Introduction
The Data Protection Act 2018 (“DPA 2018”) and the General Data Protection Regulation (“GDPR”) impose certain legal obligations in connection with the processing of personal data.
Adler Fairways, Adler Insurance Brokers and Adler Insurance Group are registered trading names of Adler Fairways Insurance Brokers Ltd. Adler Fairways Insurance Brokers Ltd are deemed to be data controllers within the meaning of the GDPR and we process personal data. Our address is Prudent House, 50 Yardley Road, Acocks Green, Birmingham B27 6LG.
We may amend this privacy notice from time to time. If we do so, we will supply you with or otherwise make available to you a copy of the amended privacy notice.
Our Legal Basis
Our intended processing of personal data has the following legal basis:
- At the time you instructed us to act, you gave consent to our processing your personal data for the services required
- The processing is necessary for the performance of our contract with you
- The processing is necessary for our legitimate interests and legal obligations.
It is a requirement of our contract with you that you provide us with the personal data that we request. If you do not provide the information that we request, we may not be able to provide our services to you. If this is the case, we will not be able to commence acting or will need to cease to act.
The information we collect
- Information that you provide to us for the purpose of registering with us including your email address, name, address, business name and address and details of other policies that you hold.
- Information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters.
- Information that you provide to us relating to the risk or services which you have asked us to provide a quotation for.
- Any other information that you choose to send to us.
- If you contact us, we may keep a record of that correspondence.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to these.
- Details of your visits to our website including, but not limited to, traffic data, location data, webchats, browser usage and other communication data.
Why do we need this information
The information which we ask for is necessary for the following reasons
- Offering and providing insurance and related products and services to you
- Establishing and maintaining communications with you
- Verifying your identity and the accuracy of your Personal Information with government agencies, industry associations, insurance companies, underwriting agents, insurance brokers or other insurance intermediaries
- To analyse and assess risks on a prudent basis prior to submission to those parties identified under 3. above
- Facilitating your payment of premiums, commissions and fees
- Investigating claims
- Detecting and preventing fraud or other illegal activities
- Compiling statistics
- Complying with the law or the requests of law enforcement agencies or regulators
- Notifying you or allowing our affiliated companies to notify you of certain products or services offered by our affiliated companies.
Your data security
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the provision of information you have requested. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
We will store all the personal information you provide on our secure servers. All electronic transactions you make to or receive from us will be encrypted using SSL technology.
In addition to this, we adhere to strict Data Protection policies within our office locations which includes the physical security of your data.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Who we may share your data with
On your behalf and during the course of providing quotations and services to you, we may approach the following:
- Insurance Companies
- Reinsurers
- Underwriting Agents
- Other Insurance Intermediaries
- Other Insurance Brokers or Agents
- Surety/Bonding companies
- Credit Providers
- HMRC Sanctions
- Credit Referencing Agencies
- Claims Management Companies
- Debt Recovery Agencies
- Claim Management Companies
- Uninsured Loss Recovery Agents
- Auditors
- External Consultants
- Banks
- Financial Transaction Processors
- Crime and Fraud Prevention Agencies
- Regulators
Data retention
When acting as a data controller and in accordance with recognised good practice within the insurance sector we will retain all of our records relating to you where:
- We have placed insurance for you, we will retain the records for a minimum of seven years after the policy or our services to you end.
- You have issued a complaint to us, we will retain the records for seven years after the finalisation of your compliant.
- You have provided services or products to us and the service agreement is no longer in force, we will retain all relevant records for seven years from the date the business relationship ceased.
- You have contacted us for a quotation but did not proceed with this, we will retain your records for three years.
Your rights under the GDPR
You have a right to view the information we hold.
You may make a subject access request (‘SAR’) at any time to find out more about the personal data which we hold about you. We will usually respond to SARs within one month of receipt (this can be extended by up to two months in the case of complex and/or numerous requests, and in such cases the data subject shall be informed of the need for the extension).
SARs should be sent to the Compliance Officer at the address given above or by emailing info@adlerfairways.co.uk.
We do not charge a fee for the handling of normal SARs. We do however reserve the right to charge reasonable fees for additional copies of information that has already been supplied to you, and for requests that are manifestly unfounded or excessive, particularly where such requests are repetitive.
Right to rectify inaccurate or incorrect information
If the information which we hold is inaccurate or incomplete, you may contact us using the details above stating which part(s) are incorrect and the relevant amendments. We will contact you to notify when the data has been rectified which we aim to complete within one month.
Right to have your data erased
You may contact us using the details above if you wish for your details to be deleted from our records. Please note that these requests are subject to our need to hold data for legal reasons. Where we believe we are unable to delete your details for these reasons, we will provide our decision and the rationale behind this within one month.
Right to withdraw your consent
Where you have consented to our processing of your personal data, you have the right to withdraw that consent at any time. Please inform us immediately if you wish to withdraw your consent but note:
- The withdrawal of consent does not affect the lawfulness of earlier processing
- If you withdraw your consent, we may not be able to continue to provide services to you
- Even if you withdraw your consent, it may remain lawful for us to process your data on another legal basis (e.g. because we have a legal obligation to continue to process your data).
Complaints
If you have requested details of the information we hold about you and you are not happy with our response, or you think we have not complied with the GDPR or DPA 2018 in some other way, you can complain to us. Please send any complaints to the Compliance Officer at the address above.
In addition, if you require further information regarding the GDPR legislation, you can contact the Information Commissioners Office via www.ico.org.uk.