When we refer to “we”, “us” and “our” in this notice it means Renovation Underwriting Ltd. When we say, “individuals” in this notice, we mean anyone whose personal information we may collect, including:
anyone seeking an insurance quote from us or whose details are provided during the quotation process
policyholders and anyone named on or covered by the policy
anyone who may benefit from or be directly involved in the policy or a claim, including claimants and witnesses.
HOW WE USE PERSONAL INFORMATION
We use personal information in the following ways:
to provide quotes, administer policies and policyholder claims to fulfil our contract
to administer third party claims and prevent financial crime to meet our legal obligations
to manage our business and conduct market research to meet the legitimate needs of our business
to send marketing information about our products and services if we have received specific consent.
There is no obligation to provide us with personal information, but we cannot provide our products and services without it. Anyone whose personal information we hold has the right to object to us using it. They can do this at any time by telling us and we will consider the request and either stop using their personal information or explain why we are not able to. Further details can be found below.
AUTOMATED DECISION MAKING, INCLUDING PROFILING
We may use automated decision making, including profiling, to assess insurance risks and administer policies. This helps us decide whether to offer insurance, determine prices and validate claims.
We collect the following types of personal information so we can complete the activities in section 2, “How we use personal information”:
basic personal details such as name, age, address and gender
family, lifestyle and social circumstances, such as marital status, dependants and employment type
financial details such as direct debit or payment card information
photographs and/or video to help us manage policies and assess claims
tracking and location information if it is relevant to the insurance policy or claim
identification checks and background insurance risk details including previous claims information
medical information if it is relevant to the insurance policy or claim
criminal convictions if it is relevant to the insurance policy or claim
accessibility details if we need to make reasonable adjustments to help
business activities such as goods and services offered.
WHERE WE COLLECT PERSONAL INFORMATION
Direct from individuals, their representatives or information they have made public, for example, on social media.
From other persons or organisations, for example:
credit reference and/or fraud prevention agencies
emergency services, law enforcement agencies, medical and legal practices
insurance industry registers and databases used to detect and prevent insurance fraud, for example, the Motor Insurance Database (MID), the Motor Insurers Anti-Fraud and Theft Register (MIAFTR) and the Claims and Underwriting Exchange (CUE)
insurance investigators and claim service providers
other insurers or service providers who underwrite the insurance or provide the services for our products
other involved parties, for example, claimants or witnesses. Restoration and Renovation – Construction Insurance Policy
SHARING PERSONAL INFORMATION
We may share personal information with:
credit reference, fraud prevention and other agencies that carry out certain activities on our behalf, for example, the Motor Insurance Database (MID), the Insurance Fraud Bureau (IFB) and marketing agencies if agreed
our approved suppliers to help deal with claims or provide our benefit services, for example, vehicle repairers, legal advisors and loss adjusters
other insurers, third party underwriters, reinsurers, insurance intermediaries, regulators, law enforcement and the Financial Ombudsman Service (FOS); and other companies that provide services to us or you, for example, the Employers Liability Tracing Office (ELTO) and the Claims and Underwriting Exchange (CUE)
prospective buyers in the event that we wish to sell all or part of our business.
TRANSFERRING PERSONAL INFORMATION OUTSIDE THE UK
We do not store information on servers located outside of the UK, but we may pass your information to entities who do. We will ensure that, if those organisations use servers located outside of the UK (for example, within the European Union), that those servers are protected by laws equivalent to those in the UK.
HOW LONG WE KEEP PERSONAL INFORMATION
We keep information only for as long as we need it to administer the policy, manage our business or as required by law or contract.
KNOW YOUR RIGHTS
Any individual whose personal information we hold has the right to:
object to us processing it. We will either agree to stop processing or explain why we are unable to (the right to object)
ask for a copy of their personal information we hold, subject to certain exemptions (a data subject access request)
ask us to update or correct their personal information to ensure its accuracy (the right of rectification)
ask us to delete their personal information from our records if it is no longer needed for the original purpose (the right to be forgotten)
ask us to restrict the processing of their personal information in certain circumstances (the right of restriction)
ask for a copy of their personal information, so it can be used for their own purposes (the right to data portability)
complain if they feel their personal information has been mishandled. We encourage individuals to come to us in the first instance but they are entitled to complain directly to the Information Commissioner’s Office (ICO)
ask us, at any time, to stop processing their personal information, if the processing is based only on individual consent (the right to withdraw consent).
Anyone wishing to exercise these rights should contact us at:
Address: Renovation Underwriting Ltd, 17 Church Walk, St Neots, Cambs PE19 1JH
A data breach is a leaking of data which is ‘likely to result in a risk to the rights and freedoms of individuals’.
All breaches and leaks should be reported to Matthew Dover who, in conjunction with the reporter and if necessary, Douglas Brown, determine whether it constitutes a reportable data breach or not. In the event that the breach is deemed reportable, it will be recorded internally, and a notification of the breach sent to the ICO within the proscribed timescales.
Where the breach cannot be immediately resolved, RUL will take steps to ensure that all parties affected by the breach are notified promptly.
Where a breach is deemed non-reportable, it should still be recorded internally.
DATA ACCESS & CUSTOMER REQUESTS
Requests from our customers to access, amend or delete their data shall be dealt with promptly, and at no charge to the individual or entity making the request. Any such requests should be reported to Matthew Dover, who will determine the validity of the request, and who will liaise with the requestor.
In as far as it is possible and practicable, all data provided as a result of a data access request will be provided in a standardised and transferrable medium, for example, an Excel Spreadsheet.
DATA RETENTION & DESTRUCTION
RUL retain data using a combination of cloud and hard-drive storage. In the case of hard drive storage, data is backed up every day.
Except where required by law (for example, in the case of policy information relating to Employers Liability), inactive data is stored for a period of 6 years in archive, at which point, it is permanently deleted.
CHANGES TO OUR FAIR PROCESSING NOTICE
Occasionally it may be necessary to make changes to this fair processing notice. When that happens we will provide an updated version at the earliest opportunity.
CONSENT FOR SPECIAL CATEGORIES OF PERSONAL DATA
We may need to collect and process data relating to individuals who may benefit from the policy (“Insured Persons”), which falls within the special categories of personal data under Data Protection Legislation, for example, medical history or convictions of Insured Persons for the purpose of evaluating the risk and/or administering claims which may occur. We must seek your explicit verbal or written consent for such information to be collected and processed.