Personal Data Protection Policy

Definitions

Unless explicitly stated otherwise, the following definitions will apply to the entirety of this document:

  • [Our] or [We] or [Us] will refer to [Connect Insurance Brokers Ltd]
  • [GDPR] will refer to [General Data Protection Regulation (EU) 2016/679]
  • [You] or [Your] will refer to the natural persons reading this document as potential data subjects.

I. Introduction

GDPR replaces the EU Data Protection Directive of 1995 and supersedes the laws of individual Member States that were developed in compliance with the Data Protection Directive 95/46/EC. The purpose of the GDPR is to protect the ‘rights and freedoms’ of natural persons (data subjects) by ensuring their personal data is only processed with their explicit consent and knowledge

GDPR applies to both automated and manual processing of personal data. This means regardless of whether your personal data is processed via electronic devices such as computers, or via paper based methods, the principles of GDPR shall still apply.

GDPR applies to all Data Controllers that are based within the European Union and/or process personal data relating to any data subjects resident within the European Union.

II. Our Data Controller

The Data Controller responsible for the processing of personal data for Connect Insurance Brokers Ltd is the Company Director, Mr. David Mackenzie.

If you have any questions about the processing of your personal data, the Data Controller can be contacted by email at: [email protected]

III. The data that we collect and process.

In order for Connect Insurance Brokers Ltd to carry out our duties, we require explicit informed consent to collect, store and process data relating to our customers. There are many reasons that we may collect and process data;

i. Insurance Quotations
We are unable to provide an insurance quotation without collecting, storing and processing the personal data of our prospective customers; we therefore collect store and process personal data in relation to the calculating of insurance quotations and the arrangement of insurance policies. Personal data collected for the purpose of insurance quotations will be shared with third parties relevant to the generation of insurance quotations; examples of the third parties include regulatory bodies, insurance underwriters, and credit reference agencies. The third party(s) will never contact our data subject.

ii. Insurance Policies
As an insurance broker we are unable to provide insurance cover without collecting, storing and processing the personal data of our prospective customers. Where a data subject is satisfied with an insurance quotation we offer and provides explicit consent, we shall process their personal data for the purposes of providing a service; a contract of insurance. Where necessary we will transfer the data subject’s personal data to third party Data Controllers relevant to the insurance contract including insurance underwriters and finance providers. Where an Insurance Contract has been enacted, the third party Data Controllers will have consent to communicate directly with the data subject where necessary.

iii. Supplementary Marketing
As an insurance broker who is informed of available products within the insurance market, we have a duty to our customers to keep them aware of other products that may be of value to them. The marketing we undertake is minimal, discreet and infrequent; we will typically only send marketing materials shortly after an insurance contract has been arranged to promote awareness of additional products provided by us that may be of interest. We will never send marketing promotions on behalf of a third party, nor sell/exchange personal data with a third party for the purposes of marketing. We may utilise third party services to facilitate marketing. For more information please see section [VII. Our Marketing Partners].

iv. Claims Management
As an insurance broker who is required to be involved in the handling of claims, we may need to collect and process personal data in relation to reporting, updating and communicating with all parties involved. Where the personal data of a third party data subject is provided to us, we will collect and process it in accordance with this Policy and only where we have legal basis to do so. The personal data we collect may be transferred to third party Data Controllers such as accident management companies, replacement vehicle hire companies, approved repairer networks and insurance underwriters where we are required to do so by law.

v. Finance Arrangement
As an insurance broker we offer finance options to our data subjects that are provided by third party Data Processors. Where consent has been provided by the data subject we will securely transfer the relevant personal data to the third party for processing in respect of the finance option selected.

vi. CCTV Footage
As an insurance broker with premises that can be attended by the public, we operate continuous CCTV systems for the purposes of security, safety and crime prevention.

vii. Cloud Based Services
As an insurance broker with the consent of our data subjects we may transfer personal data to cloud based services such as databases (Rackspace), marketing platforms (Zonal), communications platforms (FastSMS) and automated processing platforms (Next Venture). The data we transfer to these cloud based services will only be processed by Us and we will not permit the above named third parties to access the data or contact our data subjects without reasonable cause.

IV. How long do we keep your data.


Our data retention policy ensures that we only retain personal data for the amount of time necessary in order to conduct our business. Each category of personal data has a varying retention period attributed to it dependant on the purpose of collection. A brief summary of this can be seen below;

  1. Insurance Quotations: 24 months
  2. Insurance Policies: Indefinitely
  3. Marketing: 24 months
  4. Claims: Indefinitely
  5. Finance Arrangement: Indefinitely
  6. Non-Successful Job Applications: 12 months
  7. CCTV Footage: 45 days
  8. Call Recordings: Indefinitely
  9. Employee Details: Indefinitely

V. The rights of our data subjects.


To better protect the ‘rights and freedoms’ of natural persons, GDPR provides a more structured and simplified series of eight fundamental Rights that apply to all data subjects.

  1. Right of Access
  2. Right to Rectification
  3. Right to Erasure
  4. Right to Restriction of Processing
  5. Right to be Informed
  6. Right to Data Portability
  7. Right to Object
  8. Right to Not Be Subject to a Decision Based Solely on Automated Processing
In addition to the eight fundamental Rights specified above, the data subject also has additional assumed rights including the right to receive communications (even if they have opted out) in the event of a personal data breach, the right to withdraw consent at any time (where relevant), the right to complain to a supervisory authority, and the right to compensation.
If you would like to update your current consent preferences, please visit:
https://www.connect-insurance.co.uk/about/consent/managing-consent.php
For more information about your right to complain, refer to section [VIII. Complaints].

VI. How we protect your personal data.


We take data security very seriously and boast a very robust and resilient environment that is structured from the ground up with security at its heart. Our premises have appropriate physical, electronic and managerial procedures to prevent unauthorised access including continuous CCTV, alarm systems and secure access doors that cannot be bypassed without authorisation. Our electronic environment includes a state of the art firewall and unified threat management platform, anti-virus solutions, reporting schedules and auditing that ensure continuous transparency and visibility over data access and processing.

Personal Data is only transferred outside of our environment in an encrypted format or via a secure communication channel; this can be either in the form of encrypted data streams, Virtual Private Networks, secure email channels or as encrypted data stored on magnetic tape. Where personal data is stored on a third party server, we take adequate precautions to ensure that the respective environment is safe and secure, and that the risk of a personal data breach is as minimised as possible without impeding our ability to conduct business.

VII. Our Marketing Partners
As part of our data processing for Supplementary Marketing we may securely transfer personal data to additional Data Processors so that we can make use of the functionality they offer. Our data subjects will never be contacted by the third party unless consent has been secured in advance.
i. FastSMS
https://fastsms.co.uk/
We use FastSMS to enable us to contact data subjects via SMS (text) message for marketing purposes, and also in relation to Insurance Quotations and Insurance Policies.
ii. Zonal Marketing Technologies
https://www.zonal.co.uk/
We use Zonal Marketing Technologies to enable us to contact data subjects via Email for marketing and update purposes using their Power2Market platform.
iii. Next Venture:
https://www.nextventure.co.uk/
We use Next Venture for the automated processing of personal data to improve efficiency of generating Insurance Quotations for our data subjects.
iv. Rackspace:
https://www.rackspace.com/
We use a cloud-based database provided by Rackspace to store and organise personal data that is collected for the purpose of Insurance Quotations.

VIII. Complaints

Under Article 51 of GDPR, all data subjects have the right to complain to a supervisory authority. In the event that you are dissatisfied with how We collect, store or process your personal data, you are within your rights to raise a formal complaint.

You can raise a formal complaint with Us directly using the following information:

Post: Connect House, Foundry Street, S-o-T, Staffordshire, ST1 5HE

Email: [email protected]

Tel: 01782 280 280

If you are dissatisfied with the outcome of the formal complaint, you can escalate this to the supervisory authority. The supervisory authority for the United Kingdom is The Information Commissioner’s Office [ICO].

Post: Water Lane, Wycliffe House, Wilmslow, Cheshire, SK9 5AF

Email: [email protected]

Tel: 01625 545 745