Privacy Policy

Background

In this day and age, more and more information is being uploaded and shared across the web. For you to be confident using our services we want you to trust that not only are we providing you with the best deal, we’re also committed to ensuring your privacy is protected.

When we ask you to provide certain information, or obtain certain information by which you can be identified, rest assured that your information will only be used in accordance with this privacy policy.

We may change this privacy policy from time to time by updating this page. Where we make significant changes to it, for instance by adding a new reason for processing your personal data, we will also notify you of those changes via the email address that we hold for you.

This privacy policy is effective from 22 May 2018.

Who are Brooks Braithwaite (Sussex) Ltd?

We are your data controller for the purposes of the personal data we will collect. Our details are as follows:

Brooks Braithwaite (Sussex) Ltd, a limited company registered in England with the company registration number 1416900 and registered address at Third Floor Front, Oakfield House, 35 Perrymount Road, Haywards Heath, RH16 3BW.

If you wish to contact us in relation to this notice, or data protection generally, please contact our Data Protection Officer by email on dpo@brooksbraithwaite.com or by post using the address above, marked for the attention of the Data Protection Officer.

How do we process your data?

This privacy policy applies to all customers of Brooks Braithwaite (Sussex) Ltd and this website (brooksbraithwaite.com).

We will collect and process your personal data under some, if not all, of the following lawful bases: contractual necessity, our legitimate interests, consent, because it’s necessary for us to comply with a legal obligation, and where the processing is necessary for reasons of substantial public interest.

Contractual necessity

Contractual necessity is where we collect your personal data because it is necessary for us to provide you with a quote or a contract of insurance. Without this data, we wouldn’t be able to provide you with a quote or arrange an insurance policy for you.

We need personal data for the following reasons to provide our service to you:

Legitimate interests

Organisations can rely on “legitimate interests” to process personal data where: (a) their reason for processing personal data is a legitimate business interest (e.g. it is not illegal and it actually receives a benefit from it); (b) the processing is a proportionate way of achieving that interest; and (c) that legitimate business interest is not outweighed by the impact on the individual. We have completed that assessment and are satisfied with it for each of the purposes set out below.

You do have a choice as to whether you provide us with your personal information and you have the right to object to us using your data for our legitimate interests, please see “Section 12 – Right to object”. However, if you decline to provide us with certain personal information this may impact the services that we can offer to you.

We have a legitimate interest in each of the following:

Consent

Where we rely on consent, we will only process your personal data in that way if you have told us we can. Usually this will be by ticking a box or agreeing over the phone. You have the right to withdraw consent at any time (see the section titled “Withdrawing consent” below).

We only rely on consent to send you marketing communications.

Legal obligation

This is where we are required by a law or regulation to process your data to fulfil our legal obligations.

We process your personal data to comply with our legal obligations where:

What personal data do we collect?

To enable us to process your data for the reasons set out in “Section 3 – How we process your data”, we collect the following personal data:

Contractual

Legitimate Interests

We also collect website usage data, including:

Legal obligation

Where do we obtain your personal data from?

We obtain your personal data in the following ways:

How do we share your personal data?

In general, access to your personal data will be restricted to those who have a need to access it to carry out their duties (for example our employees such as our customer service team).

However, we will also share your personal data with the following external third-parties in some circumstances:

We aim to share only anonymised data or aggregated data wherever possible. We will use secure means to store and share data. We also require third-parties to sign legally binding agreements not to use any information for marketing purposes and not to share this data. This may not be possible in all circumstances, for instance where we are obliged to disclose data to a regulator.

Do we make solely automated decisions?

We use an automated insurance rating engine to evaluate insurance risk based on the information you supply us during the quote process. We use this information to automatically determine your potential risk, and whether we are able to offer you a quote and, if we are able to offer you a quote, what the value of the quote will be.

We also make solely automated decisions based on personal data in order to screen you against government sanctions databases prior to allowing you to buy a contract of insurance – we are required to do this by law. Whilst this automated decision could result in us not offering you a contract if insurance, this would only be automated where the system determines a 100% match. Most of the time there isn’t a 100% match, and one of our staff will therefore review the decision manually.

You have the right to contest any decision produced by a solely automated means and request for human intervention. If you do this we must allow you to express your point of view, to obtain an explanation of how we reached the decision, and allow you to challenge the decision. To do this, please contact our Data Protection Officer using the details in section 2 of this Privacy Policy.

Do we transfer your data outside of the EEA?

We store your personal data in cloud servers based in the European Economic Area (EEA). In certain limited circumstances, we may export personal data outside of the European Economic Area for processing, and we may use third party service providers who do the same. We only do that if there is a good reason to do it and where either:

How long we keep your information for?

If you are a customer, we will keep your personal information and all telephone conversations for a period of 6 years after you cancel your policy. We need to keep your information for this amount of time as required by law (including FCA regulations) or to defend potential legal claims.

If you are a customer who has public & employers liability cover we will hold your data for a period of up to 40 years.

Your bank and card details will be deleted at the point that you cancel your policy.

Email communication that we have had with you will be deleted 6 months after you cancel your policy.

As a member of Brooks Braithwaite (Sussex) Ltd that has never bought a policy through us, we will keep your personal information until either:

How can you opt out of receiving marketing communications?

If you do not wish to receive further marketing information about our products and services, you can contact us via any channel detailed within “Section 2 – Details”, you can manage your marketing preferences within the “My Account” or “Log in” section of our websites and we will also include unsubscribe links within all of our marketing emails.

You have the right to withdraw your consent to how we process your data in circumstances where we are using your data based on consent. The type of processing that this includes is under section 4 “The Personal Data we collect – Consent”. To withdraw your consent, you can do this on any of our newsletters that we send by using the unsubscribe link, through our website in your “My account” or “Log in” area, you can also call our customer services department on 0345 982 5499 or you can email our Data Protection Officer at DPO@brooksbraithwaite.com.

How can you object to us processing your personal data based on our legitimate interests?

Where we process your personal data based on our legitimate interests for direct marketing purposes, you always have the right to object to that processing. To object to direct marketing either follow the instructions for opting out of marketing in the section above, or contact our Data Protection Officer using the details in section 2 of this Privacy Policy.

You have the right to object to other processing on the basis of our legitimate interests, but we might not have to cease processing where you do so if either:

To object to legitimate interests processing, please contact our Data Protection Officer using the details in section 2 of this notice.

What are your rights concerning your personal data?

If you would like to exercise any of these rights, please contact our Data Protection Officer using the details set out in section 2 of this privacy policy.

How can you make a complaint?

If we can’t remedy an issue you have, or you remain unhappy with how we are handling your data, you can lodge a complaint with the Information Commissioner’s Office (ico.org.uk).

How do we use cookies?

Like most websites, we use cookies and weblog files to track site usage and trends. A cookie is a small data file, typically of letters and numbers, downloaded to a device when a user accesses certain websites. You can remove or block cookies using settings in your internet browser, but in some cases doing so may impact your ability to use our website.

The only cookies we use are ‘analytical cookies’. They allow us to count the number of visitors and identify which pages are being viewed, or used, with the sole purpose of analysing data about webpage traffic and to improve our website in order to tailor it to our customers’ needs. We do not store unencrypted personally identifiable information in the cookies.

How do we use Google Analytics?

We use Google Analytics to help analyse use of our website. This analytical tool collects standard internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of our website (including your IP address) is transmitted to Google. This information is then used to evaluate visitors’ use of our Website and to compile statistical reports on website activity for our website. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

We will not (and will not allow any third party) to use the analytics tool to track, or to collect, any personally identifiable information of visitors to our site. We will not associate any data gathered from this site with any personally identifying information from any source as part of our use of the Google Analytics tool. Google will not associate your IP address with any other data held by Google. Neither ourselves, nor Google, will link, or seek to link, an IP address with the identity of a computer user.

Our website contains links to third party websites, including those of the insurance companies that we partner with.

Once you use these links to leave our website, you should note that we do not have any control over those other websites. We, therefore, cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and sites not governed by this Privacy Policy. You should exercise caution and look at each website’s own privacy policy.