Barnes Commercial Privacy Policies
This is the privacy notice of Barnes Commercial Insurance Broker referred to as we, us or our in this privacy notice. For the purposes of relevant data protection legislation, we are a controller of your personal data. As a controller we use (or process) the personal data we hold about you in accordance with this privacy notice.
This privacy notice sets out how we collect and process your personal data. This privacy notice also provides certain information that is legally required and lists your rights in relation to your personal data.
This privacy notice relates to personal information that identifies you as a natural person (whether you are an actual or potential customer, an individual who browses our website or an individual outside our organisation with whom we interact). We refer to this information throughout this privacy notice as personal data or personal information and further detail of what this includes are set out in this privacy notice below.
The privacy and security of your personal information is very important to us so we want to assure you that your information will be properly managed and protected by us at all times. Please read this privacy notice carefully as it explains how we may collect and use your personal data.
This privacy notice may vary from time to time so please check it regularly. This privacy notice was last updated on 3rd September 2020.
HOW TO CONTACT US
If you need to contact us in connection with the use or processing of your personal data, then you can do so using our contact details as set out below.
DATA PROTECTION REPRESENTATIVE
Our Data Protection representative is Paul Reid who can be contacted by telephone on 01480 272727 or by post at our registered address:
Barnes Commercial Insurance Broker
3 Fenice Court
WHAT INFORMATION WE HOLD ABOUT YOU AND WHERE WE OBTAIN THIS FROM
The personal data that we collect about you may include the following information:
- Personal data you provide to us in person, via our website or by telephone
- Personal data you provide when you enquire about insurance, or when you purchase a policy, through us, including information about what and/or who you want to insure, such as vehicle details, business activities, your home or travel details
- General information about you, such as your name, address, contact details, date of birth
- Personal data you provide if you subscribe to any of our mailing or newsletter services
- Your claims and credit history
- Financial details, such as your bank account and card details
- Criminal convictions
- Information about your use of our website such as your IP address, which is a unique number identifying your computer, including personal data gathered using cookies
In addition, we may obtain certain special categories of your data (special categories of data) and data about criminal convictions, and this privacy notice specifically sets out how we may process these types of personal data. The special categories of data are data concerning health.
We collect your personal data from you as a controller when we obtain quotations for insurance for you, when we set up your policy for you and when we make changes to your policy for you.
This may also involve the collection of data from or about others who are associated with you and your insurance policy such as other persons insured on your policies or your employees or representatives. By giving us information about someone else for the purpose of arranging insurance for them under your policy such as named driver, employee or travel companion etc. you confirm that you have their permission to do so and that you have shared this privacy notice with them.
By asking us to arrange a contract of insurance for you where this involves passing information to us relating to children, you confirm to us that in doing so you are the responsible guardian of the child.
We also collect information from publicly available sources and third party databases made available to the insurance industry for the purposes of reducing fraud and financial crime as well as any other third party databases where your personal data may be held, provided such third parties have lawful bases on which to share such personal data with us.
HOW WE USE YOUR PERSONAL DATA AND THE LAWFUL BASIS FOR DOING SO
WHERE WE ARE RELYING ON A BASIS OTHER THAN CONSENT
We may rely on one or more of the following legal bases when processing your personal data for the following purposes:
|Purposes for which we process your personal data||The basis on which we can do this (this is what the law allows)|
|In order to perform our contractual obligations to you. This would include our fulfilling your requests for insurance services (including obtaining insurance for you, fulfilling requests for mid-term adjustments and obtaining renewals)||The processing is necessary in connection with any contract that you may enter into with us|
|To administer your account, including financial transactions for insurance broking||The processing is necessary in connection with any contract that you may enter into with us|
|To assist in the prevention and reduction of fraud and other financial crime||The processing is necessary for us to comply with the law and our legal requirements|
|In the interests of security and to improve our service, telephone calls you make to us may be monitored and/or recorded||The processing is necessary to pursue our legitimate interest in the management and operation of our business|
|To let you know about similar products and services that may be of interest to you||The processing is necessary to pursue our legitimate interest in operating our business|
SPECIAL CATEGORIES OF DATA AND CRIMINAL CONVICTIONS
We may also need to collect special categories of data from you such as information about your health, in order for us to perform our contractual obligations to you the lawful basis on which we can do this is that processing is necessary: (a) for an insurance purpose (b) is of personal data revealing racial or ethnic origin, religious or philosophical beliefs or trade union membership, generic data or data concerning health and (c) is necessary for reasons of substantial public interest. We may also process information on criminal convictions data which we may share with third parties under the processes of (a) and (b) above.
Insurance purposes mean (a) advising on, arranging, underwriting or administering an insurance contract (b) administering a claim under an insurance contract or (c) exercising a right or complying with an obligation, arising in connection with an insurance contract, including a right or obligation arising under an enactment or a rule of law.
We may need to pass your personal data to other companies which may include:
- Other companies or brands within our group of companies, for example if we are unable to provide a suitable insurance policy on request or at renewal we will check if any of our associated group companies can provide you with suitable cover
- The insurers, intermediaries and third-party service providers that we use for the purpose of arranging and administering your insurance policy. This may also include risk management assessors, uninsured loss recovery agencies, premium finance providers and other third parties involved (directly or indirectly) in the administration of your insurance and its associated benefits
- Firms that provide administration and processing services to us or on our behalf under contract in order to complete activities such as claims handling, IT systems and administrative services and other activities set out in this privacy notice, as well as support activities such as finance and auditing services
- Organisations that have a specific role laid out in law, such as statutory bodies, regulatory authorities and other authorised bodies
- Other organisations where we have a duty to or are permitted to disclose your personal information by law, for example if we received a valid request from the police or other third-party organisation in the interest of preventing and detecting crime
- Fraud prevention agencies and operators of registers available to the insurance industry to check information and prevent fraud
- Credit reference agencies to check your credit history. This check will be recorded on your credit reference file without affecting your ability to apply for credit or other financial products
- Third parties we use to recover money you may owe us or to whom we may sell your debt
- Another company, if our business or part of it is bought or taken over by that company to make sure your insurance policy can continue to be serviced or as part of preliminary discussions with that company about a possible sale or take over
The information you share with us may be transferred by us or any of the types of firms or organisations we have noted above, to other countries in order for processing to take place, including locations outside of the UK and the European Union. We will only do so if there are adequate levels of protection in place as required by applicable data protection laws.
ACCESSING OUR WEBSITE AND COOKIES
When you visit one of our websites, we may collect information from you, such as your email address, IP address and other online identifiers. This helps us to track unique visits and monitor patterns of customer website traffic, such as who visits and why they visit. We use third parties to collate IP addresses to help us understand our Internet traffic data and data regarding your browser type and computer. We may also use web usage information to create statistical data regarding the use of our website. We may then use or disclose that statistical data to others for marketing and strategic development purposes, but no individuals will be identified in such statistical data.
The open nature of the internet is such that data may flow over networks without security measures and may be accessed and used by people other than those for whom the data is intended. While this is outside of our control, we do take the protection of your information very seriously and aim to apply appropriate levels of security at all times.
We will only store your data for as long as is necessary to comply with the requirements of your insurance contract(s) and any legal obligations or lawful processing conditions that may exist as a result. You have a number of rights concerning the personal information we use, which you may ask us to observe. In some cases even when you make a request concerning your personal information, we may not be required, or be able to carry out your request as this may result in us not being able to fulfil our legal and regulatory obligations under the lawful processing conditions under which we hold your data or because there is a minimum statutory period of time for which we have to keep you information. If this is the case, we’ll let you know our reasons.
You can ask us to:
- Provide a copy of your personal information
- Correct or delete unnecessary or inaccurate personal information
- Restrict or to object to the use of your personal information at any time
- Object to any automated decision, including profiling which may have been used by insurers when underwriting your quotation. Where an automated decision has been made, we will advise you of this and of your rights
- Provide your personal data in a structured, commonly used and machine-readable format and to have your personal data transferred to another controller. This right only applies where our processing of your personal data is automated, and the processing took place initially with your consent or for the performance of a contract with you
- Where we rely on your consent to use your personal information, you can withdraw that consent at any time. Where your consent is withdrawn, your previous consent will remain valid in respect of our use of your information prior to the date you withdrew it, or if any marketing material has been sent prior to you advising that you don’t want us to contact you again
If you have any questions or concerns about this privacy notice or your data protection rights, please contact us using our details set out at the beginning of this privacy notice.
You also have the right to make an enquiry or to complain to the Information Commissioner’s Office (ICO) if you are unhappy with our use of your data, or if you think we have breached a legal requirement. Further details about the ICO are available at: www.ico.org.uk.
HOW WE CONTACT YOU ABOUT OTHER PRODUCTS AND SERVICES
We may from time to time process your personal data to let you know about similar products and services that may be of interest to you. This is because we value your custom and we pride ourselves in offering professional and tailored advice which meets your specific insurance needs. This includes keeping you informed on the latest insurance and industry information and details of any offers or promotions relating to the insurance services we provide to you. Our lawful basis for processing your personal data in this way is as is necessary to pursue the legitimate interests of our business, unless we have otherwise obtained your consent to do so. We may contact you by post, telephone, SMS or e-mail. You will be given the option to stop receiving any communications from us in this regard at any time however please note that this will not affect us contacting you about the servicing of products that you have specifically requested from us.
Job applicant data privacy notice
As part of our recruitment process, we collect and process personal data relating to job applicants/candidates. We are committed to being transparent about how we collect and use that data and to meeting our data protection obligations.
What information do we collect?
We collect a range of information about you. This includes:
- Your name, address and contact details, including email address and telephone number
- Details of your qualifications, skills, experience and employment history
- Information about your current level of remuneration, including benefit entitlements
- Whether or not you have a disability for which Barnes needs to make reasonable adjustments during the recruitment process
- Information about your entitlement to work in the UK
- Equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health, and religion or belief
We will also collect personal data about you from third parties, such as references supplied by former employers, information from employment background check providers and information from criminal records checks. We seek information from third parties only once a job offer has been made and we will let you know that we are doing so.
Data will be stored in a range of different places, including on your application record, in HR management systems, ATS and on other IT systems (including email).
Why do we process personal data?
We need to process data to take steps at your request before entering into a contract with you. We also need to process your data to enter into a contract with you.
In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, we are required to check a successful applicant’s eligibility to work in the UK before employment starts (known as right to work checks).
We have a legitimate interest in processing personal data during the recruitment process, keeping records of the process and future opportunities that you could be suitable for (talent pooling). Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.
Where we rely on legitimate interests as a reason for processing data (when receiving applications or speculative approaches), we have considered whether those interests are overridden by the rights and freedoms of employees or workers and we have concluded that they are not.
We process health information if we need to make reasonable adjustments to the recruitment process for candidates who have a disability. This is to carry out our obligations and exercise specific rights in relation to employment.
Where we process other special categories of data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is for equal opportunities monitoring purposes.
For some roles, we are obliged to seek information about criminal convictions and offences. Where we seek this information, we do so because it is necessary for us to carry out our obligations and exercise specific rights in relation to employment.
Who has access to your data?
Your information will be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team (which may include an outsourced service provider), interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff (which may be via an outsourced service provider) if access to the data is necessary for the performance of their roles.
We will not share your data with third parties, except for outsourced service providers with which we engage and where it is necessary for the performance of their roles.
We will share your data with your stated reference contacts which may include former employers, Universities and colleges to obtain references for you, employment background check providers to obtain necessary background checks and the Disclosure and Barring Service to obtain necessary criminal records checks.
How do we protect the data?
We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
How long do we keep data?
If your application for employment is unsuccessful, we will delete and destroy your data after a retention period of 24 months, following the recruitment process for the role. We must comply with a legal obligation placed on us to report on equality of opportunity and onboarding processes, which is 6 months. We then keep your data for an additional 18 months in our talent pool, so we can contact you if further opportunities arise that you could be suitable for. If you do not want your data stored for talent pooling and future opportunities, you can exercise this right and make your written request to email@example.com, and we will ensure your data is removed at 6 months.
As a data subject, you have a number of rights.
- Right of access – you have the right to request a copy of the personal data we have on you and ask for supporting information on why we hold it
- Right of erasure – in some circumstances, you have the right to request that we erase personal data about you. Please note, this is depending on the information we hold and our lawful reason to keep it – see retention periods. The earliest we can remove your application data is 6 months after the recruitment process for the role ends
- Right of rectification – you have the right to request that we rectify inaccurate personal data about you
- Right to restrict processing – in some situations, you have the right to request that we do not use the personal data you have provided. Such situations could include where you believe that data held includes inaccuracies
- Right to object– you have the right to object to certain processing of your personal data, although overridden if Barnes demonstrate the legitimate legal grounds for the processing of the data
- Right to data portability – you have the right to require us to provide you with a copy of your information for your use or transfer to another service provider.
If you would like to exercise any of these rights, please make a subject access request by contacting Paul Reid, Managing Director – firstname.lastname@example.org
If you believe that we have not complied with your data protection rights, you can complain to the Information Commissioner.
Will I be subject to automated decision making?
Your personal data may be subject to automated decision making when divergent (‘killer’) questions are used in the application process.
What if you do not provide personal data?
You are under no statutory or contractual obligation to provide data to us during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.
You are under no obligation to provide information for equal opportunities monitoring purposes and there are no consequences for your application if you choose not to provide such information.
Identity and contact details of the Barnes’ controller
Barnes is the controller and processor of data for the purposes of the Data Protection Act 2018 and GDPR.
If you have any concerns as to how your data is processed, you can contact:
Paul Reid, Managing Director – email@example.com
Barnes Commercial Limited