Catholic Insurance Service Ltd (also referred to as ‘CIS, ‘we’, ‘us’ or ‘our’), is committed to respecting the privacy of all individuals whose personal data we process including visitors to our website, our clients and contacts and individuals whose personal data is shared with us by our clients.
Please read this Privacy Notice carefully to understand how we use and protect the personal data that you provide to us and that which we otherwise obtain about you, and to understand what your rights are in respect of the information that we hold. Please note this Privacy Notice only applies to ‘personal data’, i.e. information about living identifiable individuals.
Purpose of this Privacy Notice
This privacy notice (“Privacy Notice”) describes how CIS collects and uses your personal data and any personal data relating to others that you share with us.
It is important that you read this Privacy Notice together with any other Privacy Notice that we have provided or may provide to you when we are collecting or processing personal data about you in other contexts. This Privacy Notice supplements any other notices that we provide to you.
In this notice, references to the GDPR are to the General Data Protection Regulation (EU 2016/679) including as implemented into UK law as a result of the UK’s exit from the EU. References to the DPA 18 are to the Data Protection Act 2018.> Back to top
Who we are
CIS is registered as a company in England (no. 04493403) and is authorised and regulated by the Financial Conduct Authority (www.fca.org.uk) (no. 771050). Our registered office is Suite 5, Oxford House, Oxford Road, Thame, Oxfordshire, OX9 2AH.
We are the controller of your personal data which is referenced in this Privacy Notice.> Back to top
When do we collect your personal data?
We collect personal data in a number of ways including:
- When we perform services for our clients (including insurance broking, claims management and other forms of insurance services);
(In these cases we typically obtain your personal data from our clients (or their advisors and/or insurers). In some cases we may obtain your personal data from you directly.)
- If you contact us as a representative of your employer in order to enquire about, commission or use our services;
- When you contact us directly in relation to travel insurance of which you are a beneficiary;
- Where a member of your family provides us with personal data about you in connection with a travel insurance or other claim;
- Where you are a professional adviser or expert such as a lawyer who is involved in advising on claims with which we are assisting our clients;
- When you attend one of our events;
- When you apply for a position at CIS in which case you will be provided with a copy of CIS’s Recruitment Privacy Notice;
- If you contact us with a complaint or query;
- If you provide personal data to us when you use our website.
When do you provide us with personal data about other people?
We request that you avoid providing us with personal data relating to other people unless we have specifically requested it.
However, there may be situations where we collect information from you about other people, for example, information about:
- individuals given to us by a group representative where those individuals are covered by a group insurance policy,
- family members or others whose personal data you provide to us in connection with a claim in the context of travel or other insurances;
- individuals who are claimants, defendants, witnesses or other named parties in a claim or potential claim against one of our clients.
If you give us personal data about another person, please ensure and confirm to us that:
- you have told the individual who we are and provided them with a copy of this Privacy Notice; and
- you have permission from the individual to provide their personal data to us.
What personal data may we collect and process?
Information you provide to us
If you seek any services from us (e.g. a quotation for insurance cover) or become a client of CIS, we may collect some/all of the following personal data from or about you:
- name, address, e-mail address, telephone numbers and other contact details;
- date and place of birth, gender, marital status;
- employment status;
- financial information, including bank account details.
and other personal data depending on the nature of the insurance and services we offer and/or provide to you. This may include sensitive personal data (also known as ‘special category’ personal data) (see paragraph https://catholicinsuranceservice.co.uk/privacy/#what-about-personal-data-that-is-considered-more-sensitive for more information).
Information we obtain from our clients or others
We may also receive information about you (including if you are members of clergy or staff of our clients) from third-parties such as insurers, insurance intermediaries, loss adjusters, solicitors and other professionals who provide services relating to insurance and other support that we offer. Our clients may also provide us with information about you if you are involved in a transaction, dispute or claim with one of our clients or if you have a connection with them such as being a tenant or volunteer of a client. Examples of the personal data that we may process in this context include:
- your name and contact details;
- allegations of offences including criminal offences that have been made against you or by you;
- witness statements which contain personal data about you including in some cases special category data about you such as information about your health;
- details of any complaint(s), dispute(s) or transaction(s) between you and our client.
Information we collect via the CIS website
We may collect personal data about you if you provide it to us via the CIS website including:
- Your name;
- Your email address and telephone number;
- Any personal data that you include in the “Your message” box on the Contact us page;
- Any personal data that you provide via the members’ section of the site.
Information we collect about you if you make a complaint to us
When concerns are raised with us, we may collect personal data such as:
- Your name, address, telephone number, email address and mobile phone number;
- Information relating to the matter about which you sought our advice;
What about personal data that is considered more sensitive?
We will only collect and use sensitive information (also known as ‘special category data’ under the GDPR) if there is a valid reason for doing so and where the law allows us to. Sensitive information includes personal data about health, ethnicity, religion, political opinions or sexuality (which would include information relating to alleged victims or perpetrators of sexual abuse).
Where possible we aim to collect these types of personal data in limited circumstances and we request that, where possible, you avoid disclosing to us any sensitive information relating to you or anyone else.
However, there are situations where we may collect special category data about you. This information may be required, for example, to arrange certain insurance (e.g. travel insurance) or private healthcare for you. We may also hold this information about you where you are the alleged victim or perpetrator of sexual abuse in relation to a claim against one of our clients.
Where necessary, we shall obtain your explicit consent to the processing of such information. Alternatively we may rely on other applicable lawful bases under the GDPR or DPA 18 which permit the processing of special category data without obtaining consent (see https://catholicinsuranceservice.co.uk/privacy/#on-what-lawful-basis-do-we-process-your-personal-data for more information).> Back to top
How do we use your personal data?
The personal data which we hold about you, whether it is collected directly from you or whether we receive it from a third party, may be processed for a number of reasons, for example, to:
- provide you with information you may request about the services we offer;
- verify your identity and check any relevant background circumstances for anti-money laundering purposes;
- provide you with insurance intermediary services including policy administration and overseeing claims;
- enable your insurance to operate (e.g. in the event of a claim);
- provide you with legal or risk management advice;
- send you important information regarding changes to your insurance policies and other administrative information that we need to send from time to time;
- prevent and detect crime, including fraud and money laundering;
- administer payments;
- improve our products and services;
- resolve complaints and handle requests from individuals;
- manage our business operations, maintain internal records and comply with internal policies and procedures, including those relating to auditing, finance and accounting, billing, IT and data and records management;
- comply with our statutory and regulatory obligations;
- collate information relevant to assisting both our and our client’s co-operation with public inquiries and to provide such information to such inquiries where requested;
- establish and defend our legal rights.
If you do not provide the information requested, we may not be able to arrange your insurance or provide certain other services to you.
We may also use your information for marketing and hospitality purposes, for example, to:
- send you communications about CIS and other services we provide that may be of interest to you (e.g. sending you newsletters);
- provide you with updates on legal and insurance developments;
- contact you about other activities we may undertake and events we may host.
See https://catholicinsuranceservice.co.uk/privacy/#marketing below for more information on our use of your personal data for marketing purposes.> Back to top
On what lawful basis do we process your personal data?
We only collect, use and store your personal data where we have a lawful basis to do so. This will vary according to the circumstances of how and why we have your information, but typical examples include:
- it is within our legitimate business interests. We rely on this basis where applicable law allows us to collect and use personal data for our legitimate interests and the use of your personal data is fair, balanced and does not unduly impact your rights. For instance, it is in our legitimate interest to provide insurance intermediary, risk management and advice services;
- you have given consent (which can be withdrawn at any time by contacting us using the details below) for us to process your information (e.g. in relation to certain marketing communications);
- we are carrying out necessary steps in relation to a contract to which you are party or prior to you entering into a contract (e.g. where you have entered into an insurance contract);
- the processing is necessary for compliance with a legal obligation (e.g. for us to verify your identity under anti-money laundering requirements).
If we process any special categories of personal data (e.g. information revealing racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic or biometric data; data concerning your health, sex life or sexual orientation), we must be able to satisfy an additional condition to permit the processing. This may include:
- where the processing is necessary for an insurance purpose (e.g. obtaining medical information in connection with a claim for medical expenses under a travel policy);
- where you have given us your explicit consent to do so (e.g. to cater for your medical or dietary needs at an event);
- you have made the information public;
- where the processing is necessary for the establishment, exercise or defence of legal claims; or
- the processing is necessary for reasons of substantial public interest (e.g. where steps are taken to prevent fraud or other dishonest activity).
If we process any information relating to (alleged) criminal convictions or offences, we will typically rely on one of the following lawful bases:
- preventing or detecting unlawful acts;
- complying with our regulatory requirements in relation to unlawful acts or dishonesty;
- dealing with suspicions of terrorist financing or money laundering;
- obtaining legal advice or establishing, exercising or defending legal rights.
If you or the organisation that you represent becomes a client of CIS or is one of our professional contacts, we may use your personal data to invite you to hospitality events or other selected events for clients/ contacts and/or to send you information that we think may be of interest to you or your organisation. It is within our legitimate interests as an insurance intermediary to use your information in this way.
You will be given an opportunity to let us know if you do not wish to receive direct marketing materials and communications from us either at the time you provide your details to us and/or within each such communication.
If you change your mind about being contacted by us in the future, change your contact details, or if any information that we hold about you is inaccurate or out-of-date, please contact us so that we can update your details.> Back to top
We have in place administrative, technical and physical measures designed to guard against and minimise the risk of damage to or loss, misuse, or unauthorised processing or disclosure of the personal data that we hold.
> Back to top
Transfers of your personal data outside the UK
In the course of processing your personal data, or disclosing it to the recipients referred to above, we may transfer it to countries which are outside the European Economic Area (EEA), for example, in order to handle travel insurance claims and provide emergency medical assistance services when you are abroad.
Some countries outside the EEA may not have laws which provide the same level of protection to your personal data as countries inside the EEA. In such cases we will take steps to ensure that the transfers comply with the GDPR and that your personal data is appropriately protected.> Back to top
Your rights in relation to your personal data
You have rights in respect of the personal data you provide to us. In particular:
- the right to request a copy of some or all of the personal data that we hold about you;
- if we process your personal data, on the basis that we have your consent, the right to withdraw that consent;
- the right to ask that any inaccuracies in your personal data are corrected;
- the right to have us restrict the processing of all or part of your personal data;
- the right to ask that we delete your personal data where there is no compelling reason for us to continue to process it;
- the right to request a copy of the personal data that we hold about you, in a structured, commonly used and machine-readable format and/or to transmit that data to a third party;
- the right to object to the processing of your personal data where we: (i) process on the basis of the legitimate interests ground; (ii) use the personal data for direct marketing; or (iii) use the personal data for statistical purposes.
- the right not to be subject to legal or other significant decisions being taken about you on the basis of a solely automated process (i.e. without human intervention).
Please note that the above rights may be limited in some situations, for example, where we can demonstrate that we have a legal requirement to process your personal data. You should also bear in mind that, by exercising some of these rights, you may hinder or prevent our ability to provide you with products and services.
Rights may only be exercised by the individual whose personal data is being held by us or with that individual’s express permission. We may need you to provide us with proof of identity for verification and data security purposes before you can exercise your rights.
If you want to invoke any of these rights, please contact us using the details below.
Please note that you also have the right to lodge a complaint with your local data protection authority about how we use your personal data if you are located in the UK or the EU. Please always consider raising your concern with us first by contacting us using the contact details below.> Back to top
Retention of and changes to your personal data
We will ensure that the personal data we process for the purposes set out above is accurate and up-to-date.
We will keep your personal data for as long as necessary:
(a) to comply with any statutory or regulatory requirements we are subject to under applicable law;
(b) to fulfil the purposes for which the personal data was collected; and
(c) to defend our or a third party’s legal rights.
We expect to keep most of the personal data that we hold for a minimum of seven years from the closure of a claim, the expiry of any applicable limitation period or the date when you cease to be a client of ours and in many cases for longer.
If you have any questions about the retention periods for holding your personal data, please contact us using the https://catholicinsuranceservice.co.uk/privacy/#contact-us details below.
Once we decide that we no longer need your information, it will be securely and confidentially destroyed or deleted.> Back to top
If you have any questions, require further information about how we protect your personal data, wish to exercise any of the above rights or if you would like to provide feedback or make a complaint about the use of your information, please contact us:
Catholic Insurance Service Limited
Telephone: 01296 422030
Email address: firstname.lastname@example.org
Any complaints will be dealt with in accordance with our Complaints Policy.
We hope that we can satisfy any queries you may have about the way in which we process your personal data.> Back to top
Changes to this Privacy Notice
We may make changes to this Privacy Notice from time to time as our business practices and/or applicable laws change. We will not make any use of your personal data that is inconsistent with the original purpose(s) for which it was collected or obtained, or otherwise than is permitted by data protection laws. We will make reasonable efforts to notify you of any changes.> Back to top