Privacy Notice

Privacy Notice

This Privacy Notice will help you understand how we collect, use and protect your personal information. You should also show this notice to anyone who may be insured under your policy. If you have any queries about this Privacy Notice or how we process your personal information, please contact the Data Protection Officer by email: dpo@esure.com or by post: Data Protection Officer, esure, The Observatory, Reigate, RH2 0SG.

Who we are: The organisation responsible for the processing of your personal information is esure Broker Limited of The Observatory, Reigate, RH2 0SG. This means that we are a ‘data controller’ under the Data Protection Act 1998 (and, once in force, to the General Data Protection Regulation (also known as the GDPR)). Our registration number with the Information Commissioner’s Office is Z2785162.

What information we collect about you: The personal data you have provided, we have collected from you, or we have received from third parties include:

  • name, address and address history, date of birth and gender
  • contact details, including telephone numbers and email address
  • financial information, including credit/debit card details (although we do not retain complete payment card information)
  • details about your family and dependents (e.g. your marital status and number of children)
  • information about your lifestyle and living circumstances (e.g. your employment details and home ownership)
  • identifiers assigned to your computer or other devices, including your Internet Protocol (IP) address
  • criminal convictions, health details and medical history
  • vehicle details, such as registration number
  • when you contact us through any digital channel we will inform you of the methods used by each of those channels at point of entry and at any point where we capture personal information. The information we collect includes IP addresses and is used for fraud prevention and to improve customer experience.

 

How we collect information about you: Most of the personal information we hold about you is that which we collect directly from you, for example:

  • each time you ask us for an insurance quote
  • when you purchase our products or services
  • when you register to receive information from us
  • when you make enquiries or raise concerns with our customer service team.

In order to understand more about you and provide you with an appropriate insurance quote and cover, we also supplement and combine the personal information that we collect from you with other categories of data obtained from other sources, such as indicated below:

  • Credit and claims history data, such as bankruptcy records and any county court judgments made against you (which are publicly accessible) and information as to the number of credit searches that have been made about you and your individual claims history (which we may receive from companies such as Experian Limited)
  • Device identification and fraud detection data, which we may receive from companies having passed them your device details (in order to check whether the device you are using to contact us has been used before for fraudulent purposes) or your new claims data (in order to assess the risk to our business of fraudulent claims)
  • Data about your local area, including census data about the average household size, employment statistics, and demographics of your area, and police crime and accident statistics (which are publicly accessible)
  • Electoral register data that confirms your identity and address (which is publicly accessible)
  • Data as to your eligibility for a no claims discount (which we may receive from companies such as Lexis Nexis Solutions UK Limited)
  • Claims data, as provided by the insurer underwriting your policy.

 

What we use your information for and the legal bases for processing: We may store and use your personal information for the purposes of:

  1. administering your insurance quotes and policies (as is necessary for performance of a contract between you and us and/or as is necessary for our legitimate interests);
  2. carrying out anti-fraud and anti-money laundering checks and verifying your identity (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests);
  3. assessing financial risks, including by carrying out credit reference checks and credit scoring assessments, and calculating your premiums (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
  4. providing you with insurance related services (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests)
  5. using your payment details to process payments relating to your policies, including fees, premiums, renewals of cover, mid-term changes to your policy, and refunds (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
  6. sending you information about how to renew your insurance cover (as is necessary for compliance with our legal obligations);
  7. communicating with you about your quotes, policies, including responding to your enquiries (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
  8. administering debt recoveries, where you owe us money under a contract or otherwise (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
  9. undertaking statistical analysis. This allows us to develop new, or improve existing, products and services (as is necessary for our legitimate interests); and
  10. fulfilling our obligations owed to a relevant regulator, tax authority or revenue service (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests).

 

Our "legitimate interests" as referred to above (and below) include our legitimate business purposes and commercial interests in operating our business in a customer-focused, efficient and sustainable manner, in accordance with all applicable legal and regulatory requirements.

Using your data for fraud prevention: Before we provide you with our products and services, we use your personal data to conduct checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you. We may also share your details with fraud prevention and law enforcement agencies. Please see ‘other data controllers’ for details of the agencies we share your data with. We, and fraud prevention agencies, will use this information to prevent fraud and money laundering, and to verify your identity. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

When we and fraud prevention agencies process your personal data, we do so on the basis that we have a legitimate interest to process your data in such way, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.

Automated decisions and profiling: We use the personal data you provide to us, information about you provided by third parties (please see “How we collect information about you” for further details), and aggregated data of other individuals who match your risk profile, to enable us to evaluate and predict your behaviour when asking for a quote or administering your policy.

We use algorithms to check any claims, fraud, credit history, data about your local area and the vehicle you wish to have insured; and whether your conduct accessing our products or services suggests a risk of fraud. You may automatically be considered to pose a fraud or money laundering risk if our processing of your personal data reveals your behaviour to be consistent with that of known fraudsters or money launderers; or inconsistent with your previous submissions; or you appear to have deliberately hidden your true identity. This activity is essential to allow us to decide whether to offer you a quote and whether there is a risk of fraud. These decisions may be made by entirely automated means (that is, without human intervention) and through profiling. 

We consider that, to the extent our decisions based solely on automated processing produce legal or similarly significant effects for you, those decisions are necessary for entering into, or performance of, our contract of insurance with you. However, you have the right to contact us to express your point of view (including providing any additional information that you want us to consider) and to contest such decisions. A member of our team will then re-consider it. If you wish to exercise these rights, please contact us by emailing: dpo@esure.com or by post: Data Protection Officer, esure, The Observatory, Reigate, RH2 0SG.

Consequences of processing: If we, or a fraud prevention agency, determine that you pose a risk of fraud or money laundering, we may refuse to provide the products, services and financing you have requested. We may also stop providing existing services to you. A record of any fraud or money laundering risk will be retained by us and the fraud prevention agencies. It may also result in others refusing to provide products, services, financing or employment to you. If you have any questions about our processing of your data for fraud purposes, please contact our Data Protection Officer at the details provided above.

Who we share your data with: Where relevant given the nature of the products and services provided to you, we may also share your information with the following categories of third parties:

  • insurance underwriters and others who are involved with the provision of insurance services to you (as is necessary for the performance of a contract between you and us);
  • third party data suppliers, as explained under “How we collect information about you” (as is necessary for our legitimate interests);
  • third party service providers who support the operation of our business, such as IT suppliers, financial service providers, and debt collection agencies (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
  • the operators of claims related databases (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests).
  • fraud prevention agencies and associations, (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests);
  • regulators and law enforcement agencies, including the police, the Financial Conduct Authority, HM Revenue and Customs or any other relevant authority who may have jurisdiction (as is necessary for compliance with our legal obligations).

 

Other data controllers: If you benefit from the following products and services, we will share your personal data with the following companies (as applicable) and these companies may also act as data controllers with respect to the data you provide to us. If you would like to see a copy of their Privacy Notice, please access http://www.esurebroker.com/legal/privacy_and_security

Product

Data Controllers

ICO Registration number

Purpose

Car Insurance

The insurance company underwriting your policy. Please check your insurance documents for details.

Please check your insurance documents for details

Insurance underwriters

Breakdown

RAC Insurance Limited

Z6412344

Insurance underwriters

RAC Motoring Services

Z6342667

Breakdown service providers

UK Insurance Limited

Z6487866

Breakdown and recovery service providers

Personal Injury

esure Insurance Limited

Z4905270

Insurance underwriters

Motoring Legal Protection

esure Insurance Limited

Z4905270

Insurance underwriters

Irwin Mitchell LLP

Z6397561

Legal helpline service providers

As explained under “Using your data for fraud prevention”, the personal data you have provided, we have collected from you, or we have received from third parties, may be shared with fraud prevention agencies. Please contact our Data Protection Officer if you would like details of the agencies we share your data with.

Processing outside of the European Economic Area (EEA): The personal information that we collect from you, and which is shared with some fraud prevention agencies, may be transferred to and processed in a destination outside of the EEA. It may also be processed by staff operating outside the EEA who work for one of our suppliers. In these circumstances, your personal information will only be transferred on one of the following bases: 

  • the country that we send the data is approved by the European Commission as providing an adequate level of protection for personal information; or
  • the recipient has agreed with us standard contractual clauses approved by the European Commission, obliging the recipient to safeguard the personal information (in particular, our transfer of personal information to suppliers in India and the United States for marketing, IT development and IT testing purposes are protected in each case by the use of appropriate model clauses); or
  • there exists another situation where the transfer is permitted under applicable data protection legislation (for example, where a third party recipient of personal data in the United States has registered for the EU-US Privacy Shield).

To find out more about how your personal information is protected when it is transferred outside the EEA (and if you wish to obtain a copy of the appropriate and suitable safeguards), please contact our Data Protection Officer using the details above.

How long your information is kept: We will retain your personal information for a number of purposes, as necessary to allow us to carry out our business. Your information will be kept for up to 7 years on our main systems after which time it will be archived, deleted or anonymised. Some of the archived information may be retained for up to 50 years for the purposes of processing of your existing or future claims. Records created for fraud prevention purposes will be deleted 7 years after creation. Fraud prevention agencies can hold your personal data for different periods of time, depending on how that data is being used. If you are considered to pose a risk of fraud or of money laundering, your data can be held by fraud prevention agencies for up to 6 years from its receipt by them. Please contact them for more information. Any retention of personal data will be done in compliance with legal and regulatory obligations and with industry standards. These data retention periods are subject to change without further notice as a result of changes to associated law or regulations. If you have any questions in relation to the retention of your personal data, please contact our Data Protection Officer at the details provided above.

Your rights: Under the Data Protection Act 1998 you have the following rights:

  • to obtain access to, and copies of, the personal information that we hold about you; and
  • to require that we cease processing your personal information if the processing is causing you damage or distress

Once the GDPR comes into force on 25 May 2018, you will also have the following rights:

  • to require us to erase your personal information;
  • to require us to restrict or to object to our data processing activities;
  • to receive from us the personal information we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal information to another data controller; and
  • to require us to correct the personal information we hold about you if it is incorrect.

 

Please note that these rights may be limited by data protection legislation, and we may be entitled to refuse requests where exceptions apply.

If you are not satisfied with how we are processing your personal information, you can make a complaint to the Information Commissioner.

You can find out more about your rights under data protection legislation from the Information Commissioner's Office website: www.ico.org.uk.