It is very important to us that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at firstname.lastname@example.org
What information do we collect about you and why
We may need to collect the following personal information:
- Date of Birth
- Home and/or business phone numbers and mobile phone numbers, addresses and email addresses
- Job title and company name
- Some business details (for example, a Director of a company)
- Financial information (for example, debit and credit card details)
- Marital status
- Salary and employment details
- Information about what and/or who you want to insure, such as vehicle details and named drivers, your home, travel details and companions
- Your claims and credit history.
We may also collect personal information from the following sources:
- You or someone connected to you as part of a quotation or claim
- Publicly available sources of information, such as social media and networking sites, Companies House and credit rating agencies.
As data controllers, we will only use your personal data where legally permitted to do so. We collect and process information about you as part of the process of arranging insurance for you. Our contract with you includes insurance administration before and during the arrangement of your insurance policy, underwriting, and claims handling. This means that one of the legal grounds of our holding your personal data is for the performance of a contract. We are also required to collect and retain your personal data for regulatory and legal reasons. This includes the requirements of our regulatory body, the Financial Conduct Authority. We may also need to keep your personal data for our legitimate interests (or those of a third party) where your interests and fundamental rights do not override those interests.
Our legal ground for processing your personal data to send you our Newsletter or Marketing information about our insurance products is either your consent or our legitimate business interests in developing and improving our products and services. You have the right to withdraw your consent or object to our legitimate use of your data for our Newsletter or Marketing at any time by emailing us at email@example.com
We do not share your information with any third party for their Marketing purposes.
Sensitive or ‘special category’ personal data
We may need to collect sensitive personal data (‘special category personal data’), such as health related data, driving convictions and criminal convictions for some specific types of insurance policies. We may seek your explicit consent to process your sensitive data. In addition, there is a specific legal exemption to enable us to process sensitive data for insurance contract purposes. We will however only collect this information as an essential part of the insurance cover.
Disclosure of other people’s personal information
You should show this policy to anyone whose personal information you provide to us. You must ensure that any such information you supply relating to anyone else is accurate and that you have their agreement to use their data as part of the insurance contract.
How will we use the information about you
We collect and use this information in order to arrange a contract of insurance for you. It is very important that you take all reasonable care to ensure that the personal information you provide is accurate and complete. If you do not, an insurer may refuse to pay out on a claim.
Who do we share your personal information with
We will only pass your personal information, where necessary, onto insurers, underwriters, wholesale brokers, loss adjusters, loss assessors, advisers, insurance-related trade associations, incident response companies (such as car hirers and repairers, glaziers, property drying out specialists etc), claims companies, fraud detection agencies, law enforcement agencies, premium finance companies, credit reference agencies, other brokers, appointed representatives, broking platforms, software houses, digital companies, payment processors etc and any governmental or regulatory body as part of the arrangement of your insurance.
Information provided by you may be put onto a register of claims and shared with insurers to prevent fraudulent claims. We do not pass any of your information onto any third parties except as part of arranging insurance, sending out our Newsletters and selling our insurance products. We do not use your data as part of any form of automated decision making, including profiling. However, other third parties, such as insurers, may use your personal data for automated decision-making for processes such as determining your premium. In addition, insurers and online processors may use your information to create anonymised statistics that they may share with third parties. Unless insurers have specifically obtained our or your consent, any information they use will be completely anonymous.
We require all third parties to whom we transfer your data to respect the security of your personal data and treat it in accordance with the law. We only allow such third parties to process your data for specific purposes and in accordance with our instructions.
Transfer of your personal data to countries in the European Economic Area (EEA)
The United Kingdom exits from the EU on 31 December 2020 following a transition period. If the transition period ends before the EU Commission makes an adequacy decision about the UK, most of the data protection rules affecting small to medium-sized businesses and organisations will stay the same.
Transfer of your personal data outside the European Economic Area (EEA)
We (or third parties acting on our behalf) may store or process personal information that we collect about you in countries outside the European Economic Area (EEA), which may have lower standards of data protection.
In the unlikely event that we transfer your personal information outside the EEA we will ensure that an adequate level of protection is in place to protect your personal information such as putting in place contractual protections which have the purpose of ensuring the security of any information passed and putting in place technical and organisational security measures to prevent the loss or unauthorised access of your personal information.
Where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield and any successor framework which requires them to provide similar protection to personal data shared between the EU and the US.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
How do we protect your personal information
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long do we keep your personal information
We only keep your personal information for as long as it is reasonably necessary to fulfil our responsibilities for your insurance contracts. These include the retention of records for the purposes of satisfying any legal, accounting or regulatory purposes. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for at least six years after they cease being customers for tax and regulatory purposes.
You have a number of rights concerning the personal information we use, these include
- the right to ask for access to and a copy of your personal information
- ask us to correct or delete your personal information
- ask us to restrict or object to the use of your personal information at any time where you have previously given us your consent to use your personal information, to ask us to withdraw that consent
- request us to erase your personal data.
- receive your personal data in a commonly used and machine-readable format and to have the right to transmit this data to another data controller, without hindrance from us (this is referred to as ‘data portability’).
You can see more about these rights at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
To exercise these rights, please contact us in writing or by email. Our address is 4 Aire Valley Park, Wagon Lane, Bingley, West Yorkshire, BD16 1WA. Email: firstname.lastname@example.org
Please note that in some cases even when you make a request concerning your personal information, we may not be required, or may not be able to honour it. Your request could result in cancellation of your insurance policy or us not being able to fulfil our legal and regulatory obligations or if there is a minimum statutory period of time for which we have to keep your information. If this is the case then we will let you know our reasons.
You have the right to complain to the Information Commissioner’s Office at any time if you object to the way we use your personal information. For more information please go to https://ico.org.uk/make-a-complaint/
How to contact us