The privacy and security of your information is important to us. This notice explains who we are, the types of information we hold, how we use it, who we share it with and how long we keep it. It also informs you of certain rights you have regarding your personal data under current data protection law. We will update this notice as required. Therefore, we suggest you revisit the copy of this notice on our website periodically to keep yourself informed.
The terms used in this Fair Processing Notice are based on those used by the Information Commissioner’s Office (ICO). Find out more about the ICO.
Who are we?
Geo Underwriting, part of Ardonagh Advisory, is the Data Controller of the information you provide us and is registered with the Information Commissioner’s Office for the products and services we offer.
You can contact us for general data protection queries by email to: advisorydataprotection@ardonagh.com or in writing to The Ardonagh Advisory Data Protection Officer, Suite P The Octagon, Colchester, CO1 1TG. Please advise us of as much detail as possible to comply with your request.
For further information about the Ardonagh Group of companies please visit ardonagh.com/about-us/business-portfolio. Please note that different parts of the group may have different data protection officers.
What information do we collect and from whom?
To enable us to provide you with the products or services to meet your needs we will collect personal information which may include your name, telephone number, email address, postal address, occupation, date of birth, additional details of risks related to your enquiry or product and payment details (including bank account number and sort code) from you or your representative. Some of these details may also be required about other individuals who will benefit from the product or services we provide. In some of our call centre operations we may routinely record telephone conversations.
We may need to request and collect sensitive personal information such as details of convictions or medical history for us to provide you with the product or service or to process a claim. Some of our websites may record information about the website journeys that have been taken.
When conducting risk surveys or handling claims we may process pictures, videos and dashcam footage provided by you, or taken by other parties including assessors, members of the public and claimants.
We may need to request and collect sensitive personal information such as details of convictions or medical history from you, for us to provide you with the product or service or to process a claim. We only collect and process sensitive personal data where it is critical for the delivery of a product or service and without which the product or service cannot be provided.
We may also collect personal data for marketing purposes from publicly available sources or product development purposes where it is in our legitimate interests to do so.
How do we use your personal data?
We will use your personal data for the purposes set out in the table below.
|
Purpose for which we may process your data |
Legal basis for processing this data |
|---|---|
|
Assess and provide the products or services that you have requested; this may include a search with a credit reference bureau, or data enrichment services |
Processing in connection with a contract |
|
Communicate with you to provide our services, including risk advice and analysis |
Processing in connection with a contract |
|
Develop new products, systems and services |
Legitimate interests |
|
Undertake statistical and risk analysis |
This will be on a legitimate interested basis unless we conduct specific work for you on a contractual basis |
|
Marketing and other self-promotional activity, market research, customer feedback and/or customer sentiment analysis |
Legitimate interests |
|
Support monitoring and quality management of our employees and processes |
Processing in connection with a contract |
|
Complaints, auditing and meeting other regulatory requirements such as processing details of vulnerable customers |
FCA regulations |
|
Sale or negotiations with a view to selling or refinancing all or part of our business |
Contractual |
|
Prevention and detection of financial crime |
Financial Crime regulations |
In the course of arranging and administering insurance we may, in certain circumstances, need to process special classes of personal information, typically medical or criminal conviction data. The legal basis we process these classes of data is the insurance substantial public interest condition which can be found in part 2 of schedule 1 of the data protection act 2018. Our appropriate policy document in respect of this use is available upon request from advisorydataprotection@ardonagh.com.
Please note that as we typically process data on the legal basis that it relates to a contract of insurance, or a contract to provide you with risk advice, the right to erasure, which does not apply to personal information processed for a contractual purpose, will not be applicable in those instances. This also means that you will be unable to withdrawn consent for personal data that is not processed on the basis of consent, as contractual data will need to be retained for contractual reasons.
We may also take the opportunity to:
- contact you about products that are closely related to those you already hold with us
- provide additional assistance and advice about risk and insurance news, products, or services, as part of any advised insurance services that we provide to you
- notify you of important functionality changes to our websites
Occasionally, we may use your information to provide you with details of marketing or promotional opportunities and offers relating to other products and services from other companies in the Ardonagh Group, subject to relevant marketing regulations and permissions.
From time to time we will need to call you or your broker for a variety of reasons relating to your products or service (for example, to update you on the progress of a claim or to discuss renewal of your insurance contract). We are fully committed to Ofcom regulations and have strict processes to ensure we comply with them.
We may aggregate information and statistics for developing new and existing products and services, and we may also provide this information to third parties. These statistics will not include information that can be used to identify any individual.
Any new information you provide us may be used to update an existing record we hold for you.
Securing your personal information
We have implemented mandatory security procedures in the storage and disclosure of your personal information in line with industry practices, including storage in electronic and paper formats.
We store all the information you provide to us, including information provided via forms you may complete on our websites, and information which we may collect from your browsing (such as clicks and page views on our websites).
We also require our business partners, suppliers, and third parties to implement mandatory security procedures that are equivalent to our own, to protect your information from unauthorised access, use, and disclosure.
When do we share your information?
To help us prevent financial crime, your details may be submitted to fraud prevention agencies and other organisations where your records may be searched, including the Claims and Underwriting Exchange (CUE) and the Motor Insurers Anti-Fraud and Theft Register (MIAFTR).
In addition to companies within the Ardonagh Group, we may share information with other organisations (for example insurers, loss adjustors or data enrichment services, credit lenders, auditors or claims management companies) to deliver some of our products or provide all or part of the service requested by you. In these instances, while the information you provide will be disclosed to these companies, it will only be used for the provision and administration of the service provided (for example verification of any quote given to you or claims processing, underwriting and pricing purposes or to maintain management information for analysis).
We may share your information with other Ardonagh group companies to provide risk management, risk analysis, which may include pricing analysis, and other related services to support our service to you. We may also share your data within the group and with specialist third parties to enrich this data to provide greater risk insights into your business.
We, or our partners, may make searches of your credit history. These searches may leave a record on your credit history.
We may use firms involved in financial management regarding payment, or firms providing auditing services and may need to share personal data with them
We may also share your data with other companies who carry out market research on our behalf and who may contact you for the purpose of obtaining feedback on the products and services we offer. We may also share limited personal information with specialist partners to gain greater insights into our markets and how best to reach them.
We may share contact information within The Ardonagh Group of companies to assist in providing you with risk advice and keeping you informed about additional products and services. For more information on the companies within the Ardonagh Group, please click here http://www.ardonagh.com/about-us/business-portfolio.
We may share you data with prospective buyers or alternative suppliers in the event that we wish to sell all or part of our business or block transfer insurance risks to another provider.
We may of course be obliged by law to pass on your information to the police or other law enforcement body, or statutory or regulatory authority including but not limited to the Employer’s Liability Tracing Office (ELTO) and the Motor Insurance Bureau (MIB).
We may also share your information with anyone you have authorised to deal with us on your behalf.
If we provide information to a third party, we will require it and any of its agents and/or suppliers to take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Fair Processing Notice.
Any personal references we give or receive are done so under and expectations of strict confidentiality.
International transfers
The data we collect about you may be transferred to, and stored at, a destination outside of the European Economic Area (“EEA”). It may also be processed by staff operating outside of the EEA who work for us or for one of our suppliers. Such staff may be engaged in, amongst other things, the provision of information you have requested.
Whenever we send information outside of the EEA, we will ensure that we have taken the appropriate steps to do so in a manner compliant with the relevant data protection legislation, typically standard EU contractual clauses with a UK addendum. Transfer risk assessments are undertaken where appropriate.
Your rights
There are a number of rights that you have under data protection law. Commonly exercised rights are:
- Access – You may reasonably request a copy of the information we hold about you.
- Erasure - Where we have no legitimate reason to continue to hold your information, you have the right to have your data deleted (sometimes known as the right to be forgotten).
- Please note that this right does not apply to personal data processed in relation to a contract. Therefore, personal data related to contracts of insurance, including quotations, are not subject to this right.
- Correction – you may request correction of the personal information we hold about you to enable any incomplete information to be corrected.
- We may use automated decision making in processing your personal information for some services and products. You can request a manual review of the accuracy of an automated decision if you are unhappy with it.
Further details on all of your rights are available on the ICO website.
How to complain
If you have any concerns about our use of your personal information, our complaints policy and online complaint form can be found here. Alternatively you can make a complaint to us by email to advisorydataprotection@ardonagh.com or in writing to The Ardonagh Advisory Data Protection Officer, Suite P The Octagon, Colchester, CO1 1TG
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF
Helpline number: 0303 123 1113
ICO website: ico.org.uk