You have rights to obtain and reuse your personal data for your own purposes across different services. E.g. if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
LAST UPDATED: 27th May 2021
- Sets out the types of personal information we collect about you.
- Explains how we collect your personal information.
- Explains when, why and with who we will share your personal information.
- Explains how we look after your personal information.
- Explains how we use your personal information and the legal bases we have for using your personal information.
- Explains how we use your information to make automated decisions.
- Explains what happens if you choose not to give personal information.
- Explains how long we keep your personal information.
- Sets out your legal rights.
- Explains how to get a copy of your personal information.
- Explains how to contact us.
What personal information we collect about you
Personal information means any information relating to an identified or identifiable natural person. This does not include information that has been anonymised or aggregated so that it can no longer be used to identify a specific natural person, whether in combination with other information or otherwise.
These are some of the types of personal information that we may collect, use, store and transfer:
We may also collect, use, store and transfer special categories of personal information about you, only where we are permitted under the law to do so, which includes details about your:
- Racial or ethnic origin.
- Religious or philosophical beliefs.
- Trade union membership.
- Genetic and bio-metric data.
- Health data, including gender.
- Criminal convictions and offences.
Where we collect personal information from
We may collect personal information about you from any of these sources:
Direct interactions, which includes personal information you give to us:
- When you apply for our products and services.
- When you talk to us on the phone.
- When you use our websites, mobile device apps or web chat services.
- In emails and letters.
- In insurance claims or other documents.
- In customer surveys.
- If you take part in our competitions or promotions.
Third parties or publicly available source, including personal information we receive from:
- Companies that introduce you to us.
- Credit, payment and other types of card associations.
- Credit reference agencies.
- Insurers and reinsurers.
- Comparison websites.
- Social networks.
- Fraud prevention agencies.
- Public information sources such as Companies House.
- Agents working on our behalf.
- Market researchers.
- Government and law enforcement agencies.
If you are providing personal data of another individual to us, you must tell them you are providing their information to us and show them a copy of this notice.
Who we share your personal information with
We may share your personal information with:
- Regulators and other authorities (including the Information Commissioner’s Office).
- UK Financial Services Compensation Scheme.
- Credit reference agencies.
- Fraud prevention agencies.
- Organisations that introduce you to us.
- Market researchers.
- Price comparison websites and similar companies that offer ways to research and apply for financial products and services.
- Companies with whom you ask us to share your data.
- Insurers and reinsurers.
- If you pay by instalments, we will share your details with the premium finance provider.
- If you make an insurance claim, information the insurer may put on a register of claims. This will be shared with other insurers.
- Companies who perform marketing services on our behalf such as third-party vendors including Google.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
If you have any additional cover options:
If you have
- Legal Expenses Cover.
- Home Emergency Cover.
If you have:
- Key Protect Cover.
We may transfer your personal information outside of the European Economic Area (‘EEA’) to:
- Comply with your instructions.
- Comply with a legal or regulatory obligation.
- Work with our agents/suppliers for contractual purposes.
Whenever we transfer your personal information out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal information by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal information the same protection it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal information shared between the Europe and the US.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.
How we look after your personal information
We are committed to ensuring your personal information is secure. To minimise the risk that there is unauthorised access to or disclosure of your personal information, we put in place, where practicable, appropriate physical, electronic and managerial procedures to safeguard and secure it.
We also limit access to your personal information to those employees, agents, contractors and other third parties on a “need to know” basis. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How we use personal information and how the law protects you
Data Protection law only allows us to use personal information if we have a proper reason to do so. The law recognises four proper reasons for using personal information:
- To fulfil a contract, we have with you.
- When it is our legal duty.
- When it is in our legitimate interests.
- When you consent to it.
A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.
Here is a list of ways that we may use your personal information, which of the reasons we rely on to do so and our legitimate interests.
We may use your personal information to tell you about relevant products and offers. This is what we mean by ‘marketing’. We may use this personal information to form a view on what we think you may want or need, or what may be of interest to you, and therefore which products, services and offers may be relevant for you.
We will only:
- Use your personal information to send you marketing messages
- Share your personal information with any company outside our group of companies for marketing purposes
if you have given your consent for us to do so.
You can ask us to stop sending you marketing messages by visiting our website at any time.
Whatever you choose, you'll still receive renewal notifications, and other important information about your policy such as changes to terms and conditions.
We may ask you to confirm or update your choices if you take out any new products or services with us. We’ll also ask you to do this if there are changes in the law, regulation, or the structure of our business.
How we use your information to make automated decisions
We sometimes use systems to make automated decisions based on personal information we have – or can collect from others – about you. This helps us to make sure our decisions are quick, fair, efficient and correct, based on what we know. These automated decisions can affect the products, services or features we may offer you now or in the future, or the price that we charge you for them.
Here are the types of automated decision we make:
We may decide what to charge for some products and services based on what we know.
Tailoring products and services
We may place you in groups with similar customers. These are called customer segments. We use these to study and learn about our customers’ needs, and to make decisions based on what we learn. This helps us to design products appropriately for different customer segments, and to manage our relationships with them.
Paying by instalments
When you enter into an Agreement with PremFina, We may also use information about you, in compliance with applicable laws or regulatory rules, to process your application with credit reference agencies:
- We will supply your personal information to credit reference agencies, and they will give Us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.
- We will also continue to exchange information about you with credit reference agencies on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. Credit reference agencies will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates.
- The identities of the credit reference agencies, and the ways in which they use and share personal information, are explained in more details by each of the three credit reference agencies at www.callcredit.co.uk/crain, www.equifax.co.uk/crain and www.experian.co.uk/crain.
Credit scoring methods are tested regularly to make sure they are fair and unbiased.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal consequences for you or similar significant effects. While we are confident that the technology works, we understand that not everyone is comfortable with automated decision making. That is why:
- You can request that decisions are not based on the automated score alone.
- You can object to an automated decision and request human intervention.
If you want to know more about these rights, please contact us.
If you choose not to give personal information
We may need to collect personal information by law, or under the terms of a contract we have with you.
If you choose not to give us this personal information, we may not be able to fulfil our legal or contractual obligations. This may mean we cannot issue you an insurance policy and we cancel a product or service you have with us.
Any data collection that is optional would be made clear at the point of collection.
How long we keep your personal information
The time period we retain your personal information for will differ depending on the nature of the personal information and what we do with it. We typically keep quote, policy and claims records for up to ten years for one of these reasons:
- To respond to any questions or complaints.
- To show that we treated you fairly.
- To maintain records according to rules that apply to us.
- For claims purposes.
We may keep your data for longer than 10 years if we cannot delete it for legal, regulatory or technical reasons. We may also keep it for research or statistical purposes. If we do, we will make sure that your privacy is protected and only use it for those purposes.
Your legal rights
You have the following rights in relation to your personal information:
1. The right to be informed
2. The right of access
3. The right to rectification
You’re entitled to have your information corrected if it’s inaccurate or incomplete, though we may need to verify the accuracy of the new data you provide to us.
4. The right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions. We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
5. The right to restrict processing
You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
6. The right to data portability
You have rights to obtain and reuse your personal data for your own purposes across different services. E.g., if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
7. The right to object
You have the right to object to certain types of processing, including processing for direct marketing (which we do only with your consent).
If you wish to exercise any of the rights set out above, please email email@example.com Find out more about how to access the data we have on file for you, or request for it to be erased here.
How to get a copy of your personal information
St George's Square
Find out more about this process here.
How to withdraw your consent
If you would like to prevent third parties such as those used by Google you can do so by visiting the Network Advertising Initiative opt out page.
How to contact us
Please let us know if you are unhappy with how we have used your personal information. You can write to us at:
Customer Relations Manager
St George's Square
or send us an email to firstname.lastname@example.org.
If you are not satisfied with our response to your complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO). Find out on their website how to report a concern.