At Surewise.com we recognise our responsibility to treat your personal information with care and to comply with all relevant legislation and the General Data Protection Regulation (GDPR). This notice covers our requirement to provide you with information on how and why we use your personal data and of your rights under GDPR.
We have provided you with a quotation and/or administer your insurance policy and are classed as the “data controller” which means we process your data. Your data may be passed to other parties, including Reinsurers & Loss Adjuster for the administration of claims. These parties could also be a data controller and where necessary will issue their own Data Protection & Privacy Policies. We do not take responsibility for the privacy policies or practices of other sites, even where you access them using links from our website. You are advised to read the Privacy Notice of other websites prior to using them.
What Information do we collect about you?
As a Brokerage and as part of our service we will only collect information from you so that we can arrange insurance products that may be suitable for you. In the financial services industry, we call this factfinding which provides us with all the information that we need from you in order to provide you with a suitable product that meets your circumstances and requirements.
We will only use your data in ways that you would reasonably expect us to. When obtaining information from you we will do this by phone, email or post and will confirm the accuracy of the data collated. It is important that all the data we hold on you is accurate so that we can arrange suitable products for you.
We may also receive your contact details from a third party Introducer who has referred your details to us. Where we receive your information from an Introducer we will request confirmation that they have obtained your consent before passing your details to us. We will also confirm that you are expecting and understand the nature of the call.
Information from other sources
We may obtain information from other sources such as public records if required. This is to enable us to verify who you are or facts that you have told us are accurate.
Personal Information & Legal Basis
We are required to have a lawful basis (as defined in GDPR) in order to process your personal data, the reasons we collect personal data and the relevant bases which we use are shown in the table below:-
|Why we collect your data||Lawful basis||Information collected|
|Provide you with a quotation for Insurance.||Our legitimate interests||– Basic personal details such as name, address, email, telephone, date of birth.|
– Information on your insurance requirements, including details about your home/property.
– Your insurance history, including claims data and other insurance policies you have had.
– Sensitive personal information, including previous unspent criminal convictions
– Your marketing preferences
– Payment details to enable payment of insurance premium.
|Arrange and administer your policy if you buy one through us.||Our legitimate interests|
|To notify you of changes in our service.||Our legitimate interests|
|Marketing||Your explicit consent or where we have a legitimate interest to, see below|
|Statistical analysis.||Our legitimate interests – to refine and enhance the products and pricing which we can offer.|
|To provide improved quality and training for Surewise.com staff.||Our legitimate interests.|
|Prevent, detect and investigate crime, including fraud and money laundering, and analyse and manage other commercial risks.||Our Legal and Regulatory obligations.|
|Resolve complaints, and handle requests for data access or correction.||Our legitimate interests|
|Comply with applicable laws and regulatory obligations, such as those relating to anti-money laundering and anti-terrorism.||Our Legal and Regulatory obligations.|
Some of the personal information we ask you to provide may be sensitive personal data and/or criminal offence data as defined in GDPR, e.g. you may have to give us information about your medical history, criminal convictions and driving offences. We are allowed under GDPR to collect such information for specified “insurance purposes” without your specific consent but it will only be used for the purposes set out above. If you give us information about another person, in doing so you confirm that they have given you permission to provide it to us and that we may use their personal data in the same way as your own as set out in this notice.
Where the lawful basis of processing your data is ‘Your explicit consent’ then this consent can be withdrawn at any time by contacting us.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Surewise.com is committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect your personal information from unauthorised access, use, or disclosure.
Disclosure of your Personal Information
As a necessary part of providing you with the services described above, we may need to disclose your personal data to other third parties. These include: Computer bureaux/Software Houses, Insurers, other Insurance Intermediaries, Loss Adjusters, Insurance Industry databases, Government databases, Regulatory authorities and the Police/other law enforcement bodies and this will be to assist with fraud prevention and detection.
Your data will not be retained for longer than is necessary and will be managed in accordance with our data retention policy and in line with our regulatory obligation with the FCA and under English Law. In most cases, the period will be for a maximum of 7 years following the expiry of an insurance contract unless we are required to retain the data for a longer period due to business, legal or regulatory requirements.
International transfers of data
We may transfer your personal data to destinations outside the European Economic Area (EEA). Where we do we will ensure that it is treated securely and in accordance with the GDPR.
Under GDPR you have the following rights in relation to our processing of your personal data:-
1. The right to be informed about how we use, share and store your personal data (This Privacy Notice);
2. The right to see a copy of the personal information we hold about you (also known as a Subject Access Request SAR)). Where a SAR is requested we will respond promptly and within one month from the date we receive your request. (In most cases this will be free of charge);
3. The right to have personal information rectified if inaccurate or incomplete;
4. The right of erasure of your personal information where there is no compelling reason for its continued processing and we don’t have a legitimate interest to retain it;
5. The right to restrict processing in certain circumstances, e.g. if its accuracy is being contested;
6. The right to data portability which, subject to certain conditions, allows you to obtain and reuse your personal data across different services;
7. The right to object to certain processing including for the purposes of direct marketing;
8. Rights to information in relation to automated decision making and profiling.
Where we need your consent we will ask for this separately. We do not use pre-ticked boxes or make assumptions that you have given your consent. Your consent must be freely given by positively opting in or making a clear affirmative action that you are giving your consent. We will do our very best to ensure you know exactly what you are consenting to and remind you that you may withdraw your consent at any time by contacting us by email or phone. Where consent is obtained, a record of this will be made confirming what you have consented to, the time and date and how consent was obtained.
Customers: As part of our service we like to keep our customers up to date with new products or offers that are available and may be of interest. Therefore, we may contact you from time to time, on the lawful basis of legitimate interests, through email marketing, phone, text or other types of marketing material. If you wish to opt out of this at any point then please let us know.
Potential Customers: Where you have expressed an interest in a product on our website we may contact you to discuss your needs. If you decide not to proceed we would like to keep in touch, therefore, will ask for your consent to do so in case a product may be of interest to you at a later date.
Non-Customers: We will only send you information about insurance products or special offers if we have obtained your consent to do so.
For further information on this Privacy Notice, to access your personal information or to exercise any of your other rights, please contact:
The Data Protection Officer,
Unit 3, Hadleigh Park Business Park,
Telephone:- 01268 2000 20
Right to complain
We hope that the service you receive from us is to the high standard you would expect. If at any point you are unhappy about how we use your personal information please contact us at the address above. If you remain concerned about the way we collect or use your personal data you can raise your concern with the Information Commissions (ICO) on 0303 123 1113. For further details, you may visit the ICO website www.ico.org.uk .
Changes to our Privacy Notice
We regularly review and, where necessary update our Privacy Notice. If we plan to use personal data for a new purpose our Privacy Notice will be updated and you will be notified.