We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into, or have entered into with you
- Where it is necessary for our legitimate interests* (or those of a third party) and your interests and fundamental rights do not override those interests
*Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
- Where we have a legal or regulatory obligation to use your personal information, for example, when our regulators, the Prudential Regulatory Authority, (PRA), the Financial Conduct Authority (FCA) or the Information Commissioner's Office (ICO) ask us to maintain certain records of any dealings with you
- Where we need to use your personal information to establish, exercise or defend our legal rights, for example when we are faced with any legal claims, or where we want to make any claims ourselves
- Where we need to use your personal information for reasons of substantial public interest, such as investigating fraudulent claims and carrying out fraud, credit and anti-money laundering checks
- Where we have a specific legal exemption to process sensitive personal data for insurance purposes. This exemption applies where we need to process your health data
- Where we have an appropriate legitimate business need to use your personal information such as maintaining our business records, developing and improving our products and services, all whilst ensuring that this business need does not interfere with your rights and freedoms and does not cause you any harm
- Where we need to use your sensitive personal information such as health data because it is necessary for your vital interests, an example would be a life or death matter
Purposes for which we will use your personal data
We have set out below, in a table, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Please note, that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal grounds we are relying on to process your personal data where more than one ground has been set out in the table below.
Purpose/Activity
|
Type of data
|
Lawful basis for processing including basis of legitimate interest
|
---|
To register you as a new customer
|
(a) Identity
(b) Health
(c) Contact
|
(a) Performance of a contract with you
(b) Necessary for reasons of substantial public interest
|
To process and deliver your product including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
(c) paying claims to you
|
(a) Identity
(b) Health
(c) Contact
(d) Financial
(e) Transaction
(f) Marketing and Communications
|
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)
(c) Necessary for reasons of substantial public interest
|
To manage our relationship with you which will include:
(a) Notifying you about changes to our terms or privacy policy
(b) Asking you to leave a review or take a survey
|
(a) Identity
(b) Health
(c) Contact
(d) Profile
(e) Marketing and Communications
|
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
(d) Necessary for reasons of substantial public interest
|
To enable you to partake in a prize draw, competition or complete a survey
|
(a) Identity
(b) Health
(c) Contact
(d) Profile
(e) Usage
(f) Marketing and Communications
|
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
(c) Necessary for reasons of substantial public interest
|
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
|
(a) Identity
(b) Health
(c) Contact
(d) Technical
|
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
(c) Necessary for reasons of substantial public interest
|
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
|
(a) Identity
(b) Health
(c) Contact
(d) Profile
(e) Usage
(f) Marketing and Communications
(g) Technical
|
(a) Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
(b) Necessary for reasons of substantial public interest
|
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
|
(a) Technical
(b) Health
(c) Usage
|
(a) Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
(b) Necessary for reasons of substantial public interest
|
To make marketing suggestions and recommendations to you about goods or services that may be of interest to you
|
(a) Identity
(b) Health
(c) Contact
(d) Technical
(e) Usage
(f) Profile
|
(a) Consent, where the individual has given clear consent for us to process their personal data for a specific purpose
(b) Necessary for our legitimate interests (to develop our products/services and grow our business)
(c) Necessary for reasons of substantial public interest
|
Opting out
You can ask us to stop sending you marketing messages at any time by contacting us at [email protected].
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product purchase, product experience or other transactions.
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our cookie policy.
Automated decision-making and profiling
Automated individual decision making is a decision made by automated means without any human involvement. Automated individual decision-making does not have to involve profiling (automated processing of your information to help us evaluate certain things about you), although it often will do. Sometimes we may use automation and profiling to evaluate information about you, which will enable us to:
- Determine whether an application for a product is accepted by us
- Understand claiming behaviours and patterns
- Tailor our marketing material to your needs
- Tailor our pricing, products and services to provide you with a more efficient, consistent and fair customer experience
- Identify and investigate fraudulent activity
As best practice:
- We carry out a data protection impact assessment (DPIA) to consider and address the risks before we start any new automated decision-making or profiling
- We tell our customers about the profiling and automated decision-making we carry out, what information we use to create the profiles and where we get this information from
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.