Privacy Policy
01Introduction
This website (“Website”) is operated by Insurwave Limited (“we”, “our”, “us”). We are committed to protecting and respecting your privacy. This Website Privacy Notice (“Notice”), together with our Cookie Policy, sets out what personal data we collect when you visit and use this Website, how we may use and manage your personal data and the rights you have in relation to your personal data. Please read this Notice carefully to understand our policies and practices regarding your personal data.
For the purposes of applicable data protection laws, including the UK General Data Protection Regulation, Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003 (“DP Laws”), Insurwave Limited is the data controller. We are registered in England and Wales under company number 11284335. Our registered office is at 5 Clifford Street, London, England, W1S 2LG.
Any changes we may make to this Notice in the future will be posted on this page. Please check back frequently to see any updates or changes to this Notice.
Last updated: July 2023
02Whose personal data do we collect and how
We collect personal data when you visit and/or use this Website and / or complete one of our web forms (e.g., to contact us); submit a subscription request to us (e.g., for a newsletter); and communicate with us via social networking websites or other platforms.
We take steps to ensure that personal data collected is anonymised/aggregated where relevant, to ensure that the information does not directly identify you.
03The personal data we collect
The personal data we collect and process may include information submitted as part of subscribing to our newsletters (and other marketing) or completing online forms on this Website (e.g., your name, address, e-mail address and phone number) and technical information collected by cookies (please refer to our Cookie Policy, which forms part of this Notice) that is sent by your browser to our Website (stored as log files). This includes your IP address, browser type, operating system, language, time zone setting, access times and any referring website addresses. We may also collect information about your visit to the Website, including: the full Uniform Resource Locators (URL) clickstream to, through and from our Website (including date and time); services you viewed or searched for; and page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
We may also collect and process any personal data you chose to disclose as part of a general enquiry, and personal data you chose to submit in a ‘free text’ box (such as on the Website’s ‘Contact’ page). Please do not provide any personal data you do not wish us to have. Please do not provide any ‘special category’ i.e. sensitive personal data such as medical information, religious or philosophical beliefs or similar, or bank account details or other financial information via the Website.
We may receive personal data about you if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties (including social networking sites, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers) and may receive information about you from them. You can control what personal data is shared with us from third party websites, using the controls provided on those websites. We may also collect personal data about you from credit reference agencies where we have informed you this will take place.
Please note that if you do not provide certain personal data to Insurwave when requested (and where relevant, provide your consent), we may not be able to provide you with some or all of our services (including those set out in this Notice or in other agreements we enter into with you).
04The purposes for which we process your personal data
Depending on how you use this Website, your interactions with us, and the permissions you give us, the purposes for which we use your personal data include:
-
to provide you with any information or services that you request from us (e.g. to keep you up-to-date with the progress of a development you are interested in, or other similar information which relates to your enquiry);
-
to provide you with information about other services we offer that are similar to those that you have already purchased or enquired about;
-
to understand your needs and interests and to assess your application for Insurwave services, where applicable;
-
where permitted, to provide you, or enable selected third parties to provide you, with marketing information about services we feel may interest you;
-
to analyse and improve our services and to notify you about changes to our services;
-
for the management and administration of our business;
-
to administer and improve this Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes and as part of our efforts to keep this Website safe and secure;
-
to comply with and in order to assess compliance with applicable laws, rules and regulations (including tax reporting purposes pursuant to tax legislation), industry codes, voluntary codes we decide to adopt, or good practice and internal policies and procedures;
-
to confirm and verify your identity and to conduct due diligence, background and related checks;
-
to detect, investigate and prevent fraud and other crimes or malpractice;
-
for the purpose of, or in connection with, any legal proceedings;
-
to obtain legal advice or to establish, exercise or defend legal rights;
-
the administration and maintenance of databases storing personal data;
-
to comply with our contractual obligations;
-
where we receive personal data from other sources, we may combine this personal data with any personal data we collect about you. We may use this combined personal data for the purposes set out above (depending on the types of personal data we receive), including marketing.
05OUR legal BASES for processing your personal data
We are entitled to use your personal data for these purposes because one or more of the following legal bases applies:
- your consent, e.g., when you subscribe to our magazine or request to receive marketing from us and our third parties. Note that you can withdraw this consent at any time;
- to take steps to enter into or perform a contract with you or other individuals, e.g., providing quotes and other information to help you make a decision on whether to use our services;
- compliance with our legal obligations;
- in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings or
- ours or our third parties’ legitimate interests, where these are not overridden by your privacy and data protection rights. Our legitimate interests include: fulfilling your requests for information about our services, conducting surveys and other research projects, personalising and tailoring the content of our Website and our promotions to you, maintaining and improving our Website so that users can get the information they need from the Website quickly, allowing Insurwave to effectively and efficiently administer and manage the operation of its business, maintaining compliance with internal policies and procedures, monitoring the use of our copyrighted materials, offering optimal, up-to-date security solutions for mobile devices and IT systems, and for internal research purposes.
06Sharing your personal data
We may share or provide access to your personal data with any member of our group, among our affiliates and business units and third party agents, service providers and contractors outside of Insurwave including:
- for the purpose of the management and administration of our business;
- in order to facilitate the provision and enhancement of services to you;
- for the purpose of the administration and maintenance of the databases storing personal data;
- for the purposes of us receiving services (e.g., our accountants, auditors, service providers, professional advisors, IT and communications providers or any entity we reasonably consider necessary for the purposes outlined above). These third parties will be expected to be subject to confidentiality requirements (either by contract, professional obligation, duty or otherwise) that require them to only use your personal data as described above;
- to the extent required by law (e.g., if we are compelled by an obligation or a duty to disclose your personal data where we believe it is necessary or appropriate to comply with any legal obligation, rule, regulations or internal policies and procedures, including (without limitation) in order to comply with tax reporting requirements and other statutory reporting and disclosures to regulatory authorities), or to establish, exercise or defend our legal rights. This may include disclosure to regulatory bodies or government agencies and in order to investigate unauthorised attempts to modify the Websites, install harmful files or cause damage to the Websites;
- as part of a transaction, financing, or for other business needs (e.g., if we sell any of our businesses or assets, in which case we may need to disclose your personal data to the prospective buyer and their respective professional advisers, as the case may be, as part of certain due diligence processes); or
- if we or any of our affiliates, divisions or business units is acquired by a third party, including in the unlikely event of a bankruptcy, in which case the personal data held by us about you will be accessible to, and may be acquired by, the third party buyer.
We may aggregate or de-identify the information so that a third party would not be likely to link data to you, your computer, or your device. Aggregation means that we combine the non-personal information of numerous people together so that the data does not relate to any individual. “De-identify” means that we attempt to remove or change certain identifiers that may be used to link data to a particular person.
07International transfers of personal data outside uk/eea
The personal data that we collect from you may be transferred to, and stored at, a destination outside the UK or the European Economic Area (“EEA”). It may also be processed by staff operating outside the UK or the EEA working for us or for one of our suppliers. Such staff maybe engaged in, among other things, the processing of your payment details and the provision of support services. If we transfer personal data to a third party outside of the UK or EEA, we will, as required by DP Laws, ensure that your data protection rights are protected by appropriate safeguards, such as the UK IDTA or the European Commission’s Standard Contractual Clauses for the transfer of personal data to controllers or processors established in third countries. Please contact us (using the information in Section 13 below) if you would like more information about these safeguards.
08How we safeguard your personal data
We have implemented commercially reasonable controls and appropriate technical and organisational measures to protect personal data, as well as to maintain the security of our information and information systems in respect of personal data. Appropriate controls (such as restricted access) are placed on our computer systems and used where appropriate. Reasonable measures are taken to ensure physical access to personal data is limited to authorised employees.
Your personal data is kept for as long as it is necessary for the purposes for which it was collected. Therefore, after this period data is destroyed, erased or anonymised. All personal data you provide to us is stored on our secure servers. Any payment transactions will be encrypted.
09Retention of personal data
The period for which we will hold your personal data will vary and will be determined by the following criteria:
- The purpose for which we are using it. We are required to retain the personal data for as long as is necessary to satisfy or meet the purposes for which it was obtained including applicable legal or regulatory requirements; and
- Legal Obligations. Laws or regulations may set a minimum period for which we must retain your personal data.
We take reasonable steps using appropriate technical methods in the circumstances to delete or destroy your personal data when we no longer have a legal basis to retain it or to ensure that the personal data is anonymised or irrecoverable.
10Marketing
Depending on your preferences, we may send you marketing communications where we think that these are relevant and interesting. We send emails to your provided email address, such as our magazine or our brochures. Some of these emails may be tailored to you, based on your interests and any other information we may hold.
We also send you information through the post, such as our magazine and our brochures, and if you have provided your phone number we may contact you by telephone for the purposes for which you have provided this (e.g., to keep you updated on our developments).
If you no longer wish to receive marketing communications from us (or would like to start receiving marketing communications), you can change your preferences (‘opt-out’) at any time by writing to us or emailing us (using the information in Section 13 below). You can also click the ‘unsubscribe’ button which is included in the emails we send you, or you can tell us over the phone not to call you anymore. We may continue to send you service related emails if you opt-out of marketing, such as information about our service and information about your legal rights/conditions of use of the service.
You may also see ads for our Website on third-party sites, including on social media. These ads may be tailored to you using cookies (which track your web activity, so enable us to serve ads to customers who have visited our Website). Where you see an ad on social media, this may be because we have engaged the social network to show ads to our customers, or users who match the demographic profile of our customers. If you no longer want to see tailored ads you can change your cookie and privacy settings on your browser and these third-party websites.
Your option not to receive promotional and marketing material shall not preclude us from corresponding with you, by email or otherwise, regarding your relationship with us (e.g., your account status and activity or our responses to questions or inquiries you pose to us); shall not preclude us, including our employees, contractors, agents and other representatives, from accessing and viewing your personal data for our internal business purposes; and shall not preclude us from disclosing your personal data as described in this Notice for purposes other than sending you promotional and marketing materials.
11Your rights
In certain circumstances, DP Laws may give rights to individuals in respect of personal data that Insurwave hold about them, e.g., to:
- the right to refuse to provide any personal data and the right to object at any time to the processing of their personal data;
- the right to confirm whether we process their personal data and to obtain information regarding the processing of their personal data and access to the personal data about them that Insurwave holds;
- where consent was provided for certain processing activities, the right to withdraw their consent to the collection, processing, use and/or disclosure of their personal data at any time. Please note that this will not affect the lawfulness of any collection, processing, use or disclosure undertaken before such withdrawal and that Insurwave may still be entitled to process the personal data if it has another legitimate reason (other than consent) or a consent exception for doing so;
- the right to receive a copy of some personal data in a structured, commonly used and machine-readable format and/or request that Insurwave transmit that data to a third party where this is technically feasible;
- the right to request that Insurwave rectify or correct their personal data if it is inaccurate or incomplete;
- the right to request that Insurwave erase their personal data;
- the right to request that Insurwave restrict, anonymise or block its processing of their personal data; and
- where applicable, the right to lodge a complaint with the UK data supervisory authority, the Information Commissioner’s Office (“ICO”) if they think that any of their rights have been infringed by Insurwave.
You can exercise your rights at any time by contacting us ng the information set out in Section 13 below. Please note that the exercise of certain of your rights may prevent us from providing services to you.
We are typically able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from us, you may have the option to escalate concerns to the ICO.
12Links to third-party websites
Please note that this Website may contain links to other websites. These third-party sites are not subject to this Notice, and we recommend that you check the privacy and security policies of each website that you visit. We are only responsible for the privacy and security of the personal data that we process as a data controller and have no responsibility for the actions of other third party data controllers in relation to your personal data.
13Contact
If you have any enquiries or if you would like to contact us about our processing of your personal information, including to exercise your rights as outlined above, please contact us centrally at privacy@insurwave.com or by post to: Insurwave Limited, 42 Southwark St, London, SE1 1UN.