InEvexco Limited Privacy Policy
1. Introduction
This privacy policy sets out how InEvexco Limited (a wholly owned subsidiary of AssuredPartners Holdings Limited) uses and protects any information we receive from you and explains the circumstances in which we may transfer this to others.
InEvexco Ltd includes our trading names Professional Beauty Direct and Hairdressers Journal Direct. We are committed to ensuring your privacy and personal information is protected. Where we ask you to provide certain information by which you can be identified, you can be assured that it will only be used in accordance with this privacy policy. This Privacy Policy should be brought to the attention of any party who is included in your Policy, where they have given, you consent to act on their behalf.
This privacy policy is subject to change at any time. This current version of the policy is effective from 25th January 2024. If we make changes to this privacy policy, we will update the date it was last changed. Where we have an engagement with you, we will notify you of any changes we make. The revised privacy policy will also be updated on our website.
In this notice there are terms in bold with specific meanings. Those meanings can be found in the Glossary.
2. The Personal data We May Collect About You
Insurance is the pooling and sharing of risk in order to provide protection against a possible eventuality. In order to do this, information, including your personal data, needs to be shared between different insurance market participants.
The insurance market is committed to safeguarding that information.
In order for us to provide insurance quotes, insurance policies, and/or deal with any claims or complaints, we need to collect and process personal data about you. The types of personal data that are processed may include:
2.1. Individual details
Name, address (including proof of address), other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and employment history, and family details, including their relationship to you.
2.2. Identification details
Identification numbers issued by government bodies or agencies, including your national
insurance number, passport number, tax identification number and driving licence number.
2.3. Financial information
Bank account, income or other financial information.
2.4. Risk details
Information about you which we need to collect in order to assess the risk to be insured and provide a quote. This may include data relating to your health, criminal convictions, or other special categories of personal data.
2.5. Policy information
Information about the quotes you receive and policies you take out.
2.6. Credit and anti-fraud data
Credit history, credit score, sanctions and criminal offences, and information received from various anti-fraud databases relating to you.
2.7. Previous and current claims
Information about previous and current claims, (including other unrelated insurances), which may include data relating to your health, criminal convictions, or other special categories of personal data and in some cases, surveillance reports.
2.8. Special categories of personal data
Certain categories of personal data which have additional protection under the GDPR. The categories are health, criminal convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric, or data concerning sex life or sexual orientation.
3. Where We Might Collect Your Personal data From
We might collect your personal data from various sources, including:
• you;
• your family members, employer or representative;
• other insurance market participants;
• credit reference agencies;
• anti-fraud databases, sanctions lists, court judgements and other databases;
• government agencies such as the DVLA and HMRC;
• open electoral register; or
• in the event of a claim, third parties including the other party to the claim (claimant / defendant), witnesses, experts (including medical experts), loss adjustors, solicitors, and claims handlers.
Which of the above sources apply will depend on your particular circumstances.
4. The Legal Grounds We Rely On
4.1. For the Processing of personal data
a) Performance of our contract with you
Processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract.
b) Compliance with a legal obligation
Processing is necessary for compliance with a legal obligation to which we are subject.
c) Legitimate Interest
Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where you are a child.
d) Substantial Public Interest
Processing is necessary for the performance if a task carried out in the public interest.
4.2. For processing special categories of personal data
a) Consent
In order to provide insurance cover and deal with insurance claims in certain circumstances insurance market participants may need to process your special categories of personal data, such as medical and criminal convictions records, as set out against the relevant purpose.
Your consent to this processing may be necessary for the insurance market participant to achieve this.
You may withdraw your consent to such processing at any time. However, if you withdraw your consent this will impact our ability to provide insurance or pay claims.
b) Legal claims
Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
5. Identities of Data controllers and Data protection contacts
5.1. The insurance lifecycle involves the sharing of your personal data between insurance market participants, some of which you will not have direct contact with. In addition, your personal data may not have been collected directly by an insurance market participant.
You can find out the identity of the initial Data controller of your personal data within the insurance market life-cycle in the following ways:
a) Where you took out the insurance policy yourself
The insurer and, if purchased through an intermediary, the intermediary will be the initial Data controller and their data protection contact can advise you on the identities of other insurance market participants that they have passed your personal data to.
b) Where your employer or another organisation took out the policy for your benefit
You should contact your employer or the organisation that took out the policy who should provide you with details of the insurer or intermediary that they provided your personal data to and you should contact their data protection contact who can advise you on the identities of other insurance market participants that they have passed your personal data to.
c) Where you are not a policyholder or an insured
You should contact the organisation that collected your personal data who should provide you with details of the relevant participant’s data protection contact.
5.2. The details of the data protection contacts within InEvexco Ltd are:
Shelley Crocker – Operations Director and Kathryn Denham Operations and Underwriting Manager.
Email: info@inevexco.co.uk
Phone: 01732 757616
Address: Suite 184, 80 Churchill Square Business Centre, Kings Hill, West Malling, Kent, ME19 4YU
6. Profiling and Automatic Decision Making
When calculating insurance premiums insurance market participants may compare your personal data against industry averages. Your personal data may also be used to create the industry averages going forwards. This is known as profiling and is used to ensure premiums reflect risk.
Profiling may also be used by insurance market participants to assess information you provide to understand fraud patterns.
Where special categories of personal data are relevant, such as medical history for life insurance or past motoring convictions for motor insurance, your special categories of personal data may also be used for profiling.
Insurance market participants might make some decisions based on profiling and without staff intervention (known as automatic decision making). Insurance market participants will provide details of any automated decision making they undertake without staff intervention in their information notices (and upon request) including:
7. Retention of Your Personal data
We will keep your personal data only for so long as is necessary and for the purpose for which it was originally collected. In particular, for so long as there is any possibility that either you or we may wish to bring a legal claim under this insurance, or where we are required to keep your personal data due to legal or regulatory reasons.
8. The Purposes, Categories, Legal Grounds and Recipients of our Processing of Your Personal data
We set out below the purposes insurance market participants might use your personal data for.
Under each purpose you can see:
a) If that type of insurance market participant uses your personal data for that particular purpose
b) The categories of personal data it collects
c) What personal data it might provide to third parties (disclosures).
d) The legal grounds for processing that personal data. Those legal grounds are set out in
the GDPR.
Please note that in addition to the disclosures we have identified against each purpose, we may also disclose personal data for those purposes to our service providers, contractors, agents and group companies that perform activities on our behalf.
8.1. Quotation / Inception
a) Establishing a client relationship, including fraud and anti-money laundering and sanctions checks.
|
Legal Grounds |
Disclosures |
|
|
|
When processing Special categories of personal data |
|
|
|
b) Evaluating the risks to be covered and matching to appropriate insurer, policy and premium.
|
Legal Grounds |
Disclosures |
|
|
|
When processing Special categories of personal data |
|
|
|
8.2. Policy administration
a) General client care, including communicating with you regarding administration and requested changes to the insurance policy. Sending you updates regarding your insurance policy.
|
Legal Grounds |
Disclosures |
|
|
|
When processing Special categories of personal data |
|
|
|
b) Collection or refunding of premiums, claim payments, processing and facilitating other payments.
|
Legal Grounds |
Disclosures |
|
|
|
When processing Special categories of personal data |
|
|
|
c) Collection or refunding of premiums, claim payments, processing and facilitating other payments.
|
Legal Grounds |
Disclosures |
|
|
|
When processing Special categories of personal data |
|
|
|
8.3. Claims processing
a) Managing insurance claims.
|
Legal Grounds |
Disclosures |
|
|
|
When processing Special categories of personal data |
|
|
|
b) Defending or prosecuting legal claims.
|
Legal Grounds |
Disclosures |
|
|
|
When processing Special categories of personal data |
|
|
|
c) Investigating and prosecuting fraud.
|
Legal Grounds |
Disclosures |
|
|
|
When processing Special categories of personal data |
|
|
|
8.4. Renewals
a) Contacting you in order to arrange the renewal of an insurance policy.
|
Legal Grounds |
Disclosures |
|
|
|
When processing Special categories of personal data |
|
|
|
8.5. Throughout the insurance lifecycle
a) Marketing analytics and direct marketing, including data anonymisation.
|
Legal Grounds |
Disclosures |
|
|
|
When processing Special categories of personal data |
|
|
|
b) Transferring books of business, company sales and reorganisations.
|
Legal Grounds |
Disclosures |
|
|
|
When processing Special categories of personal data |
|
|
|
c) General risk modelling.
|
Legal Grounds |
Disclosures |
|
|
|
When processing Special categories of personal data |
|
|
|
d) Complying with our legal or regulatory obligations.
|
Legal Grounds |
Disclosures |
|
|
|
When processing Special categories of personal data |
|
|
|
8.6. Website Activities
a) Contacting you in order to arrange the renewal of an insurance policy.
|
Legal Grounds |
Disclosures |
|
|
|
When processing Special categories of personal data |
|
|
|
b) To monitor your interaction with the website to ensure quality of service, compliance with procedures and to combat fraud.
|
Legal Grounds |
Disclosures |
|
|
|
When processing Special categories of personal data |
|
|
|
c) To ensure the website content is relevant and presented in the most effective manner for you and your device.
|
Legal Grounds |
Disclosures |
|
|
|
When processing Special categories of personal data |
|
|
|
9. International Transfers
We may need to transfer your data to insurance market participants or their affiliates or sub- contractors which are located outside of the European Economic Area (EEA). Those transfers would always be made in compliance with the GDPR.
If you would like further details of how your personal data would be protected if transferred outside the EEA, please contact the data protection contact of the relevant participant.
10. Your Data Protection Rights
We will assist you to exercise the following data protection rights.
a) The right of access: the right for you to obtain confirmation whether we process personal information about you and if so, to be provided with details of that personal information and access to it.
b) The right of rectification: the right for you to obtain rectification without undue delay of inaccurate personal data we may process about you;
c) The right to erasure: the right for you to require us to erase personal information which is no longer necessary to fulfil the purposes for which it was collected;
d) The right to restriction: the right for you to require us to restrict processing of personal information about you on certain grounds;
e) The right to object: the right for you to object, on grounds relating to your particular situation, to our Processing of personal data about you, if certain grounds apply;
f) The right to data portability: the right for you to receive personal information concerning you from us in a structured, commonly used and machine-readable format and to transmit that information to another controller, if certain grounds apply.
11. Right of Access
11.1. You are entitled to:
a) Be informed whether we hold and are processing personal information about you;
b) Be given a description of the personal information, the purposes for which they are being held and processed and the recipients or classes of recipient to whom the personal information is, or may be disclosed; and
c) Confirmation of your personal information held by us in a form that is understandable, without compromising the privacy of other individuals.
11.2. The request must be made in writing, which can include email.
11.3. Where the request is manifestly unfounded or excessive (e.g. it is repetitive in nature), we may either:
a) Charge a reasonable fee taking in to account the administrative costs of providing the information or communication or taking the action requested; or
b) Refuse to act on the request.
11.4. Requests are handled by the Compliance department and can be contacted by email info@inevexco.co.uk who may consult with third parties to action such requests as appropriate.
11.5. We are not obliged to comply with a request unless it is supplied with such information which it may reasonably require in order to confirm the identity of the individual making the Request and to locate the information which that individual seeks.
11.6. We will respond to a request promptly and no later than 40 calendar days after all of the necessary information (enabling us to identify the individual and locate the requested information) have been received.
11.7. An individual may make a request only in respect of their own personal information. With that said, an individual may give their consent, in writing, to another individual to make a request on their behalf (e.g. a lawyer acting on behalf of the individual).
11.8. In some cases personal information may be withheld if an exemption applies. Decisions about the appropriate use of exemptions should always be made by the Compliance department.
12. Website
12.1. Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
12.2. How we use Cookies
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
12.3. Links to other Websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
13. Glossary of Key Terms
13.1. Key Insurance Terms
13.1.1. Beneficiary is an individual or a company that an insurance policy states may receive a payment under the insurance policy if an insured event occurs. A beneficiary does not have to be the insured/policyholder and there may be more than one beneficiary under an insurance policy.
13.1.2. Claimant is either a beneficiary who is making a claim under an insurance policy or an individual or a company who is making a claim against a beneficiary where that claim is covered by the insurance policy.
13.1.3. Claims processing is the process of handling a claim that is made under an insurance policy.
13.1.4. Quotation is the process of providing a quote to a potential insured/policyholder for an insurance policy.
13.1.5. Inception is when the insurance policy starts.
13.1.6. Insurance is the pooling and transfer of risk in order to provide financial protection against a possible eventuality. There are many types of insurance. The expression insurance may also mean reinsurance.
13.1.7. Insurance policy is a contract of insurance between the insurer and the insured/policyholder.
13.1.8. Insurer Insurance market participant(s) or participants: is an intermediary, insurer or reinsurer.
13.1.9. Insured/policyholder is the individual or company in whose name the insurance policy is issued. A potential insured/policyholder may approach an intermediary to purchase an insurance policy or they may approach an insurer directly or via a price comparison website.
13.1.10. Insurers: (sometimes also called underwriters) provide insurance cover to insured/policyholders in return for premium. An insurer may also be a reinsurer.
13.1.11. Intermediaries help policyholders and insurers arrange insurance cover. They may offer advice and handle claims. Many insurance and reinsurance policies are obtained through intermediaries.
13.1.12. Lloyd’s: many policies are underwritten in Lloyd’s of London. Lloyd’s is a specialist insurance market place.
13.1.13. Policy administration is the process of administering and managing an insurance policy following its inception.
13.1.14. Premium is the amount of money to be paid by the insured/policyholder to the insurer in the insurance policy.
13.1.15. Reinsurers provide insurance cover to another insurer or reinsurer. That insurance is known as reinsurance.
13.1.16. Renewal is the process of the insurer under an insurance policy providing a Quotation to the insured/policyholder for a new insurance policy to replace the existing one on its expiry.
13.1.17. We, us or our refers to the relevant insurance market participant.
13.1.18. You or your refers to the individual whose personal data may be processed by an insurance market participant. You may be the insured, beneficiary, claimant or other person involved in a claim or relevant to an insurance policy.
13.2. Key Data Protection Terms
13.2.1. Data controller: is an entity which collects and holds personal data. It decides what personal data it collects about you and how that personal data is used. Any of the insurance market participants when using your personal data for the purposes set out in Section 5 could be Data controllers.
13.2.2. Data protection contact: the person named by the relevant insurance market participant who you should contact if you have any queries or requests regarding your personal data or how we are using it. In many cases (although not all), this person will be the Data Protection Officer of the relevant insurance market participant.
13.2.3. GDPR: is the GDPREU General Data Protection Regulation and the new UK Data Protection Act, which replaces the UK Data Protection Act 1998 from 25 May 2018.
13.2.4. Information Commissioner’s Office (ICO) – is the regulator (or National Competent Authority/Data Protection Authority) for data protection matters in the UK.
13.2.5. Personal data: is any data from which you can be identified and which relates to you. It may include data about any claims you make.
13.2.6. Processing of personal data: includes collecting, using, storing, disclosing or erasing your personal data.
14. Your right to complain to the Information Commissioner’s Office (ICO)
If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights, or if you think that we have breached the GDPR, then you have the right to complain to the ICO.
Wycliffe House
Water Lane, Wilmslow Cheshire SK9 5AF
Tel: 0303 123 1113
Email: casework@ico.org.uk
