Catholic Insurance Service Ltd (also referred to as ‘CIS, ‘we’, ‘us’ or ‘our’), is committed to respecting the privacy of all visitors to our website, and that of our clients and contacts.
Please read this Privacy Notice carefully to understand how we use and protect the personal information that you provide to us and that which we obtain about you, and to understand what your rights are in respect of the information that we hold. Please note this Privacy Notice only applies to ‘Personal Data’, i.e. information about living identifiable individuals.
Where you provide us with personal data about other people
We may collect information from you about other people, for example, we may collect information about individuals from a group representative if those individuals are covered by a group insurance policy. If you give us information about another person, it is your responsibility to ensure and confirm that:
- you have told the individual who we are and how we use personal data, as set out in this Privacy Notice; and
- you have permission from the individual to provide their personal data to us and for us to use it, as set out in this Privacy Notice.
What personal data may we collect and process?
If you seek any services from us (e.g. a quotation for insurance cover) or become a client of CIS, we may collect some/all of the following personal data from or about you:
- name, address, e-mail address, telephone numbers and other contact details;
- date and place of birth, gender, marital status;
- employment status;
- financial information, including bank account details.
and other personal data depending on the nature of the insurance and services we offer and/or provide to you. This may include sensitive personal data (also known as ‘special category’ personal data), such as information about medical conditions. This information may be required, for example, to arrange certain insurance (e.g. travel insurance) or private healthcare for you. Where necessary, we shall obtain your consent to the processing of such information.
We may also receive information about you (or about your clergy or staff) from third-parties such as insurers, insurance intermediaries, loss adjusters, solicitors and other professionals who provide services relating to your insurances. Our clients may also provide us with information about you if you are involved in a transaction, dispute or claim with one of our clients or if you have a connection with them such as being a tenant or employee of a client.> Back to top
How do we use your personal data?
The personal data which we hold about you, whether it is collected directly from you or whether we receive it from a third party, may be processed for a number of reasons, for example, to
- provide you with information you may request about the services we offer;
- verify your identity and check any relevant background circumstances for anti-money laundering purposes;
- provide you with insurance intermediary services including policy administration and overseeing claims;
- enable your insurance to operate (e.g. in the event of a claim);
- provide you with legal or risk management advice;
- send you important information regarding changes to your insurance policies and other administrative information that we need to send from time to time;
- prevent and detect crime, including fraud and money laundering;
- administer payments;
- improve our products and services;
- resolve complaints and handle requests from Data Subjects;
- manage our business operations, maintain internal records and comply with internal policies and procedures, including those relating to auditing, finance and accounting, billing, IT and data and records management;
- comply with our statutory and regulatory obligations;
- establish and defend our legal rights.
If you do not provide the information requested, we may not be able to arrange your insurance or to provide certain other services to you.
We may also use your information for marketing and hospitality purposes, for example, to:
- send you communications about CIS and other services we provide that may be of interest to you (e.g. sending you newsletters);
- provide you with updates on legal and insurance developments;
- contact you about other activities we may undertake and events we may host.
We may monitor calls, emails and other communications with you. When you contact us, we may keep a record of that correspondence and any information provided to us during that or any subsequent communication.> Back to top
On what lawful basis do we process your personal data?
We only collect, use and store your personal data where we have a lawful basis to do so. This will vary according to the circumstances of how and why we have your information, but typical examples include:
- it is within our legitimate business interests in providing insurance intermediary, risk management and advice services (e.g. where we use your data to arrange your insurance);
- you have given consent (which can be withdrawn at any time by contacting us using the details below) for us to process your information (e.g. in relation to certain marketing communications);
- we are carrying out necessary steps in relation to a contract to which you are party or prior to you entering into a contract (e.g. where you have entered into an insurance contract);
- the processing is necessary for compliance with a legal obligation (e.g. for us to verify your identity under anti-money laundering requirements).
- To protect your vital interests (e.g. if you were to fall ill or suffer injury on our premises or at an event hosted by us).
If we process any special categories of personal data (i.e. information revealing racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic or biometric data; data concerning your health, sex life or sexual orientation), we must have a further lawful basis for the processing. This may include:
- where the processing is necessary for an insurance purpose (e.g. obtaining medical information in connection with a claim for medical expenses under a travel policy);
- where you have given us your explicit consent to do so (e.g. to cater for your medical or dietary needs at an event);
- where the processing is necessary to protect your vital interests or someone else’s vital interests;
- you have made the information public;
- where the processing is necessary for the establishment, exercise or defence of legal claims; or
- the processing is necessary for reasons of substantial public interest (e.g. where steps are taken to prevent fraud or other dishonest activity).
If we process any information relating to your criminal convictions or offences, we will typically rely on one of the following lawful bases:
- preventing or detecting unlawful acts;
- complying with our regulatory requirements in relation to unlawful acts or dishonesty;
- dealing with suspicions of terrorist financing or money laundering;
- obtaining legal advice or establishing, exercising or defending legal rights.
If you become a client of CIS, we may use your personal information to invite you to hospitality events or other selected events for clients and/or to send you information that we think may be of interest to you or your organisation. This is within our legitimate interests as an insurance intermediary to use your information in this way.
We may also use personal information about our professional contacts to invite them to hospitality events or other selected events and/or to send them information that we think may be of interest to them or their business. This is also within our legitimate interests.
You will be given an opportunity to tell if you do not wish to receive direct marketing materials and communications from us either at the time you provide your details to us and/or within each such communication.
If you change your mind about being contacted by us in the future, change your contact details, or if any information that we hold about you is inaccurate or out-of-date, please contact us so that we can update your details.> Back to top
CCTV systems are installed at our registered office and we are responsible for the CCTV system. Signage is displayed on the exterior of the building and all CCTV cameras are clearly visible. Typically, cameras are positioned on the exterior of the building and in the car park, but they may be repositioned from time to time to ensure their effective use. Images are recorded and retained for the period of time set out in our document retention policy.
We use CCTV primarily to assist with security and safety of our staff and visitors to our office, although in rare cases we may use CCTV footage in investigations.> Back to top
We have in place administrative, technical and physical measures designed to guard against and minimise the risk of damage to or loss, misuse, or unauthorised processing or disclosure of the personal data that we hold.> Back to top
Transfers of your personal data outside the UK
In the course of processing your personal data, or disclosing it to the recipients referred to above, we may transfer it to countries which are outside the European Economic Area (EEA), for example, in order to handle travel insurance claims and provide emergency medical assistance services when you are abroad.
Some countries outside the EEA may not have laws which provide the same level of protection to your personal data as countries inside the EEA. In such cases we will take steps to ensure that the transfers comply with the GDPR and that your personal data is appropriately protected. We do so by taking the following measures:
- putting in place a contract with the recipient that means they must protect the personal information to the same standards as is required in the EEA;
- transferring it to a non-EEA country with privacy laws that give the same protection as the EEA;
- transferring it to organisations that are part of Privacy Shield (or any successor or replacement scheme). This is a framework that sets privacy standards for data sent between the US and EU countries to ensure that those standards are similar to what are used within the EEA;
- transferring it to organisations or countries that have other approved certification schemes or codes in place; or
- relying on another appropriate ground under applicable data protection laws.
Your rights in relation to your personal data
You have rights in respect of the personal data you provide to us. In particular:
- the right to request a copy of some or all of the personal data that we hold about you;
- if we process your personal data on the basis that we have your consent, the right to withdraw that consent;
- the right to ask that any inaccuracies in your personal data are corrected;
- the right to have us restrict the processing of all or part of your personal data;
- the right to ask that we delete your personal data where there is no compelling reason for us to continue to process it;
- the right to object to us processing your personal data for direct marketing purposes;
- the right not to be subject to legal or other significant decisions being taken about you on the basis of an automated process (i.e. without human intervention).
Please note that the above rights may be limited in some situations, for example, where we can demonstrate that we have a legal requirement to process your personal data. You should also bear in mind that, by exercising some of these rights, you may hinder or prevent our ability to provide you with products and services.
Rights may only be exercised by the individual whose information is being held by us or with that individual’s express permission. We may need you to provide us with proof of identity for verification and data security purposes before you can exercise your rights.
If you want to invoke any of these rights, please contact us using the details below.> Back to top
Retention of and changes to your personal data
We will ensure that the personal data we process for the purposes set out above is accurate and up-to-date. We will retain your personal data for as long as necessary to fulfill the above purposes, or as otherwise permitted under data protection legislation. This will usually be for a minimum period of seven years after you cease to be a client of CIS or otherwise as determined by law or regulation.
Once we decide that we no longer need your information, it will be securely and confidentially destroyed or deleted.> Back to top
Catholic Insurance Service Ltd. is registered as a company in England (no. 04493403) and is authorised and regulated by the Financial Conduct Authority (www.fca.org.uk) (no. 771050).
If you have any questions, require further information about how we protect your personal data, wish to exercise any of the above rights or if you would like to provide feedback or make a complaint about the use of your information, please contact us:
Catholic Insurance Service Limited
Telephone: 01296 422030
Email address: firstname.lastname@example.org
Any complaints will be dealt with in accordance with our Complaints Policy.
We hope that we can satisfy any queries you may have about the way in which we process your personal data. However, if you have unresolved concerns you also have the right to complain to the Information Commissioner (‘ICO’) (www.ico.org.uk).> Back to top
Changes to this Privacy Notice
We may make changes to this Privacy Notice from time to time as our business practices and/or applicable laws change. We will not make any use of your personal data that is inconsistent with the original purpose(s) for which it was collected or obtained, or otherwise than is permitted by data protection laws. You will be notified of any changes.> Back to top