LP Dawe are committed to protecting the privacy of our customers and their data. This Privacy Statement covers our information practices as a data controller and whose registered office is at;
22 Berkeley Vale
We take the protection of your privacy and the confidentiality of your personal information seriously and this Statement sets out how we meet our obligations regarding data protection and the rights of our customers and prospective customers (‘data subjects’) in respect of their personal data under the Data Protection Act 1998 (‘the DPA’), and the forthcoming General Data Protection Regulation (‘the Regulation’).
The Regulation defines “personal data” as any information relating to an identified or identifiable natural person (a data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
We are committed not only to the letter of the law, but also to the spirit of the law and places high importance on the correct, lawful, and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals with whom it deals.
2.SHARING YOUR DATA
As a Data Controller we are responsible for safeguarding your personal data. We do not sell, rent or trade our mailing lists, phone numbers or email addresses.
Under the General Data Protection Regulations, you have a number of rights, one of which is the right of access to see personal information about you that is held in our records, whether electronically or manually. Additionally, you have the right to ask us to correct information which is incorrect or to cease processing your data. If you have any queries, please write to the Partners at the address shown at the bottom of this page.
If you take out any insurance policies with us, the terms of this notice will also apply to anyone else insured under your policy. You should show this notice to anyone who comes into that category.
3. THE DATA PROTECTION PRINCIPLES
We comply with the Regulation which sets out the following principles with which any party handling personal data must comply. All personal data must be:
- Processed lawfully, fairly, and in a transparent manner in relation to the data subject;
- Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific, regulatory or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
- Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay;
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific, regulatory or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the Regulation in order to safeguard the rights and freedoms of the data subject;
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
4.HOW WE WILL COLLECT INFORMATION ABOUT YOU
We will only collect and process personal data for and to the extent necessary for the specific purpose(s) informed to you. The information obtained about you will be that which is supplied by you and your agents and representatives, as well as information: received from insurers and their agents; generally available such as online and from third party data processors; and searches that we undertake in relation to sanctions, money laundering, and credit checks.
This will include data that you input into our webpages, whether this is in relation to raising an enquiry with us, obtaining a quotation (even if this process is discontinued before being finished), or requesting documentation.
The information obtained could include;
Your name, contact details (including address and e-mail address, telephone number), date of birth, gender, marital status, financial details, details of occupants of your property, employment details and benefit coverage, and details of your visits to and usage of our website. We may also collect sensitive personal data about you such as criminal convictions or health information.
5.HOW WE WILL USE YOUR INFORMATION
The Data Controllers shall ensure that all personal data collected and processed is kept secure and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Your personal information will be used to enable us to fulfil our role in relation to your insurance cover and provision of any ancillary risk management services. This will be by:
- Assessing your circumstances and insurance needs;
- Presenting such details to insurers for the purpose of obtaining quotations and placing cover;
- Arranging premium finance arrangements;
- Contacting you about products and services available from LP Dawe which may be of interest to you;
- Processing claims;
- Undertaking checks to guard against fraud, money laundering, bribery and other illegal activities;
- Handling complaints
- Analysing data, identifying trends, and developing our business services.
To ensure that our processing of your data is lawful, such processing will only be undertaken if;
- You have given your consent; or
- It is necessary for the performance of a contract to which you are, or will be, a party; or
- Processing is necessary for compliance with a legal obligation to which we are subject; or
- Processing is necessary to protect your vital interests; or to perform a task carried out in the public interest or in the exercise of official authority vested in us; or
- Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your fundamental rights and freedoms which require protection of personal data, in particular where the data subject is a child.
We may also analyse your data, either in isolation or in connection with wider data groups, to reveal patterns, trends and associations, to assist us in making strategic business decisions.
6.DISCLOSURE OF YOUR PERSONAL INFORMATION
Where we use third parties to undertake functions on our behalf we will share relevant information with such third parties. This will include: insurers; premium finance providers; loss adjusters and loss assessors; incident management firms; professional advisors; other insurance brokers; agents and service providers/processors (e.g. risk managers, administrators, mailing/fulfilment houses).
Information may also be supplied to our internal auditors and professional regulatory bodies if required by them and to other parties if required or permitted by law.
It is our policy to retain documents and information about you, including insurances effected on your behalf, in electronic or paper format for a minimum of seven years or such longer period as appropriate having regard to when a claim or complaint may arise in connection with our processing of your information. The legal basis for this processing is that it is necessary for the protection of our legitimate interests. After seven years, these may be destroyed without notice to you. You should therefore retain all documentation issued to you.
We endeavour to take all reasonable steps to protect your personal information. However, we cannot guarantee the security of any data that you disclose online and we will not be responsible for any breach of security unless this is due to our negligence or wilful default.
You have the right to;
- information about how your data is processed,
- access the data we hold about you which will be provided to you within one month of your request, and is free of charge unless we reasonably believe that your request is manifestly unfounded or excessive,
- have incomplete or inaccurate data rectified,
- the deletion or removal of personal data where there is no compelling reason for us to continue to process it,
- restrict our processing of your personal data (although we will still be permitted to store it),
- data portability (since 25th May 2018 we will be obliged to provide your data in a format that allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability),
- object to our processing your data where we do so in connection with our legitimate interests, or in relation to our profiling your data or using it for marketing purposes.
If you would like to exercise any of your rights above you may do so by writing to us at the address at the beginning of this notice, or e-mailing us with specific details of your request at; firstname.lastname@example.org
8.TRANSFERRING PERSONAL DATA TO A COUNTRY OUTSIDE THE EEA
The Data Controllers may from time to time transfer (‘transfer’ includes making available remotely) personal data to countries outside of the EEA. This will take place only if one or more of the following applies;
- The transfer is to a country, territory, or one or more specific sectors in that country (or an international organisation), that the European Commission has determined ensures an adequate level of protection for personal data;
- The transfer is to a country (or international organisation) which provides appropriate safeguards ;
- The transfer is made with the informed consent of the relevant data subject(s);
- The transfer is necessary for the performance of a contract between the data subject and the Company (or for pre-contractual steps taken at the request of the data subject);
- The transfer is necessary for important public interest reasons;
- The transfer is necessary for the conduct of legal claims;
- The transfer is necessary to protect the vital interests of the data subject or other individuals where the data subject is physically or legally unable to give their consent; or
- The transfer is made from a register that, under UK or EU law, is intended to provide information to the public and which is open for access by the public in general or otherwise to those who are able to show a legitimate interest in accessing the register.
If you have a query regarding our Policy please contact us at:
22 Berkeley Vale