- HOW WE PROTECT YOUR PERSONAL INFORMATION
PLEASE READ THIS CAREFULLY
1. What Data do we Collect and where do we get it from?
For the purposes set out in this notice, information including personal information detailed below relating to you or anyone else to be covered by an insurance policy ("Personal Data and Special Categories of Data") will be collected and processed by Allied Wessex Westinsure Ltd and/or on its behalf by its third-party service providers. This data will be provided by you, or any other person you may appoint to provide us with information. You will either be completing application forms or answering questions we ask you, in order to provide the required information. This will not include data readily available in the public domain.
Personal Data…. This is information we may gather from you that will directly or indirectly identify you as individual and may also provide information about your cultural or social identify. This type of data must be processed strictly in accordance with our Basis at Law stated in the table below. This data will include but may not be limited to: -
Your title, name, postal address, risk address, civil status, gender, current and or previous occupation, date of birth, contact details, registration number, mental health conditions, bank details, credit / debit card details, credit searches, National Insurance Number, Next of Kin information, children’s data where the child is under 16 (only for travel insurance policies)
Special Categories of Data…. This is information we may gather from you that might reveal your racial or ethnic origin, political opinions, religious or philosophical beliefs, your health, sex life or sexual orientation. This data will be processed strictly in accordance with the Basis at Law stated in the table below. This data will include but may not be limited to: -
Your title, gender, race, ethnic origin, political opinions, religious beliefs, physical or medical health conditions, driving licence origin, UK residency period, children’s data where the child is under 16 (only for travel insurance policies), criminal history. Data for criminal convictions and offences will only be collected as permitted by UK Law.
Web analytics Each time you visit our website, we may automatically collect technical information including IP address. In order to develop our website in line with our customers’ needs, Ourselves and Hiscox keeps a track on which pages on our website are visited most frequently and how long visitors spend on our site. We use this information to help improve the site. We never gather other information from your disk or computer. We collect a copy of the data held by the cookie for inclusion in any analysis. We use full SSL protocols when collecting visitor information on secure pages; this ensures that the site's security is not compromised. We encrypt all transmitted visitor information (even from non-secure pages), so no-one else can read the information we gather.
We use Google Analytics; a web analytics service provided by Google, Inc. Google Analytics sets a cookie in order to evaluate your use of this site. Google stores the information collected by the cookie on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. Hiscox use Google Analytics to optimise this site and improve the service we provide to our visitors. More information about how to reject or delete this cookie may be found here: http://www.google.com/intl/en/privacypolicy.html
The controller of this Personal Data is Allied Wessex Westinsure Ltd ("we" and "us"). of 109 High Street, Royal Wootton Bassett, Wiltshire, SN4 7AU. If you have any query, please contact Andrew Hill by email – firstname.lastname@example.org. We process your Personal Data in accordance with this Privacy Notice, which is also available on www.alliedwessex.co.uk
2. How and why do we Process Your Personal Data?
The following tables detail: -
- why we collect your data and the consequences of not providing it
- our legal basis as required by the Regulations
- who we share your data with and why
- how long we will retain your data
Legal basis for processing Why we collect your data We obtain, collect and process your Personal Data and Special Categories of Data (which includes sharing your data with others) to enable us to quote for your insurance needs, place you on cover, make any payment arrangements requested, make any alterations to your policy that you may request during the policy term, and in the unfortunate event that a claim occurs we will need to share your information to help you make your claim. We may also have regulatory and / or legal obligations for sharing data with others, but we will only share it for the purposes stated, or in a way you would reasonably expect us to, unless we inform you otherwise. If you do not provide the data requested it may not be possible to obtain a quote or provide you with a policy. Our legal basis for processing your data In order to arrange your insurance, we will be using one or more of the following legal bases: -
· Processing is necessary in order for us to take steps, at your request, to enter into a contract of insurance when you ask us to place cover, and for the performance of that contract when you need to make a claim.
· Processing is necessary for us to comply with any legal or regulatory obligation
· Where we believe a customer is vulnerable, processing might be necessary to protect the vital interests of that person or other person covered by the policy
· We may have a legitimate interest in processing the data for changes to any quotation or policy which you may request, or for any other reason necessary to undertake any other requests related to your insurance policy
Who we share your data with and the reason for processing We are a Data Controller and in order to process your requests we may be sharing your data with one or more other Data Controllers. The Controllers we may share with and our reasons for sharing that information are listed but not limited to the following: - Insurers Quotation, cover, to manage and progress claims Insurance Providers, (Placing Brokers, Delegated Authority Schemes, Wholesalers and the like) Quotation, cover, to manage and progress claims Loss Adjusters To manage and progress claims Insurance Fraud Bureau Potential policy fraud Loss Assessor To manage and progress claims Financial Conduct Authority Regulatory obligations Financial Services & Compensation Scheme Compensation in the event of insurer failure, if eligible Financial Ombudsman Service Unresolved Complaints, if eligible National Crime Agency Suspected criminal / fraudulent activity HM Treasury Sanctions Checking clients are not on the banned list Premium Finance Company Payment of premiums Police Legal obligations Possible Suppliers Insurers replacement facilities - i.e., white goods,
jewellers, cleaning companies, restoration companies,
approved repairers and garages, windscreen replacement
company, plumbers, builders, electricians and the like.
Staff Administering the quotation and policy, claims or payments.
Back Up of Data
Claims Management Company To manage and progress claims Surveyor Risk survey to analyse, report upon risk.
Also, in the event of a loss, the opportunity to survey
Debt Agency To collect unpaid premium due It Providers - Software Holds all collective management information, system testing
when system not responding or errors occur
It Providers - Hardware, Cloud & Systems Management To detect issues, secure the system, and test the system.
Also, backup of data
Interested Parties (Mortgage Lender) Proof of cover Third Party Insurers To manage and progress claims Third Party Assessor To manage and progress claims Claims Management Company To manage and progress claims Credit Reference Agencies To obtain competitive premiums via some
Mylicence (Uk) To meet legislative requirements DVLA To meet legislative requirements Motor Insurers Database Registering vehicles to meet legislative requirements Motor Insurers Bureau To meet legislative requirements Claims Exchange Underwriting Sharing of previous claims information between insurers Employers Liability Tracing Office To provide confirmation of cover being in place Our own Insurers Where we need to provide information about you Solicitor Claims against clients or claims against us Interpreter For management of the policy and claims where
language is a barrier or they use sign language
Group Offices Other offices within the firm may need to use data
centrally to deal with clients if another office is busy
or not available
Other Data Controllers not detailed above To be shared only for the purposes stated, or in a way
you would reasonably expect us to, unless we inform you
How long we retain your
We will retain your Personal Data for as long as your insurance policy is valid with us and for 10 years thereafter. IMPORTANT
· For some of our products e.g.: motor and household insurance, we may carry out automated decision making (including profiling) to process your personal data in order for insurers to underwrite and price your insurance online and/or process your claim. We take care to ensure our profiling is fair, transparent and limited in purpose.
· We have stated the reasons we are collecting your data above, but in the event that you do not wish to provide us with your Personal Data for all or any of the above reasons, this may limit the insurers who will quote and agree to cover, and in some cases, insurers may not wish to offer cover at all.
· If at any point in the future we need to amend this policy, every effort will be made to make you aware and our website will always have the latest version.
3. Where do we hold your Data?
At all times we will endeavour to hold your Data on servers within the UK, or within the European Economic Area.
We, and certain Recipients (our third-party service providers) who process your Personal Data on our behalf may transfer your Personal Data outside the [European Economic Area ("EEA")] to a country that does not provide an adequate level of protection to your Personal Data. Where such transfers occur, we ensure that: a) they do not occur without our prior written authority; and b) that an appropriate transfer agreement is put in place to protect your Personal Data. If you would like to find out more about any such transfers, please contact our Compliance officer.
4. Your Acknowledgment of this Notice and Your Rights
You have rights that allow you to address any concerns or queries with us regarding our processing of your Personal Data:
Object to Processing
In certain circumstances, you have a right to object to our processing of your Personal Data where we process it on the legal basis of: a) our legitimate business interest, including profiling based on our legitimate business interests; or b) your consent to marketing. We may not be able to comply with such a request where we can demonstrate that there are compelling legitimate grounds for us to process your Personal Data which override your interests, rights and freedoms or where the processing of your Personal Data is required for compliance with a legal obligation or in connection with legal proceedings. Right to
You have a right to withdraw your consent, at any time, to our processing of your Personal Data which is based on your consent. Where you exercise this right, our processing of your Personal Data prior to your withdrawal of consent will remain valid. Right of
You have the right to access and obtain a copy of the Personal Data that we hold about you. We will only charge you for making such an access request where we feel your request is unjustified or excessive. Right to
You have the right to request that we correct any inaccuracies in the Personal Data stored about you. Right to
In certain circumstances, you have the right to request that we erase your Personal Data. For example, you may exercise this right in the following circumstances:
· your Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by us;
· where you withdraw consent and no other legal ground permits the processing;
· where you object to the processing and there are no overriding legitimate grounds for the processing;
· your Personal Data have been unlawfully processed; or
· your Personal Data must be erased for compliance with a legal obligation.
· Where we store your Personal Data for statistical purposes, we may not be able to comply with such a request where it would likely impair such statistical purposes or where we require your Personal Data for compliance with a legal obligation or in connection with legal proceedings.
You have the right to restrict our processing of your Personal Data where any of the following circumstances apply:
· where you feel that the Personal Data which we hold about you are not accurate. This restriction will be in place for a period to enable us to verify the accuracy of your Personal Data;
· where the processing is unlawful and you do not want your Personal Data be erased and request the restriction of its use instead;
· where we no longer need to process your Personal Data (e.g. any of the Purposes outlined above have been completed or expire), but we require it in connection with legal proceedings;
· where you have objected to our processing of your Personal Data pending the verification of whether or not our legitimate business interests override your interests, rights and freedoms.
Where you exercise your right to restrict our processing of your Personal Data, we will only continue to process it with your consent or in connection with legal proceedings or for the protection of the rights of other people or for reasons of important public interest.
You have a right to receive and transfer the Personal Data that you provide to us in a structured, commonly used and machine-readable format where we process your Personal Data on the legal basis of: a) your consent; or b) where it is necessary to perform our contract with you. Where you make such a request, we will directly transfer your Personal Data on your behalf to another controller of your choice (where it is feasible for us to do so). Right to
Object to automated decision making including profiling
You have a right not to be subjected to decisions based solely on automated decision-making, including profiling, which produce legal effects concerning you or similarly significantly affects you. We may not be able to comply with such a request where we rely on the legal basis of: a) your explicit consent; or b) where it is necessary to enter and perform our contract with you (as detailed in section 2 above). You will however be entitled to have a person from our company review the decision so that you can query it and set out your point of view and circumstances to us.
If you would like to exercise any of your rights detailed above, please contact Andrew Hill by email – email@example.com
You may raise any concerns about Allied Wessex Westinsure Ltd processing of your Personal Data with the Information Commissioner Office on https://ico.org.uk/.
5. Changes to this Notice
We may amend this notice on occasion, in whole or part, at our sole discretion. Any changes to this notice will be effective immediately upon sending the revised notice to you by e-mail or post. If at any time we decide to use your Personal Data in a manner significantly different from that stated in this notice, or otherwise disclosed to you at the time it was collected, we will notify you by e-mail or post and you will have a choice as to whether or not we use your information in the new manner. If you have questions or concerns about this notice, please contact Andrew Hill by email – firstname.lastname@example.org