Privacy Notice
Introduction
At The PI Desk Ltd (“we/us”) we recognise our responsibility to treat your personal information with care and to comply with all relevant legislation. This governs how we use and protect personal information and this notice provides you with information on how and why we use your personal data and of your rights in relation to that data.
Data Controller
We are classed as a ‘data controller’ which means that we process your data. In order to provide you with a written quotation, administer any insurance policies you take out with us and assist in handling any claims made under those insurance policies it is necessary for us to process personal data as part of the underwriting and/or claims process.
What Information do we collect and how do we collect it?
We will collect information about you if you contact us for insurance or you notify us of a claim under an insurance policy arranged via us. This will include personal data such as your name, address, contact details, date of birth, occupation, details of claims and financial information. It may also include special category data such as health information and criminal records.
The information may be collected via a third party who you have instructed to act on your behalf or directly from you by telephone, messaging services, post or email and will be primarily obtained via a Proposal Form or from your interactions with our website. In the event of a claim, information may be obtained from the other party to the claim and third parties dealing with the administration of the claim. We may also collect your personal information from credit reference agencies and publicly available sources including but not limited to publications, the internet, search engines, social networks and government databases.
How is the information collected used?
We will use the information collected in a number of ways and we will use the data where processing is permitted by specific legal grounds set out in the legislation.
The below table details how we will use your data:
PURPOSE OF PROCESSING | LEGAL GROUNDS | DISCLOSURE OF DATA TO THIRD PARTIES |
---|---|---|
To negotiate, arrange and administer insurance quotations & insurance policies (including renewals) | Necessary for the performance of a contract | Insurers, Reinsurers, Lloyd’s Syndicates, Managing General Agents, London Market Brokers, third parties acting on your behalf and introducers |
For the prevention or investigation of fraud, money-laundering and other crimes | Compliance with a legal or regulatory obligation | Insurers, Reinsurers, Lloyd’s Syndicates, Managing General Agents, London Market Brokers, third parties acting on your behalf, Anti-fraud databases, Police, Enforcement Bodies and Regulatory Bodies |
To process payments by cheques, credit cards, debit cards or direct bank transfers | Necessary for the performance of a contract | Insurers, third parties acting on your behalf, Banks and Card Processing Companies |
To arrange credit agreements when financing your premium using premium finance | Necessary for the performance of a contract | Insurers, third parties acting on your behalf, Premium Finance Providers, Credit Reference Agencies and Banks |
To process claims | Necessary for the performance of a contract | Insurers, Reinsurers, Lloyd’s Syndicates, Managing General Agents, London Market Brokers, third parties acting on your behalf, Claims Handling Firms, Solicitors and Experts |
Provision of information on products and services | Legitimate Interest | None |
To maintain and monitor Agency records and performance | Necessary for the performance of a contract | Regulatory Bodies, Police, Insurers and Auditors |
To meet general legal, insurers or regulatory obligations | Compliance with a legal or regulatory obligation | Regulatory Bodies, Police, Insurers, Auditors and third parties acting on your behalf |
Legitimate Interest is when we have a business or commercial reason to use your information. It must not go unfairly against what is right and best for you.
If any special category data is processed in connection with the above (e.g. criminal records data or health data) an additional legal basis is required. The additional legal basis will be either Explicit Consent, Substantial Public Interest or to establish, defend or prosecute legal claims.
Depending on the circumstances, data disclosed to third parties could be transferred outside of the UK and the European Economic Area to countries that have less robust data protection laws. Any such transfer will be made with appropriate contractual safeguards in place.
In addition to the above, information may be disclosed to service providers, contractors e.g. web designers, professional advisers and agents that perform activities on our behalf.
We will not sell your information to third parties.
How do we protect your information?
In order to comply with regulatory requirements we have to back up our data and we will use on-site local and off-site cloud back up facilities to ensure the integrity of the data. It is not possible for us to access, alter or delete back-up records unless we reconstruct them. We have in place physical, electronic and procedural safeguards appropriate to the sensitivity of the information we maintain. These safeguards will include where appropriate, encryption of communications, measures to keep personal data protected from unauthorised access, access controls and firewalls.
How long will we retain your information?
If you take out a policy with us your data will not be retained for longer than is necessary – in most cases this will be for a maximum of 7 years following the expiry of your policy unless there is a need for us to keep your data for longer (e.g. if you have an ongoing claim that we are assisting with or we are required to retain the data for a longer period due to business, legal or regulatory requirements). If we need to reconstruct back-up records where your data has subsequently been deleted (e.g. if our systems become corrupted) we will ensure that your information is removed from the reconstructed back-up.
If you requested or obtained a written quotation but did not proceed to take out a policy with us we will keep your information for a maximum of 2 years in case you, Insurers or any regulator have any questions about the service we have provided you with. We may also contact you during this period to discuss your future insurance requirements.
Specific Consent
We collect, disclose and otherwise process personal data that is necessary for the purposes identified in this Privacy Notice. If we require personal data for any other reason, we will notify you of this and, where required, seek specific consent to process the data. Where you are providing us with information about a person other than yourself, you agree to notify them of our use of their personal data and to obtain such consent for us. You have the right to withdraw your consent at any time by contacting The Managing Director at the address detailed below but doing so could prevent us from continuing to provide the relevant services.
Cookies
Cookies are small text files that are placed on your computer by websites that you visit. If you visit our website (the “Site”) it may place and access certain first-party Cookies on your computer or device. First-party Cookies are those placed directly by us and are used only by us. We use Cookies to facilitate and improve your experience of the Site and to provide and improve our services. We have taken steps to ensure that your privacy and personal data is protected and respected at all times.
By using the Site you may also receive certain third-party Cookies on your computer or device. Third-party Cookies are those placed by websites, services and/or parties other than us. Third-party Cookies are used on the Site by analytics services e.g. Google analytics. Website analytics refers to a set of tools used to collect and analyse usage statistics enabling us to better understand how people use the Site.
All Cookies used by and on the Site are used in accordance with current Cookie Law. Before Cookies are placed on your computer or device, you will be shown a pop-up prompt requesting your consent. By giving your consent to the placing of Cookies you are enabling us to provide the best possible experience and service to you. You may, if you wish, deny consent however certain features of the Site may not function fully or as intended.
Your Rights
You have the following rights in relation to our processing of your personal data:
– The right to be informed about how we use your personal data (i.e. this Privacy Notice)
– The right to see a copy of the personal data we hold about you
– The right to have personal data rectified if inaccurate or incomplete
– The right of erasure of your personal data where we no longer have a legal ground to process it
– The right to restrict processing while we consider your enquiry
– The right to data portability which, subject to certain conditions, allows you to obtain and reuse your personal data across different services
– The right not to be subject to automated decision-making including profiling
– The right to object to certain processing including for the purposes of direct marketing
If you wish to discuss this Privacy Notice, access your personal information, have a complaint about how we use your personal information or exercise any of your other rights please contact The Managing Director, The PI Desk Ltd, Suite B Sheffield Business Centre, Europa Link, Sheffield, South Yorkshire, S9 1XZ or telephone us on 0114 242 1176 or email us at enquiries@thepidesk.co.uk. If you are not satisfied with the way we have managed your personal data you also have the right to lodge a complaint with the Information Commissioner’s Office – see www.ico.org.uk