Our website helps you:
- What information do we collect from you?
- Why do we collect this information?
- Automated Decisions Making
- How long do we keep hold of your information?
- Who might we share your information with?
- How is your data stored and kept secure?
- International transfers
- What are your rights?
- Changes to this Policy
- Contact Us
What information do we collect from you?
We will collect and process the following data about you:
- Information you give us. This is information about you that you give to us by filling in forms on our site, via your broker, or by corresponding with us by phone, email or otherwise. The information you give us may include your name, address, email address and phone number and financial information. We will ask you for further information depending on which insurance you are interested in.
- Information we collect when you call us. If you call us we will automatically collect the phone number used to call. Some of our partner brokers, claims administrators or similar business partners may record calls as part of their FCA compliance requirement. The relevant business partner will be the data controller for that information, so please address any queries directly to the appropriate broker. We review a selection of the business partner calls set out above in our legitimate interests in order to check they are providing a quality service.
- Information we receive from other sources. We are working closely with other organisations who may provide us with information relating to you, including, but not limited to:
- Property information from surveyors;
- In certain cases, convictions information from sources such as the DVLA;
- Claims information, from claims organisations;
- App providers, where you choose to allow the app to share data with us.
- Information we collect from your use of our site via cookies:
- Cookies help us to understand how you use our site. The information that they send us will not identify you personally; it is statistical data about our visitors and their use of our site.
- All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies, you may be unable to access particular parts of our website.
- Most web browsers are initially set up to accept cookies. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. Please note, however, that certain features of the site might not function if you delete or disable cookies. For more information about cookies, including how to decline them and to delete cookies that may already be saved on your computer, visit www.allaboutcookies.org or go to the help menu within your internet browser.
- Google Analytics: Analytics cookies help us understand how users engage with our site. An example is counting the number of different people coming to our platform or using a particular feature, rather than the total number of times the platform or feature is used. Without this cookie, if you visited the platform once each week for three weeks we would count you as three separate users. We would find it difficult to analyse how well our platform site was performing and improve it without these cookies. Analytics may collect information regarding the type of web browser or operating system, IP address, viewed pages, time and duration of site visits, crash logs, your geographic location, and other information relating to site usage.
- We may also use web beacons in our emails to you. These are transparent image files that can be used to see if an email was read or forwarded to someone else. If you object to web beacons in emails, we recommend that you follow the same procedure for deleting existing cookies and disabling future cookies (see how to do this at www.allaboutcookies.org). We will still know how many of our emails are opened and we will automatically receive your IP address, a unique identifier of your device or other access device; but we will not be able to identify you as an individual.
Why do we collect this information?We process your personal information for the following reasons:
- Pursuant to a contract in order to:
- Process information at your request to take steps to enter into an insurance policy;
- Provide you with our products and services;
- Process payments and assess your eligibility for payment plans;
- Handle claims;
- Meet our legal and regulatory obligations;
- Maintain business and service continuity; and
- Send service communications so that you receive a full and functional service and so we can perform our obligations to you. These will be sent by email wherever possible but in some circumstances we may need to contact you by post or by phone. These will include notifications about changes to our service.
- On the basis of your consent:
- Where we rely on your consent for processing this will be brought to your attention when the information is collected from you or will otherwise be clear from the context of you providing the information;
- We will only contact you with direct marketing communications if you consent to us doing so and you will have the right to withdraw consent at any time. See the What are your rights? section below for more information.
- In our legitimate interests of providing the best service and improving and growing our business we will process information in order to:
- Provide you with a personalised service;
- Promote our products and services;
- Improve our products and services;
- Keep our site and systems safe and secure;
- Understand our customer base and purchasing trends;
- Defend against, establish or exercise legal claims and investigate complaints; and
- Understand the effectiveness of our marketing.
- To comply with legal requirements relating to:
- The provision of products and services;
- Anti-money laundering;
- Fraud investigations;
- Data protection;
- Assisting law enforcement; and
- Any other legal obligations placed on us from time to time.
Special Category Personal Data and Offences
In some circumstances we need to process special category personal data or criminal convictions and offences data which is required in order for us to make decisions in relation to providing you with a policy or assessing a claim. For example, in order to provide you with a motor insurance policy we will need to understand whether you have any motoring offences, or for a travel insurance policy we will need information on any existing medical conditions.
We process this information because it is required in order for us to enter into or to perform a contract with you. We also process this information because it is necessary for the purposes of substantial public interest permitted by law.
Automated Decision Making and Profiling
We use automated systems which means that some decisions are made automatically. We offer our insurance policies based on the information we have about our customers. Some information may identify a high risk to us in providing insurance, for example if an applicant for motor insurance has committed certain driving offences. Our systems are designed to identify particularly high-risk factors and, in some circumstances, to automatically decline an application. It may also affect the price at which we offer you our products and services. Decisions are therefore made based on your particular risk profile.
The types of decision which are automated include initial decisions about whether to offer you insurance, which product to offer and at which price, based on the information you have provided us with.
You have the right to request that we review the automated decision manually and you are entitled to express your view on the automated decision when you request a review. You can exercise this right by contacting our Data Protection Officer at firstname.lastname@example.org
How long do we keep hold of your information?We will keep your information only for as long as is necessary for the purposes for which it was collected. The periods of retention are different depending on which insurance policy is involved. We will retain information for a number of years after the end of our relationship with you using the criteria below, unless obligations to our regulators require otherwise or we are required to remove such data from our records. Our retention periods are determined by reference to:
- Legal requirements – as a regulated financial services provider we are bound by specific rules on retention of information;
- Statutory limitation periods – these determine the periods for which legal claims can be brought;
- Insurance industry standards; and
- Operational requirements – set by how long we need to keep information for operational purposes for example to operate your insurance policy, handle insurance claims or deal with legal claims.
Who might we share your information with?
For the purposes set out in the ‘Why do we collect this information?’ section above, we will share your personal information with:
- The following categories of third parties, some of whom we appoint to provide services, including:
- Distribution partners (or other insurance intermediaries), suppliers and sub-contractors for the performance of any contract we enter into with you, including our IT, Operations, Claims, Finance and Actuarial service providers;
- Analytics and search engine providers that assist us in the improvement and optimisation of our site;
- Customer survey providers in order to receive feedback and improve our services.
- Any member of our group, which includes our parent company and subsidiaries.
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets if appropriate.
- If we are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
- If we change or augment our select list of distribution partners, suppliers and sub-contractors.
- Anti-fraud and anti-money laundering groups or organisations;
- Credit reference agencies;
- Debt recovery providers;
- Law enforcement and legal professionals;
- Our insurers or auditors.
How is your data stored and kept secure?At Hoxton Insurance Services, we take your safety and security very seriously and we are committed to protecting your personal and financial information. All information kept by us is:
- Stored in a secure hosting environment, and protected by industry standard security systems, including regular Malware scanning.
- Accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential.
- All credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We transfer your personal data outside the European Economic Area (“EEA”) in connection with the processing, management and administration of your insurance policy. Our lawful basis for such transfers is the performance of our contract with you.
Our systems are all hosted on secure servers within the UK/EEA, but your personal data can be accessed by personnel working for our affiliated company, Xceedance Consulting Private India Limited, who are located outside of the EEA (specifically, India) and with whom we are affiliated. Personal data, including your name and contact details, policy numbers and bank account details, is accessed from India for the purposes of policy administration, including our underwriting and accounting systems and other back office functions we ordinarily perform. However, your personal data always remains within our secure systems and databases and is not extracted locally.
For travel insurance, we may need to transfer personal data internationally to third parties (depending on where you are) if there is a medical emergency or incident. We will only transfer your information if adequate protection measures are in place or if the transfer is otherwise permitted by data protection legislation. More information is available by contacting us at any time.
What are your rights?Where processing of your personal data is based on consent, you can withdraw that consent at any time. You have the following rights. You can exercise these rights at any time by contacting us at email@example.com. You have the right:
- To ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes;
- To ask us not to process your personal data where it is processed on the basis of legitimate interests provided that there are no compelling reasons for that processing;
- To ask us not to process your personal data for scientific or historical research purposes, where relevant, unless the processing is necessary in the public interest.
- To request from us access to personal information held about you;
- To ask for the information we hold about you to be rectified if it is inaccurate or incomplete;
- To ask for data to be erased provided that the personal data is no longer necessary for the purposes for which it was collected, you withdraw consent (if the legal basis for processing is consent), you exercise your right to object, set out below, and there are no overriding legitimate grounds for processing, the data is unlawfully processed, the data needs to be erased to comply with a legal obligation or the data is children’s data and was collected in relation to an offer of information society services;
- To ask for the processing of that information to be restricted if the accuracy of that data is contested, the processing is unlawful, the personal data is no longer necessary for the purposes for which it was collected or you exercise your right to object (pending verification of whether there are legitimate grounds for processing);
- To request that we review an automated decision manually (see Automated Decision Making above);
- To ask for data portability if the processing is carried out by automated means and the legal basis for processing is consent or contract.
For the purpose of data protection legislation, the data controller is Hoxton Risk Services Limited, a company registered in England and Wales under registered No. 13056354 and whose registered office is at Brierly Place, 160-162, New London Road, Chelmsford, Essex, England, CM2 0AP. Hoxton is registered with the ICO to process your personal data in accordance with this policy.
Data protection is a group function provided by the holding company, NuVenture International Limited a company registered in England and Wales under registered No. 12798974 and whose registered office is at Brierly Place, 160-162, New London Road, Chelmsford, Essex, England, CM2 0AP.
Hoxton Insurance Services products are underwritten by various insurers including Hiscox whose privacy notices can be found on their websites.
Hoxton, Hoxton Insurance and Hoxton Insurance Services are trading names of Hoxton Risk Services Limited which is an appointed representative of Davies MGA Services Limited, a company authorised and regulated by the Financial Conduct Authority under firm reference number 597301 to carry on insurance distribution activities. Hoxton Risk Services Limited is registered in England and Wales company number 13056354. Registered office at Brierly Place, New London Road, Chelmsford, Essex, England, CM2 0AP.