1. LAYERED APPROACH
We use a layered approach to delivering information about data protection through:
- The London Market Core Uses Information Notice. This Notice provides further information on how personal data is used within the insurance market.
2. INFORMATION WE MAY COLLECT ABOUT YOU
We may collect and process the following personal data about you:
- Information provided to us through enquiry, application or claims forms, including:
- information such as your name, address or contact details;
- We may also collect information about you when you provide feedback to us, subscribe to receive information about our products or services or when you complete client surveys;
- sensitive information (e.g. details of any criminal or fraudulent behaviour or medical information) obtained either through you or third parties;
- we may maintain records of any correspondence with you including phone records;
- We also receive data from reputable data sources which we use for marketing purposes. Under these circumstances we are processing information using lawful basis of legitimate interest. The legitimate interest allows for continuous growth of our business.
- information we collect through cookies. Please see our Cookies Policy statement for further information.
3. WHY WE COLLECT PERSONAL DATA
We are required by data protection laws to have a legitimate reason to process and use your personal data. The main purpose for processing your personal data is for the provision and performance of an insurance contract e.g. reviewing your application, setting you up as a policyholder, administration and maintenance of your insurance policy or in order to process a valid claim.
With regards to ‘Special Category’ data i.e. sensitive information, we must obtain your consent at the point of collecting your personal data (i.e. when you input your details online or when completing a form) in order to process the data unless an exemption for insurance purposes is applicable. In some circumstances, if we do not have your consent to process your data, it may impact our ability to issue you with insurance cover or to handle any claims.
We may also gather personal data for the following purposes:
- in order to prevent, identify and investigate fraud or any activity that is in the public interest;
- to defend ourselves against or make any legal claims;
- where we have lawful purpose for processing your data e.g. for maintaining our accounts and records, gathering market intelligence in order to develop and improve our products and services. We will ensure that the processing of your personal data does not affect your rights under applicable data protection laws;
- to comply with a legal or regulatory obligation e.g. where we are required to maintain records of any transactions with you, or for compliance with international legal and regulatory authorities.
- For our legitimate business interests; to detect and prevent fraud, money laundering and other financial crimes, or to improve, monitor and review our business, products and services, to demonstrate compliance with applicable laws and regulations, handle legal claims, respond to other types of complaints, and some marketing activities. Where we rely on this lawful reason, we assess our business needs to ensure they do not affect your rights.
How long do we hold your personal data for?
Your personal data should not be held for longer than is required. However, we retain information about you and the products you purchase to meet a number of legal and regulatory requirements, as well as our own legitimate business interests. For the period we retain your information, it is held securely by us or by third-party service suppliers contracted to store it on our behalf.
We also reserve the right to retain data indefinitely in case we need to refer to this information, even after you are no longer a client.
4. SHARING AND SAFEGUARDING YOUR PERSONAL DATA
All personal data supplied to us is stored on secure servers and only accessed and used in line with our data protection policies and procedures. Your personal data will only be accessed by our employees or authorised third parties who require the information for their business purposes. In circumstances where it is necessary to share your personal data with a third party, there are contractual agreements in place to ensure the security and confidentiality of your personal data and the information will only be used for the specific purpose for which it has been provided to them.
4.1. OUR GROUP COMPANIES
4.2. AUTHORISED THIRD PARTIES
We may also be required to allow authorised third parties, including service providers and suppliers, access to your personal data, for the purposes stated in section 2 of this notice. Any data sharing with third parties will be in compliance with applicable data protection laws.
4.3. GOVERNMENTAL, LEGAL AND REGULATORY AUTHORITIES
It may be necessary for us to share your personal data with financial and regulatory organisations (e.g. the Financial Ombudsman Service, the Financial Conduct Authority, the Information Commissioner’s Office) or law enforcement agencies (including courts) in order to assist them with enquiries, investigations or proceedings and ensure our compliance with our regulatory and legal requirements. As a financial services company, we are required to have certain processes in place with regards to anti-bribery and corruption, money laundering and fraud. If any criminal offence is detected or suspected, we may share data with third parties (e.g. law enforcement agencies, fraud prevention agencies, anti-money laundering agencies) in order to prevent crime or aid investigations if crime is identified. We may also access this data as part of our ‘Know Your Client’ procedures to establish the parties we are dealing with and when assessing a claim payment in order to prevent criminal offences.
5. TRANSFERRING DATA INTERNATIONALLY
5.1 Data protection law does not allow the transfer of personal data outside of the European Economic Area (EEA). The EEA consists of the member countries of the European Union (EU), along with Iceland, Liechtenstein, Norway and Switzerland, and who are all considered to have appropriate data protection laws to safeguard your privacy and protect your rights.
5.2 We may need to transfer information to our service suppliers in countries outside the EEA. If we do, we will ensure that your information is properly protected. If the laws of the country where our supplier is based are not considered equivalent to those in the EU, we will ensure that the service supplier enters into a formal legal agreement that reflects the standards required.
We would like to send you information about our products and services We would also like to send you information about the products and services of other companies in our group which may be of interest to you.
If you have consented to receive marketing, you may opt out at a later date. You have a right at any time to stop us from contacting you for marketing purposes or giving your information to other members of the Group.
If you no longer wish to be contacted for marketing purposes, please click here.
7. YOUR RIGHTS
Our policy complies with the EU General Data Protection Regulation. The law requires us to tell you about your rights and our obligations with regards to the processing and control of your personal data, however not all of the following may be applicable in our business dealings:
- The right to be informed;
- The right to access your personal data;
- The right to rectification;
- The right to erasure;
- The right to restrict processing;
- The right to data portability;
- The right to object to processing;
- The right to withdraw consent;
- Rights related to automated decision making including profiling;
There are some circumstances where we may be required to restrict your rights in order to safeguard the public or our own interests.
For further information regarding your rights, please visit the Information Commissioner’s Office’s website or click on the links provided above.
If you have any questions regarding privacy or how we use personal data, you may contact our Data Protection Officer:
Best Risk Management and Financial Service Ltd
4th Floor, Telecom House,
125-135 Preston Rd,
Brighton BN1 6AF,
8. OTHER WEBSITES
10. YOUR RIGHT TO COMPLAIN
Should you have any concerns regarding how we process your personal data, then you have the right to report your concern to the Information Commissioner’s Office. For more information, please visit their website.