Privacy Policy

Last updated: May 2022
Introduction

Here at the Collective group, comprising Collective Society Ltd, Collective Benefits Ltd, and Collective Denmark ApS (they’re our fancy official legal names and more simply “we” or “us” and where required, “Collective”, “Collective Benefits”, “collectivebenefits.com” also meaning the websites and applications www.collectivebenefits.com, app.collectivebenefits.com our Halo app and partners.collectivebenefits.com and referred to as “the Sites), we take your privacy seriously. The relevant Collective group company with whom you engage will be a controller of your data. We are committed to protecting the privacy of any personal data we collect, organise, structure, share, use, or other wise process about you, complying with all relevant and applicable data protection legislation, in particular the General Data Protection Regulation (EU) 2016/679 ("GDPR") in respect of our EU based activities and the UK Data Protection Laws in respect of our UK activities, and only using your data asset out in this policy. That’s very important to us. This Privacy Policy along with any additional terms of use, terms of business and/or end-user licence agreement (EULA) apply to your use of the Sites. Please grab a cup of coffee or tea (and perhaps a biscuit if you’re peckish) and take the time to read this Privacy Policy, as it is important for you to understand how we collect and use your data when you use our website. This Privacy Policy explains how we collect, use and store the personal data you provide to us. If you have any questions about our Privacy Policy, please contact us through the details set out in the ‘Get in touch’ section below.

So, what data do we collect about you?

‘Personal Data’ is data that relates to you and identifies or can be used to identify you – this might be your name, email address, or other digital identifiers relating to you such as cookies, IP addresses or logs (think of it a little like bringing the classic board game ‘Guess Who’ into the 21st Century).We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:

Identity data

Name, username, date of birth

Contact data

Billing address, email address or telephone numbers

Financial data

Bank account number, sort code, account holder name or otherinformation you provide us about your bank account

Marketing and Communications data

Your preferences in receiving marketing from us and our third partiesand your communication preferences

Profile data

Username and password, income or salary information, your preferences, feedback and survey responses

Sensitive personal data

Your current or former physical or mental health this is referred to as “special category data” under the relevant data protection legislation.

Technical data

Includes cookies, internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types, and versions your device’s gyroscope data, operating system and platform and other technology devices you use to access the Sites. When using the crash detection feature on our Halo app, we’ll also collect your device’s gyroscope data (rotational movements of your device), device network connection and Wi-Fi data, and telematics data from your device such as GPS position, speed, direction etc.

Transaction data

Details about payments to and from you and other details of servicesyou have purchased from us, including payment card information

Usage data

Information about how you use the Sites and services

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your Personal Data but is not considered Personal Data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website or platform feature. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.

Throughout this Privacy Policy we use the terms “Customer” and “Customers” to refer to on-demand platforms and other platforms, businesses and communities that work with and support flexible workers. This Customer may have also arranged insurance coverage as part of your work with them. We use the term “Partner” or “Partners” to refer to insurance intermediary, insurers and third-party suppliers. Where we need to collect Personal Data by law or under the terms of a contract we have with you or one of our Customers or Partners and you do not provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case.

How do we collect your Personal Data?

We collect Personal Data about you when you access our the Sites, register with us either directly or via one of our Customers, contact us, send us feedback, post material to one of our platforms and or interact with us through the Sites over the telephone, or face to face.

We collect this Personal Data from you either directly, such as when you register with us, or contact us,and indirectly, such as your browsing activity while on the Sites(see ‘Cookies’ below).

We use different methods to collect data from and about you including through:

And how do we use your Personal Data?

We will only use your Personal Data when the law allows us to. We have set out below descriptions of the ways we plan to use your Personal Data and the legal basis we reply on to do so. Sometimes our basis for doing so is because of our legitimate interest, which we have also set out in the table. A legitimate interest is when we have a business or commercial reason to use your information which, when balanced against your rights, is justifiable.

With the exception of the Halo app (more on this below!), we don’t rely on consent as a legal basis for processing your personal data. But we’ll make sure to get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. If you want to know exactly which legal ground we’re relying on (where more than one ground is set out in the table), please get in touch.

What we use your Personal Data for
What Personal Data we collect
Our legal grounds for processing
Our legitimate interest (if applicable)

To register you on our platform

  • Identity
  • Contact
  • Profile
  • Performance of a contract with you
  • Legitimate interests

To develop our services and grow our business

To process your orders or requests and to deliver services to you effectively, which may include the selling of regulated products, like insurance, unregulated products and/or access to deals, discounts and offers provided by third party suppliers.

  • Identity
  • Contact
  • Transaction
  • Performance of a contract with you
  • Legitimate interests

Being efficient about how we deliver our services and fulfil our obligations.

To allow the functioning of the Halo app’s crash detection feature, we need your personal data to:

  • provide you with customer support;
  • monitor your driving and your driving behaviour;
  • assist you in case of an accident;
  • use automated processing to allow the Halo app to provide notifications to you;
  • create your account on the app.
  • Identity
  • Contact
  • Profile
  • Technical (including telematics and gyroscope data)
  • Usage
  • Marketing and communications
  • Consent
  • Performance of a contract with you
  • Legitimate interests

Being efficient about how we deliver our services and fulfil our obligations including managing and maintaining insurance policies.

To manage our relationship with you and to optimise and improve our business and our services.

To process insurance provide insurance policies, evidence of cover, processing of claims and complaints relating to insurance cover or claims.

  • Identity
  • Contact
  • Financial
  • Profile
  • Sensitive Personal Data
  • Performance of a contract with you
  • Legitimate interests
  • Sensitive Personal Data: Explicit consent

Being efficient about how we deliver our services and fulfil our obligations including managing and maintaining insurance policies including claims and complaints.

To carry out necessary compliance and fraud checks

  • Identity
  • Contact
  • Transaction
  • Usage
  • Necessary to comply with a legal obligation
  • Legitimate interests

To determine whether you fall within our acceptable risk profile and to assist with the prevention of fraud

To manage our relationship with you which may include:

  • Corresponding with you by phone, email or live chat
  • Notifying you about changes to our terms or privacy policy
  • Asking you to leave a review, take a survey, enter a prize draw/competition or provide other feedback
  • Identity
  • Contact
  • Profile
  • Marketing andCommunications
  • Performance of a contract with you
  • Legitimate interests

To manage our relationship with you and to optimise and improve our business and our services

To administer and protect our business and our Sites

  • Transaction
  • Technical
  • Usage
  • Legitimate interests

Running our business, provision of administration and IT services, network security, and improvement of the Sites.

To send you information which we think may be of interest to you, such as newsletters, publications, information about other products and services we offer

  • Identity
  • Contact
  • Marketing and Communications
  • Profile
  • Consent (for example where you have requested such information)
  • Legitimate interests
  • Soft opt in where permitted

To develop and inform our marketing strategies

In some jurisdictions such as the UK we are entitled to send you marketing information in relation to our services where you have not opted out of receiving such communications. We will only rely on soft opt in where we are permitted to.

To deliver relevant content and advertisements to you on the Sites and measure or understand the effectiveness of advertising we serve you.

  • Identity
  • Contact
  • Marketing and Communications
  • Profile
  • Usage
  • Consent (for example where you have requested such information)
  • Legitimate interests

To study how customers use our services, to develop them, to grow our business and to inform our marketing strategy

To communicate with you

  • Identity
  • Contact
  • Marketing and Communications
  • Profile
  • Transaction
  • Performance of a contract with you
  • Legitimate interests
  • Consent (for example where you are not a customer, but you have voluntarily made an enquiry about our products and services)

To consider and respond to communications that you send to us and inform you of relevant information in relation to your account or the Sites

To use data analytics to improve the Sites products / services, marketing, customer relationships and experiences

  • Profile
  • Technical
  • Usage
  • Legitimate interests

To define types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy

To make suggestions and recommendations to you about services that may be of interest to you, including promotional offers.

  • Identity
  • Contact
  • Marketing and communications
  • Profile
  • Technical
  • Usage
  • Consent (where you are not an existing customer and have not opted out of such communication
  • Legitimate interests

To develop our services and grow our business

To confirm that you work with a particular Customer

  • Identity
  • Contact
  • Performance of a contract with you

Please be aware that we may process sensitive Personal Data (the official legal name under the relevant Data Protection Legislation is “special category data”), particularly relating to your current or former physical or mental health but unless we are permitted by law we will never do so without your explicit consent. We may need to do so to provide you with your insurance cover, administer your policy, process your claims and manage any complaints relating to the same. You can withdraw your consent at any time by contacting us through the details in the ‘Get in touch’ section below. Be aware Privacy Policy that if you do withdraw your consent it may not be possible to continue providing your insurance through our platform.

We are also entitled to process Personal Data where necessary to comply with any legal obligations which we are subject to; to establish or defend any legal claims so as to protect our or your legal rights, or the legal rights of other interested parties; or to obtain or maintain our own insurance cover, obtain professional advice or otherwise manage business risks.

Marketing and Opting Out

As we’ve said above, we will only send you information which we think you will be interested in. Where you are not a customer this will be where you have requested it. Where you are a customer, and unless we expressly state otherwise for your jurisdiction where express opt-in may be required, our standard position is we gave you an option to opt-out of receiving such information when you registered with us. If you didn’t opt-out but have now changed your mind, please feel free to opt-out at any time. We understand that you do not want your inbox full of unwanted messages. We will get your express opt-in consent before we share your Personal Data with any other company for the purposes of third-party marketing. You can ask us or third parties to stop sending you marketing messages at any time by contacting us through the details set out in the ‘Get in touch’ section below or by using the opt-out tool provided in each marketing communication. Where you opt-out of receiving marketing messages, this will not apply to Personal Data provided to us as a result of a product/service purchase, claims processing or any other transaction.

Use of Cookies

No not the biscuit you’re currently eating. We use cookies in accordance with our cookie policy, if you want to learn more about them click here.

Now we have your Personal Data, how do we look after it?

We have put in place security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. These measures include using bank-grade encryption to protect your data when we store it and we ensure that, if we are sending it across the internet, it is encrypted. We also limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to access it.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

And how long do we keep your data for?

We only keep data for as long as we reasonably need it to fulfil the purposes we collected it for,including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

You can request that we delete your Personal Data at any time, but we are not obliged to delete the data in all circumstances. We will not delete the data when we continue to have a legal basis to process it. In some circumstances we may anonymise your Personal Data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you

Do we share your Personal Data with anyone else?

We may share your Personal Data with our Customers, Partners or any legal or regulatory authority:

Where we share your Personal Data with third-party service providers we require them to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

The Sites may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy notices and privacy policies. When you leave our website, we encourage you to grab another cup of coffee or tea (and a biscuit if you have not already done so) and read the privacy notices and policies of every third-party website you visit.

If you are a UK resident will we transfer any of your Personal Data outside the UK?

Countries outside the UK may have a lower standard of protection for Personal Data than that required by UK data protection laws. The information we collect from you may be transferred to and stored outside the UK(including for example to the EU , and the United States of America) and will also be processed by people operating outside the UK who work for us or one of our suppliers, especially in the EU . If we need to transfer your data to a company based outside the UK (e.g. to provide technology for email, subscription and payment support), we will take steps to make sure your Personal Data is handled in line with UK law by implementing appropriate safeguards, such as relying on a UK Government adequacy decision (which the United Kingdom currently has) or the approved Standard Contractual Clauses. If you would like any more detail on the specific mechanism used by us to transfer your Personal Data outside the UK, please get in contact with us through the details set out in the ‘Get in touch’ section below.

What if we make changes to our business?

If we are subject to negotiations for the sale of our business or part of it, we are sold to a third-party or undergo a reorganisation we may need to first disclose and transfer some or all of your Personal Data to the relevant third-party or its advisors as part of the due diligence process. Our legal ground fordoing this is our legitimate interest to make changes to our business. If a new business purchases us and we no longer run this business your data will be transferred to that new company and they will be in contact with you about how they process your data. We will ensure that they comply with this Privacy Policy until they update with you with their privacy policy.

What are your rights?

You have the right to stop using the Sites at any time. Please note that, in these circumstances, we may keep your data for the reasons set out in the ‘And how long do we keep your data for?’ section above.

You also have the following rights when it comes to our handling of your Personal Data:

If you would like to exercise any of these rights (including having access to your Personal Data), please contact us through the details set out in the ‘Get in touch’ section below.

Our Halo app – what you need to know

We’re particularly proud of our Halo app, but that’s not why we’ve given it its own section here. The way you’ll use the app is different to the way you use the other Sites, so it’s very important that you read over this part of the policy in detail.

Location data

You’ll need to consent to our processing of your location data. This includes access to your precise location when you’re driving and use of the Halo App crash detection and SOS software.

You can withdraw consent to us processing your location data while using the Halo app. You can withdraw your consent at any time by disabling such permissions in your settings.

Additionally, you may change your mind and withdraw consent at any time by contacting us at help@collectivebenefits.com. This won’t affect the lawfulness of any processing carried out before you withdraw your consent.

However, please note that if you do not consent to the processing of your location data, the app will not work properly.

How do we use your data?

In addition to the uses of the data and our grounds set out in the first table, we wanted to clarify a couple of things.

If you use the crash detection feature on our Halo app, data may be sent to alert us to the possibility of a crash.

Halo’s crash detection feature doesn’t identify who is driving the vehicle, but telematics data and our assessments of driving behaviour can be linked to an individual, for example when we discuss driving feedback with you as your insurance provider, and in the event of a claim.

Telematics data (driving data/behaviours) collected from your device by the Halo app may be used in the assessment of liability in the event of a claim and in statistical analysis to assist us in product assessment and development.

Please note that if you allow other drivers to drive your car while you’re using the Halo app, their driving behaviours will have an impact on the telematics data collected from your device and could impact your premium with us as your insurance provider.

And how long do we keep your data for?

We only keep data for as long as we reasonably need it to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

Do we share your Personal Data with anyone else?

Like the other data we process, we may share your Personal Data with our Customers, Partners or any legal or regulatory authority.

We will share your location, telematics and gyroscope data with K-Safe Limited, a company that specialises in enhancing driver safety. All the data we send to Flare will be anonymised and it allows Flare to create an algorithm, allowing us to see certain patterns across the data.

Get in touch

We understand you may have questions, requests, comments and complaints arising from this Privacy Policy. If so, just get in touch with us through the following details:

Collective Society Ltd
201 Haverstock Hill
Second Floor c/o FKGB
London NW3 4QG

help@collectivebenefits.com

Congratulations on reading all of this – we hope you enjoyed that cup of coffee or tea and go on, treat yourself to a biscuit. We love a custard cream.

If you are resident in the European Union you have the right to make a complaint at any time to the data protection at https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. We would, however, appreciate the chance to deal with your concerns before you approach a Data Protection Agency, so please contact us in the first instance.

Addendum for Slovenia and Croatia

In case you are in Slovenia or Croatia, we use your Personal Data slightly differently. If the information below conflicts with the information we provided earlier, the information below prevails with regards to you, if you are in Slovenia or Croatia.

What we use your Personal Data for
What Personal Data we collect
Our legal grounds for processing
Our legitimate interest (if applicable)

To send you information which we think may be of interest to you, such as newsletters, publications, information about other products and services we offer.

  • Identity
  • Contact
  • Marketing and communications
  • Profile
  • Consent

To make suggestions and recommendations to you about services that may be of interest to you, including promotional offers.

  • Identity
  • Contact
  • Marketing and communications
  • Profile
  • Technical
  • Usage
  • Consent
Marketing and Opting In

We will only send you information which we think you will be interested in. We will send you certain information, such as, inter alia, newsletters, publications, information about some other products and Privacy Policy services, and for suggestions and recommendations about services that may be of interest, including promotional offers (if these is not done while you are using the platform) only if you agreed to receiving such information when you registered with us. If you didn't opt-in but have now changed your mind, you are very welcome to opt-in at any time. If you opted-in but have now changed you mind, please feel free to opt-out.

Addendum for Poland

In case you are in Poland, we use your Personal Data slightly differently. If the information belowconflicts with the information we provided earlier, the information below prevails with regards to you, ifyou are in Poland.

Marketing and Opting Out
(for users in Poland)

As we’ve said above, we will only send you information which we think you will be interested in. We will send you marketing communications where you have consented to our sending such information via direct means of communication(e.g. email, SMS, push, phone).We will get your express opt-in consent before we share your Personal Data with any other company for the purposes of third-party marketing. You can ask us or third parties to stop sending you marketing messages at anytime by contacting us through the details set out in the ‘Get in touch’ section below. Where you resign from receiving marketing messages, this will not apply to Personal Data provided to us as a result of a product/service purchase, claims processing or any other transaction.

Addendum for Hungary

In case you are in Hungary, we use your Personal Data slightly differently. If the information below conflicts with the information we provided earlier, the information below prevails with regards to you, if you are in Hungary.

And how do we use your Personal Data?
What we use your Personal Data for
What Personal Data we collect
Our legal grounds for processing
Our legitimate interest (if applicable)

To manage our relationship with you which may include:

  • Corresponding with you by phone, email or live chat
  • To notify you about changes to our terms or privacy policy
  • Identity
  • Contact
  • Profile
  • Marketing and communications
  • Legitimate interests (GDPR art.6(1)(f))

To manage our relationship with you

To manage our relationship with you which may include:

  • Asking you to leave a review, take a survey, enter a prize draw/competition or provide other feedback
  • Identity
  • Contact
  • Profile
  • Marketing and Communications
  • Consent (GDPR art.6(1)(a))

N/A

To send you information which we think may be of interest to you, such as newsletters, publications, information about other products and services we offer

  • Identity
  • Contact
  • Marketing and Communications
  • Profile
  • Consent (GDPR art.6(1)(a))

N/A

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of advertising we serve you.

  • Identity
  • Contact
  • Marketing and Communications
  • Profile
  • Usage
  • Consent (GDPR art.6(1)(a))

N/A

To use data analytics to improve our website, products / services, marketing, customer relationships and experiences

  • Profile
  • Technical
  • Usage
  • Consent (GDPR art.6(1)(a))

N/A

To make suggestions and recommendations to you about services that maybe of interest to you, including promotional offers.

  • Identity
  • Contact
  • Marketing and Communications
  • Profile
  • Technical
  • Usage
  • Consent (GDPR art.6(1)(a))

N/A

Marketing and Opting Out

We will send you marketing messages based on your consent and the same applies if we share your Personal Data with any other company for the purposes of third-party marketing. You can ask us or third parties to stop sending you marketing messages at any time by contacting us through the details set out in the ‘Get in touch’ section.

Contact details of the data protection authority in Hungary:
Name:

National Authority for Data Protection and Freedom of Information

Address:

1055 Budapest, Falk Miksa utca 9-11

Mailing address:

1363 Budapest, Pf.: 9.

Phone number:

+36 (1) 391 1400

Fax number:

+36 (1) 391-1410

Email address:

ugyfelszolgalat@naih.hu

Website:

https://naih.hu/

Addendum for Cyprus

In case you are in Cyprus, we use your Personal Data slightly differently. If the information below conflicts with the information we provided earlier, the information below prevails with regards to you, if you are in Cyprus.

And how do we use your Personal Data?
What we use your Personal Data for
What Personal Data we collect
Our legal grounds for processing
Our legitimate interest (if applicable)

To manage our relationship with you which may include:

  • Corresponding with you by phone, email or live chat
  • To notify you about changes to our terms or privacy policy
  • Identity
  • Contact
  • Profile
  • Marketing and communications
  • Legitimate interests (GDPR art.6(1)(f))

To manage our relationship with you

To manage our relationship with you which may include:

  • Asking you to leave a review, take a survey, enter a prize draw/competition or provide other feedback
  • Identity
  • Contact
  • Profile
  • Marketing and Communications
  • Consent (GDPR art.6(1)(a))

N/A

To send you information which we think may be of interest to you, such as newsletters, publications, information about other products and services we offer

  • Identity
  • Contact
  • Marketing and Communications
  • Profile
  • Consent (GDPR art.6(1)(a))

N/A

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of advertising we serve you.

  • Identity
  • Contact
  • Marketing and Communications
  • Profile
  • Usage
  • Consent (GDPR art.6(1)(a))

N/A

To use data analytics to improve our website, products / services, marketing, customer relationships and experiences

  • Profile
  • Technical
  • Usage
  • Consent (GDPR art.6(1)(a))

N/A

To make suggestions and recommendations to you about services that maybe of interest to you, including promotional offers.

  • Identity
  • Contact
  • Marketing and Communications
  • Profile
  • Technical
  • Usage
  • Consent (GDPR art.6(1)(a))

N/A

Addendum for Israel

You are not legally obligated to provide us with any Personal Data about you, but rather the provision thereof is subject to your consent and free will. However, where we need to collect Personal Data bylaw or under the terms of a contract we have with you or one of our Customers or Partners and you do not provide that data when requested, we may not be able to perform the contract we have or are Privacy Policy trying to enter into with you. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case.

Addendum for Portugal
Marketing and Opting Out

As we’ve said above, we will only send you information which we think you will be interested in. Where you are not a customer this will be where you have requested it. Where you are a customer, we gave you an option to opt-in of receiving such information when you registered with us. If you have opt-in but have now changed your mind, please feel free to opt-out at any time. We understand that you donot want your inbox full of unwanted messages. We will get your express opt-in consent before we share your Personal Data with any other company for the purposes of third-party marketing. You can ask us or third parties to stop sending you marketing messages at any time by contacting us throughthe details set out in the ‘Get in touch’ section below or by using the opt-out tool provided in eachmarketing communication. Where you opt-out of receiving marketing messages, this will not apply toPersonal Data provided to us as a result of a product/service purchase, claims processing or anyother transaction.

Addendum for Italy

In case you are in Italy, we use your Personal Data slightly differently. If the information below conflictswith the information we provided earlier, the information below prevails with regards to you.

Processing of the Aggregated Data such as statistical or demographic data:

The collection of usage data, data analytics and any other data to improve our website, products / services, marketing, customer relationships and experiences is based on your free consent (GDPR art. 6(1)(a)).

And how do we use your Personal Data?
What we use your Personal Data for
What Personal Data we collect
Our legal grounds for processing
Our legitimate interest (if applicable)

To process your orders or requests and to deliver services to you effectively, which may include the selling of regulated products, like insurance, unregulated products and/or access to deals, discounts and offers provided by third party suppliers.

  • Identity
  • Contact
  • Transaction
  • Legitimate interests (GDPR art.6(1)(f))

N/A

To manage our relationship with you which may include:

  • Corresponding with you by phone, email or live chat
  • Notifying you about changes to our terms or privacy policy
  • Identity
  • Contact
  • Profile
  • Performance of a contract with you (GDPR art.6(1)(b))

To manage our relationship with you

To improve our business and our services which may include:

  • Asking you to leave a review, take a survey, enter a prize draw/competition or provide other feedback
  • Identity
  • Contact
  • Profile
  • Marketing and Communications
  • Consent (GDPR art.6(1)(a))

N/A

To use data analytics to improve our website, products /services, marketing, customer relationships and experiences

  • Profile
  • Technical
  • Usage
  • Consent (GDPR art.6(1)(a))

N/A

Addendum for the Netherlands

In case you are in the Netherlands, we use your Personal Data slightly differently. If the information below conflicts with the information we provided earlier, the information below prevails with regards to you, if you are in the Netherlands.

Marketing and Opting Out

As we’ve said above, we will only send you information which we think you will be interested in. Where you are not a customer, we will only send you marketing communications based on your express opt-in consent. Where you are a customer, we may send you marketing communications about similar products and services offered by us without obtaining your prior consent if you didn’t opt-out of receiving such information when you registered with us. If you have now changed your mind, please feel free to opt-out at any time. We understand that you do not want your inbox full of unwanted messages.

We will get your express opt-in consent before we share your Personal Data with any other company for the purposes of third-party marketing. You can ask us or third parties to stop sending you marketing messages at any time by contacting us through the details set out in the ‘Get in touch’ section below. Where you opt-out of receiving marketing messages, this will not apply to Personal Data provided to us as a result of a product/service purchase, claims processing or any other transaction.

Addendum for France

In case you are in France, we use your Personal Data slightly differently. If the information below conflicts with the information we provided earlier, the information below prevails with regards to you, if ou are in France.

And how do we use your Personal Data?
What we use your Personal Data for
What Personal Data we collect
Our legal grounds for processing
Our legitimate interest (if applicable)

To register you on our platform

  • Identity
  • Contact
  • Profile
  • Performance of a contract with you(GDPR art.6(1)(b))

N/A

To process your orders or requests and to deliver services to you effectively, which may include the selling of regulated products, like insurance, unregulated products and/or access to deals, discounts and offers provided by third party suppliers.

  • Identity
  • Contact
  • Transaction
  • Performance of a contract with you(GDPR art.6(1)(b))

N/A

To process insurance claims and complaints relating to insurance cover or claims.

  • Identity
  • Contact
  • Financial
  • Profile
  • Sensitive Personal Data
  • Sensitive Personal Data: Explicit consent (GDPR art.9(2)(a)). See more below.

N/A

To carry out necessary compliance and fraud checks

  • Identity
  • Contact
  • Transaction
  • Usage
  • Legitimate interests (GDPR art.6(1)(f))

To determine whether you fall within our acceptable risk profile and to assist with the prevention of fraud

To administer and protect our business and our website

  • Transaction
  • Technical
  • Usage
  • Legitimate interests (GDPR art.6(1)(f))

Running our business, provision of administration and IT services, network security, and improvement of our website

To send you information which we think may be of interest to you, such as newsletters, publications, information about other products and services we offer

  • Identity
  • Contact
  • Marketing andCommunications
  • Profile
  • Consent (for example where you have requested such information) (GDPR art.6(1)(a))

N/A

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of advertising we serve you.

  • Identity
  • Contact
  • Marketing andCommunications
  • Profile
  • Usage
  • Consent (for example where you have requested such information) (GDPR art.6(1)(a))

N/A

To communicate with you

  • Identity
  • Contact
  • Marketing and Communications
  • Profile
  • Transaction
  • Performance of a contract with you (GDPR art.6(1)(b))
  • If you are not a customer/user: consent(GDPR art.6(1)(a))

N/A

To manage our relationship with you which may include:

  • Corresponding with you by phone, email or live chat
  • To notify you about changes to our terms or privacy policy
  • Identity
  • Contact
  • Profile
  • Marketing and Communications
  • Legitimate interests (GDPR art.6(1)(f))

To manage our relationship with you

To manage our relationship with you which may include:

  • Asking you to leave a review, take a survey, enter a prize draw/competition or provide other feedback
  • Identity
  • Contact
  • Profile
  • Marketing and Communications
  • Consent (GDPR art.6(1)(a))

N/A

To send you information which we think may be of interest to you, such as newsletters, publications, information about other products and services we offer

  • Identity
  • Contact
  • Marketing and Communications
  • Profile
  • Consent (GDPR art.6(1)(a))

N/A

To use data analytics to improve our website, products / services, marketing, customer relationships and experiences

  • Profile
  • Technical
  • Usage
  • Legitimate interests (GDPR art.6(1)(f))

To define types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy

To make suggestions and recommendations to you about services that maybe of interest to you, including promotional offers.

  • Identity
  • Contact
  • Marketing and Communications
  • Profile
  • Technical
  • Usage
  • Consent (GDPR art.6(1)(a))

N/A

To confirm that you work with a particular Customer

  • Identity
  • Contact
  • Performance of a contract with you (GDPR art.6(1)(b))

N/A

Marketing and Opting Out

We will send you marketing messages based on your consent and the same applies if we share your Personal Data with any other company for the purposes of third-party marketing. You can ask us or third parties to stop sending you marketing messages at any time by contacting us through the details set out in the ‘Get in touch’ section or by using the opt-out tool provided in each marketing communication.

Contact details of the data protection authority in France:
Name:

CNIL - Commission nationale de l'informatique et des libertés

Address:

3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07

Phone number:

01 53 73 22 22

Website:

https://www.cnil.fr/

Addendum for Spain
How long do we keep your data for?

In compliance with legal requirements, before fully erasing your Personal Data we will keep it duly blocked for the statute of limitations of potential claims that may arise as a consequence of its processing. Once said period has elapsed, we will fully erase your Personal Data.

Addendum for United Kingdom

As the United Kingdom is no longer part of the European Union the processing of UK resident data is no longer subject to GDPR. Instead the UK Data Protection Laws are made up of the retained EU law version of the GDPR (UK GDPR) and the Data Protection Act 2018 (DPA 2018). On a day to day basis this makes little difference for your Personal Data as the GDPR and the UK GDPR are almost identical.

We keep the Data Protection situation between the UK and the EU under continuous review and will update our policies as and when required.

The key areas which may differ from some other EU countries are in relation to marketing, retention, and international transfers. And how we process Financial Data.

Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

We may use your Identity, Contact, Technical, Transaction and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).You will receive marketing communications from us if you have requested information from us or signed up for products or services from us and you have not opted out of receiving that marketing.

We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

You can ask us or third parties to stop sending you marketing messages at any time by contacting us through the details set out in the ‘Get in touch’ section below or by using the opt-out tool provided in each marketing communication. Where you opt-out of receiving marketing messages, this will not apply to Personal Data provided to us as a result of a product/service purchase, claims processing or any other transaction.

How long do we keep your data for?

We keep certain data on record for seven years to ensure we meet the FCA’s requirements.

International transfers

Countries outside the UK have differing data protection laws, some of which may provide levels of protection of privacy. The information we collect from you may be transferred to and stored outside the UK (including for example to the European Union) and will also be processed by people operating outside the UK who work for us or one of our suppliers, especially in the European Union. If we need to transfer your data to a company based outside the UK (e.g. to provide technology for email, subscription and payment support), we will take steps to make sure your Personal Data is handled inline with UK GDPR by implementing appropriate safeguards, such as relying on a UK government adequacy decision (which the EEA currently has as do all countries outside the EEA which the European Commission deems as adequate). Where we transfer your Personal Data outside of the UK to a country where a UK adequacy decision is not available we will rely on standard data protection clauses issued further to the UK GDPR. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time we will not transfer your personal data outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by applicable data protection law and reflected in an update to this policy. If you would like any more detail on the specific mechanism used by us to transfer your Personal Data outside the UK, please get in contact with us through the details set out in the ‘Get in touch’ section below.

Financial Data

In the UK we do not take or store any of your financial information such as bank details or credit cards. These are securely handled directly and independently by our payment providers who only provide a payment confirmation to us. If you need to make payment through our website this will be done by what is called an API (essentially a digital tunnel) to our payment provider websites. Please review their privacy policy to understand how they look after your payment data.

UK Motor Product

We have recently launched a new motor insurance product in the UK. We will receive your Personal Data from one of our Partners who for this product will be the agency with whom we contract.

Our Partner will ensure they have all the necessary legal grounds to share your Personal Data we need to deliver this product. This Personal Data is the same as the Personal Data collected by us for all other products such as Identity Data and Contact Data, we will also collect your vehicle registration data, details of your existing insurance policy. Finally, we may also need to collect an additional element of Sensitive Data if you have had any sever motoring convictions in the last 3 Years. All of this data is processed by us on the basis of performance of a contract as we need this information to check your eligibility for the Motor Product and then prepare the relevant document if you are eligible. In addition to performance of a contract we also rely on consent to process any criminal conviction data that you provide to us.

This Personal Data will be shared with our insurance Partners to establish your eligibility for the Motor Product. The results with then be shared back to the Partner agency who provided us with your details.

Contacting the data protection authority in the UK

The Information Commissioners Office (that’s the UK’s data protection regulator) is no longer a member of the EU’s Data Protection Board and therefore any complaints you have about data processing in the UK will need to be addressed to the Information Commissioner's Office (ICO), who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.

We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.