Privacy Policy

This policy explains what types of personal information will be gathered when you visit the Westminster Insurance website, and how this information will be used.

If you follow a link to any other website, please check their policies before you submit any personal information to those websites.

banner

Introduction

Westminster Insurance Ltd values the personal information you provide to us and want to ensure that it used only as you would expect. This Privacy Notice explains how we protect your privacy and how you can control what personal information we hold and how we use it.

Data Controller:      Westminster Insurance Ltd
mail@westminster.global
01305 839939
  
Data Protection Officer:      Gail O’Donovan
gail@westminster.global

We act as your agent and will collect data, including personal information and risk details, solely to enable us to obtain and provide insurance quotations, arrange and administer your insurance. Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are contractual obligation, and for our legitimate business interests as an insurance broker. We will be unable to offer any quotation or insurance if you refuse to provide certain personal data, including health, financial and criminal records data which is collected under the lawful basis of public interest, where these would affect the provision of cover and/or performance of insurance contracts.

Information Collected

For the purposes specified within this privacy statement, we collect and process the following information:

  • Personal identifiers, contacts and characteristics (for example, name and contact details)
  • Health, financial and criminal records
  • Business status, activity and revenue
  • Previous claim records

We regard the lawful and correct handling of personal information by the firm as an essential element in achieving fair treatment of customers and to maintaining confidence between those with whom we deal and ourselves. We therefore need to ensure that our organisation treats personal information lawfully and correctly. To this end, we fully endorse and adhere to the Principles of data protection, as set out in the Data Protection Act and General Data Protection Regulations.

In this respect, personal information:

  1. shall be processed fairly and lawfully and, in particular, shall be processed only in accordance with our stated privacy policy;
  2. shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes;
  3. shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed;
  4. shall be accurate and, where necessary, kept up to date;
  5. shall not be kept for longer than is necessary for the specified purpose(s);
  6. shall be processed in accordance with the rights of data subjects under the Act;
  7. should be subject to appropriate technical and organisational measures to prevent the unauthorised or unlawful processing of personal data, or the accidental loss, destruction, or damage to personal data;
  8. shall not be transferred to a country or territory outside the UK unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Therefore, the firm will, through appropriate management and strict application of criteria and controls:

  1. observe fully conditions regarding the fair collection and use of information;
  2. meet its legal obligations to specify the purposes for which information is used in the disclosure documentation provided to customers, obtaining consent for any marketing activities that we intend to provide;
  3. collect and process appropriate information only to the extent that it is needed to fulfil our operational needs or to comply with any legal requirements;
  4. ensure the quality of information used, regularly checking its accuracy;
  5. ensure that the information is held for no longer than is necessary for the purpose for which the data was originally collected, subject to our legal and regulatory obligations and legitimate business interest to protect and defend the company from litigation;
  6. ensure that the rights of people about whom information is held can be fully exercised under the Act (i.e. the right to be informed that processing is being undertaken, to access one’s personal information; to prevent processing in certain circumstances, and to correct, rectify, block or erase information that is regarded as wrong information);
  7. take appropriate technical and organisational security measures to safeguard personal information;
  8. ensure that personal information is not transferred abroad without suitable safeguards.
  9. To assist in achieving compliance with the Principles for Business of the Financial Conduct Authority:
  10. appoint an Information Security/Data Protection Officer (as stated on the first page of this document) at a senior level with specific responsibility for data protection and information security assets within the firm who will be responsible for providing staff with guidance on data protection procedures.

Your information will be held securely by us and shared with insurers, which could include reputable providers in other countries, to enable them to provide accurate terms and they will also obtain data about you and your insurance history from various insurance anti-fraud databases, such as the Claims and Underwriting Exchange (CUE) as well as publicly available websites and credit referencing agencies.

We will also share your information with contractors who provide IT services, but we will not give anyone else any personal information except on your instructions or authority, or where we are required to do so by law, or our regulatory requirements. Information about you and your insurances will be securely stored on our dedicated server while you are a client and for a minimum of three years, and in certain circumstances up to six years, after expiry of your policies. We will then dispose of your information by deletion from our records or anonymisation of the data.

Cookies

We use cookies on our website to improve your experience, provide essential functionality, analyse site traffic, and deliver relevant advertising. Some cookies are necessary for the site to work, while others help us understand how you use our site or personalise content.

Under the Data Protection Act, the rights of data subjects include the following:


Data Subject Right to Rectification

If you think that your data held by the firm is inaccurate, you can make a request to the firm, either verbal or in writing, to have the data corrected. It is recommended that, even where the request is made verbally, you provide the firm with a written explanation of the exact nature of the correction, including any relevant evidence, which clearly states your desired outcome. This will ensure that the firm properly understands your request and it also provides clear proof of the nature of your request should you object to the firm’s initial response.

For more information, see the Information Commissioners Office’s website: Your right to get your data corrected | ICO

Data Subject Right to Erasure (Right to be Forgotten)

If you wish for the firm to delete any personal data, you can ask anyone at the firm to do so, either verbally or in writing. It is recommended that, even where the request is made verbally, you provide the firm with a written explanation of the exact nature of your request, including any relevant evidence, which clearly states your desired outcome. This will ensure that the firm properly understands your request and it also provides clear proof of the nature of your request should you object to the firm’s initial response.

However, the firm will ONLY be required to delete your data if:

  • The firm no longer needs your data for the original reason it was collected for, OR
  • The data was held ONLY on the basis of your consent, OR
  • Your reasons for wanting your data deleted outweigh the firm’s reasons for wanting to keep it, OR
  • The firm has collected your data unlawfully, OR
  • The firm is legally obligated to delete your data.

For more information, see the Information Commissioners Office’s website: Your right to get your data deleted | ICO

Data Subject Right to Restrict Processing

If you object to what your data is being used for, or if you do not wish for your data to be deleted, you can make a request to the firm either verbally or in written form. It is recommended that, even where the request is made verbally, you provide the firm with a written explanation of the exact nature of the request, including your reasons and any relevant evidence, which clearly states your desired outcome. This will ensure that the firm properly understands your request and it also provides clear proof of the nature of your request should you object to the firm’s initial response.

You can request that the firm temporarily limits the use of your data when:

  • You have requested that the firm correct data that you think is inaccurate (see “Data Subject Right to Rectification” above), OR
  • You have objected to what that data is being used for.

You can request that the firm limits the use of your data instead of deleting it when:

  • The firm is using your data unlawfully, but you do not want them to delete it, OR
  • The firm no longer requires your data for the purpose they collected it for, but you need them to keep it in order to start, exercise or defend from legal action.

For more information, see the Information Commissioners Office’s website: Your right to limit how organisations use your data | ICO

Data Subject Right to Object to Processing

You can object to the firm’s use of your data at any time. This effectively means that you can stop or prevent the organisation from using your data. However, the firm is ONLY required to stop using your data if:

  • You are objecting to your data being used for the purpose of direct marketing, OR
  • You are objecting to your data being used for the exercise of official authority, OR
  • You are objecting to your data being used for the firm’s legitimate interests.

The request can be made verbally or in writing. It is recommended that, even where the request is made verbally, you provide the firm with a written explanation of the exact nature of the request, including your reasons and any relevant evidence, which clearly states your desired outcome. This will ensure that the firm properly understands your request and it also provides clear proof of the nature of your request should you object to the firm’s initial response.

For more information, see the Information Commissioners Office’s website: The right to object to the use of your data | ICO

Data Subject Right to Portability of Data

You have the right, at any time, to get your personal data from the firm in a way that is accessible and machine-readable, and you have the right to request that the firm transfer your data to another organisation. Note that this right ONLY applies to data that you have provided to the organisation and which is held electronically.

The request can be made verbally or in writing. It is recommended that, even where the request is made verbally, you provide the firm with a written explanation of the exact nature of the request, including your reasons and any relevant evidence, which clearly states your desired outcome. This will ensure that the firm properly understands your request and it also provides clear proof of the nature of your request should you object to the firm’s initial response.

For more information, see the Information Commissioners Office’s website: Your right to data portability | ICO

What to do if you have a complaint

If you have a complaint please contact our Data Protection Officer, Gail O’Donovan at gail@westminster.global who will deal with your request promptly.

You have a right to complain to the Information Commissioner's Office (ICO) if you believe that any use of your personal information by us is in breach of applicable data protection laws and regulations. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/

Making a complaint will not affect any other legal rights or remedies that you have.