Castleacre Insurance Services Ltd, registered office:
Castleacre House, 26 High Street, Hadleigh, Suffolk IP7 5AP.
We act as insurance brokers working with a wide variety of insurers to provide insurance quotations and arranging insurance cover on your behalf.
To provide insurance quotations and insurance cover we will ask for, hold, and process personal information.
- We are data controllers and data processors.
- Our lead data protection authority is the Information Commissioners Office in the UK.
- We hold data responsibly, fairly, legally and transparently.
The information we collect is provided directly by you, either through our online enquiry form, a direct telephone conversation, email or letter.
We only collect data that is adequate, relevant and limited to the needs of obtaining insurance quotes and for the purposes of arranging and administering insurance cover and arranging premium credit if required.
Our Lawful Basis For Controlling And Processing Data
We ask for personal information to help us
- provide a quotation for insurance purposes
- to perform our contract with you and the insurer
- legal compliancy and legitimate interests
- to help inform you about our products and services
- and substantial public interest in arranging insurance and settling claims
We only disclose information to third parties who either help us perform this contract, or help us fulfil our legal obligations and legitimate interests.
Who Do We Share Your Information With?
Your personal information is shared with:
- Our database mangers
- Credit agencies (only where credit is requested)and in the event of a claim
- Loss adjusters
- Third party claims administrators
- Legal representatives (where necessary)
At quotation and before any policy renewal we use the personal information you provide to perform a sanctions check to ascertain if you have been involved in money laundering. If you have acted unlawfully we are legally obliged to pass this information on to relevant authorities.
In certain circumstances insurers/credit providers may use your information to access public data from a variety of sources. This can be to verify your identity or credit worthiness, to avoid fraud or arrange beneficial payment terms on your behalf. This information could be sourced from credit reference agencies and other external organisations. We have no access to the information obtained by insurers or credit providers and we do not hold this information on our database.
If a complaint arises your information is shared with the Financial Services Compensation Scheme, and the Financial Ombudsman. If the complaint is connected specifically with your data, such as a breach, your information will be shared with the Information Commissioners Office.
What Information Do We Collect?
- Title, Name, Address, Telephone and Email. (If you are asking for a quotation which includes additional people you must secure their agreement before disclosing any of their personal details to us)
- Date of Birth
- Risk details
- Description of risk/property
- Value of all property you wish to insure
- Claims history
In addition we will ask for
Special Category Sensitive Personal Information*
- We ask if you or other parties seeking cover, have had any criminal charges (other than motoring charges) brought against you, and we retain your response on our data base
- We also ask if you have ever had bankruptcy filed against you and we keep your response on our database
- Occasionally we will need to ask for some health information (in relation to travel or health cover) and we keep your response on our database
*Sensitive Personal Information Notice
This personal information falls into a special category as defined by the new General Data Protection Regulations 25 May 2018.
We are allowed under the legislation to collect and hold such information for specified ‘insurance purposes’ without your specific consent but it will only be used for the purposes set out above. If you give us information about another person, in doing so you confirm that they have given your permission to provide it to us and that we may use their personal data in the same way as your own as set out in this notice.
Any payments and any personal information required for such payments are managed either through a Secure Payment Service or through our bank, personal bank details are not processed internally.
How Do We Use (Process)Your Personal Information?
When we collect personal information through our online enquiry form, or via direct email, telephone or letter from you, we use it to provide a quotation for insurance and or arrange insurance.
The information you provide on request helps us assess your insurance risk and allows us to communicate with you and insurers and establish whether we are able to arrange and administer insurance cover on your behalf. We process this data as part of our mutual legitimate interests and it helps us perform our contract with you and trusted third party providers.
We do not use your data for automatic decision-making (including risk profiling) although third party service providers such as insurers may do so.
As part of our legitimate interests we may use the information to improve our products and services for your benefit. We may forward information that we think you may find useful using the email address, or postal address which you have provided. From time to time, we may also use your information to contact you for market research purposes. We may use the information to customise the website according to your interests. Legislation allows certain communications with current or previous customers in our own commercial interests. In other circumstances we can only do so with explicit consent. If you do not wish to receive information on this basis you have the right to ask us to stop contacting you in this capacity at any time.
International Transfers of Data
We may transfer your data to destinations outside the European Economic Area (EEA) and when we do we will ensure that it is treated securely and in accordance with the regulations.
Where Do We Hold Your Personal Information?
We hold your personal information on our database and if you use an online contact form on the form’s interface on our website. For legal and contract reasons we keep this information up to date but rely on you advising us of any changes to ensure our records are accurate.
How Long Do We Keep This Information?
- If you enter into an insurance contract with us and take out a policy we will keep your information for the period of your cover and for a period of seven years afterwards, in case any problems arise in relation to this contract, after which the liability ends.
We also hold your personal information to provide a quotation at renewal, to keep you informed about any changes in the service or terms and any relevant products or services that we think will be helpful to you.
- If you ask for a quote or contact us via our online enquiry form but do not proceed with insurance we will retain your personal information for a reasonable period, to enable you to revisit or take up your quotation at a later stage.
Data Collected Via Cookies On Our Website
What Are Cookies?
Cookies are small files that a site or its service provider transfers to your computer’s hard drive via your Web browser to help recognize your browser and capture and remember certain information. Cookies on our main website (excluding the online enquiry form) do not gather information that can identify individuals but use IP information to help improve and evaluate the website – for example cookies can help identify the general geographical areas (such as country) of site visitors or the most visited web pages within a website.
Cookies On Our Website
This information is not gathered from your disk or computer but via the browser and in our case we used SSL protocols when collecting visitor information, so it cannot be viewed by other parties unless they have been contracted by us to provide a service.
We do contract with third-party service providers, to assist us in better understanding how visitors use our website. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business. For instance we use Google Analytics,a website analytics service, provide by Google Inc, to evaluate and improve visitor experience on our site.
Cookies Used On Our Contact Form
Cookies used on our contact form are use to gather personal information such as name, email or telephone. This information is used to respond to a request from you and may help us provide services and is held as part of our mutual legitimate interests. We will only disclose this information to third parties who either help us perform a contract with you, fulfil our legal obligations and or it is in our legitimate interests.
If you prefer, you can choose a setting on your browser which will warn you each time a cookie is being sent via our website. You can choose to turn off cookies altogether but this will affect how our website functions and you will not be able to access some services such as contact forms.
How Do We Protect Your Information?
Security and confidentially are important to our clients and to us and we employ data protection by design and by default. We use SSL protocols on our website, which is standard security technology that establishes an encrypted link between a web server and browser. This link ensures that all data passed between a web server and a browser remains private. We also use a password protected database management system and a private server and we have implemented hardware firewalls. We are not complacent and continuously monitor and review digital security.
It is our responsibility to ensure that we have procedures in place to identify data breaches swiftly and efficiently and that we report any breaches to the ICO within a 72 hours period.
Third Party Data Security
We do not disclose your information to third parties for other purposes such as marketing.
Your Privacy Rights
You have certain Rights in Respect of Your Personal Data
- You have the right to ask us what personal data we hold
- We must give you access to this data within one month of the request and at no cost to you
- We must rectify any errors if you ask us to
- We must erase your data if you ask us to(unless we have a legal obligation to retain it – for example in performing a contract with you or an insurer)
- We must restrict the processing of your data if you ask us to(unless as before we have a legal obligation to process it or the processing forms part of a contract)
- Right to portability of your data usually in machine readable format so it can be given on your request to another provider
- Rights to information in relation to automated decision making and profiling that may be used by an insurer.
Who Is Our Data Protection Officer?
Guy Everington ACII, Director Castleacre Insurance
How Do You Find Out What Information We Hold About You?
You can contact us at anytime to ask us what personal information we hold but we will need proof of your identity before we disclose this information. You can email or write to us at the following address:
Castleacre Insurance Services Ltd, Castleacre House, 26 High Street, Hadleigh,
Suffolk IP7 5AP