The safety and security of data and information is of significant importance to Risk Assured (and our ultimate responsibility) and we ensure that its capture, storage, processing and destruction is secure at all times.
We have developed this Privacy Statement to let you know:
- Who we are
- How and why we collect personal data
- How we share your personal data
- Where we store your information
- Security of your data
- How long we will keep your information
- Your rights
1. WHO WE ARE
Risk Assured Limited is a company incorporated and registered in England with the company number 532944. Registered office Oakley House, Tetbury Road, Cirencester. Glos. GL7 1US.
Risk Assured Limited is regulated by the Financial Conduct Authority.
Risk Assured Limited can be found on the Information Commissioner’s Office Data Protection Register. Registration number – Z2656158
Risk Assured is the controller of personal data relating to our Clients and prospective Clients for the purposes of providing products and services, relationship management, marketing and business development.
Our Data Protection Officer is Ben Backhouse. If you have any questions about this privacy statement or how we use your personal information, his contact details are:
Telephone: 020 7183 3931
Address: Lancaster House, Amy Johnson Way, Blackpool, Lancashire FY4 2RJ
2. HOW AND WHY WE COLLECT PERSONAL DATA
2.1. Acting as Insurance Brokers
We act as insurance brokers for the provision of non-investment insurance products. These can include but are not limited to whole of life, term life, critical illness insurance and income protection products. As part of the process of obtaining an insurance policy you may give us information by completing forms (paper versions, electronic versions or through our website) or by contacting us by phone, email or otherwise.
Information is collected through our engagement process to enable us to verify your identity, allow a policy to be set up or to assist in any claims that are made. We’ll also use your personal information to provide ongoing administration of your policy, answer any queries and issue yearly statements.
We may also be given your personal information by third parties (such as your bank, accountant, investment adviser, insurance agent, family office or legal advisor) where you have asked them to refer you to an insurance broker.
Where we have other correspondence or interaction with you (for example by email, telephone, post, SMS or via our website), that correspondence will likely include personal information (such as names and contact details). This may include enquiries, reviews, follow-up comments or complaints lodged by or against you and disputes with you or your organisation.
Depending on the circumstances, the personal information we gather about you may include:
- Your name
- Date of birth
- Email address
- Phone number
- Financial information
- Details of existing policies with other insurance companies
- Details obtained automatically through your use of our website including cookies, tags and pixels.
In addition, we may gather special categories of data to include:
- Information on your health and any medical conditions
- Health records
- GP reports
- Specialist consultant reports
We will collect this information from you and may, with your consent, contact your doctor or other medical provider to provide this information. Where you undergo a medical assessment as part of the application process for an insurance policy, we may receive copies of the assessment from the assessment provider.
The health information referred to above is considered to be a “special category” of information which is particularly sensitive, and which therefore requires higher levels of protection. As a result of this, by law we need to have further justification for collecting, storing and using this type of personal information.
Where we hold special category data, we will keep the information for at least as long as your insurance policy is in force and for three years after the expiry of the policy as we may require the information for regulatory or legal purposes. We will not process this data unless you specifically request that we provide you with a review or further insurance quotation.
Where we hold special category data and you do not end up proceeding with an insurance policy, we will keep the information for five years from the date the decision is made not to proceed as we may require the information for regulatory or legal purposes. We will not process this data unless you specifically request that we provide you with a further insurance quotation.
2.2 Lawful basis for processing your personal data.
We may rely on a number of legal basis for collecting and further processing your personal data which are:
We need the personal information we collect about you in order to carry out our obligations and to provide you with the products and services under the terms of your contract with us. Without this we would not be able to assist you with the brokerage of an insurance policy.
We may also process your personal information to allow us to comply with certain legal obligations, such as FSCS and FCA regulation, to which we are subject. We will also work co-operatively with the national data protection authority, the ICO, in relation to any data protection matters.
We may process your personal information where it is necessary for our legitimate interests (or those of a third party such as the insurance provider), unless those legitimate interests are overridden by your interests or fundamental rights or freedoms.
Where we have received your consent, or in the case of “special category data” your explicit consent, to process your data.
We keep your personal information for as long as is necessary for us to complete our contract with you, to enable us to deal with any future enquiries from you, to deal with any claims and to enable us to comply with our legal obligations.
2.3 Direct Marketing
We will only use information we have collected about you such as your name, address, email address and phone number if you have positively opted in to receive information on products or services that may be of interest to you. We may collect this directly from you, or through a third party. If a third party collected your name and contact details, they will only pass those details to us for marketing purposes if you have consented to them doing so.
You always have the right to “opt out” of receiving our marketing. You can exercise the right at any time by contacting us. If we send you any marketing emails, we will always provide an unsubscribe option to allow you to opt out of any further marketing emails. If you “opt-out” of our marketing materials you will be added to our suppression list to ensure we do not accidentally send you further marketing. Where you unsubscribe from any postal marketing, you may initially still receive some content which has already been printed or sent, but we will remove you from any future campaigns. We may still need to contact you for administrative or operational purposes, but we will make sure that those communications do not include direct marketing.
If you are an existing customer or are acting in a professional capacity as part of a company or LLP we use your contact details as necessary for our legitimate interests in marketing to you and maintaining a list of potential customers.
If you are not an existing customer and are not acting in a professional capacity as part of a company or LLP, we will only contact you for marketing purposes with your consent (whether we have collected your details directly from you, or through a third party).
We never share your name or contact details with third parties for marketing purposes. However, where we provide your personal information to insurance companies and other third parties in accordance with this privacy statement, they may contact you for marketing purposes where you have given them your consent.
We may use third party service providers to send out our marketing but we only allow them to use that information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We retain your details on our marketing list until you “opt-out” at which point we add you to our suppression list. We keep that suppression list indefinitely to comply with our legal obligations to ensure we do not accidentally send you any more marketing.
2.4 Website Information and Cookies
We may collect information about you and your use of our website via technical means such as cookies, webpage counters and other analytics tools. We use this as necessary for our legitimate interests in administering our website and to ensure it operates effectively and securely.
Our cookies will not store information about you such as your name, address or payment details: they simply hold an identifier that is associated with this information. If you would prefer to restrict, block or delete cookies, you can use your browser to do this. Each browser is different, so check the ‘Help’ menu of your particular browser (or your mobile phone manual) to learn how to change your cookie preferences.
Below is a list of the cookies we use, and what we use them for.
|Google Analytics(__utma, __utmb, __utmc, __utmz)
|These cookies are used to collect information about how visitors use our website. The information includes the time of the current visit, whether you have been to the website before and what website referred you here. We use this information to estimate our audience size and usage pattern, so that we can improve our website by understanding how people use it.
For further information from Google on Google Analytics please go to google’s help page
|Google Maps (SID, SAPISID, APISID, SSID, HSID, NID, PREF)
|Google set a number of cookies on pages which include a Google Map. These cookies measure the number and behaviour of Google Maps users.
We keep the website information about you for 24 months from when it is collected or the relevant cookie expires.
Our website may, from time to time, contain links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
For more detailed information about cookies please visit www.aboutcookies.org which provides guidance on how to control cookies.
2.5 Employee Information
If you are employed by one of our Clients, the information we collect about you may include your contact information and details of your employment. This information may be collected directly from you or provided by your organisation. Your organisation should have informed you that your information would be provided to us and directed you to this policy. We use this as necessary for our legitimate interests in managing our relationship with your employer.
We keep this information for up to seven years after the end of our relationship with your employer.
2.6 Legal Claims
Where we consider there to be a risk that we may need to defend or bring legal claims, we may retain your personal information as necessary for our legitimate interests in ensuring that we can properly bring or defend legal claims. We may also need to share this information with our insurers or legal advisers. How long we keep this information for will depend on the nature of the claim and how long we consider there to be a risk that we will need to defend or bring a claim.
3 HOW WE SHARE YOUR PERSONAL DATA
As well as any sharing listed above, we may also share your information with third parties. Third parties are required to respect the security of your personal information and to treat it in accordance with the law. We never sell your data to third parties.
3.2 Why might we share your personal information with third parties?
We will share your personal information with insurance companies, reinsurance companies and retrocessionaires as required to enable us to obtain quotes and an insurance policy for you.
Where we share information with these organisations, they will be acting as a data controller in their own right and will not be our data processor. They will have their own obligations under data protection law and will handle your data in accordance with their own privacy policies.
We may also share your personal information with other third-party service providers to carry out the following services:
- Medical agencies that undertake and collect medical information either from you directly or from your medical practitioners
- Legal advice
- IT services
We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business where necessary.
If we are under a duty to disclose or share your personal information to comply with any legal obligation, or in order to enforce or apply our agreements with you, or to protect the rights, property, or safety of us, our customers, or others or where we have another legitimate interest in doing so then we may share your data. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We may from time to time share your personal information with the credit reference agency TransUnion (formerly Callcredit) for our legitimate interest of reducing credit risk. They will act as data controller in relation to their use of your personal information. For details of how they will use this information, see https:/www.callcredit.co.uk/legal-information/bureau-privacy-notice
3.3 How secure is your information with third-party service providers and other entities in our group?
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information. Where third parties process your personal information on our behalf as “data processors” they must do so only on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
4 WHERE WE STORE YOUR INFORMATION
Our registered office headquarters are based in Cirencester and data is located in the UK. However, where required to perform our contract with you or for our wider business purposes, the information that we hold about you may be transferred to, and stored at, a destination outside the UK. It may also be processed by staff operating outside the UK who work for us or for one of our service providers.
We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this privacy notice.
Some countries or organisations outside of the UK which we may transfer your information to will have an “adequacy decision” in place, meaning the UK considers them to have an adequate data protection regime in place.
If we transfer data to countries or organisations outside of the UK which the UK does not consider to have an adequate data protection regime in place, we will ensure that appropriate safeguards (for example, model clauses approved by the UK or a data protection authority) are put in place where required. To obtain more details of these safeguards, please contact us.
5 SECURITY OF YOUR DATA
As well as the measures set out above in relation to sharing of your information, we have put in place appropriate internal security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where necessary.
6 HOW LONG WILL WE KEEP YOUR INFORMATION FOR?
We have set out above indications of how long we generally keep your information. In some circumstances, it may be necessary to keep your information for longer than that in order to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
7 YOUR RIGHTS
Data protection law gives you a number of rights when it comes to personal information we hold about you. The key rights are set out below. More information about your rights can be obtained from the Information Commissioner’s Office (ICO). Under certain circumstances, by law you have the right to:
- Be informed in a clear, transparent and easily understandable way about how we use your personal information and about your rights. This is why we are providing you with the information in this notice. If you require any further information about how we use your personal information, please let us know.
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it (for instance, we may need to continue using your personal data to comply with our legal obligations). You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to us using your information on this basis and we do not have a compelling legitimate basis for doing so which overrides your rights, interests and freedoms (for instance, we may need it to defend a legal claim). You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party where you provided it to us and we are using it based on your consent, or to carry out a contract with you, and we process it using automated means.
- Withdraw consent. In the limited circumstances where we are relying on your consent (as opposed to the other bases set out above) to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate interest in doing so.
- Lodge a complaint. If you think that we are using your information in a way which breaches data protection law, you have the right to lodge a complaint with your national data protection supervisory authority (if you are in the UK, this will be the ICO).
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, withdraw your consent to the processing of your personal information or request that we transfer a copy of your personal information to another party, please contact us.
No fee is usually required. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you. We may need to request specific information from you to help us understand the nature of your request, to confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Please consider your request responsibly before submitting it. We will respond to your request as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will let you know.
8 CHANGES TO THIS PRIVACY AND COOKIES STATEMENT
Any changes we make to our privacy notice in the future will be posted on our website and, where appropriate, notified to you by e-mail or otherwise. Please check back frequently to see any updates or changes to our privacy notice.