We collect, control and process your personal information because this is necessary to provide you with information, answer any queries you may have and for the provision of our services to you. Contractual necessity is therefore the lawful basis for collecting, controlling and processing your personal details and those of your employees and service providers other than sensitive personal data for which we require individual consent. We do not normally request or process any sensitive personal data.
Sensitive personal data:
• Racial or ethnic origin
• Political opinions
• Religious or philosophical beliefs
• Trade union membership
• Genetic data
• Biometric data
• Data concerning health
• Data concerning sex life or sexual orientation
We would discuss with you the need for the provision of sensitive data before you provide this information. The subsequent provision of sensitive personal data will be taken as consent to this processing.
It is entirely up to you as to whether or not you choose to provide us with any personal information. If you choose not to, we simply may not be able to assist you.
We may use your personal data for marketing purposes within our group of companies but only where you have opted to receive this. We will not share your personal data with any other organisation for marketing.
Once we have responded to your enquiry your data will be transferred to our local encrypted server located in the UK. Where communications are ongoing we will store your contact details on internal content management systems.
We collect and use information about you, which will include personal data in order for us to advise you and make arrangements for you. In order to communicate with you about our services we will require your contact details including personal email addresses. Your name and email and information relating to the work we undertake for you will be processed and stored.
All telephone calls are recorded and monitored for training and quality control purposes.
In order to fulfill our obligations under any contract for services we will need to share your data with third party Data Controllers and Data Processors.
This will include
• Product & service providers in relation to insurances and consumer credit.
• Our compliance monitoring services.
• The Financial Conduct Authority.
• The Financial Ombudsman Service.
• Any other regulators where so required.
• Solicitors and Loss Adjusters in the event of insurance claim being made by or against you. These Data Controllers may be acting either on your behalf or by a third party making a claim against.
• Credit reference agencies. You should be aware that any Credit check we undertake may leave a footprint on your credit history.
We also use external Data Processors that will hold information for the following purposes:
• Secure file sharing
• Data backup
• Claims Management
• Record keeping
• Regulatory compliance
• Credit broking
All external processors are only permitted to process your data in line with our instructions.
Below is a list of the processors used and the types of information processed. Please note that the Privacy & Security policies of the processors are aimed at the controllers who use them and may be updated.
Type of processing & data
|Google Analytics||We use google analytics to monitor the performance of our web site|
|Dropbox||We use Dropbox to securely share files and documents that contain or may contain personal data pertinent to the work we undertake for clients and for our staff.|
|Mailchimp.||We use MailChimp in order to efficiently send email updates to you as part of our ongoing services. Your name and email address are stored to facilitate this.|
|Back office system||We use ‘The Agency Manager (TAM)’ & CSR24 supplied by Applied Systems Ltd to manage your insurances|
|Call recording system||TIM (Tri Line) to record all telephone conversations|
|Consumer Credit||We use the ‘i-Prompt’ portal provided by Close Brothers Premium Finance or the portal operated by Premium Credit Ltd to manage any Consumer Credit we may have arranged in respect of your insurances.|
|Off site Data Back-ups||We back-up the data our our In-house servers to secure servers operated by Vapour Media Ltd. This is to prevent the loss of data in the event of a Data Protection incident affecting our In-house servers and to enable us to maintain continuity of service to our customers with minimal disruption. This contract is managed by Pure Techology Ltd on our behalf.|
|Banking Arrangements||We use the ‘Bankline’portal provided by our Bankers National Westminster Bank Ltd to manage our electronic banking facilities.|
|Sanctions List Checks||We are required to confirm that our customers are not on the Sanctions List maintained by HM Treasury and other overseas authorities. We use SanctionsSearch provided by Professional Office Ltd to undertake these checks both on initial appointment and on an ongoing basis whilst we act on your behalf.|
|Secure e-mail||Mimecast and RPost We use these to communicate securely with you.|
|CSR24||We use a secure online portal for clients to view and download their confidential documents.|
|ClickSend||We use an email to SMS system to contact our clients on their mobile devices.|
In all cases we seek to minimise the amount of personal data shared and in some cases anonomise this. It is essential, however, that we can identify you quickly and easily so information shared may be identifiable as your personal data.
We will not share your personal information in any other circumstances than those necessary for the provision of service to you or where we are required to do so by law.
All the data that we collect is stored on our encrypted server or encrypted back-up drives in the UK or with our listed processors under contract.
The information we collect about you is used solely for the purposes for which it was provided. Where we have collected information form you for marketing purposes we will inform you and specifically gain your consent.
Under data protection law you have the right to ask us for a copy of the information we hold about you (Subject Access Request), and to have any inaccuracies corrected or removed. You may also ask us to delete or cease processing all personal data held by us or any processor with which we have shared your data. We may not always be able to comply with a request for deletion, but you can ask us to cease processing your data.
In addition you have the right to be informed about the data we collect, where is located and with whom it is shared and the processing we undertake and to question any automated decision making processes
To do this, or if you require more information please either contact us in writing, by telephone or email.
We will not normally charge you a fee for handling a Subject Access Request.