Your relationship with us will determine which of our group companies has access to and processes your Personal Information, and which of our group companies are the data controller(s) responsible for your personal information.
Normally, where you are a current or potential policyholder, Azur Underwriting Limited will be the data controller and responsible for, and control the processing, of your Personal Information in accordance with the General Data Protection Regulation 2016/679 (“GDPR”) and the Data Protection Act 2018 (“Act”). For more detailed information about the specific company or companies in the Azur Group that have access to and are responsible for your personal information please contact us at: email@example.com.
We may also share information with third parties (see below ‘How we share your information’). Those third parties will assume certain responsibilities under data protection law for looking after the personal information they receive from us.
We do not knowingly collect personal information from children under 16 years of age. If you are under 16 years old, please do not use the Services or provide any personal information to us.
Information we may collect from you
- When you visit our website (www.azuruw.com), make an enquiry or register with us we may collect some basic information such as your name and contact details, for the purpose of responding to any query raised. We also collect statistical data about your browsing actions and patterns. This means information about your computer and your use of our Services, including (where available) your IP address, unique mobile device identifier (UDID), International Mobile Equipment ID (IMEI), Android ID, device MAC address, browser information, operating system, timestamps, the pages that you request, applications downloaded, traffic data, location data, weblogs and other communication data, and the resources that you access. We will not use this information to identify you.
In addition, we may receive information about you through our Broker Hub, an online underwriting platform and from other sources (including you, your broker, credit reference agencies, other insurance market participants, government agencies (DVLA/ HMRC), other parties to or involved in a claim). This is collected for the purpose of offering and/ or placing contracts of insurance and/or processing of insurance claims. The information we collect includes:
- your personal details (name, gender, marital status, date of birth, nationality);
- contact details (address, email, phone number);
- employment details (employer, job title, employment history);
- identification numbers (national insurance number, passport number, drivers license);
- financial details (bank account, payment card, assets owned);
- details of the quotes you receive and policies you purchase;
- credit and anti-fraud data (credit history, credit score, anti-fraud databases);
- details of previous and current claims (including other unrelated insurance products);
- information that you authorise a third party to share with us;
- correspondence, or a record of it, if you should contact us; and
- surveys that you complete.
- In certain circumstances we may need to process special categories of data (i.e. details of your health) and/ or criminal convictions (i.e. driving offences) to assess the risk to be insured and/ or process a claim. We will only process this information where necessary and on the basis of the below legal basis.
- If you provide us with information on behalf of a third party, you confirm that the third party has appointed you to act on his/ her behalf and/ or that you are able to process his/her/their personal data in accordance with the GDPR/Act and receive data protection notices on his/her/their behalf.
How we use your information
- In accordance with the GDPR/ Act, we may only process your personal data if we have a “legal basis” (i.e. a legally permitted reason) for doing so. For the purposes of this Policy, our legal basis for processing your personal data is set out in the table below:
- setting you up as a client
- understanding your insurance needs to offer you appropriate and competitively priced policy
- evaluating risks to match you to an appropriate policy
- amending your policy
- collecting payment of premiums.
- In accordance with the Act, we are able to process your special category data (details of your health) and details of any criminal convictions where it is necessary for an insurance purpose (including advising on, arranging, underwriting or administering a contract of insurance and administering a claim under a contract of insurance) provided we have established a legal basis for doing so. Where we are processing your special category data/ details of criminal convictions for an insurance purpose our legal basis is set out in the table above.
- Where we are processing your special category data/ details of criminal convictions for an insurance purpose our legal basis is set out in the table above.
- We will not process your special category data/ details of your criminal conviction without your explicit consent where it is not necessary for an insurance purpose.
- It is important that we keep your personal data accurate and up to date and so we ask you to provide accurate information and inform us of any changes.
Why we process your data The legal basis for which is...
To investigate and answer your questions, improve the Service/ website and Broker Hub to notify you of changes, updates and new features of the Service/ website and Broker Hub.
This processing is necessary for the legitimate interests we pursue in responding to enquiries, subject to you raising an objection, requiring us to check that our interest is not overridden by any risk to your rights.
Where an enquiry relates to a Service or the Broker Hub this processing may be necessary for the performance of a contract.
To collect data about candidates for the purpose of recruitment opportunities at the Azur Group.
This processing is necessary for the legitimate interests we pursue in locating suitable candidates for job openings, subject to you raising an objection, requiring us to check that our interest is not overridden by any risk to your rights and freedoms. For example, storing your information in case of a claim or challenge.
This processing is necessary for the performance of a contract between us and information is processed to enable us to offer a quotation, arrange and administer a contract of insurance.
Outside of such, this processing is necessary for the legitimate interests we pursue in ensuring that the policyholder is within our acceptable risk profile and to collect any monies due to us, subject to you raising an objection, requiring us to check that our interest is not overridden by any risk to your rights and freedoms.
To process any claim under or arising out of your insurance policy.
This processing is necessary for the performance of a contract between us and information is processed to enable us to provide claims services to you.
Outside of such, this processing is necessary for the legitimate interests we pursue is defending or advancing a claim, subject to you raising an objection, requiring us to check that our interest is not over ridden by any risk to your rights.
Further, where a claim becomes litigated this processing may be necessary to comply with our legal obligations.
To contact you to renew your contract of insurance.
This processing is necessary for the legitimate interest we pursue retaining your business through an offer of renewal, subject to you raising an objection, requiring us to check that our interest is not overridden by any risk to your rights.
To analyse and create a profile for general risk modelling and underwriting (the personal data processed as part of this analysis is your address and date of birth).
This processing is necessary for the legitimate interests we pursue to build risk models that allow acceptable risks for an appropriate premium, subject to you raising an objection, requiring us to check that our interest is not overridden by any risk to your rights.
To comply with our legal or regulatory obligations. Including, identity and other verification checks, anti-money laundering, anti-fraud, counter-terrorist.
This processing is necessary to comply with our legal obligations.
To contact you for marketing purposes (see the marketing section below for further details)
This processing is necessary for the legitimate interest we pursue in marketing other products and services or the products and service of selected third parties, subject to you raising an objection, requiring us to check that our interest is not overridden by any risk to your rights.
How we share your information
We may share your personal information with third parties in the following circumstances:
- with other members of Azur's group of companies, our partners (including our carriers) and service providers for the purposes of managing or administering certain aspects of our Services; for analytics purposes; and to help us in developing new services;
- to protect the rights, property or safety of us or other users of the Services;
- where we are obliged, or permitted, to do so by applicable law, regulation or legal process; or
- if we (or substantially all of our assets) are acquired by a third party, in which case personal information held by us will be one of the transferred assets.
In addition, we may share your details with third parties to effectively provide our Services, including:
- external claims handlers;
- legal counsel (solicitors and barristers);
- loss adjusters;
- insurance and re-insurance providers;
- insurance brokers and intermediaries;
- our suppliers and sub-contractors for the performance of any contract we have with them.
- We may share your personal information with third parties in the following circumstances:
Where we store your information
- We take appropriate organisational and technical measures to protect your personal information that we hold. We limit access to your personal information to those who we believe reasonably need to come into contact with that information in order to carry out their jobs.
- Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our Service and any transmission is at your own risk.
How long we keep your information
- We will review the maintenance of your personal data in line with our retention policy – with a view to securely deleting any relevant information.
- We will retain your information for as long as is necessary to fulfill any of the Services we provide or to comply with applicable legislation, regulatory requests and relevant orders from competent courts.
- The data we collect using cookies helps us understand our users better so that we can provide a more focused user experience. Using the knowledge of your previous visits to our website, Azur can enhance subsequent visits by tailoring our content to match your requirements.
Here’s a list of the main types of cookies we use, and what we use them for. (When we mention "cookies", we also mean web beacons and other technologies that collect information in a similar way to cookies on websites or emails. When we mention "websites", we also mean mobile applications and emails.)
Strictly necessary cookies:
- These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these, cookies services you have asked for cannot be provided. Because these cookies are strictly necessary we do not need to ask for your consent to use them.
- These cookies collect information about how visitors use a website, for instance which pages visitors go to most often. They may also show us which email or web page visitors clicked through from in order to visit our website, and whether you opened an email we sent you.
- Some of these are analytics cookies, set using third party web analytics software, which allow us to monitor our website traffic. For example, we use Google Analytics and Pardot cookies to help us do this.
- These analytics cookies may also tell us how many of our visitors are male or female, and may summarise the number of visitors who fall within certain age ranges, or certain interest categories. However, this sort of information is not linked to any individual; it just shows us what percentage of our visitors fall in particular categories.
- We will not pass this data to third parties in such a way that would allow them to identify visitors personally. However, we may associate this cookie data with other personally identifiable data submitted by you (for instance when you submit a form, or partially complete a form, in order to make sure that our communications are as relevant to you as possible.
- Sometimes we may use this data to highlight Azur products or services which we think will be of interest to you based on your use of our websites.
- We may also use third party cookies during e-commerce transactions to help prevent fraud.
- By using Azur’s websites you agree we may place these types of cookies on your device.
- These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. For instance, these cookies can be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise.
- They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
- By using Azur’s websites you agree we may place these types of cookies on your device.
Azur’s cookies typically contain:
- a unique name set by the site that generated it
- a value - the information within it that recalls your previous activities
- an expiration date, which determines how long the cookie will remain active in your browser before being automatically deleted
Third Party Cookies and Social Networks
- If you click on a hyperlink from Azur’s websites to any third-party websites (for example, if you ‘share’ content from Azur’s websites with friends or colleagues through social networks), you may be sent cookies from these third-party websites.
- Third-party websites will have their own privacy and cookie policies which Azur cannot control. Please check the third-party websites for more information about their cookies and how to manage them.
- Our emails may contain a “web beacon pixel” to tell us whether our emails are opened and verify any clicks through to links or advertisements within the email.
- We may use this information for purposes including determining which of our emails are more interesting to users, and to query whether users who do not open our emails wish to continue receiving them.
- The pixel will be deleted when you delete the email. If you do not wish the pixel to be downloaded to your device, you should read the email in plain text view or with images disabled.
- Personal information is stored in Pardot/Salesforce only if our visitors complete a form, for example for registration to events, contact/request forms or for subscription to our email communications.
We may from time to time use third party advertisers or sponsors on our Services. In the event that we do so we will not disclose identifiable information about individuals, but we may provide them with aggregated information about our users. We may also use such aggregated information to help advertisers reach the kind of audience they want to target (for example, men in London). We may make use of the personal information we have collected from you to enable us to comply with our advertisers' and sponsors' wishes by displaying their advertisement to that target audience.
For the purposes of the GDPR and Act we have a legitimate interest in processing your personal data (name and contact details) for marketing communications. We will only require your permission where we are marketing products and services to you as an individual, not to your business. Where you have previously ordered products or services from us, unless you have told us not to, we may contact you by telephone, email or post about similar or related products, services, promotions and special offers that may be on interest to you.
Circumstances where we may need to seek your permission are set out below.
In addition, with your permission, we may contact you by telephone, email or post to provide information in relation to other products, services, promotions, special offers and other information we think may be of interest to you.
Further, with your permission, we may share your details with our group companies, [and other carefully selected third parties] and they may contact you directly (unless you ask them not to) by telephone, email or post about products, services, promotions and special offers that may be of interest to you.
You have the right at any time to ask us, or any third party, to stop processing your information for direct marketing purposes. If you wish to exercise this right please follow the unsubscribe link on the communications or contact us on the below details, or the relevant third party, giving us or them enough information to identify you and process your request.
Please note that even if you ask not to receive marketing communications, we may still need to send you service messages regarding the Services.
Automated decision making
Automated decision making is where we make a decision, for example, to offer a contract of insurance or not, based solely on automated means, without any human involvement.
We may carry out some automated decision making through our Broker Hub, which will be necessary for the performance of our contract with you.
Azur Group will carry out regular checks on the Broker Hub system to ensure it is working as intended, and carries out a Data Protection Impact Assessment before initiating any new automated decision making, to assess the risks of such processing. For information on your rights about automated decision making see ‘Your Additional Rights’ below.
Your additional rights
- This section sets out the rights of individuals in respect of the personal data we process. If you would like to exercise any of your rights, you should put your request in writing to us using our contact details below.
- In accordance with the GDPR, you have the right to access information about the personal data that we hold about you, and to request that information which is incorrect be updated. In certain circumstances, you also have the right to ask for data we hold about you to be deleted (right of erasure) e.g. where the data is no longer needed for the above purposes. You can also seek to restrict the processing of and object to processing of your personal data in similar circumstances.
- You have the right not to be subject to a decision which is based solely on automated processing (without human involvement) where that decision produces a legal effect or otherwise significantly affects you. However, this right only applies in certain circumstances. For example, it does not apply where we need to make the automated decision in order to enter into or fulfil a contract with you or we are authorised by law to take the automated decision.
- If you seek to exercise a right under the relevant law and we consider an exemption is applicable (or the relevant right is not exercisable), we will explain this to you in as clear a way as we can.
- If you have any concerns about how Azur manages your personal data, you also have the right to make a complaint to a data protection regulator. In the UK this would be the Information Commissioner's Office – for more information, please visit their website at www.ico.org.uk.
Version 6 — last updated February 2021