Who we are
Arden Insurance Brokers Limited, are committed to safeguarding the privacy of our customers. We gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection regulation and laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data. Arden Insurance Brokers Limited is a wholly owned subsidiary of Kennett Holdings Limited.
Arden Insurance Brokers Limited’s registered office is at Dawson House, 5 Jewry Street, London EC3N 2EX and we are a company registered in England. We are registered on the Information Commissioner’s Office Register; registration number Z2417153, and act as the data controller when processing your data. If you have any query, please contact Mark Hicks at email@example.com. We process your Personal Data in accordance with this Privacy Notice, which is also available on www.ardeninsurance.co.uk.
What data do we collect and where do we get it from?
For the purposes set out in this notice, the Information Commissioner (ICO) requires us to advise you that, information, including personal information detailed below relating to you or anyone else to be covered by an insurance policy (“Personal Data and Special Categories of Data”) will be collected and processed by us and/or on our behalf by our third-party service providers.
This is information we may gather from you that will directly or indirectly identify you as an individual and may also provide information about your cultural or social identity. This type of data must be processed strictly in accordance with identified bases of law stated which we have outlined in the table below. This data will include but may not be limited to:
Your title, name, postal address, risk address, civil status, gender, current and or previous occupation, date of birth, contact details, registration number, mental health conditions, bank details, credit / debit card details, credit searches, National Insurance Number, next of kin information, children’s data where the child is under 16 (for travel insurance policies)
Special Categories of Data….
This is information we may gather from you that might reveal your racial or ethnic origin, political opinions, religious or philosophical beliefs, your health, sex life or sexual orientation. This data will be processed strictly in accordance with identified bases of law stated in the table below. This data will include but may not be limited to:
Your title, gender, race, ethnic origin, political opinions, religious beliefs, physical or medical health conditions, driving licence origin, UK residency period, children’s data where the child is under 16 (for travel insurance policies), criminal history. Data for criminal convictions and offences will only be collected as permitted by UK Law.
This data will be provided by:
- Your family members, employer or representative
- Other insurance market participants
- Credit reference agencies
- Anti-fraud databases, sanctions lists, court judgements and other databases
- Government agencies such as the DVLA and HMRC
- Open electoral register; or
- In the event of a claim, third parties including the other party to the claim (claimant/defendant), witnesses, experts (including medical experts), loss adjusters, solicitors and claims handlers
- For risk management services this may also be provided as above, and by your employees, subsidiaries, agencies, third parties, health & safety executive, insurers, insurance providers, loss adjusters, engineers, and experts as deemed appropriate and from paperwork, forms and documents pertaining to you.
Which of the sources apply will depend on your circumstances.
You will either be completing application forms, or answering questions we ask you, in order to provide the required information. We may also obtain information from other sources that you provide us with, for example, your driving licence, or other official documentation required in order to administer the policy(ies) of insurance. We may also obtain information which is readily available in the public domain such as the Internet of Things (IoT), Social Media, Press etc.
Each time you visit our website, we may automatically collect personal data and technical information including IP addresses.
How and why do we process your personal data?
We will limit the collection and processing of information to information necessary to achieve one or more legitimate purposes as identified in this notice
Our legal basis for processing your data
In order to arrange and administer your insurance, and provide risk management services we will be using one or more of the following legal bases:
- Processing is necessary in order for us to take steps, at your request, to enter into a contract of insurance when you ask us to provide a quotation, place cover, and for the performance of that contract and when you need to make a claim. Processing is also necessary to enter into a contract when you ask us to provide you with a Risk Management service, advice and/or report.
- Processing is necessary for us to comply with any legal or regulatory obligation.
- Where we believe a customer is vulnerable, processing might be necessary to protect the vital interests of that person or other person covered by the policy.
- Where you request details of the services we provide, you have received a quotation, or we arrange and administer insurance, risk management services or ancillary services on your behalf we will have a legitimate interest to provide you with further information about our services and those of our associated companies. We may have a legitimate interest in processing the data for changes to any quotation or policy which you may request, or for any other reason necessary to undertake any other requests related to your insurance policy.
- In respect of children’s data, a child being a person under the age of 16, which is only collected for the purposes of arranging travel insurance, we will seek parental consent to hold the data and record that consent.
Why we collect your data
We obtain, collect and process your personal data and special categories of data (which includes sharing your data with others) to enable us to provide the following:
- Setting you up as a client, including possible fraud, sanctions, credit and anti-money laundering checks, and to provide you with details of other services we provide which may be of interest to you.
- Evaluating the risks to be covered and matching to appropriate policy/premium
- Payment of premium where the Insured/Policyholder is an individual
- Policy Administration
- Client care, including communicating with you and sending you updates
- Payments to and from individuals
- Claims Processing
- Managing insurance and reinsurance claims
- Defending or prosecuting legal claims
- Investigation or prosecuting fraud
- Contacting the Insured/Policyholder to renew the insurance policy
- Evaluating the risks to be covered and matching to appropriate policy/premium
- Payment of premium where the Insured/Policyholder is an individual
- Other purposes outside of the insurance lifecycle but necessary for the provision of insurance throughout the lifecycle period
- Complying with our legal or regulatory obligations
- General risk modelling
- Transferring books of business, company sales and reorganisations
- Risk Management
- Setting you up as a client, communicating with you, defending or prosecuting legal claims/circumstances/events, evaluating the risks presented.
- Production of reports, recording of still images, and/or dealing with your suppliers, third parties, representatives, agencies, subsidiaries as disclosed and directed by you.
- Sharing this information with insurers and insurance providers to assist with the premium and negotiation of your insurance contract. Dealing with regulatory bodies.
- Collection of payment where the data pertains to an individual.
Please note that in addition to the disclosures we have identified against each purpose, we may also disclose personal data for those purposes to our service providers, contractors, agents and group/associated companies that perform activities on our behalf.
If you do not provide the requested data it may not be possible to obtain a quote or provide you with a policy.
If you do not provide us with appropriate access and/or information we request to provide our risk management advice and service, we may be unable to provide you with a report or provide our service.
Who we share your data with and the reason for processing
We are a Data Controller, and in order to process your requests we may be sharing your data with one or various third parties. The parties we may share with and our reasons for sharing that information are listed but not limited to the following:
- Insurers, Reinsurers, Insurance providers (ie Placing Brokers, Delegated Authority Schemes, Wholesalers) for General Insurance in order to provide you with quotations, cover, policy administration, to arrange and progress claims, and renewals and carry out reviews.
- Loss adjusters/assessors, surveyors, solicitors, private investigators, surveillance companies, possible suppliers for repair/replacement facilities including Third Parties’ representatives, ie their insurers, solicitors to assist in the event of a claim, or to assist in your Risk Management Assessment, report and service.
- Premium Credit providers, and Other Credit facilities sourced and arranged to assist with the payment of contracts we have arranged for you, to include credit reference agencies to assist in determining an appropriate payment plan, and in the event of non-payment to debt agencies, courts and/or solicitors.
- State, statutory and/or government departments, bodies or agencies such as regulators eg (FCA, PRA, ICO), Ombudsman eg.(FOS), crime agencies, Insurance Fraud Bureau, police, sanctions checking, Health & Safety Executive (HSE), Claims Underwriting Exchange (CUE), Motor Insurers Bureau (MIB), Motor Insures Database (MID), Employers Liability Tracing Office (ELTO), Financial Services & Compensation Scheme (FSCS), DVLA, Mylicence etc for the avoidance and detection of crime and/or fraud, to meet our regulatory and legal obligations and/or where we are required to by law. We will also interact with these parties to assist with your contract performance, your claim and our risk management services.
- Our Staff, sub-contractors acting on our behalf, our group/associated companies’ offices, internal and external auditors, financial institutions, such as our bank, interested parties (such as your mortgage provider), Interpreters, call recording and monitoring, to assist with staff training, quality and monitoring, complaints, accounting controls and banking, customer service and/or in the event one of our sites temporarily goes down. We will also use this to exercise legitimate interest regarding our services.
- Telecommunications, IT providers, software, hardware, cloud and system and technical management providers to detect, secure, test and back up our systems, to safely process and hold all data, and collective management information.
- We may also use your data in an anonymised form as part of statistics or other aggregated data shared with third parties.
- Our own insurers, insurance providers, and solicitors, where we need to provide information about you and/or defending ourselves in a legal dispute or as required by law, or where a circumstance exists that a future claim may occur
- Other third parties not detailed above, to be shared only for the purposes stated, or in a way you would reasonably expect us to, unless we inform you otherwise.
How long we retain your Data
We will retain your Personal Data for as long as your insurance policy/contract is valid with us and for 10 years thereafter. In particular, for so long as there is any possibility that either you or we may wish to bring a legal claim under this insurance, or where we are required to keep your personal data due to legal or regulatory reasons.
Risk Management Services
Risk Management personal data will be retained for a period of
- 5 years post the Audit/Report for risk assessments, safety management audit, and/or fleet management audit, and training events which are held in the format of the Audit or Report. Supporting notes will be disposed of confidentially after 13 months as they are contained in our Audit or Report.
- Business Continuity plans or Accident Investigation reports will be held for a period of 3 years post their Completion/issuance.
- Fire Risk Assessment audit, Behavioural audit, DSE Assessment, Quality/Environmental Management System will be disposed of after 13 months following their completion/issuance.
- Financial Information in relation to invoices, payments, debts, or your account with us, in respect of risk management, will be held for a period of 7 years post termination of your contract with us.
- For some of our products eg: motor and household insurance, we may carry out automated decision making (including profiling) to process your personal data in order for insurers to underwrite and price your insurance online and/or process your claim. We take care to ensure our profiling is fair, transparent and limited in purpose.
- We have stated the reasons we are collecting your data above, but in the event that you do not wish to provide us with your personal data for all or any of the above reasons, this may limit the insurers who will quote and agree to cover, and in some cases insurers and/or insurance providers may not wish to offer cover at all. We may not be able to provide you with our Wealth Management and Risk Management Services either.
- If at any point in the future we need to amend this policy, every effort will be made to make you aware and our website will always have the latest version.
Where do we hold your data?
At all times we will endeavour to hold your Data on servers within the UK. Where we share your information with other Data Controllers, they must also agree to hold your Data within the UK. Where another Data Controller advises their data is not held in the UK, we will make enquiries to ascertain where the data is held, and that equivalent organisational systems and controls exist, to protect your data. In the event your data is to be held in any other geographical area we endeavour to ensure that:
- Data Controllers do not do so without our prior written authority and
- An appropriate transfer agreement is put in place to protect your personal data
Your acknowledgment of this notice and your rights
Under General Data Protection Regulation, you have rights and these are listed below.
Right to Be Informed
The General Data Protection Regulation sets out the information we must provide to you about your Data. All of the information we are required to give you is contained within this Privacy Notice. If you do not understand any part of this, you should contact us immediately and we will be happy to explain it to you.
Right of Access
You have the right to access and obtain a copy of the personal data, and any supplementary information that we hold about you to enable you to verify the lawfulness of the processing carried out. This will be provided free of charge, unless your request is unfounded, excessive or repetitive, and the information will be sent to you within 30 days of your request being received. If we refuse your request, you have the right to complain to the ICO.
Right to Rectification
You have the right to request that we correct any inaccuracies in the personal data we hold about you. This will be corrected within one month. If we are unable to correct the inaccuracy you have the right to complain to the ICO.
Right to Erasure
You have the right to request that we erase your personal data. For example, you may exercise this right in the following circumstances:
- your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by us;
- you withdraw consent and no other legal ground permits the processing;
- you object to the processing and there are no overriding legitimate interests for the processing;
- your personal data was unlawfully processed; or
- your personal data must be erased for compliance with a legal obligation.
We refuse the right to delete your information when it falls within our data retention period stated above, as this data may be required to exercise or defend litigation in the event of a claim whether covered or not by the insurance policy. If you do not agree with this, you have the right to complain to the ICO.
Right to Restrict Processing
You have the right to restrict our processing of your personal data where any of the following circumstances apply, although we will still be allowed to store it:
- where you feel that the personal data which we hold about you is not accurate. Processing will be restricted until you verify the accuracy of the information
- where the processing is unlawful, and you do not want your personal data to be erased and request the restriction of its use instead;
- where we no longer need to process your personal data, but the data may be required to establish, exercise or defend a legal claim
- where you have objected to our processing of your personal data pending the verification of whether, or not, our legitimate business interests override your interests, rights and freedoms.
Where you exercise your right to restrict our processing of your personal data, we will only continue to process it in accordance with the requirements of this policy or our legal obligations.
Right to Data Portability
You have a right to receive and transfer the personal data that we hold about you. This only applies to:
- personal data you have provided to us
- where the data was processed by you giving us your individual consent or for the performance of a contract
- and where processing was carried out by automated means.
Where you make such a request, this will be provided in a structured, commonly used, machine readable format such as a CSV file, or an agreeable format. This will be completed within one month of us receiving your request.
Right to Object to Processing
In certain circumstances, you have a right to object to our processing of your personal data
- Where we have processed it as a legitimate interest (including profiling)
- Direct Marketing (including profiling)
- Processing for scientific / historical research and statistics
We will still be able to process your personal data where
- We can demonstrate compelling legitimate grounds for us to process your Personal Data which override your interests, rights and freedoms
- The processing is for establishment, exercise and defence of legal claims.
Right to Object to automated decision making including profiling
You have a right not to be subjected to decisions being made solely by automated means without any human involvement. This might be the case where quotations are obtained online. We will still be able to carry out this type of decision-making where:
- It is necessary to enter into or for the performance of a contract (such as a contract of insurance) which is the main reason we would use this type of decision-making; or
- You have given your explicit consent for us to do so.
We will only process data in the way you would expect it to be used, and you will be entitled to have a person from our firm to review the decision so that you can query it and set out your point of view and circumstances to us.
Right to Withdraw Consent
Where the legal basis of consent has been used (and in our business we only use this for parental consent when collecting children’s data in connection with travel insurance, and as part of our financial planning process and in conjunction with trusts etc;), you have the right to withdraw that consent at any time. Where you exercise your right to withdraw parental consent of the processing of any children’s data, any data processed prior to the withdrawal of consent will remain valid. Withdrawing this consent may mean we will be unable to provide you with a quotation, or a contract of insurance, or assist you in the event of a claim.
If you would like to exercise any of your rights detailed above, please contact Mark Hicks, Managing Director, by email firstname.lastname@example.org.
You may raise any concerns about Arden Insurance Brokers Limited’s processing of your Personal Data with the Information Commissioner Office on https://ico.org.uk/.
Changes to this notice
We may amend this notice on occasion, in whole or part, at our sole discretion. Any changes to this notice will be effective immediately and will be posted on our website www.ardeninsurance.co.uk. If at any time we decide to use your personal data in a manner significantly different from that stated in this notice, or otherwise disclosed to you at the time it was collected, we will notify you by e-mail or post and you will have a choice as to whether or not we use your information in the new manner. If you have questions or concerns about this notice, please contact Mark Hicks, Managing Director, by email email@example.com.
Information about or provided by another person
Where your information for your policy has been provided to us by another person, we will send you a copy of this privacy notice directly to you, where we have your address, within one month of your policy being taken out. If we do not have, or we are unable to hold, your address for any reason, we will send a copy of this to the person arranging the insurance with instructions to pass this to you within one month. Where you have taken out a policy and provided us with information about another person, eg: an additional driver to your motor policy, an additional person to your travel insurance particularly where health conditions have been disclosed, it is unlikely we will have their address, and therefore you must provide them with a copy of this Privacy Notice so that they will know how their data is being used. Additional copies can be supplied on request and are available at www.ardeninsurance.co.uk.
To find out more about our Services please contact our team today on T. +44 (0) 203 857 5373 or fill out the form below: