Data Privacy Notice
The purpose of this notice is to inform you how we use your personal information.
The term “personal information” refers to personally identifiable information about an individual such as their name, birthday, telephone number, email address or postal address.
EC Insurance Services Ltd (ECIS) acts as a Data Controller in respect of the personal information that it processes. Contact details for ECIS and its Data Protection Officer are shown at the foot of this notice.
Scope of our Data Privacy Notice
This data privacy notice applies to anyone who interacts with us about our products and services, in any way (for example, by email, through our website, by phone). We will give you further privacy information if necessary for specific contact methods or in relation to specific products or services.
This data privacy notice applies to you if you ask us about, buy or use our products and services. It describes how we handle your information, regardless of the way you contact us (for example, by email, through our website, by phone and so on). We will provide you with further information or notices if necessary, depending on the way we interact with each other.
How We Collect Personal Information
We collect personal information from you and from third parties (anyone acting on your behalf – for example your employer or insurance broker).
We collect personal information from you through your contact with us, including by phone (we may record or monitor phone calls to make sure we are keeping to legal rules, codes of practice and internal policies, and for quality assurance purposes), by email, through our websites, by post, by filling in application or other forms, by entering competitions, through social media or face-to-face (for example, by attending events).
Your personal information may be disclosed to us by your employer in the course of purchasing insurance for their employees. When personal information has been disclosed to ECIS in this was way your employer is responsible for ensuring that you have been informed of how your data will be used.
Your personal information may be disclosed to us by the main participant in an insurance contract (such as private medical insurance) in the course of purchasing insurance for their dependants. When personal information has been disclosed to ECIS in this way the main participant is responsible for ensuring that you have been informed of how your data will be used.
Where you have provided us with Personal Data about another person, you have confirmed to us during the presentation of the risk and/or in the proposal form or claim notification that they have appointed you to act for them and that they consent to the processing of their personal information as set out in this Notice.
What We Use Your Personal Information For
By registering or allowing the registration by a third party of your personal information with us either through our website or providing information to us in any other way, you have agreed to us processing your personal information for specific purposes, including arranging your insurance cover (including renewals and handling claims), complying with legal requirements, accounts administration, customer services, credit checks, fraud prevention and marketing our products and services.
ECIS has a legitimate interest in processing the personal information that it receives in order to arrange and administer insurance policies, including Private Medical, Personal Accident and Life Insurance. Without the ability to process your personal information, ECIS is unable to arrange or administer insurance policies under which you would otherwise be covered.
Sharing Your Information
In order to arrange and administer your insurance cover (or process any claims), we will disclose some or all of your personal information to our holding company, our insurance partners, auditors and IT providers as well as your employer if you are covered under a group scheme.
If required, we will disclose some or all of your personal information to people or organisations we have to, or are allowed to, by law (for example, for fraud prevention or safeguarding purposes) and with the police and other law enforcement agencies to help them perform their duties.
When your personal information is transferred to third parties it will be done so in a secure electronic manner using encrypted files.
ECIS will not share your personal information outside the European Union.
Where your personal information is shared with third parties, such as our insurance partners, we recommend that you read their privacy policies to understand how they will use your data.
ECIS will never sell your data and your details will be kept safe and secure at all times when it is within our servers. As with all data communications through the internet, where your personal information has been sent electronically to any third party, ECIS cannot provide complete guarantees that it will remain secure, although we will take all appropriate steps to minimise risk.
Marketing & Preferences
We will use your contact details to keep you informed by post, email or telephone of our additional products or services and development with the insurance and other industry sectors which may be of interest to you. Please note that these details may continue to be used for these purposes after your policy has lapsed. If you do not wish your contact details to be used for marketing purposes as set out above, please email us at firstname.lastname@example.org or write to us at the address provided at the end of this Notice.
Processing for Profiling and Automated Decision-Making
Your personal information will not be used for profiling by ECIS.
Your personal information will be used by ECIS to automate renewal notifications and to calculate premiums for certain insurance products based on age.
How Long We Keep Your Personal Information
Your personal information will be retained in accordance with our Data Retention Policy. This Policy takes into account the purpose for which the data was collected, legal and regulatory requirements for retaining certain types of data and the reasonable record keeping requirements of ECIS.
Under the General Data Protection Regulation (GDPR), you have the following rights in respect of your personal information that ECIS processes:
- The Right to be Informed about the collection and use of your personal information.
- The Right to Access your personal information and supplementary information, including how it is being used.
- The Right to Rectification of inaccurate or incomplete personal information.
- The Right to Erasure of your personal information in certain circumstances.
- The Right to Restrict Processing of your personal information in certain circumstances.
- The Right to Data Portability in certain circumstances.
- The Right to Object to ECIS using your data for specific purposes.
- The Right to Information on how your personal information is used for profiling purposes.
- The Right to bring a complaint about ECIS’s processing or handling of your personal information to the Information Commissioner’s Office (ICO). You can do this through the ICO website at https://ico.org.uk/concerns/.
Please note: Other than your right to object to the use of your data for direct marketing (and profiling to the extent used for the purposes of direct marketing), your rights are not absolute: they do not always apply in all cases and we will let you know in our correspondence with you how we will be able to comply with your request.
If you make a request, we will ask you to confirm your identity if we need to, and to provide information that helps us to understand your request better. If we do not meet your request, we will explain why.
Data Protection Contacts
If you have any questions about this Data Privacy Notice, or to make any request in accordance with your rights, please email us at email@example.com or write to us at the address given below. ECIS will respond to all requests without undue delay and not later than one month after the request has been received. ECIS will not charge a fee for responding to any requests in respect of your Personal Data Rights.
EC Insurance Services Ltd
24 – 26 South Park
The Data Protection Officer for ECIS is Martyn Burnley. Martyn can be contacted by email at firstname.lastname@example.org or by post at the address above.