Who we are:
SPB UK & Ireland Ltd is the group name of Citymain Administrators Ltd, Citymain Ltd, Burnett & Associates Ltd, Burnetts Computer Services Ltd and Phone Service Centre Ltd. All of these companies are responsible for looking after your personal data and are governed by this Privacy
At SPB UK & Ireland we collect and use personal information for insurance policy, claims and card loss administration services. We are aware of our responsibilities to handle your personal data with care, to keep it secure and comply with applicable privacy and data protection laws.
1. What information we collect and how:
We will collect data from you when you contact us directly for a policy quotation or visit one of our websites. * If you purchase a policy from one of our business partners your personal data will be provided to enable us to provide policy, claims and card loss administration services.
We may also collect information about you from other sources to help fraud detection and financial crime prevention. These other sources include registers held by reputable organisations.
The data collected may include:
- Any personal details you provide when requesting a quotation or when you purchase insurance such as name, address, email address, telephone number, bank sort code and account number if your policy is paid by monthly direct debit.
Any personal details forwarded to us by a third party on whose behalf we are providing a policy, claim or card loss administration service on behalf of the third party.
- Your IP address (this is your computer's individual identification number) which is automatically logged by our web server. This is used to note your interest in our website.
- Your preferences and use of email updates (if you select to receive email updates on products and offers).
- Session information stored in cookies, these do not include any personal information and are used to ensure the correct data is extracted from the database when using our interactive systems.
- Any additional information you submit to make a claim for example date of birth, name and address of the device user and vehicle registration number if item stolen from a car and other information you provide when making a claim. Further we may hold police crime reports.
- Any additional information you submit while using any of our websites
*Please note that some elements of our websites are managed and operated by our Group Head office at 71 Quai Colbert 76095 Le Havre Cedex France, and therefore will be subject to the following:
In accordance with French data protection legislation of January 6, 1978 as amended by the Act of August 6, 2004 (articles 38-43 of Act no. 78-17 of January 6, 1978 concerning "Information Technology, Files and Freedom of Information") you have the right to access, change, correct or delete information that refers to you by name. To exercise this right, you should write to the Group Communication Department, SPB, 40-44, Rue Washington 75008 Paris - FRANCE.
For information on France's data protection legislation, please visit the website of the French Commission Nationale de l’Informatique et des Libertés at www.cnil.fr
2. What we use your information for:
Any personal data we collect from any website or by other means will be used in accordance with the Data Protection Act 1998 and General Data Protection Regulation.
The details we collect will beused as follows:
- If you are a prospective insured person we will use your personal data to consider an application to provide a quotation for an insurance policy, assess and evaluate risk, and, subject to applicable terms and conditions, provide you with a policy on the behalf of the insurer.
- To provide any related services such as policy administration in connection with any product you have purchased. In respect of claims handling services, the data will be used to assess the claim made and to evaluate the risk of fraud. We will also use personal data related to a claim to inform the renewal process and potentially future policy applications.
- To invite renewal of your policy, where applicable
- To contact you for marketing purposes but only where we have appropriate permissions to make contact.
- To analyse information in our various systems and databases to help improve the way we run our business and to provide a better service. To do this, we will use third party organisations for monitoring how customers use any website and issuing our e-mails for us. Please note where appropriate anonymised data fields will be used (particularly in relation to policy and claim information). In respect of Google analytics, the information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for evaluating your
use of the website, compiling reports on website activity for us and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.
3. Protecting your privacy:
Your personal data will only be used for the purposes detailed under section 2: Where you have provided your consent to the data being used in that way or the use of your personal data is to provide a service or provide a quotation in relation to an insurance policy or the use of your personal data is necessary to comply with any relevant legal or regulatory obligation.
Our use of your personal data is necessary to support 'legitimate interests' that we have as a business (for example, to improve our products, or to carry out analytics across our datasets), provided it is conducted always in a way that is proportionate, and that respects your privacy rights.
4. Who do we share your personal data with?
We work with third parties to help manage our business and deliver services. These third partiesmay, from time to time, need to have access to your personal data. In addition, access may also be required as follows:
- The Insurer of the policy and regulator and organisations working to prevent fraud in financial services may require access to your personal data. We require all of our service providers to respect the confidentiality and security of personal data.
- When providing a service in relation to a claim; loss adjusters and service providers for the repair and replacement of an item and third parties who help manage our IT and back office systems.
- We may be under legal or regulatory obligations to share your personal data with courts, regulators, law enforcement or in certain cases other insurers.
5. Direct marketing:
Where prior consent has been obtained from you we may use your personal data to send you direct marketing communications about insurance products or related services. This may be in the form of email, post, SMS, telephone or targeted online advertisements. Any marketing will be reasonable and proportionate. You have a right to prevent direct marketing of any form at any time. This right can be exercised by following the opt-out links in electronic communications, or by contacting us directly.
6. How long do we retain your information?
Your personal information will not be retained for longer than is necessary and will be managed in accordance with our data retention policy. In most cases the retention period will be for a period of seven years following the policy record expiry date or the date of claim notification.
7. Your rights:
You can ask us to amend or remove your personal data held by us. However, please note that we may need to keep some personal data for legal and regulatory purposes. You also have the right to request a copy of any personal information we hold about you. Please contact our Data Protection Officer below for any of these requests.
Data Protection Officer
SPB UK & Ireland
Telephone: 02392 836839
Where we have received your request for a copy of your personal information, we will respond within thirty days of receipt. We will not ask for a fee unless your request for access to information is excessive. In this instance the fee will be reasonable, and we will advise you of the fee due before completing your request. You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it 'ported' directly to another Data processor but in each case only where you have provided consent.
You can object to any processing of your personal data which has our 'legitimate interests' as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
You have the right to lodge a complaint with the Information Commissioner’s Office about our processing of your personal data. We ask that you please attempt to resolve any issues with us first, by contacting the Data Protection Officer at firstname.lastname@example.org.