- What information do we collect from you?
- Why do we collect this information?
- Special Category Personal Data and Offences
- Automated Decisions Making
- How long do we keep hold of your information?
- Who might we share your information with?
- How is your data stored and kept secure?
- International transfers
- What are your rights?
- Changes to this Policy
- Contact Us
What information do we collect from you?
We may collect and process the following data about you:
Information you give us
This is information about you that you give to us by filling in forms on our website, via your broker, or by corresponding with us by phone, email or otherwise. The information you give us may include your name, address, email address and phone number and financial information. We may ask you for further information depending on which insurance you are interested in.
Information we collect when you call us
If you call us we will automatically collect the phone number used to call. Some of our partner brokers, claims administrators or similar business partners may record calls as part of their FCA compliance requirement. The relevant business partner will be the data controller for that information, so please address any queries directly to the appropriate broker. We may review a selection of the business partner calls set out above in our legitimate interests in order to check they are providing a quality service.
Information we receive from other sources
We may work closely with other organisations who may provide us with information relating to you.
Information we collect from your use of our website via cookies
Analytics cookies help us understand how users engage with our site. An example is counting the number of different people coming to our platform or using a particular feature, rather than the total number of times the platform or feature is used. Without this cookie, if you visited the platform once each week for three weeks we would count you as three separate users. We would find it difficult to analyse how well our platform site was performing and improve it without these cookies. Analytics may collect information regarding the type of web browser or operating system, IP address, viewed pages, time and duration of site visits, crash logs, your geographic location, and other information relating to site usage.
We may also use web beacons in our emails to you
These are transparent image files that can be used to see if an email was read or forwarded to someone else. If you object to web beacons in emails, we recommend that you follow the same procedure for deleting existing cookies and disabling future cookies (see how to do this at www.allaboutcookies.org). We will still know how many of our emails are opened and we will automatically receive your IP address, a unique identifier of your device or other access device; but we will not be able to identify you as an individual.
Why do we collect this information?
We process your personal information for the following reasons:
- Pursuant to a contract in order to:
- Process information at your request to take steps to enter into an insurance policy;
- Provide you with our products and services;
- Process payments and assess your eligibility for payment plans;
- Handle claims;
- Meet our legal and regulatory obligations;
- Maintain business and service continuity; and
- Send service communications so that you receive a full and functional service and so we can perform our obligations to you. These will be sent by email wherever possible but in some circumstances we may need to contact you by post or by phone. These will include notifications about changes to our service.
- On the basis of your consent:
- Where we rely on your consent for processing this will be brought to your attention when the information is collected from you or will otherwise be clear from the context of you providing the information;
- We will only contact you with direct marketing communications if you consent to us doing so and you will have the right to withdraw consent at any time. See the What are your rights? section below for more information.
In our legitimate interests of providing the best service and improving and growing our business we will process information in order to:
- Provide you with a personalised service;
- Promote our products and services;
- Improve our products and services;
- Keep our site and systems safe and secure;
- Understand our customer base and purchasing trends;
- Defend against, establish or exercise legal claims and investigate complaints; and
- Understand the effectiveness of our marketing.
We will carry out analytics to improve our products and services as set out above.
You have the right to object to processing carried out for our legitimate interests. See the What are your rights? section below for more information.
- To comply with legal requirements relating to:
- The provision of products and services;
- Anti-money laundering;
- Fraud investigations;
- Data protection;
- Assisting law enforcement; and
- Any other legal obligations placed on us from time to time.
Special Category Personal Data and Offences
In some circumstances we need to process special category personal data or criminal convictions and offences data which is required in order for us to make decisions in relation to providing you with a policy or assessing a claim. For example, in order to provide you with a motor insurance policy we will need to understand whether you have any motoring offences, or for a travel insurance policy we will need information on any existing medical conditions.
We process this information because it is required in order for us to enter into or to perform a contract with you. We also process this information because it is necessary for the purposes of substantial public interest permitted by law.
Automated Decision Making and Profiling
We use automated systems which means that some decisions are made automatically. We offer our insurance policies based on the information we have about our customers. Some information may identify a high risk to us in providing insurance, for example if an applicant for motor insurance has committed certain driving offences. Our systems are designed to identify particularly high-risk factors and, in some circumstances, to automatically decline an application. It may also affect the price at which we offer you our products and services. Decisions are therefore made based on your particular risk profile.
The types of decision which are automated include initial decisions about whether to offer you insurance, which product to offer and at which price, based on the information you have provided us with.
You have the right to request that we review the automated decision manually and you are entitled to express your view on the automated decision when you request a review. You can exercise this right by contacting our Data Protection Officer at firstname.lastname@example.org
How long do we keep hold of your information?
We will keep your information only for as long as is necessary for the purposes for which it was collected. The periods of retention are different depending on which insurance policy is involved. We will retain information for a number of years after the end of our relationship with you using the criteria below, unless obligations to our regulators require otherwise or we are required to remove such data from our records.
Our retention periods are determined by reference to:
- Legal requirements – as a regulated financial services provider we are bound by specific rules on retention of information;
- Statutory limitation periods – these determine the periods for which legal claims can be brought;
- Insurance industry standards; and
- Operational requirements – set by how long we need to keep information for operational purposes for example to operate your insurance policy, handle insurance claims or deal with legal claims.
Who might we share your information with?
For the purposes set out in the ‘Why do we collect this information?’ section above, we will share your personal information with:
- The following categories of third parties, some of whom we appoint to provide services, including:
- Distribution partners (or other insurance intermediaries), suppliers and sub-contractors for the performance of any contract we enter into with you, including our IT, Operations, Claims, Finance and Actuarial service providers;
- Analytics and search engine providers that assist us in the improvement and optimisation of our site;
- Customer survey providers in order to receive feedback and improve our services.
- Any member of our group, which includes our parent company and subsidiaries.
Additionally, we will disclose your personal information to the relevant third party:
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets if appropriate.
- If we are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
- If we change or augment our select list of distribution partners, suppliers and sub-contractors.
- Anti-fraud and anti-money laundering groups or organisations;
- Credit reference agencies;
- Debt recovery providers;
- Law enforcement and legal professionals;
- Our insurers or auditors.
How is your data stored and kept secure?
At BluNiche, we take your safety and security very seriously and we are committed to protecting your personal and financial information. All information kept by us is:
- Stored in a secure hosting environment, and protected by industry standard security systems, including regular Malware scanning.
- Accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential.
- All credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
- Where we have given you (or where you have chosen) a username and password that enables you to access certain parts of our service, you are responsible for keeping this password confidential. We ask you not to share your password with anyone as you are solely responsible for, and bound by all activity conducted under username and password.
We may transfer your data outside the European Economic Area (“EEA”). We will only transfer your information if adequate protection measures are in place or if the transfer is otherwise permitted in compliance with data protection legislation. Our systems are all hosted within the EEA. More information is available by contacting us.
What are your rights?
Where processing of your personal data is based on consent, you can withdraw that consent at any time.
You have the following rights. You can exercise these rights at any time by contacting us at email@example.com . You have the right:
- To ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes;
- To ask us not to process your personal data where it is processed on the basis of legitimate interests provided that there are no compelling reasons for that processing;
- To ask us not to process your personal data for scientific or historical research purposes, where relevant, unless the processing is necessary in the public interest.
- To request from us access to personal information held about you;
- To ask for the information we hold about you to be rectified if it is inaccurate or incomplete;
- To ask for data to be erased provided that the personal data is no longer necessary for the purposes for which it was collected, you withdraw consent (if the legal basis for processing is consent), you exercise your right to object, set out below, and there are no overriding legitimate grounds for processing, the data is unlawfully processed, the data needs to be erased to comply with a legal obligation or the data is children’s data and was collected in relation to an offer of information society services;
- To ask for the processing of that information to be restricted if the accuracy of that data is contested, the processing is unlawful, the personal data is no longer necessary for the purposes for which it was collected or you exercise your right to object (pending verification of whether there are legitimate grounds for processing);
- To request that we review an automated decision manually (see Automated Decision Making above);
- To ask for data portability if the processing is carried out by automated means and the legal basis for processing is consent or contract.
Should you have any issues, concerns or problems in relation to your data, or wish to notify us of data which is inaccurate, please let us know by contacting us using the contact details below. In the event that you are not satisfied with our processing of your personal data, you have the right to lodge a complaint with the relevant supervisory authority, which is the Information Commissioner’s Office (ICO) in the UK, at any time. The ICO’s contact details are available here: https://ico.org.uk/concerns/.