This Privacy Statement covers the information practices of IHC Limited (registered number: 02739550), a data controller and whose registered office is at;
1-2 Bolt Court
We take the protection of your privacy and the confidentiality of your personal information seriously and this Statement sets out how we meet our obligations regarding data protection and the rights of our customers and prospective customers (‘data subjects’) in respect of their personal data under the Data Protection Act 1998 (‘the DPA’), and the forthcoming General Data Protection Regulation (‘the Regulation’).
The Regulation defines “personal data” as any information relating to an identified or identifiable natural person (a data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
IHC Limited are committed not only to the letter of the law, but also to the spirit of the law and places high importance on the correct, lawful, and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals with whom it deals.
2. Sharing Your Data
IHC Limited, as a Data Controller, is responsible for safeguarding your personal data. Where we have a specific Non-Disclosure Agreement in place with you, your data will only be shared with your explicit prior consent in accordance with its terms.
We do not sell, rent or trade our mailing lists, phone numbers or email addresses.
3. The Data Protection Principles
We comply with the Regulation which sets out the following principles with which any party handling personal data must comply. All personal data must be:
- processed lawfully, fairly, and in a transparent manner in relation to the data subject;
- collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific, regulatory or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific, regulatory or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the Regulation in order to safeguard the rights and freedoms of the data subject;
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
4. How We Will Collect Information About You
We will only collect and process personal data for and to the extent necessary for the specific purpose(s) informed to you. The information obtained about you will be that which is supplied by you and your agents and representatives, as well as information: received from insurers and their agents; generally available such as online and from third party data processors; and searches that we undertake in relation to sanctions, money laundering, and credit checks.
This will include data that you input into our webpages, whether this is in relation to raising an enquiry with us, obtaining a quotation (even if this process is discontinued before being finished), or requesting documentation.
The information obtained could include; your name, contact details (including address and e-mail address, telephone number), date of birth, gender, marital status, financial details, details of occupants of your property, employment details and benefit coverage. We may also collect sensitive personal data about you such as health information (a full list of sensitive personal data is set out in the DPA).
5. How We Will Use Your Information
The Data Controller shall ensure that all personal data collected and processed is kept secure and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Your personal information will be used to enable us to fulfil our role in relation to your insurance cover. This will be by:
- assessing your circumstances and insurance needs;
- presenting such details to insurers for the purpose of obtaining quotations and placing cover;
- contacting you about products and services available from IHC Limited which may be of interest to you;
- undertaking checks to guard against fraud, money laundering, bribery and other illegal activities;
- handling complaints; and
- analysing data, identifying trends, and developing our business services
To ensure that our processing of your data is lawful, such processing will only be undertaken if;
- you have given your consent (where we are asking you for sensitive personal data we will always ask for your consent and we will tell you why and how the information will be used). You may withdraw consent at any time
- it is necessary for the performance of a contract to which you are, or will be, a party; or
- processing is necessary for compliance with a legal obligation to which we are subject; or
- processing is necessary to protect your vital interests; or
- to perform a task carried out in the public interest or in the exercise of official authority vested in us; or
- processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your fundamental rights and freedoms which require protection of personal data, in particular where the data subject is a child
6. Disclosure Of Your Personal Information
Where we use third parties to undertake functions on our behalf we will share relevant information with such third parties such as insurers and occupational health providers.
Information may also be supplied to our internal auditors and professional regulatory bodies if required by them and to other parties if required or permitted by law.
It is our policy to retain documents and information about you, including insurances effected on your behalf, in electronic or paper format for a minimum of seven years or such longer period as appropriate having regard to when a claim or complaint may arise in connection with our processing of your information. The legal basis for this processing is that it is necessary for the protection of our legitimate interests. After seven years, these may be destroyed without notice to you. You should therefore retain all documentation issued to you.
7. Your Rights
You have the right to;
- information about how your data is processed,
- access the data we hold about you which will be provided to you within one month of your request, and is free of charge unless we reasonably believe that your request is manifestly unfounded or excessive,
- have incomplete or inaccurate data rectified,
- the deletion or removal of personal data where there is no compelling reason for us to continue to process it,
- restrict our processing of your personal data (although we will still be permitted to store it),
- data portability
- object to our processing your data where we do so in connection with our legitimate interests, or in relation to our profiling your data or using it for marketing purposes.
If you would like to exercise any of your rights above you may do so by writing to us at the address at the beginning of this notice, or e-mailing us with specific details of your request at; firstname.lastname@example.org.
8. Transferring Personal Data To A Country Outside the EEA
In the main we will not transfer personal data to countries outside of the EEA without your knowledge and it will take place only if one or more of the following applies;
- The transfer is to a country, territory, or one or more specific sectors in that country (or an international organisation), that the European Commission has determined ensures an adequate level of protection for personal data;
- The transfer is to a country (or international organisation) which provides appropriate safeguards;
- The transfer is made with the informed consent of the relevant data subject(s);
- The transfer is necessary for the performance of a contract between the data subject and the Company (or for pre-contractual steps taken at the request of the data subject);
- The transfer is necessary for important public interest reasons;
- The transfer is necessary for the conduct of legal claims;
- The transfer is necessary to protect the vital interests of the data subject or other individuals where the data subject is physically or legally unable to give their consent; or
- The transfer is made from a register that, under UK or EU law, is intended to provide information to the public and which is open for access by the public in general or otherwise to those who are able to show a legitimate interest in accessing the register.