Stonebridge International Insurance Ltd – Data Protection Notice
(In this notice "we, us, our" means Stonebridge International Insurance Ltd who are the Data Controller).
Please ensure that you read and understand this Data Protection notice as it explains to you what we will do with the information that you give us. This may involve the collection and processing of sensitive personal (special category) data.
We may update this Data Protection Notice from time to time should business or regulatory changes require us to do so. If this is the case, we will communicate the changes on our websites. You can also request a copy by contacting us on the address below. This version of the Data Protection Notice was released on 01-03-2021
Under the UK General Data Protection Regulations ("UK GDPR") and the Data Protection Act 2018 ("DPA"), the lawful bases we will rely on to process your personal data are:
• Our contractual obligations to you in providing our products and services
• Our legitimate business interests
• Your consent in respect of marketing preferences
Protection of your personal data
The security of your personal information is very important to us and we maintain systems and processes to ensure compliance with all current data protection legislation. Your personal data is encrypted and securely stored in our data centres, which are PCI DSS certified. We will hold this information for a reasonable period of time, whether or not you make a purchase with us or secure employment with us, to ensure that we have a clear and complete history of insurance enquiries, card applications, policy records, transactions or job applications. All data is securely destroyed by a certified security company for the on-site physical destruction of hardware and media.
We will collect your data if you apply for a quote, purchase a product, or register for a service on one of our websites, one of our business partner websites or via our mobile app. We will also collect data from you if you submit an application to work for us.
The information that we collect may include:
• Basic information to identify you: your name, address, email address, telephone number and date of birth
• Information about members of your family if you want to include them on a product that you purchase from us
• Your marketing preferences
We will always explain why we need any information that we ask for from you and explain how we process it. We will obtain your consent where necessary. Where the information you provide is required for us to deliver the product or service we are providing, this is the legal basis on which we will process your information. If you wish to withdraw consent to us processing the information that we are processing on a legal basis, we will unfortunately not be able to provide the product or service to you.
How we will use your personal data
We will use your information in the ways that we have set out below. You have the right to withdraw your consent to us processing any of your personal data at any time if it is not specifically required for us to provide and administer your insurance policy.
We will need both personal data about you and anyone else who is covered by any insurance that you apply for, to administer the policy and any claims that may arise. You should show this notice to any other person covered under your insurance policy. If your application includes other individuals, we will assume that they have given consent to you for you to give their information to us.
We may monitor and/or record your communication with us, either ourselves or using reputable organisations selected by us, to ensure consistent servicing levels and operations. We will keep information about you only for so long as it is appropriate. We need your personal information to administer your insurance policy or handle any claims whilst your policy is in force. We may need to keep information after your policy has ended or your product has been cancelled to ensure we and the administrator have an accurate record of our relationship to you and communications that we had or where we are required to keep the information for legal, regulatory or tax purposes. We maintain a data retention policy to apply to personal data that we hold.
Your data will be used for our legitimate interests as a business including: customer profiling to better understand customers, improve our products and to suggest other products that may be relevant to our customers including marketing and for management and audit of business operations. We will only communicate with you in line with any marketing preferences that you have given us and this may continue after your product has ended or been cancelled. Your marketing preferences can be updated at any time by contacting us:
• Telephone: 0808 178 3232
We may share your information with our service providers that support us in conducting our business e.g. storage of data, data analytics or market research. This may include online partners who enable us to communicate with you via digital platforms.
It may be necessary for us to share your data without your consent or notice being required where this relates to crime or fraud prevention i.e. where we are required to do so by law.
Security and integrity of personal information
We use reasonable technical and physical information system measures to safeguard the integrity and security of personal information in our possession. We also undertake reasonable efforts to ensure that personal information is accurate and current. Your information may be transferred to third party providers who process information on our behalf, including providers of information technology, identity management, dedicated customer services management team, website hosting and management, data analysis, data back-up, dedicated claims management team, security, and storage services.
We can supply on request further details of the service providers we provide your data to and how this information may be used. If you require further details, please contact our Data Protection Team using the details at the bottom of this Notice.
Some of the organisations we share information with may be located outside of the UK and the European Economic Area ("EEA"). We will always take steps to ensure that any transfer of information outside the UK and the EEA is carefully managed to protect your privacy rights:
• where we transfer your data to other companies providing us with a service, our contractual arrangements with them will include obligations to protect your personal information. This will be in the form of standard contractual clauses required by UK GDPR or any update to those standard clauses or via well recognised certification schemes;
• if required we will only transfer your personal information to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights; and
• any requests for information we receive from law enforcement or regulators will be carefully validated before personal information is disclosed.
You can request more information from our Data Protection Team on the safeguards set out above.
Automated decision making
We may carry out automated decision making based on your personal information if you apply for an insurance product with us. This may include your age and the level of cover and is used to calculate the price of cover that we provide.
Under the Data Protection Act 2018 and the UK GDPR you have rights in connection with the processing of your personal information.
• Access to personal information held about you and for the information to be provided to you in a suitable format
• To restrict processing of your personal information
• To request erasure or rectification of personal information held on you
• To object to processing or automated decisions
• To request data portability for us to transfer data to you or another organisation
To make a request to exercise your rights you should contact our Data Protection team on the details below:
Data Protection Officer
We have a dedicated Data Protection Officer who you can contact for any queries relating to this policy, to exercise any of your rights under data protection regulations including: data subject access requests, correcting your information, making a complaint.
Data Protection Officer & Data Controller contact details
By email: firstname.lastname@example.org
By post: 39/51 Highgate Road, London NW5 1RT
The information that you have requested will be provided in a suitable format to meet your requirements.
If we cannot resolve the complaint to your satisfaction and you are an UK resident, you can contact the Information Commissioner's Office who are the Supervisory Authority in the UK protecting the rights of individuals under current UK Data Protection regulations.
By post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
By telephone: 0303 123 1113