In taking out an insurance policy through Got You Covered Limited, you have supplied us with your personal information, and this Privacy Notice explains how we will use it. In this Privacy Notice, “we”, “us” and “our” refers to Got You Covered Limited.
When we say, “you” and “Your” in this notice, we mean anyone whose personal information we may collect, including:
• Anyone seeking an insurance quote from us or whose details are provided during the quotation process
• Policyholders and anyone named on or covered by the policy
• Anyone who may benefit from or be directly involved in the policy or a claim, including claimants and witnesses.
WHO WE ARE
Got You Covered Limited is an insurance broker, authorised and regulated by the Financial Conduct Authority. We are on the Financial Services Register No 771679 (www.FCA.org.uk/register). The company is registered in England and Wales number 10024801; and its registered address is Webb Ellis House, Rugby Road, Twickenham TW1 1DS
When providing personal information about others, you confirm that you have the consent of these individuals to supply their personal information.
You have the right to withdraw consent at any time (see ‘Your Rights’). This may limit or terminate the contract of insurance that you arranged through us. Due to legal obligations with road traffic laws and regulatory requirements, we may not be able to remove your personal information.
HOW WE USE YOUR INFORMATION
Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you. Your information includes personal details that you provided to us or your insurer, which is then used in a number of ways to process your insurance application, administer your insurance policy or any subsequent claim that you may make.
The processing of the information you provide is necessary for the performance of the contract, including:
• Providing quotes;
• Performing vehicle and licence checks and validating information provided to us;
• Maintaining and updating your policy record;
• Administering your policy including handling claims;
• The renewal of your policy;
• Processing any claim that you or someone else makes;
• Understanding our customer’s needs and requirements;
• Analysing and research of products and services provided in the Group;
• To inform you about special offers and news in relation to insurance products and services, referral programs and helpful tips via email marketing with Mailchimp;
• Analysing the premium, and terms and conditions we offer where automated decision making applies;
• Performing credit checks and validating information provided to us;
• Dealing with complaints;
• Preventing financial crime to meet our legal obligations;
• Prospective buyers or purchasers in the event Got You Covered Limited wishes to sell all or part of its business;
• Where we process special categories of data(including data relating to health or criminal convictions), we will do this on the basis that it is necessary for the performance of your insurance contract and for reasons of substantial public interest.
AUTOMATING DECISION MAKING, INCLUDING PROFILING
We may use profiling and automated decision making, to; assess insurance risks, detect fraud, and administer your policy. As part of the processing of your personal data, ‘accept’ or ‘decline’ decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if:
• our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers; or is inconsistent with your previous submissions; or
• you appear to have deliberately hidden your true identity.
This helps us decide whether to offer you insurance, determine prices and validate claims. If you disagree with the outcome of an automated decision please contact us and we will review the decision.
We also use computer systems to carry out modelling. Sometimes using your personal information and sometimes using data in anonymised form. We conduct this modelling for a variety of reasons, for example, for risk assessment purposes to make decisions about you, such as your likelihood to claim.
However, we may also use your personal information in that modelling to make decisions about how we improve and develop our products and services, or our pricing, or to better understand how our prospective customers make decisions about which policy is the optimal policy (i.e., we are not making decisions directly about you).
WHAT PERSONAL INFORMATION WE COLLECT
We collect the following types of personal information about you so we can complete the activities explained in “How we use your information:”
• Basic personal details such as name, age, address and gender
• Family, lifestyle and social circumstances, such as marital status, dependants and employment type
• Financial details such as direct debit or payment card information and other information to assess your financial status.
• Photographs and/or video to help us manage policies and assess claims
• Tracking and location information if it is relevant to your policy or claims and in some cases surveillance reports
• Identification checks and background information about you we need to collect in order to assess the risk to be insured including previous claims information, data relating to your health and criminal convictions, including requesting a copy of your driving licence summary (DLS)
• Medical information if it is relevant to your policy or claim
• Accessibility details if we need to make reasonable adjustments to help
• Business activities if it is relevant to your policy or claim
• Credit history, credit score, sanctions/PEP check result and information received from various anti-fraud databases about you.
• Identifiers assigned to your computer or other internet connected device including your Internet Protocol (IP) address
HOW WE COLLECT PERSONAL INFORMATION
We may collect personal information from various sources including you, your representative, your employer or from publicly available sources, including information you have made public, for example on social media.
We also collect information from other persons or organisations, for example:
• Credit reference and/or fraud prevention agencies
• Emergency services, law enforcement agencies, medical and legal practices
• Insurance industry registers and databases used to detect and prevent insurance fraud, for example the Claims and Underwriting Exchange (CUE)
• Governmental and regulatory bodies such as HMRC,MIB, DVLA, the Financial Conduct Authority, the Prudential Regulation Authority, the Financial Ombudsman’s Service, and the Information Commissioner’s Office;
• Insurance investigators and claims service providers
• Service providers who provide the service for our products
• Debt collection agencies who collect money owed to us.
• Other involved parties, for example; claimants or witnesses
WHO WE SHARE YOUR INFORMATION WITH
We may share your personal information with third parties and other companies within our Group of companies for the purposes mentioned in ‘how we use your information’, please contact the Data Protection Officer for a full list of Group companies. We may share your information with third parties, including our product and service suppliers, agents, other insurers, reinsurers, parties involved in handling a claim, fraud prevention agencies and the police and government bodies if we believe that this is reasonably required for the prevention and detection of crime and fraud. This assists in keeping your premiums low.
We may pass your details and any information or documentation you provide to us to the recognised centralised insurance industry registers and databases, credit reference agencies, and policy and claims checking systems. Data may also be released to third parties if we are required to do so under the terms of a court order, for regulatory purposes or in the investigation and settlement of a claim or a complaint.
When we and fraud prevention agencies process your personal data, we do so on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
We, and fraud prevention agencies, may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
We will only share your information in compliance with data protection laws.
CONSEQUENCES OF PROCESSING
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services, goods or financing you have requested, or to employ you, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.
HOW LONG YOUR INFORMATION WILL BE KEPT
We will only hold your information for as long as necessary to administer the policy, manage our business or in order to comply with legal or regulatory requirements. This will be in line with our data retention policy.
TRANSFERRING PERSONAL INFORMATION OUTSIDE THE UK
Some of the organisations we share your personal information may be located in the European Union (EU) where your personal information is protected by laws equivalent to those in the UK. If we have to transfer data to organisations in a third country outside the EU, our contracts with these parties require them to provide an equivalent level of protection for your personal information to ensure your data continues to be protected by ensuring appropriate safeguards are in place.
You have the right to:
• Object to us using your personal information. We will either agree to stop using it or explain why we are unable to
• Ask for a copy of the personal information we hold about you, subject to certain exemptions
• Ask us to update or correct your personal information to keep it accurate
• Ask us to delete your personal information from our records if it is no longer needed for the original purpose Ask us to restrict the use of your personal information in certain circumstances
• Ask for a copy of the personal information you provided to us, so you can use it for your own purposes Ask us, at any time, to stop using your personal information, if using it is based only on your consent
• Complain about how we handle your data (see ‘Who to contact’ below)
WHO TO CONTACT
If you wish to exercise any of your rights or have any queries about how we use your personal information, please contact our Data Protection Officer:
We will consider your request and either comply with it or explain why we are not able to. Please note, we may request evidence of your identity to process your request.
If you are not happy with any aspect of how we handle your data, we encourage you to come to us in the first instance but you are entitled to complain to the Information Commissioner’s Office (ICO):
Writing: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5A
Last updated 5 April 2023