Home > Legal > Privacy

COLUMBUS DIRECT ("we") are committed to protecting and respecting your privacy.  This Privacy notice explains how we treat any personal data we collect and process when you use our website, services or products.

1. Collection and processing of your personal data

We only collect and process your personal data:

  • Where it is necessary in order for us to be able to provide our service or product, which you have either requested a quotation or contracted for; or

  • Where you have provided your consent to our use of your personal information.  We will only ask for your consent in relation to processing your sensitive information, such as health data, or when we would like to send you marketing information.  

  • Where it is necessary for compliance with our legal and/or regulatory obligations for example, when our regulators the Financial Conduct Authority (FCA) and our Data Protection regulator, the Information Commissioner’s Office (ICO) wish us to maintain certain records of any dealing with you.

  • Under specific circumstances, where it is necessary for your vital interests, this being life or death matter.  or

  • Where we have appropriate legitimate business reason such as maintaining our business records, developing and improving our services, all whilst ensuring that such business reason does not interfere with your rights and freedoms and does not cause you any unnecessary harm, or

  • Where there is reasons of substantial public interest to do so, such as investigating fraudulent activities, debt collection and anti-money laundering checks; or  

  • Where the data is already publicly available.

2. What types of personal data we handle

We collect and process the personal data that you provide about yourself and others to be covered under by the policy when interacting with us, either online or via email, phone or post. We may also collect data about you from any health services providers involved in delivering our services to you.

Such personal data may include, but is not limited to the following:

  • First name and surname;
  • Postal and/or email address;
  • Gender, date of birth;
  • Country of residence and/or nationality;
  • Unique identifier information (e.g. your customer username or number and password);
  • Financial information (e.g. payment card or bank account information);
  • Health information, where it is relevant to the service we provide;
  • Other details relevant to your particular insurance requirements;
  • Some details provided by your device such as IP address, device
  • ID, device type, and location data.
3. How we use your personal data

We may use the personal data we collect and process about you in order to:

  • Provide you with access to our website;
  • Provide and administer your insurance quotation and policy, and to process claims;
  • Process any payments required for the products and services you have requested;
  • Provide you with information including without limitation, quotations, service documentation, brochures, newsletters and responses to applications;
  • Respond to any enquiries from you regarding our products and services;
  • Where you have agreed, provide you with information about certain other goods and services which we believe may be of interest to you;
  • Offer customer surveys to help us improve our service;
  • To help us improve our services and products;
  • Meet our legal and regulatory obligations;
  • Detect and prevent fraud or other illegal activities.

Some of the personal information we process may be sensitive information, such as details about your health or medical records. Where appropriate, we will rely on a specific legal exemption to process your sensitive personal data for insurance purposes, where it is an essential as part of your insurance cover. Otherwise we will ask for your consent, before collecting and processing your sensitive information. Please note that we may not be able to sell you an insurance policy or deal with a claim if we are unable to process relevant sensitive information.

We may use your personal data, including your health data, to automatically determine, based on a risk assessment of both the likelihood and cost of you making a claim, whether to offer insurance cover, what insurance products to offer, whether to offer to renewal cover, and to arrive at the price of that insurance cover.  You have the right to request a personal review by us of such decisions so that you may express your point of view and ask us to reconsider such decisions.

The personal information we have collected from you will be shared with fraud prevention agencies and databases who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies and databases, and your data protection rights, can be found by visiting www.cifas.org.uk/fpn and www.insurancefraudbureau.org/privacy-policy.

When you make a claim, we may use automated processes, to assist in determination of whether to accept a claim. You have the right to request a personal review by us of such decisions so that you may express your point of view and ask us to reconsider such decisions.

If you wish to opt-out of any automated decision-making, please let us know, however, in some circumstances we may not be able to offer or provide you with a quote for a policy as some automated decisions are required to provide your insurance policy.

The name and other details about your insurer and how they process your information can be found in your policy wording.

If you provide information about anyone else, you confirm that they (or their legal guardian) have agreed that you may give us their information, including sensitive information, for the reasons described in this document.

4. Personal data sharing and transferring

We will not share your personal data with anyone else unless you agree to this, or such sharing is necessary to fulfil our contract with you, or we are legally allowed or required to do so. Moreover, your personal data will only be shared with selected organisations which comply with our security procedures and policies.

Organisations we may share your personal data with include:

  • Another member of our group of companies where they help provide our services to you;
  • Our service providers and subcontractors, where they help us provide our services to you;
  • To a regulating body or other authority where we need to comply with a regulatory or legal obligation;
  • Crime prevention or debt collection organisations;
  • When required to protect our legitimate interests.

Some of those organisations may be based in a country outside the European Economic Area or where different data privacy laws apply. We will only transfer your personal data to that country if they ensure an adequate level of protection of your rights and freedoms, the transfer is necessary for the performance of your contract, or you have given us your consent, or that organisation is contractually bound to meet European Economic Area data protection law.

We will not sell your personal data to anyone.

5. Personal data protection and storage

Personal data collected and processed in accordance with this Privacy Policy is stored on secure servers located in the United Kingdom or Republic of Ireland.

We handle your personal data in accordance with adequate and reasonable procedures and technologies in order to maintain and protect its security, availability, confidentiality and integrity, and prevent its unlawful or unauthorised processing, accidental loss or damage, from its collection until its destruction.

Where personal data is transmitted across the internet, it will be encrypted.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of your personal data, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

6. Personal data disposal and retention

We will only keep your personal data for as long as is necessary for the purposes for which it was collected and where we are required to do so, in order to meet a regulatory or legal obligation.

At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.

7. Use of cookies

We use cookies on our website in order to improve your user experience by enabling our website to 'remember' you, either for the duration of your visit (using a 'session cookie') or for repeat visits (using a 'persistent cookie').  We may also use cookies to enable us to target our services or products based, for example, on your location and/or browsing habits.

Please click here to read our Cookie Policy which explains what we do and how you can alter your cookie settings.

8. Your rights

You have the right at any time and, normally, free of charge to:

  • Request a copy of the personal data we hold about you and certain details as to how we use it. We may charge a reasonable fee to provide further copies, and can refuse to give you this information if your requests are clearly unjustified or excessive;
  • Have your personal data corrected if it is inaccurate or incomplete;
  • In certain circumstances, request the deletion of your personal data for example, where it is no longer necessary for us to keep it for the purpose for which it was originally collected or processed, unless we have a legal or regulatory obligation to retain the personal data;
  • Ask for further processing of your personal data to be restricted. Where you have previously entered into a contracted service or product with us, this may imply cancelling the contracted service or product;
  • In certain circumstances, to request that we transfer your personal information to another third party, where technically feasible;
  • Request that you are not subject to automatic individual decision-making;
  • Withdraw your agreement to direct marketing.

Where we have requested your consent, you have the right to withdraw this.  However, in some circumstances we may no longer be able to process your insurance policy.

9. How to contact us

For the purposes of data protection legislation, Collinson Insurance Services Ltd is the data controller.

Collinson Insurance Services Ltd is part of the Collinson group of companies.

To exercise any of your rights, or if you have any questions about our Privacy Notice, or if you wish to make a complaint about the use of your personal data, or you want to report a security issue, please contact our Data Protection Officer, the details of which are below:

Data Protection Officer, Collinson Insurance Services Ltd, Sussex House, Perrymount Road, Haywards Heath, West Sussex, United Kingdom, RH16 1DN

Data.Protection@ColumbusDirect.com

If you are unsatisfied with our response, you can contact the Information Commissioner’s Office (ICO). Further information can be found at https://ico.org.uk/. Additionally you have the right at any time to lodge a complaint with the ICO in relation to how we use your data.

10. Other websites

Our website may contain links to other websites. This Privacy Notice only applies to our website, services and products so when you link to other websites, you should read their own privacy notices.

11. Changes to our policy

We keep our Privacy Notice under regular review and we will make any new versions available on our website, you should check our website regularly to view the most up to date privacy notice. This Privacy Notice was last updated on 3rd May 2022.