The security of your personal information is very important to us and we maintain systems and processes to ensure compliance with all current data protection legislation. Your personal data is encrypted and securely stored in our data centres, which are PCI DSS certified. We will hold this information for a reasonable period of time, whether or not you make a purchase with us or secure employment with us, to ensure that we have a clear and complete history of insurance enquiries, card applications, policy records, transactions or job applications. All data is securely destroyed by a certified security company for the on-site physical destruction of hardware and media.
We will collect your data if you apply for a quote, purchase a product, or register for a service on one of our websites, one of our business partner websites or via our mobile app. We will also collect data from you if you submit an application to work for us.
The information that we collect may include:
We will always explain why we need any information that we ask for from you and explain how we process it. We will obtain your consent where necessary. Where the information you provide is required for us to deliver the product or service we are providing, this is the legal basis on which we will process your information. If you wish to withdraw consent to us processing the information that we are processing on a legal basis, we will unfortunately not be able to provide the product or service to you.
We will use your information in the ways that we have set out below. You have the right to withdraw your consent to us processing any of your personal data at any time if it is not specifically required for us to provide and administer your insurance policy.
We will need both personal data about you and anyone else who is covered by any insurance that you apply for, to administer the policy and any claims that may arise. You should show this notice to any other person covered under your insurance policy. If your application includes other individuals, we will assume that they have given consent to you for you to give their information to us.
We may monitor and/or record your communication with us, either ourselves or using reputable organisations selected by us, to ensure consistent servicing levels and operations. We will keep information about you only for so long as it is appropriate. We need your personal information to administer your insurance policy or handle any claims whilst your policy is in force. We may need to keep information after your policy has ended or your product has been cancelled to ensure we and the administrator have an accurate record of our relationship to you and communications that we had or where we are required to keep the information for legal, regulatory or tax purposes. We maintain a data retention policy to apply to personal data that we hold.
Your data will be used for our legitimate interests as a business including: customer profiling to better understand customers, improve our products and to suggest other products that may be relevant to our customers including marketing and for management and audit of business operations. We will only communicate with you in line with any marketing preferences that you have given us and this may continue after your product has ended or been cancelled. Your marketing preferences can be updated at any time by contacting us:
We may share your information with our service providers that support us in conducting our business e.g. storage of data, data analytics or market research. This may include online partners who enable us to communicate with you via digital platforms.
It may be necessary for us to share your data without your consent or notice being required where this relates to crime or fraud prevention i.e. where we are required to do so by law.
We use reasonable technical and physical information system measures to safeguard the integrity and security of personal information in our possession. We also undertake reasonable efforts to ensure that personal information is accurate and current. Your information may be transferred to third party providers who process information on our behalf, including providers of information technology, identity management, dedicated customer services management team, website hosting and management, data analysis, data back-up, dedicated claims management team, security, and storage services.
We can supply on request further details of the service providers we provide your data to and how this information may be used. If you require further details, please contact our Data Protection Team using the details at the bottom of this Notice.
Some of the organisations we share information with may be located outside of the UK and the European Economic Area (“EEA”). We will always take steps to ensure that any transfer of information outside the UK and the EEA is carefully managed to protect your privacy rights:
You can request more information from our Data Protection Team on the safeguards set out above.
We may carry out automated decision making based on your personal information if you apply for an insurance product with us. This may include your age and the level of cover and is used to calculate the price of cover that we provide.
Under the Data Protection Act 2018 and the UK GDPR you have rights in connection with the processing of your personal information.
To make a request to exercise your rights you should contact our Data Protection team on the details below:
We have a dedicated Data Protection Officer who you can contact for any queries relating to this policy, to exercise any of your rights under data protection regulations including: data subject access requests, correcting your information, making a complaint.
Data Protection Officer & Data Controller contact details
By email: firstname.lastname@example.org
By post: 39/51 Highgate Road, London NW5 1RT
The information that you have requested will be provided in a suitable format to meet your requirements.
If we cannot resolve the complaint to your satisfaction and you are an UK resident, you can contact the Information Commissioner’s Office who are the Supervisory Authority in the UK protecting the rights of individuals under current UK Data Protection regulations.
By post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
By telephone: 0303 123 1113