Fair Processing Notice
Ecclesiastical Insurance Office, part of the Benefact Group, is committed to the privacy and confidentiality of information that you provide to us. This privacy notice describes our current policies and practices with regard to personal information collected and used by us.
Please take your time to read this notice carefully. When using an Ecclesiastical website (being ecclesiastical.com, benefactgroup.com and movementforgood.com). This notice should be read alongside the website terms and conditions.
Ecclesiastical Insurance Office Plc (“EIO”) Reg. No. 24869, is a specialist insurer of faith, heritage, fine art, charity, education and household risks. EIO offers its products to churches, charities, companies and individuals and their families. EIO is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Firm Reference Number 113848.
Ecclesiastical Financial Advisory Services Limited (EFAS) Reg. No. 2046087, is an Independent Financial Advisor who provides and implements financial advice recommendations for life assurance, investments, pensions, mortgages and other financial advice related services. EFAS is authorised and regulated by the Financial Conduct Authority. Firm Reference Number 126123.
The Benefact Group (formerly the Ecclesiastical Group) is made up of different legal entities, details of which can be found here. This privacy policy is issued on behalf of EIO and EFAS so when we mention “Ecclesiastical”, “we”, “us” or “our” in this privacy policy, we are referring to the relevant company in the Benefact Group responsible for the processing of your data. We will let you know which entity will be the controller for your data when you purchase a product or service with us. EIO is the controller and responsible for this website.
Providing insurance services means that we need to collect and process data so that we can provide you with a quote, insurance and where relevant, handle any claims or complaints that might arise. Similarly, providing financial advice services means that we need to collect and process data to provide financial recommendations that suit your circumstances, provide you with an on-going advice service and handle any complaints that may arise. This makes us a “data controller”.
If you are unsure about who the data controller of your personal information is, you can also contact us at any time by e-mailing us at compliance@ecclesiastical.com or by writing to the Data Protection Officer, Ecclesiastical Insurance Office plc, Benefact House, 2000 Pioneer Avenue, Gloucester Business Park, Brockworth, Gloucester, GL3 4AW
Insurance involves the use and disclosure of your personal data by various insurance market participants such as intermediaries, insurers and reinsurers. The London Insurance Market Core Uses Information Notice sets out those core necessary personal data uses and disclosures. Our core uses and disclosures are consistent with the London Market Core Uses Information Notice. We recommend you review this notice.
Depending on our relationship with you (for example if you are a policyholder, individual named on a policy, investor, claimant, witness, a third party pursued for a recovery, broker or third party) and the nature of services we are providing you with (insurance or financial advice), we will collect different types of personal information about you and use it for different purposes.
From time to time we may ask you to provide or we may receive your “sensitive personal information” otherwise known in data protection laws as “special categories of personal information” (which is information relating to your health, criminal convictions, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, and trade union membership). For example if you apply for travel insurance we may need information about your pre-existing health conditions or, if you are a named individual under a church insurance policy such as a Bishop, the religious denomination of the church may automatically reveal your religious beliefs. In these circumstances we would use your sensitive personal information to provide a quote and the insurance policy and to process any claims you make. We may also need details of any unspent criminal convictions you have for fraud prevention purposes. If you are a third party against whom we are seeking a recovery as part of our right to subrogation, we may have details of your criminal convictions where it relates to a claim under an Ecclesiastical insurance policy.
Where you provide personal information to us about other individuals (for example members of your church, or your household where we are providing financial advice) we will also be data controller of and responsible for their personal information. You should refer them to this notice.
We have structured this notice so that you only have to click on the section below that is relevant to you and reflects your relationship with us.
3.1 Prospective policyholder or beneficiary under an insurance policy
If you apply for an insurance policy with us (for example home insurance policy), or someone applies for a policy which will cover you or list you as a named beneficiary (for example a clergy member under a church legal expenses insurance policy) this section will be applicable to you and will provide key information about how we use your personal information.
3.1.1 What personal information will we collect?
- Your name and title, address, telephone numbers and email addresses, date of birth and gender.
- Where you are not the person applying for insurance, your relationship or connection to the prospective policyholder.
- Identity information if necessary, including marriage certificate, change of name documentation, national insurance number and executorship details, and documents such as passport and driving licence.
- Employment status and related information such as job title, employment history and education.
- Information which is related to your insurance application including:
- details about previous insurance policies you have held and any previous claims you have made;
- details about your family such as dependants or spouses; and
- policy specific information. For example if you are applying for home insurance we will need information about your property and possessions or where you are applying for an art and private client policy, we will need information about your art collection.
- Financial information including:
- your bank account and payment details;
- details about your income; and
- information obtained from checking sanctions lists and credit checks such as bankruptcy orders, individual voluntary arrangements, office disqualifications or county court judgments.
- Information which is available publically such as via internet search engines.
3.1.2 What sensitive personal information will we collect?
- Information about your physical and mental health if relevant to your insurance application (for example where you apply for a travel policy you may need to disclose pre-existing medical conditions).
- Information about any criminal offences you have been convicted for and any related information including about any offences or alleged offences you have committed or any court sentences which you are subject to.
- We may also collect information because it is relevant to your application, which reveals or is likely to reveal your race or ethnicity, religious or philosophical beliefs; political opinions; trade union membership; or data concerning your sex life or sexual orientation. For example, where you disclose that you are a clergy member at an Anglican Church, this will automatically reveal your religious beliefs.
3.1.3 How will we collect your personal information?
Directly from you:
- when you apply for a policy;
- when we provide you with a quotation; and
- during any communications we have, such as by telephone or email or when you make a general enquiry.
We will also collect your personal information from:
- The prospective policyholder where you are a beneficiary.
- Third parties who we rely on to administer insurance such as brokers, insurers and our own business partners.
- Third parties who provide sanctions checking services.
- Financial crime and fraud detection agencies and other third parties who operate and maintain fraud detection registers and third parties we use to carry out credit checks.
- Other companies in the Benefact Group.
- Public sources such as court judgments, insolvency registers, internet search engines, and directories of Anglican ministers.
3.1.4 What will we use your personal information for?
We use your information in a number of different ways, depending on your particular circumstances. For every use, we must be able to demonstrate that there is a “legal ground” to do so. When using your “personal information”, we will rely on the “legal grounds” set out below:
- We need to use your personal information to enter into or perform the insurance contract that you have applied for. We will rely on this legal ground for all activities that are connected to your application and without using your personal information we would be unable to do, such as assessing your application against our own risk appetite and providing you with a quote.
- We have a legal or regulatory obligation to use your personal information. We have a legal obligation to carry out anti-money laundering checks. Our regulators require us to maintain records of all dealings with you and to comply with our regulatory reporting requirements we may need to send your personal information to our regulators.
- We have a business need to use your personal information. Such needs will include keeping business and accounting records, maintaining management information, statistical analysis, developing and testing our systems, analysing our business and improving the services we offer, carrying out strategic reviews of our business models and will cover all activities which are needed to carry out everyday business activities. When relying on this legal ground, we are under a duty to assess your rights and to ensure that we do not use your information unless we can demonstrate a legitimate business need.
When we use your “sensitive personal information” (such as information about your health, religion or criminal offences), we need to have an additional “legal ground”. When using your “sensitive personal information”, we will rely on the “legal grounds” set out below:
- We have an insurance purpose to use your sensitive personal information and there is a substantial public interest such as assessing your insurance application, arranging or administering a policy and preventing and detecting fraud.
- You have clearly made your sensitive personal information public. For example where you are a Bishop of an Anglican Church and you have made your religious beliefs common knowledge.
- We need to use your sensitive personal information to establish, exercise or defend legal rights. This will be applicable where we are involved in legal proceedings, either against us or where we want to instigate them ourselves.
- You have given your consent.
3.1.5 What are the legal grounds on which we will use your personal information?
What is the purpose for using your personal information | Legal grounds for using your personal information | What is the purpose for using your personal information Legal grounds for using your personal information Legal grounds for using your sensitive personal information |
---|---|---|
To assess your insurance application | • It is necessary to enter into or perform your insurance contract • We have a business need (to assess all insurance applications against our own risk appetite.) | • It is necessary for the insurance purpose of administering an insurance policy. • You have made this information public knowledge. |
To carry out medical screening for travel insurance policies | • It is necessary to enter into or perform your insurance contract • We have a business need (to carry out medical screening to ensure that we provide appropriate insurance cover) | • It is necessary for the insurance purpose of administering an insurance policy. |
To carry out fraud, credit and anti-money laundering checks on you | • It is necessary to enter into or perform your insurance contract. • We have a legal obligation. • We have a business need (to prevent fraud and other financial crime). | • It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud). • We need to establish, exercise or defend legal rights. |
To comply with our legal or regulatory obligations. | • We have a legal obligation. | • We need to establish, exercise or defend legal rights. |
To generally communicate with you and handle any queries about your application. | • It is necessary to enter into or perform your insurance contract. • We have a business need (to respond to all communications). | • We need to establish, exercise or defend legal rights. • You have made this information public knowledge. |
For business purposes such as systems development, migration of systems and live testing, diagnosing any problems with our servers and website. | • We have a business need (to run an efficient business) | • It is necessary for the insurance purpose of administering an insurance policy. |
For business purposes such as maintaining management information, internal audits, and carrying out statistical and strategic analysis. | • We have a business need (to run an efficient business and improve our business) | • It is necessary for the insurance purpose of administering an insurance policy. |
To provide improved quality, training and security (for example, through recorded or monitored phone calls to our contact numbers, or carrying out customer satisfaction surveys). | • We have a business need (to develop and improve the services we offer). | • It is necessary for the insurance purpose of administering an insurance policy. |
3.1.6 Who will we share your personal information with?
We do not share or distribute your personal information other than to the following third parties and only under the limited circumstances we have set out above:
- The policyholder where you are a beneficiary.
- Third parties who we rely on to administer your application such as brokers, insurers and our own business partners.
- Medical screening service providers in relation to travel insurance.
- Third parties who provide sanctions checking services.
- Insurance industry bodies.
- Financial crime and fraud detection agencies and other third parties who operate and maintain fraud detection registers (including the Claims Underwriting Exchange “CUE” and the Insurance Fraud Register “IFR” managed by the Insurance Fraud Bureau) and third parties we use to carry out credit checks.
- Other companies in the Benefact Group.
- Service providers we have contracted with including our subcontractors and agents, auditors, our solicitors, actuaries, IT providers and database providers, marketing mailing providers and business suppliers.
- Any third parties in the event of a sale, merger, reorganisation, transfer or dissolution of our business.
- The Financial Conduct Authority and the Prudential Regulation Authority who are our regulators.
- Law enforcement agencies such as the police, HMRC and taxation authorities.
- Our own insurers and companies who we have appointed to assist with arranging our insurance.
3.2 Policyholder or beneficiary under an insurance policy
If you have an insurance policy with us (for example home insurance policy), if the policy covers you or if you are a named individual under an insurance policy with us (for example a clergy member under a church legal expenses insurance policy) this section will be applicable to you and will provide key information about how we use your personal information.
3.2.1 What personal information will we collect?
- Your name and title, address, telephone numbers and email addresses, date of birth and gender.
- Where you are not the policyholder, your relationship or connection to the policyholder.
- Identity information if necessary, including marriage certificate, change of name documentation, national insurance number and executorship details, and documents such as passport and driving licence.
- Employment status and related information such as job title, employment history and education.
- Information which is related to your insurance policy including:
- details about previous insurance policies you have held and any previous claims you have made;
- details about your family such as dependants or spouses; and
- policy specific information. For example if you have home insurance we will need information about your property and possessions or where you hold an art and private client policy, we will need information about your art collection.
- Financial information including:
- your bank account and payment details;
- details about your income; and
- information obtained from checking sanctions lists and credit checks such as bankruptcy orders, individual voluntary arrangements, office disqualifications or county court judgments.
- Information which is relevant to any claims you make under your policy. This could include photographic evidence you provide us with, for example if you make a claim under your travel policy, we will need information about the country you visited.
- Information which is available publically such as internet search engines and social media where we need to investigate fraudulent claims.
- Security questions and answers to access the Ecclesiastical portal where policy documents can be viewed.
3.2.2 What sensitive personal information will we collect?
- Information about your physical and mental health if relevant to your insurance policy or any claims you make (for example on sickness or accident policies or where you take out a travel policy and make a claim for medical assistance we will need information about the medical conditions suffered. This information may be provided to us in the form of GP reports or medical data such as blood tests).
- Information about any criminal offences you have been convicted for and any related information including about any offences or alleged offences you have committed or any court sentences which you are subject to.
- We may also collect information because it is relevant to your policy or claim, which reveals or is likely to reveal your race or ethnicity, religious or philosophical beliefs; political opinions; trade union membership; or data concerning your sex life or sexual orientation. For example, where we process information about you because you are a clergy member at an Anglican Church, this will automatically reveal your religious beliefs.
3.2.3 How will we collect your personal information?
When you are the policyholder, directly from you:
- when we provide you with a quote;
- when you apply for or renew a policy;
- when you make a claim on your policy; and
- during any communications we have, such as by telephone or email or when you make a complaint or general enquiry.
We will also collect your personal information from:
- The policyholder where you are a beneficiary.
- A third party who has power of attorney over you.
- Third parties who we rely on to administer insurance and handle claims such as brokers, insurers, third party claimants, defendants, witnesses and our own business partners.
- Third parties we (or you) appoint to assist with an insurance policy or claim such as claims handlers, medical experts and medical screening service providers, investigators and loss adjusters.
- Third parties who provide sanctions checking services.
- Insurance industry bodies.
- Financial crime and fraud detection agencies and other third parties who operate and maintain fraud detection registers and third parties we use to carry out credit checks.
- Other companies in the Benefact Group.
- Public sources such as court judgments, insolvency registers, internet search engines, social media where we need to investigate fraudulent claims and directories of Anglican ministers.
- The Financial Conduct Authority and the Prudential Regulation Authority who are our regulators.
3.2.4 What will we use your personal information for?
We use your information in a number of different ways, depending on your particular circumstances. For every use, we must be able to demonstrate that there is a “legal ground” to do so. When using your “personal information”, we will rely on the “legal grounds” set out below:
- We need to use your personal information to enter into or perform the insurance contract that you have taken out with us. We will rely on this legal ground for all activities that are connected to your insurance contract and without using your personal information we would be unable to do, such as providing you with a quote, providing insurance cover, handling claims and responding to complaints.
- We have a legal or regulatory obligation to use your personal information. We have a legal obligation to carry out anti-money laundering checks. Our regulators require us to maintain records of all dealings with you and to comply with our regulatory reporting requirements we may need to send your personal information to our regulators.
- We have a business need to use your personal information. Such needs will include keeping business and accounting records, maintaining management information, statistical analysis, developing and testing our systems, analysing our business and improving the services we offer, carrying out strategic reviews of our business models and will cover all activities which are needed to carry out everyday business activities. When relying on this legal ground, we are under a duty to assess your rights and to ensure that we do not use your information unless we can demonstrate a legitimate business need.
When we use your “sensitive personal information” (such as information about your health, religion or criminal offences), we need to have an additional “legal ground”. When using your “sensitive personal information”, we will rely on the “legal grounds” set out below:
- We have an insurance purpose to use your sensitive personal information and there is a substantial public interest such as assessing your insurance application in particular against our own risk appetite, arranging or administering a policy, handling claims and preventing and detecting fraud.
- You have clearly made your sensitive personal information public. For example where you are a Bishop of an Anglican Church and you have made your religious beliefs common knowledge.
- We need to use your sensitive personal information to establish, exercise or defend legal rights. This will be applicable where we are involved in legal proceedings, either against us or where we want to instigate them ourselves or when we are investigating a legal claim that a third party brings against you.
- You have given your consent.
3.2.5 What are the legal grounds on which we will use your personal information?
What is the purpose for using your personal information | Legal grounds for using your personal information | What is the purpose for using your personal information Legal grounds for using your personal information Legal grounds for using your sensitive personal information |
---|---|---|
To provide an insurance policy with appropriate cover | • It is necessary to enter into or perform your insurance contract • We have a business need (to provide insurance cover which is in line with our own risk appetite) | • It is necessary for the insurance purpose of administering an insurance policy. • You have made this information public knowledge. |
To carry out medical screening for travel insurance policies | • It is necessary to enter into or perform your insurance contract • We have a business need (to carry out medical screening to ensure that we provide appropriate insurance cover) | • It is necessary for the insurance purpose of administering an insurance policy. |
To handle any claims you make under your insurance policy | • It is necessary to enter into or perform your insurance contract • We have a business need (to investigate claims, respond and conclude all claims). | • It is necessary for the insurance purpose of administering a claim under an insurance policy. • We need to establish, exercise or defend legal rights. • You have made this information public knowledge. |
To carry out fraud, credit and anti-money laundering checks on you when you enter into a policy and to prevent any fraudulent claims | • It is necessary to enter into or perform your insurance contract. • We have a legal obligation. • We have a business need (to prevent fraud and other financial crime). | • It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud). • It is necessary for the insurance purpose of administering an insurance policy. • We need to establish, exercise or defend legal rights. |
To comply with our legal or regulatory obligations. | • We have a legal obligation. | • It is necessary for the insurance purpose of administering an insurance policy. • We need to establish, exercise or defend legal rights. |
To handle any complaints you may have and generally communicate with you. | • It is necessary to enter into or perform your insurance contract. • We have a business need (to respond to all communications and complaints and investigate and resolve complaints). | • We need to establish, exercise or defend legal rights. • You have made this information public knowledge. |
To apply for and claim on our own insurance. | • We have a business need (to have our own insurance cover in place) | • It is necessary for the insurance purpose of administering an insurance policy. • We need to establish, exercise or defend legal rights. |
For business purposes such as systems development migration of systems and live testing, diagnosing any problems with our servers and website | • We have a business need (to run an efficient business) | • It is necessary for the insurance purpose of administering an insurance policy. |
For business purposes such as maintaining management information and carrying out statistical and strategic analysis | • We have a business need (to run an efficient business and improve our business) | • It is necessary for the insurance purpose of administering an insurance policy. |
For financial purposes such as maintaining management information and accounting records and carrying out audits | • We have a business need (to maintain appropriate financial records) | • It is necessary for the insurance purpose of administering an insurance policy. |
To provide improved quality, training and security (for example, through recorded or monitored phone calls to our contact numbers, or carrying out customer satisfaction surveys). | • We have a business need (to develop and improve the services we offer). | • It is necessary for the insurance purpose of administering an insurance policy. |
To contact you to inform you about services we think you might be interested in. | • We have a business need (to inform you about other services we offer). | • You have provided your consent. |
3.2.6 Who will we share your personal information with?
We do not share or distribute your personal information other than to the following third parties and only under the limited circumstances we have set out above:
- The policyholder where you are a beneficiary.
- A third party who has power of attorney over you.
- Third parties who we rely on to provide insurance and handle claims such as brokers, insurers, third party claimants, defendants, witnesses and our own business partners.
- Third parties we (or you) appoint to assist with an insurance policy or claim such as claims handlers, medical experts and medical screening service providers, surveyors, investigators and loss adjusters.
- Third parties who provide sanctions checking services.
- Insurance industry bodies.
- Financial crime and fraud detection agencies and other third parties who operate and maintain fraud detection registers (including the Claims Underwriting Exchange “CUE” and the Insurance Fraud Register “IFR” managed by the Insurance Fraud Bureau) and third parties we use to carry out credit checks.
- Other companies in the Benefact Group.
- Service providers we have contracted with including our subcontractors and agents, auditors, our solicitors, actuaries, IT providers and database providers, marketing mailing providers and business suppliers.
- Any third parties in the event of a sale, merger, reorganisation, transfer or dissolution of our business.
- The Financial Conduct Authority and the Prudential Regulation Authority who are our regulators.
- Law enforcement agencies such as the police, HMRC and taxation authorities.
- Our own insurers and companies who we have appointed to assist with arranging our insurance.
3.3 Third party claimant
If you make a claim against a third party who has an insurance policy with us, this section will be applicable to you and will provide key information about how we use your personal information.
3.3.1 What personal information will we collect?
- Your name and title, address, telephone numbers and email addresses, date of birth and gender
- Identity information such as national insurance number.
- Any information which is related to your claim which could include:
- your job title and employment status, employment history, salary and education if relevant;
- details about the incident; and
- photographic evidence.
- Information which is available publically such as via internet search engines and social media where we need to investigate potentially fraudulent claims.
3.3.2 What sensitive personal information will we collect?
- Information about your physical and mental health if relevant to the claim you are making and in particular any information contained in a medical report.
- Information about any criminal offences you have been convicted for and any related information including about any offences or alleged offences you have committed or any court sentences which you are subject to.
- We may also collect information because it is relevant to your claim, which reveals or is likely to reveal your; race or ethnicity, religious or philosophical beliefs, political opinions, trade union membership, or data concerning your sex life or sexual orientation. For example where we seek to validate or investigate a claim we may receive files containing any of the above information. We may also need to collect this information to assess the value of your claim.
3.3.3 How will we collect your personal information?
Directly from you when you contact us to make a claim.
We will also collect your personal information from:
- The policyholder.
- Third parties who we rely on to provide insurance and handle claims such as brokers, insurers, third party claimants, defendants, witnesses and our own business partners.
- Third parties we appoint to assist with a claim such as claims handlers, medical experts we have commissioned to produce a medical report and medical screening service providers, investigators and loss adjusters.
- Third parties involved in the claim process such as lawyers or the Crown Prosecution Service.
- Third parties who provide sanctions checking services.
- Insurance industry bodies.
- Financial crime and fraud detection agencies and other third parties who operate and maintain fraud detection registers and third parties we use to carry out credit checks.
- Other companies in the Benefact Group.
- Public sources such as court judgments, insolvency registers, internet search engines, social media
- The Financial Conduct Authority and the Prudential Regulation Authority who are our regulators.
3.3.4 What will we use your personal information for?
We use your information in a number of different ways, depending on your particular circumstances. For every use, we must be able to demonstrate that there is a “legal ground” to do so. When using your “personal information”, we will rely on the “legal grounds” set out below:
- We have a legal or regulatory obligation to use your personal information. We have a legal obligation to carry out anti-money laundering checks. Our regulators require us to maintain records of all dealings with you and to comply with our regulatory reporting requirements we may need to send your personal information to our regulators. We are also required to provide information to the Compensation Recovery Unit (CRU) for the purposes of fulfilling our statutory obligation to notify the CRU prior to claim settlement.
- We have a business need to use your personal information. Such needs will include investigating claims, exercising our right of subrogation, keeping business and accounting records, maintaining management information, statistical analysis, developing and testing our systems, analysing our business and improving the services we offer, carrying out strategic reviews of our business models and will cover all activities which are needed to carry out everyday business activities. When relying on this legal ground, we are under a duty to assess your rights and to ensure that we do not use your information unless we can demonstrate a legitimate business need.
When we use your “sensitive personal information” (such as information about your health, religion or criminal offences), we need to have an additional “legal ground”. When using your “sensitive personal information”, we will rely on the “legal grounds” set out below:
- We have an insurance purpose to use your sensitive personal information and there is a substantial public interest such as handling claims and preventing and detecting fraud.
- We need to use your sensitive personal information to establish, exercise or defend legal rights. This will be applicable where we are involved in legal proceedings, either against us or where we want to instigate them ourselves or when we are investigating the claim that you have brought against an individual who holds a policy with us or when we are exercising our right of subrogation.
- You have given your consent.
3.3.5 What are the legal grounds on which we will use your personal information?
What is the purpose for using your personal information | Legal grounds for using your personal information | Legal grounds for using your sensitive personal information |
---|---|---|
To handle your claim | • We have a business need (to assess and investigate your claim and deal with it appropriately). • We have a legal obligation. | • It is necessary for the insurance purpose of handling claims. • We need to establish, exercise or defend legal rights. |
To carry out fraud checks to prevent any fraudulent claims | • We have a business need (to prevent fraud). | • It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud). • We need to establish, exercise or defend legal rights. |
To comply with our legal or regulatory obligations. | • We have a legal obligation. | • It is necessary for the insurance purpose of handling claims. • We need to establish, exercise or defend legal rights. |
To handle any complaints you may have and generally communicate with you and your medical/legal representatives. | • We have a business need (to respond to all communications and complaints and investigate and resolve complaints). | • We need to establish, exercise or defend legal rights. |
To exercise our right of subrogation (that is to bring an action for recovery of the claim amount we have paid against the third party who we believe caused the loss or injury) | • We have a business need (to exercise our right of subrogation and recover payment from the third party who caused the loss or injury) • We have a legal obligation. | • We need to establish, exercise or defend legal rights. |
To apply for and claim on our own insurance. | • We have a business need (to have our own insurance cover in place) | • It is necessary for the insurance purpose of handling claims. • We need to establish, exercise or defend legal rights. |
For business purposes such as maintaining management information and carrying out statistical and strategic analysis | • We have a business need (to run an efficient business and improve our business) | • It is necessary for the insurance purpose of administering an insurance policy. |
For business purposes such as systems development, migration of systems and live testing, diagnosing any problems with our servers and website | • We have a business need (to run an efficient business) | • It is necessary for the insurance purpose of administering an insurance policy. |
For financial purposes such as maintaining management information and accounting records and carrying out audits | • We have a business need (to maintain appropriate financial records) | • It is necessary for the insurance purpose of administering an insurance policy. |
To provide improved quality, training and security (for example, through recorded or monitored phone calls to our contact numbers, or carrying out customer satisfaction surveys). | • We have a business need (to develop and improve the services we offer). | • It is necessary for the insurance purpose of administering an insurance policy. |
3.3.6 Who will we share your personal information with?
We do not share or distribute your personal information other than to the following third parties and only under the limited circumstances we have set out above:
- The policyholder.
- Other insurers that are involved in your claim.
- Third parties who we rely on to provide insurance and handle claims such as brokers, insurers, third party claimants, defendants, witnesses and our own business partners.
- Third parties we appoint to assist with a claim such as claims handlers, medical experts and medical screening service providers, surveyors, investigators and loss adjusters.
- The third party against whom we are seeking recovery as part of the subrogation process and his or her legal representative.
- The Compensation Recovery Unit.
- Third parties who provide sanctions checking services.
- Insurance industry bodies.
- Financial crime and fraud detection agencies and other third parties who operate and maintain fraud detection registers and third parties we use to carry out credit checks including the Claims Underwriting Exchange (known as “CUE”).
- Other companies in the Benefact Group.
- Our solicitors.
- Service providers we have contracted with including our subcontractors and agents, auditors, our solicitors, actuaries, IT providers and database providers, marketing mailing providers and business suppliers.
- Any third parties in the event of a sale, merger, reorganisation, transfer or dissolution of our business.
- The Financial Conduct Authority and the Prudential Regulation Authority who are our regulators.
- Law enforcement agencies such as the police, HMRC and taxation authorities.
- Our own insurers and companies who we have appointed to assist with arranging our insurance.
3.4 Third party pursued for a recovery
If you are a third party from whom we are seeking recovery when we exercise our right of subrogation, this section will be applicable to you and will provide key information about how we use your personal information. We may exercise this right where we have paid a claim under an insurance policy but we believe that your act or failure to act caused the loss or injury.
3.4.1 What personal information will we collect?
- Your name and title, address, telephone number and email address, date of birth and gender;
- Any information which is related to the relevant claim which could include:
- your job title and employment status, employment history and salary and education if relevant;
- details about the incident and your actions; and
- photographic evidence.
- Information which is available publically such as via internet search engines and social media.
3.4.2 What sensitive personal information will we collect?
- Information about your physical and mental health if relevant to the claim.
- Information about any criminal offences you have been convicted of and any related information including about any offences or alleged offences you have committed or any court sentences which you are subject to.
- We may also collect information because it is relevant to the claim made under an Ecclesiastical policy, which reveals or is likely to reveal your; race or ethnicity, religious or philosophical beliefs, political opinions, trade union membership, or data concerning your sex life or sexual orientation.
3.4.3 How will we collect your personal information?
We will collect your personal information from:
- The policyholder.
- Third parties who we rely on to provide insurance and handle claims such as brokers, insurers, third party claimants, witnesses and our own business partners.
- Third parties we appoint to assist with a claim such as claims handlers, investigators and loss adjusters.
- Third parties involved in the claim process such as lawyers or the Crown Prosecution Service.
- Other companies in the Benefact Group.
- Public sources such as court judgments, internet search engines and social media
3.4.4 What will we use your personal information for?
We use your information in a number of different ways, depending on your particular circumstances. For every use, we must be able to demonstrate that there is a “legal ground” to do so. When using your “personal information”, we will rely on the “legal grounds” set out below:
- We have a legal or regulatory obligation to use your personal information. We have a legal obligation to carry out anti-money laundering checks. Our regulators require us to maintain records of all dealings with you and to comply with our regulatory reporting requirements we may need to send your personal information to our regulators. We are also required to provide information to the Compensation Recovery Unit (CRU) for the purposes of fulfilling our statutory obligation to notify the CRU prior to claim settlement.
- We have a business need to use your personal information. Such needs will include investigating claims, exercising our right of subrogation, keeping business and accounting records, maintaining management information, statistical analysis, developing and testing our systems, analysing our business and improving the services we offer, carrying out strategic reviews of our business models and will cover all activities which are needed to carry out everyday business activities. When relying on this legal ground, we are under a duty to assess your rights and to ensure that we do not use your information unless we can demonstrate a legitimate business need.
When we use your “sensitive personal information” (such as information about your health, religion or criminal offences), we need to have an additional “legal ground”. When using your “sensitive personal information”, we will rely on the “legal grounds” set out below:
- We have an insurance purpose to use your sensitive personal information and there is a substantial public interest such as handling claims.
- We need to use your sensitive personal information to establish, exercise or defend legal rights. This will be applicable where we are involved in legal proceedings, either against us or where we want to instigate them ourselves such as when we are exercising our right of subrogation.
3.4.5 What are the legal grounds on which we will use your personal information?
What is the purpose for using your personal information | Legal grounds for using your personal information | Legal grounds for using your sensitive personal information |
---|---|---|
To handle a claim | • We have a business need (to assess and investigate a claim and deal with it appropriately). • We have a legal obligation. | • It is necessary for the insurance purpose of handling claims. • We need to establish, exercise or defend legal rights. |
To comply with our legal or regulatory obligations. | • We have a legal obligation. | • It is necessary for the insurance purpose of handling claims. • We need to establish, exercise or defend legal rights |
To handle any complaints you may have and generally communicate with you | • We have a business need (to respond to all communications and complaints and investigate and resolve complaints). | • We need to establish, exercise or defend legal rights. |
To exercise our right of subrogation (that is to bring an action for recovery of the claim amount we have paid against you as the third party who we believe caused the loss or injury) | • We have a business need (to exercise our right of subrogation and recover payment) • We have a legal obligation | • We need to establish, exercise or defend legal rights. |
To apply for and claim on our own insurance. | • We have a business need (to have our own insurance cover in place) | • It is necessary for the insurance purpose of handling claims. • We need to establish, exercise or defend legal rights. |
For business purposes such as maintaining management information and carrying out statistical and strategic analysis | • We have a business need (to run an efficient business and improve our business) | • It is necessary for the insurance purpose of administering an insurance policy. |
For business purposes such as systems development, migration of systems and live testing, diagnosing any problems with our servers and website | • We have a business need (to run an efficient business) | • It is necessary for the insurance purpose of administering an insurance policy. |
3.4.6 Who will we share your personal information with?
We do not share or distribute your personal information other than to the following third parties and only under the limited circumstances we have set out above:
- The policyholder.
- Other insurers that are involved in your claim.
- Third parties who we rely on to provide insurance and handle claims such as brokers, insurers, witnesses and our own business partners.
- Third parties we appoint to assist with a claim such as claims handlers, investigators and loss adjusters.
- Other third parties who we engage with when exercising our right of subrogation which include the third claimant and their legal adviser or legal representative.
- Your legal adviser or legal representative.
- The Compensation Recovery Unit.
- Other companies in the Benefact Group.
- Our solicitors.
- Service providers we have contracted with including our subcontractors and agents, auditors, our solicitors, actuaries, IT providers and database providers and business suppliers.
- Any third parties in the event of a sale, merger, reorganisation, transfer or dissolution of our business.
- The Financial Conduct Authority and the Prudential Regulation Authority who are our regulators.
- Law enforcement agencies such as the police, HMRC and taxation authorities.
- The courts.
- Our own insurers and companies who we have appointed to assist with arranging our insurance.
3.5 Witness to an incident
If you have witnessed an incident which has now become the subject of a claim, this section will be applicable to you and will provide key information about how we use your personal information.
3.5.1 What personal information will we collect?
- Your name and title, address, telephone numbers and email addresses, date of birth and gender.
- Your employment status and related information such as job title, employment history and education.
- Identity documents such as passport, driving licence and national insurance number.
- Information which is available publically such as via internet search engines and social media where we need to investigate potentially fraudulent claims.
- Any information which is related to the incident you witnessed.
3.5.2 What sensitive personal information will we collect?
- Information about your physical and mental health if you suffered an injury as a result of the incident you witnessed or where you disclose information to us for example referring to a disability you have.
- Information about any criminal offences you have been convicted for and any related information including about any offences or alleged offences you have committed or any court sentences which you are subject to.
3.5.3 How will we collect your personal information?
Directly from you when we contact you to discuss the incident you witnessed.
We will also collect your personal information from:
- Those people involved in the incident such as the policyholder, the claimant and other witnesses.
- Other third parties involved in the incident from an insurance administration perspective such as brokers, insurers, claims handlers, loss adjusters and business partners.
- Third parties we have appointed to assist us in relation to the incident you witnessed such as medical experts, medical screening service providers and investigators.
- Other companies in the Benefact Group.
- Public sources such as court judgments, insolvency registers, internet search engines, social media.
3.5.4 What will we use your personal information for?
We use your information in a number of different ways, depending on your particular circumstances. For every use, we must be able to demonstrate that there is a “legal ground” to do so. When using your “personal information”, we will rely on the “legal grounds” set out below:
- We have a legal or regulatory obligation to use your personal information. We have legal obligations to carry out anti-money laundering checks and our regulators require us to maintain records of all dealings with you. To comply with our regulatory reporting requirements we may need to send your personal information to our regulators.
- We have a business need to use your personal information. Such needs will include investigating claims, exercising our right of subrogation, keeping business and accounting records, maintaining management information, statistical analysis, developing and testing our systems, analysing our business and improving the services we offer, carrying out strategic reviews of our business models and will cover all activities which are needed to carry out everyday business activities. When relying on this legal ground, we are under a duty to assess your rights and to ensure that we do not use your information unless we can demonstrate a legitimate business need. When we use your “sensitive personal information” (such as information about your health, religion or criminal offences), we need to have an additional “legal ground”. When using your “sensitive personal information”, we will rely on the “legal grounds” set out below:
- We have an insurance purpose to use your sensitive personal information and there is a substantial public interest such as handling claims and preventing and detecting fraud.
- We need to use your sensitive personal information to establish, exercise or defend legal rights. This will be applicable where we are involved in legal proceedings, either against us or where we want to instigate them ourselves or when we are investigating the claim that has been brought against an individual who holds a policy with us.
- You have given your consent.
3.5.5 What are the legal grounds on which we will use your personal information?
What is the purpose for using your personal information | Legal grounds for using your personal information | Legal grounds for using your sensitive personal information |
---|---|---|
To investigate the claim made and to understand the incident which is the subject of the claim | • We have a business need (to assess and investigate your claim and deal with it appropriately). • We have a legal obligation. | • It is necessary for the insurance purpose of handling claims. • We need to establish, exercise or defend legal rights. |
To prevent any fraudulent claims | • We have a business need (to prevent fraud). | • It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud). • We need to use your information in order to establish, exercise or defend legal rights. |
To comply with our legal or regulatory obligations. | • We have a legal obligation. | • We need to establish, exercise or defend legal rights. |
For business purposes such as maintaining management information and carrying out statistical and strategic analysis | • We have a business need (to run an efficient business and improve our business) | • It is necessary for the insurance purpose of administering an insurance policy. |
For financial purposes such as maintaining management information and accounting records and carrying out audits | • We have a business need (to maintain appropriate financial records) | • It is necessary for the insurance purpose of administering an insurance policy. |
For business purposes such as systems development, migration of systems and live testing, diagnosing any problems with our servers and website | • We have a business need (to run an efficient business) | • It is necessary for the insurance purpose of administering an insurance policy. |
To exercise our right of subrogation (that is to bring an action for recovery of the claim amount we have paid against the third party who we believe caused the loss or injury) | • We have a business need (to exercise our right of subrogation and recover payment from the third party who caused the loss or injury that you witnessed) | • We need to establish, exercise or defend legal rights. |
3.5.6 Who will we share your personal information with?
We do not share or distribute your personal information other than to the following third parties and only under the limited circumstances we have set out above:
- The policyholder.
- Third parties involved in the incident and their legal and medical representatives.
- Other insurers that are involved in the claim.
- Other third parties involved in the incident from an insurance administration perspective such as brokers, insurers, claims handlers, loss adjusters and business partners.
- Third parties we have appointed to assist us in relation to the incident you witnessed with such as medical experts, medical screening service providers and investigators.
- Third parties who provide sanctions checking services.
- The third party against whom we are seeking recovery as part of the subrogation process and his or her legal representative.
- The third party claimant whose loss or injury you witnessed.
- Insurance industry bodies.
- Financial crime and fraud detection agencies and other third parties who operate and maintain fraud detection registers (including the Claims Underwriting Exchange “CUE” and the Insurance Fraud Register “IFR” managed by the Insurance Fraud Bureau) and third parties we use to carry out credit checks.
- Other companies in the Benefact Group.
- Our solicitors.
- Service providers we have contracted with including our subcontractors and agents, auditors, our solicitors, actuaries, IT providers and database providers, business suppliers.
- Any third parties in the event of a sale, merger, reorganisation, transfer or dissolution of our business.
- The Financial Conduct Authority and the Prudential Regulation Authority who are our regulators.
- Law enforcement agencies such as the police, HMRC and taxation authorities.
- Our own insurers and companies who we have appointed to assist with arranging our insurance.
3.6 Clients to whom we provide and implement financial advice recommendations for life assurance, investments, pensions, mortgages and other financial advice related products & services
If you are a client to whom we offer and implement financial advice recommendations on life assurance, investments, pensions, mortgages and other financial advice related products and services this section will be applicable to you and will provide key information about how we use your personal information.
3.6.1 What personal information will we collect?
- Your name and title, address, telephone numbers and email addresses, date of birth and gender.
- Identity documents such as passport, driving licence, utility bills and national insurance number.
- Employment status and related information such as job title, employment history, employer’s pension provision and education.
- Information which is related to your financial advice and mortgage queries including:
- your property ownership status and information about your property;
- information about your lifestyle;
- details about your existing mortgage;
- details of any existing investments, employers & individual pension plans, life assurance policies and any other plans you already have in place;
- information to enable us to assess your attitude to risk and
- your financial aspirations and plans for the future.
- Financial information including:
- your bank account and payment details;
- details about your income, expenditure and financial borrowing appetite;
- information obtained from checking sanctions lists and credit checks such as bankruptcy orders, individual voluntary arrangements, office disqualifications or county court judgments and
- details of your assets and liabilities.
- Information which is available publically such as Crockford’s Clerical Directory or via internet search engines.
- Security questions and answers. We may set up security questions and answers to enable you to gain access to your policy details via an on-line interface.
3.6.2 What sensitive personal information will we collect?
- Information about your physical and mental health if relevant to the financial advice and mortgage services we are providing, for example:-
- your ability to pay mortgage repayments may be dependent on a longstanding medical condition you have which sometimes prevents you from working or
- to enable product providers to assess the rates which they may offer you for life assurance.
- A product provider may contact you directly as part of their underwriting process to discuss your physical and mental health.
- Information about any criminal offences you have been convicted for and any related information including about any offences or alleged offences you have committed or any court sentences which you are subject to.
- We may also collect information because it is relevant to the financial advice and mortgage process, which reveals or is likely to reveal your race or ethnicity, religious or philosophical beliefs; political opinions; trade union membership; or data concerning your sex life or sexual orientation
3.6.3 How will we collect your personal information?
Directly from you:
- when you speak with our financial and mortgage advisers and
- during any communications we have, such as by post, telephone or email or when you make a complaint or general enquiry.
We will also collect your personal information from:
- Third parties who provide sanctions checking services.
- Financial crime and fraud detection agencies and other third parties who operate and maintain fraud detection registers and third parties we use to carry out credit checks.
- Other companies in the Benefact Group.
- Service providers we have contracted with including our subcontractors, agents, auditors, our solicitors, actuaries, IT providers and database providers, marketing mailing providers and business suppliers.
- Any third parties in the event of a sale, merger, reorganisation, transfer or dissolution of our business.
- Public sources such as court judgments, insolvency registers, internet search engines, social media.
- The Financial Conduct Authority and the Prudential Regulation Authority who are our regulators.
- Other companies with which you hold investments, employers & individual pension plans, life assurance policies, mortgages and any other plans.
3.6.4 What will we use your personal information for?
We use your information in a number of different ways, depending on your particular circumstances. For every use, we must be able to demonstrate that there is a “legal ground” to do so. When using your “personal information”, we will rely on the “legal grounds” set out below:
- We need to use your personal information to enter into or perform the client agreement that you have taken out with us. We will rely on this legal ground for all activities that are connected to your client agreement and without using your personal information we would be unable to fulfil our obligations such as providing financial advice, making financial advice recommendations, providing an on-going financial advice service, providing mortgage advice, making mortgage recommendations and responding to complaints.
- We have a legal or regulatory obligation to use your personal information. For example, we have legal obligations to carry out anti-money laundering checks and our regulators require us to maintain records of all dealings with you.
- We have a business need to use your personal information. Such needs will include keeping business and accounting records, maintaining management information, statistical analysis, developing and testing our systems, analysing our business and improving the services we offer, carrying out strategic reviews of our business models and will cover all activities which are needed to carry out everyday business activities. When relying on this legal ground, we are under a duty to assess your rights and to ensure that we do not use your information unless we can demonstrate a legitimate business need.
When we use your “sensitive personal information” (such as information about your health, religion or criminal offences), we need to have an additional “legal ground”. When using your “sensitive personal information”, we will rely on the “legal grounds” set out below:
- There is a substantial public interest such as assessing, preventing and detecting fraud.
- You have clearly made your sensitive personal information public. For example where you are a Bishop of an Anglican Church and you have made your religious beliefs common knowledge.
- We need to use your sensitive personal information to establish, exercise or defend legal rights. This will be applicable where we are involved in legal proceedings, either against us or where we want to instigate them ourselves or when we are investigating a legal claim that a third party brings against you.
- You have given your explicit consent.
3.6.5 What are the legal grounds on which we will use your personal information?
What is the purpose for using your personal information | Legal grounds for using your personal information | Legal grounds for using your sensitive personal information |
---|---|---|
To provide financial & mortgage advice and find appropriate financial products & mortgage options for you | • It is necessary to enter into or perform your client agreement • We have a business need (to fulfil our contractual obligations) | • We have your explicit consent. • You have made this information public knowledge. |
To carry out fraud, credit and anti-money laundering checks on you | • It is necessary to enter into or perform your client agreement. • We have a legal obligation. • We have a business need (to prevent fraud and other financial crime). | • It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud). • We need to establish, exercise or defend legal rights. |
To comply with our legal or regulatory obligations. | • We have a legal obligation. | • We need to establish, exercise or defend legal rights. |
To handle any complaints you may have and generally communicate with you. | • It is necessary to enter into or perform your client agreement. • We have a business need (to respond to all communications and complaints and investigate and resolve complaints). | • We need to establish, exercise or defend legal rights. • You have made this information public knowledge. |
To apply for and claim on our own insurance. | • We have a business need (to have our own insurance cover in place) | • We need to establish, exercise or defend legal rights. |
For business purposes such as systems development, migration of systems and live testing and diagnosing any problems with our servers and website | • We have a business need (to run an efficient business) | • You have provided your consent. |
For business purposes such as maintaining management information, internal audits and carrying out statistical and strategic analysis | • We have a business need (to run an efficient business and improve our business) | • We have your explicit consent. |
For financial purposes such as maintaining management information and accounting records and carrying out audits | • We have a business need (to maintain appropriate financial records) | • We have your explicit consent. |
To provide improved quality, training and security (for example, through recorded or monitored phone calls to our contact numbers, or carrying out customer satisfaction surveys). | • We have a business need (to develop and improve the services we offer). | • We have your explicit consent. |
To contact you to inform you about products and services we think you might be interested in. | • We have a business need (to inform you about other products and services we offer). | • We have your explicit consent. |
3.6.6 Who will we share your personal information with?
We do not share or distribute your personal information other than to the following third parties and only under the limited circumstances we have set out above:
- Third parties who we engage with to provide you with financial product recommendations & mortgage recommendations such as investment fund providers, investment platforms, life assurance product providers, multiple quote providers, professional advisers, mortgage lenders, banks and building societies, solicitors, surveyors, mortgage brokers and our own business partners.
- Third parties who provide sanctions checking services.
- Financial crime and fraud detection agencies and other third parties who operate and maintain fraud detection registers and third parties we use to carry out credit checks.
- Other companies in the Benefact Group.
- Service providers we have contracted with including our subcontractors and agents, auditors, our solicitors, actuaries, IT providers and database providers, marketing mailing providers and business suppliers.
- Any third parties in the event of a sale, merger, reorganisation, transfer or dissolution of our business.
- The Financial Conduct Authority and the Prudential Regulation who are our regulators.
- Law enforcement agencies such as the police, HMRC and taxation authorities.
- Our own insurers and companies who we have appointed to assist with arranging our insurance.
3.7 Brokers, appointed representatives, financial adviser and other business partners
If you are a broker, appointed representative, financial adviser or another type of business partner such as a supplier or subcontractor that we do business with, this section will be applicable to you and will provide key information about how we use your personal information.
3.7.1 What personal information will we collect?
- Your name and title, address, telephone numbers and email addresses, date of birth and gender.
- Employment status and related information such as job title, employment history and education.
- Bank and payment details.
- Financial information obtained from checking sanctions lists and credit checks such as bankruptcy orders, individual voluntary arrangements, office disqualifications or county court judgments.
- Information which is available publically such as via internet search engines and Linked In.
3.7.2 What sensitive personal information will we collect?
- Information about any criminal offences you have been convicted for and any related information including about any offences or alleged offences you have committed or any court sentences which you are subject to.
3.7.3 How will we collect your information?
Directly from you and your employer.
We will also collect your personal information from:
- Third parties who provide sanctions checking services.
- Financial crime and fraud detection agencies and other third parties who operate and maintain fraud detection registers and third parties we use to carry out credit checks.
- Other companies in the Benefact Group.
- Public sources such as court judgments, insolvency registers, internet search engines, social media.
3.7.4 What will we use your personal information for?
We use your information in a number of different ways, depending on your particular circumstances. For every use, we must be able to demonstrate that there is a “legal ground” to do so. When using your “personal information”, we will rely on the “legal grounds” set out below:
- We need to use your personal information to enter into a services contract with you.
- We have a legal or regulatory obligation to use your personal information. For example, we have obligations to carry out due diligence checks on parties we engage with.
- We have a business need to use your personal information. Such needs will include keeping business and accounting records, maintaining management information, statistical analysis, developing and testing our systems, analysing our business and improving the services we offer, carrying out strategic reviews of our business models and will cover all activities which are needed to carry out everyday business activities. When relying on this legal ground, we are under a duty to assess your rights and to ensure that we do not use your information unless we can demonstrate a legitimate business need.
When we use your “sensitive personal information” (such as information about your health, religion or criminal offences), we need to have an additional “legal ground”. When using your “sensitive personal information”, we will rely on the “legal grounds” set out below:
- There is a substantial public interest such as preventing and detecting fraud.
- We need to use your sensitive personal information to establish, exercise or defend legal rights. This will be applicable where we are involved in legal proceedings, either against us or where we want to instigate them ourselves or when we are investigating a legal claim that a third party brings against you.
- You have given your explicit consent.
3.7.5 What are the legal grounds on which we will use your personal information?
What is the purpose for using your personal information | Legal grounds for using your personal information | Legal grounds for using your sensitive personal information |
---|---|---|
To comply with our legal or regulatory obligations. | • We have a legal obligation. | • We need to establish, exercise or defend legal rights. |
To carry out fraud, credit and anti-money laundering checks on you. | • It is necessary to enter into or perform your services contract. • We have a legal obligation. • We have a business need (to prevent fraud). | • It is in the substantial public interest to detect fraud. |
To engage with you and obtain your services and generally communicate with you. | • It is necessary to enter into or perform your services contract. • We have a business need (to respond to all communications and complaints and investigate and resolve complaints). | • We need to establish, exercise or defend legal rights. • You have made this public knowledge. |
For business purposes such as systems development, migration of systems and live testing, diagnosing any problems with our servers and website | • We have a business need (to run an efficient business) | • It is necessary for the insurance purpose of administering an insurance policy. • We have your explicit consent. |
For business purposes such as maintaining management information, internal audits and carrying out statistical and strategic analysis | • We have a business need (to run an efficient business and improve our business) | • It is necessary for the insurance purpose of administering an insurance policy. • We have your explicit consent. |
For financial purposes such as maintaining management information and accounting records and carrying out audits | • We have a business need (to maintain appropriate financial records) | • It is necessary for the insurance purpose of administering an insurance policy. • We have your explicit consent. |
3.7.6 Who will we share your personal information with?
We do not share or distribute your personal information other than to the following third parties and only under the limited circumstances we have set out above:
Where we engage with you relating to an insurance policy we will share your personal information with:
- Third parties including the policyholder and claimant.
- Third parties who we engage with when administering a policy or claim such as claims handlers, medical experts and medical screening service providers, surveyors, investigators and loss adjusters.
- Insurers and brokers.
Where we engage with you relating to mortgage advice or financial investment advice we will share your personal information with:
- The client to whom we provide advice.
- Mortgage lenders.
- Financial advisers.
- Third parties who provide services in relation to the management of investments or facilitate the arrangement of products we recommend such as product providers, portfolio and fund managers and insurers.
In addition to the above, we will also disclose your information to the following parties:
- Third parties who provide sanctions checking services.
- Insurance industry bodies.
- Financial crime and fraud detection agencies and other third parties who operate and maintain fraud detection registers and third parties we use to carry out credit checks.
- Other companies in the Benefact Group.
- Service providers we have contracted with including our subcontractors and agents, auditors, our solicitors, actuaries, IT providers and database providers, marketing mailing providers and business suppliers.
- Any third parties in the event of a sale, merger, reorganisation, transfer or dissolution of our business.
- The Financial Conduct Authority and the Prudential Regulation Authority who are our regulators.
- Law enforcement agencies such as the police, HMRC and taxation authorities.
- Our own insurers and companies who we have appointed to assist with arranging our insurance.
3.8 Users of the Ecclesiastical websites
If you use or access the Ecclesiastical websites (being ecclesiastical.com, benefactgroup.com and Movementforgood.com), this section will be applicable to you and will provide key information about how we use your personal information.
3.8.1 What personal information will we collect?
- Name, contact details, postcode and IP address
- Information obtained through our use of cookies. You can find more information about this in our cookies policy
Please note that if you make an online application for an insurance quote via our website, the section relevant to prospective policyholders above will apply.
3.8.2 How will we collect your personal information?
We collect your information directly from our website and where you have submitted any information on our website.
3.8.3 What will we use your personal information for?
We use your information in a number of different ways, depending on your particular circumstances. For every use, we must be able to demonstrate that there is a “legal ground” to do so. When using your “personal information”, we will rely on the “legal grounds” set out below:
- We have a business need to use your personal information, such as developing and testing our systems, analysing our business and improving the services we offer, diagnosing any problems with our website and assessing usage of our website. When relying on this legal ground, we are under a duty to assess your rights and to ensure that we do not use your information unless we can demonstrate a legitimate business need.
3.8.4 What are the legal grounds on which we will use your personal information?
What is the purpose for using your personal information | Legal grounds for using your personal information | Legal grounds for using your sensitive personal information |
---|---|---|
To respond to any enquiries you make. | • We have a business need (to respond to all enquiries made on our website). | - |
To provide marketing materials about products and services we think you might be interested in. | • We have a business need (to inform you about other services we offer). | - |
3.8.5 Who will we share your personal information with?
We do not share or distribute your personal information other than to the following third parties and only under the limited circumstances we have set out above:
- Other companies in the Benefact Group.
- Service providers we have contracted with relating to the website such as our subcontractors and agents and website providers.
We may use your personal information to provide you with information about our services or to send you ‘Church Matters’ newsletters and risk advice notes which may be of interest to you where you are an existing client, policyholder or where you have provided your consent for us to do so.
We are committed to only sending you marketing emails that you have clearly expressed an interest in receiving. If you no longer wish to receive information from us and want to be removed from our standard mailing list you can “unsubscribe” by clicking the link that appears in all such emails or by post using the details set out in section 10. Please note that by stopping these communications you may not hear about a new product or services such as a new mortgage or additions to our insurance that may save you money.
Please note that, even if you opt out of receiving marketing messages, we may still send you communications which are relevant to the type of services we provide you with.
Targeted Advertising
We may use selected advertising channels such as online communities (such as LinkedIn) to display personalised advertisements and information. We may share your personal information with other companies in the Benefact Group, other affiliated companies and third parties (such as those mentioned above) for the purposes described in this section. In order to use your personal information in these ways, we may transfer your personal information overseas, but only where appropriate safeguards are in place to ensure that your personal information is protected (as set out in section 7 of this notice).
If you have an existing relationship with us, we may use your personal information to help us display our adverts (including the adverts of other companies in the Benefact Group) to prospective customers who may share similar interests, characteristics or demographics as you. We may share limited personal information about you (such as your email address) with LinkedIn who will use that information to identify others who have similar attributes. This is sometimes known as a “lookalike audience”. LinkedIn will then use that lookalike audience to help direct our adverts (including the adverts of other companies in the Benefact Group) to prospective customers who are likely to be interested in them.
If you do not have an existing relationship with us and you have been identified by LinkedIn as someone who may be interested in our advertisements (e.g. via a “lookalike” feature as set out above), you may be presented with one of our targeted adverts (including the adverts of other companies in the Benefact Group). We will not be able to identify you unless you choose to interact with our advert by sharing it, commenting on it or reacting to it. Where you do not interact with our advert, any other information which relates to the advert and whether it was displayed to you will be provided to us only in an aggregated form so we will not be able to directly or indirectly identify you as a recipient of the advert.
When carrying out the advertising activities above, we rely on our legitimate business needs (to advertise our services). You can object to any processing which we carry out on this basis by contacting us using the details set out in section 10.
Where we have your consent, we may use advertising cookies as part of our advertising campaigns (see our cookies policy here for more detail).
We make some decisions automatically inputting your personal information into a system and computer and the decision is reached using certain processes and algorithms, rather than our employees making the decisions themselves. This is called ‘automated decision making’ and we will use this on certain products at the underwriting stage.
We use your personal information (for example address and property details and details of your charitable or commercial activities) to determine your eligibility for particular cover under an insurance policy and your insurance premium. This takes into account whether the risk presented fits our risk appetite, and if so, allows us to calculate the price to be charged.
You have a right not to be subject to the automated decision-making described above and you can contact us, using the details set out in section 10, to request that any declined decision is reconsidered. If you want to opt out of automatic decision-making, let us know, although in some circumstances it may mean we can’t offer you a quote or policy as some automated decisions are necessary to provide your insurance policy.
We will only keep your personal information for as long as reasonably necessary to fulfil the purposes set out in section 3 above and to comply with our legal and regulatory obligations.
For example, we keep property claim files for at least 6 years, and where long term liability claims may arise, we keep policy information for at least 80 years.
If you would like further information about how long we will keep your personal information for, please contact us using the details set out in section 10.
There may be some instances where your personal information is transferred outside of the United Kingdom (UK) such as when we transfer information to our companies in the Benefact Group or to third party suppliers who are based outside the UK or when third parties who act on our behalf transfer your personal information to countries outside the UK.
Where such a transfer takes place, we will take the appropriate safeguarding measures to ensure that your personal information is adequately protected. We will do so in a number of ways including:
- we will only transfer personal information to countries who have been deemed to provide an adequate level of protection for personal information. You can find out more about this here
- in the event a country is not deemed adequate we will enter into data transfer contracts and using specific contractual provisions that have been approved for use in the UK which give personal data the same protection as it has in the UK. For further details see here or
We are also entitled under data protection laws to transfer your personal information to countries outside the United Kingdom in the following circumstances:
- it is necessary for the performance of the contract we have with you; and/or
- it is necessary to protect your vital interests i.e. it is a life or death situation.
Depending on our relationship and your particular circumstances, we might transfer personal information anywhere in the world. A summary of our regular data transfers outside the United Kingdom and the EEA is set out below:
Country of transfer | Reason for the transfer | Method we use to protect your information |
---|---|---|
India | There are data servers established in India which store your information where you are a financial advice and investment client. | We have entered into standard contractual clauses with the company hosting the data servers in India. |
The Philippines | One of our claims supply chain partners processes some data in the Philippines. | We have entered into standard contractual clauses with the company and established that appropriate security measures are in place. |
Tel Aviv - Israel | Our insurance and reinsurance processing platform currently under development is provided by a company based in Tel Aviv. | Israel has been deemed to offer an adequate level of data protection. |
Worldwide | If you have a travel policy with us and you need assistance when you are ill on holiday, we will need to instruct medical experts or other service providers to the country where you are situated to ensure that you receive appropriate medical services. | We will rely on the exemptions under UK data protection laws because it is necessary to transfer your personal information so that we can provide you with medical services under your travel policy or it is a life or death situation and it is in your vital interests. |
If you would like further information regarding our data transfers and the steps we take to safeguard your personal information, please contact us using the details set out in section 10.
We implement and maintain appropriate technical and organisational measures to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services. These include but are not limited to the following key activities:
- We adopt a framework of information security controls operating at different levels within the company to restrict access and safeguard systems, in accordance with a ‘defence in depth’ methodology (which is the coordinated use of multiple security controls to protect the integrity of the information and assets in the company’s IT network);
- We have an established, documented information security and data protection policy framework which is regularly reviewed to consider changes in technology, regulations and threats;
- We maintain encryption technologies to encrypt data stored on portable computers and portable media, and ensure security when data is transferred;
- We maintain awareness and education on information security and data protection in all areas of our business;
- We conduct risk based due diligence on our suppliers;
- We operate a programme of testing the effectiveness of our information security measures.
You have several data protection rights which entitle you to request information about your personal information, to dictate what we do with it or to stop us using it in certain ways.
If you wish to exercise the rights set out below, please contact us at any time using the details set out in section 10. There will not normally be a charge for this.
We respect your rights in relation to personal information we hold about you, however we cannot always comply with your requests, for example:
- we may not be able to delete your information if we are required by law to keep it for a longer period of time; or
- we may not be able to provide a copy of your personal information if it is subject to legal professional privilege (or in Scotland confidentiality of communications), or consists of the records of our intentions in relation to any negotiations with you if disclosure would be likely to prejudice those negotiations; or
- we may not be able to delete your information if we would not have the necessary information we need to provide insurance cover or pay out on a claim.
However we will always inform you why we cannot comply with your request.
In some circumstances, complying with your request may result in your insurance policy being cancelled or your claim being discontinued.
The right to access your personal information
You can request a copy of the personal information we hold about you and certain details of how we use it.
Your personal information will normally be provided to you in writing unless you request otherwise or where you have made a request by electronic means such as email, we will provide such information in electronic form where possible.
The right to withdraw your consent
Where we rely on consent as the legal ground to use your personal information, you are entitled to withdraw that original consent.
Please note that for certain uses of your personal information, we need your consent in order to provide your policy. If you exercise this right and withdraw your consent, we may need to cancel your policy or we may not be able to pay your claim. We will inform you of these consequences when you withdraw your consent.
The right to rectification
We make reasonable efforts to keep your personal information where necessary up to date, complete and accurate. We encourage you to ensure that your personal information is accurate so please regularly let us know if you believe that the information we hold about you may be inaccurate or not complete. We will correct and amend any such personal information and notify any third party recipients of necessary changes.
The right to restriction of processing
Subject to the circumstances in which you exercise this right, you can request that we stop using your personal information, such as where you believe that we no longer need to use your personal information.
The right to data portability
Subject to the circumstances in which you exercise this right, you can request that we port across personal information you have provided to us to a third party in a commonly used and machine-readable format.
The right to erasure
You can request that we delete your personal information. For example, where we no longer need your personal information for the original purpose we collected it for or where you have exercised your right to withdrawn consent.
Whilst we will assess every request, this request is subject to legal and regulatory requirements that we are required to comply with.
The right to object to direct marketing
You can request that we stop sending you marketing messages at any time by clicking on the “unsubscribe” button in any such emails that we send to you or by contacting us using the details set out in section 9.
Please note that even if you exercise this right because you do not want to receive marketing messages, we may still send you service related communications where necessary.
The right to object to processing
Where our processing is based on the legal ground of us having a legitimate business need to process your personal information, you can object to such processing. If you raise an objection, we will consider your request and balance this against any other compelling legitimate grounds in favour of the processing and inform you of our decision.
Rights relating to automated decision-making
If you have been subject to an automated decision and do not agree with the outcome, you can contact us using the details set out in section 10 and ask us to review the decision.
The right to make a complaint with the ICO
Where you believe that we have breached data protection laws when using your personal information, you can complain to the Information Commissioner’s Office (ICO). For more information visit the ICO’s website at https://ico.org.uk/. Please note that exercising this right and lodging a complaint will not affect any other legal rights or remedies that you have.
If you would like further information about the ways we use your personal information, further clarity on how we use your personal information or anything referred to in this notice, please contact our Data Protection Officer at compliance@ecclesiastical.com or by writing to the Data Protection Officer, Ecclesiastical Insurance Office plc, Benefact House, 2000 Pioneer Avenue, Gloucester Business Park, Brockworth, Gloucester, GL3 4AW.
We are continually improving our methods of communication and alongside with changes in the law and the changing nature of technology, our data practices and how we use your data will change from time to time. If and when our data practices change and you are a customer of Ecclesiastical, we will notify you and we will provide you with the most up-to-date notice. You can view it by checking our website here.
This notice was last updated on 8th March 2022.
Download a PDF version of this privacy policy