Privacy Policy
Introduction
The privacy and security of your information is important to us. This notice explains who we are, the types of information we hold, how we use it, who we share it with and how long we keep it. We recognise our responsibility to treat your personal information with care and to comply with all relevant legislation, in particular the Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR) – the “legislation”. The terms used in this Notice are based on the Information Commissioner’s Office (ICO). You can find out more about the ICO here: https://ico.org.uk/.
Who are we?
Benefits Advisory Service LTD (BAS) is the “Data controller” of the information you provide us and is registered with the Information Commissioner’s Office for the products and services we provide to you. Registration number 913175 You can contact us for general data protection queries by email to enquiries@bas-eb.com or in writing to the Data Protection Officer, 9 Glasgow Road, Paisley, United Kingdom, PA1 3QS. Tel: +44 (0)121 – 752 – 9596, Please advise us of as much detail as possible to comply with your request.
How do we use your Personal Information?
We will use personal information to assess and provide the products or services that you have requested, arrange and administer your policy if you buy one through us, communicate with you, inform you about products or services that are closely related to those you already hold with us, to undertake statistical analysis and to comply with our legal obligations. From time to time we will need to call you for a variety of reasons relating to your products or service (for example, to update you on the progress of a claim or to discuss the renewal of your insurance contract).
Personal information includes your name, address, or phone number and other information that is not otherwise publicly available. We collect personal information about you when you contact us about products and services. The type of personal information we collect will depend on the purpose for which it is collected and includes: Contact details, your profile, information to verify your identity, family, lifestyle, health and financial information and payment details.
Some of the personal information we ask you to provide may be sensitive (special category) as defined in the legislation such as information about your medical history. We can collect such information for insurance purposes without your specific consent but it will only be used for the purpose of our service which is to provide advice on and arrange a contract of insurance which meets your demands and needs. Sensitive personal information will always be processed and stored securely. You can withdraw your consent at any time to us processing this data, however, this may mean that you can no longer access the service or product the information was gathered for. If you give us personal information about another person who is to be included on your policy, you should only do so if you have their consent. You should make this privacy policy available to any person who is included on your policy. If you give us information about another person, in doing so you confirm that they have given you permission to provide it to us and that we may use their personal data in the same way as your own as set out in this notice.
Legal Basis for processing your Personal Information
We are required to have a lawful basis (as defined) in order to process your personal data and the relevant bases which we use are show in the table below.
Purpose of processing | Lawful Basis |
---|---|
Providing quotations; arranging and administering insurance contracts | Necessary for the performance of an insurance contract |
Provision of information on products and services (Marketing) | Our legitimate interests or your explicit consent |
To notify you of changes in our service | Our Legal and Regulatory obligations |
To prevent and detect fraud, money laundering and other financial crimes | Our Legal and Regulatory obligations |
To meet general legal or regulatory obligations | Our Legal and Regulatory obligations |
Statistical analysis | Our legitimate interests (to refine and enhance the products and pricing which we can offer) |
How long do we keep your information for?
We will not keep your personal information than is necessary for the purpose for which it was provided and will be managed in accordance with our data retention policy. In most cases the period will be for a maximum of 7 years following the expiry of an insurance contract unless we are required to retain the data for a longer period due to business, legal or regulatory requirements.
Your data protection rights
You have the following rights in relation to our processing of your personal data: –
- The right to be informed about how we use your personal data (This Privacy Notice)
- The right to see a copy of the personal information we hold about you. (In most cases this will be free of charge)
- The right to have personal information rectified if inaccurate or incomplete.
- The right of erasure of your personal information where there is no compelling reason for its continued processing.
- The right to restrict processing in certain circumstances, e.g. if its accuracy is being contested.
- The right to data portability which, subject to certain conditions, allows you to obtain and reuse your personal data across different services.
- The right to object to certain processing including for the purposes of direct marketing.
- Rights to information in relation to automated decision making and profiling.
Complaints
If you are unhappy about the way we have handled your data or upheld your rights, you can complain to the Information Commissioner’s office at any time. Further details of your rights can be obtained by visiting the ICO website: https://ico.org.uk/your-data-matters/