CCIB Ltd is part of the Global Risk Partners Limited (GRP) Group of Companies.
CCIB Ltd and GRP are committed to protecting your personal information. This Privacy Notice is issued by CCIB Ltdand the GRP Group of Companies (collectively referred to as “GRP”, “we”, “us” and “our” in this Privacy Notice) that operate in the United Kingdom. For a full list of GRP trading companies please visit www.grpgroup.co.uk. For any questions or concerns relating to this Privacy Notice or our data protection practices, or to make a subject access request, please contact us at:
Data Protection Officer, CCIB Ltd 50 Fenchurch Street, London, EC3M 3JY.
Information we collect and from whom
We will receive personal information about you, when you contact us for example by requesting or obtaining a quote, purchasing a product from us or from one of our partners or using one of our websites.
The information could include:
Name, address (including proof of address), other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and employment history, and family details, including their relationship to you.
Identification numbers issued by government bodies or agencies, including your national insurance number, passport number, tax identification number and driving licence number.
Bank account or payment card details, income or other financial information.
Information about you (and others insured under the policy) which we need to collect in order to assess the risk to be insured and provide a quote. This may include data relating to health, criminal convictions, or other special categories of personal data (see below). For certain types of policy, this could also include telematics data.
Information about the quotes you receive and policies you take out.
Credit and anti-fraud data
Credit history, credit score, sanctions and criminal offences, and information received from various anti-fraud databases relating to you.
Previous and current claims
Information about previous and current claims, (including other unrelated insurances), which may include data relating to your health, criminal convictions, or other special categories of personal data (see below) and in some cases, surveillance reports.
In certain circumstances we collect special categories of data including health, criminal convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric, or data concerning sex life or sexual orientation.
We will collect personal information about you from you directly but also potentially from your family members, employer or representative, other insurance market participants, credit reference agencies, anti-fraud databases, sanctions lists, court judgements and other judicial databases, government agencies such as the DVLA and HMRC, open electoral register and any other publicly available data sources. In addition, in the event of a claim, we will get information from third parties including the other party to the claim (claimant / defendant), witnesses, experts (including medical experts), loss adjustors, solicitors, and claims handlers.
How and why we use this information
We will process any personal data lawfully under one or more of the following bases:
- Performance of a Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
- Compliance with a Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
- Legitimate interests: the processing is necessary for our legitimate interests pursued by us. In such cases our legitimate interests are as follows:
- To add value to your product offering by offering you other general insurance products
- To provide excellent service to our customers by ensuring they are fully informed about all of our products.
- To engage in activities to improve and adapt the range of products and services we offer and to help our business grow
- To investigate and prevent potential fraudulent and other illegal activity
- Consent: where you have given clear consent for us to process your personal data for a specific purpose. We can seek your consent within a written or electronic document or verbally.
We will use personal information about you primarily in connection with the provision of insurance, namely:
- Establishing and maintaining communications with you;
- Arranging insurance cover (issuing quotations, renewals, policy administration);
- Handling claims;
- Undertaking anti-fraud, sanction, anti-money laundering and other checks to protect against fraud, suspicious or other illegal activities;
- Collecting, forwarding and refunding premiums;
- Facilitating premium finance arrangements;
- Processing transactions through service providers;
- Credit assessments and other background checks;
- Where we believe it is necessary to meet legal, security, processing and regulatory requirements;
- Business transfers where we sell whole or part of our business and/or assets to a third party purchaser;
- Marketing and client profiling;
- Allowing our affiliated companies to notify you of certain products or services offered by them;
- Research and statistical analysis; and
- Building databases for use by us, our clients and insurers.
We may monitor calls, emails, text messages and other communications with you. When you contact us we may keep a record of that correspondence and any information provided to us during that or any subsequent communication.
In order to provide insurance cover and deal with insurance claims in certain circumstances we may need to seek your consent before processing such data. You can withdraw your consent to such processing at any time.
Please make sure that anyone else who is insured under your policy has provided you with consent to provide their personal information to us. It is important that you show this Privacy Notice to anyone else who is insured under your policy, including, for example, any named drivers under a motor policy or anyone living at the property insured under a household policy.
How we share this information
In using personal data for the above purposes, we will disclose personal data to third parties including insurers, reinsurers, intermediaries or other brokers; outsourcers, sub-contractors, agents and service providers; claim handlers; premium finance providers; professional advisers and auditors. Third parties to whom we disclose personal data are required by law and contractual undertakings to keep personal data confidential and secure, and to use and disclose it for purposes that a reasonable person would consider appropriate in the circumstances, in compliance with all applicable legislation.
We may share and aggregate information about you from across the GRP Group, including personal information held within the GRP Group relating to other policies held with us, quotes or claims details and, we may use this information to:
- Help us identify products and services that could be of interest to you, to tailor and package our products and services; to determine pricing and/or offer available discounts; and
- Conduct customer research and develop marketing campaigns.
We and/or other parties to whom we disclose personal data, may use your information for purposes such as statistical and trend research and analysis which might include computerised processes which profile you. Automatic profiling helps firms to understand, predict and forecast customer preferences and to improve the products and services they offer and to assess which products might be most suitable for you.
Retention of your personal data
We will keep your personal data only for so long as is necessary and for the purpose for which it was originally collected. In particular, for so long as there is any possibility that either you or we may wish to bring a legal claim under this insurance, or where we are required to keep your personal data due to legal or regulatory reasons.
We do not currently transfer your data to other organisations which are located outside of the European Economic Area (EEA).
Your rights and contact details of the ICO
If you have any questions or complaints in relation to our use of your personal data, please contact the data protection contact named at the top of this Notice. Alternatively, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk or 0303 1231113 (local rate)/01625 545745 (national rate).
Under certain conditions, you have the right to require us to:
- Provide you with further details on the use we make of your personal data/special category of data;
- Provide you with a copy of the personal data that you have provided to us;
Update any inaccuracies in the personal data we hold;
- Provide you with your personal data in a structured format
- Delete any special category of data/personal data that we no longer have a lawful ground to use;
- Where processing is based on consent, to withdraw your consent so that we stop that particular processing;
- Object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
- Restrict how we use your personal data whilst a complaint is being investigated.
In certain circumstances, we can need to restrict the above rights in order to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).