1. Our Approach
1.2 If you have any questions about this Policy, please contact us with an email to firstname.lastname@example.org
2. What Information Do We Collect?
2.1 We will collect personal data when you obtain a quote for one of our products of services, or in the course of providing you with one of our products of services. We will also collect personal data when you register with us or provide your information through our website. The types of information we collect may include:
- 2.1.1 Information you provide us in your insurance application, including names, addresses, date of birth or other information provided by you in your application for insurance;
- 2.1.2 Information you provide us to helpus carry out our obligations under any insurance contract in place between us and you;
- 2.1.3 Information you provide us through one of our customer portals;
2.2 We will use your personal data, and may share your personal data with other third parties acting on our behalf, for one or more of the following purposes:
- 2.2.1 To analyse your insurance needs;
- 2.2.2 To give you an estimate or provide you with a quote for one of our policies;
- 2.2.3 To administer or carry out our obligations under any insurance contract in place between us and you;
- 2.2.4 To assess and respond to acomplaint you might make relating to our products or services; and
- 2.2.5 To ensure the security of youraccount and our business, preventing or detecting fraud or abuses of ourwebsite, for example, by requesting verification information in order to resetyour account password.
3. Information for Marketing Purposes
3.1 We will not be using your personal data for marketing purposes.
4. Grounds for Processing
4.1 To process your data lawfully we need to rely on one or more valid legal grounds. Our primary legal ground is that we need the data to fulfill our contract with you or to take certain steps prior to entering our contract with you. However, there may be circumstances where we also rely on other valid legal grounds, such as:
- 4.1.1 your consent to particular processing activities.
- 4.1.2 our legitimate interests as a business (except where your interests or fundamental rights override these). For example, it is within our legitimate interests to use your data to prevent or detect fraud or abuses of our website; or
- 4.1.3 our compliance with a legal obligation to which OTT is subject. For example, we have a regulatory duty to investigate and respond to complaints made against us and may need to process your data as part of such investigation.
5. Disclosure of Your Information
5.1 There are circumstances where we may wish to disclose or are compelled to disclose your personal data to third parties. This will only take place in accordance with the applicable law and for the purposes listed above. These scenarios include disclosure:
- 5.1.1 to our outsourced service providers or suppliers to facilitate the provision of our services or products to our Users, for example, the disclosure to our data centre provider for the safe keeping of your personal data, web hosting provider through which your personal data may be collected, identity verification partners in order to verify your identity against public databases;
- 5.1.2 to third party service providers and consultants in order to protect the security or integrity of our business, including our databases and systems and for business continuity reasons;
- 5.1.3 to another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event. In the case of a merger or sale, your personal data will be permanently transferred to a successor company;
- 5.1.4 to legal advisors who may need to manage or litigate an insurance claim;
- 5.1.5 to public authorities where we are required by law to do so;
- 5.1.6 to any other third party where you have provided your consent; and
- 5.1.7 to our carriers and /or our reinsurers, to facilitate the provision of our services to you.
6. International Transfer of Personal Data
6.1 We may transfer your personal data to a third party in countries outside the UK for further processing in accordance with the purposes set out in this policy.In particular, your personal data may be transferred throughout OTT and to our outsourced service providers. In these circumstances we will, as required by applicable law, ensure that your privacy rights are adequately protected by appropriate technical, organisation, contractual or other lawful means. Please contact the data protection officer for a copy of the safeguards which we have put in place to protect your personal data and privacy rights in these circumstances.
7. Retention of Personal Data
7.1 If you are, or have previously been, a customer of ours then we may continue tohold and process your information for the purpose of continuing to carry outour obligations in connection with the insurance contract between us and you.We will continue to hold and process your information for the duration of theinsurance contract and for a reasonable period of time afterwards as requiredby law.
7.2 We may keep an anonymised form of your personal data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.
8. Data Subject Rights
8.1 Data protection law provides individuals with numerous rights, including the right to: access, rectify, erase, restrict, transport, and object to the processing of, their personal data. Individuals also have the right to lodge a complaint with the relevant data protection authority if they believe that their personal data is not being processed in accordance with applicable data protection law.
8.2 Right to make subject access request (SAR). Where we are processing your personal data as a data controller you may, where permitted by applicable law, request copies of your personal data. If you would like to make a SAR, i.e. a request for copies of the personal data we hold about you, you may do so by writing to the data protection officer whose contact details are above. The request should make clear that a SAR is being made. You may also be required to submit a proof of your identity and a fee.
8.3 Right to rectification. You may request that we rectify any inaccurate and/or complete any incomplete personal data.
8.4 Right to withdraw consent. You may, as permitted by applicable law, withdraw your consent to the processing of your personal data at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent. Please note that if you withdraw your consent, you may not be able to benefit certain service features for which the processing of your personal data is essential.
8.5 Right to object to processing. You may, as permitted by applicable law, request that we stop processing your personal data.
8.6 Right to erasure. You may request that we erase your personal data and we will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for keeping your personal data, such as a legal obligation that we have to comply with, or if retention is necessary for us to comply with our legal obligations.
8.7 Your right to lodge a complaint with the supervisory authority. We suggest that you contact us about any questions or if you have a complaint in relation to how we process your personal data. However, you do have the right to contact the relevant supervisory authority directly. To contact theInformation Commissioner's Office in the United Kingdom, please visit the ICO website for instructions.
9. Non-Personal Data
9.1 We collect and use the following types of non-personal information:
- 9.1.1 Internet Protocol (IP) addresses. When you visit our site, we log your IP address (the unique address which identifies your computer on the internet). We use IP addresses to collect broad geographic information on our site visitor, and to optimise our website. We do not link IPaddresses to personally identifiable information.
- 9.1.2 Cookies. Cookies are small text files that are placed on your computer by the websites you visit. They are widely used in order to make websites works, or work more efficiently, as well as to provide information to the owners of the site. You may delete and block all cookies from this website, but if you choose to do so parts of this site may not work.
- 9.1.3 Session Cookies. Sections of this website use 'session cookies' which help us to improve our website, assist with the navigation through certain parts of the website and deliver a better and more personalised service. Session cookie specifically enable us to keep track of your movement from page to page within the website so you don't get asked for the same information each time you navigate to a new page. They also allow us to recognise you so that any page changes.
10. Linked Websites