Your relationship with us will determine which of our group companies has access to and processes your Personal Information, and which of our group companies are the data controller(s) responsible for your personal information.
Normally, where you are a current or potential policyholder, Azur Underwriting Limited will be the data controller and responsible for, and control the processing, of your Personal Information in accordance with the General Data Protection Regulation 2016/679 (“GDPR”) and the Data Protection Act 2018 (“Act”). For more detailed information about the specific company or companies in the Azur Group that have access to and are responsible for your personal information please contact us at: firstname.lastname@example.org.
We may also share information with third parties (see below ‘How we share your information’). Those third parties will assume certain responsibilities under data protection law for looking after the personal information they receive from us.
We do not knowingly collect personal information from children under 16 years of age. If you are under 16 years old, please do not use the Services or provide any personal information to us.
Information we may collect from you
- When you visit our website (www.azuruw.com), make an enquiry or register with us we may collect some basic information such as your name and contact details, for the purpose of responding to any query raised. We also collect statistical data about your browsing actions and patterns. This means information about your computer and your use of our Services, including (where available) your IP address, unique mobile device identifier (UDID), International Mobile Equipment ID (IMEI), Android ID, device MAC address, browser information, operating system, timestamps, the pages that you request, applications downloaded, traffic data, location data, weblogs and other communication data, and the resources that you access. We will not use this information to identify you.
In addition, we may receive information about you through our Broker Hub, an online underwriting platform and from other sources (including you, your broker, credit reference agencies, other insurance market participants, government agencies (DVLA/ HMRC), other parties to or involved in a claim). This is collected for the purpose of offering and/ or placing contracts of insurance and/or processing of insurance claims. The information we collect includes:
- your personal details (name, gender, marital status, date of birth, nationality);
- contact details (address, email, phone number);
- employment details (employer, job title, employment history);
- identification numbers (national insurance number, passport number, drivers license);
- financial details (bank account, payment card, assets owned);
- details of the quotes you receive and policies you purchase;
- credit and anti-fraud data (credit history, credit score, anti-fraud databases);
- details of previous and current claims (including other unrelated insurance products);
- information that you authorise a third party to share with us;
- correspondence, or a record of it, if you should contact us; and
- surveys that you complete.
- In certain circumstances we may need to process special categories of data (i.e. details of your health) and/ or criminal convictions (i.e. driving offences) to assess the risk to be insured and/ or process a claim. We will only process this information where necessary and on the basis of the below legal basis.
- If you provide us with information on behalf of a third party, you confirm that the third party has appointed you to act on his/ her behalf and/ or that you are able to process his/her/their personal data in accordance with the GDPR/Act and receive data protection notices on his/her/their behalf.
How we use your information
- In accordance with the GDPR/ Act, we may only process your personal data if we have a “legal basis” (i.e. a legally permitted reason) for doing so. For the purposes of this Policy, our legal basis for processing your personal data is set out in the table below:
- setting you up as a client
- understanding your insurance needs to offer you appropriate and competitively priced policy
- evaluating risks to match you to an appropriate policy
- amending your policy
- collecting payment of premiums.
- In accordance with the Act, we are able to process your special category data (details of your health) and details of any criminal convictions where it is necessary for an insurance purpose (including advising on, arranging, underwriting or administering a contract of insurance and administering a claim under a contract of insurance) provided we have established a legal basis for doing so. Where we are processing your special category data/ details of criminal convictions for an insurance purpose our legal basis is set out in the table above.
- Where we are processing your special category data/ details of criminal convictions for an insurance purpose our legal basis is set out in the table above.
- We will not process your special category data/ details of your criminal conviction without your explicit consent where it is not necessary for an insurance purpose.
- It is important that we keep your personal data accurate and up to date and so we ask you to provide accurate information and inform us of any changes.
Why we process your data The legal basis for which is...
To investigate and answer your questions, improve the Service/ website and Broker Hub to notify you of changes, updates and new features of the Service/ website and Broker Hub.
This processing is necessary for the legitimate interests we pursue in responding to enquiries, subject to you raising an objection, requiring us to check that our interest is not overridden by any risk to your rights.
Where an enquiry relates to a Service or the Broker Hub this processing may be necessary for the performance of a contract.
To collect data about candidates for the purpose of recruitment opportunities at the Azur Group.
This processing is necessary for the legitimate interests we pursue in locating suitable candidates for job openings, subject to you raising an objection, requiring us to check that our interest is not overridden by any risk to your rights and freedoms. For example, storing your information in case of a claim or challenge.
This processing is necessary for the performance of a contract between us and information is processed to enable us to offer a quotation, arrange and administer a contract of insurance.
Outside of such, this processing is necessary for the legitimate interests we pursue in ensuring that the policyholder is within our acceptable risk profile and to collect any monies due to us, subject to you raising an objection, requiring us to check that our interest is not overridden by any risk to your rights and freedoms.
To process any claim under or arising out of your insurance policy.
This processing is necessary for the performance of a contract between us and information is processed to enable us to provide claims services to you.
Outside of such, this processing is necessary for the legitimate interests we pursue is defending or advancing a claim, subject to you raising an objection, requiring us to check that our interest is not over ridden by any risk to your rights.
Further, where a claim becomes litigated this processing may be necessary to comply with our legal obligations.
To contact you to renew your contract of insurance.
This processing is necessary for the legitimate interest we pursue retaining your business through an offer of renewal, subject to you raising an objection, requiring us to check that our interest is not overridden by any risk to your rights.
To analyse and create a profile for general risk modelling and underwriting (the personal data processed as part of this analysis is your address and date of birth).
This processing is necessary for the legitimate interests we pursue to build risk models that allow acceptable risks for an appropriate premium, subject to you raising an objection, requiring us to check that our interest is not overridden by any risk to your rights.
To comply with our legal or regulatory obligations. Including, identity and other verification checks, anti-money laundering, anti-fraud, counter-terrorist.
This processing is necessary to comply with our legal obligations.
To contact you for marketing purposes (see the marketing section below for further details)
This processing is necessary for the legitimate interest we pursue in marketing other products and services or the products and service of selected third parties, subject to you raising an objection, requiring us to check that our interest is not overridden by any risk to your rights.
How we share your information
We may share your personal information with third parties in the following circumstances:
- with other members of Azur's group of companies, our partners (including our carriers) and service providers for the purposes of managing or administering certain aspects of our Services; for analytics purposes; and to help us in developing new services;
- to protect the rights, property or safety of us or other users of the Services;
- where we are obliged, or permitted, to do so by applicable law, regulation or legal process; or
- if we (or substantially all of our assets) are acquired by a third party, in which case personal information held by us will be one of the transferred assets.
In addition, we may share your details with third parties to effectively provide our Services, including:
- external claims handlers;
- legal counsel (solicitors and barristers);
- loss adjusters;
- insurance and re-insurance providers;
- insurance brokers and intermediaries;
- our suppliers and sub-contractors for the performance of any contract we have with them.
- We may share your personal information with third parties in the following circumstances:
Where we store your information
- We take appropriate organisational and technical measures to protect your personal information that we hold. We limit access to your personal information to those who we believe reasonably need to come into contact with that information in order to carry out their jobs.
- Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our Service and any transmission is at your own risk.
How long we keep your information
- We will review the maintenance of your personal data in line with our retention policy – with a view to securely deleting any relevant information.
- We will retain your information for as long as is necessary to fulfill any of the Services we provide or to comply with applicable legislation, regulatory requests and relevant orders from competent courts.
- All of the major browsers offer tips and guidance for managing the cookies available on your browser. There are also lots of different third-party browser plug ins and extensions available which you can download to make it easier to see and control your cookies.
- You can find out more about internet advertising by visiting the following websites: www.allaboutcookies.org, www.yourchoicesonline.eu, and www.networkadvertising.org. Some of these sites enable you to opt out of online behavioral advertising and other tracking cookies (in addition to the control settings on your browser).
We may from time to time use third party advertisers or sponsors on our Services. In the event that we do so we will not disclose identifiable information about individuals, but we may provide them with aggregated information about our users. We may also use such aggregated information to help advertisers reach the kind of audience they want to target (for example, men in London). We may make use of the personal information we have collected from you to enable us to comply with our advertisers' and sponsors' wishes by displaying their advertisement to that target audience.
For the purposes of the GDPR and Act we have a legitimate interest in processing your personal data (name and contact details) for marketing communications. We will only require your permission where we are marketing products and services to you as an individual, not to your business. Where you have previously ordered products or services from us, unless you have told us not to, we may contact you by telephone, email or post about similar or related products, services, promotions and special offers that may be on interest to you.
Circumstances where we may need to seek your permission are set out below.
In addition, with your permission, we may contact you by telephone, email or post to provide information in relation to other products, services, promotions, special offers and other information we think may be of interest to you.
Further, with your permission, we may share your details with our group companies, [and other carefully selected third parties] and they may contact you directly (unless you ask them not to) by telephone, email or post about products, services, promotions and special offers that may be of interest to you.
You have the right at any time to ask us, or any third party, to stop processing your information for direct marketing purposes. If you wish to exercise this right please follow the unsubscribe link on the communications or contact us on the below details, or the relevant third party, giving us or them enough information to identify you and process your request.
Please note that even if you ask not to receive marketing communications, we may still need to send you service messages regarding the Services.
Automated decision making
Automated decision making is where we make a decision, for example, to offer a contract of insurance or not, based solely on automated means, without any human involvement.
We may carry out some automated decision making through our Broker Hub, which will be necessary for the performance of our contract with you.
Azur Group will carry out regular checks on the Broker Hub system to ensure it is working as intended, and carries out a Data Protection Impact Assessment before initiating any new automated decision making, to assess the risks of such processing. For information on your rights about automated decision making see ‘Your Additional Rights’ below.
Your additional rights
- This section sets out the rights of individuals in respect of the personal data we process. If you would like to exercise any of your rights, you should put your request in writing to us using our contact details below.
- In accordance with the GDPR, you have the right to access information about the personal data that we hold about you, and to request that information which is incorrect be updated. In certain circumstances, you also have the right to ask for data we hold about you to be deleted (right of erasure) e.g. where the data is no longer needed for the above purposes. You can also seek to restrict the processing of and object to processing of your personal data in similar circumstances.
- You have the right not to be subject to a decision which is based solely on automated processing (without human involvement) where that decision produces a legal effect or otherwise significantly affects you. However, this right only applies in certain circumstances. For example, it does not apply where we need to make the automated decision in order to enter into or fulfil a contract with you or we are authorised by law to take the automated decision.
- If you seek to exercise a right under the relevant law and we consider an exemption is applicable (or the relevant right is not exercisable), we will explain this to you in as clear a way as we can.
- If you have any concerns about how Azur manages your personal data, you also have the right to make a complaint to a data protection regulator. In the UK this would be the Information Commissioner's Office – for more information, please visit their website at www.ico.org.uk.
Version 5 — last updated January 2020