- Individuals who are customers, including prospective customers who have received an insurance quotation, former customers who have previously held an insurance policy with us, and customer representatives, for example those with power of attorney
- Visitors to our websites
- Individuals who contact us with a query, concern or complaint
- Individuals named on our insurance policies, such as travellers
- Individuals who request information from us or permit us to contact them for marketing purposes
If you are one of these individuals and would like further information on how we collect, use and store your data, please contact our data protection officer at [email protected].
Who we are
InsureandGo Travel Insurance is arranged by IES Limited and administered by Insure & Go Insurance Services Limited. IES Limited is an insurance intermediary specialising in travel insurance.
IES Limited and Insure & Go Insurance Services Limited are classed as Data Controllers which means we are responsible for deciding how your personal data will be processed.
What information we collect and how we use it
We collect your information and use it in different ways depending on your relationship with us and how you have interacted with us. This can include information we share with or receive from other third parties.
We use your information for the following lawful reasons:
To enter into or perform a contract: for example, to provide a travel insurance quotation, to arrange and administer your insurance.
This information may also include sensitive (special category) data such as your medical history and conditions, which we can collect on the grounds of substantial public interests to provide you with a quotation and/or arrange your insurance. This applies whether you are providing your information via our call centre, our website or via the online self-serve members area.
To comply with a legal obligation: for example the rules set by our regulators the Financial Conduct Authority (FCA), The Gibraltar Financial Services Commission (GFSC) and also The Financial Ombudsman Service, to fulfil your data rights under data privacy laws, handle complaints about data privacy or our insurance products and services and to comply with other legal requirements
For yours and our legitimate interests: for example, to detect and prevent fraud, money laundering and other financial crimes, monitor and improve our business, products and services, demonstrate compliance with applicable laws and regulations, handle legal claims, respond to other types of complaint not previously mentioned, and sending you postal direct marketing activities.
With your consent: for example, sending you email marketing communications about our own products and services and those from trusted third parties. You can withdraw your consent at any time.
To protect vital interests: in extreme or unusual circumstances, we may need to use your information to protect your life or the lives of others.
When we collect your personal data
We collect personal data from you when:
- You request an insurance quotation from us, either directly through our call centre or website or via one of our third party partners
- When you are named on the insurance policy of another individual, for example as a traveller on another individual’s policy
- You purchase, change or cancel an insurance policy
- You renew your insurance policy
- You contact us to request information or to make a complaint
- You visit our website
- You visit the online self-serve members area to update your details or make changes to your policy
- You take part in a competition, prize draw or survey
- You have given permission to other companies to share your information with us
- You have made your information publicly available, and we have a legitimate reason to review it
We also collect your information from other third-party sources where we have legal grounds to do so. These include anti-fraud and crime-prevention agencies, credit reference and vetting agencies, and other data providers.
What information we use and hold about you
Depending on your relationship with us, we may hold the following types of information about you:
- Identity and contact data: for example, your name, date of birth, postal address, telephone number and e-mail address
- Payment and account data: for example, your bank account details, credit/debit card details
- Correspondence data: for example, copies of letters and e-mails we send you or you send to us, and notes or call recordings of any telephone conversations
- Internet data: for example, information collected by cookies and other online technologies such as Facebook pixels and Google Analytics, as you use our website or contact us by online methods
- Information we obtain from other sources: including credit agencies, anti-fraud and other financial crime prevention agencies and other data providers. This can include demographic data and interest-based data
- Complaint data: for example, what the complaint was, how we investigated it and how we resolved it, including any contact with the Financial Ombudsman Service or other third party adjudicator services
- Information disclosed to the insurers of the policy and their assistance and claims handlers.
Some of our processes combine different sets of information we hold. This can include combining different data sets we have about you or combining your information with that of other individuals.
Automated decision making and profiling
Our on-line Quote and Buy systems carry out automated decision making and profiling to decide whether we can provide insurance to you and at what price. If you do not want your data to be processed in this manner then you are able to obtain quotations and arrange insurance via our Contact Centre.
The sole purpose of passively collecting your information is to improve your experience when using our websites and services.
Who we share your data with
Where applicable, we share your personal information with the following types of third parties when we have a valid reason to do so:
- Insurers, underwriters and other companies for the purpose of arranging and administering your insurance and for handling claims.
- Law enforcement, government bodies, regulatory organisations, courts, and public authorities, for example the Financial Conduct Authority (FCA), The Gibraltar Financial Services Commission (GFSC), The Financial Ombudsman Service, The Information Commissioner’s Office (ICO), Police and HMRC.
- Personal representatives appointed by you to act on your behalf
- Media agencies and other marketing organisations that we conduct marketing activities through.
- A third party where disclosure is required to comply with legal or regulatory requirements.
- If you use our email and webchat service, then we will share your information with our email and webchat service provider (Zendesk) for the purposes of helping you with your query.
- A third party we may choose to sell, transfer, or merge parts of our business or our assets with. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this policy.
- Other companies within our Group.
Other third parties
Other third parties including claims handling and assistance service providers may share personal information you disclosed to them, with us for the purposes of administering your policy. If you refuse disclosure of data to a third party which prevents the insurer from providing cover, the insurer may be released from any liability for any claim.
InsureandGo uses a variety of services hosted by third parties such as HotJar, Google Analytics, Bing Ads, Google Tag Manager, Zendesk, TrustPilot, YouTube and Optimizely. These services may collect information sent by your browser as part of a web page request, such as cookies or your IP address.
For information on how these third parties collect and use your information, please refer to their privacy policies.
Transferring data internationally
Data protection law places restrictions on transferring personal data outside of the United Kingdom (UK) and the European Economic Area (EEA).
We may need to transfer information to our service suppliers in countries outside the UK and the EEA. If we do, we will ensure that your information is properly protected. If the laws of the country where our supplier is based are not considered equivalent to those in the UK or the EEA, we will ensure that the service supplier enters into a formal legal agreement that reflects the standards required.
We may use your information to:
- Keep you informed by email, post, telephone, SMS, or other communication means about products and services, articles or competitions that we believe will be of interest to you
- Personalise your customer journey to improve your experience
- Carry out market research or data analysis to help us improve the services we provide or to design new services for the future
If you no longer wish to receive postal and/or email marketing communications from us, you can request us to stop by:
- Emailing us at [email protected]
- Writing to the Data Protection Officer, Insure & Go Insurance Services Ltd, Maitland House, Warrior Square, Southend-on-Sea, Essex SS1 2JY
- Calling us at 0330 400 1381
If you do choose to stop receiving marketing communications from us, we will ensure that you do not receive such material going forward, unless you change your mind and specifically request it in the future.
Your data rights
Data protection law gives you rights relating to your personal information. This section gives you an overview of these and how they relate to the information you give us.
The UK supervisory authority for data rights, the Information Commissioner’s Office (ICO), has also published detailed information about your rights on their website: www.ico.org.uk.
Your right to access
You have a right to request copies of the personal information we hold on you, along with meaningful information on how it is used and who we share it with.
This right always applies, but there are some instances where we may not be able to provide you with all the information we hold. If this is the case, we will confirm why we are unable to provide it – unless there is a valid legal reason that means we cannot let you know why.
Your right to rectification
If information we hold is inaccurate or incomplete, and this has an impact on the way we are using your data, you have the right to have any inaccuracies corrected and for any incomplete data to be completed.
If you ask us to rectify your information, we will either confirm to you that this has been done, or if there is a valid reason that this cannot be done, we will let you know why.
Your right to erasure (the right to “be forgotten”)
You have the right to request that your personal information is erased.
If you ask us to erase your information we will either confirm to you that this has been done or, if we are unable to delete it, let you know why and also inform you how long we will hold it for. For more information see the “Retention Policy” section of this policy.
Your right to restrict processing
You can ask us to restrict the use of your information.
If you ask us to restrict your information, we will either confirm to you that this has been done or if we are unable to restrict it, we will inform you why.
Your right to object to direct marketing
You can object to receiving direct marketing from us.
If you do so, we will ensure that you do not receive such material going forward, unless you change your mind and specifically request it in the future. For more information, see the “Marketing” section of this policy.
Your right to object to automated decision-making
You can object to decisions made about you using your information and undertaken by purely automated means.
If you do so, we will arrange for someone to assess the automated decision and confirm the outcome of this assessment to you.
Your right to object to processing
Your right to object to the use of your information for statistical purposes
You can object to us using your information for statistical purposes in some instances.
If you do so, we will either confirm to you that the processing has stopped or if there is a valid reason for the processing to continue, we will inform you why.
Your right to challenge our legitimate interests
You can challenge the use of your personal data where we use a legitimate business interest as a lawful basis to process your information. You can find more information on when we use this lawful basis in the “lawful ways we use your data” section of this policy.If you do so, we will either confirm to you that the processing has stopped or there is a valid reason for the processing to continue, we will inform you why.
Your right to data portability
You have the right to request that your information be compiled into a common, machine-readable format and either provided directly to you or sent by us to a third-party you nominate.
If you request this, we will either act upon your instruction and confirm to you that we have done so, or if there is a valid reason that this cannot be done, we will tell you why.
Your right to complain
If you have a complaint about how we use your personal information, please contact us by email at [email protected].
Or by post:
Insure & Go Insurance Services Ltd
If you remain unhappy with our response, you may raise a complaint with a supervisory authority responsible for data protection and privacy.
In the UK, the supervisory authority is the Information Commissioner’s Office (ICO), which can be contacted using the following details:
By e-mail: [email protected]
By telephone: 0303 123 1113
The Information Commissioner’s Office
Exercising your data rights
You can exercise any of your data rights by contacting our Data Protection Officer at [email protected]
We will only retain data for as long is necessary for the purposes for which it is being processed and in line with our data retention policy. In most cases, this will be a maximum of 7 years from the expiry of an insurance contract.
Linked websites and information security
We are committed to protecting the online privacy of visitors to our website. We have implemented security policies, rules and technical measures to protect your personal data from unauthorised access; improper use or disclosure; unauthorised modification; and unlawful destruction or accidental loss.
If you contact us by email, you should be aware that emails are not secure unless they have been encrypted. We cannot accept any responsibility for the unauthorised access to your data that is beyond our control.