Privacy Notice for Customers
This privacy notice explains to customers how M R Ratcliffe Consultants Ltd (We, Our, Us) use and protect customers’ (You, Your) personal data.
Why do We need to hold personal data about Our customers?
We are a general insurance broker, authorised and regulated by the Financial Conduct Authority (FCA), firm number 309607 which can be confirmed by visiting https://register.fca.org.uk.
We need Your personal data in order to meet Your request for insurance by providing a quotation relevant to Your insurance needs and risks, and if You accept the quotation, to arrange an initial insurance contract, any renewals and to handle any claims you submit. Performance of a contract is a lawful basis for processing personal data.
Unless required by law and the FCA, We will only pass on any personal information to facilitate Your insurance needs. All participants in the insurance market chain are subject to the same data protection rules as Us.
In order to provide insurance cover and deal with insurance claims in certain circumstances, We and other insurance market participants may need to process your special categories of personal data, such as medical and criminal convictions records. Your consent to this processing may be necessary for the insurance market participant to achieve this. You may withdraw Your consent to such processing at any time. However, if You withdraw Your consent, this will impact the ability to provide insurance or pay claims.
We may send marketing material about new products to existing customers. We will seek consent for further contact for purely marketing exercises. Consent can be withdrawn at any time.
Consent is another lawful basis for processing personal data.
Examples of sources We may use for collecting Your personal data
You (e.g by letter, email, fax, online, telephone, text, face to face)
- Other insurance market participants in the insurance life cycle
- Credit reference agencies
- UK sanctions lists
- Government agencies such as the DVLA and HMRC
In the event of a claim, third parties including the other party to the claim (claimant / defendant), witnesses, experts (including medical experts), loss adjustors, solicitors, and claims handlers
What are Our legal obligations to protect Your personal data?
The way We (and other participants in the insurance market chain) handle and hold Your personal data is legislated in the EU General Data Protection Regulation (GDPR) which replaces the UK Data Protection Act 1998 on 25 May 2018.
The GDPR sets out six data protection principles which require personal data to be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
- Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organisational measures.
The GDPR provides the following rights of individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling (activity not applicable to Us)
Access to Your information and correction
You have the right to request a copy of the personal data We hold about You, free of charge. However, the GDPR permits a charge of a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive.
We must respond to Your request without delay and at the latest within 30 days of receipt. However, We are allowed to extend the time limit by a further two months where requests are complex or numerous, provided We explain to You within 30 days why an extension is necessary.
If You would like a copy of some or all of Your personal data, please email email@example.com. You have the right to rectification or erasure if inaccurate.
Retention of Your personal data
We will keep Your personal data only for so long as is necessary and for the purpose for which it was originally collected. In particular, for so long as there is any possibility that either You or We may wish to bring a legal claim under this insurance, or where We are required to keep Your personal data due to legal or regulatory reasons.
How We comply with legislation
We continually review the control measures We have put in place to reduce the risk of breaches of the GDPR’s principles and rights of individuals. Please email firstname.lastname@example.org for more details of Our data protection processes or to highlight any concerns that Your rights may not have been met. If You are not satisfied with Our response, You are entitled to complain to the Information Commissioner’s Office by email – email@example.com or by telephone – 0303 123 1113 (local rate) or 01625 545 745 (national rate).