Privacy and Personal Data Policy
The Plan Group Limited (also referred to as “we”, “us”, or “our”) are a registered company in England (Company no. 04108942). Our registered address is Prospero, 73 London Road, Redhill, Surrey, England, RH1 1LQ. We also trade as Plan Insurance Brokers and Yellow Jersey.
The purpose of this policy
This policy is designed to help you understand what kind of information we collect in connection with our products and services and how we will process and use this information. In the course of providing you with products and services we will collect and process information that is commonly known as personal data.
This policy describes how we collect, use, share, retain and safeguard personal data.
This policy sets out your individual rights; we explain these later in the policy but in summary these rights include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.
What is personal data?
Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s name, age, address, date of birth, their gender and contact details.
Personal data may contain information which is known as special categories of personal data. This may be information relating to an individual’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, or data relating to or sexual orientation. Personal data may also contain data relating to criminal convictions and offences.
For the purposes of safeguarding and processing criminal conviction and offence data responsibly, this data is treated in the same manner as special categories of personal data, where we are legally required to comply with specific data processing requirements.
How do we collect your data?
- directly from you either on the telephone, through our website or via written correspondence
- from a third party from whom you have requested an insurance quotation
- from any party through which you have requested or agreed to receive contact from providers of insurance for the purposes of obtaining a quotation
When do we collect your data?
- We will gather your data when you or one of the third parties mentioned above obtains or attempts to obtain a quote, when you incept, renew or amend a policy, or, when making a claim
- We may also collect personal information about you when you use our websites, enter one of our competitions or use our social channels
What data will we gather?
We will only gather data that is necessary for us to provide our services to you. This data will include both personal and special category data. The following are examples of the data we will gather:
- Details of claims on policies held with us
- Details of all previous insurance quotes that you have requested from us
- Details of all policies held with us including dates of purchase, lapse and cancellation
- Your payment history relating to policies held with us and the length of time you have been a customer with us.
- Data from credit references or debt collection agencies (e.g. your credit rating)
- Information from insurers, witnesses, third parties and solicitors (e.g. accident details); and
- Browsing insights, marketing preferences
We may also need to collect personal data relating to others in order to provide and administer insurance. In most circumstances, you will provide us with this information. Where you disclose the personal data of others, you must ensure you are entitled to do so.
How is your personal information handled by us?
The protection of your information is important to us and we therefore have security measures in place which are appropriate to the nature of the information we hold and to the harm that might result from a breach of security.
- we do not hold more information about you than is required for the purposes for which it is being processed
- we endeavour to ensure that any information about you is accurate and kept up to date
- we do not keep your information for longer than is necessary or as required by law
- we process your information in accordance with your rights under the relevant Data Protection Laws
We will share your personal data within our group of companies including affiliates and subsidiaries. This is normal practice within the insurance industry where it is necessary to share information in order to place, quantify and underwrite risks, to assess overall risk exposure and to process claims. It is also necessary to determine the premium payable and to administer our business.
We also share personal data with authorised third parties, this is necessary where we are required to do so by law, where we need to administer our business, to quote for, source, place and administer your insurances including arranging insurance premium finance, to perform underwriting activities and to process claims. Some examples follow:
- Premium finance providers;
- Credit reference agencies;
- Debt recovery agencies;
- Claims handling companies;
- Loss adjusters;
- Insurance brokers;
Most of the insurers we deal with have entered into a sharing of information agreement to help prevent insurance fraud. Whenever you arrange your insurance through us, this will be on the basis that you agree to your Insurer passing your claims information onto the Claim Underwriting Exchange. To help prevent fraudulent claims most of the insurers with whom we deal will exchange information with other insurers through various databases. In order to help detect vehicle owners who break the law by not having insurance, your insurer will supply details of your motor insurance to a database which can be accessed by the police or other insurers.
A selection of telephone calls will be recorded for training and quality purposes.
Our lawful bases for processing your information
Below we list the lawful bases under which we may process your personal data
Consent: when you give us your clear consent that we can process your data or a specific purpose.
Contract: processing is necessary for us to execute a contract
Legal obligation: processing is necessary for us to comply with the law
Vital interests: processing is necessary to protect someone’s life.
Public task: processing necessary to perform a task in the public interest
Legitimate interests: processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate.
In the table below we summarise how we collect data, for what purpose, and our legal bases for processing it:
|Purpose||Type of information||How the data is collected||Legal basis for processing|
|To carry out our business
· Provide you with a quote
· Process a renewal
· Establish a policy
· Administer your policy
· Mid-Term Adjustments (MTAs)
· Handle claims
· Deal with complaints
· Improve our services and their delivery
|· Basic personal and commercial details
· Information related to the way you carry out your business, (e.g. licences, vehicles, etc)
· Information about your other policies (e.g. claims history, quotes history)
· Information about others (e.g. family members who may drive a vehicle you seek to insure with us).
If you give us information about another person, it is your responsibility to ensure and confirm that these people are aware and agree for you to do so.
· Special Category data (criminal records, health information)
|· Via a quote form on our website
· Via a quote form on a comparison website
· Over the phone
· In writing
· Via Email
· When you renew or amend a policy
· When you make a claim
Our legal obligations
|To improve our offer and services||· Online customer behavior insight (e.g. time and general location when you visited our website)
· Devices you used to interact with our services (e.g. phone model or PC screen size)
· Pages of our websites or blogs you have visited, links clicked, emails opened
· Time spent on a page or form
|· Cookies placed on our websites: google analytics (sessions and browsing insights), hotjar (activity on the website), google adwords (remarketing)
|Our legitimate interests
|· Questions related to your business, the industry, your vehicles if you fill in a survey we sent you
· Information you share while leaving your feedback or posting on our social channels Your feedback related to our service and products
· Feedback (feefo, google reviews)
· Social media posts (Facebook, Twitter)
|Competitions and prize giveaways||· Basic social media profile: twitter handle and name, Facebook profile name
· Your name, address and phone number in order to send you a prize and to contact you
· Other ad hoc data, typically if we ask a question (e.g. “what is your favourite people carrier vehicle?”)
|· Social media platforms
· Our website and blog
|Marketing and Offers||· Basic details of your business
· Your basic details (e.g. name, email address)
Over the phone
|Our legitimate interests
Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.
These rights are known as Individual Rights under the Data Protection Act 2018. The following list details these rights:
- The right to be informed about the personal data being processed;
- The right of access to your personal data;
- The right to object to the processing of your personal data;
- The right to restrict the processing of your personal data;
- The right to rectification of your personal data;
- The right to erasure of your personal data;
- The right to data portability (to receive an electronic copy of your personal data);
- Rights relating to automated decision making including profiling.
Individuals can exercise their Individual Rights at any time. As mandated by law we will not charge a fee to process these requests, however if your request is considered to be repetitive, wholly unfounded and/or excessive, we are entitled to charge a reasonable administration fee.
In exercising your Individual Rights, you should understand that in some situations we may be unable to fully meet your request, for example if you make a request for us to delete all your personal data, we may be required to retain some data for taxation, prevention of crime and for regulatory and other statutory purposes.
You should understand that when exercising your rights, a substantial public or vital interest may take precedence over any request you make. In addition, where these interests apply, we are required by law to grant access to this data for law enforcement, legal and/or health related matters.
The flow of data within the insurance sector is complex and we ask you to keep this in mind when exercising your ‘rights of access’ to your information. Where we may be reliant on other organisations to help satisfy your request this may impact on timescales.
If you require further information on your Individual Rights or you wish to exercise your Individual Rights, please contact our data privacy representative Nick Cole by e-mailing email@example.com or by writing to Plan Group Ltd, Prospero, 73 London Road, Redhill, RH1 1LQ .
We will retain your personal data at the end of any contractual agreement for a period of 7 years. We will retain special category and criminal conviction data for a period of 7 years. Where you have submitted a claim, we will retain your data for a period of 7 years if it is a non-injury claim; where an individual has been injured (physical and physiological), we will retain your data for 7 years. Where you have requested a quote, we will retain your personal data for 7 years, where you have contacted us for details of our services and products, we will retain your personal data for 18 months. Where you make a complaint we will retain the data for 7 years. Where you or law enforcement agencies inform us about any active investigation or potential criminal prosecution, we will comply with legal requirements when retaining this data.
The retaining of data is necessary where required for contractual, legal or regulatory purposes or for our legitimate business interests for statistical analysis (profiling) and product development and marketing purposes
Sometimes we may need to retain your data for longer, for example if we are representing you or defending ourselves in a legal dispute or as required by law or where evidence exists that a future claim may occur.
We will take all appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data, including when sharing your data within our business and authorised third parties.
If you are dissatisfied with any aspect of the way in which we process your personal data please contact our data privacy representative Nick Cole. You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office(ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns/, by live chat or by calling their helpline on 0303 123 1113.
How to contact us
If you have any questions regarding this policy, the use of your data and your Individual Rights please contact our data privacy representative at Plan Group Ltd, Prospero, 73 London Road, Redhill, RH1 1LQ or by e-mailing firstname.lastname@example.org or by telephoning 02086558990.