Here at the Collective group, comprising Collective Society Ltd, Collective Benefits Ltd, and Collective Denmark ApS (they’re our fancy official legal names and more simply “we” or “us” and where required, “Collective”, “Collective Benefits”, “collectivebenefits.com” also meaning the websites and applications www.collectivebenefits.com, app.collectivebenefits.com our Halo app and partners.collectivebenefits.com and referred to as “the Sites), we take your privacy seriously. The relevant Collective group company with whom you engage will be a controller of your data. We are committed to protecting the privacy of any personal data we collect, organise, structure, share, use, or other wise process about you, complying with all relevant and applicable data protection legislation, in particular the General Data Protection Regulation (EU) 2016/679 ("GDPR") in respect of our EU based activities and the UK Data Protection Laws in respect of our UK activities, and only using your data asset out in this policy. That’s very important to us. This Privacy Policy along with any additional terms of use, terms of business and/or end-user licence agreement (EULA) apply to your use of the Sites. Please grab a cup of coffee or tea (and perhaps a biscuit if you’re peckish) and take the time to read this Privacy Policy, as it is important for you to understand how we collect and use your data when you use our website. This Privacy Policy explains how we collect, use and store the personal data you provide to us. If you have any questions about our Privacy Policy, please contact us through the details set out in the ‘Get in touch’ section below.
‘Personal Data’ is data that relates to you and identifies or can be used to identify you – this might be your name, email address, or other digital identifiers relating to you such as cookies, IP addresses or logs (think of it a little like bringing the classic board game ‘Guess Who’ into the 21st Century).We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:
Name, username, date of birth
Billing address, email address or telephone numbers
Bank account number, sort code, account holder name or otherinformation you provide us about your bank account
Your preferences in receiving marketing from us and our third partiesand your communication preferences
Username and password, income or salary information, your preferences, feedback and survey responses
Your current or former physical or mental health this is referred to as “special category data” under the relevant data protection legislation.
Includes cookies, internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types, and versions your device’s gyroscope data, operating system and platform and other technology devices you use to access the Sites. When using the crash detection feature on our Halo app, we’ll also collect your device’s gyroscope data (rotational movements of your device), device network connection and Wi-Fi data, and telematics data from your device such as GPS position, speed, direction etc.
Details about payments to and from you and other details of servicesyou have purchased from us, including payment card information
Information about how you use the Sites and services
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your Personal Data but is not considered Personal Data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website or platform feature. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.
Throughout this Privacy Policy we use the terms “Customer” and “Customers” to refer to on-demand platforms and other platforms, businesses and communities that work with and support flexible workers. This Customer may have also arranged insurance coverage as part of your work with them. We use the term “Partner” or “Partners” to refer to insurance intermediary, insurers and third-party suppliers. Where we need to collect Personal Data by law or under the terms of a contract we have with you or one of our Customers or Partners and you do not provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case.
We collect Personal Data about you when you access our the Sites, register with us either directly or via one of our Customers, contact us, send us feedback, post material to one of our platforms and or interact with us through the Sites over the telephone, or face to face.
We collect this Personal Data from you either directly, such as when you register with us, or contact us,and indirectly, such as your browsing activity while on the Sites(see ‘Cookies’ below).
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your identity and contact information by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
create an account;
Automated technologies or interactions. We’ll automatically collect technical data about your equipment, browsing actions and patterns when you use the Sites. We’ll also automatically collect telematics and gyroscope data from your device when you use the Halo app’s crash detection feature. We collect this personal data:
using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies. Please see our cookie policy for further details; and
Third parties or publicly available sources. We receive personal data about you from various otherthird parties and public sources as set out below:
technical data from analytics providers such as Google based outside the UK; and
We will only use your Personal Data when the law allows us to. We have set out below descriptions of the ways we plan to use your Personal Data and the legal basis we reply on to do so. Sometimes our basis for doing so is because of our legitimate interest, which we have also set out in the table. A legitimate interest is when we have a business or commercial reason to use your information which, when balanced against your rights, is justifiable.
With the exception of the Halo app (more on this below!), we don’t rely on consent as a legal basis for processing your personal data. But we’ll make sure to get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. If you want to know exactly which legal ground we’re relying on (where more than one ground is set out in the table), please get in touch.
To register you on our platform
To develop our services and grow our business
To process your orders or requests and to deliver services to you effectively, which may include the selling of regulated products, like insurance, unregulated products and/or access to deals, discounts and offers provided by third party suppliers.
Being efficient about how we deliver our services and fulfil our obligations.
To allow the functioning of the Halo app’s crash detection feature, we need your personal data to:
Being efficient about how we deliver our services and fulfil our obligations including managing and maintaining insurance policies.
To manage our relationship with you and to optimise and improve our business and our services.
To process insurance provide insurance policies, evidence of cover, processing of claims and complaints relating to insurance cover or claims.
Being efficient about how we deliver our services and fulfil our obligations including managing and maintaining insurance policies including claims and complaints.
To carry out necessary compliance and fraud checks
To determine whether you fall within our acceptable risk profile and to assist with the prevention of fraud
To manage our relationship with you which may include:
To manage our relationship with you and to optimise and improve our business and our services
To administer and protect our business and our Sites
Running our business, provision of administration and IT services, network security, and improvement of the Sites.
To send you information which we think may be of interest to you, such as newsletters, publications, information about other products and services we offer
To develop and inform our marketing strategies
In some jurisdictions such as the UK we are entitled to send you marketing information in relation to our services where you have not opted out of receiving such communications. We will only rely on soft opt in where we are permitted to.
To deliver relevant content and advertisements to you on the Sites and measure or understand the effectiveness of advertising we serve you.
To study how customers use our services, to develop them, to grow our business and to inform our marketing strategy
To communicate with you
To consider and respond to communications that you send to us and inform you of relevant information in relation to your account or the Sites
To use data analytics to improve the Sites products / services, marketing, customer relationships and experiences
To define types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy
To make suggestions and recommendations to you about services that may be of interest to you, including promotional offers.
To develop our services and grow our business
To confirm that you work with a particular Customer
Please be aware that we may process sensitive Personal Data (the official legal name under the relevant Data Protection Legislation is “special category data”), particularly relating to your current or former physical or mental health but unless we are permitted by law we will never do so without your explicit consent. We may need to do so to provide you with your insurance cover, administer your policy, process your claims and manage any complaints relating to the same. You can withdraw your consent at any time by contacting us through the details in the ‘Get in touch’ section below. Be aware Privacy Policy that if you do withdraw your consent it may not be possible to continue providing your insurance through our platform.
We are also entitled to process Personal Data where necessary to comply with any legal obligations which we are subject to; to establish or defend any legal claims so as to protect our or your legal rights, or the legal rights of other interested parties; or to obtain or maintain our own insurance cover, obtain professional advice or otherwise manage business risks.
As we’ve said above, we will only send you information which we think you will be interested in. Where you are not a customer this will be where you have requested it. Where you are a customer, and unless we expressly state otherwise for your jurisdiction where express opt-in may be required, our standard position is we gave you an option to opt-out of receiving such information when you registered with us. If you didn’t opt-out but have now changed your mind, please feel free to opt-out at any time. We understand that you do not want your inbox full of unwanted messages. We will get your express opt-in consent before we share your Personal Data with any other company for the purposes of third-party marketing. You can ask us or third parties to stop sending you marketing messages at any time by contacting us through the details set out in the ‘Get in touch’ section below or by using the opt-out tool provided in each marketing communication. Where you opt-out of receiving marketing messages, this will not apply to Personal Data provided to us as a result of a product/service purchase, claims processing or any other transaction.
No not the biscuit you’re currently eating. We use cookies in accordance with our cookie policy, if you want to learn more about them click here.
We have put in place security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. These measures include using bank-grade encryption to protect your data when we store it and we ensure that, if we are sending it across the internet, it is encrypted. We also limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to access it.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We only keep data for as long as we reasonably need it to fulfil the purposes we collected it for,including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
We keep the Personal Data you have used to register with our platform until you delete your account. If you have been inactive on the platform for a period of 12 months, we will automatically delete your account information.
We keep data from your insurance claims as well as from fraud detection in accordance withthe applicable statute of limitation in order to document our performance towards ourPartners and Customers.
Personal data about your use of the website will be deleted at the latest, in accordance with our cookie policy. You can read more by clicking here.
If you have signed up for our newsletters or other marketing material, like prize draws, we will keep your personal data for as long as you wish to receive this material from us. We retain documentation on your consent in accordance with the applicable statute of limitation.
Any feedback or survey responses you provide will be anonymised after a period of 3 months.
You can request that we delete your Personal Data at any time, but we are not obliged to delete the data in all circumstances. We will not delete the data when we continue to have a legal basis to process it. In some circumstances we may anonymise your Personal Data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you
We may share your Personal Data with our Customers, Partners or any legal or regulatory authority:
As necessary in order to provide our Services
If you specifically request this, such as when you submit information to enquire about ourproducts or services or to make a claim.
With payment providers, where this is done through an API to our payment providers websites.
When we are required to do so to comply with a contractual obligation or legal requirement orwith the directions of the courts or other authorities.
To prevent illegal activity or to protect our interests.
Where it is needed to help our trusted third-party services to provide and improve our services to you, such as our software developers, insurance partners, underwriters or claims management providers, to carry out surveys and user analysis to understand your needs and preferences. We contractually require these service providers to keep your Personal Data safe and secure and to treat it in accordance with the law. These trusted parties would only be permitted to use your Personal Data for the purposes we specify.
With our banks, professional advisers, debt collectors, insurers and brokers, credit reference agencies and auditors to manage and administer our business.
As necessary to defend or protect our legal rights.
Where we share your Personal Data with third-party service providers we require them to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
The Sites may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy notices and privacy policies. When you leave our website, we encourage you to grab another cup of coffee or tea (and a biscuit if you have not already done so) and read the privacy notices and policies of every third-party website you visit.
Countries outside the UK may have a lower standard of protection for Personal Data than that required by UK data protection laws. The information we collect from you may be transferred to and stored outside the UK(including for example to the EU , and the United States of America) and will also be processed by people operating outside the UK who work for us or one of our suppliers, especially in the EU . If we need to transfer your data to a company based outside the UK (e.g. to provide technology for email, subscription and payment support), we will take steps to make sure your Personal Data is handled in line with UK law by implementing appropriate safeguards, such as relying on a UK Government adequacy decision (which the United Kingdom currently has) or the approved Standard Contractual Clauses. If you would like any more detail on the specific mechanism used by us to transfer your Personal Data outside the UK, please get in contact with us through the details set out in the ‘Get in touch’ section below.
If we are subject to negotiations for the sale of our business or part of it, we are sold to a third-party or undergo a reorganisation we may need to first disclose and transfer some or all of your Personal Data to the relevant third-party or its advisors as part of the due diligence process. Our legal ground fordoing this is our legitimate interest to make changes to our business. If a new business purchases us and we no longer run this business your data will be transferred to that new company and they will be in contact with you about how they process your data. We will ensure that they comply with this Privacy Policy until they update with you with their privacy policy.
You have the right to stop using the Sites at any time. Please note that, in these circumstances, we may keep your data for the reasons set out in the ‘And how long do we keep your data for?’ section above.
You also have the following rights when it comes to our handling of your Personal Data:
Right of access – you have the right to request a copy of the Personal Data we have about you and to request supporting information explaining how the Personal Data is used. You are entitled to know whether or not we process Personal Data about you; the purpose for which we process your data; the categories of your data we process; details about who we share your data with and if it’s transferred outside the UK; if you didn’t provide your data to us, details of where we got it; the criteria for determining our retention periods. Please note that sometimes we may ask you to provide proof of identity before we show you your Personal Data - so we can prevent unauthorized access and ensure we are complying with the data protection laws.
Right of rectification – you have the right to request that we rectify any inaccurate or incomplete Personal Data about you that we have.
Right of erasure – you have the right to request that we erase all Personal Data about you that we have (please note that we may be able to reject or restrict the request in some circumstances, depending on the information we hold and our lawful reason to keep it). You will have a right to erasure where: we rely on consent and you have withdrawn it; to comply with a legal requirement; we rely on legitimate interests and following your objection we do not have an overriding right to continue; the purpose for which we originally collected your data has finished.
Right to restrict processing – in some situations, you have the right to request that we do not use the Personal Data you have provided (e.g. if you believe it to be inaccurate or if you have object to us processing on the grounds of legitimate interest).
Right to object, including to direct marketing – you have the right to object to certain processing by us of your Personal Data (unless we have overriding compelling grounds to continue processing) and the right to object to direct marketing by us
Right to withdraw consent – you have the right to withdraw consent at any time where we are relying on consent to process your data
Right to data portability – you have the right to request that we provide you with certain information that you have provided to us in electronic format or to provide that information toa third party if such data is processed by us on the basis of consent or performance of a contract
If you would like to exercise any of these rights (including having access to your Personal Data), please contact us through the details set out in the ‘Get in touch’ section below.
We’re particularly proud of our Halo app, but that’s not why we’ve given it its own section here. The way you’ll use the app is different to the way you use the other Sites, so it’s very important that you read over this part of the policy in detail.
You’ll need to consent to our processing of your location data. This includes access to your precise location when you’re driving and use of the Halo App crash detection and SOS software.
You can withdraw consent to us processing your location data while using the Halo app. You can withdraw your consent at any time by disabling such permissions in your settings.
Additionally, you may change your mind and withdraw consent at any time by contacting us at help@collectivebenefits.com. This won’t affect the lawfulness of any processing carried out before you withdraw your consent.
However, please note that if you do not consent to the processing of your location data, the app will not work properly.
In addition to the uses of the data and our grounds set out in the first table, we wanted to clarify a couple of things.
If you use the crash detection feature on our Halo app, data may be sent to alert us to the possibility of a crash.
Halo’s crash detection feature doesn’t identify who is driving the vehicle, but telematics data and our assessments of driving behaviour can be linked to an individual, for example when we discuss driving feedback with you as your insurance provider, and in the event of a claim.
Telematics data (driving data/behaviours) collected from your device by the Halo app may be used in the assessment of liability in the event of a claim and in statistical analysis to assist us in product assessment and development.
Please note that if you allow other drivers to drive your car while you’re using the Halo app, their driving behaviours will have an impact on the telematics data collected from your device and could impact your premium with us as your insurance provider.
We only keep data for as long as we reasonably need it to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
Like the other data we process, we may share your Personal Data with our Customers, Partners or any legal or regulatory authority.
We will share your location, telematics and gyroscope data with K-Safe Limited, a company that specialises in enhancing driver safety. All the data we send to Flare will be anonymised and it allows Flare to create an algorithm, allowing us to see certain patterns across the data.
We understand you may have questions, requests, comments and complaints arising from this Privacy Policy. If so, just get in touch with us through the following details:
Collective Society Ltd
201 Haverstock Hill
Second Floor c/o FKGB
London NW3 4QG
Congratulations on reading all of this – we hope you enjoyed that cup of coffee or tea and go on, treat yourself to a biscuit. We love a custard cream.
If you are resident in the European Union you have the right to make a complaint at any time to the data protection at https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. We would, however, appreciate the chance to deal with your concerns before you approach a Data Protection Agency, so please contact us in the first instance.
In case you are in Slovenia or Croatia, we use your Personal Data slightly differently. If the information below conflicts with the information we provided earlier, the information below prevails with regards to you, if you are in Slovenia or Croatia.
To send you information which we think may be of interest to you, such as newsletters, publications, information about other products and services we offer.
To make suggestions and recommendations to you about services that may be of interest to you, including promotional offers.
We will only send you information which we think you will be interested in. We will send you certain information, such as, inter alia, newsletters, publications, information about some other products and Privacy Policy services, and for suggestions and recommendations about services that may be of interest, including promotional offers (if these is not done while you are using the platform) only if you agreed to receiving such information when you registered with us. If you didn't opt-in but have now changed your mind, you are very welcome to opt-in at any time. If you opted-in but have now changed you mind, please feel free to opt-out.
In case you are in Poland, we use your Personal Data slightly differently. If the information belowconflicts with the information we provided earlier, the information below prevails with regards to you, ifyou are in Poland.
As we’ve said above, we will only send you information which we think you will be interested in. We will send you marketing communications where you have consented to our sending such information via direct means of communication(e.g. email, SMS, push, phone).We will get your express opt-in consent before we share your Personal Data with any other company for the purposes of third-party marketing. You can ask us or third parties to stop sending you marketing messages at anytime by contacting us through the details set out in the ‘Get in touch’ section below. Where you resign from receiving marketing messages, this will not apply to Personal Data provided to us as a result of a product/service purchase, claims processing or any other transaction.
In case you are in Hungary, we use your Personal Data slightly differently. If the information below conflicts with the information we provided earlier, the information below prevails with regards to you, if you are in Hungary.
To manage our relationship with you which may include:
To manage our relationship with you
To manage our relationship with you which may include:
N/A
To send you information which we think may be of interest to you, such as newsletters, publications, information about other products and services we offer
N/A
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of advertising we serve you.
N/A
To use data analytics to improve our website, products / services, marketing, customer relationships and experiences
N/A
To make suggestions and recommendations to you about services that maybe of interest to you, including promotional offers.
N/A
We will send you marketing messages based on your consent and the same applies if we share your Personal Data with any other company for the purposes of third-party marketing. You can ask us or third parties to stop sending you marketing messages at any time by contacting us through the details set out in the ‘Get in touch’ section.
National Authority for Data Protection and Freedom of Information
Address:
1055 Budapest, Falk Miksa utca 9-11
Mailing address:
1363 Budapest, Pf.: 9.
Phone number:
+36 (1) 391 1400
Fax number:
+36 (1) 391-1410
Email address:
ugyfelszolgalat@naih.hu
Website:
https://naih.hu/
In case you are in Cyprus, we use your Personal Data slightly differently. If the information below conflicts with the information we provided earlier, the information below prevails with regards to you, if you are in Cyprus.
To manage our relationship with you which may include:
To manage our relationship with you
To manage our relationship with you which may include:
N/A
To send you information which we think may be of interest to you, such as newsletters, publications, information about other products and services we offer
N/A
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of advertising we serve you.
N/A
To use data analytics to improve our website, products / services, marketing, customer relationships and experiences
N/A
To make suggestions and recommendations to you about services that maybe of interest to you, including promotional offers.
N/A
You are not legally obligated to provide us with any Personal Data about you, but rather the provision thereof is subject to your consent and free will. However, where we need to collect Personal Data bylaw or under the terms of a contract we have with you or one of our Customers or Partners and you do not provide that data when requested, we may not be able to perform the contract we have or are Privacy Policy trying to enter into with you. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case.
As we’ve said above, we will only send you information which we think you will be interested in. Where you are not a customer this will be where you have requested it. Where you are a customer, we gave you an option to opt-in of receiving such information when you registered with us. If you have opt-in but have now changed your mind, please feel free to opt-out at any time. We understand that you donot want your inbox full of unwanted messages. We will get your express opt-in consent before we share your Personal Data with any other company for the purposes of third-party marketing. You can ask us or third parties to stop sending you marketing messages at any time by contacting us throughthe details set out in the ‘Get in touch’ section below or by using the opt-out tool provided in eachmarketing communication. Where you opt-out of receiving marketing messages, this will not apply toPersonal Data provided to us as a result of a product/service purchase, claims processing or anyother transaction.
In case you are in Italy, we use your Personal Data slightly differently. If the information below conflictswith the information we provided earlier, the information below prevails with regards to you.
The collection of usage data, data analytics and any other data to improve our website, products / services, marketing, customer relationships and experiences is based on your free consent (GDPR art. 6(1)(a)).
To process your orders or requests and to deliver services to you effectively, which may include the selling of regulated products, like insurance, unregulated products and/or access to deals, discounts and offers provided by third party suppliers.
N/A
To manage our relationship with you which may include:
To manage our relationship with you
To improve our business and our services which may include:
N/A
To use data analytics to improve our website, products /services, marketing, customer relationships and experiences
N/A
In case you are in the Netherlands, we use your Personal Data slightly differently. If the information below conflicts with the information we provided earlier, the information below prevails with regards to you, if you are in the Netherlands.
As we’ve said above, we will only send you information which we think you will be interested in. Where you are not a customer, we will only send you marketing communications based on your express opt-in consent. Where you are a customer, we may send you marketing communications about similar products and services offered by us without obtaining your prior consent if you didn’t opt-out of receiving such information when you registered with us. If you have now changed your mind, please feel free to opt-out at any time. We understand that you do not want your inbox full of unwanted messages.
We will get your express opt-in consent before we share your Personal Data with any other company for the purposes of third-party marketing. You can ask us or third parties to stop sending you marketing messages at any time by contacting us through the details set out in the ‘Get in touch’ section below. Where you opt-out of receiving marketing messages, this will not apply to Personal Data provided to us as a result of a product/service purchase, claims processing or any other transaction.
In case you are in France, we use your Personal Data slightly differently. If the information below conflicts with the information we provided earlier, the information below prevails with regards to you, if ou are in France.
To register you on our platform
N/A
To process your orders or requests and to deliver services to you effectively, which may include the selling of regulated products, like insurance, unregulated products and/or access to deals, discounts and offers provided by third party suppliers.
N/A
To process insurance claims and complaints relating to insurance cover or claims.
N/A
To carry out necessary compliance and fraud checks
To determine whether you fall within our acceptable risk profile and to assist with the prevention of fraud
To administer and protect our business and our website
Running our business, provision of administration and IT services, network security, and improvement of our website
To send you information which we think may be of interest to you, such as newsletters, publications, information about other products and services we offer
N/A
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of advertising we serve you.
N/A
To communicate with you
N/A
To manage our relationship with you which may include:
To manage our relationship with you
To manage our relationship with you which may include:
N/A
To send you information which we think may be of interest to you, such as newsletters, publications, information about other products and services we offer
N/A
To use data analytics to improve our website, products / services, marketing, customer relationships and experiences
To define types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy
To make suggestions and recommendations to you about services that maybe of interest to you, including promotional offers.
N/A
To confirm that you work with a particular Customer
N/A
We will send you marketing messages based on your consent and the same applies if we share your Personal Data with any other company for the purposes of third-party marketing. You can ask us or third parties to stop sending you marketing messages at any time by contacting us through the details set out in the ‘Get in touch’ section or by using the opt-out tool provided in each marketing communication.
CNIL - Commission nationale de l'informatique et des libertés
Address:
3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07
Phone number:
01 53 73 22 22
Website:
https://www.cnil.fr/
In compliance with legal requirements, before fully erasing your Personal Data we will keep it duly blocked for the statute of limitations of potential claims that may arise as a consequence of its processing. Once said period has elapsed, we will fully erase your Personal Data.
As the United Kingdom is no longer part of the European Union the processing of UK resident data is no longer subject to GDPR. Instead the UK Data Protection Laws are made up of the retained EU law version of the GDPR (UK GDPR) and the Data Protection Act 2018 (DPA 2018). On a day to day basis this makes little difference for your Personal Data as the GDPR and the UK GDPR are almost identical.
We keep the Data Protection situation between the UK and the EU under continuous review and will update our policies as and when required.
The key areas which may differ from some other EU countries are in relation to marketing, retention, and international transfers. And how we process Financial Data.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
We may use your Identity, Contact, Technical, Transaction and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).You will receive marketing communications from us if you have requested information from us or signed up for products or services from us and you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by contacting us through the details set out in the ‘Get in touch’ section below or by using the opt-out tool provided in each marketing communication. Where you opt-out of receiving marketing messages, this will not apply to Personal Data provided to us as a result of a product/service purchase, claims processing or any other transaction.
We keep certain data on record for seven years to ensure we meet the FCA’s requirements.
Countries outside the UK have differing data protection laws, some of which may provide levels of protection of privacy. The information we collect from you may be transferred to and stored outside the UK (including for example to the European Union) and will also be processed by people operating outside the UK who work for us or one of our suppliers, especially in the European Union. If we need to transfer your data to a company based outside the UK (e.g. to provide technology for email, subscription and payment support), we will take steps to make sure your Personal Data is handled inline with UK GDPR by implementing appropriate safeguards, such as relying on a UK government adequacy decision (which the EEA currently has as do all countries outside the EEA which the European Commission deems as adequate). Where we transfer your Personal Data outside of the UK to a country where a UK adequacy decision is not available we will rely on standard data protection clauses issued further to the UK GDPR. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time we will not transfer your personal data outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by applicable data protection law and reflected in an update to this policy. If you would like any more detail on the specific mechanism used by us to transfer your Personal Data outside the UK, please get in contact with us through the details set out in the ‘Get in touch’ section below.
In the UK we do not take or store any of your financial information such as bank details or credit cards. These are securely handled directly and independently by our payment providers who only provide a payment confirmation to us. If you need to make payment through our website this will be done by what is called an API (essentially a digital tunnel) to our payment provider websites. Please review their privacy policy to understand how they look after your payment data.
We have recently launched a new motor insurance product in the UK. We will receive your Personal Data from one of our Partners who for this product will be the agency with whom we contract.
Our Partner will ensure they have all the necessary legal grounds to share your Personal Data we need to deliver this product. This Personal Data is the same as the Personal Data collected by us for all other products such as Identity Data and Contact Data, we will also collect your vehicle registration data, details of your existing insurance policy. Finally, we may also need to collect an additional element of Sensitive Data if you have had any sever motoring convictions in the last 3 Years. All of this data is processed by us on the basis of performance of a contract as we need this information to check your eligibility for the Motor Product and then prepare the relevant document if you are eligible. In addition to performance of a contract we also rely on consent to process any criminal conviction data that you provide to us.
This Personal Data will be shared with our insurance Partners to establish your eligibility for the Motor Product. The results with then be shared back to the Partner agency who provided us with your details.
The Information Commissioners Office (that’s the UK’s data protection regulator) is no longer a member of the EU’s Data Protection Board and therefore any complaints you have about data processing in the UK will need to be addressed to the Information Commissioner's Office (ICO), who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.
We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.