Howden Life & Health Privacy Notice

This privacy notice relates to the following types of individuals, where we hold your personal information:

• Individuals who have visited one of our websites;
• Individuals who are clients, including prospective clients who have received an quotation for our services, former clients who have previously had services with us, and client representatives, for example those with power of attorney;
• Our business/corporate clients and their employees, including prospective and former clients and client representatives;
• Individuals who contact us with a query, concern or complaint;
• Individuals named on our services, such as joint policy holders, beneficiaries, or employees of our corporate clients;
• Individuals who request information from us or permit us to contact them for marketing purposes;
• Third parties who make a claim against, or are subject to a claim from one of our policyholders in relation to an accident or other event covered by our services.

There are other types of individuals who this privacy notice does not relate to, for example our employees and sub-contractors (including prospective and former employees and sub-contractors), employees of our current, former or prospective business partners and service suppliers, and members of the press.

If you are one of these individuals and would like further information on how we collect, use and store your data, please contact us. Our contact details are shown in the “how you can contact us” section of this notice.

Who we are

We are Howden Life & Health. Our full company name is Howden Life & Health Limited.

In the UK, we trade under a number of trading names, and where we do this we hold the appropriate approvals and permissions from the relevant authorities to do so. You can view a full list of all our current trading names at any time on the Financial Services Register, available by visiting https://register.fca.org.uk.

How you can contact us

We take data privacy seriously and your opinion matters to us. If you have any questions about this policy or how we use your information you can contact us in the following ways:

By e-mail: support@howdenlifeandhealth.co.uk
By telephone: 01242 537030
By post: Howden Life & Health, Ageas House, The Square, Gloucester Business Park, Brockworth, Gloucester. GL3 4ZP, UK.

Our Data Protection Officer

As part of Howden UK & Ireland, we have appointed a Data Protection Officer (DPO). Individuals have the right to contact our DPO with data protection queries or concerns that they may have. You can contact our DPO in the following ways:

By e-mail: dpo@howden-insurance.co.uk
By post: FAO The Data Protection Officer, Howden UK & Ireland, Ageas House, The Square, Gloucester Business Park, Brockworth, Gloucester, GL3 4ZP, UK.

We collect your information and use it in different ways depending on your relationship with us and how you have interacted with us. This can include information we share with or receive from third parties.

The lawful ways we use your data

We use your information for the following lawful reasons:

• To enter into or perform a contract; for example, to provide you with a service quotation, to start, change or cancel a service we offer, to manage any claims which arise, to answer queries you may have, action your requests or perform any debt recovery.
• To comply with a legal obligation; for example, the rules set by our regulator the Financial Conduct Authority (FCA), to fulfil your data rights under data privacy laws, handle complaints about data privacy or our services and to comply with other legal requirements;
• For our legitimate business interests; for example, to detect and prevent fraud, money laundering and other financial crimes, monitor and improve our business and our products and services, demonstrate compliance with applicable laws and regulations, handle legal claims, respond to other types of complaint not previously mentioned, and some marketing activities. Where we rely on this lawful reason, we assess our business needs to ensure they are proportionate and do not affect your rights. In some instances, you also have the right to object to this kind of use. For more information, visit the “Your data rights” section of this notice.
• With your consent; for example, when you ask us to provide you with information or permit us to contact you for marketing purposes. You can withdraw your consent at any time, for more information please visit the “Your data rights” section of this notice.
• To protect vital interests: in extreme or unusual circumstances, we may need to use your information to protect your life or the lives of others.

When we collect your personal data

We collect personal data from you when:

• You request a service from us, either directly or via a third-party, for example as part of a price comparison service;
• When you are named as part of a service provided to someone else, for example as a joint policy holder, a beneficiary, or as an employee of one of our corporate clients;
• You purchase, change or cancel one of our services;
• We need to assist our insurers and/or insurance brokers in managing a claim made against your policy or that you bring against one of our policyholders;
• You contact us to request information or to make a complaint;
• You visit our website or the websites of other Howden UK & Ireland or Howden Group companies;
• You take part in one of our competitions, prize draws or surveys;
• You visit one of our stands and give us your information, for example at a show or trade fair;
• You have given permission to other companies to share your information with us;
• You have made your information publicly available, and we have a legitimate reason to review it.

We also collect your information from other third-party sources where we have legal grounds to do so. These include anti-fraud and crime-prevention agencies, credit reference and vetting agencies, and other data providers.

We use cookies (small text files stored in your web browser) and other techniques to monitor how you use our website. For more information on what these are and how to opt out of these, you can visit the relevant Cookie Lists on our websites.

Depending on your relationship with us, we may hold the following types of information about you:

Identity and contact data: for example, your name, date of birth, postal address, telephone number and e-mail address.

Payment and account data: for example, your bank account details, credit/debit card details and information about your purchases with us, including any payment plans or arrears.

Location data: for example, your postal or IP address, the location of any insured property, and in the event of a claim, where the collision, theft or other incident occurred.

Correspondence data: for example, copies of letters and e-mails we send you or you send to us, and notes or call recordings of any telephone conversations.

Internet data: for example, information collected by cookies and other online technologies such as Facebook pixels and Google Analytics, as you use our website or contact us by online methods. You can find more information about the individual cookies present on each of our websites use by visiting the “Cookie List” of the site concerned.

Information we obtain from other sources: including credit agencies, anti-fraud and other financial crime prevention agencies, price comparison websites, and other data providers. This can include demographic data and interest-based data.

Complaint data: for example, what the complaint was, how we investigated it and how we resolved it, including any contact with any relevant authorities or third-party adjudicator services.

Certain types of information receive additional protection from the law due to its sensitivity, for example medical data, your race and ethnicity, your political views, or your religious beliefs. We only use these types of data with your explicit consent, to protect your vital interests or when it is necessary to meet a requirement under the current legislation, such as:

• Legal, regulatory or contractual requirements arising from a contract of insurance;
• Preventing and detecting crimes, including financial crimes such as fraud, money laundering and financing terrorism;
• Exercising legal rights and defending legal claims, and;
• Safeguarding vulnerable clients.

The above list is illustrative only, and is not exhaustive, however it does give the scenarios which apply most often to our services. Exactly how we lawfully use your sensitive data will be determined first-and-foremost by what happens during the lifetime of your service, for example if you have any claims during your time with us.

Where applicable and necessary, we share your personal information with the following types of third parties;

• Other companies in Howden UK & Ireland and/or the wider Howden Group;
• The brand owners of the websites we operate websites or services for;
• Business partners, brokers, intermediaries, suppliers and agents involved in delivering products and services to you;
• Price comparison websites and other similar companies who offer ways to research and apply for financial products and services;
• Credit reference, credit scoring and fraud prevention agencies;
• Debt collection agencies;
• Law enforcement, government bodies, regulatory organisations, courts and public authorities;
• Our panel of insurers and insurance brokers, and, where necessary, other insurers and those acting on their behalf, for example loss adjusters, solicitors and claims experts;
• Media agencies and other marketing organisations that we advertise with or conduct marketing activities through;
• A third party where disclosure is required to comply with legal or regulatory requirements;
• Personal representatives appointed by you to act on your behalf, or those appointed to represent a third-party claimant.

Normally, we will only transfer your data internationally if the recipient is based in a country that has been deemed “adequate”. This means that the receiving country has similar data protection laws that can provide the same level of protection to your data and your rights as those in your own country. Depending on both your location and that of the recipient, and also the direction of the transfer, “adequacy” may be determined by one or more of the following:

• A decision of adequacy by the UK Secretary of State;
• A decision of adequacy by the European Commission, or;
• The destination being considered an “approved jurisdiction” by Guernsey law.

If we have a genuine and valid business need to transfer your data to a country which is not, at the time of the transfer, considered “adequate”, we will ensure that the recipient enters into a formal and enforceable legal agreement that reflects the standards required by the relevant data protection laws.

You have the right to ask us for more information about the safeguards we use when sending your personal data overseas. You can request this by contacting us on the details shown in the “how you can contact us” section of this notice.

We retain information about you to provide the services that you purchase from us and to meet a number of legal and regulatory requirements, as well as our own legitimate business interests. For the period we retain your information, it is held securely by us or by third-party service suppliers contracted to store it on our behalf.

Depending on the exact services we provide you, your data will be retained for a period of either ten or seven years from when the service concerned expires. This is to ensure that we can assist our clients and insurers with any late claims, complaints or disputes that may arise, including those raised by third parties, for the time such cases are allowed under current laws.

However, there are isolated instances where we may need to retain your data for longer, for example if we need to assist an insurer or insurance broker in handling a claim involving serious personal injury, or if we are ordered by the police, a court of law or another authority to keep information relating to an official investigation.

There are also times when we may keep your information for a shorter period, for example if we provide you with a quotation but you do not ultimately buy a service from us.

You can request further information about our retention periods and the data sets that they apply to by contacting us on the details shown in the “how you can contact us” section of this notice.

We use the information you provide to build a profile of you. If we have your permission to contact you for marketing purposes, we will use this information to help identify what products and services you may find useful or relevant. We do this to try and ensure that we do not waste your time by contacting you about services that you are unlikely to be interested in.

Our insurers and brokers may also use our profile, in combination with the data you provide and profiles that they build separately themselves, to assess whether they are able to offer you insurance and to determine the specifics of a policy, for example the premium you pay and the compulsory excess for any claim.

Much of the use of your data is done by “automated means” (done by computer without significant intervention by human beings), and this includes some of the decisions we make using your information.

You have rights in relation to automated decision-making and profiling. See the “your data rights” section of this notice for more information.

Where we collect information from you in relation to insurance, and your policy is subject to UK law, you are under a legal duty to give us information. The exact obligation which applies to you depends on what your insurance relates to.

Personal clients

If you are a personal client – that is, someone buying insurance which is wholly or largely unrelated to their profession, you are under a legal duty to answer all questions we ask fully and honestly, to the best of your knowledge. This is known as a “duty to take reasonable care not to make a misrepresentation”, and is a requirement of the UK Consumer Insurance (Disclosure & Representations) Act 2012.

Business & commercial clients

Business and commercial clients are under similar duty, known as “fair presentation”. This means that, in addition to answering our questions fully and honestly, you must also make reasonable searches for and disclose any significant or material facts which are relevant to the insurance being arranged. This includes reasonable searches of information available to other interested parties, such as agents and other people or organisations covered by the insurance, and is a requirement of the UK Insurance Act 2015.

Consequences of providing incomplete or inaccurate information

Failing to comply with this legal duty may lead to a higher premium being payable, special terms or a higher excess being imposed, a claim being paid only in part or not at all, or the policy being cancelled or voided.

Data protection law gives you rights relating to your personal information. This section gives you an overview of these and how they relate to the information you give us.

Your right to access

You have a right to request copies of the personal information we hold on you, along with meaningful information on how it is used and who we share it with.

This right always applies, but there are some instances where we may not be able to provide you with all the information we hold. For example, we may not be able to provide you with your personal data where doing so could have an adverse impact on one or more of the following:

• The privacy, rights or freedoms of other individuals;
• The prevention and detection of crime, including financial crimes such as fraud and money laundering;
• Legal professional privilege, or;
• Negotiations with the individual(s) concerned.

The above list is illustrative only and is not exhaustive, but it does give the most-common scenarios that arise in connection with our services.

Normally, we will tell you if we are unable to provide you with some or all of your personal data and explain why when we respond to your request, unless the relevant laws or regulations prevent us from doing so.

Your right to rectification

If information we hold is inaccurate or incomplete, and this has an impact on the way we are using your data, you have the right to have any inaccuracies corrected and for any incomplete data to be completed.

If you ask us to rectify your information, we will either confirm to you that this has been done, or if there is a valid reason that this cannot be done, we will let you know why.

Your right to erasure (the right to “be forgotten”)

You have the right to request that your personal information is erased in the following circumstances:

• Where the information was originally collected unlawfully, or;
• If the information is no longer needed for the purpose it was originally collected.

If you ask us to erase your information, we will either confirm to you that this has been done, or if we are unable to delete it, let you know why and also inform you how long we will hold it for. For more information, see the “retaining and destroying data” section of this notice.

Your right to restrict processing

You can ask us to restrict the use of your information in certain circumstances.

If you ask us to restrict your information, we will either confirm to you that this has been done, or if we are unable to restrict it, we will inform you why.

Your right to object to direct marketing

You can always object to receiving direct marketing from us. This also includes any profiling activities we undertake for direct marketing purposes.

If you do object to the receipt of direct marketing, we will ensure that you do not receive such material going forward, unless you change your mind and specifically request it in the future.

Likewise, if you object to the use of your data for marketing-related profiling, we will ensure that your data is no longer used in this way, unless you change your mind in the future.

Your right to object to automated decision-making & profiling

You can object to decisions made about you using your information and undertaken by purely automated means in certain circumstances. This includes profiling activities which feed into automated decisions made about you.

This right applies so long as:

1. The activity is not necessary for performing or entering into a contract between you and us, or;
2. You have not already consented to the activity.

If you object about any automated decisions we make, we will either arrange for someone to assess the automated decision and confirm the outcome of this assessment to you, or alternatively contact you to explain why your right does not apply in the specific circumstance.

Your right to challenge our legitimate interests

You can challenge the use of your personal data where we use a legitimate business interest as a lawful basis to process your information. You can find more information on when we use this lawful basis in the “lawful ways we use your data” section of this notice.

If you do so, we will either confirm to you that the processing has stopped, or there is a valid reason for the processing to continue, we will inform you why.

Your right to object to the use of your information for statistical purposes

You can object to us using your information for statistical purposes in some instances.

If you do so, we will either confirm to you that the processing has stopped, or there is a valid reason for the processing to continue, we will inform you why.

Your right to data portability

In certain circumstances, you have the right to request that your information be compiled into a common, machine readable format and either provided directly to you or sent by us to a third-party you nominate.

If you request this, we will either act upon your instruction and confirm to you that we have done so, or if there is a valid reason that this cannot be done, we will tell you why.

Your right to complain

If you are unhappy with how we have used your data or if you believe we have failed to fulfil your data rights, you have the right to complain to us, and can contact us to raise your concerns using the details shown in the “how you can contact us” section of this notice.

If, after contacting us, you are unhappy with our response, you may escalate it to the relevant national supervisory authority for data rights. You can find out more about the applicable authorities and the territories they cover in the “supervisory authorities” section of this notice.

Exercising your data rights

You can exercise any of your data rights by contacting us using the information in the “how you can contact us” section of this notice and telling us which right (or rights) you would like to exercise.

The UK and the Channel Islands each have dedicated government authorities tasked with upholding privacy matters in the public interest. You have the right to approach these authorities to gain more information about your data rights. You can also raise concerns or complaints directly with the authorities in certain circumstances.

In the UK, the supervisory authority is the Information Commissioner’s Office (ICO). You can find detailed information about their powers, your rights under UK law and the ICO’s contact details on their website: www.ico.org.uk.

In Guernsey, the supervisory authority is the Office of the Data Protection Authority (ODPA). You can find more information about their powers, your rights under Guernsey law, and the ODPA’s contact details on their website: www.odpa.gg.

In Jersey, the supervisory authority is the Jersey Office of the Information Commissioner (JOIC). You can find more information about their powers, your rights under Jersey law, and the JOIC’s contact details on their website: www.jerseyoic.org.

Depending on our relationship with you, and any marketing permissions or preferences you have provided to us, we may contact you via e-mail, phone and/or SMS/text message for the following reasons.

“Servicing” messages and calls

These are messages that we must reasonably send you to provide you with services that you have requested from us, for example:

• To provide you with quotations, including renewal quotations;
• To provide you with your insurance documentation;
• To notify you of changes to any relevant terms and conditions;
• To perform debt recovery;
• To provide you with updated information regarding the services you receive from us, for example if we update our privacy notice, change our opening hours or office location, or if there is a change in the laws or regulations that apply to the services we offer and;
• Responding to any queries, complaints or concerns you raise with us.

Because these messages are reasonably necessary, and sometimes may be required by law, regulation, or contract, they may be sent regardless of your marketing preferences.

“Market research” messages and calls

These are messages that we send you to gain your feedback on our services. The information you give us is then used to help us understand where we can improve our products and services.

Because these messages aren’t intended to promote or sell anything to you, they may be sent to you regardless of your existing marketing preferences. However, we appreciate that some people may not wish to receive such messages. If you would like to opt-out of future market research by using the “unsubscribe” options in any market research e-mails, SMS/text messages or post you receive, or by asking to be unsubscribed when we call you.

“Marketing” messages and calls

These are messages which we send to you to promote our products and services, as well as those of our business partners and other companies within Howden UK and Ireland.

Exactly when we will contact you for marketing purposes varies depending on whether we are marketing our own products and services or those of another company, by the contact method we use, and whether you are an individual or a corporate client. This is because the rules for marketing vary depending on how the communication is sent to you, and who you are.

If you are an individual, and we contact you by e-mail or SMS/text to market our own products and services, then we will either do so because you specifically agreed to receive these messages (also known as “consent” under current laws), or because you told us you did not object to receiving these messages when you gave us your information (also known as “soft opt-in”).

If we contact you by e-mail or SMS/text to market the products and services of another company, then we will only do so because you have specifically agreed (or “consented”) to this.

If you are a corporation, then we may market to you by e-mail or SMS/text either because you have specifically agreed to these messages, or alternatively because you have not told us that you do not wish to receive marketing from us.

The laws for telephone marketing are different, so if we use this method to market our own products and services to you, or those of another company, then we may do so either because you have specifically agreed to receiving these, or alternatively because your telephone number is not registered with, as applicable, the Telephone Preference Service (TPS) or the Corporate Telephone Preference Service (CTPS) and you have not previously told us that you do not want to receive calls from us. More information about these services is provided further on in this section.

“Solicited” marketing calls and messages

Solicited marketing communications are any calls or messages you have specifically requested. This type of contact commonly arises when you specifically ask us to arrange for one of our business partners to contact you about their own products or services, for example if you request this via a call-back form or similar function on one of our websites. It also occurs where you ask us to contact you closer to your existing renewal date to provide you with a quotation.

Because you have specifically requested the contact, it may be made regardless of any broader marketing permissions we or our business partners may hold about you.

We and our business partners will only make this kind of contact with you to provide you with the information you have requested. If the initial attempt to contact you is unsuccessful, we or our business partners may try again, so long as the total number and frequency of the attempts does not become excessive.

“Concierge” calls

These are calls we will sometimes make to you, either on behalf of one of our business partners, our brand partners, or in our own right.

The purpose of these calls is to conduct market research, and when we make these calls we are looking to gain your views on the appearance and functionality of our website, as well as understand the competitiveness of our quotes in relation to others you may have received. We are also interested in identifying any technical issues or similar problems you may have encountered, so that we can improve our systems and services.

If, as part of this call, you decide that you would like more information on a quotation you have received, or that you would like to take out one of our policies, we will put you in touch with the relevant insurer or broker to arrange this.

Opting out of marketing messages

You always have the right to opt out of future marketing messages or change how you receive them, and you can do so in the following ways:

• By using the “unsubscribe” links present in any marketing e-mails or SMS/text messages that we send you;
• By telling our agent that you wish to change your marketing preferences when you speak to them;
• By using the details shown in the “how you can contact us” section of this notice, and telling us to update your marketing preferences, or;
• For telephone calls and post only, by registering with the relevant Marketing Preference Services.

The Marketing Preference Services

There are three free-to-use and publicly available services in the UK which help you control how and when businesses may market to you. Individuals based in Guernsey and Jersey may also register with the UK services.

The Telephone Preference Service (TPS) is operated by the Data & Marketing Group, and functions as the UK’s official “do not call” database for consumers and small businesses. The TPS service is free and acts as a global “opt-out” for unsolicited marketing calls. By law, organisations may only contact numbers registered with the TPS if they have the specific consent of the individual to do so.

Both landlines and mobile numbers can be registered with the TPS.

Corporations cannot register with the TPS, but can instead register with the Corporate Telephone Preference Service (CTPS). This functions in an identical way to the TPS, except corporations must renew their CTPS registrations annually to ensure they remain opted-out of marketing calls.

You can find more information about the TPS and CTPS, including details on how to register, via their website: www.tpsonline.org.uk.

The Mail Preference Service (MPS) performs the same function as the TPS, but instead controls how businesses may market to you via post. Again, registration is free and further information is available via the MPS website: www.mpsonline.org.uk.

There are no TPS-equivalent services for e-mail or text/SMS marketing. This is because the rules around these messaging mediums are stricter than those for phone or postal marketing, making such services unnecessary under current laws.

Marketing on social media

You may see adverts for our products and services as you use social media platforms such as Facebook or Instagram. This normally occurs where we have asked the social media platform to advertise us to audiences who are likely to have a need for particular services.

Exactly how and when you see our adverts is determined by your own privacy settings on the specific social media platform concerned. Normally, you will be seeing the advert because you have consented to receive targeted advertising via your social media settings.

You can find out more about how you can control the adverts you see, and exert control over how and when you are targeted by advertising on social media, by visiting the “Privacy Centre” or “Privacy Settings” section of the platform’s website or mobile phone app.

Some of the organisations work with ask us to provide you with more information about how they collect and use your personal data. This is shown below.

Google

Our websites may share information with Google via the use of internet cookies, where you have agreed to this. You can find out more information about how Google uses data collected by cookies on Google’s Privacy & Terms site, available here.