Privacy Policy UK

Privacy Policy

This Privacy Policy explains when and why we collect personal information about you when you visit our website and app, how it is used, who we share it with and your rights as the data subject.

Note that by visiting www.inshur.com/uk  and using our app you are consenting to the practices described in this Privacy Policy.

About us

Inshur UK Limited is the data controller and is an Appointed Representative of Ambant Underwriting Services Limited and are authorised and regulated by the Financial Conduct Authority under firm reference number 821131.

In this Privacy Policy references to “we” or “us” or “INSHUR” are to Inshur UK Limited.

We reserve the right to amend this Privacy Policy at any time and without notice in response to changes in data protection laws and privacy legislation.

Who we collect personal information about

We collect and hold personal information about:

  • Individuals who currently have or are covered by a motor insurance policy with INSHUR
  • Individuals who have held or were covered by a motor insurance policy with INSHUR, but which is now expired or terminated
  • Individuals who have who have signed-up or obtained a quote from INSHUR but have not taken up a policy
  • Individuals to whom any benefit is payable under a live policy or would have been payable to under an expired or terminated policy
  • Users of the INSHUR app and websites
  • Third party claimants, witnesses to incidents and experts instructed in relation to claims
  • Representatives of policyholders, individuals covered by a policy or a third party

When we collect personal data

We collect personal information:

  • When individuals apply for or to renew a policy
  • When individuals are insured on a policy
  • On a claim under a policy or involving a policy
  • When we are contacted in writing by telephone or social media channels
  • When INSHUR websites or our app is used
  • When individuals respond to a customer survey, complete a feedback form, or vote in a poll on any of the INSHUR websites or app
  • If we are contacted in relation to a complaint
  • When we are alerted to suspected fraud

Uses for your data

The personal information that we collect will depend on your relationship with us. We will collect different information depending on whether you are a policyholder, named driver or other covered party or beneficiary under a policy, website/app user, claimant, witness, expert, representative or other third party.

Please note, in certain circumstances we may request and/or receive “sensitive” or “special categories” of personal information about you. For example, we may need access to health records for the purposes of providing you with a policy or processing claims, or details of any unspent criminal convictions for the purposes of preventing, detecting and investigating fraud.

If you provide personal information to us about other individuals you agree: (a) to inform the individual about the content of this Privacy Policy; and (b) to obtain any consent where we indicate that it is required for the processing of that individual’s personal information in accordance with this Privacy Policy. Please click on the relevant section below for detailed information regarding the types of personal information we are likely to collect and use about you.

Personal information

  • Information such as your name, address, email address, contact details, date of birth, gender, relationship to the policyholder (where are you not the policyholder)
  • Identification information such as driving licence number, taxi licence details and national insurance number
  • Information about your job including job title, employment history, education history and professional accreditations
  • Information relevant to your insurance policy. This will depend on the nature of the policy but could include details about your property and business activities, for example where your vehicle is stored or what local authority you work for
  • Information relevant to your claim or your involvement in an incident giving rise to a claim or a potential claim
  • Information relating to previous policies or claims which you may have been involved in
  • Financial information such as your bank details, payment details and information obtained as a result of our credit checks
  • Information obtained through our use of cookies or similar technologies.
  • Information captured during our telephone calls, including the recording of calls
  • Your marketing preferences
  • IP addresses

Sensitive personal information

  • Details of your current or former physical or mental health
  • Information relating to your criminal history (including offences, alleged offences and any caution, court sentence or criminal convictions)
  • Details of your race and/or ethnicity

How we collect your personal data

We collect personal information from a number of different sources including:

  • Directly from you or from someone else on your behalf by telephone, email, or via our website and app
  • From other third parties involved in your insurance policy or claim such as another insurer, claimants, defendants or witnesses
  • From other third parties who provide a service in relation to your insurance policy or claim such as loss adjusters, claims handlers, experts (including medical experts), healthcare providers and other service providers
  • From medical reports and counsel’s opinions
  • From emergency assistance and medical services providers
  • From claims service providers
  • Via publicly available sources such as internet search engines and social media sites
  • From data contributors such as software houses and intermediaries
  • From credit reference agencies and fraud prevention agencies
  • From risk analysis, fraud prevention, identity verification companies which we may receive data from
  • Via insurance industry fraud prevention and detection databases and sanctions screening tools
  • Via call recordings
  • From third parties who we buy marketing lists from
  • Via our website and app (including through the use of cookies and web analytics tags)
  • From government agencies such as the Driver and Vehicle Licencing Authority (DVLA) or Her Majesty’s Revenue and Customs (HMRC) and from professional regulators
  • From local authorities
  • From brokers and insurance intermediaries
  • From other insurers
  • From CCTV providers

Purposes for which your personal data is used

We may process your information for a number of different purposes and under data protection laws we need a reason for doing so. We have set out below the reasons why we process your information and the applicable circumstances when we will process your personal information.

Our provision and administering of your insurance contract

We may use your personal information for this purpose when:

  • Providing a quote
  • Administering and providing your motor insurance policy
  • Setting you up as a policyholder
  • Providing all related services such as assessing your application and no-claims discount entitlement
  • Managing your insurance policy
  • Handling, paying or repudiating claims
  • Communicating with you and resolving any complaints that you may have
  • Prevention and detection of fraud

We also process the information for our own legitimate business purposes

We may use your personal information for this purpose when:

  • Maintaining our business records including internal reporting, maintaining accounting records, analysing financial results, internal or external audits
  • Receiving professional advice
  • Developing and improving our products and services
  • Providing improved quality, training and security
  • Investigating or detecting the unauthorised use of our systems and securing our system and ensuring the effective operation of our systems
  • Necessary for the purposes of reinsuring
  • Communicating with policyholders
  • Managing our infrastructure and business operations
  • Monitoring usage of our app and websites
  • Tracing or recovering debt

Sometimes we have a legal or regulatory obligation to use your personal information

We may use your personal information for this purpose when:

  • The Prudential Regulation Authority (PRA) or the Financial Conduct Authority (FCA), wish us to maintain certain records of any dealings with you
  • To enable us to assist you with the renewals process, including sending you a reminder and renewal invitation before your renewal date, which will explain how you can renew your insurance policy with us

Occasionally we need to use your information to establish, exercise or defend our legal rights

We may use your personal information for this purpose when:

  • We are faced with any legal claims
  • We want to pursue any legal claims ourselves

Sometimes we need to use your personal information for reasons of substantial public interest

We may use your personal information and your sensitive, criminal convictions or special categories of personal data for this purpose when:

  • Investigating fraudulent claims
  • Carrying out fraud, credit and anti-money laundering checks

Special category and criminal conviction data

Data Protection Legislation allows for the processing of special category and criminal conviction data for an insurance purpose, this includes:

  • The processing of such data for advising on, arranging, underwriting or administering of an insurance contract
  • Administering a claim under an insurance contract

We may use your personal information for this purpose when:

  • Promoting our services
  • Providing marketing information to you (including information about other products and services)
  • Facilitating surveys and market research
  • Selling add-on products on behalf of selected third parties
  • We need to process your sensitive or special categories of personal data e.g. information about your health or criminal convictions

Who we share personal information with

From time to time, we may share your personal information with the other companies in our group and with third parties. We will keep your personal information confidential and only share it with the third parties listed below for the purposes explained previously. We have trusted relationships with these carefully selected third parties and all third parties are bound by contract to maintain the security of your personal information and to use it only as permitted by us. If you would like further information regarding the disclosures of your personal information, please see below for our contact details.

Disclosures within our group

In order to provide our services your personal information is shared with other companies in the INSHUR Group. Your personal information might be shared for our general business administration purposes or for the prevention and detection of fraud.

Disclosures to third parties

We also disclose your information to the third parties listed below for the purposes described in this Privacy Policy. This might include:

  • Our insurance partners such as insurers and reinsurers including Ambant Underwriting Services Limited
  • Other third parties who assist in the administration of insurance policies or such as loss adjusters, first notification of loss providers, claims handlers, accountants, auditors, lawyers and other experts
  • Fraud detection agencies and other third parties who operate and maintain fraud detection registers including but not limited to the Claims and Underwriting Exchange, Insurance Fraud Register, Motor Insurance Anti-Fraud and Theft Register and other centralised insurance industry applications/databases investigative firms we ask to look into claims on our behalf in relation to suspected fraud
  • Motor Insurance Database managed by MDS on behalf of the Motor Insurance Bureau
  • Regulators who include Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA)
  • The police and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime
  • Government agencies such as the Driver and Vehicle Licensing Agency (DVLA) and the Motor Insurers’ Bureau (MIB)
  • Other insurers who provide us with our own insurance
  • Industry bodies
  • Selected third parties on whose behalf we sell optional additional products
  • Debt collection agencies or any organisations we instruct to commence legal proceedings against you
  • Credit reference agencies and fraud prevention agencies
  • Our third party services providers such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, document management providers and tax advisers
  • Product and service providers, such as engineers, salvage agents, rehabilitation providers, foreign claims handling agents, uninsured loss provider and providers of add-on products
  • Selected third parties in connection with the sale, transfer or disposal of our business

We may also disclose your personal information to other third parties where:

  • The disclosure is required by law or by a regulator with authority over us or you, such as where there is a court order, statutory obligation or FCA request; and we believe that such disclosure is necessary in order to assist in the prevention or detection of any criminal action (including fraud) or is otherwise in the overriding public interest

Our approach to sending data outside of the European Economic Area (EEA)

Personal information that we collect may be shared with an organisation located outside of the EEA. It may also be processed by us or by one of our suppliers outside of the EEA. When these circumstances apply, we will always take measures to ensure your data is protected:

  • The country to which the data is being transferred is approved by the European Commission as providing an adequate level of data protection, or in the United States has an EU-US Privacy Shield in place
  • The organisation has agreed on standard contractual clauses in place approved by the European Commission
  • Any requests from organisations such as law enforcement or regulators will be reviewed and validated prior to disclosing data

With the exception of a legal or regulatory requirement, your data will only be transferred outside of the EEA when we are satisfied the country is recognised as having an adequate level of data protection or there is another arrangement in place to offer protection of your data.

Automated decision making

We may use your information to make decisions about you using computerised technology for analysis, assessment, profiling and for marketing purposes. In order to provide you with an efficient service, we may use automated decisions when requesting insurance quotes via the app.

We may also use automated decision making:

  • In understanding a potential policyholder’s ability to meet the cost of insurance premiums or credit
  • To ensure accuracy
  • To validate or enhance information
  • To assess the risk of fraud being committed
  • Profiling of information we collect and hold
  • To establish and utilise pricing models and risk acceptance criteria, which calculating premium and declining a request for insurance

Marketing activities

We may also use your personal information to provide you with information about our products or services which may be of interest to you where you have provided your consent for us to do so.

We are committed to only sending you marketing communications that you have clearly expressed an interest in receiving. If you wish to unsubscribe from marketing emails sent by us, you may do so at any time by clicking on the “unsubscribe” link that appears in all emails. Otherwise, you can always contact us using the details set out in this document to update your contact preferences. In such circumstances, we will continue to send you service-related (non-marketing) communications where necessary.

How long we keep personal information

We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Policy and in order to comply with our legal and regulatory obligations.

In most cases, your personal data will be retained for fifty years. However, it may sometimes be necessary to retain data for longer, for example where there are legal grounds for doing so, or in the event of a claim or a potential claim under a policy. Where a quote is provided but you decide not to proceed, this data will be retained for five years. Even if we delete your personal information it may persist on backup or archival media for legal, tax or regulatory purposes.

Your rights

Under the General Data Protection Regulation (GDPR) you have the right to access or obtain copies of the personal information held about you by us.

A response to your request will be provided to you within one month of us receiving a valid request. If you wish to exercise this right against our partners, you will need to write to them directly. In accordance with the GDPR, we will not charge for this information in most cases.

You have the right to request that we correct any inaccuracies in the personal information held about you. In certain circumstances, you have the right to ask us to erase your personal information, for example where the personal information we collected is no longer necessary for the original purpose or where you withdraw your consent. However, this will need to be balanced against other factors, for example, according to the type of information we hold about you and why we have collected it, there may be some legal and regulatory obligations which mean we cannot comply with your request.

You have a right to submit a complaint to the Information Commissioner if you believe we have not complied with our obligations under the GDPR: www.ico.org.uk/global/contact-us/

You have the right to have your data transmitted directly to another data controller where technically feasible.

You have the right to object to the automated processing of your data including, but not limited to, profiling. This excludes where the processing is necessary for entering into a contract, or the performance of our contractual obligations.

How we protect your information

We use a range of organisational and technical security measures to protect your information.

Where we have given you (or where you have chosen) a password, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

We restrict access to your information as appropriate within INSHUR to those who need to know that information for the purposes set out above.

Firewalls are used to block unauthorised traffic to the servers and the actual servers are located in a secure location which can only be accessed by authorised personnel. Our internal procedures cover the storage, access and disclosure of your information.

Third-party websites

We cannot be held responsible for the privacy policies and practices of other websites potentially linked to our website.

We do take great care in ensuring only links to companies, organisations and individuals following the same standards and policies as us remain on our website, but we cannot guarantee this. In such instances, you are advised to check the privacy policies on external websites that are not a part of INSHUR.

Our contact details

If you have any questions about how we collect, store or use your personal information, you may contact our data protection officer at:

Data Protection Executive

INSHUR, WeWork, 1 Fore St Ave, London, EC2Y 9DT

Email: [email protected]

Changes to our privacy policy

We keep our privacy policy under review and reserve the right to make changes to our privacy policy in accordance with UK legislation. Where applicable we will make you aware of any significant changes by email, text message or post.

We recommend that you make regular checks on our privacy policy to ensure that you are aware of any changes that may have been made.

This policy was last updated on 20th September 2018.