PRIVACY AND COOKIES NOTICE
Last updated: October 20211. BACKGROUND
We are committed to protecting and respecting your privacy in accordance with the current Data Protection Legislation (“Legislation”). This notice sets out the basis on which we will process any personal data that we collect from you, or that you provide to us. For the purposes of the Legislation, the Data Controller in relation to any personal data you supply to us is Car Care Plan Limited.
Car Care Plan Limited is part of the Car Care Plan (Holdings) Limited Group of Companies and the AmTrust Group of Companies.
2. INFORMATION WE MAY COLLECT OR RECEIVE ABOUT YOU
We collect and process personal data that you provide directly to us by filling in forms, via our website, over the phone, via email or via mobile phone apps, or that we receive via third parties (for example – vehicle manufacturers, motor dealerships, insurance brokers, claims investigators / handlers and other business partners). This includes the following categories of data:
- General identification and contact information: Name; address; e-mail and telephone number; personal identification number or similar identity number; gender; date of birth; marital status; relationship with the customer, policyholder, insured or claimant; and membership (information that we receive from you or a third party).
- Information enabling us to provide products and services: For example vehicle details including vehicle registration number, vehicle identification number (VIN), vehicle make and model; membership information; previous claims history; date and cause of a claim made; as well as other insurances you subscribed for (information that we receive from you or a third party).
- Financial information and account details: Payment card number; bank account number and account details; and other financial information (information that we receive from you or a third party).
- Sensitive information: We are committed to the protection and fair treatment of customers in vulnerable circumstances. Where a vulnerability has been identified by us or has been disclosed by you, we will record this on our system. This enables us to provide you with the best assistance as part of the claims handling process and other customer service processes you may require from us at any time. This record may be classed as sensitive data where it concerns your health. Sensitive data will only be used for this specific purpose, and will be treated securely and in line with this privacy notice and our regulatory obligations.
- Information which is necessary to discover, prevent or investigate fraud or investigations towards financial sanctions lists: We may process personal data to enable us to discover, prevent or investigate fraud or fulfil our duty to check all transactions against financial sanctions lists before issuing cover or processing payments.
- Telephone recordings: Recordings of telephone calls to and from our representatives and call centres.
- Marketing preferences: You may let us know your marketing preferences, and take part in sales promotions.
3. HOW WE USE YOUR INFORMATION
All data that you supply or we receive from third parties are normally necessary for entering into a contract with us and for us to be able to carry out our obligations towards you under the contract. We also need to process the data for other purposes described below
Category of personal data | Purpose of processing | Legal basis for processing |
---|---|---|
General identification and contact information | For providing products, services and insurance, administering memberships, handling claims, handling complaints, informing of changes to our service and any other related purposes – this may include underwriting decisions made via automated means. | Fulfil our contractual obligations towards you; or |
Our legitimate interests of improving our products and services, development of our systems and offering you relevant products and services. | ||
To validate/confirm your identity | Fulfil our contractual obligations towards you; or | |
Comply with applicable laws. | ||
For marketing activities | Consent. | |
For offering renewal, research or statistical purposes | Our legitimate interests of improving our products and services, development of our systems and offering you relevant products and services; or | |
Fulfil our contractual obligations towards you. | ||
To answer your questions through the web, e-mail, mail or phone | Fulfil our contractual obligations towards you. | |
To prevent, discover, investigate criminal offences (including fraud) | Comply with applicable laws. | |
To comply with applicable laws and regulatory obligations. | Comply with applicable laws. | |
Information enabling us to provide products and services | For providing products, services and insurance, administering memberships, handling claims, handling complaints, informing of changes to our service and any other related purposes – this may include underwriting decisions made via automated means. | Fulfil our contractual obligations towards you; or |
Our legitimate interests of improving our products and services, development of our systems and offering you relevant products and services. | ||
Financial information and account details | To facilitate payments to and from you. | Fulfil our contractual obligations towards you. |
To perform claims handling. | Fulfil our contractual obligations towards you. | |
Sensitive information | To ensure the protection and fair treatment of customers in vulnerable circumstances. | Comply with applicable laws. |
Information which is necessary to discover, prevent or investigate fraud or investigations towards financial sanctions lists | Discover, prevent or investigate fraud or investigations towards financial sanctions lists. | Comply with applicable laws. |
Telephone recordings | Document communications / agreement, quality improvement, educational purposes and security (for example, with respect to recorded or monitored phone calls to and from our contact centres) and complaints management. | Fulfil our contractual obligations towards you or, at your request, take necessary steps prior to entering into a contract with you; or |
Our legitimate interests of improving our products and services, development of our systems and to offer you relevant products. | ||
Marketing preferences | Marketing activities (including information about other products and services which are offered by us or our business partners) in accordance with your preferences. | Consent. |
4. DISCLOSURE OF YOUR PERSONAL DATA
To enable us to support our general business activities and regulatory obligations, we may disclose your data to; (a) companies within the AmTrust Group; (b) external parties or our businesses partners who are involved in offering products and services to you; (c) our service providers; and (d) governmental or other public authorities. These categories include:
- Companies within AmTrust Group – You will find a list of the companies included in the AmTrust Group at www.amtrustinternational.com.
- External parties or business partners – Affinity partners and financial institutions; vehicle manufacturers, motor dealerships and repairers; brokers, agents, third party administrators, reinsurers and other insurance intermediaries and other business partners.
- Our service providers – External service providers, such as business and credit scoring companies, accountants, actuaries; call centre service providers; auditors, experts, lawyers and other outside professional advisors; IT systems, support and hosting service providers; printing, advertising, marketing and market research and analysis service providers; banks and financial institutions; third-party claim administrators; claim investigators and adjusters; and outsourced service providers that assist us in carrying out business activities.
- Governmental or other public authorities – We may share personal data with governmental or other public authorities (including, but not limited to supervisory authorities, courts, law enforcement, tax authorities and criminal investigations agencies and to authorities we are obligated to provide information to).
We may also disclose your personal information:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If any AmTrust company or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- In order to enforce or apply our terms of use set out in the terms of use or terms and conditions page and other agreements; or to protect the rights, property or safety of AmTrust, our customers or others.
5. INTERNATIONAL TRANSFERS OF DATA
For the purposes stated above, and where applicable, we may transfer your personal data to destinations outside the European Economic Area (“EEA”). Where we transfer your personal data outside of the EEA, we will ensure that it is treated securely, and in accordance with this privacy notice and the Legislation. We only transfer data to countries deemed as having adequate protection by the European Commission or, where there is no adequacy decision, we use the European Commission approved ‘Standard Contractual Clauses’ with such parties to protect the data. A copy of the ‘Standard Contractual Clauses’ can be obtained by writing to The Data Protection Officer at the address detailed in Section 11.6. YOUR RIGHTS
You have the right to:
- Refuse/change marketing preferences – You may at any time ask us not to process your data for marketing purposes or change your preferences for marketing.
- Request a copy of personal data we hold about you – You may request access to the personal data that we store about you.
- Erasure of personal data – Under certain circumstances, such as when you have revoked your previously given consent and there is no other legal ground available for us to process your personal data, you may request to have your personal data erased. In some cases, we may have the right to retain certain personal data despite your request of erasure.
- Correction of personal data – You have the right to request correction of or erasure of inadequate, incomplete or incorrect personal data.
- Restriction and object to future processing – You are, under certain circumstances, entitled to restrict the processing of your personal data to only comprise storage of the personal data, e.g. during the time when we assess whether you are entitled to have personal data erased in accordance with (c) above. If the processing of your personal data is based on a balancing of interests and you deem that your integrity interest overrides our legitimate interest to process your personal data, you may also, on grounds related to your particular situation, object to the processing by contacting us on the contact details stated below, in which case we must have a compelling reason in order to continue to process the personal data for the relevant purpose.
- Data portability – When personal data is processed electronically, and on the basis of your consent or on the basis that the processing is necessary in order to perform under a contract with you, and provided that the personal data has been provided or generated by you, you are entitled to receive a copy of your personal data in a common machine-readable format.
- Not be subject to fully automated decision-making, including profiling – If a decision is made, using automated means, which has legal effects or significantly affects you, you have the right to object to the processing in certain circumstances. This right does not apply if the decision-making is necessary in order to perform under a contract with you, if the decision-making is permitted under applicable law or if you have provided your explicit consent.
- Complain to the supervisory authority – You are welcome to contact us with any enquiries and complaints that you may have regarding the processing of your personal data. You also have the right to lodge complaints pertaining to the processing of your personal data to the local Data Protection Authority. We would request that you contact us in the first instance so that we may try to resolve your complaint as quickly as possible. In the UK, the relevant Data Protection Authority is the Information Commissioner’s Office (ICO). Website: https://ico.org.uk/
- Withdraw consent – If we rely on your consent as our legal basis for using your personal data, you have a right to withdraw your consent to such use.
7. COOKIES
Our website uses cookies to distinguish you from other users of our website.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For example, we are interested in the number of visitors and the pages they visit; which pages are most and least popular. By applying what we learn about site visitor habits, we can adapt the content to try and make it more easily accessible, relevant and interesting to site visitors. Some of our pages display content from external providers, e.g. YouTube, Google and Facebook. These third-party providers maintain their own cookie and privacy policies, that you may want to review, but over which we have no control.
We use the following cookies:
- Necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
- Preference cookies. These are cookies used to remember information about your visit to our site between visits. We may need to do this to improve your use of the website, such as remembering any feature preferences.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Marketing cookies. These are cookies used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.
The cookies we use do NOT hold any personally identifiable data about you, such as:
- Names
- Phone Numbers
- Email Addresses
- Mailing Addresses
- Bank Account Numbers
- Credit Card Information
You can at any time change or withdraw your consent from the Cookie Declaration on our website. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site. Please refer to your browser’s ‘help’ facility on how to configure accepting cookies. For more information on cookies and deletion of cookies please visit: www.allaboutcookies.org/manage-cookies.
8. MARKETING
Where you have provided consent, we may contact you (by mail, e-mail, telephone, text, or other agreed means) in order to tell you about products, services or offers that we believe will be of interest to you, or to provide you with commercial updates. If you do not wish us to continue marketing to you, please let us know at CCPMarketing@amtrustgroup.com.9. RETENTION
Your data will not be retained for longer than is necessary, and will be managed in accordance with our data retention policy. In most cases the retention period will be for a period of ten (10) years following the expiry of the contract, or our business relationship with you, unless we are required to retain the data for a longer period due to business, legal or regulatory requirements. In any case, where data is retained we will endeavour to delete or to anonymise any personal elements, in order to maintain your privacy and security.
10. CHANGES TO OUR PRIVACY POLICY
We may revise our privacy policy at any time by amending this page. You are expected to check this page from time to time to take notice of any changes we make.
11. QUESTIONS IN RELATION TO OUR PRIVACY POLICY OR USE OF YOUR DATA
If you have any questions concerning our privacy policy or our use of your personal data, including exercising your rights detailed in Section 6, you can contact the Data Protection Officer:
The Data Protection Officer,
Car Care Plan Limited,
Jubilee House,
5 Mid-Point Business Park,
Thornbury,
West Yorkshire BD3 7AG,
England.
or email CCPH_DPA@carcareplan.co.uk.