Privacy Policy

Introduction

This Privacy Policy outlines how we, operating under the direction of James Thind, collect, use, store, and protect your personal information when you use our car insurance website. We are committed to maintaining the highest standards of privacy and security in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other relevant UK data protection laws.

Your privacy is of utmost importance to us. This document details your rights and our obligations in relation to your personal data. Please read this Privacy Policy carefully to understand how your information may be handled.

Definitions

• Personal Data: Any information relating to an identified or identifiable individual, such as your name, contact details, identification numbers, or online identifiers.
• Controller: The entity that determines the purposes and means of processing personal data (in this case, James Thind and Prudent Plus Limited).
• Processing: Any operation or set of operations performed on personal data, such as collection, recording, storage, or dissemination.
• Data Subject: You, the individual whose personal data is being processed.

Personal Data We Collect

Information You Provide Directly

• Identification details: Name, date of birth, address, and proof of identity.
• Contact information: Email address, phone number, and correspondence preferences.
• Insurance details: Policy number, claims history, and driving history.
• Payment information: Bank account or card details for processing payments.

Information We Collect Automatically

• Usage data: Pages you visit, the time you spend on the website, and other metrics related to your interaction with our website.
• Device information: IP address, browser type, and operating system.

Information from Third Parties

• Data from insurance partners or affiliates: Information about your previous insurance policies or claims.
• Public databases: Verification data to ensure compliance with regulatory and fraud prevention standards.

Legal Basis for Processing Personal Data

We process your personal data under the following legal bases:

1. Contractual Necessity: To provide the car insurance services you have requested, including processing applications, issuing policies, and handling claims.
2. Legal Obligations: To comply with applicable laws, such as anti-fraud and anti-money laundering regulations.
3. Legitimate Interests: For purposes such as improving our website and services, preventing fraud, and ensuring website security.
4. Consent: Where explicit consent is required (e.g., for marketing communications), we could only process your data after obtaining your clear and affirmative consent.

How We Use Your Personal Data

• Provision of Services: To assess your eligibility for car insurance policies, issue and manage your insurance policy, and process claims and payments.
• Customer Support: To respond to your enquiries or complaints and provide support related to your account or policy.
• Fraud Prevention and Security: To detect and prevent fraudulent activities and ensure the integrity of our systems.
• Service Improvements: To analyse website usage and customer interactions for improving our services.
• Communications: To send policy updates or important notices and provide marketing materials if you have given your consent.

How We Share Your Personal Data

We do not sell your personal data to third parties. However, your data may be shared with the following categories of recipients:

• Insurance Providers and Underwriters: To facilitate the provision of your insurance policy.
• Payment Processors: To handle payments securely.
• Regulatory Authorities: To comply with legal and regulatory obligations.
• Professional Advisors: Such as auditors, lawyers, or consultants, to safeguard our business interests.
• Service Providers: Third-party vendors who support our website operations, under strict confidentiality agreements.

International Data Transfers

Where personal data is transferred outside the UK, we ensure an adequate level of protection by implementing safeguards such as:

• Transfers to countries deemed adequate by the UK government.
• Standard Contractual Clauses approved by the UK Information Commissioner’s Office (ICO).

Data Retention

We retain your personal data only as long as necessary to fulfil the purposes for which it was collected, or as required by law. The following criteria determine retention periods:

• Legal and regulatory obligations.
• Ongoing contractual relationships.
• Your preferences and rights, such as requests for deletion.

For example:

• Policy data: Retained for the duration of your policy and up to seven years thereafter, in line with legal requirements.
• Claims data: Retained for a minimum of seven years for auditing and legal defence purposes.

Your Rights Under UK GDPR

As a data subject, you have the following rights under the UK GDPR:

• Right to Access: Request access to the personal data we hold about you.
• Right to Rectification: Request corrections to inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data where there is no compelling reason for us to continue processing it.
• Right to Restrict Processing: Ask us to suspend the processing of your personal data in certain circumstances.
• Right to Data Portability: Obtain and reuse your personal data in a structured, commonly used format.
• Right to Object: Object to the processing of your data for specific purposes.
• Right Not to Be Subject to Automated Decision-Making: Ensure decisions involving your data include human intervention.
• Right to Withdraw Consent: Withdraw consent for processing at any time.
• Right to Lodge a Complaint: Lodge a complaint with the ICO (www.ico.org.uk, Phone: 0303 123 1113).

Security of Your Personal Data

We implement robust security measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of sensitive information.
• Regular security audits and vulnerability assessments.
• Restricting access to personal data to authorised personnel only.
• Secure storage systems with multi-factor authentication.

Despite our best efforts, no system is entirely foolproof. We encourage you to take precautions when transmitting personal data online.

Definitions

• Personal Data: Any information relating to an identified or identifiable individual, such as your name, contact details, identification numbers, or online identifiers.
• Controller: The entity that determines the purposes and means of processing personal data (in this case, James Thind and Prudent Plus Limited).
• Processing: Any operation or set of operations performed on personal data, such as collection, recording, storage, or dissemination.
• Data Subject: You, the individual whose personal data is being processed.

Personal Data We Collect

Information You Provide Directly

• Identification details: Name, date of birth, address, and proof of identity.
• Contact information: Email address, phone number, and correspondence preferences.
• Insurance details: Policy number, claims history, and driving history.
• Payment information: Bank account or card details for processing payments.

Information We Collect Automatically

• Usage data: Pages you visit, the time you spend on the website, and other metrics related to your interaction with our website.
• Device information: IP address, browser type, and operating system.

Information from Third Parties

• Data from insurance partners or affiliates: Information about your previous insurance policies or claims.
• Public databases: Verification data to ensure compliance with regulatory and fraud prevention standards.

Legal Basis for Processing Personal Data

We process your personal data under the following legal bases:

1. Contractual Necessity: To provide the car insurance services you have requested, including processing applications, issuing policies, and handling claims.
2. Legal Obligations: To comply with applicable laws, such as anti-fraud and anti-money laundering regulations.
3. Legitimate Interests: For purposes such as improving our website and services, preventing fraud, and ensuring website security.
4. Consent: Where explicit consent is required (e.g., for marketing communications), we might only process your data after obtaining your clear and affirmative consent.

How We Use Your Personal Data

• Provision of Services: To assess your eligibility for car insurance policies, issue and manage your insurance policy, and process claims and payments.
• Customer Support: To respond to your enquiries or complaints and provide support related to your account or policy.
• Fraud Prevention and Security: To detect and prevent fraudulent activities and ensure the integrity of our systems.
• Service Improvements: To analyse website usage and customer interactions for improving our services.
• Communications: To send policy updates or important notices and provide marketing materials if you have given your consent.

How We Share Your Personal Data

We do not sell your personal data to third parties. However, your data may be shared with the following categories of recipients:

• Insurance Providers and Underwriters: To facilitate the provision of your insurance policy.
• Payment Processors: To handle payments securely.
• Regulatory Authorities: To comply with legal and regulatory obligations.
• Professional Advisors: Such as auditors, lawyers, or consultants, to safeguard our business interests.
• Service Providers: Third-party vendors who support our website operations, under strict confidentiality agreements.

International Data Transfers

Where personal data is transferred outside the UK, we ensure an adequate level of protection by implementing safeguards such as:

• Transfers to countries deemed adequate by the UK government.
• Standard Contractual Clauses approved by the UK Information Commissioner’s Office (ICO).

Data Retention

We retain your personal data only as long as necessary to fulfil the purposes for which it was collected, or as required by law. The following criteria determine retention periods:

• Legal and regulatory obligations.
• Ongoing contractual relationships.
• Your preferences and rights, such as requests for deletion.

For example:

• Policy data: Retained for the duration of your policy and up to seven years thereafter, in line with legal requirements.
• Claims data: Retained for a minimum of seven years for auditing and legal defence purposes.

Your Rights Under UK GDPR

As a data subject, you have the following rights under the UK GDPR:

• Right to Access: Request access to the personal data we hold about you.
• Right to Rectification: Request corrections to inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data where there is no compelling reason for us to continue processing it.
• Right to Restrict Processing: Ask us to suspend the processing of your personal data in certain circumstances.
• Right to Data Portability: Obtain and reuse your personal data in a structured, commonly used format.
• Right to Object: Object to the processing of your data for specific purposes.
• Right Not to Be Subject to Automated Decision-Making: Ensure decisions involving your data include human intervention.
• Right to Withdraw Consent: Withdraw consent for processing at any time.
• Right to Lodge a Complaint: Lodge a complaint with the ICO (www.ico.org.uk.

Security of Your Personal Data

We implement robust security measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of sensitive information.
• Regular security audits and vulnerability assessments.
• Restricting access to personal data to authorised personnel only.
• Secure storage systems with multi-factor authentication.

Despite our best efforts, no system is entirely foolproof. We encourage you to take precautions when transmitting personal data online.