Catholic Insurance Service Ltd (also referred to as ‘CIS, ‘we’, ‘us’ or ‘our’), is committed to respecting the privacy of all visitors to our website, and that of our clients and contacts.
Please read this Privacy Notice carefully to understand how we use and protect the personal information that you provide to us and that which we obtain about you, and to understand what your rights are in respect of the information that we hold. Please note this Privacy Notice only applies to ‘Personal Data’, i.e. information about living identifiable individuals.
Where you provide us with personal data about other people
We may collect information from you about other people, for example, we may collect information about individuals from a group representative if those individuals are covered by a group insurance policy. If you give us information about another person, it is your responsibility to ensure and confirm that:
- you have told the individual who we are and how we use personal data, as set out in this Privacy Notice; and
- you have permission from the individual to provide their personal data to us and for us to use it, as set out in this Privacy Notice.
What personal data may we collect and process?
If you seek any services from us (e.g. a quotation for insurance cover) or become a client of CIS, we may collect some/all of the following personal data from or about you:
- name, address, e-mail address, telephone numbers and other contact details;
- date and place of birth, gender, marital status;
- employment status;
- financial information, including bank account details.
and other personal data depending on the nature of the insurance and services we offer and/or provide to you. This may include sensitive personal data (also known as ‘special category’ personal data), such as information about medical conditions. This information may be required, for example, to arrange certain insurance (e.g. travel insurance) or private healthcare for you. Where necessary, we shall obtain your consent to the processing of such information.
We may also receive information about you (or about your clergy or staff) from third-parties such as insurers, insurance intermediaries, loss adjusters, solicitors and other professionals who provide services relating to your insurances. Our clients may also provide us with information about you if you are involved in a transaction, dispute or claim with one of our clients or if you have a connection with them such as being a tenant or employee of a client.
Website and cookies
You may choose to provide personal information to us when you visit our website (e.g. if you ask us to contact you). You may be asked to provide certain information about yourself, including your name, title, postal address, telephone number and/or email address.
We may collect Personal Data through your use of our website, including IP addresses and other information captured using cookies. A cookie is a small piece of information that is placed on your computer when you visit certain websites. Cookies allow websites to respond to you as an individual. To learn more about cookies please visit: http://www.allaboutcookies.org
We use session cookies (which will be deleted when you close your browser) and persistent cookies (which will remain across different visits of our website). When you visit our website, your computer may receive the following cookies:
- __utma: A persistent cookie used by Google Analytics to track the number of times a visitor has been to the site, when their first visit was, and when their last visit occurred.
- __utmb: A persistent cookie used by Google Analytics which keeps a timestamp of the exact moment in time when a visitor enters a site.
- __utmc: A session cookie used by Google Analytics which logs when a visitor leaves this website.
- __utmz: A persistent cookie used by Google Analytics which keeps track of where the visitor came from, search engine used, and other information related to this visit.
Most browsers allow you to refuse to accept cookies. For example:
- Internet Explorer: you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector.
- Firefox: you can adjust your cookies settings by clicking “Tools”, “Options” and “Privacy”.
- Google Chrome: Click on the “Tools” menu and select “Options”. Click the “Under the Bonnet” tab, locate the “Privacy” section and click the “Clear browsing data” button. Select “Delete cookies and other site data” to delete all cookies from the list.
Please note that blocking cookies may have a negative impact upon the usability of our website.
Information gathered through cookies is used to measure and analyse information on visits to our website, to tailor the website to make it better for visitors and to improve its technical performance. We will not use the data to identify you personally or to make any decisions about you.
How do we use your personal data?
The personal data which we hold about you, whether it is collected directly from you or whether we receive it from a third party, may be processed for a number of reasons, for example, to
- provide you with information you may request about the services we offer;
- verify your identity and check any relevant background circumstances for anti-money laundering purposes;
- provide you with insurance intermediary services including policy administration and overseeing claims;
- enable your insurance to operate (e.g. in the event of a claim);
- provide you with legal or risk management advice;
- send you important information regarding changes to your insurance policies and other administrative information that we need to send from time to time;
- prevent and detect crime, including fraud and money laundering;
- administer payments;
- improve our products and services;
- resolve complaints and handle requests from Data Subjects;
- manage our business operations, maintain internal records and comply with internal policies and procedures, including those relating to auditing, finance and accounting, billing, IT and data and records management;
- comply with our statutory and regulatory obligations;
- establish and defend our legal rights.
If you do not provide the information requested, we may not be able to arrange your insurance or to provide certain other services to you.
We may also use your information for marketing and hospitality purposes, for example, to:
- send you communications about CIS and other services we provide that may be of interest to you (e.g. sending you newsletters);
- provide you with updates on legal and insurance developments;
- contact you about other activities we may undertake and events we may host.
We may monitor calls, emails and other communications with you. When you contact us, we may keep a record of that correspondence and any information provided to us during that or any subsequent communication.
On what lawful basis do we process your personal data?
We only collect, use and store your personal data where we have a lawful basis to do so. This will vary according to the circumstances of how and why we have your information, but typical examples include:
- it is within our legitimate business interests in providing insurance intermediary, risk management and advice services (e.g. where we use your data to arrange your insurance);
- you have given consent (which can be withdrawn at any time by contacting us using the details below) for us to process your information (e.g. in relation to certain marketing communications);
- we are carrying out necessary steps in relation to a contract to which you are party or prior to you entering into a contract (e.g. where you have entered into an insurance contract);
- the processing is necessary for compliance with a legal obligation (e.g. for us to verify your identity under anti-money laundering requirements).
- To protect your vital interests (e.g. if you were to fall ill or suffer injury on our premises or at an event hosted by us).
If we process any special categories of personal data (i.e. information revealing racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic or biometric data; data concerning your health, sex life or sexual orientation), we must have a further lawful basis for the processing. This may include:
- where the processing is necessary for an insurance purpose (e.g. obtaining medical information in connection with a claim for medical expenses under a travel policy);
- where you have given us your explicit consent to do so (e.g. to cater for your medical or dietary needs at an event);
- where the processing is necessary to protect your vital interests or someone else’s vital interests;
- you have made the information public;
- where the processing is necessary for the establishment, exercise or defence of legal claims; or
- the processing is necessary for reasons of substantial public interest (e.g. where steps are taken to prevent fraud or other dishonest activity).
If we process any information relating to your criminal convictions or offences, we will typically rely on one of the following lawful bases:
- preventing or detecting unlawful acts;
- complying with our regulatory requirements in relation to unlawful acts or dishonesty;
- dealing with suspicions of terrorist financing or money laundering;
- obtaining legal advice or establishing, exercising or defending legal rights.
If you become a client of CIS, we may use your personal information to invite you to hospitality events or other selected events for clients and/or to send you information that we think may be of interest to you or your organisation. This is within our legitimate interests as an insurance intermediary to use your information in this way.
We may also use personal information about our professional contacts to invite them to hospitality events or other selected events and/or to send them information that we think may be of interest to them or their business. This is also within our legitimate interests.
You will be given an opportunity to tell if you do not wish to receive direct marketing materials and communications from us either at the time you provide your details to us and/or within each such communication.
If you change your mind about being contacted by us in the future, change your contact details, or if any information that we hold about you is inaccurate or out-of-date, please contact us so that we can update your details.
CCTV systems are installed at our registered office and we are responsible for the CCTV system. Signage is displayed on the exterior of the building and all CCTV cameras are clearly visible. Typically, cameras are positioned on the exterior of the building and in the car park, but they may be repositioned from time to time to ensure their effective use. Images are recorded and retained for the period of time set out in our document retention policy.
We use CCTV primarily to assist with security and safety of our staff and visitors to our office, although in rare cases we may use CCTV footage in investigations.
We have in place administrative, technical and physical measures designed to guard against and minimise the risk of damage to or loss, misuse, or unauthorised processing or disclosure of the personal data that we hold.
Who may we share your personal data with?
We will only supply your personal information to other parties where:
- such a transfer is a necessary part of the activities that we undertake (e.g. to provide you with quotations for insurance cover);
- where you give us consent (e.g. to receive certain marketing communications); or
- where we are required to do so by law or regulation (e.g. where the disclosure is necessary for the purposes of the prevention and/or detection of crime).
As an insurance intermediary we must disclose personal information to insurance companies, underwriting agencies, business partners and other parties in order to provide our products and services and to enable you to enter into insurance contracts. Examples of other parties include other insurance intermediaries, loss adjusters, regulatory bodies, legal firms, financial institutions and others involved in administering policies and handling claims.
We may also share your personal information with fraud prevention agencies such as the Claims and Underwriting Exchange Register and Theft Register. We may pass information relating to your insurance policy and any incident to the operators of these registers, their agents and suppliers.
Sometimes we contract with third parties whom we ask to process personal data on our behalf (e.g. IT consultants or cloud hosting providers). We require these third parties to comply strictly with our instructions and with data protection laws. Such service providers are contractually restricted from using or disclosing the information we give them except as necessary to perform services on our behalf or to comply with legal requirements.
We may also disclose personal information to new owners of our business in the event that we are subject to a merger or acquisition. Disclosure may also be made to enable company audits, regulatory inspections or to investigate a complaint, suspicion of fraud or a security threat.
We only share your information if we are satisfied that our partners or suppliers have sufficient measures in place to protect your information in the same way that we do. We never share your information outside our organisation for marketing purposes.
Transfers of your personal data outside the UK
In the course of processing your personal data, or disclosing it to the recipients referred to above, we may transfer it to countries which are outside the European Economic Area (EEA), for example, in order to handle travel insurance claims and provide emergency medical assistance services when you are abroad.
Some countries outside the EEA may not have laws which provide the same level of protection to your personal data as countries inside the EEA. In such cases we will take steps to ensure that the transfers comply with the GDPR and that your personal data is appropriately protected. We do so by taking the following measures:
- putting in place a contract with the recipient that means they must protect the personal information to the same standards as is required in the EEA;
- transferring it to a non-EEA country with privacy laws that give the same protection as the EEA;
- transferring it to organisations that are part of Privacy Shield (or any successor or replacement scheme). This is a framework that sets privacy standards for data sent between the US and EU countries to ensure that those standards are similar to what are used within the EEA;
- transferring it to organisations or countries that have other approved certification schemes or codes in place; or
- relying on another appropriate ground under applicable data protection laws.
Your rights in relation to your personal data
You have rights in respect of the personal data you provide to us. In particular:
- the right to request a copy of some or all of the personal data that we hold about you;
- if we process your personal data on the basis that we have your consent, the right to withdraw that consent;
- the right to ask that any inaccuracies in your personal data are corrected;
- the right to have us restrict the processing of all or part of your personal data;
- the right to ask that we delete your personal data where there is no compelling reason for us to continue to process it;
- the right to object to us processing your personal data for direct marketing purposes;
- the right not to be subject to legal or other significant decisions being taken about you on the basis of an automated process (i.e. without human intervention).
Please note that the above rights may be limited in some situations, for example, where we can demonstrate that we have a legal requirement to process your personal data. You should also bear in mind that, by exercising some of these rights, you may hinder or prevent our ability to provide you with products and services.
Rights may only be exercised by the individual whose information is being held by us or with that individual’s express permission. We may need you to provide us with proof of identity for verification and data security purposes before you can exercise your rights.
If you want to invoke any of these rights, please contact us using the details below.
Retention of and changes to your personal data
We will ensure that the personal data we process for the purposes set out above is accurate and up-to-date. We will retain your personal data for as long as necessary to fulfill the above purposes, or as otherwise permitted under data protection legislation. This will usually be for a minimum period of seven years after you cease to be a client of CIS or otherwise as determined by law or regulation.
Once we decide that we no longer need your information, it will be securely and confidentially destroyed or deleted.
Catholic Insurance Service Ltd. is registered as a company in England (no. 04493403) and is authorised and regulated by the Financial Conduct Authority (www.fca.org.uk) (no. 771050).
If you have any questions, require further information about how we protect your personal data, wish to exercise any of the above rights or if you would like to provide feedback or make a complaint about the use of your information, please contact us:
Catholic Insurance Service Limited
Telephone: 01296 422030
Email address: firstname.lastname@example.org
Any complaints will be dealt with in accordance with our Complaints Policy.
We hope that we can satisfy any queries you may have about the way in which we process your personal data. However, if you have unresolved concerns you also have the right to complain to the Information Commissioner (‘ICO’) (www.ico.org.uk).
Changes to this Privacy Notice
We may make changes to this Privacy Notice from time to time as our business practices and/or applicable laws change. We will not make any use of your personal data that is inconsistent with the original purpose(s) for which it was collected or obtained, or otherwise than is permitted by data protection laws. You will be notified of any changes.