Our Privacy Notice – CIA INSURANCE SERVICES LIMITED

WHO WE ARE

CIA Insurance is a trading style of CIA Insurance Services Limited.

CIA Insurance Services Limited are authorised and regulated by the Financial Conduct Authority. We are a registered company in England and Wales No. 309407.

Our office address is:

• Boughton Leigh House, Brownsover Road, Rugby, Warwickshire, CV21 1AW

The contact details for our office are as follows:

• Telephone: 01788 818600
• Email: info@cia-insurance.co.uk
• Website: www.cia-landlords.co.uk

THIS POLICY SETS OUT THE BASIS ON WHICH WE, IN OUR CAPACITY AS A DATA CONTROLLER, MAY COLLECT AND PROCESS YOUR PERSONAL DATA.

THE PURPOSE OF PROCESSING YOUR DATA

When you visit our website or contact us you will be expecting us to provide you with a quotation for an insurance product that you have selected.

We do not require your consent to process the information you provide to obtain quotations on your behalf, as the processing of the information is necessary for the performance of the contract with you, or in order to enable us to take steps to enter into a contract with you.

Therefore, by completing our online forms or requesting a quotation over the telephone, we have a legal basis for processing your personal data to fulfil your needs.

We collect, use and store your personal information to fulfil requests for quotes and products. It may also be used to verify your identity and to enable us to carry out anti-money laundering and other financial crime checks where required. If you pay by instalments your information may also be used to arrange credit with a third party finance company.

We may monitor calls, emails, text messages and other communications with you.

We may process your data for certain legitimate interests including to help us assess your ongoing needs, to inform you about products and services that meet those needs, to communicate with you, to administer your account with us and to carry out internal data analysis.

If you no longer wish to receive information from us other than in relation to the insurance product you have purchased or enquired about then you can contact us and make this request. Please email GDPR@cia-insurance.co.uk with your request.

Please show this notice to anyone else whose personal information you will be providing to us.

TRANSFER OF YOUR PERSONAL DATA TO THIRD PARTIES

It is not our company’s policy to sell or pass on your information to third parties for external marketing
purposes.

If you do take out an insurance policy through us, to ensure the performance of the contract into which you have entered it will be necessary to pass your personal data on to the relevant insurance company, its representatives and business partners.

TYPES OF DATA

Data will only be used in connection with the insurance product you have purchased from us or for certain legitimate interests as advised earlier in this Privacy Notice; otherwise we will ask for your specific permission for the information to be used differently and you must consent in order for us to do so.

We collect personal data such as name, contact details, date of birth, gender, marital status, financial details, general employment details and other personal details depending on the nature of the insurance and other services we offer.

You understand that we may also collect, use and store sensitive personal information such as criminal convictions and medical conditions as necessary in relation to insurances such as motor, home, travel and commercial insurance. Where this is required, you consent to this processing to enable us to provide you with the relevant services. You may withdraw your consent at any time. However, we will not request or store certain sensitive personal data such as your ethnicity, sexual orientation etc.

If you provide personal data about other individuals (such as employees, named drivers, family members etc.), you must obtain their consent prior to disclosing it to us.

You understand and give your explicit consent that we may disclose your information to relevant other parties for the purposes described in this Notice.

DATA TRANSFER TO COUNTRIES OUTSIDE THE UK

We may need to transfer your data to insurance market participants or their affiliates or sub- contractors which are located outside of the European Economic Area (EEA). Those transfers would always be made in compliance with the GDPR.

If you would like further details of how your personal data would be protected if transferred outside the EEA, please email GDPR@cia-insurance.co.uk with your request.

RETENTION PERIODS

It is our policy to only keep records of your personal data for as long as required by the Financial Conduct Authority, The Companies Act or other legislation, whichever requirement is longer. Our retention records are currently as follows:

Customer, Claims & Complaints files & records – 7 years after expiry of annual or short period contract,
claim settlement or complaint.

Prospective customer data – 2 years.

YOUR RIGHTS

The General Data Protection Regulation provides the following rights for you as individuals.

1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to portability
7. The right to object
8. Rights in relation to automated decision making and profiling

THE RIGHT TO BE INFORMED (IN BRIEF)

The right to be informed encompasses our obligation to provide fair processing, typically through a Privacy Notice such as this. It emphasises the need for transparency over how we use your personal data.

THE RIGHT OF ACCESS (IN BRIEF)

Under the GDPR you have the right as an individual to obtain:

• Confirmation that your data is being processed
• Access to your personal data
• Other supplementary information – this largely corresponds to the information that is provided in a Privacy Notice such as this

THE RIGHT TO RECTIFICATION (IN BRIEF)

You as an individual are entitled to have personal data rectified if it is inaccurate or incomplete. If we have disclosed your personal data which has to be rectified to third parties, we must inform them of the rectification where possible.

THE RIGHT TO ERASURE (IN BRIEF)

The right to erasure is also known as the right to be forgotten. The broad principle underpinning this right is to enable you as an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.

THE RIGHT TO RESTRICT PROCESSING (IN BRIEF)

Under the previous Data Protection Act individuals have the right to block or suppress the processing of personal data. The restriction of processing under the GDPR is similar. When processing is restricted we are permitted to store your personal data but we cannot further process it. We can and will retain just enough information about you as an individual to ensure the restriction is respected in the future.

THE RIGHT TO DATA PORTABILITY (IN BRIEF)

The right to data portability allows you as an individual to obtain and re-use your personal data for your own purposes across different services. It allows you to move, copy or transfer your data easily from one IT environment to another, in a safe and secure way without hindrance to usability. However, we can only offer data portability where we are able to – at the moment this would include providing you with proof of your claims history, policy history etc. and this would be provided only to you to pass onto a third party. We may be unable to exchange other data we hold due to system restrictions.

THE RIGHT TO OBJECT (IN BRIEF)

• You as an individual have the right to object to:
• Processing based on legitimate interests or the performance of a task in the public interest / exercise of official authority (including profiling)
• Direct marketing (including profiling)
• Processing for the purposes of scientific/historical research and statistics

RIGHTS IN RELATION TO AUTOMATED DECISION MAKING AND PROFILING (IN BRIEF)

The GDPR provides safeguards for you as an individual against the risks that can potentially damage a decision taken without any human intervention. These rights work in a similar way to your existing rights under the previous Data Protection Act.

You have a right not to have decisions made about you solely through automated processing.

I NO LONGER WISH TO RECEIVE INFORMATION FROM YOU EXCEPT IN RELATION TO THE INSURANCE PRODUCT I HAVE PURCHASED

Where you have opted in to receive information about the other products we offer or other such information where we have previously received your consent, you may withdraw this at any time by using the contact details below:

Telephone: 01788 818600

Email: GDPR@cia-insurance.co.uk

I WISH TO BE FORGOTTEN

You have a right under the GDPR to be removed from our records. However, we can only remove your information from our systems once our regulatory requirements have been fulfilled. You may request deletion of your data by contacting us using the details and methods below.

If we are unable to remove your records due to data retention periods, this will be disclosed to you at the time of your request, or you can refer to the information provided above.

Telephone: 01788 818600

Email: GDPR@cia-insurance.co.uk

I WISH TO MAKE A COMPLAINT

If you wish to make a complaint about the way we hold your personal data, in the first instance please write
to:

CV21 1AW.

Compliance Manager, CIA Insurance Services Ltd, Boughton Leigh House, Brownsover Road, Rugby,
In the event that we are unable to satisfy your complaint, you are able to refer to the Information

Commissioners Office:

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Telephone: 0303 123 1113

Website: ico.org.uk (Our ICO reference is Z6573575)

COOKIES

We use Cookies to store session information so that we can identify you for quotation purposes and for retrieval by you of your previous quotation data. This information is also used for online payment purposes.

Below is a list of all cookies deployed and used on our website:

Cookie Consent – compliance Cookie

This cookie is set by our website once you have seen and acknowledged our Cookie banner. This
cookie will expire and automatically delete itself after 1 month.

Google Analytics (Universal) – _ga or _gat

The single default cookie for Google Universal Analytics. This sole cookie used by Goole Analytics stores a unique client identifier (Client ID) which is set randomly. This cookie is set to expire after 24 months (2 years) and is refreshed each time you visit our website.

EXTERNAL SITE LINKS

Our website may link to other websites on the internet. The content and Privacy Notices of other websites
are the responsibility of their respective owners, and it will be made clear to you when you are leaving our
website and when you are being redirected to another.

ADVERTISERS

We do not have any third party advertising on any of our websites.

IP ADDRESSES & LOGIN

We log information about visitors including your IP address, date and time visited, referring website, length of stay etc. This information is purely used for visitor analytics only and we do not store personal data alongside this information.

CREDIT CARD TRANSACTIONS

It is our policy not to store full details of your credit card. We use Lloyds Cardnet, one of the world’s leading online payment providers, and they offer secure e-payments that process your payment on our behalf. We send them very limited information including the amount of the transaction to be created, your session key and name. All other information is undertaken by Lloyds’s own website and is not stored or sent back to us.

QUESTIONS AND CONCERNS

If you have any questions or concerns about our Privacy Policy or the General Data Protection Regulation,
please do not hesitate to contact us.

Address: CIA Insurance Services Ltd, Boughton Leigh House, Brownsover Road, Rugby, CV21 1AW

Telephone: 01788 818600

Email: GDPR@cia-insurance.co.uk