Privacy Policy


Introduction

This Privacy Policy explains in detail the personal data we may collect from you when you use our products and services. It also explains our legal bases for our use of your personal information, who we will share your data with and how long we will keep it for, together with your rights under the General Data Protection Regulations.

We know there is a significant amount of information here, but we want you to be fully informed of your rights and how Southdowns Insurance Services uses your data. We hope the following will answer any questions you may have, but please let us know if you would like to receive any further information.

From time to time we may need to make changes to this Privacy Policy, for example, as the result of government regulation, new technologies, or other developments in data protection, or privacy laws generally. We will notify you of any significant changes and you are welcome to come back and check this Notice whenever you wish.

Who is Southdowns?

Southdowns Insurance Services Limited are an insurance intermediary with regulatory approval to operate in the United Kingdom. For the purposes of this Privacy Policy, references to "we" or "us" shall refer to that Southdowns Insurance Services company specified in the Data Controller section below.

Explaining the legal bases we rely on

Under data protection law, there are several different reasons for which a company may collect and process personal information. These reasons include where there are legal obligations and regulatory requirements to do so, where the information is needed to enter into a contractual arrangement, for example, an insurance policy, and where you have given consent for a company to collect and process your data.

The main reasons why we process your personal information, together with the circumstances when we will do so, are:

  • When this is necessary for us to provide your insurance policy and the services associated with it.
  • For example, this would include providing you with a quote, assessing your application and setting you up as a policyholder, administering and managing your insurance policy, providing services included in your policy to you, confirming your cover to facilitate the handling and the paying of claims and communicating with you.
  • Where we have a regulatory obligation.
  • For example, when our insurance regulators, such as the Financial Conduct Authority (FCA), and our data protection regulators, such as the Information Commissioner's Office (ICO), wish us to maintain certain records of our dealings with you.
  • Where you have given your consent
  • For example, we may need to ask for your consent to allow us to process your sensitive personal information (such as health data) or to provide information about our other products and services.
  • If we do ask for your consent, we will explain why it is necessary. Sometimes, without your consent we and our Insurers may not be able to provide you with cover under your insurance policy or handle your claims.
  • Where we need to establish, exercise or defend our legal rights.
  • For example, if we are faced with any legal claims or wish to pursue any legal claims ourselves.
  • Where we need to comply with legal obligations or it is in the substantial public interest.
  • For example, we can pass on details of people involved in fraud or other criminal activity to law enforcement agents, investigate fraudulent claims and carry out fraud, credit and anti-money laundering checks.
  • Where we require data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not interfere with your rights and freedoms or cause you any harm.
  • For example, to maintain our company records or to help us develop and improve our products and services.
  • Where it is necessary to protect your vital interests.
  • For example, if you are ill or injured abroad and we need to speak to your relatives or providers of emergency medical services on your behalf.

How do we collect your personal information?

We collect your personal information from two main sources; the information you tell us yourself and from the information we ask other people or organisations to share with us.

Information you tell us might include the details you provide on an online application form and we might also collect information about you from other people and organisations, such as from someone who has included you as a named traveller on a policy they have with us, or by checking databases, such as the electoral register. A list of ways we collect your personal information is provided below:

We may collect personal information directly from you:

  • When you obtain a quotation, and complete an application form on any of our websites or on the telephone.
  • When you purchase our products or services on any of our websites or by telephone.
  • When you contact us by any means with queries, complaints or about a product or service.
  • When you choose to complete any feedback forms or surveys we send you.
  • When you comment on or review our products and services.
  • During our telephone calls with you, which may be recorded.
  • When you provide your details to us in our online Members Area.

We may also collect your personal information from different sources including:

  • Directly from an individual who has a policy with us under which you are insured, for example where you are a named traveller on your partner’s travel insurance policy.
  • From our Insurers when you have a claim.
  • From third parties including:
  • your family members where you may be unable to provide information relevant to your policy.
  • price comparison sites, aggregators and affiliates who offer our insurance policies.
  • reference agencies who may supply us with data, including information from the Electoral Register.
  • data insight companies, who may provide us with market segmentation data.

What sort of personal information do we collect?

The information we collect will depend upon our relationship with you. Where other people are named on your insurance policy, we may also ask you to provide the information below in relation to those people.

  • Personal information
  • information relevant to your insurance policy, such as details about your travel plans, destination, planned activities and dates of travel
  • contact details, such as your name, email address, postal address and telephone numbers
  • details of any other persons named on your insurance policy, such as their name, age and, in certain circumstances, their relationship to you as the policyholder
  • identification information, for example your date of birth
  • financial and demographic information, such as bank details, credit card details, market segmentation data and any information we may receive from reference checks
  • your marketing preferences
  • information relevant to your claim, or to your involvement in the matter giving rise to a claim
  • information obtained through our use of cookies and web analytics tags. You can find out more about this in our cookies policy
  • Sensitive personal information
  • details about your current or former physical or mental health
  • details about the current or former physical or mental health of any other persons named on your insurance policy. Where you provide sensitive personal information about a third party (such as a named traveller) we will ask you to confirm that the third party has provided their consent for you to act on their behalf
  • your marital status

How and why do we use your personal data?

We want to give you the best possible customer experience and make sure you can enjoy your trips and journeys with an enhanced sense of confidence, security and peace of mind. To help us achieve this, we collect data to help us obtain an in-depth and well-informed understanding of the risks you face before and during your trips abroad.

When you contact us with a view to becoming a policyholder, at the outset we use your personal information to establish if our policies can protect you. If we can, we will also use your personal information to provide you with insurance cover, to assist with the payment of all legitimate claims and to develop our products and services for the future.

The reasons why we need your personal information, the personal information we process and our legal basis for doing this are set out in detail in the following table.

Why we need your personal information (the purpose) The personal information we may process for the purpose Our legal basis for processing your personal information
To provide you with a quotation for your insurance policy.

Your age and the age of other people included on the policy (e.g. family members, partners, children or other travelling companions).

Information about your travel plans, destination, planned activities, dates of travel.

Sensitive personal information including health details for you and other people included on the policy.

This personal information is necessary to provide your insurance policy.

For sensitive personal information:

-we apply an exemption for Insurance purposes, where appropriate, or

-you have provided us with your consent to process

To review and evaluate your insurance application, assess eligibility, administer, provide and service your insurance policy, and to facilitate the handling and paying of claims by our Insurers.

Your contact details, your age and the age of other people included on the policy (e.g. family members, partners, children or other travelling companions).

Information about your travel plans, destination, planned activities, dates of travel.

Information about your past claims.

Sensitive personal information including health details for you and other people included on the policy.

This personal information is necessary to provide your insurance policy; and

We have regulatory obligations and a legitimate business need to administer your insurance policy and for our Insurers to handle any claims

For sensitive personal information:

-we apply an exemption for Insurance purposes, where appropriate, or

-you have provided us with your consent to process (please note that if you do not provide your consent, in some circumstances our Insurers may not be able to pay claims); or

-it is in your vital interests.

To communicate with you and resolve any complaints you may have.

Your contact details and any information relevant to your policy.

This personal information is necessary to provide your insurance policy; and

We have regulatory obligations and a legitimate business need to resolve any complaints.

For sensitive personal information where use is necessary for the purposes of establishing, exercising or defending our legal rights:

-we apply an exemption for Insurance purposes, where appropriate, or

-you have provided us with your consent to process.

To prevent, detect and investigate fraud.

Additional information on how we may use your information to do this is available under Note 1 below.

Your contact details, your age and the age of other person(s) included on the policy (family members, partners, travelling companions).

Information about your travel plans, destination, planned activities, dates of travel.

Information available in the public domain or on social media.

Information about your past claims.

Sensitive personal information including health conditions for you and other people included on the policy.

This personal information is necessary to provide your insurance policy; and

We have a legitimate business need to assist our Insurers in preventing fraud.

For sensitive personal information where use is necessary for reasons of substantial public interest to prevent and detect fraud.

To recover debt (where you have not paid for your insurance policy).

Information about you, your name, address, email address, contact details and bank account details.

We have a legitimate business need to recover any debt.

To provide us with management information and to assist us in managing our business operations (e.g. maintaining accurate accounting records, analysis of financial operational results, to comply with audit requirements). We also undertake measures to ensure the effective and secure operation of our systems and infrastructure.

Additional information on how we may use your information to do this is available under Note 2 below.

Your contact details, your age and the age of other person(s) included on the policy (family members, partners, travelling companions).

Information about your past claims.

Information about your travel plans, destination, planned activities, dates of travel.

Sensitive personal information including health conditions for you and other people included on the policy.

We have a legitimate business need to understand our business, monitor performance, maintain appropriate records and to protect the security of our systems.

For sensitive personal information:

-we apply an exemption for Insurance purposes, where appropriate; or

-you have provided us with your consent to process.

For analytical purposes and to develop, test and improve the systems, products and services we provide to you.

Additional information on how we may use your information to do this is available under Note 3 below.

Your contact details, your age and the age of other person(s) included on the policy (family members, partners, travelling companions).

Information about your travel plans, destination, planned activities, dates of travel.

Sensitive personal information including health conditions for you and other people included on the policy.

Information about your past claims.

We have a legitimate business need to develop, test and improve the systems, products and services we provide to you.

For sensitive personal information:

-we apply an exemption for Insurance purposes, where appropriate; or

-you have provided us with your consent to process.

Complying with our legal or regulatory obligations.

Details about you, other related parties and your product or service, depending on the nature of the obligation.

This personal information is necessary for us to comply with our legal or regulatory obligations.

Providing improved quality, training and security (for example, with respect to recorded or monitored phone calls to our contact numbers).

Details about you and other related parties, your product or service having been discussed with you or your representative during a telephone conversation with us.

We have a legitimate business need to provide services that are secure and of a high-quality.

For sensitive personal information:

-we apply an exemption for Insurance purposes, where appropriate; or

we are responding to a call and acting in the vital interests of a person.

Providing marketing information to you (including information about other products) in accordance with the preferences you have expressed.

Your name, contact details, marketing preference

You have provided us with your consent.


Notes

How we may use your information to prevent, detect and investigate fraud

To help keep your premiums low we may participate in industry initiatives to prevent and detect fraud and may:

  • pass the details you have supplied to recognised centralised insurance industry applications, policy and claims checking systems (for example, the Claims and Underwriting Exchange) where those details will be checked and updated;
  • verify any details you have provided us with third-party agencies and databases including publicly available data (for example on County Court Judgements, bankruptcy information and electoral roll data). If false or inaccurate information is provided and if fraud is suspected, details will be passed to fraud prevention agencies to prevent fraud and money laundering and we may periodically search records held by fraud prevention and credit reference agencies to:
  • help make decisions on insurance policies and claims for you;
  • trace people who owe money, recover debt, prevent fraud and to manage your insurance policies.

How we may use your information for Management Information purposes

We may use your personal information to help us understand our business, for example, to help us determine how much insurance premiums should be.

We may also look to see where there might be trends in geographical areas or where there is a high or even low tendency to claim to ensure we offer the best price or even a different type of product or service.

How we may use your information for analytical purposes and to develop, test and improve our products and services

We may use your personal information for research and statistical analysis including general research into health and travel-related areas and research about the products and services we provide. Whenever we do this, we will always anonymise your information to ensure you cannot be identified. By analysing information, it helps us to develop, test and improve our products to better suit the needs of our policyholders.

By providing your personal information, or the personal information of someone included in your policy, to us you acknowledge that we may use it only in the ways set out in this Privacy Policy. Accordingly, this Privacy Policy should also be brought to the attention of anyone else who is included in your Policy.

How long will we keep your personal information?

Whenever we collect or process your personal information, we will only keep it for as long as necessary for the purpose for which it was collected, or to comply with our legal obligations and regulatory requirements.

At the end of that retention period, your data will either be deleted completely or anonymised so it can be made available for research and statistical analysis. When we anonymise your personal information, we combine it with other data so it can only be used in a way that does not identify you.

The length of time we retain your personal information for is primarily determined by our regulatory obligations and we normally keep quote information for 3 years and policy and claims records for up to 7 years from the end of our relationship with you. In some cases, such as if there is a dispute or a legal action, we may be required to keep personal information for a longer period.

Who do we share your personal information with?

  • Sharing information within our group
  • To provide our services, your personal information might be shared for our general business administration, efficiency and accuracy purposes or for the prevention and detection of fraud.
  • Sharing information with third parties
  • We consider ourselves as custodians of your data and our procedures and contractual arrangements are designed to ensure that we keep your data safe and protect your privacy.
  • We only share your personal data with trusted third parties where they have agreed to keep your information strictly confidential and that it will only be used for the specific purpose for which we provide it to them as more particularly set out in this Privacy Policy.
  • We may share your personal information with:
  • Our insurance partners such as insurers, reinsurers or other companies who act as insurance distributors.
  • Your relatives or guardians (on your behalf where you are incapacitated or unable to communicate) or other people or organisations associated with you, such as your legal representative.
  • Where you have given us your permission, we may speak to an alternative contact, such as a relative. Once you have informed us of your alternative contact and provided your consent for us to talk to them, this person will be able to discuss all aspects of your policy (including claims and cancellation) with us and make changes on your behalf.
  • Third parties who assist in delivering the benefits and services provided by your insurance policy, such as call centres administering your insurance policy on our behalf or another Insurance Company if there has been an accident which requires a claim to or from that Insurance Company.
  • Third parties who provide supplementary information which may be used for risk selection, pricing and underwriting decisions.
  • If fraud is suspected, with fraud detection agencies and other third parties who operate and maintain fraud detection registers.
  • The police and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime.
  • Our third-party services providers, such as IT suppliers, actuaries, auditors, lawyers and data verification providers.
  • Other providers of goods and services associated with this insurance to enable us and our Insurers to deal with any claims you make.
  • The Financial Ombudsman Service and regulatory authorities such as the Financial Conduct Authority and the Information Commissioner’s Office.
  • Emergency Assistance companies if you need medical treatment when you are abroad.
  • Loss Adjusters if you need to make a claim.
  • Flight, Car Hire, Air/Road Ambulance, Medical Evacuation and Taxi Companies if you need transportation.
  • Your healthcare practitioner.
  • In certain circumstances, debt collection and credit reference agencies
  • Selected third parties if there is a sale, transfer or disposal of all or part of our business.
  • We may also disclose your personal information to other third parties where:
  • we are required or permitted to do so by law or by regulatory bodies such as where there is a court order, statutory obligation or to comply with a request from our regulatory authority; or
  • we believe that such disclosure is necessary to assist in the prevention or detection of any criminal action (including fraud) or is otherwise in the overriding public interest.

Where your personal information may be processed

Sometimes we will need to share your personal information and certain of the recipients listed above may be in countries outside of the European Economic Area (EEA), notably in India and Mauritius, where one of our Insurers undertakes some of its administration, claims processing and loss adjusting functions.

Where your personal information is processed outside the EEA, procedures are in place to make sure that your personal information is protected to the same standards as if it were being processed within the EEA.

What are your rights?

You can ask us to do various things with your personal information. For example, at any time you can ask us for a copy of your personal information, which is usually free of charge, ask us to correct mistakes, or change the way we use your information, or ask us to delete it.

A full list of your rights is provided below. If we choose not to act on your request we will explain to you the reasons why we are unable to, usually because of a legal obligation or a regulatory requirement.

The right to access your personal information

You have the right to request a copy of the personal information we hold about you and certain details of how we use it, which are provided above.

To ask for a copy of your information, please contact Data Protection Officer, Southdowns Insurance Services Limited, Southfield House, 11 Liverpool Gardens, Worthing BN11 1RY or email us at dataprotection@southdownsinsurance.co.uk.

The right to rectification:

We use the information you give to us when you apply for insurance policies and we take reasonable steps to make sure the personal information we hold about you is accurate and complete.

However, if you believe the personal information we hold about you is inaccurate, incomplete or out-of-date, please contact our Customer Service team by sending an email to datarectify@southdownsinsurance.co.uk.

To keep your data secure and to prevent unauthorised access, some of the personal information you have given us can only be updated by contacting our Customer Service team by telephone, where you will be taken through an identity verification process and may be asked to provide supporting documentation prior to making certain changes. If supporting documentation is needed, we will explain the types of document that are required, the formats we are able to accept and how you can send these to us.

The right to erasure (right to be forgotten):

In certain circumstances, you have the right to ask us to erase your personal information, for example, where you wish to withdraw your consent to our use of your data.

Your right to erasure will need to be balanced against other factors because we may be subject to legal obligations and regulatory requirements, which may mean we cannot comply with your request. For example, we are required by insurance regulations to send you a notice of the expiry of your cover under an annual insurance policy and we will have to continue to do this, even after you have asked us to erase your personal information.

If you would like to ask us to erase your personal information, please contact us by sending an email to dataerasure@southdownsinsurance.co.uk.

The right to restriction of processing:

In certain circumstances, you are entitled to ask us to restrict the processing of your personal information, for example where you think that the personal information we hold about you is not accurate.

If you would like to ask us to restrict the processing of your personal information, please contact us by sending an email to datarestriction@southdownsinsurance.co.uk.

Where the processing of your personal information has been restricted, we will let you know before the restriction of processing is lifted.

The right to data portability:

In certain circumstances, you have the right to ask that we transfer any personal information that you have provided to us to another third party of your choice. As with the right to erasure, we may be subject to legal obligations and regulatory requirement, which may mean that we need to retain your information and so cannot comply with your request.

Data that is transferred is to be provided in a structured, commonly used and machine-readable format and we will deliver this to the third party in a CSV file. Once we have transferred your data, the other party will be responsible for looking after your personal information.

If you would like to ask us to transfer your personal information to a third party, please contact us by sending an email to datatransfer@southdownsinsurance.co.uk.

The right to object to direct marketing:

You can ask us to stop sending you marketing messages at any time and can change your marketing preferences by contacting our Customer Services team, or emailing us at info@southdownsinsurance.co.uk.

Please see the Marketing section below for additional information.

The right not to be subject to automated-decision making:

Some of our decisions are made automatically by inputting your personal information into a system or computer, rather than our employees making those decisions. We use automated decision making in the following situations:

Calculating your premium

We use the personal information that you and others provide to us about the people to be insured on the policy, including any sensitive personal information you provide regarding health conditions, alongside other non-personal information, for example hospital costs in the area you are visiting, to calculate your premium and eligibility for cover.

The premium quoted will also depend on what options you have chosen to include on your policy. For example, if you are travelling to the USA you will pay more than if you travel to France because healthcare and repatriation costs, on average, are higher in the USA than in France.

We may also use information about how long you have been a customer, how many claims you have made and how much you pay in premiums to determine what terms you are offered if your policy is due for renewal.

Fraud prevention

We may make use of automated anti-fraud filters, that check against lists of people known to have undertaken fraudulent transactions, and decline applications that are considered likely to defraud us or our insurers.

Assessing your application

We may use scoring methods to assess your application and to verify your identity. For example, depending on the answers provided during the application process, we may collect sensitive personal information, such as details about health conditions, together with personal information, such as your date of birth and address, so that we can determine the insurance premium and cover we can offer you.

The information used by our systems to do this may include: your age, your lifestyle (for example, do you smoke cigarettes?) and your medical history. When we collect sensitive personal information, we may ask for your consent, but if you do not consent to us processing sensitive information in this way, it is unlikely that we will be able to assess your application or offer you cover.

We may also use information about you provided to us by third parties to help us determine the insurance premium and cover we can offer you. The information used to assess your insurance risk may include verification of your residence at your address via reference and electoral roll data, historic payment behaviour on financial products and any previous county court judgements.

We may decline to offer you an insurance policy if we are unable to validate your residence at the address you provide to us or we consider your historic payment behaviour with creditors to be significantly adverse. We would like to assure you that any verification and assessment we carry out will not affect your ability to obtain insurance or other financial products elsewhere.

You have a right not to be subject to the automated decision-making described above and can contact us to request that any decision to decline your application is reconsidered.

Please let us know if you want to opt out of automatic decision-making by emailing us at dataautomation@southdownsinsurance.co.uk. However, this may mean we are unable to offer you a quote or cover as some automated decisions are necessary for us to provide you with your insurance policy.

The right to withdraw consent:

For certain uses of your personal information, we will ask for your consent. Whenever you have given us your consent to use your personal information, you have the right to change your mind at any time and withdraw that consent.

If you would like to withdraw your consent for direct marketing activity, please see ‘The right to object to direct marketing’ above.

For any other withdrawal of consent, such as the use of health information, please contact us by email at dataconsent@southdownsinsurance.co.uk.

The right to lodge a complaint

You have a right to complain to the ICO at any time if you object to the way in which we use your personal information. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/

You can exercise all your rights and make any of the requests set out above using the contact details provided.

As explained above, in some circumstances, we may not be able to comply with your request and where this occurs, we will explain the legal obligations or regulatory requirements that prevent us from doing so.

We also need to let you know that exercising some of these rights may mean that your insurer is unable to continue providing cover under policy. For example, if you ask us to withdraw your consent to the use of your personal data and your insurer considers that their ability to handle a claim will be prejudiced because of this, you may lose the right to bring any claim or receive any benefit under your policy, which may be cancelled or treated as if it never existed. Additional information on what will happen if your policy is cancelled by your insurer is provided in your policy terms and conditions.

Marketing

We may share information to let you know about our other products and services, but we will only do this where you have provided your consent. If you would like to change any marketing consent you have previously given us, you can always update your marketing preferences by letting us know you no longer wish to be contacted. Similarly, if you wish to unsubscribe from emails sent by us, you can do so at any time by following the unsubscribe instructions that appear towards the end of our marketing emails.

When you choose to opt-out of receiving marketing information, please note that it will be necessary for us to send you communications, including those relating to your insurance policy, where this is required by our regulatory authorities or needed to fulfil our legal obligations.

On occasions, we may run specific marketing campaigns through social media and digital advertising that you may see. We do not use your personal information for these campaigns, which are based on general demographics and interests, and you may need to adjust your settings or preferences for social media accounts and the cookies accepted by your web browser if you do would prefer these not to appear.

We do retain the data provided to us when you visit our website for a limited period and use this information to help us develop, test and improve the products and services we offer to our website users. If you would like to know more about the data we collect, our cookie policy will provide further information.

Data Controller

The Data Controller responsible for the use and the processing of your personal data is Southdowns Insurance Services Limited, which is authorised and regulated by the Financial Conduct Authority. Our registered number is 07285096 and our registered address is Staplefields Farm, Steyning Road, Ashurst, West Sussex. BN44 3AA.

Contact Details of the Data Protection Officer

If you would like to contact our Data Protection Officer, please:

Write to: Data Protection Officer, 4th Floor, Southfield House, 11 Liverpool Gardens, Worthing BN11 1RY; or

Email us at: dataprotection@southdownsinsurance.co.uk


If you would like to contact the UK’s Information Commissioner’s Officer; please:

Write to: The Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Telephone: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national number

Visit the Information Commissioner’s Office online: https://ico.org.uk/


Any questions?

We hope this Privacy Policy has been helpful in setting out the way we handle your personal information and your rights to control it.

If you have any questions that we have not answered above, please contact our Data Protection Officer who will be pleased to help you.


This notice was last updated on 10 May 2018