To comply with the requirements of the General Data Protection Regulation (GDPR), we have outlined our uses of information and the methods and practices whereby that information is potentially used/stored.
Why privacy matters to us:
- Privacy is of the upmost importance to The Business Insurance Bureau, we operate in financial markets with the highest regard for personal information and commercially sensitive information.
- The information contained within this Privacy Notice will document our approach to information, security and handling of data in all forms from all sources.
- This Privacy Notice applies to our website, contracts, ongoing clients and potentially new clients and visitors in both physical and online forms.
Who are we
We are The Business Insurance Bureau which is owned and operated by Robert Hannah. Our appointed Data Controller’s details are listed below, we can be reached Monday-Friday 9am-5pm. The Data Controller for The Business Insurance Bureau is Robert Hannah and can be written to at 7 Queen’s Crescent, Glasgow, G4 9BW, or contacted by telephone on 0141 332 7076 or by email at firstname.lastname@example.org. Please mark your enquiry as ‘Data Enquiry’
What information do we collect
In order to secure insurance coverage we collect:
- Personal Information about a contact’s financial background.
- Information on assets and capital.
- Business history.
- Business processes and activities.
- Information on criminal history and legal backgrounds for both personal and business uses.
- Information on property and details of surrounding properties.
- Financial information which is required in order to allow us to assess the risk to the business and the amount of coverage required in order to provide insurance cover.
The information collected enables us to gain an adequate and accurate view of the risks involved to secure the business.
We collect information through the following mediums:
- Through our website using online forms for information capture
- Paper forms created by us
- Face to face meetings
- Telephone calls
How we use your personal information
We use information provided:
- To secure commercial insurance coverage for businesses operating throughout the United Kingdom.
- In a limited fashion to personalise content, we may use the information to increase user experiences.
- To set up user accounts and provide administration services.
- To supply clientele with appropriate and measured marketing and events communications which are designed to enhance the services we provide.
- To conduct polls and surveys which allow us to offer improved services.
- For internal research purposes and development of our business practices.
- To provide further goods and services.
- To meet our legal obligations.
- For fraud prevention purposes.
- To meet our business auditing requirements.
- To meet the terms and conditions of trading under the Financial Conduct Authority (FCA).
What legal basis do we have for processing your personal data
Below are the definitions of the different kinds of legal basis a business is allowed to process your personal data:
- Legal obligation: the processing is necessary for a business to comply with the law (not including contractual obligations).
- Contract: the processing is necessary for a contract that the business has with the individual, or because they have asked the business to take specific steps before entering into a contract.
- Legitimate interests: the processing is necessary for the business’s legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if the business is a public authority processing data to perform their official tasks).
- Consent: the individual has given clear consent for the business to process their personal data for a specific purpose.
When do we share personal data
In order to achieve a fair and impartial insurance quotation from multiple sources we must share personal data when appropriate. We outline our process of information sharing here:
- We only transmit data via encrypted methods, enhancing the security in the delivery of information. This is companywide with no exceptions and regular checks are conducted to ensure this is the case.
- Any information shared on insurance provider websites are always and only entered under the HTTPS secure transmission method, this ensures the information transmitted cannot be intercepted in transit.
Who we share personal information with
How do we secure personal data
The methods listed below are the measures taken by The Business Insurance Bureau to store and secure information in line with our legal responsibilities:
- Physical security measures are in force to secure data including but not limited to secure entry systems, key coded locking systems, safes and physical barriers such as locks and alarm systems.
- Digital security measures including but not limited to Firewalls, Antivirus and Malware software barriers are in place, as well as location specific entry to systems, audit logging and access controls for our data.
- Encryption is used in the transmission of information digitally from the business, securing the information from ourselves end to end.
- Relevant information is only supplied to third party websites which use HTTPS prefixes that are designed to prevent interception or handling of the data by any other party that is not the intended recipient.
How long do we keep personal data for
Personal data is only kept for as long as is fair in terms of information. We operate with planned obsolescence in mind, given the nature of the information we hold it is only relevant for a short period of time due to the nature of our business and multiple other factors. All documentation and paper within the business is disposed of in a secure fashion including shredding of all paper used in the process of operations.
For former clients we only keep information for marketing purposes for a total of five years, this is not related to financial or contractual obligations as we are required to keep certain elements of transactions for Regulatory and Legal Requirements. This information can be disclosed upon request.
For potential marketing targets all of our sources of information are attained either personally or through a third party data aggregation providers of which further details can be disclosed upon request. All potential marketing targets are approved under the General Data Protection Regulation by which we have right to market, ensuring that we have legal grounds for marketing communications in regards to all current and existing legislation.
For potential marketing targets all our sources of information are attained either personally or through third party data aggregation providers, further details can be disclosed upon request. All potential marketing targets are approved under the General Data Protection Regulation by which we have the right to market, ensuring that we have legal grounds for marketing communications in regards to all current and existing legislation.
Your rights in relation to personal data
You have the following rights in compliance with the General Data Protection Regulation as an individual which you can request at any time either verbally or in writing:
- The right to be informed – you can request any and all information we hold on you at any point. This demonstrates transparency for clients in the collection and usage of our information in relation to the data subject.
- The right of access – you have the right to access your personal information which we aim to provide the information for your perusal within 30 days.
- The right to rectification – should there be any personal information we hold in relation to yourself which is incorrect or inaccurate you have the right to inform us of this to be rectified.
- The right to erasure – also know as the “right to be forgotten”. This is where an individual can ask to be expunged from our system in its entirety (this may be limited in some cases due to the operation and legal obligations we must meet however, all efforts will be taken to expunge all records which are not required to be kept for regulatory or legal compliance).
- The right to restrict processing – while limited in some cases, you have the right to inform us of individuals or organisations that you do not wish to share your information with. This however is not an absolute right and given the nature of our operations may be limited in application.
- The right to data portability – you can request your information from us which will be supplied in a machine readable format for you to use for your own purposes. This allows the information we hold on you to be transferred from our systems to a system you can use without affecting its usability.
- The right to object – this allows you to restrict the uses of your information. This can be used to remove yourself from direct or email marketing efforts, allowing control of the use of the information the business maintains on the data subject.
Use of Automated Decision Making and Profiling
The Business Insurance Bureau has no automated decision or profiling technology which is leveraged to build a picture of individuals. There is a manual review of each client on a personal and case by case basis, this ensures each client is treated the same and all clients are subject to the same terms and conditions.
Cookies can also allow us to tailor the content of our website so we can show you services or adverts we think you may be interested in when you visit.
On our website we use inspectlet.com technology to improve user experience and assess what elements offer the most value.
Our website also uses Google Analytics in order to measure the traffic to our website and monitor the success of campaigns.
Linking to other websites/third party content
If you follow a link from our website to another website, please be aware that the owner of the other website will have their own privacy and cookie policies for their site. We recommend you read their policies as we are not responsible or liable for what happens at their site.