Fair Processing Notice



The privacy and security of your information is important to us. This notice explains who we are, the types of information we hold, how we use it, who we share it with and how long we keep it. It also informs you of certain rights you have regarding your personal data under current data protection law. We will update this notice as required and at least annually. Therefore, we suggest you revisit the copy of this notice on our website periodically to keep yourself informed.

The meaning of terms and phrases used in this Fair Processing Notice are based on the Jersey Information Commissioner’s Office. You can find out more about the Jersey ICO here: https://jerseyoic.org/about-joic/


Who are we?



Towergate Jersey and CCV Jersey, are trading names of CCV Risk Solutions Limited (part of the Ardonagh Group of companies), is the Data Controller of the information you provide us and is registered with the Information Commissioner’s Office in Jersey for the products and services we provide to you. The notification number is 17335.

You can contact us for general data protection queries by email to advisorydataprotection@ardonagh.com or in writing to The Ardonagh Advisory Data Protection Officer, 2nd Floor, The Octagon, Colchester, CO1 1TG. Please advise us of as much detail as possible to comply with your request.

For further information about The Ardonagh Group of companies please visit http://www.ardonagh.com/about-us/business-portfolio. Please note that different parts of the group may have different data protection officers.


What information do we collect?



To enable us to provide you with the products or services to meet your needs we will collect personal information which may include your name, telephone number, email address, postal address, occupation, date of birth, additional details of risks related to your enquiry or product and payment details (including bank account number and sort code). Some of these details may also be required about other individuals who will benefit from the product or services we provider. In some of our call centre operations we may routinely record telephone conversations, and on some of our websites we may record information about the website journeys that have been taken. When conducting risk surveys or handling claims we may process pictures, videos and dashcam footage.

We may need to request and collect sensitive personal information such as details of convictions or medical history for us to provide you with the product or service or to process a claim.

We only collect and process sensitive personal data where it is critical for the delivery of a product or service and without which the product or service cannot be provided. We will therefore not seek your explicit consent to process this information as it is required by us to provide the product or service you have requested and is legitimised by its criticality to the service provision. If you object to the processing of this information, then we will be unable to offer you that product or service. Where you have given consent for the processing of your data, you may withdraw that consent at any time.

Please note that typically we process data on the legal basis that it relates to a contract of insurance, or a contract to provide you with risk advice, so the right to erasure, which does not apply to personal information processed for a contractual purpose, will not be applicable in many instances.

However, we may also collect personal data for marketing purposes from publicly available sources or product development purposes where it is in our legitimate interests to do so.


How do we use your personal data?



We will use your personal data for the purposes set out in the table below.

Purpose for which we may process your data Legal basis for processing this data Typical Retention Period
Assess and provide the products or services that you have requested; this may include a search with a credit reference bureau, or data enrichment services Processing in connection with a contract 7 years from the end of the relevant contract unless there are liabilities or a likelihood of later occurring claims
Communicate with you to provide our services, including risk advice Processing in connection with a contract 7 years from the end of the relevant contract unless there are liabilities or a likelihood of later occurring claims
Develop new products and services Legitimate interests 7 years from the end of the relevant contract unless there are liabilities or a likelihood of later occurring claims
Undertake statistical and risk analysis This will be on a legitimate interested basis unless we conduct specific work for you on a contractual basis 7 years from the end of the relevant contract unless there are liabilities or a likelihood of later occurring claims
Marketing and self-promotional activity Legitimate interests 3 years after the last date of contact
Support monitoring and quality management of our employees and processes Processing in connection with a contract 3 years
Complaints FCA regulations 6 years from the closure of the complaint
Divestment Contractual 6 years from the closure of the divestment project


We may also take the opportunity to

  • Contact you about products that are closely related to those you already hold with us
  • Provide additional assistance and advice about risk and insurance news, products, or services, as part of any advised insurance services that we provide to you
  • Notify you of important functionality changes to our websites

From time to time we may use your information to provide you with details of marketing or promotional opportunities and offers relating to other products and services from other companies in the Ardonagh Group, subject to relevant marketing regulations and permissions.

From time to time we will need to call you for a variety of reasons relating to your products or service (for example, to update you on the progress of a claim or to discuss renewal of your insurance contract). We are fully committed to Ofcom regulations and have strict processes to ensure we comply with them.

To ensure the confidentiality and security of the information we hold, we may need to request personal information and ask security questions to satisfy ourselves that you are who you say you are.

We may aggregate information and statistics on website usage or for developing new and existing products and services, and we may also provide this information to third parties. These statistics will not include information that can be used to identify any individual.

Any new information you provide us may be used to update an existing record we hold for you.


Securing your personal information



We have mandatory security procedures in the storage and disclosure of your personal information in line with industry practices, including storage in electronic and paper formats.

We store all the information that you provide to us, including information provided via forms you may complete on our websites, and information which we may collect from your browsing (such as clicks and page views on our websites).



When do we share your information?



To help us prevent financial crime, your details may be submitted to fraud prevention agencies and other organisations where your records may be searched, including the Claims and Underwriting Exchange (CUE) and the Motor Insurers Anti-Fraud and Theft Register (MIAFTR).

In addition to companies within the Ardonagh Group, third parties (for example insurers, loss adjustors, data enrichment services, credit lenders or claims management companies) deliver some of our products or provide all or part of the service requested by you. In these instances, while the information you provide will be disclosed to these companies, it will only be used for the provision and administration of the service provided (for example verification of any quote given to you or claims processing, underwriting and pricing purposes or to maintain management information for analysis).

We, or our partners, may make searches of your credit history. These searches may leave a record on your credit history.

We may use firms involved in financial management regarding payment.

We may also share your data with other companies who carry out market research on our behalf and who may contact you for the purpose of obtaining feedback on the products and services we offer.

We may share corporate contact information within The Ardonagh Group of companies to assist in providing you with risk advice and keeping you informed about additional products and services. For more information on the companies within the Ardonagh Group, please click here: http://www.ardonagh.com/about-us/business-portfolio
We may share your data with prospective buyers or alternative suppliers in the event that we wish to sell all or part of our business or block transfer insurance risks to another provider.

The data we collect about you may be transferred to, and stored at, a destination outside of the European Economic Area (“EEA”). It may also be processed by staff operating outside of the EEA who work for us or for one of our suppliers. Such staff may be engaged in, amongst other things, the provision of information you have requested.Whenever we send information outside of the EEA, we will ensure that we have taken the appropriate steps to do so in a manner compliant with the relevant data protection legislation.

If we provide information to a third party, we will require it and any of its agents and/or suppliers to take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Fair Processing Notice.

We may of course be obliged by law to pass on your information to the police or other law enforcement body, or statutory or regulatory authority including but not limited to the Employer’s Liability Tracing Office (ELTO) and the Motor Insurance Bureau (MIB).

Your rights



There are a number of rights that you have under data protection law. Commonly exercised rights are:


  • Access - You may reasonably request a copy of the information we hold about you. ICO guidance
  • Erasure - Where we have no legitimate reason to continue to hold your information, you have the right to have your data deleted (sometimes known as the right to be forgotten). ICO guidance
  • Correction – you may request correction of the personal information we hold about you to enable any incomplete information to be corrected. ICO guidance. Please note that this right does not apply to personal data processed in relation to a contract. Therefore, personal data related to contracts of insurance, including quotations, are not subject to this right.
  • We may use automated decision making in processing your personal information for some services and products. You can request a manual review of the accuracy of an automated decision if you are unhappy with it. ICO guidance


The office of the information commissioner provides further guidance on your data subject rights on their website.
https://jerseyoic.org/resource-room/information-rights/?audience=everything


How to complain



If you have any concerns about our use of your personal information, you can make a complaint to us by email to advisorydataprotection@ardonagh.com or in writing to The Data Protection Officer, 2nd Floor, The Octagon, Colchester, CO1 1TG.

You can also complain to the office of the information commissioner if you are unhappy with how we have used your data:

Address: Office of the Information Commissioner, Brunel House, Old Street, St Helier, Jersey JE2 3RG

Email: enquiries@dataci.org

Telephone: +44 (0)1534 716530

https://jerseyoic.org/about-joic/



Contact



If you would like a review of all your insurance requirements, or would just like to arrange a quotation, please contact us on: