Privacy Policy
Definitions
Unless explicitly stated otherwise, the following definitions will apply to the entirety of this document:
- [Our] or [We] or [Us] will refer to [Connect Insurance Brokers Ltd]
- [GDPR] will refer to [General Data Protection Regulation (EU) 2016/679]
- [You] or [Your] will refer to the natural persons reading this document as potential data subjects.
I. Introduction
GDPR replaces the EU Data Protection Directive of 1995. It supersedes the laws of individual Member States that were developed in compliance with the Data Protection Directive 95/46/EC. The purpose of the GDPR is to protect the ‘rights and freedoms’ of natural persons (data subjects). It does this by ensuring personal data is only processed with their explicit consent and knowledge
The regulation applies to both automated and manual processing of personal data. This means regardless of whether your personal data is processed via electronic devices such as computers, or via paper based methods, the principles of GDPR apply.
The regulation applies to all Data Controllers that are based within the European Union. It also extends to Data Controllers who process personal data relating to any data subjects resident within the European Union.
II. Our Data Controller
The Data Controller responsible for the processing of personal data for Us is the Company Director, Mr. David Mackenzie.
If you have any questions about the processing of your personal data, the Data Controller can be contacted at: data-control@connect-insurance.co.uk
III. The data that we collect and process.
To carry out our duties we require explicit informed consent to collect, store and process our customers data . There are many reasons that we may collect and process data, including Legitimate Interest.
i. Insurance Quotations
To provide an insurance quotation we must collect, store and process prospective customers personal data. We collect store and process personal data in relation to the calculating of insurance quotations and the arrangement of insurance policies. Personal data collected for the purpose of insurance quotations will be shared with relevant third parties. Examples of these third parties include regulatory bodies, insurance underwriters, and credit reference agencies. The third party(s) will never contact our data subject.
ii. Insurance Policies
We cannot provide insurance cover without collecting, storing and processing the personal data of our prospective customers. Where a data subject is satisfied with an insurance quotation we offer and provides explicit consent, we shall process their personal data for the purposes of providing a service; a contract of insurance. If necessary we will transfer the data subject’s personal data to third party Data Controllers relevant to the insurance contract including insurance underwriters and finance providers. Where an Insurance Contract has been enacted, the third party Data Controllers will have consent to communicate directly with the data subject where necessary.
iii. Supplementary Marketing
As an insurance broker who is informed of available products within the insurance market, we have a duty to our customers to keep them aware of other products that may be of value to them. The marketing we undertake is minimal, discreet and infrequent; we will typically only send marketing materials shortly after an insurance contract has been arranged to promote awareness of additional products provided by us that may be of interest. Connect will never send marketing promotions on behalf of a third party, nor sell/exchange personal data with a third party for the purposes of marketing. We may utilise third party services to facilitate marketing. For more information please see section [VII. Our Marketing Partners].
iv. Claims Management
We may need to be involved in the handling of claims. As a result we may need to collect and process personal data in relation to reporting, updating and communicating with all parties involved. Where the personal data of a third party data subject is provided to us, we will collect and process it in accordance with this Policy and only where we have legal basis to do so. The personal data we collect may be transferred to third party Data Controllers such as accident management companies, replacement vehicle hire companies, approved repairer networks and insurance underwriters where we are required to do so by law.
v. Finance Arrangement
As an insurance broker we offer finance options to our data subjects that are provided by third party Data Processors. Where consent has been provided by the data subject we will securely transfer the relevant personal data to the third party for processing in respect of the finance option selected.
vi. CCTV Footage
As an insurance broker with premises that can be attended by the public, we operate continuous CCTV systems for the purposes of security, safety and crime prevention.
vii. Cloud Based Services
With the consent of our data subjects we may transfer personal data to cloud based services. The data we transfer to these cloud based services will only be processed by Us. We will not permit any third parties to access the data or contact our data subjects without reasonable cause.
IV. How long do we keep your data.
Our data retention policy ensures that we only retain personal data for the amount of time necessary in order to conduct our business. Each category of personal data has a varying retention period attributed to it dependent on the purpose of collection. A brief summary of this can be seen below;
- Insurance Quotations: 24 months
- Insurance Policies: Indefinitely
- Marketing: 24 months
- Claims: Indefinitely
- Finance Arrangement: Indefinitely
- Non-Successful Job Applications: 12 months
- CCTV Footage: 45 days
- Call Recordings: Indefinitely
- Employee Details: Indefinitely
V. The rights of our data subjects.
To better protect the ‘rights and freedoms’ of natural persons, GDPR provides a more structured and simplified series of eight fundamental Rights that apply to all data subjects.
- Right of Access
- Right to Rectification
- Right to Erasure
- Right to Restriction of Processing
- Right to be Informed
- Right to Data Portability
- Right to Object
- Right to Not Be Subject to a Decision Based Solely on Automated Processing
In addition to the eight fundamental Rights specified above, the data subject also has additional assumed rights including the right to receive communications (even if they have opted out) in the event of a personal data breach, the right to withdraw consent at any time (where relevant), the right to complain to a supervisory authority, and the right to compensation.
If you would like to update your current consent preferences, please visit:
https://www.connect-insurance.uk/more/consent-management
For more information about your right to complain, refer to section [VIII. Complaints].
VI. How we protect your personal data.
We take data security very seriously and boast a very robust and resilient environment that is structured from the ground up with security at its heart. Our premises have appropriate physical, electronic and managerial procedures to prevent unauthorised access including continuous CCTV, alarm systems and secure access doors that cannot be bypassed without authorisation. Our electronic environment includes a state of the art firewall and unified threat management platform, anti-virus solutions, reporting schedules and auditing that ensure continuous transparency and visibility over data access and processing.
When transferring Personal Data outside our environment, we adhere to strict security measures. This involves encrypting data or using secure communication channels, including encrypted data streams, Virtual Private Networks (VPNs), secure email channels, or storing encrypted data on magnetic tape. In cases where personal data is stored on third-party servers, we take necessary precautions to ensure the safety and security of the environment, minimising the risk of personal data breaches while maintaining our ability to conduct business effectively.
VII. Our Marketing Partners
As part of our data processing for Supplementary Marketing we may securely transfer personal data to additional Data Processors so that we can make use of the functionality they offer. Our data subjects will never be contacted by the third party unless consent has been secured in advance.
i. TextAnywhere
https://fastsms.co.uk/
We use TextAnywhere to enable us to contact data subjects via SMS (text) message for marketing purposes, and also in relation to Insurance Quotations and Insurance Policies.
ii. Next Venture:
https://www.nextventure.co.uk/
We use Next Venture for the automated processing of personal data to improve efficiency of generating Insurance Quotations for our data subjects.
VIII. Complaints
Under Article 51 of GDPR, all data subjects have the right to complain to a supervisory authority. In the event that you are dissatisfied with how We collect, store or process your personal data, you are within your rights to raise a formal complaint.
You can raise a formal complaint with Us directly using the following information:
Post: Connect House, Foundry Street, S-o-T, Staffordshire, ST1 5HE
Email: complaints@connect-insurance.co.uk
Tel: 01782 280 280
If you are dissatisfied with the outcome of the formal complaint, you can escalate this to the supervisory authority. The supervisory authority for the United Kingdom is The Information Commissioner’s Office [ICO].
Post: Water Lane, Wycliffe House, Wilmslow, Cheshire, SK9 5AF
Email: international.team@ico.org.uk
Tel: 01625 545 745