We only collect and process your personal data if:
- It is necessary in order for us to be able to provide our service or product, which you have either requested a quotation or contracted for; or
- You have agreed to it; or
- It is necessary for compliance with our legal and/or regulatory obligations as providers of insurance; or
- Under specific circumstances, if it is necessary to protect your life and vital interests; or
- We have legitimate reason or where there is reasons of substantial public interest to do so, such as for fraud prevention, debt collection and anti-money laundering checks; or
- The data is already publicly available.
We collect and process the personal data that you provide about yourself and others to be covered under by the policy when interacting with us, either online or via email, phone or post. We may also collect data about you from any health services providers involved in delivering our services to you.
Such personal data may include, but is not limited to the following:
- First name and surname;
- Postal and/or email address;
- Gender, date of birth;
- Country of residence and/or nationality;
- Unique identifier information (e.g. your customer username or number and password);
- Financial information (e.g. payment card or bank account information);
- Health information, where it is relevant to the service we provide;
- Other details relevant to your particular insurance requirements;
- Some details provided by your device such as IP address, device ID, device type, and location data.
We may use the personal data we collect and process about you in order to:
- Provide you with access to our website;
- Provide and administer your insurance quotation and policy, and to process claims;
- Process any payments required for the products and services you have requested;
- Provide you with information including without limitation, quotations, service documentation, brochures, newsletters and responses to applications;
- Respond to any enquiries from you regarding our products and services;
- Where you have agreed, provide you with information about certain other goods and services which we believe may be of interest to you;
- Offer customer surveys to help us improve our service;
- To help us improve our services and products;
- Meet our legal and regulatory obligations;
- Detect and prevent fraud or other illegal activities.
Some of the personal information we process may be sensitive information, such as details about your health or medical records. Where appropriate, we will rely on a specific legal exemption to process your sensitive personal data for insurance purposes, where it is an essential as part of your insurance cover. Otherwise we will ask for your consent, before collecting and processing your sensitive information. Please note that we may not be able to sell you an insurance policy or deal with a claim if we are unable to process relevant sensitive information.
We may use your personal data, including your health data, to automatically determine, based on a risk assessment of both the likelihood and cost of you making a claim, whether to offer insurance cover, what insurance products to offer, whether to offer to renewal cover, and to arrive at the price of that insurance cover. You have the right to request a personal review by us of such decisions so that you may express your point of view and ask us to reconsider such decisions.
The personal information we have collected from you will be shared with fraud prevention agencies and databases who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies and databases, and your data protection rights, can be found by visiting www.cifas.org.uk/fpn and www.insurancefraudbureau.org/privacy-policy.
When you make a claim, we may use automated processes, to assist in determination of whether to accept a claim. You have the right to request a personal review by us of such decisions so that you may express your point of view and ask us to reconsider such decisions.
If you wish to opt-out of any automated decision-making, please let us know, however, in some circumstances we may not be able to offer or provide you with a quote for a policy as some automated decisions are required to provide your insurance policy.
The name and other details about your insurer and how they process your information can be found in your policy wording.
If you provide information about anyone else, you confirm that they (or their legal guardian) have agreed that you may give us their information, including sensitive information, for the reasons described in this document.
We will not share your personal data with anyone else unless you agree to this, or such sharing is necessary to fulfil our contract with you, or we are legally allowed or required to do so. Moreover, your personal data will only be shared with selected organisations which comply with our security procedures and policies.
Organisations we may share your personal data with include:
- Another member of our group of companies where they help provide our services to you;
- Our service providers and subcontractors, where they help us provide our services to you;
- To a regulating body or other authority where we need to comply with a regulatory or legal obligation;
- Crime prevention or debt collection organisations;
- When required to protect our legitimate interests.
Some of those organisations may be based in a country outside the European Economic Area or where different data privacy laws apply. We will only transfer your personal data to that country if they ensure an adequate level of protection of your rights and freedoms, the transfer is necessary for the performance of your contract, or you have given us your consent, or that organisation is contractually bound to meet European Economic Area data protection law.
We will not sell your personal data to anyone.
We handle your personal data in accordance with adequate and reasonable procedures and technologies in order to maintain and protect its security, availability, confidentiality and integrity, and prevent its unlawful or unauthorised processing, accidental loss or damage, from its collection until its destruction.
Where personal data is transmitted across the internet, it will be encrypted.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of your personal data, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
We will only keep your personal data for as long as it is needed for the purposes for which it was collected and we will remove from our systems all personal data which is no longer required.
We will only retain your personal data after this time where we are required to do so, in order to meet a regulatory or legal obligation.
You have the right at any time and, normally, free of charge to:
- Request a copy of the personal data we hold about you and certain details as to how we use it. We may charge a reasonable fee to provide further copies, and can refuse to give you this information if your requests are clearly unjustified or excessive;
- Have your personal data corrected if it is inaccurate or incomplete;
- In certain circumstances, request the deletion of your personal data for example, where it is no longer necessary for us to keep it for the purpose for which it was originally collected or processed, unless we have a legal or regulatory obligation to retain the personal data;
- Ask for further processing of your personal data to be restricted. Where you have previously entered into a contracted service or product with us, this may imply cancelling the contracted service or product;
- In certain circumstances, to request that we transfer your personal information to another third party, where technically feasible;
- Request that you are not subject to automatic individual decision-making;
- Withdraw your agreement to direct marketing.
Where we have requested your consent, you have the right to withdraw this. However, in some circumstances we may no longer be able to process your insurance policy.
For the purposes of data protection legislation, Columbus Insurance Services Ltd is the data controller.
Columbus Insurance Services Ltd is part of the Collinson group of companies.
Data Protection Officer, Columbus Insurance Services Ltd, Sussex House, Perrymount Road, Haywards Heath, West Sussex, United Kingdom, RH16 1DN
If you are unsatisfied with our response, you can contact the Information Commissioner’s Office (ICO). Further information can be found at https://ico.org.uk/. Additionally you have the right at any time to lodge a complaint with the ICO in relation to how we use your data.