Aside from data collected pursuant to the activities outlined under the sub-heading ‘Credit checks’, any personal data we collect will come directly from you or your chosen representative. This may include, for example, your name, your address, your contact details, information relevant to your policy, and demographic information. At times and dependent upon the nature of your policy, this may include data that the law classifies as being part of a special category, such as data relating to your health or criminal convictions. It also includes all details you provide to us via telephone calls, all of which are recorded for quality, training and crime prevention purposes.
We only use your data for the purpose of providing you with an insurance policy and the services associated therewith, and potentially to provide you with marketing material in relation to products, services and information that we believe you may find interesting.
Certain items of data we collect from you may form part of a statutory or contractual requirement that we need to meet in order to provide you with an insurance policy.
Data protection legislation requires us to have a lawful basis for processing your personal data. We rely on the following when arranging your contract of insurance and, where applicable, premium finance:
Consent – where you have given us explicit consent to use your data for a specific purpose.
Contract – where our use of your data is necessary for the entering into or fulfilment of your contract of insurance.
Legitimate interests – where our use of your data is necessary for your legitimate interests.
Where your data is part of a special category, we will only process it on the basis that it is in the public interest to do so, under the legal exemption for insurance.
We will only hold your data for as long as we require it to fulfil the purpose for which it was collected. On this basis, we may hold your data for up 40 years post-expiry of your cover – for example, where a product you have chosen includes any type of insurance where a claim could be made by you or a third party even after your contract with us has ended, such as liability insurance. After this period, your data is deleted.
In administering your insurance and, where applicable, arranging premium finance, it will be necessary for us to pass such information to other companies with our group, other intermediaries, insurers and other relevant product or service providers which may also provide us with business and compliance support. This is normal practice within the insurance industry where it is necessary to share information in order to place, quantify and underwrite risks, to assess overall risk exposure and to process claims. It is also necessary to determine the premium payable and to administer our business. We may also disclose details to relevant parties, as necessary, to comply with regulatory or legal requirements. We may contact you or pass your details to other companies associated with us in order to promote products or services which may be of interest to you. We will not otherwise use or disclose the personal information we hold without your consent.
We will collect your personal data when you visit our website, where we will collect your unique online electronic identifier; this is commonly known as an IP address.
We will also collect electronic personal data when you first visit our website where we will place a small text file that is commonly known as a cookie on your computer. Cookies are used to identify visitors and to simplify accessibility, and to monitor visitor behaviour when viewing website content, navigating our website and when using features.
Our site may contain links to other sites. Such other sites may also make use of their own cookies and will have their own privacy policies. You should carefully review the privacy policies and practices of other sites, as we cannot control or be responsible for their privacy practices. We do not accept any liability for the privacy practices of such third party websites and your use of such websites is at your own risk.
We will transfer your data to third parties based outside the European Economic Area. This is necessary for the purposes of administering our business and underwriting and claims processing purposes. Such parties are not permitted to use your personal data for any other purpose than for what has been agreed with us. These parties are also required to safeguard your personal data through the use of appropriate technical and organisational data security measures and are prohibited from disclosing or sharing your data with other third parties without our prior authorisation, or unless as required by law.
Where we contact you to promote products or services which may be of interest to you, we may do so via an emailing service that is based in the United States of America. Full details about the technical security in place can be provided upon request, but please be assured that the service provider has implemented protective measures to ensure its compliance with security standards on an international scale.
It is important to us that you are aware of the rights you have in relation to the personal data we hold about you. You can:
Ask us to give you further information about the collection and use of your data.
Ask us to give you access to your data.
Ask us to rectify your data where you have identified that it is inaccurate.
Ask us to erase your data.
Ask us to move, copy or transfer your data.
Ask us to stop or restrict use of your data.
Object to our use of your data on the basis of legitimate interests and for direct marketing.
Withdraw any consent you have previously given us.
You can exercise any of these rights by contacting our data protection representative as per the details above.
As well as contacting us, you have the right to lodge a complaint with our supervisory authority, the Information Commissioner’s Office. You can do so by using their live chat facility at https://ico.org.uk/concerns/ or by calling them on 0303 123 1113.