Please take time to read this carefully as it contains details of the basis on which we will process (collect, use, share, transfer) and store your information. You should show this notice to all parties related to this insurance arrangement. If you have given us information about someone else you are deemed to have their permission to do so.
If you have any questions or need further information you can e-mail email@example.com or write to our Compliance Department at 29 Waterloo Road, Wolverhampton, West Midlands, WV1 4DJ.
We, Residentsline Limited, as an insurance intermediary with whom you may have arranged your insurance, will at all times treat all personally identifiable information strictly in accordance with The General Data Protection Regulations (GDPR) with effect from 25th May 2018.
We will ensure data is processed lawfully, fairly and in an open and transparent manner. We will ensure appropriate security measures are in place against unauthorised or unlawful processing, accidental loss and destruction or damage using appropriate technical or organisational measures (e.g. restricting access of key people within our organisation to certain aspects of your information as well as periodically checking the level of security we apply to prevent unauthorised use, accidental loss, or misuse of your information).
The contractual arrangements we have in place with our suppliers (e.g. insurance companies, our client database software provider and similar providers of services to us, including other third-party companies who use our services) are governed by, and shall be deemed to operate, strictly in accordance with the terms of such contracts. Importantly, from your perspective, these contracts set out to define how data will be processed between us, including circumstances in which we act as a processor or controller (as is required by the GDPR).
When acting as a controller of your data, we will, in certain circumstances, determine the purposes and means of processing your data. In particular, this will include the data processed by us as an agent of an insurer operating underwriting facilities, as well as third parties who use the services of Residentsline Limited.
When we collect information about individuals, we may collect personal data. This could include a variety of information about an individual, for example: their name, address of residence, communication and contact details and other personal information such as their date of birth. Where relevant to do so, we may also collect information relating to an individual indirectly by reference to an identifier (e.g. an IP address, which is a unique number identifying your computer, laptop or similar portable device).
Where required and appropriate to do so, we will also collect more sensitive personal information (e.g. details about an individual’s motoring or criminal convictions, details of health, credit worthiness and other similarly sensitive information).
In certain circumstances (e.g. when an Insurance Company or similar provider of services requires us to do so) we will collect information from a variety of different sources. This may include information from publicly available sources such as social media and networking sites as well as third party databases generally available to the financial services sector and the wider commerce and industry including: MGA’s, Lloyd’s of London, claims management firms, loss adjusters and/or other suppliers appointed in the process of handling a claim or credit reference and similar agencies. This may include information about you regarding your past insurance policies and arrangements.
We will use information, including sensitive information, about individuals and other parties related to Residentsline Limited’s insurance activities. This is necessary for:
In certain circumstances (e.g. when a quotation is requested, when changes are made to an existing policy or at each renewal of an insurance arrangement), any or all of our group companies’ assessment may involve an automated decision to determine whether we are able to provide an insurance arrangement. Individuals can object to us using an automated decision (see ‘Individual Rights’).
However, please be aware that objection to the use of an automated decision may prevent us from being able to provide you with insurance.
When processing personal data for profiling purposes we will use appropriate safeguards in order to ensure that:
We will also use your information when there is a justifiable reason for doing so, such as compliance with legal obligation. This is necessary for the prevention and detection of fraud and financial crime which may include processes which profile you and for the recording and monitoring of telephone calls for auditing reasons.
We will share information, including sensitive information, about you and other parties related to this insurance, as this is necessary for:
This includes sharing your information with carefully selected third parties providing a service to us or on our behalf. These include the insurance companies with whom we deal (you can write to our Compliance Department should you wish to view a list of all the insurance companies with whom we have arrangements), and/or our finance provider, Premium Credit Limited (our selected finance provider governed by consumer credit legislation).
Unless required to do so by law, or for other similar reasons other than those outlined (see ‘Sharing your information’), we will never share personal information without good reason and without ensuring the appropriate care and necessary safeguards are in place. We will, in any other event, ask for your consent to share that information and explain the reasons.
We will only keep and/or maintain information about an individual for as long as is necessary in providing our products and services or for compliance with a legal or regulatory obligation, including our legitimate interests or those of a controller (e.g. Residentsline Limited when acting as an agent of insurer for a placement facility).
This means we will only keep information that is necessary for us to sufficiently deal with administrative issues, queries, claims and/or for compliance with legal reasons. Usually, we will keep information for a minimum retention period of 7 years and/or a maximum period of 40 years after cessation of a product or service we have provided.
However, we will keep information for much shorter periods if that information related merely to a quotation which did not then result in a contract of insurance being arranged. In these circumstances we will keep information for a minimum retention period of 12 months and/or maximum period of 18 months, unless such information becomes manifestly out-of-date, in which case we may keep quotation information for shorter periods.
In any event, all information shall be stored in strict compliance with the GDPR legislation at all times. Using appropriate technical or organisational measures we will regularly:
In carrying out our duties as data controller and data processor we will collect sensitive information about you and other parties related to this insurance. This is necessary for:
Sensitive data includes information such as:
We will always apply additional organisational and technical measures for this category of data, including restrictions to access this data (meaning additional layers of security are added to prevent misuse and protect personally identifiable information).
We will never knowingly transfer, store, or process information about you or an individual outside the European Economic Area (EEA). In any event, if we are compelled to transfer your information outside the EEA (e.g. as part of an insurance arrangement with an insurance company outside the EEA or part of a larger group of companies who pass information outside the EEA) then it shall be in compliance with the conditions for transfer set out in the GDPR and/or restricted to a country considered to have adequate data protection laws. All reasonable steps shall typically have been undertaken to ensure the firm to which information is being transferred has suitable standards in place to protect such information.
When you visit any of our group of companies’ websites, you will be asked to accept a cookie. This is a small file of letters and numbers that is downloaded on to your computer. This will be clearly explained to you when you visit the website and you will typically have to accept the cookie to benefit from the services the website can offer.
Cookies are operated in strict accordance with Privacy and Electronic Communications Regulations 2011 (PECR) and are widely used by many websites and primarily enable the website to remember an individual’s preferences, recording information the individual may have entered into the web pages.
These same rules also apply if any individual uses any other type of technology to gain access to information stored electronically by us (e.g. a quote facility or app using a smartphone or similar portable device).
Individuals have a number of rights relating to the information we hold; these rights include, but are not limited to, the ability to:
Individuals can request a copy of the personally identifiable information we hold by contacting us about them, including the right to have such information in a portable form (this is known as the ‘right to data portability’). We will normally provide the information free of charge, although charges may apply where information requests are excessive. We will also provide that information in a format that is easily accessible, such as a CSV format, to ensure information can be exchanged easily with other organisations.
If you would like further information or wish to make a Subject Access Request (SAR) you can e-mail firstname.lastname@example.org or write to our Compliance Department at 29 Waterloo Road, Wolverhampton, West Midlands, WV1 4DJ.
When marketing to you as an individual (including individual sole traders and partnerships) we will either rely on the permission we have (if we are able to do so) or we will ask for your permission (consent) to contact you. This may include contacting you by phone, e-mail, push notifications, SMS text or post in order to give you information about:
We will typically ask for permission when you first contact us (usually through, but not limited to, our websites) however, you will maintain the right to easily withdraw such consent whenever you wish through unsubscribing.
We will regularly review any such consent to check that your relationship with us and any processing including the purposes have not changed.
In all situations where we market to a business we will observe both the market standards and the rules and guidelines of the Privacy and Electronic Communication Regulations (PECR).
We have in place such a process to ensure we refresh your consent at appropriate intervals including any parental or third-party consents (where relied upon) and act on withdrawals of consent as soon as we can. We will not penalise you if you choose to give and later decide to withdraw your consent.
Personal information we hold may be converted into statistical or aggregated data (this is data which cannot be traced back to an individual) to produce or undertake statistical or analytical research and development work which may be shared with our group companies, for example, our underwriting services. This will enable us to provide suitable insurance arrangements to the insurance market now and in the future.
We may continue using any personally identifiable information we hold, specifically relating to an individual’s past insurance arrangements or policies after cessation of any insurance arrangement with us for further processing (e.g. research and analysis).
Residentsline Limited operates under a number of trading names including:
For more information about Residentsline Limited please visit www.residentsline.co.uk