Privacy Policy
What this privacy notice covers:
Coral Insurance Services Limited (referred to in this document as “we”, “us” or “our”) takes privacy very seriously. This privacy policy explains our practices including your choice regarding the collection, use and disclosure of your personal data. We may need to collect data from you in relation to your use of our website or services. This privacy policy applies to all data that we collect about you. Please read this privacy policy carefully and contact us if you have any questions using the details provided in the contact and feedback section below.
This privacy policy sets out:
- personal data we collect about you
- why we collect your personal data
- when we collect your data and how long we keep it for
- what we do with your data
- how we and other organisations will keep your personal data safe
- the rights and choices you have when it comes to your personal data
Responsibilities:
We are the Data Controller of the personal data we process and therefore are responsible for ensuring our systems, processes, suppliers and employees comply with data protection laws in relation to the data we handle.
We have a compliance officer, who oversees compliance with data protection laws and this privacy notice, and provides guidance and advice as required. You can contact our Data Protection Officer by emailing [email protected] or by writing to our registered office in the contact and feedback section below.
Personal data we collect about you:
- We collect your personal details including name, date of birth, address, telephone and email address details, so that we may keep you informed and send you information about the service that we are providing to you.
- Special category data: some information is ‘special’ and needs more protection due to its sensitivity. It’s often information you would not want many to know and is very personal to you, such as health/injuries or criminal conviction data. We will only use special category data about you or others for the specific purpose that you provide it.
- Website usage data is collected using cookies. Please see our separate cookies policy for more information on this topic. This can be found on our website here.
- We only collect personal data that we need from you to provide and oversee our service to you and will not collect any unnecessary data.
- We do not sell your data
- We will not pass on your data to be used to contact you about other products or services, unless we have notified you of this beforehand.
When we collect your data and how long we keep it for:
- We collect personal data from you when required on our website
- We are legally required to keep documentation to meet our regulatory and statutory obligations
- We may wish to use your personal data for a new purpose, not covered by this Privacy Notice, we will provide you with a new Privacy Notice explaining this and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
- We are legally required to keep documentation to meet our regulatory and statutory obligations for a period of 7 years from the conclusion of the claim. If the claim is on behalf of a child, the data will be held for a period of 10 years from the child’s 18th birthday. In some cases, we may be required to retain documents for a longer period of time but you will be informed should this be the case. Full details of our retention periods can be obtained by request.
What we do with data:
We will use your data to:
- provide any required service to you
- manage those services we provide to you
- contact and communicate with you
- measure and record usage on our websites and content pages to improve our online services
- maintain internal record keeping and analysis
- help investigate any worries or complaints you have about your services.
In order to provide the service you have contracted us to do, we may share data with some of the following organisations, subject to, where appropriate your specific consent to process this data:
- The underwriter of your insurance policy.
In addition, we may need to share your data to meet our regulatory and legal obligations, with the following organisations:
- Regulatory authorities such as the Financial Conduct Authority.
- Serious Organised Crime Agency (SOCA) where criminal activity is suspected.
- National Crime Agency where fraudulent activity is suspected.
- Office of Financial Sanctions Implementation (OFSI) where our systems indicate that we have a customer that matches against a government list of individuals with frozen assets.
- We need to provide reports on customers that could potentially be involved in money laundering activities.
We share data to protect someone’s life:
- By passing data to relevant authorities where we believe our customer is in danger.
How we and other organisations will keep your personal data safe:
We endeavour to keep all data safe by taking all reasonable precautions to protect data from misuse, loss and unauthorised access, modification or disclosure. Examples of our security are as follows:
- Encryption, meaning that information is hidden so that it cannot be read by anybody who does not have the special key (such as a password). This is done with a secret code or what’s called a ‘cypher’. The hidden information is said to then be ‘encrypted’.
- We carefully control access to systems and networks only allowing authorised people to view your personal information.
- We train our staff on how to handle personal and special category information and how and when to report when something goes wrong.
- We regularly test our systems and network to ensure they are safe and secure.
- We work hard to ensure that our systems are up to date with the latest security enhancements.
- We use anti-virus software to protect our systems and data.
- We operate from secure premises.
- We operate a clear desk policy which ensures that all data is securely stored when not in use.
- We have robust contracts with our suppliers to ensure they operate to the same high standards that we do.
- We review all contracts of business regularly, and ensure that our key suppliers apply the same levels of protection, security and confidentiality we apply. From time to time we may need to process some of your data using third party processors located in countries outside of the European Economic Area (EEA), for example, for the purposes of data hosting, analytics, credit searches and fraud prevention. If your data is processed outside of the EEA, we will take all necessary steps to ensure it is adequately protected. This includes ensuring there is an agreement in place with the third parties which provides the same level of protection as required by the data protection regulations in the UK and EEA.
The rights and choices you have when it comes to your personal data:
You have a number of legal rights over the personal information held by us. These include the right to:
- access your personal information held in our records, whether electronically or manually;
- correct or update any personal information that you think is incorrect; to object to further processing;
- ask us to delete your personal information. We will only be able to accommodate this request where it is no longer necessary for the purpose(s) for which it was provided or where we no longer have a lawful basis to process your personal information;
- receive the personal information we hold about you in a portable format
- receive information regarding decisions made through any automated means; and
- ask us to stop processing your personal information in certain circumstances.
If you wish to exercise these rights please contact [email protected] for more details on how to do this.
Further information can also be found on the Information Commissioner’s Office website (www.ico.org.uk)
Contact and Feedback:
If you have any queries or wish to raise a complaint on how we have handled your personal data, please contact our compliance officer at:
Coral Insurance Services Limited, Bath House, 16 Bath Row, Stamford, Lincolnshire, PE9 2QU.
Or you can email us at [email protected].
If at any time you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (www.ico.org.uk).