Please read this document carefully as it contains details of how we will process and store your personal data. We will process and store your personally identifiable information in accordance with the Data Protection Act 2018, which incorporates the General Data Protection Regulation (GDPR) into UK law.
In this document, references to “We”, “Us” and “Our” mean the My Policy Group which includes My Policy Limited (an insurance intermediary), Measured Miles (a wholesale insurance distributor) and Minerva Science Limited (which provides our actuarial services).
You should show this document to all parties related to this insurance policy. If you have given us information about someone else, you are deemed to have their permission to do so.
If you have any questions or need any further information you can email firstname.lastname@example.org or write to the Data Protection Officer, My Policy Limited, Prospect House, Prospect Road, Halesowen B62 8DU.
Lawful Basis of Processing
Under Data Protection legislation, the lawful bases we rely on for processing your information are:
- Contract – processing is necessary to enable you to enter into an insurance contract with us and for us to administer your insurance contract.
- Legal Obligation – processing is necessary to comply with a legal or regulatory obligation.
- Legitimate Interest – processing is necessary for our own legitimate interests or those of other data controllers or third parties (e.g. to search credit references agencies, monitor emails, calls or other communications, for market research, analysis and developing statistics) except where such interests are overridden by the interests, rights or freedoms of the data subject.
- Consent – where you have given us permission to do so, we will use your personal information for marketing purposes (see Marketing section for full details).
Collecting Your Information
We collect personal data which includes a variety of information about you (e.g. your name, address, date of birth, vehicle registration and your contact details). Where relevant, we will also collect information which indirectly relates to you by reference to an identifier (e.g. your IP address).
We will also collect more sensitive personal information including health information (medical conditions), details of an individual’s motoring or criminal convictions, creditworthiness and GPRS data from your telematics device.
In certain circumstances, we will also collect data from other sources (e.g. publicly available sources such as social media and networking sites, third party databases available to the financial services sector and the wider commerce and industry, including insurers, claims management firms, price comparison websites, loss adjustors and other suppliers appointed in the process of handling a claim, or credit reference and similar agencies), including information from you regarding your previous insurance arrangements.
Your personal information is primarily used for the purpose of providing you with an insurance quotation, arranging and placing an insurance policy or wholesale facility, and the ongoing administration of your insurance contract, including assisting with making a claim. We record all telephone calls for training and monitoring purposes, therefore any personal information you give us during telephone calls is collected. If you do not provide the information we request, this may prevent us from being able to provide you with insurance.
Using Your Information
We will ensure that your personal information is processed lawfully, fairly and in an open and transparent manner. We will also ensure that appropriate security measures are in place against unauthorised or unlawful processing, or accidental loss, destruction or damage using appropriate technical or organisational measures e.g. restricting access to certain aspects of your information to key people within our organisation, and periodically checking the level of security in place to prevent unauthorised use, accidental loss or misuse of your information.
We are governed by and shall operate in accordance with contracts we have in place with our suppliers (e.g. insurers, software providers and other providers of services to us) which set out our relationship as a data processor as required by current data protection legislation.
As a data controller, we determine the purpose and means of processing personal data. In particular, the data processed by Minerva Science Limited and other processors e.g. when we act in our capacity as a wholesale insurance distributor and our Telematics data processor.
In certain circumstances, such as when you request a quotation, make changes to an existing policy, or renew your insurance policy, our assessment may involve an automated decision to determine whether we are able to provide or continue to provide you with an insurance contract. You can object to us using an automated decision (see Individual Rights section) however, in those situations it may prevent us from being able to provide you with insurance.
As part of our activities as an insurance intermediary, a wholesale distributor of insurance or our actuarial activity, we may also process personal data for profiling or analytics purposes (see Analytics (Aggregated Information) section).
We will also use your information to enable us to comply with a legal obligation (e.g. for the prevention and detection of fraud and financial crime, which may include processes which profile you, and for the recording and monitoring of telephone calls for training and monitoring purposes).
Analytics (Aggregated Information)
When processing personal data for profiling or analytics purposes, we will have appropriate safeguards in place to ensure that:
- Processing is fair and transparent, and provide meaningful information about the logic involved, as well as the significance and envisaged consequences.
- Appropriate mathematical or statistical procedures are used for profiling.
- Appropriate technical and organisational measures are in place to enable inaccuracies to be corrected and minimise the risk of errors.
- Your personal data is secure in a way that is proportionate to the risk to your interests and rights and prevents discriminatory effects.
By collecting information regarding your current, ongoing, and past insurance arrangements we will use this to carry out research and analysis (including profiling). We do this in a way that involves large volumes of information being converted into statistical or aggregated data meaning that individuals cannot be identified. Some aspects of research and analysis we undertake are separate from using your information directly in connection with your insurance policy but are still compatible with our activities as an insurance provider.
Using our Website and Cookies
Cookies are operated in strict accordance with the Privacy and Electronic Communications Regulations 2011 (PECR) and enable our website to remember your preferences by recording information you have entered. These rules also apply if you access or use any other technology to gain access to information stored electronically by us (e.g. your online dashboard).
Sharing Your Information
We will share information, including sensitive information about you and other parties related to this insurance where it is necessary to do so (see Lawful Basis of Processing section). The information will be shared with carefully selected third parties which provide a service to us, or on our behalf. This includes insurers, price comparison websites, Close Brothers Ltd, debt collection agencies, software providers, Minerva Science Limited, and our telematics data provider.
Other than the reasons outlined, we will not share your personal information without good reason and without ensuring that appropriate safeguards are in place. In any other event, we will ask for your consent to share your information and explain the reasons why.
We store all your personal information in the UK. No personal data will be processed or stored outside of the UK without adequate data protection in place which is at least equivalent to current UK data protection legislation. If we are required to transfer your personal information outside the UK, we will do this in compliance with the conditions of transfer set out in the Data Protection Act 2018 and/or restricted to a country which is considered to have adequate data protection laws. We will take all reasonable steps to ensure the firm has appropriate security standards in place to protect your information and provide you with details of the applicable safeguards.
Storing Your Information
We will only retain your personal information for as long as is necessary in providing our products or services, or for compliance with a legal or regulatory obligation, including our legitimate interests or those of other data controllers such as Minerva Science Limited, and/or our telematics data provider.
This means we will only keep information which is necessary to keep, deal with queries, claims or compliance with legal reasons for a maximum of 14 months for quotations which are not taken up, or 7 years from the date your insurance policy comes to an end. If we are required to retain information beyond this period (e.g. for legal reasons), we will ensure the data is minimised and limited to information which is adequate for these purposes.
During the data retention period, we will take further steps to safeguard your personal information with additional layers of security in place to prevent unauthorised access or misuse.
We will regularly review the length of time we retain your personal information and the purpose of retaining the information. Where information is no longer needed, we will ensure it is securely deleted and update, archive or delete outdated information.
You have the following rights relating to the information we hold about you:
- Right of Access – you have the right to request a copy of the personal information we hold about you.
- Right to Rectification – if you believe the information we hold about you is inaccurate or incomplete, you have the right to ask us to rectify this.
- Right to Erasure – you have the right to ask us to delete your personal information in certain circumstances e.g. where it is no longer necessary.
- Right to Restriction – you have the right to ask us to restrict processing for your personal information in certain circumstances. When processing is restricted, we are permitted to store your information, but not use it.
- Right to Object – you have the right to object to certain uses of your personal information (see Marketing section).
- Right to Data Portability – you have the right receive a copy of the personal data you have provided to us in a structured, commonly used and machine-readable format e.g. a CSV file. You can also request that we transfer a copy of your personal information directly to another data controller.
- Right to Withdraw Consent – if you have previously given us permission to contact you for marketing purposes, you have the right to withdraw this consent at any time.
- Right to Complain – if you are dissatisfied with the way we have processed your personal information, or responded to a request to exercise one of your data protection rights, you have the right to complain to the Information Commissioner’s Office (ICO) by writing to The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, calling 0303 123 11133 or via its website: https://www.ico.org.uk
When you take out a policy with us via our website, we will ask for your permission to contact you to tell you about:
- New products or services we are developing or have developed;
- Trialling products and services which we think may improve our service to you, or our business processes;
- Rewards we are offering;
- Entering you into a competition.
If you give permission for us to contact you for these purposes, we will also ask you to confirm how you would like to be contacted (e.g. email, text message, phone or post). If you change your mind, you can withdraw your consent at any time, and we will act on these withdrawals as soon as possible and not penalise you for exercising this right.
We will regularly review your consent to check that your relationship with us, the purpose for processing and the type of processing have not changed.
Changes to our Privacy Notice
We may change this Privacy Notice from time to time to keep it up to date or comply with legal requirements. Any changes we make in the future will be posted on the relevant section of our website.