This Privacy Notice will help you understand the types of personal data we may collect about you when you communicate with us. This notice will also explain how and where we store that data, how we protect it and how we may use it.
We want you to be aware of your rights and how we use your data. We may update this Privacy Notice from time to time and we will notify you of any significant changes, but please feel free to return to this page and check it whenever you wish.
2. Who are Click2protect UK Limited?
Click2protect UK Limited is a privately owned insurance intermediary. We own the website www.car2cover.co.uk. Our website offers a range of specialist supplementary motor insurance products that each have a limited time in which they are available to purchase.
3. Explaining the legal bases we rely on
Data protection legislation sets out a number of different reasons for which a company may collect and use your personal data, including;
We may collect and use your data with your consent. For example, this would enable us to send you a quotation by email and send timely and occasional reminders about the limited time you have remaining to purchase the insurance.
In certain circumstances, we need your personal data to comply with our obligations to you when you become a policyholder. For example, we will store information you provided us about you, your vehicle and we will maintain records about the insurance we arranged for you. Without this information we would not be able to provide access to your insurance documents or provide any assistance with insurance or claims enquiries.
We may be called upon and required by law to pass data to authorities in cases of fraud or criminal activity.
A legitimate interest could include letting you know about a product or service we think might be of interest or helpful to you – based on the limited data we will hold about you.
Any offer would be relevant to the product you have purchased from us and the use of your data in this activity would not materially impact your rights, freedom or interests.
4. When do we collect your personal data?
- When you visit our website and choose to have a quotation emailed to you,
- When you visit the Contact Us section of our website to ask a question or request
- When you call us to ask a question or request help,
- When you email us to ask a question or request help,
- When you engage with us on social media,
- When you choose to purchase an insurance product with us online or by telephone,
5. What personal data do we collect?
When you request an emailed quotation upon our website, we will collect your first and last name, your email address, the price you are paying for your vehicle, the period of cover you require and the type of cover you have expressed an interest in.
When you call us, email us or engage with us on social media, we will collect your first and last name, your email address and information about the nature of your enquiry and may later refer to it if you contact us again.
When you purchase cover online or by telephone, we will only collect the information we need to enable us to arrange and administer your insurance policy. This data is, your first and last name, your date of birth, full postal address including postcode, daytime telephone number and email address. We will also collect information about your vehicle including, the make, model, model type, body type, engine cc, fuel type, transmission, date of first registration, date of delivery, purchase price, and method of payment (cash or finance).
Our systems provide us with a record of the time and date of each email we send and in some cases, the time and date you open them and how many times you subsequently open them again – including the time and date of the last occasion. We achieve this with the use of a cookie embedded within the email.
Inbound and outbound telephone calls are recorded for compliance, training and dispute handling purposes. We do not record that part of the call where credit or debit card details are provided by you.
We will make notes of any relevant parts of voice or email conversations we have had with you. This helps us provide a better experience whenever you contact us.
We retain marriage or death certificates provided by you to enable us to change your name or transfer or cancel cover for the deceased.
6. How and why we use your personal data?
We want to provide you with the best possible customer experience. The limited personal data we hold about you helps us to achieve that goal.
Based on what we know about you, we may use your data to offer highly relevant products and services that are most likely to interest you.
The data privacy law allows this as part of our legitimate interest in providing the highest levels of service and most relevant products and services.
7. How we protect your personal data
We understand the importance of data security. With this in mind, we will treat your data with the utmost care and take all appropriate steps to protect it.
We secure access to all transactional and account areas of our website using ‘https’ technology. Access to your online personal data is ‘account holder password-protected’. We do not collect or store sensitive data such as payment card information. Card payment transactions are collected by Secure Trading. When you make a payment to us online or by telephone, your card details are entered into the Secure Trading payment website. The Secure Trading payment gateway encrypts all credit and debit card data to ensure it cannot be read by anybody else.
We regularly monitor our system for possible vulnerabilities and attacks, and continually seek ways to further strengthen security.
8. How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Some examples of customer data retention periods:
Insurance policy purchases
When you purchase insurance, we’ll keep the personal data you give us for the period of insurance plus six years, so we can comply with our legal and contractual obligations.
If you’ve not used your account for more than six years, it will be flagged as inactive and we’ll contact you to ask whether you want to keep it open. Unless you reply to say ‘yes’, we’ll close the account and delete or anonymise the personal data associated with it.
Personal data we collect during your enquiries and engagement with us will remain live for a period of 180 days before being flagged as ‘Archived’.
Archived enquiry data
When your original enquiry data becomes ‘archived’ your data will no longer be used in any marketing activity, including promotional offers and discount notifications.
Archived data will remain on file for a further period of 12 months before we delete or anonymise it for statistical purposes This period will allow you and us the opportunity to use that data including original notes – should wish to later re-visit the original enquiry.
This data will include our copies of the quotations you obtained from us or our website and telephone and email conversation notes.
9. Who do we share your personal data with?
We only share your personal data with third parties who are involved in the arrangement, administration, underwriting, payment of and claim handling of your insurance.
Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
- We provide only the information they need to perform their specific function,
- They may only use your data for the exact purposes we specify in our contract with them,
- We work closely with them to ensure that your privacy is respected and protected at all times.
Examples of the kind of third parties we work with are:
- IT companies who support our website and other business systems,
- Google/Facebook to show you products that might interest you while you’re browsing the internet or using search facilities.
This is based on either your marketing consent or your acceptance of cookies on our websites. See our Cookies Notice for details.
Sharing your data with third parties for their own purposes:
We will only do this in very specific circumstances, for example
- With your consent, we may pass your personal data to a third party for direct marketing of tailored and relevant products on our behalf,
- For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems.
This may include sharing data about individuals with law enforcement bodies.
- We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body,
in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the
privacy of our customers into consideration.
- For further information please contact our Data Protection Officer. We currently use the following companies who will process your personal
data as part of their contracts and agreements and in the role of their contractual obligations to you and us;
- Genesis Special Risks – (agent for UK General Insurance)
- UK General Insurance – (agent and underwriting provider for Great Lakes Insurance SE)
- Great Lakes Insurance SE – (ultimate underwriting insurer)
- MB&G Insurance – (appointed claims agent for Great Lakes Insurance SE)
- Secure Trading Limited – (card payment processing gateway)
- PayPal – (card payment processing gateway)
- Google – (internet search engine used by us to display advertisements to match your search criteria)
10. Where your personal data may be processed
Your data is only shared with the above listed participants in your insurance contract,
being primarily UK based and always within the EEA.
Protecting your data outside the EEA
We do not process your data outside the EEA
Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.
11. What are your rights over your personal data?
An overview of your different rights
You have the right to request:
- Access to the personal data we hold about you, free of charge in most cases.
- The correction of your personal data when incorrect, out of date or incomplete.
- That we stop using your personal data for direct marketing (either through specific channels, or all channels).
- That we stop any consent-based processing of your personal data after you withdraw that consent.
- Review by our Data Controller of any decision made based solely on automatic processing of your data (i.e. where no human has yet reviewed the outcome and criteria for the decision).
You can contact us to request to exercise these rights at any time as follows:
To ask for your information please contact; The Data Controller, Click2protect UK Limited, 3rd and 4th Floors, Gainsborough House, Sheering Lower Road, Sawbridgeworth, CM21 9RG or email email@example.com. To ask for your information to be amended please update your online account or contact our customer services team.
If we choose not to action your request we will explain to you the reasons for our refusal.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.
We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
12. How can you stop the use of your personal data for direct marketing?
There are several ways you can stop direct marketing communications from us:
- Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails,
- If you have an account, log in and visit the ‘My Account’ area and change your preferences,
- Write to; Click2protect UK Limited, 3rd and 4th Floors, Gainsborough House, Sheering Lower Road, Sawbridgeworth, CM21 9RG.
- Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
13. Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113.
Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can’t be responsible for the content of external websites)
14. Any questions?
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.
If you have any questions that haven’t been covered, please contact our Data Protection Officer who will be pleased to help you:
Email us on firstname.lastname@example.org
Or write to us at;
Data Protection Officer
Click2protect UK Limited
3rd and 4th Floors
Sheering Lower Road