Privacy Notice for Customers
This privacy notice explains how M R Ratcliffe Consultants Ltd (We, Our, Us) use and protect (You, Your) personal data.
Why do We need to hold personal data?
We are a general insurance broker, authorised and regulated by the Financial Conduct Authority (FCA), firm number 309607 which can be confirmed by visiting https://register.fca.org.uk.
We need to hold personal data to meet requests for insurance by providing a quotation relevant to insurance needs and risks, and if a quotation is accepted, to arrange an initial insurance contract, any renewals and to handle any claims. Performance of a contract is a lawful basis for processing personal data.
Unless required by law and the FCA, We will only pass on any personal information to facilitate Your insurance needs. All participants in the insurance market chain are subject to the same data protection rules as Us.
To provide insurance cover and deal with insurance claims in certain circumstances, We and other insurance market participants may need to process Your special categories of personal data, such as medical and criminal convictions records. Your consent to this processing may be necessary for the insurance market participant to achieve this. You may withdraw Your consent to such processing at any time. However, if You withdraw Your consent, this will impact the ability to provide insurance or pay claims.
We may send marketing material about Our products and services to existing and potential customers on a legitimate interest basis as We consider that the information We send will be of interest to You. You may unsubscribe from receiving marketing emails at any time.
Examples of sources We may use for collecting personal data
You (e.g by letter, email, online, telephone, text, face to face)
Other insurance market participants in the insurance life cycle
Credit reference agencies
UK sanctions lists
Government agencies such as the DVLA and HMRC
In the event of a claim, third parties including the other party to the claim (claimant / defendant), witnesses, experts (including medical experts), loss adjustors, solicitors, and claims handlers
What are Our legal obligations to protect Your personal data?
The way We (and other participants in the insurance market chain) handle and hold Your personal data is legislated in the EU General Data Protection Regulation (GDPR) which replaces the UK Data Protection Act 1998 on 25 May 2018.
The GDPR sets out six data protection principles which require personal data to be:
Processed lawfully, fairly and in a transparent manner in relation to individuals
Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes
Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay
Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals
Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organisational measures.
The GDPR provides the following rights of individuals:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling (activity not applicable to Us)
Access to Your information and correction
You have the right to request a copy of the personal data We hold about You, free of charge. However, the GDPR permits a charge of a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive.
We must respond to Your request without delay and at the latest within 30 days of receipt. However, We are allowed to extend the time limit by a further two months where requests are complex or numerous, provided We explain to You within 30 days why an extension is necessary.
If You would like a copy of some or all of Your personal data, please email firstname.lastname@example.org. You have the right to rectification or erasure if inaccurate.
Retention of Your personal data
We will keep Your personal data only for so long as is necessary and for the purpose for which it was originally collected. In particular, for so long as there is any possibility that either You or We may wish to bring a legal claim under this insurance, or where We are required to keep Your personal data due to legal or regulatory reasons.
If We provide a quotation and You do not take out a policy in the first instance We will retain this information so that We are better able to assist You when the policy is up for renewal.
How We comply with legislation
We continually review the control measures We have put in place to reduce the risk of breaches of the GDPR’s principles and rights of individuals. Please email email@example.com for more details of Our data protection processes or to highlight any concerns that Your rights may not have been met. If You are not satisfied with Our response, You are entitled to complain to the Information Commissioner’s Office by email – firstname.lastname@example.org or by telephone – 0303 123 1113 (local rate) or 01625 545 745 (national rate).