HOW WE PROTECT YOUR PERSONAL INFORMATION
PLEASE READ THIS CAREFULLY
1. What Data do we Collect and where do we get it from?
For the purposes set out in this notice, the Information Commissioner (ICO) requires us to advise you that, information, including personal information detailed below relating to you or anyone else to be covered by an insurance policy (“Personal Data and Special Categories of Data”) will be collected and processed by BQI Group and on its behalf by its third party service providers. This data will be provided by you, or any other person you may appoint to provide us with information. You will either be completing application forms or answering questions we ask you, in order to provide the required information. We may also obtain information from other sources that is readily available in the public domain such as the Internet of Things (IoT), Social Media, Press etc.
This is information we may gather from you that will directly or indirectly identify you as individual, and may also provide information about your cultural or social identity. This type of data must be processed strictly in accordance with our Basis at Law stated in the table below. This data will include but may not be limited to:-
Your title, name, postal address, risk address, civil status, gender, current and or previous occupation, date of birth, contact details, registration number, mental health conditions, bank details, credit / debit card details, credit searches, details of quotes, policies and claims you have had with us, National Insurance Number, Next of Kin information, children’s data where the child is under 16 (only for travel insurance policies) and any other personal information we are advised by the insurer is necessary to provide a quote and maintain the policy.
Special Categories of Data….
This is information we may gather from you that might reveal your racial or ethnic origin, political opinions, religious or philosophical beliefs, your health, sex life or sexual orientation. This data will be processed strictly in accordance with the Basis at Law stated in the table below. This data will include but may not be limited to:-
Your title, gender, race, ethnic origin, religious beliefs, physical or medical health conditions, driving licence origin, UK residency period, children’s data where the child is under 16 (only for travel insurance policies), criminal history. Data for criminal convictions and offences will only be collected as permitted by UK Law.
If we need to obtain information which is by nature sensitive, we will only do so on the basis that it is in the public interest – for example to fight crime, prevent fraud or to make sure insurance is available.
It is important that you take reasonable care when providing us with information and answer any questions honestly and to the best of your knowledge. Providing fraudulent or incorrect information could affect the price of your policy, result in your policy being cancelled and claims being rejected or not fully paid.
If you provide us information relating to other individuals (for example named drivers) you should ensure that those individuals are aware that we will use their details for the purposes outlined in this notice and direct them to this notice for full information.
Each time you visit our website, we may automatically collect Technical information including IP address.
The controller of this Personal Data is BQI Group of 6th floor, 12 Sheep street, Wellingborough, Northampton. NN8 1BL. If you have any query, please contact Selena Jacobs email: email@example.com. We process your Personal Data in accordance with this Privacy Notice, which is also available on www.bqigroup.com
2. How and why do we Process Your Personal Data?
The following tables detail :-
- why we collect your data and the consequences of not providing it
- our legal basis as required by the Regulations
- who we share your data with and why
- how long we will retain your data
Legal basis for processing
Why we collect your data
We obtain, collect and process your Personal Data and Special Categories of Data (which includes sharing your data with others) to enable us to quote for your insurance needs, place you on cover, make any payment arrangements requested, make any alterations to your policy that you may request during the policy term, and in the unfortunate event that a claim occurs we will need to share your information to help you make your claim. We may also have regulatory and / or legal obligations for sharing data with others, but we will only share it for the purposes stated, or in a way you would reasonably expect us to, unless we inform you otherwise. If you do not provide the data requested it may not be possible to obtain a quote or provide you with a policy.
Our legal basis for processing your data
In order to arrange your insurance we will be using one or more of the following legal bases:-
- In respect of children’s data, a child being a person under the age of 16, which is only collected for the purposes of arranging travel insurance, we will seek parental consent to hold the data and record that consent.
- We will seek consent from you, either verbal over the phone, or signed consent from you where we are face to face, to enable us to process any special categories of data we may obtain from you, as described above.
- Processing is necessary in order for us to take steps, at your request, to enter into a contract of insurance when you ask us to place cover, and for the performance of that contract when you need to make a claim.
- Processing is necessary for us to comply with any legal or regulatory obligation
- Where we believe a customer is vulnerable, processing might be necessary to protect the vital interests of that person or other person covered by the policy
- We may have a legitimate interest in processing the data for changes to any quotation or policy which you may request, or for any other reason necessary to undertake any other requests related to your insurance policy
Who we share your data with and the reason for processing
We are a Data Controller and in order to process your requests we may be sharing your data with one or more other Data Controllers. The Controllers we may share with and our reasons for sharing that information are listed but not limited to the following:-
Insurers: Quotation, cover, to manage and progress claims
Insurance Providers, (Placing Brokers, Delegated Authority Schemes, Wholesalers and the like): Quotation, cover, to manage and progress claims
Loss Adjusters: To manage and progress claims
Insurance Fraud Bureau: Potential policy fraud
Loss Assessor: To manage and progress claims
Financial Conduct Authority: Regulatory obligations
Financial Services & Compensation Scheme: Compensation in the event of insurer failure, if eligible
Financial Ombudsman Service: Unresolved Complaints, if eligible
National Crime Agency: Suspected criminal / fraudulent activity
HM Treasury Sanctions: Checking clients are not on the banned list
Premium Finance Company: Payment of premiums
Police: Legal obligations
Possible Suppliers: Insurers replacement facilities – ie, white goods, jewellers, cleaning companies, restoration companies, approved repairers and garages, windscreen replacement company, plumbers, builders, electricians and the like.
Staff: Administering the quotation and policy, claims or payments. Back Up Of Data
Claims Management Company: To manage and progress claims
Surveyor: Risk survey to analyse, report upon risk. Also in the event of a loss, the opportunity to survey post-loss
Debt Agency: To collect unpaid premium due
IT Providers – Software: Holds all collective management information, system testing when system not responding or errors occur
IT Providers – Hardware, Cloud & Systems Management: To detect issues, secure the system, and test the system. Also backup of data
Interested Parties (Mortgage Lender): Proof of cover
Third Party Insurers: To manage and progress claims
Third Party Assessor: To manage and progress claims
Credit Reference Agencies: To obtain competitive premiums via some
Mylicence (Uk): To meet legislative requirements
DVLA: To meet legislative requirements
Motor Insurers Database: Registering vehicles to meet legislative requirements
Motor Insurers Bureau: To meet legislative requirements
Claims Exchange Underwriting: Sharing of previous claims information between
Employers Liability Tracing Office: To provide confirmation of cover being in place
Our own Insurers: Where we need to provide information about you
Solicitor: Claims against clients or claims against us
Interpreter: For management of the policy and claims where language is a barrier or they use sign language
Group Offices: Other offices within the firm may need to use data centrally to deal with clients if another office is busy or not available
Other Data Controllers not detailed above: To be shared only for the purposes stated, or in a way you would reasonably expect us to, unless we inform you otherwise.
How long we retain your data
We will retain your Personal Data for as long as we are required in law and by our regulators.
- For some of our products eg: motor and household insurance, we may carry out automated decision making (including profiling) to process your personal data in order for insurers to underwrite and price your insurance online and/or process your claim. We take care to ensure our profiling is fair, transparent and limited in purpose.
- We have stated the reasons we are collecting your data above, but in the event that you do not wish to provide us with your Personal Data for all or any of the above reasons, this may limit the insurers who will quote and agree to cover, and in some cases insurers may not wish to offer cover at all.
- If at any point in the future we need to amend this policy, every effort will be made to make you aware and our website will always have the latest version.
We will not share or sell your details with any 3rd party for marketing purposes without your express permission.
We will collect personal data from our website, social media accounts and if you sign up to features including document portals and telematics apps. This will be used to manage any existing agreement you may have with us and under our legitimate interest as an Insurance Broker to inform you of the products and services we offer. We will also use the data when necessary to answer a query you have made. Information supplied via social media may also be held or processed by the social media company in line with their own privacy policies.
We may contact you by post, telephone, email and SMS to inform you of related insurance products, services and offers from us while you have existing products with us.
We may also contact you around your renewal date within a reasonable period of time after a policy lapses to offer insurance products provided by us.
4. Call Recording
Telephone calls to us and received from us will be recorded for training and quality purposes. Call recordings may also be supplied to the Insurer or appropriate 3rd parties if required it to investigate a claim or complaint and for the detection and prevention of criminal activity or fraud.
5. Where do we hold your Data?
At all times we will endeavour to hold your Data on servers within the UK, or within the European Economic Area (EEA). Where we share your information with other Data Controllers they must also agree to hold your Data within the EEA. However, in the unlikely event your data is to be held in any other geographical area we ensure that:-
- Data Controllers do not do so without our prior written authority and
- An appropriate transfer agreement is put in place to protect your personal data
6. Your Acknowledgment of this Notice and Your Rights
Under General Data Protection Regulation you have rights and these are listed below.
Right to Be Informed
The General Data Protection Regulation sets out the information we must provide to you about your Data. All of the information we are required to give you is contained within this Privacy Notice. If you do not understand any part of this, you should contact us immediately and we will be happy to explain it to you.
Right of Access
You have the right to access and obtain a copy of the Personal Data, and any supplementary information that we hold about you to enable you to verify the lawfulness of the processing carried out. This will be provided free of charge, unless your request is unfounded, excessive or repetitive, and the information will be sent to you within 30 days of your request being received. If we refuse your request, you have the right to complain to the ICO.
Right to Rectification
You have the right to request that we correct any inaccuracies in the Personal Data we hold about you. This will be corrected within one month. If we are unable to correct the inaccuracy you have the right to complain to the ICO.
Right to Erasure
You have the right to request that we erase your Personal Data. For example, you may exercise this right in the following circumstances:
- your Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by us;
- you withdraw consent and no other legal ground permits the processing;
- you object to the processing and there are no overriding legitimate interests for the processing;
- your Personal Data was unlawfully processed; or
- your Personal Data must be erased for compliance with a legal obligation.
We refuse the right to delete your information when it falls within our data retention period stated above, as this data may be required to exercise or defend litigation in the event of a claim whether covered or not by the insurance policy. If you do not agree with this you have the right to complain to the ICO.
Right to Restrict Processing
You have the right to restrict our processing of your Personal Data where any of the following circumstances apply, although we will still be allowed to store it:
- where you feel that the Personal Data which we hold about you are not accurate. Processing will be restricted until you verify the accuracy of the information
- where the processing is unlawful and you do not want your Personal Data to be erased and request the restriction of its use instead;
- where we no longer need to process your Personal Data but the data may be required to establish, exercise or defend a legal claim
- where you have objected to our processing of your Personal Data pending the verification of whether or not our legitimate business interests override your interests, rights and freedoms.
Where you exercise your right to restrict our processing of your Personal Data, we will only continue to process it in accordance with the requirements of this policy or our legal obligations.
Right to Data Portability
You have a right to receive and transfer the Personal Data that we hold about you. This only applies to:-
- personal data you have provided to us
- where the data was processed by you giving us your individual consent or for the performance of a contract
- and where processing was carried out by automated means.
Where you make such a request, this will be provided in a structured, commonly used, machine readable format such as a CSV file. This will be completed within one month of us receiving your request.
Right to Object to Processing
In certain circumstances, you have a right to object to our processing of your Personal Data
- Where we have processed it as a legitimate interest (including profiling)
- Direct Marketing (including profiling)
- Processing for scientific / historical research and statistics
We will still be able to process your Personal Data where
- We can demonstrate compelling legitimate grounds for us to process your Personal Data which override your interests, rights and freedoms
- The processing is for establishment, exercise and defence of legal claims.
Right to Object to automated decision making including profiling
You have a right not to be subjected to decisions being made solely by automated means without any human involvement. This might be the case where quotations are obtained online. We will still be able to carry out this type of decision-making where:-
- It is necessary to enter into or for the performance of a contract (such as a contract of insurance) which is the main reason we would use this type of decision-making; or
- You have given your explicit consent for us to do so.
We will only process data in the way you would expect it to be used, and you will be entitled to have a person from our firm to review the decision so that you can query it and set out your point of view and circumstances to us.
Right to Withdraw Consent
Where the legal basis of Consent has been used for Childrens’ data or special categories of data, you have the right to withdraw that consent at any time. Where you exercise your right to withdraw consent of the processing of any children’s data or special categories of data, any data processed prior to the withdrawal of consent will remain valid.
7. Changes to this Notice
We may amend this notice on occasion, in whole or part, at our sole discretion. Any changes to this notice will be effective immediately upon publication on our website and documents. If at any time we decide to use your Personal Data in a manner significantly different from that stated in this notice, or otherwise disclosed to you at the time it was collected, we will notify you by e-mail or post and you will have a choice as to whether or not we use your information in the new manner.
8. Information about or provided by another person
Where your information for your policy has been provided to us by another person, we will send you a copy of this privacy notice directly to you, where we have your address, within one month of your policy being taken out. If we do not have / are unable hold your address for any reason, we will send a copy of this to the person arranging the insurance with instructions to pass this to you within one month. Where you have taken out a policy and provided us with information about another person, eg: an additional driver to your motor policy, an additional person to your travel insurance particularly where health conditions have been disclosed, it is unlikely we will have their address, and therefore you must provide them with a copy of this Privacy Notice so that they will know how their data is being used. Additional copies can be supplied on request.