Data Protection Policy

1) Introduction

We need to collect and use certain information, for example personal data about our past, present and prospective customers, in order to carry on our business and meet customers requirements effectively.

To comply with the law, information must be used fairly, stored safely and not disclosed to any other person unlawfully. We recognise that the lawful and correct treatment of personal data is very important to successful operations and to maintaining our customers confidence.

2) The Data Protection Act Principles

Any personal data that we collect, record or use in anyway, whether it is held on paper, on fiche, on computer or other media will have appropiate safeguards applied to it to ensure that we comply with the Data Protection Act 1998 ("the Act"). To do this, we must adhere to the eight Data Protection principles that are set out in the Act. In summary, these principles state that personal data shall be:

  • obtained and processed fairly and lawfully and not processed unless certain conditions are met

  • processed for specific and lawful purpose and not in any manner incompatible with that purpose

  • adequate, relevant and not excessive for that purpose

  • accurate and kept up to date

  • not kept for longer than is necessary for that purpose

  • processed in accordance with the data subject’s rights

  • kept secure and safe from unauthorised access, accidental loss or destruction

  • not transferred to a country outside of the European Economic Area (EEA), unless that country has equivalent levels of protection for personal data.

Our purpose for holding personal data and a general description of the categories of people and organisations to whom we may disclose it are listed on the Data Protection Register. These details are publicly available from the Information Commissioner’s office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF (Tel 01625 545745, Fax 01625 524510) or via their website (www.ico.gov.uk).

3) Our commitment under the Act

In order to meet the requirements of the principles, we will:

  • observe the conditions regarding the fair collection and use of personal data

  • meet our obligations to specify the purpose for which personal data is used

  • collect and process appropriate personal data only to the extent that is needed to fulfil operational needs or to comply with any legal requirements

  • ensure the quality of personal data used

  • apply checks to determine the length of time personal data is held and securely destroy data and information which is no longer needed

  • ensure that the rights of individuals about whom personal data is held, can be fully exercised under the Act

  • strive to respond to all requests from individuals to access their personal data within the statutory timescales

  • take appropriate security measures to safeguard personal data

  • provide guidelines and training for employees and ensure, where appropriate, breaches of this policy are recorded in a Breach Register, dealt with under the Company’s disciplinary rules and changes to procedures are implemented accordingly

  • ensure that personal data is not transferred to any third party or to any destination outside the UK/EEA without suitable safeguards.

When we collect any personal data from you, we will inform you why we are collecting your data and what we intend to use it for. The nature of our business means we reserve the right to retain/maintain personal data about you, in order to meet the terms and conditions detailed within your policy documentation, over the long term. We will endeavour to ensure that the quality and accuracy of significant personal data is maintained over the duration it is held.

When we collect any sensitive personal data, we will take appropriate steps to ensure that we have explicit consent to hold, use and retain the information. Sensitive personal data is personal data about an individual’s racial or ethnic origin, gender, family details, political opinions, religious beliefs, trade union membership, physical or mental health, sexual orientation and details of the commission or alleged commission of any offence leading to court proceedings.

Because this information is considered sensitive, and it is recognised that the processing of it may cause concern or distress to individuals, customers will be asked to give express consent for us to process this information. Acceptance of new business will not be made if an individual refuses to consent to this, without good reason.

4) Complaince with the Act

We are the Data Controller under the Act, and are therefore ultimately responsible for compliance with the statutory legislative requirements. A Senior Manager is the appointed Data Protection Officer, responsible for overseeing implementation of our obligations under the Act. However, all staff are Data Controllers and will be held legally responsible for the safe day to day processing and handling of personal data.

5) Subject Access Requests

Under the Data Protection Act 1998 any individual can write to the Data Protection Officer to request a copy of the information we hold about them, known as the right of subject access. If we receive a Subject Access Request, we must send a copy of the information we hold on an individual, a description of why this information is processed, anyone it may be passed to, the logic involved in any automated decisions, and an explanation of any codes provided within 40 days from the date of receipt. Under the Act, however, individuals are not entitled to a copy of documentation containing personal data relating to them.

We reserve the right to charge the maximum fee payable as outlined in the Act for providing this information.

Our head office address to write to is LV= , Tilehouse Street, Hitchin, Hertfordshire SG5 2DX

We must follow special procedures if you request any medical reports that we have received from third parties, for example health professionals. The Data Protection (Subject Access Modification)(Health) Order 2000 requires that we obtain your GP’s consent before health records we have from third parties are released to you. It is our practice to send all health records to your GP so that he/she may decide whether to release them to you. Furthermore, we do not discuss any medical information with policyholders or third parties over the telephone. Under the terms of the Act, we charge a fee of £10 for a subject access request.

6) Marketing

We may record and monitor telephone calls for quality assurance, legal, regulatory and training purposes, to help improve customer service. Calls will be automatically recorded, therefore, if you do not wish for your call to be recorded please communicate with us in writing.