Thank you for trusting Us with information about you. We take that trust seriously and We want you to know how We use your information and why. This document describes the legal basis on which We Process and store data about you, the insurance that you either hold or may consider holding, and other related data.
If you have queries about how We use your data, or comments or questions about this Policy, please do email Us on firstname.lastname@example.org
Policy updates: We keep this Policy under regular review, and this page may be updated from time to time.
2. Who are We?
In this document the words “We”, “Us” and “Our” refers to Warranty & Creditor Services, (and the trading name “My Gadget Umbrella”). Our address is 6 Faraday Office Park, Rankine Road, Basingstoke, Hampshire. RG24 8QB.
3. The purpose of this notice
This policy is designed to help you understand what kind of information We collect in connection with Our products and services and how We will Process and use this information. In the course of providing you with products and services We will collect and Process information that is commonly known as Personal Data.
This Notice describes how We collect, use, share, retain and safeguard Personal Data.
This Notice sets out your individual rights; We explain these later in the Notice but in summary these rights include your right to know what data is held about you, how this data is Processed and how you can place restrictions on the use of your data.
In this Policy, there are words and phrases that have a specific meaning or that We are using in a special way. They are:
“Personal Data” any information which relates to an identifiable living human being.
“Process” We “Process” your Personal Data when We do anything with it, which might include: collecting, recording, organising, storing, adapting, altering, retrieving, using, combining, disclosing, or deleting it.
“Customer” a person who interacts with Us in relation to Our business.
5. Your data and what We do with it.
In order for Us to arrange and administer your insurance policy for you, or to provide you with information about insurance you are contemplating buying We will collect and Process Personal Data about you. The data We collect is so that We can ensure that We can identify you, and the equipment you are insuring and maintain your policy accurately. We record details of products you have insured, your name and contact details and insurance premiums and claims in Our computer systems in order to provide the service We have promised you.
We will use your Personal Data for the performance of Our contract with you, to quote for and provide you with insurance products and services, to Process claims and renewals, to administer your policy and Our business, to respond to any requests from you about services We provide and to Process complaints.
We may collect data from you in writing, over the telephone, on Our websites or via the websites of Our partner organisations, or when you write to Us directly or where We provide you with paper based forms for completion, or where We complete a form in conjunction with you. We take care to ensure the physical security of all the places where your data can be accessed and ensure that only authorised personnel can retrieve information about you.
We may record your communications with Us when contacting Us.
We store bank details if you elect to pay your premiums by direct debit, you can cancel a direct debit at any time at your bank, or by calling Us.
6. Sharing your data
We will share your Personal Data within Our business and with Our business partners. This is normal practice within the insurance industry where it is necessary to share information in order to place, quantify and underwrite risks, to assess overall risk exposure and to Process claims. It is also necessary to determine the premium payable and to administer Our business.
We also share Personal Data with authorised third parties, this is necessary where We are required to do so by law, where We need to administer Our business, to quote for, source, place and administer your insurances, to perform underwriting activities and to Process claims. Some examples follow:
- Debt recovery agencies;
- Claims handling companies;
- Equipment repair companies;
7. Data Security
Our systems are protected by up to date firewalls and software to reduce the risk of accidental release of data or access by unauthorised persons. All Our data is encrypted at all times and We take additional precautions with data relating to your payment and financial records.
On websites We control We use industry standard encryption at all times and you should always be able to see that the security is active through the browser you use to access Our sites. You will see a locked padlock next to the URL.
We do not receive or store credit card details on any database even if you are asked to make a payment to Us over the telephone. We will suspend call recording while those details are provided, and they will not be stored.
We store Bank account details in order to collect payments where you pay by direct debit. These details are encrypted as soon as they are provided.
We do not use any credit checking and We have no information about your credit history.
8. Retention periods
We are required to keep records of insurance policies for regulatory and statutory reporting reasons.
We retain your Personal Data at the end of any contractual agreement for a maximum period of 7 years from the last transaction related to your policy. (We reserve the right to retain claims and complaints data indefinitely for fraud reduction). We retain Personal Data where you have given us permission to provide you with information about products or services We offer until you withdraw your permission.
The retaining of data is necessary for contractual, legal and regulatory purposes, and We retain such data as is required for Us to meet Our regulatory obligations and legitimate business interests, as permitted by law, for statistical analysis and product development.
Sometimes We may need to retain your data for longer, for example if We are representing you or defending ourselves in a legal dispute or as required by law or where evidence exists that a future claim may occur.
9. Cookies and analytics
We record aggregated information, such as the pages that are visited, and the time the pages are displayed, as you browse Our pages. We use this information to aid the design of the website.
10. Data sharing – 3rd parties
We do not sell or exchange your Personal Data with other organisations. If you hold insurance through Us then your data will be shared with the insurance company underwriting your policy. We will also have to share relevant data when you have a claim with companies that undertake repairs or replacement of your product as a part of your contract with Us. We always ensure that these companies comply with data protection regulations.
We use a variety of software platforms to run Our business. If you have a question about the platforms We use, please email Us at email@example.com
12. Where is your data located?
We use a combination of bespoke and commercial software. Our insurance records are held on a secure server located in the UK, and on backups held in the UK and the EU. Other data may be Processed by software packages which operate via the cloud.
This means that some of your data may be held in the EEA, and some may be held in services in the USA (with suitable data privacy shields) or elsewhere. We always pick mainstream suppliers with appropriate security standards, and validate that they meet the requirements of data protection legislation.
13. Your rights
Individuals are provided with legal rights governing the use of their Personal Data. These grant individuals the right to understand what Personal Data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its Processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its Processing. Individuals can also request the deletion of their Personal Data.
These rights are known as Individual Rights under the Data Protection Act 2018. Individuals can exercise their Individual Rights at any time.
In exercising your Individual Rights, you should understand that in some situations We may be unable to fully meet your request, for example if you make a request for us to delete all your Personal Data, We may be required to retain some data for taxation, prevention of crime and for regulatory and other statutory purposes.
The flow of data within the insurance sector is complex and We ask you to keep this in mind when exercising your ‘rights of access’ to your information. Where We may be reliant on other organisations to help satisfy your request this may impact on timescales.
If you have a complaint about the way We are handling your information or how We have responded to a request for information or removal, you can take this up in the first instance by emailing Us at firstname.lastname@example.org
If We can’t sort it out, the relevant supervisory authority for Us is the Information Commissioner for the UK. You can contact them here.
We are both a data controller and a data Processor.
A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
A data ‘Processor’ means the individual or organisation which Processes Personal Data on behalf of the controller.
Where We collect data directly from you, We are considered to be the controller of that data. Where We use third parties to Process your data, these parties are known as Processors of your Personal Data. Where there are other parties involved in underwriting or administering your insurance they may also Process your data in which circumstance We will be a joint data controller of your Personal Data.
Our Data protection officer is : Mark Andrews.