SJL (Worcester) Limited Privacy Notice
Introduction
SJL (Worcester) Limited, trading as SJL Insurance Services (SJL/We/Us) are registered with the Information Commissioners Office (ICO) for data protection purposes under reference ZA303321. Within this notice data may include both personal data, such as your name, address, date of birth and claims history and “special” categories of data such as information about criminal or motoring convictions and medical conditions.
We are committed that your data remains private. Should we hold or use your data, you can be assured that it will only be used in line with this notice. You must ensure that you have the consent of any third party named on your insurance policy to provide their data to us and you should show this document to them. This policy should be read in conjunction with the Terms of Business that relates to your insurance policy with us. We may update this notice from time to time, however we are not obliged to give notice of the changes so you should check our websites or contact us to ensure you are referring to the most up-to-date copy.
How do We obtain your data?
We may obtain your data from various sources. We may obtain it from you directly, a third party you have asked to act on your behalf such as a spouse, a business partner, an employee or other parties named on the insurance policy. We also receive data that you input into our website, when you request a quotation for insurance products. We may also receive data from other commercial companies you have dealt with in the past, for example where you have agreed they can pass your data on to us for marketing purposes. We may also conduct reasonable searches to verify or validate the information you have provided to Us. If you are a client looking to obtain a Motor Trade policy, we will run a credit check, using a credit reference agency, in order to verify your identity, address and financial history.
What will We use your data for?
Your data will be used for providing an insurance quotation, managing and administering any policies you have with Us, assisting with or handling any claims, addressing complaints, answering policy enquiries, arranging to pay your finance via a finance agreement or managing outstanding balances.
If you are insuring a vehicle or vehicles details of this/these and the insurer have to be passed to the Motor Insurance Database (MID) run by the MIB. This is to demonstrate that you have insurance cover on the vehicle(s) as required under the Road Traffic Act 1988 (RTA). This is normally done by the insurer but on occasion we may also do this on their behalf.
We may ask you to participate in surveys that assist us in developing and improving the service we offer. We may use your data to keep you informed about other products and services that we have available or to send you non-marketing information material that we think may be of interest to you.
You can opt out of receiving this correspondence at any time by contacting us using the information in the contact details section or using the ‘unsubscribe’ option in any marketing or informative emails We send to you.
In order to prevent and detect insurance fraud and other crimes, and aid in the prosecution of offenders, we may use your data to –
- verify your identity using credit reference agencies, for motor trade customers, we will also check your credit history and verify your address.
- check that no one named on the policy appears on the HM Treasury Financial Sanctions List.
- prevent fraud and money laundering
Your data may also be used to allow us to fulfil our legal or regulatory responsibilities, this may involve sharing your data with authorities such as the police and other governmental agencies, the Financial Conduct Authority (FCA) and The Information Commissioner’s Office (ICO) if requested and required to do so.
If you are unable or unwilling to allow us to use your data in line with this privacy notice, we will be unable to enter into a contractual relationship with you.
We may also use your data to keep you informed about upcoming events, held for the benefit of the SJL Foundation, a registered charity under reference, 1183875. We will never pass your data over to the SJl Foundation unless you provide your explicit consent, and you can opt out of these communications using the unsubscribe button at the bottom of the email.
Who will We share your personal data with?
SJL takes the security of your data very seriously. We have a ‘data protection by design’ philosophy to the protection of your privacy. In order to provide our range of products and services to you, it is necessary to share your data with third parties. We always ensure that the required safeguards are in place before sharing your data outside of SJL. On occasion, it may be necessary to transfer some of your data outside of the EU, but we will only do so if we have a contractual agreement with that company to protect the data to the same levels as we would and the country in which they are domiciled allows them to offer such protection. We may utilise US companies that are members of the Privacy Shield scheme which provides you the same protection to you data as you would get within the EU. More information on Privacy Shield can be found here.
The following outlines who we may share your data with and the circumstances in which we would do this:
If you request a quotation from Us
- If you approach SJL for a quotation, we will provide your data to the insurer(s) and their appointed agent(s) who will provide quotations for your policy. These Insurers or their agents will act as data controllers as well as us. The data you provided will be held on our internal IT systems and those of our software provider(s) until they are removed in line with our retention policy, detailed below.
- In order to mitigate insurance fraud and confirm your identity, we may share your data with various credit reference agencies and anti-fraud databases such as Call Credit and LexisNexis.
- For motor Trade customers, we will run a credit check, to verify your identity, credit history and address. This will leave a footprint on your credit file that will be visible to lenders.
- We may be requested by government or regulatory authorities, such as the Police or the Department for Work and Pensions (DWP), to provide your data to them. If we are legally obliged to do so we may share your data with these government agencies for the purposes of crime prevention and the apprehension and prosecution of offenders.
- We may share your data with external auditors or professional advisors such as solicitors.
- We may also share your data with anyone named on the insurance policy, business partners or employees of the policy holder or anyone whom you have authorised to discuss the policy on your behalf.
- If you provide false or inaccurate information or application or claims fraud is identified, we may also pass your details to fraud prevention agencies. These and other organisations may access and use this information to prevent fraud and money laundering in the future, when checking details entered into insurance proposals or handling any type of claim or potential claim. Other organisations, both inside and outside of the UK, may also access the information recorded by these fraud prevention agencies for the prevention of crime or other lawful reason. You are able to contact your insurer directly to find out which fraud prevention agencies they use.
- We will share data with our IT infrastructure providers. This is for the purposes of data storage, website maintenance, data backups and disaster recovery.
- We may share your data with the Financial Ombudsman Service (FOS) if you have made a complaint to them about the provision, or a failure to provide our services to you.
- It may be necessary to share you data with regulatory, supervisory or government agencies if we are required to do so by law.
If you purchase a policy from Us
- If you purchase a policy with Us, we will pass your data to the insurer(s) or their appointed agent(s) who underwrite your policy. They may share your data with their reinsurer(s). Insurers or their appointed agent(s) will act as data controllers as well as us. If you have a claim your data may be provided to various anti-fraud databases for the detection and prevention of insurance fraud.
- If your policy is cancelled or lapses at renewal, then we may provide details of any no claims bonus accrued, claims information and if applicable the reason for cancellation if this is requested by your new insurer or broker.
- In order to mitigate the risk of insurance fraud and confirm your identity, we may share your data with various credit reference agencies and anti-fraud databases such as Call Credit and LexisNexis.
- Details of any vehicle insured and the insurer will also be added to the MID, run by the MIB. This may be consulted by the police in order to establish who is insured to drive the vehicle. If you are involved in an accident, (in the UK or abroad) other UK insurers and the MIB may search the MID to ascertain relevant policy information. Persons with a valid claim in respect of a road traffic accident (including citizens of other countries) may also obtain certain information which is held on the MID. You can find out more about this here.
- If you have purchased an Employer’s Liability policy, we will share details of your policy with the Employer’s Liability Tracing Office (ELTO)which is designed to help find the insurer of their former employer where the claimant is suffering from a disease/injury caused at work
- If you apply to pay your premium via a finance agreement with either Premium Credit Ltd or your insurer, we will share your data with them as part of your application for credit. They may share this data with their appointed agents and credit reference agencies in order to ascertain the affordability and your suitability for credit. Premium Credit Ltd will also note any late or missed payments with the credit reference agencies if you fail to pay these as they fall due.
- We may be required by government authorities, such as the police, HM Revenue and Customs or the Department for Work and Pensions to provide your data to them. Where we are legally obliged to do so, we may share your data with these government agencies for the purposes of crime and fraud prevention and the apprehension and prosecution of offenders.
- We may share your data with external auditors or professional advisors such as solicitors.
- We may also share your data with anyone named on the insurance policy, business partners or employees of the policy holder or anyone whom you have authorised to discuss the policy on your behalf.
- If you provide false or inaccurate information or application or claims fraud is identified, We may also pass your details to fraud prevention agencies. These and other organisations may access and use this information to prevent fraud and money laundering in the future, when checking details entered into insurance proposals or handling any type of claim or potential claim. Other organisations, both inside and outside of the UK, may also access the information recorded by these fraud prevention agencies for the prevention of crime or other lawful reason. You are able to contact your insurer directly to find out which fraud prevention agencies they use.
- We will share data with our IT infrastructure providers. This is for the purposes of data storage, data backups and disaster recovery.
- We use carefully selected third party companies such as MailChimp to act as an email platform to allow us to contact you efficiently and will share your data with them to allow us to do this.
- In the event that we undergo re-organisation or are sold to a third party any data we hold about you may be transferred to that re-organised entity or third party.
- We may disclose your data to a card issuing company to validate your debit or credit card details and obtain payment where it is necessary to deliver the products and services purchased by you.
- We may share your data with the Financial Ombudsman Service (FOS), if you have made a complaint to them about the provision, or a failure to provide our services to you.
- It may be necessary to share your data with regulatory, supervisory or government agencies if we are required to do so by law.
- We may also use your data to keep you informed about upcoming events, held for the benefit of the SJL Foundation, a registered charity under reference, 1183875. We will never pass your data over to the SJl Foundation unless you provide your explicit consent, and you can opt out of these communications using the unsubscribe button at the bottom of the email.
What legal basis do We use for processing your personal data?
SJL will only process your data if we have a valid legal basis for doing so. It is your right as the subject of this data to be informed what the legal basis is for each type of processing that we undertake.
- We will process your data for the purposes of providing an insurance quotation, managing and administering your insurance policy, assisting with or handling claims, addressing complaints, answering policy enquiries and arranging to pay you’re your premium via a finance agreement on the legal basis that this processing is necessary for the performance of a contract with you or in the course of entering into a
contract with you. For the purposes above, data that is classed as “special data”, such as information relating to criminal or motoring convictions and medical conditions, will be processed in accordance with the law and on the legal basis that it is necessary for the performance of a contract necessary for reasons of substantial public interest.
- Vehicle data added to the MID is processed under the basis of a legal obligation (Road Traffic Act 1988).
- We may use your data for marketing purposes i.e. offering related products to you where we have a legitimate interest in doing so or for sending you non-marketing information material that we feel may be of benefit to you. You have the right to request that we do not contact you for marketing purposes at any time by using the unsubscribe button at the bottom of the email or by contacting us – see the Contact Us section below.
- We may use your data to inform you about upcoming events for the SJL Foundation, a registered charity. If We do, We will use the legal basis of legitimate interests.
- We will obtain your consent to pass on your data if we are unable to offer you a suitable product but have a relationship with another provider or intermediary who may be able to assist.
- If your policy is cancelled or not renewed and we are contacted by your new insurer or broker to confirm details of any no claims bonus, claims history or the reason for cancellation, we may release this data under the basis of legitimate interest. If you do not wish us to do this then you may object or request that we restrict the processing of your data.
- We may record details relating to health issues, only if we believe it is in your best interests for us to do so, in order to tailor future interactions with you accordingly. If this is the case, we do so under the legal basis of it being in the substantial public interest for us to do so.
- We will use any special category and criminal conviction data we collect about you for the performance of our contract with you which is deemed to be necessary for reasons of substantial public interest. This allows us to quote for and provide you with insurance products and services, to process claims and renewals and to administer your policy.
- For any processing of data for analytical purposes, our legal basis for processing is that it is necessary for the purposes of a legitimate interest.
How long will We retain your personal data?
If you decide to take a policy with us, we will retain your data for 10 years from when your policy expires. We will also retain telephone call recordings for up to 10 years.
Where you have approached us and we provide you with a quotation but you decide not to go ahead, we will retain your data for no more than 15 months.
Where we have obtained your data directly or via a third party – for example another insurance broker or a marketing firm and we have your agreement to contact you at your next renewal, we will retain data for up to two years from your next renewal date.
If your insurance is an employer’s liability policy, we will retain the details of this policy for at least 60 years. This is ensure that the details are available to you should an employee lodge a claim against you far into the future, such as may be the case for an industrial disease where symptoms may not present themselves for many decades.
What rights do you have in relation to your personal data?
You have the following rights in relation to the data we hold about you, however some of these rights may not apply in certain circumstances – details are noted below. SJL have strict internal processes in place that ensure your rights are upheld and that any requests you make in relation to these rights are responded to within 30 days of you making it.
The right to be informed
You have the right as a data subject to be informed in a clear and precise manner about the data we hold about you. Within this privacy notice we detail the nature of this data we hold, the reasons we hold it, how this data is used, who we will share this data with, how long we will retain your data and the rights you have in relation to your data. If you require any further information, you can contact us using the details in the contact us section.
The right of access
In order to demonstrate the legitimacy of the data we hold on you, its accuracy and the lawfulness of the processing We undertake, you have the right to request a copy of all data we hold about you. You can request this information free of charge using the details below in the contact us section. We will provide a copy of all data we hold about you within 30 days of you making this request.
The right to rectification
You have the right to ensure that all data we hold on you is both accurate and complete. If you are concerned that the data we hold about you is inaccurate or incomplete, you can ask us to rectify this. To do so, you should contact us using the details below.
The right to erasure (the right to be forgotten)
You have the right to request that all of the data we hold on you be erased from our systems. We may only be able to comply with this request in specific circumstances. This request would also apply to any third party whom we had shared your data with, and we would notify them accordingly if your request was valid. We would not be able to erase data that is being processed for the purposes of administering a live or lapsed insurance policy unless policy has been lapsed for seven years or more. This is because we have a legal obligation to retain this data for the defence of legal claims should a third party make a claim against your policy. If you require any further information, or you wish to exercise your right of erasure, you should contact us using the details below.
The right to restrict processing
You have the right to restrict our processing of your data under the following circumstances:
- If you contest the accuracy of the information we hold until such time that we are able to verify the accuracy of this data or correct any errors.
- You believe that the processing of this data is unlawful.
- We no longer need the data for any purpose other than for the defence of any future insurance claims made against your policy.
- You are awaiting a decision following an objection you have raised regarding an automated decision making process. If you wish to exercise your right to restrict processing, you should contact us using the details below.
The right to data portability
Where we are processing data under the basis of contractual performance or consent you have the right to request that we provide your data in a machine readable format that you can then share with other businesses or in any other way you see fit. You have the right to request that we transfer your data to third parties directly for them to use as you see fit.
The right to object
You have the right to object to your data being processed. The right to object for direct marketing purposes or profiling of your data for the purpose of direct marketing is absolute and we must cease the processing of your data for these purposes. However for other processing the right to object is not absolute and there may be some compelling reason why we need to continue processing your data. Please contact us using the details below if you want to exercise this right.
The rights regarding automated decision making and profiling.
You have the right to request human intervention into any process involving automated decision making where this results in a legal implication to you. This right would not apply to underwriting decisions or to applications for credit made on our website or internal system as this automated decision making is required for entering into a contract with us. Currently, we do not use automated decision making for any other functions, but if you have concerns regarding this, please contact us using the details below.
The right to complain
You have the right to complain about the use of your data – in the first instance please contact us using the details below. Our complaint handling procedure is available upon request or can be accessed from the SJL websites. You are also entitled to complain to the Information Commissioner by writing to –
Information Commissioner’s Office Wycliffe House
Water Lane Wilmslow Cheshire SK9 5AF
Alternatively, you can access their website here.
What responsibilities do you have?
SJL will always endeavour to ensure that your data is accurate and up to date. If you notice that any information on your policy documentation is incorrect or if any of your data changes, for example you move address, expand your business interests or you bank details, please contact us to make us aware of these changes.
Security
We are committed to ensuring that your data is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic contractual and managerial procedures to safeguard and secure the data we hold and use.
Use of the SJL Website
By running a quotation on any of the SJL websites, including insurisitc.co.uk, you agree that we may call you to discuss the quotation, regardless of whether you chose to proceed with it.
Use of cookies on the SJL website and Universal Analytics
A cookie consists of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser. We use session cookies on our websites. We will use the session cookies to keep track of you whilst you navigate the websites.
We use Google Analytics to analyse the use of our websites. Google Analytics is a web analytics tool that helps website owners understand how visitors use with their website; this is also the only cookie we use on our sites. Google Analytics uses first-party cookies to track visitor interactions. User data gathered in Google Analytics can be analysed to help us to improve our sites.
Google Analytics generates statistical and other information about website use, which are stored on users’ computers. Google will store this information and Google’s privacy policy is available here. For more information on opting out of being tracked by Google Analytics across all the websites you use, visit this here.
For our reporting needs as well as system administration we may gather data about your computer which can include your IP address, operating system and browser type. This is statistical data about our users’ browsing actions and patterns.
Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. For example, in Internet Explorer you can refuse all cookies by clicking, Tools>Internet Options>Privacy and then selecting “Block all cookies” using the sliding selector. Blocking all cookies will, however, have a negative impact upon the usability of many websites, including ours.
Links to other websites
We provide links to third party websites as part of our service to you. We accept no responsibility for any statements, information, content and products associated with these third party websites. We accept no liability for these third parties for any viruses or anything else that could be infectious or destructive.
Contact Us
Postal address: The Compliance Manager,
SJL (Worcester) Ltd T/A SJL Insurance Services The Kays Building,
The Tything. Worcester, WR1 1HD
Email: [email protected].
Telephone: +44 (0) 1905 27775