This Privacy Notice covers the information practices of Fidentia Insurance Brokers Limited (registered number: 08620374), a data controller whose registered office is at:
Fidentia Insurance Brokers Limited
4th Floor CR, Lloyds Avenue House
6 Lloyds Avenue, London
We take the confidentiality of your personal information and the protection of your privacy seriously and this Statement sets out how we meet our obligations regarding data protection and the rights of customers and prospective customers (‘data subjects’) in respect of their personal data under the General Data Protection Regulation (‘the Regulation’) and any related local data protection legislation.
The Regulation defines “personal data” as any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Fidentia is committed to both the letter and the spirit of the law, placing high importance on the correct, lawful, and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals with whom it deals. Please contact us if you have any queries on any aspect of this Privacy Notice.
2.SHARING YOUR DATA
As a Data Controller, we are responsible for safeguarding your personal data. Where we have a specific Non-Disclosure Agreement in place with you, your data will only be shared with your explicit prior consent in accordance with its terms.
We do not sell, rent or trade our mailing lists, phone numbers or email addresses.
We may collect information from you about other people, for example, family members who may drive your car or who may be included on a travel or household insurance policy. If you give us information about another person it is your responsibility to ensure and confirm that:
3.THE DATA PROTECTION PRINCIPLES
- you have permission from the individual to provide that personal information to us and for us to use it, as set out in this Privacy Notice.
We comply with the following Principles (set out in the Regulation) in relation to Personal Data. It will be:
4.HOW WE WILL COLLECT INFORMATION ABOUT YOU
- 1. processed lawfully, fairly and in a transparent manner in relation to the data subject;
- 2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes;
- 3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- 4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- 5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject;
- 6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
We will only collect and process personal data for and to the extent necessary for the specific purpose(s) informed to you. The information obtained about you will be:
- that which is supplied by you and your agents and representatives,
- information received from insurers and their agents,
- generally available such as online and from third party data processors,
- searches that we undertake in relation to sanctions, money laundering, and credit checks.
This includes data that you input to our webpages, whether this is in relation to raising an enquiry with us, obtaining a quotation (even if this process is discontinued before being finished), or requesting documentation.
The information obtained could include your name, contact details, date of birth, gender, marital status, financial details, details of occupants of your property, employment details, benefit coverage, and details of your visits to and usage of our website. We may also collect sensitive personal data about you such as criminal convictions or health information (a full list of sensitive personal data is set out in Article 9 of the GDPR
5.Information from other sources
We may use legal public sources such as the electoral roll and other third party sources such as credit reference agencies to obtain information about you, for example to verify your identity or check your credit history. Some personal information may be provided to us by third parties such as insurance companies, other insurance intermediaries and motor vehicle licensing authorities. In some cases you will have previously submitted your personal information to them and given them approval to pass this information on for certain purposes.
Such information will only be obtained from reputable sources which operate in accordance with the General Data Protection Regulation.
6.HOW WE WILL USE YOUR INFORMATION
The Data Controllers shall ensure that all personal data collected and processed is kept secure and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Your personal information will be used to enable us to fulfil our role in relation to your insurance cover and provision of any ancillary risk management services. This will be by:
- assessing your circumstances and insurance needs;
- presenting such details to insurers for the purpose of obtaining quotes and placing cover;
- arranging premium finance arrangements;
- contacting you about products and services available from Fidentia which may be of interest to you;
- processing claims;
- undertaking checks to guard against fraud, money laundering, bribery and other illegal activities;
- handling complaints; and
- analysing data, identifying trends, and developing our business services.
To ensure that our processing of your data is lawful, such processing will only be undertaken if:
- 1. you have given your consent;
- 2. processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
- 3. processing is necessary for compliance with a legal obligation to which we are subject;
- 4. processing is necessary in order to protect your vital interests;
- 5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
- 6. processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, particularly where the data may relate to a child.
Under the Data Protection Act (DPA) we were permitted to process data under ‘implied consent’ (an assumption of permission to do something that is inferred from an individual's actions rather than explicitly provided). Because we need to process your data in order to provide our services to you we rely on the implied consent provision – this does not extend to ‘sensitive’ personal data (as defined in the DPA and the Regulation) for which explicit consent is required. Under the Regulation we will no longer be able to process your personal data under ‘implied consent’.
We may also analyse your data, either in isolation or with other data, to identify patterns, trends and associations, to assist us in making strategic business decisions.
We may contact you about relevant products and services which may be of interest to you. If you do not wish your data to be used in this way you should write to us at: GDPRoptout@fidentiains.com
7.DISCLOSURE OF YOUR PERSONAL INFORMATION
We will only supply your personal information to other parties where such a transfer is a necessary part of the activities that we undertake, where you give us consent or where we are required to do so by law or regulation (e.g. where the disclosure is necessary for the purposes of the prevention and/or detection of crime).
As an intermediary we must disclose personal information to insurance companies, underwriting agencies, business partners and other parties in order to provide our products and services and to enable you to enter into insurance contracts. Examples of other parties include other insurance intermediaries, loss adjusters, regulatory bodies, legal and accountancy firms involved in the claims handling process. We may also share your personal information with fraud prevention agencies such as the Claims and Underwriting Exchange Register and Motor Insurance Anti-Fraud and Theft Register. We may pass information relating to your insurance policy and any incident to the operators of these registers, their agents and suppliers.
For motor insurance we share information with the Motor Insurance Database (MID) which may be used to establish whether a driver is insured to drive a vehicle and/or for preventing or detecting crime. If you are involved in an accident in the UK or abroad, the MID may be searched to obtain relevant policy information. You can find out more at www.mib.org.uk
We may also disclose your information to service providers engaged to perform services on our behalf. Such service providers are contractually restricted from using or disclosing the information we give them except as necessary to perform services on our behalf or to comply with legal requirements.
We only share your information if we are satisfied that our partners or suppliers have sufficient measures in place to protect your information in the same way that we do.
We may also disclose personal information to new owners of our business in the event that we are subject to a merger or acquisition. Disclosure may also be made to enable company audits, regulatory inspections or to investigate a complaint, suspicion of fraud or a security threat.
We never share your information outside our organisation for marketing purposes.
You understand that we may disclose the information you provide to relevant other parties for the purposes described in this Notice.
It is our policy to retain documents and information about you, including insurances effected on your behalf, in electronic or paper format for a minimum of seven years or such longer period as appropriate having regard to when a claim or complaint may arise in connection with our processing of your information. The lawful basis for this processing is that it is necessary for the protection of our legitimate interests. After seven years, these may be destroyed without notice to you. It is thus advisable to retain all documentation issued to you.
8.WHAT ARE YOUR RIGHTS
You have the right to:
- information about how your data is processed,
- access the data we hold about you which will be provided to you within one month of your request, and is free of charge unless we reasonably believe that your request is manifestly unfounded or excessive,
- have incomplete or inaccurate data rectified,
- the deletion or removal of personal data where there is no compelling reason for us to continue to process it,
- restrict our processing of your personal data (although we will still be permitted to store it),
- data portability (with effect from 25 May 2018 we will be obliged to provide your data in a format that allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability),
- object to our processing your data where we do so in connection with our legitimate interests, or in relation to our profiling your data or using it for marketing purposes.
If you would like to exercise any of your rights above (including withdrawal of consent) you may do so by writing to us at the address at the beginning of this notice, or e-mailing us with specific details of your request at: GDPRoptout@fidentiains.com
9.TRANSFERRING PERSONAL DATA TO A COUNTRY OUTSIDE THE EEA
The Data Controllers may from time to time transfer (‘transfer’ includes making available remotely) personal data to countries outside of the EEA. This will take place only if one or more of the following applies:
- The transfer is to a country, territory, or one or more specific sectors in that country (or an international organisation), that the European Commission has determined ensures an adequate level of protection for personal data;
- The transfer is to a country (or international organisation) which provides appropriate safeguards ;
- The transfer is made with the informed consent of the relevant data subject(s);
- The transfer is necessary for the performance of a contract between the data subject and the Company (or for pre-contractual steps taken at the request of the data subject);
- The transfer is necessary for important public interest reasons;
- The transfer is necessary for the conduct of legal claims;
- The transfer is necessary to protect the vital interests of the data subject or other individuals where the data subject is physically or legally unable to give their consent; or
- The transfer is made from a register that, under UK or EU law, is intended to provide information to the public and which is open for access by the public in general or otherwise to those who are able to show a legitimate interest in accessing the register.
We ask that you not send us, nor disclose to us, any sensitive Personal Information (e.g. information related to racial/ethnic origin, political opinions, criminal background, trade union membership, religion or other beliefs, health, biometrics or genetic characteristics) on or through the Website.
If you wish to make a complaint about how we hold or use your data, please contact us at the above address.
If you are dissatisfied with how we deal with your complaint, you may contact the Information Commissioner's Office:
The Information Commissioner Wycliffe House Water Lane Wilmslow Cheshire, SK9 5AF; Phone: 08456 30 60 60 Website: www.ico.gov.uk
12.CHANGES TO OUR PRIVACY NOTICE
From time to time, we may change our privacy notice. The effective date of this privacy notice, as indicated at the beginning of this privacy notice, indicates the last time this privacy notice was revised. Checking this effective date allows you to determine whether there have been changes since the last time you reviewed the notice. We will notify you of changes to this privacy notice by posting a revised privacy notice on our Website. Your use of the Website following these changes means that you accept the revised privacy notice.