PRIVACY NOTICE

Please take time to read this document carefully as it contains details of the bases on which we will process (collect, use, share, transfer) and store your information. You should show this notice to all parties related to this insurance arrangement. If you have given us information about someone else, you are deemed to have their permission to do so.


Further information you can e-mail dataprotection@kdhinsurance.co.uk or write to our Compliance Manager at KDH Insurance Brokers Ltd, Progress House, Churchill Court, Faraday Drive, Bridgnorth, WV15 5BA.


Use of Information


We (KDH Insurance Brokers Limited who is the insurance intermediary with whom you have arranged your insurance) treat your personally identifiable information strictly in accordance with The General Data Protection Regulations (GDPR) 2018.


Data Controller and Data Processor


Principally we will ensure data is processed lawfully, fairly and in an open and transparent manner and ensure appropriate security measures are in place against unauthorised or unlawful processing or accidental loss, destruction or damage using appropriate technical or organisational measures. (such as restricting access to key people within our organisation for certain aspects of your information; and periodically checking the level of security we apply to prevent unauthorised use, accidental loss, or misuse of your information)


We are governed by and shall operate strictly in accordance with contracts we have in place with our suppliers (e.g. Insurance Companies, our Software Provider, and similar providers of services to us) which set out our relationship as a processor as required by the GDPR 2018.


Lawful Bases


Collecting information about you


We will collect personal data which will include a variety of information about you (e.g. your name, address of residence, communication and contact details, and your date of birth). We will also collect where relevant to do so information relating to you indirectly by reference to an identifier (e.g. your IP address, which is a unique number identifying your computer, laptop or similar portable device). 


Where required and appropriate to do so, we will also collect sensitive personal information (e.g. details about motoring or criminal convictions, your health, your credit history and other similarly sensitive information).


In certain circumstances (e.g. when an Insurance Company or similar provider of services to us requires us to do so) we will collect information from a variety of different sources (e.g. publicly available sources, such as social media and networking sites; third party databases generally available to the financial services sector, or boarder commerce industries including, claims management firms, loss adjusters and or other suppliers appointed in the process of handling a claim or credit reference and similar agencies), including information from you regarding your past policies.


Using information about you


We use information, including sensitive information, about you, and other parties related to this insurance, because it is: 

  • necessary for the performance of or to take steps for you to enter into a contract of insurance; or
  • necessary for compliance with a legal obligation

This includes providing you with an insurance quotation, arranging a policy, and providing administration through-out the lifecycle of an insurance arrangement as well helping you make a claim. 


In certain circumstances, such as when you request a quotation, make changes to an existing policy or at each renewal of an insurance arrangement, our assessment may involve a decision to determine whether we are able to provide you with an insurance arrangement.


We will also use your information when there is a justifiable reason for doing so, such as compliance with legal obligation (e.g. for the prevention and detection of fraud and financial crime); and for the recording and monitoring of telephone calls for auditing reasons.


Sharing your information


We will share information, including sensitive information, about you, and other parties related to this insurance because it is:

  • necessary for the performance of or to take steps for you to enter into a contract of insurance; or
  • necessary for compliance with a legal obligation
  • necessary to protect your interests; and 
  • necessary for a task carried out in the public interest or for an exercise of an official authority (e.g. a regulatory body)

This includes sharing your informationwith carefully selected third parties providing a service to us or on our behalf and or Close Premium Finance Limited or similar)


What we will not do with your information


Unless required to do so by law, or for reasons other than those outlined (see sharing your information) we will never otherwise share your personal information without good reason and without ensuring the appropriate care and necessary safeguards are in place; and we will ask you for your consent to share that information, explaining the reasons.


How long we will keep information


We will only keep and or maintain information about you for as long as is necessary in providing our products and services to you or for compliance with a legal or regulatory obligation, including the legitimate interests of a controller.


This means, we will only keep, information that is necessary to keep, purely for compliance with legal reasons, for a minimum retention period of 7 years after cessation of a product or service we have provided. 


This shall be in compliance with the GDPR 2018 and using appropriate technical or organisational measures we will regularly:

  • review the length of time we keep and or maintain information about you;
  • consider the purpose or purposes why we hold the information about you in deciding whether (and for how long) to retain it;
  • securely delete information about you that is no longer needed for this purpose or these purposes; and
  • update, archive or securely delete information about you if it goes out of date.

Sensitive Data


In carrying out our duties as Data Processor we will collect sensitive information, about you, and other parties related to this insurance because it is:

  • necessary for the performance of or to take steps for you to enter into a contract of insurance; or
  • necessary for compliance with a legal obligation
  • necessary to protect your interests; and 
  • necessary for a task carried out in the public interest or for an exercise of an official authority (e.g. a regulatory body)

What we mean by sensitive data includes information such as:

  • about your health including medical conditions;
  • motoring or other criminal convictions; and
  • racial or ethnic origin or religious beliefs.

Use and storage of your information overseas


We will never knowingly transfer, store, or process information about you outside the European Economic Area (EEA). In any event, if we are compelled to transfer your information outside the EEA (e.g. because it is an insurance arrangement with an Insurance Company who is outside the EEA or part of a larger group of companies who pass information outside the EEA) it shall be in compliance with the conditions for transfer set out in the GDPR and or restricted to a country which is considered to have adequate data protection laws, and all reasonable steps shall typically have been undertaken to ensure the firm has suitable standards in place to protect your information.


Using our Website and Cookies


You will be asked to accept a cookie, which is a small file of letters and numbers that is downloaded on to your computer when you visit our website. This will be clearly explained to you when you visit our website and you will typically have to accept the cookie to benefit from the services our website can offer.


Cookies are operated in strict accordance with Privacy and Electronic Communications Regulations 2011 (PECR) and are widely used by many websites and enable our website to remember your preferences, recording information you have entered. 


Individual Rights


You have a number of rights relating to the information we hold about you, these rights include but are not limited to:

  • a copy of your personal information we hold (we have a maximum of one month to give you this information);
  • rectify information, if it is inaccurate or incomplete;
  • request the deletion or removal of your personal data where there is no compelling reason for its continued processing;
  • suppress processing of your personal data, when processing is restricted, we are permitted to store the personal data, but not further process
  • it. We will retain sufficient information about the individual to ensure that the restriction is respected in future (see Marketing);
  • object to certain uses of your personal information (see Marketing);
  • withdraw any permission you have previously provided; and 
  • complain to the Information Commissioner’s Office at any time if you are not satisfied with our use of your information.

You can request a copy of your personally identifiable information we hold by contacting us. You have a right to data portability so we will normally, not only provide the information free of charge (however we may apply a charge where information requests are excessive) but we will provide that information in a format that is easily accessible, typically in a CSV format, should you require it to allow your information to be exchanged easily with other organisations.


Further information you can e-mail dataprotection@kdhinsurance.co.uk or write to our Compliance Manager, KDH Insurance Brokers Ltd, Progress House, Churchill Court, Faraday Drive, Bridgnorth, WV15 5BA.


Marketing Section 


Separately we will always ask for your permission (consent) to contact you, including the means to contact you (such as by phone, or e-mail, SMS text, or post) to tell you about;

  • new products or services we have or are developing;
  • trialling products and services which we think may improve our service to you or our business processes;
  • offer you rewards;
  • enter you into a competition;

We will typically ask for your permission when you first contact us, but you will maintain the right to easily withdraw your consent when-ever you wish (unsubscribe). We will regularly review your consent to check that your relationship with us and the processing and the purposes have not changed.


We will have processes in place to refresh your consent at appropriate intervals, including any parental consents and act on withdrawals of consent (unsubscribe) as soon as we can and not penalise you if you not choose to give or later choose to withdraw your consent.