PRIVACY NOTICE
Data Protection & Privacy Notice
At Wiispa Limited (“Wiispa”) (“we”, “us”, “our”), we regularly collect and use information which may identify individuals (“personal data”), including insured persons or claimants. We understand our responsibilities to handle your personal data with care, to keep it secure and to comply with applicable data protection laws.The purpose of this Privacy Notice is to provide a clear explanation of when, why and how we collect and use personal data.
We have designed it to be as user friendly as possible, and have labelled sections to make it easy for you to navigate to the information that may be most relevant to you and to allow you to click on a topic to find out more. Do read this Privacy Notice with care. It provides important information about how we use personal data and, where we hold your data, explains your legal rights.
This Privacy Notice is not intended to override the terms of any agreement or other contract which you have with us or any rights you might have available under applicable data protection laws.We may amend this Privacy Notice from time to time for example, to keep it up to date or to comply with legal requirements or changes in the way we operate our business. We will notify you about material changes by prominently posting a notice on our website. We encourage you to periodically check back and review this Privacy Notice so that you will always know what information we collect, how we use it, and with whom we share it.This version of the Privacy Notice was published on the 29 June 2022
1.Who does this Privacy Notice relate to?
This Privacy Notice relates to the following types of individuals, where we hold your personal information:
- Individuals who are clients, including prospective clients who have received an insurance quotation, former clients who have previously held an insurance policy arranged or administered by us, and client representatives, for example those with power of attorney;
- Representatives and contacts associated with prospective, current and former clients;
- Visitors to our websites;
- Individuals who contact us with a query, concern or complaint;
- Individuals named on insurance policies, such as named drivers, joint policy holders, or beneficiaries;
- Individuals who request information from us or permit us to contact them for marketing purposes;
2. Who is responsible for looking after your personal data?
Wiispa Limited incorporated and registered in England and Wales with the company number 14098853 whose registered office is at International House, 36-38 Cornhill, London, EC3V 3NG and is deemed authorised and regulated by the Financial Conduct Authority via its Authorised Representative Movo Partnership Limited (firm reference number 823503) – details are available on the Financial Conduct Authority’s website.
Wiispa will generally collect and process personal data in its capacity as a Data Controller however it may also provide services to clients or insurers in its capacity as a Data Processor, for example via the provision of a platform through which personal data is collected and processed. Where this is the case, we will process your personal information in line with our legal obligations and contractual commitments made to the entity acting as Data Controller.
3.WHAT personal data do we collect?
We collect your personal data and use it in different ways depending on your relationship with us, for example if you are a policyholder, related party or claimant, and how you have interacted with us. This can include information we receive from other third parties. Depending on your relationship with us, we may hold the following types of personal data about you
Some of our processes combine different sets of information we hold. This can include combining different data sets we have about you, or combining your information with that of other individuals.
- Identity and contact data: for example, your name, date of birth, postal address, telephone number and e-mail address.
- Claims data: for example, data relating to claims made via us, or your previous claims experience.
- Payment and account data: for example, your bank account details or brokerage fees.
- Location data: for example, your postal or IP address, the location of any insured property, and in the event of a claim, where the incident occurred.
- Correspondence data: for example, copies of letters and e-mails we send you or you send to us, and notes or call recordings of any telephone conversations.
- Internet data: for example, information collected by cookies and other online technologies such as Google Analytics, as you use our website or contact us by online methods.
- Information we obtain from other sources: for example from credit agencies, anti-fraud and other financial crime prevention agencies and other data providers. This can include demographic data and interest-based data.
- Complaint data: for example, what the complaint was, how we investigated it and how we resolved it, including any contact with the Financial Ombudsman Service or other third party adjudicator services.
Some of our processes combine different sets of information we hold. This can include combining different data sets we have about you, or combining your information with that of other individuals.
4.Special Category Data
Certain types of information are known as “special category data” under data protection law, and receive additional protection due to their sensitivity, for example information that reveals your health or medical conditions, criminal conviction history, race or ethnicity, your political views or your religious beliefs.We will only collect this information where we have a legal basis for doing so, and where it is strictly necessary, such as:
- When it is relevant to the type of insurance you are enquiring about, have purchased, previously held or that you have been named on;
- When it is relevant to a claim you have made or that someone else has made against you;
- Where it is relevant to a complaint or issue you have raised with us; and,
- To arrange alternate forms of correspondence for you, such as Braille, audio format or Touch-Type services.
5.What PURPOSES do we use your personal data for and what is our LEGAL BASIS?
We are required to establish a legal basis to use your personal data (please see Appendix 2 for further details). We use your information for the following lawful reasons:
6.Special Category Data
- To enter into or perform a contract: for example to provide you with an insurance quotation, to start, change or cancel an insurance policy, to administer the policy, to manage any claims which arise, to answer any queries you may have, action your requests or perform any debt recovery
- To comply with a legal obligation: for example the rules set by our regulator the FCA, to fulfil your data rights under data privacy laws, handle complaints about data privacy or our financial products and services, and to comply with other legal requirements such as preventing money laundering and other financial crimes
- For our legitimate business interests: for example to offer a renewal, detect and prevent fraud, for statistical analysis, to monitor and improve our business and our products and services, demonstrate compliance with applicable laws and regulations and some marketing activities. Where we rely on this lawful reason, we assess our business needs to ensure they are proportionate and do not affect your rights. In some instances, you also have the right to object to this kind of use. For more information on our legitimate interests, please refer to Appendix 2
- With your consent: for example if you consent to us contacting you for marketing purposes. You can withdraw your consent at any time, for more information please visit the “Your data rights” section of this Privacy Notice.
- To protect vital interests: in extreme or unusual circumstances, we may need to use your information to protect your life or the lives of others.
6.Special Category Data
The processing of special category data, such as health data, requires an additional legal basis to the grounds set out above. This additional legal basis will typically be:
- your explicit consent;
- the establishment, exercise or defence by us or third parties of legal claims; or
- a substantial public interest exemption provided under local laws of EU Member States and other countries implementing the General Data Protection Requirements (“GDPR”), such as where the processing is necessary for an insurance purpose, or to detect or prevent unlawful acts, or to prevent fraud
You may withdraw your consent to such processing at any time, however you should be aware that if you choose to do so we may be unable to continue to provide insurance services to you (and it may not be possible for the insurance cover to continue), or continue to support you in administering a claim. This may also mean that your policy will need to be cancelled. If you choose to withdraw your consent we will tell you more about the possible consequences, including that we may no longer be able to act as your broker of record or place or administer your policy and that you may have difficulties finding other cover. Further, we may not be able to support you in processing your claim.
7.Who do we SHARE your personal data with?
Where applicable, we share your personal data with the following types of third parties when we have a valid reason to do so:
7.International Transfers
- Other Insurers, intermediaries including but not limited to other Insurance Brokers, Insurers and Managing General Agencies who work with us to help manage the process and administer our policies,
- Service Providers who help manage our IT and back office systems, or who provide platforms and portals for administering policies and member details
- Our regulators, which may include Movo Partnernership Limited, the FCA and ICO, as well as other regulators and law enforcement agencies in the E.U. and around the world,
- Credit reference agencies, Premium Finance Providers, and organisations working to prevent fraud in financial services,
- Solicitors (who may be legal representatives for you, us or a third party claimant) and other professional services firms (including our auditors)
- Marketing fulfilment, webinar and customer satisfaction service providers, acting on our behalf in facilitating online events, providing marketing communications and capturing feedback from our customers on our service levels,
- Third Party Administrators, Loss Adjusters and Claims Experts who work with us to help manage the claims process,
- Potential purchasers of our businesses.
7.International Transfers
For business purposes, to help prevent/detect crime or where required by Law or Regulation, we may need to transfer, or allow access to, your personal data to parties based overseas. These parties include brokers, insurers, re-insurers, service providers, other the Wiispa Limited & law enforcement agencies. Where we do this, we will ensure that your information is transferred in accordance with the applicable Data Protection requirements. If the Data Protection laws of the country where we transfer your data are not recognised as being equivalent to those in the UK, we will ensure that the recipient enters into a formal legal agreement that reflects the standards required. You have the right to ask us for more information about the safeguards we have put in place as mentioned above. Contact us as set out in Section 8 of this Privacy Notice if you would like further information or to request a copy where the safeguard is documented (which may be redacted to ensure confidentiality).
8.How long do we keep your personal data?
We will retain your personal data for as long as is reasonably necessary for the purposes listed in Section 3 of this Privacy Notice. In most cases this will be for seven (7) years following the end of our relationship with you however, in some circumstances we may retain your personal data for longer periods of time, for instance;
- Where we are required to do so in accordance with legal, regulatory, tax or accounting requirements;
- So that we have an accurate record of your dealings with us in the event of any complaints or challenges;
- If we reasonably believe there is a prospect of litigation relating to your personal data or dealings.
9.What are your rights?
Data protection law gives you rights relating to your personal data. This section gives you an overview of these and how they relate to the information you give us. The UK supervisory authority for data rights, the Information Commissioner’s Office (ICO), has also published detailed information about your rights on their website: www.ico.org.uk
- Your right of access
- Your right to rectification
- Your right to erasure (the right to “be forgotten”)
- Your right to restrict processing
- Your right to object to direct marketing
- Your right to object to automated decision-making
- Your right to challenge our legitimate interests
- Your right to object to the use of your information for statistical purposes
- Your right to data portability
- We take the confidentiality of all records containing personal data seriously, and reserve the right to ask you for proof of your identity if you make a request.
- We will not ask for a fee to exercise any of your rights in relation to your personal data, unless your request for access to information is unfounded, repetitive or excessive, in which case we will charge a reasonable amount in the circumstances. We will let you know of any charges before completing your request.
- We aim to respond to any valid requests within one month unless it is particularly complicated or you have made several requests, in which case we aim to respond within three months. We will let you know if we are going to take longer than one month. We might ask you if you can help by telling us what exactly you want to receive or are concerned about. This will help us to action your request more quickly.
- Local laws, including in the UK, provide for additional exemptions, in particular to the right of access, whereby personal data can be withheld from you in certain circumstances, for example where it is subject to legal privilege.
- Third Party Rights. We do not have to comply with a request where it would adversely affect the rights and freedoms of other data subjects.
- Your right to complain
10.How you can contact us
We take data privacy seriously and your opinion matters to us. The primary point of contact for all issues arising from this Privacy Notice, including requests to exercise data subject rights, is our Data Protection OfficerWiispa’s Data Protection Officer is Thomas Baker, who can be contacted in the following ways:By e-mail: Thomas.Baker@wiispa.comBy post: Thomas Baker, Director of Wiispa Limited, International House, 36-38 Cornhill, London, United Kingdom, EC3V 3NG.
Appendix 1 – CATEGORIES OF PERSONAL DATA
INFORMATION TYPE | DETAILS OF INFORMATION THAT WE TYPICALLY CAPTURE | ||
Contact Details | Name, address, telephone number, email address. | ||
Policy Information | Policy number, relationship to the policyholder, details of policy including insured amount, exceptions etc., previous claims, voice recordings | ||
Personal Risk Information | Gender, date of birth, claims history and special categories of Data including:
|
||
Financial Information | Bank account details (where you are the payer of the policy premium) | ||
Marketing | Name, email address, interests / marketing list assignments, record of permissions or marketing objections, website data (including online account details, IP address), company name, company address, phone number and job title | ||
Policy Information (excluding third party claimants) | Policy number, relationship to the policyholder/Insured Person, details of policy including insured amount, exceptions etc., previous claims, voice recordings | ||
Claim Details | Details of incident giving rise to claim, including:
|
||
Financial Information | Bank account details used for payment | ||
Anti-fraud Data | Address, history of fraudulent claims, details of incident giving rise to claim including:
|
||
Activity | The basis on which we use the information |
Insured Person | |
Set up a record on our systems |
|
Carry out background, sanction, fraud and credit checks |
|
Assess risk and provide information in order to place policy |
|
Manage renewals |
|
Provide client care and support |
|
Receive premiums and payments |
|
Marketing |
|
Comply with legal and regulatory obligations |
|
Claimant | |
Receive notification of claim |
|
Assess claim |
|
Monitor and detect fraud |
|
Settle claim |
|
Comply with legal and regulatory obligations |
|