including but not restricted to PCI, stored on any equipment (including but not restricted to PCs & Servers) which is to be disposed of or given, either permanently or temporarily, into the possession or control of a third party for any purpose (for example repair and maintenance) prior to such equipment leaving your premises.

 

11.3.2      You shall implement appropriate measures to ensure that security credentials (including PCI) and sensitive business data are not exposed via re-use of electronic media (including but not restricted to backup volumes, disk drives and other storage media) and that you shall securely erase such media before disposal or re-use. In addition you shall store such media securely.

 

11.4      Connectivity

 

11.4.1      You shall not cache or attempt to cache any security credentials, including (without limitation) session keys.

 

11.4.2      You shall implement appropriate procedural and electronic measures (including, without limitation, appropriate firewalls) to protect any systems running integrating software from threats via connected networks, particularly the internet.

 

12.       Security Operational/User Requirements

 

12.1      Security Administration

 

12.1.1      You shall implement a leavers and joiners policy to ensure that user access permissions are appropriately controlled and that excessive privileges are removed in a timely manner.

               You shall implement measures to ensure that you revoke:-

  • all user access within 24 hours of a user leaving your employ or no longer requiring access to imarket;
  • your designated system administrator or your designated imarket administrator´s access within 24 hours of them leaving your employ or no longer requiring access to imarket and you shall ensure that all common access control passwords known by them are changed immediately.

 

If you are aware that a user or your designated system administrator or your designated imarket administrator does not, will not or cannot comply with these terms you shall immediately remove that person´s access to imarket.

 

12.1.2      You shall perform regular checks of the activities of your designated system administrators and your designated imarket administrators to verify that such activities are reasonably required to support the execution of their duties. You shall use all reasonable endeavours to perform weekly checks for the first period of 3 months for new administrators and specific checks during the month immediately after the departure of an administrator to ensure that they have not attempted to access imarket.

 

12.1.3      You shall implement a password reset procedure and ensure that users may only request the reset of their own password. Your designated imarket administrators must validate the requestor's identity to a level appropriate to their access and familiarity. For example, where the user is not known to the administrator, by asking the user-id plus answers to one of two randomly selected, predefined, security questions.

 

12.1.4      Where you are using functionality provided by an approved integrating application to access imarket, you shall enforce all security requirements notified to you by the software provider to ensure security of the application and data and for clearly documenting compliance with these requirements.

 

12.1.5      These terms will be subject to modification to reflect changes in functionality, Polaris / insurer body operating models or changes to security risks and threats. You shall comply with any such changes.

 

12.2      Password Rules

 

12.2.1      Where access to imarket is via an approved internet browser new users will be provided with an interim password to allow them to access imarket. During their first visit, they will be required to choose a new password (of between 8 and 10 characters, and including at least one alpha and one numeric character). Users will also be asked to provide the answer to a security question, to be used to confirm the user´s identity in the event that their password needs to be reset. Users can also change their password at any time (using the "Amend my Profile" link which is present on every page of imarket).

 

 

12.2.2      Users will be required to change their passwords periodically, and we reserve the right at our sole discretion to invalidate passwords after periods of inactivity, or if a user enters their password incorrectly on a number of occasions. Conditions relating to password changes and resets are detailed in the Help Screen accessible from the My Home area of the site.

 

12.2.3      You shall ensure that users take all reasonable steps to prevent the fraudulent use of their user-id and password. In particular, you shall ensure that they:

  • keep their passwords confidential;
  • do not ask another person for their password;
  • regularly change their passwords as required by imarket or an integrating application and as may be necessary to maintain security;
  • enter passwords in full and not allow others to watch whilst they enter their password;
  • do not share passwords with anyone (including but not restricted to your designated system administrators and your designated imarket administrators and helpdesks);
  • do not write their passwords down or store them (including without limitation not storing passwords or memorable words in macros, function keys, batch jobs or any facility that allows for replay of the credentials into the sign on screen(s));
  • do not allow anyone to use their user-id to access imarket or an integrating application;
  • do not use or attempt to use another individuals user-id to gain access to imarket;
  • do not leave imarket accessible to others, if their computer is left unattended;
  • change their password immediately if they know or suspect that someone else knows their password. If security is compromised as a result, the user must report this incident via the organisations incident reporting process in accordance with clause 16.1 below;
  • choose passwords that are easy to remember, but difficult to guess and not recycle previously used passwords. For example, passwords shall not be formed from any obvious source of information related to the identities of their users, e.g. names, car registration, telephone numbers.

 

13.       Security Audit

 

13.1            Polaris may, at any time, conduct or commission audits, investigations and/or security reviews in order:

  • to validate the current user base in relation to access to imarket; or
  • to assess the level of skill, competency and knowledge that users have in relation to the imarket, and any training needs that may exist; or
  • otherwise to verify your compliance with these terms.

 

13.2            You shall utilise the available audit functionality within your system environment or integrating application and shall hold all data which may be obtained by or otherwise relates to the utilisation of such audit functionality (including details of allocated user-ids and user access rights) for a minimum of 2 years (or in accordance with legislative and regulatory requirements, whichever is the greater period) such that transactions can continue to be accurately identified to an individual. For the avoidance of doubt passwords do not need to be stored or archived to meet this audit requirement but, in all cases, password management and handling must be in accordance with these terms.

 

13.3            You shall allow Polaris and its nominated agents and sub-contractors such access to your premises, records and facilities for the purpose of investigation, support, inspecting, monitoring and reviewing your systems, controls, policies and procedures as is required for the purposes set out above. Such access will be given between the hours of 9am and 5pm on business days, subject to Polaris giving not less than 48 hours prior written notice except in the case of emergency or material breach of these terms or as may required by any law or regulation.

 

13.4            Polaris and its nominated agents shall be entitled to take copies or print outs of any records containing or referring to any of the systems, controls, policies and procedures inspected, monitored or reviewed.

 

13.5            You shall procure that your officers, employees, agents and sub-contractors comply with the obligations under this paragraph. You shall, and shall procure that your officers, employees, agents and sub-contractors shall, provide all reasonable co-operation and assistance (including without limitation answering questions and providing explanations) to any person performing the inspection, monitoring or review. Upon reasonable