Werespectyourtrustinustouse,storeandshareyourinformation.Inthisnotice, weexplainhow we collectpersonal informationaboutyou,howweuse itandhowyoucaninteractwithusaboutit. ‘Personal Information’ is information about you and other individuals that identifies or makes an individual identifiable.
Wetrytokeepthisnoticeassimpleaspossiblebutifyouareunfamiliarwithourterms, orwantmoredetailonanyoftheinformationhere,pleaserefer and go towww.gjis.co.ukto view and read the full terms of Business. You may also contact us directly for more details, as required.
1. Who we are
Inthisnotice,'we','us'and'our'refers toGJIS Limited, a company registered in England and Wales under company number 01310695, including its trading name Global Jewellery Insurance Services. We are the data controller and are responsible for, and control, the processing of, your Personal Information, in accordance with the General Data protection Regulation and Data Protections Act 2018 (‘GDPR’/ ‘Act’)
2. Contact us
We welcome your feedback and questions about this Policy. If you wish to contact us please email our Representative, with overall responsibility for data protection, at firstname.lastname@example.org or write to us at GJIS Limited, Peel Place, 50 Carver Street, Birmingham B1 3AS.
When you visit our website (at https://www.gjis.co.uk), make an enquiry, post on our discussion forum, respond to a survey or register with us we may collect some basic information about you, such as your name, contact details and a record of any communications, for the purpose of responding to any query raised or comment made. We also collect statistical data about your browsing actions and patterns. This means information about your computer and your use of our Services, including (where available) your IP address, unique mobile device identifier (UDID), Android ID, device MAC address, browser information, operating system, timestamps, the pages that you request, applications downloaded, traffic data, location data, weblogs and other communication data, and the resources that you access. This will help us make our website work better for you. We will not use this information to identify you.
In addition, we collectPersonalInformationfrom you and other third parties (including your family, members, trade associations, your employer, credit reference agencies, anti- fraud and other databases, government agencies (DVLA, HMRC), and third parties to a claim (witnesses, experts, loss adjusters, legal representatives etc.), in order to provide insurance quotes, administer insurance policies and/ or deal with any claims or complaints and to provide you with access to our online services (‘Services’). The types of information we collect includes:
Personal details (including name, gender, marital status, date of birth, nationality, account login, photos or CCTV footage of your premises)
Identification numbers (including national insurance number, passport number)
Financial information (including, account details, payment card details, the value of assets insured)
Policy details (including details of the quotes you obtain and policies you purchase)
Credit and anti-fraud data (including credit history/ score, information from anti-fraud data bases)
Claims information (including details of previous or current claims for both related and unrelated insurance products)
Risk details (including information about you we need to collect to assess the risk to be insured and any responses to risk assessment surveys)
Communications (including a record of all correspondence (telephone conversations/ emails etc.)
In certain circumstances we may need to process special categories of data (i.e. details of your health/ physical injuries) and/ or criminal convictions (i.e. driving offences) to assess the risk to be insured and/ or process a claim. We will only process this information where necessary and on the basis of the below legal basis.
To provide our products and Services under the termsandconditionswe agree between us,weneedtocollect and use personal informationabout you. Ifyoudonot provide thispersonal Information we may notbeableto provideyouwithour productsandServices.
In accordance with the GDPR/ Act, we may only process your Personal Information if we have a ‘legal basis’ (i.e. legally permitted reason) for doing so. For the purposes of this Policy, our legal basis for processing your Personal Information is set out in the table below.
Why we will process your Information
The legal basis for which is…
To answer your questions, respond to posts on the discussion forum, improve our website and to ensure that our website is presented in the most effective manner for you.
This is necessary for the legitimate interests we pursue in keeping our website up to date and competitive and responding to any ad-hoc enquires/ comments, subject to you raising an objection, requiring us to check that our interest is not overridden by any risk to your rights.
Where an enquiry relates to a Service (i.e. a contract of insurance) this processing may be necessary for the performance of a contract.
To arrange, underwrite and administer your contract of insurance, namely:
Setting you up as a client
Understanding your insurance needs to offer you an appropriate policy of insurance
Evaluating risks to match you to an appropriate policy/ premium
Amending your policy
Client care- providing you with updates on your policy
Collecting payment of premiums
We may process details of your / your employee’s or agent’s home address, security and vehicles where they will carry sample stock.
This processing is necessary for the performance of a contract between us and information is processed to enable us to offer a quotation, arrange and administer a contract of insurance.
Outside of such, this processing is necessary for the legitimate interests we pursue in ensuring that the policyholder is within our acceptable risk profile and to collect any monies due to us, subject to you raising an objection, requiring us to check that our interest is not overridden by any risk to your rights and freedoms
To process any claim under or arising out of your insurance policy or our Services.
This processing is necessary for the performance of a contract between us and information is processed to enable us to provide claims services to you.
Outside of such, this processing is necessary for the legitimate interests we pursue is defending or advancing a claim, subject to you raising an objection, requiring us to check that our interest is not over ridden by any risk to your rights.
Further, where a claim becomes litigated this processing may be necessary to comply with our legal obligations
To analyse and create a profile for general risk modelling and underwriting (where these reports are shared with third parties your personal information (data that makes you as an individual identifiable, will be removed)
This processing is necessary for the legitimate interests we pursue to build risk models that allow acceptable risks for an appropriate premium, subject to you raising an objection, requiring us to check that our interest is not overridden by any risk to your rights
To comply with our legal or regulatory obligations. Including, identity and other verification checks, anti-money laundering, anti-fraud, counter-terrorist.
This processing is necessary to comply with our legal obligations.
To contact you for marketing purposes
(see the marketing section below for further details)
This processing is necessary for the legitimate interest we pursue in marketing other products and services we offer subject to you raising an objection, requiring us to check that our interest is not overridden by any risk to your rights.
We will not share your details with any third parties for the purpose of marketing.
In accordance with the Act, we are able to process your special category data (details of your health) and details of any criminal convictions where it is necessary for an insurance purpose (including advising on, arranging, underwriting or administering a contract of insurance and administering a claim under a contract of insurance) provided we have established a legal basis for doing so.
Where we are processing your special category data/ details of criminal convictions for an insurance purpose our legal basis is set out in the table above.
We will not process your special category data/ details of your criminal conviction without your explicit consent where it is not necessary for an insurance purpose.
It is important that we keep your personal data accurate and up to date and so we ask you to provide accurate information and inform us of any changes.
As set out above, your Personal Information may be processed for the purpose of creating general risk profiles. Where special categories of data / criminal conviction data are relevant this maybe processed as part of this analysis. If we were to report trends to any third parties any report, we prepare will group the informationso that all Personal Information (information that makes you identifiable) is removed. For example, we may produce a risk exposure report on a certain geographical area or postcode.
6. How wekeepyourinformationsafe
We take appropriate organisational and technical measures to protectyourinformationwithsecuritymeasuresunderthelawsthatapplyandwemeetinternationalstandards.Wekeepourcomputers,files andbuildings secure.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our Service and any transmission is at your own risk.
When you contact us to ask about your information, if necessary, we may ask you to identify yourself. This is to help protect your
Tomeetourregulatoryandlegalobligations,wecollectsomeofyourpersonalinformation,verifyit,keepit uptodatethroughregularchecks,and delete itoncewenolongerrequire it for the purpose for which is was originally collected. Wemayalsogatherinformationabout youfromthirdpartiestohelpusmeetourobligations.Ifyoudonotprovidethe information weneed, orhelpuskeepitup todate, wemaynot beabletoprovideyouwithourproductsand services.
As a guide we usually retain your personal data for around 7 years following expiry of a policy of insurance, completion of a claim, cancellation of your online account or termination of a contract between us. We may be required to retain data for longer periods. If you would like further details of our retention periods, please contact us on the details above.
For the purposes of the GDPR/ Act we have a legitimate interest in processing your personal data (name and contact details) for marketing communications. We will only require your consent, in certain circumstances, where we are marketing products and services to you as an individual, not to your business. Circumstances where we may need your consent are outlined below.
Where you have previously ordered products or services from us, unless you have told us not to, we may contact you by telephone, email or post about similar or related products, services, promotions and special offers that may be on interest to you.
In addition, with your consent, we may contact you by telephone, email or post to provide information in relation to other products, services, promotions, special offers and other information we think may be of interest to you.
You have the right at any time to ask us to stop processing your information for direct marketing purposes. If you wish to exercise this right please follow the unsubscribe link on the communications or contact us on the below details, or the relevant third party, giving us or them enough information to identify you and process your request.
Please note that even if you ask not to receive marketing communications, we may still need to send you service messages regarding the Services.
9. Your informationandthird parties
Sometimes we share your information with third parties. Forexample,to:
enable us to provide products, services andinformation;
research your experiences dealing withus;
sell your debts;
sell whole or part of our business;
prevent financial crime;
help trace, investigate and recover funds on your behalf;
trace information; and protect both our interests;
where we are obliged, or permitted, to do so by applicable law, regulation or legal.
In addition, we may share your details with third parties to effectively provide our Services, including:
existing claims handlers;
insurances and re-insurance providers;
insurance brokers and intermediaries;
our supplier and sub-contractors for the performance of ant contract we may have with them.
Inordertoprocess your applicationwe may supplyyourpersonalinformationto creditreferenceagencies(CRAs)and they will giveusinformationaboutyou suchas aboutyourfinancialhistory.We dothisto assesscreditworthinessand product suitability,checkyouridentity, manage your account, trace andrecover debts and preventcriminal activity.Wemay alsocontinuetoexchangeinformationaboutyouwithCRAsonan ongoingbasis,includingaboutyoursettled accountsandany debtsnotfullyrepaidontime.CRAs willshareyourinformationwithotherorganisations.
Yourdatamay also be linked tothedataofyourspouse,anyjointapplicantsorotherfinancialassociates.
The personal information we have collected from youwillbesharedwith fraud prevention agencies who will use it to preventfraudandmoney - launderingandtoverifyyouridentity.Iffraudis detected,youcouldberefusedcertainservices, finance oremployment.
Furtherdetails oftheCRA'sandfraudpreventionagencies,andhow they processyourinformationcanbe ascertained by contacting our offices.
Where required by the GDPR/ Act we will ensure that relevant contractual protections are in place with these third parties to ensure theyhavethesamelevelsofinformationprotectionthatwehave.
Wealsohavetoshareinformationwiththirdpartiestomeetanyapplicablelaw,regulationorlawfulrequest.Whenwebelievewehave been givenfalseormisleadinginformation,orwesuspectcriminalactivitywemustrecordthisandtelllawenforcementagencies,which may be either in or outside the UK.
I0. International transfer of data
WemaytransferyourpersonalinformationoutsideoftheEuropeanEconomicArea(EEA)tohelpusprovideyourproductsandservices. It may also be processed by persons operating outside the EEA who work for us, one of our associated companies or a third party engaged by us. Such countries may not have similar protections in place regarding protection and use of your data. We will take all steps reasonably necessary to ensure the security of your Personal Information i.e. where approved contractual clauses are agreed.
This section sets out the legal rights of individuals in respect of the Personal Information we are holding and/or processing. If you wish to exercise any of your legal rights you should put your request in writing to us (using our contact details below) giving us enough information to identify you and respond to your request.
Wecanhelpyouwith/ you have the right to:
Access your personal information. You can ask us for a copy of the personal information we hold. You can ask usabout how we collect, share and use yourpersonal information.Most requests will receive a response within one month of receipt of a valid request; those which are more complex or numerous may take up to three months. You may not be entitled to see all of the information about you if an exemption applies.
Rectification of inaccurate Personal Information. if the personal information that we hold about you is incorrect, you have the right to ask us to amend it. Taking into account the purposes of the processing of personal data, the data can be rectified or, if data is incomplete, completed.
Withdraw consent: You can change yourmind wherever yougive us your consent,such as for direct marketing, or using yoursensitive information, such as medical orbiometric data.
The right to erasure – in certain circumstances you have the right to request that the personal data held about you is deleted or removed. The GDPR outlines specific circumstances when this right applies; including: where data is no longer needed for the purposes for which it was collected. There are certain exemptions to the right; including: when processing is necessary to comply with a legal obligation.
The right to restrict and/ or object to processing – in certain circumstances you are entitled to restrict or object to the processing of personal data; this includes: where you contest the accuracy of the data or you object to our legitimate interests in processing your personal data. If this right is exercised, any further processing of your data will take place only in circumstances in which the GDPR allows such processing to take place.
The right to data portability – in certain circumstances you have the right, on request, to ask us to provide a copy of the personal data that you have previously supplied to us, i.e. where the processing is by automated means and you wish to transfer to a new service provider.
If you seek to exercise a right under the relevant law and we consider an exemption is applicable (or the relevant right is not exercisable), we will explain this to you in as clear a way as we can.
You can find out more about internet advertising by visiting the following websites: www.allaboutcookies.org, www.yourchoicesonline.eu, and www.networkadvertising.org. Some of these sites enable you to opt out of online behavioral advertising and other tracking cookies (in addition to the control settings on your browser).
If you have a complaint about the use of yourpersonalinformation,pleaseletamemberofstaffknow, givingthemtheopportunitytoputthingsrightasquicklyaspossible.
Ifyouwishtomakea complaintyou may dosoinperson,bytelephone,inwritingandbyemail.Pleasebeassuredthatallcomplaintsreceivedwill be fullyinvestigated.Youcanregisteracomplaint, using the contact details above.Weaskthatyousupplyasmuchinformationaspossible tohelpus resolveyourcomplaint quickly.
You also have the right to make a complaint to theInformation Commissioner'sOffice, the data protection regulator in the UK,atwww.ico.org.uk.