How we use your information
Your privacy is important to us and we are committed to keeping it protected. We have created this Customer Privacy Notice which will explain how we use the information we collect about you and how you can exercise your data protection rights. This Privacy Notice will help you understand the following:
Who are we?
We are Royal & Sun Alliance (RSA) Insurance plc, we provide commercial and consumer insurance products and services under a number of brands, such as More Th>n. We also provide insurance services in partnership with other companies.
Why do we collect and use your personal information?
As an insurer, we need your personal information to understand the level of insurance cover you require. We’ll use this information (e.g. your name, address, telephone number and email address) to communicate with you and if you have agreed, to send you news and offers related to our products and services.
We need to use your information to create a quote for you, allowing you to buy insurance products from us. When buying a product from us, you’ll also need to provide us with details about the items you wish to be covered by the insurance (e.g. car make and model, your home).
We may need to check information you have submitted with external companies/organisations (e.g. the DVLA, the Motor Insurance Database, credit reference agencies and criminal conviction checks.) When buying certain products, sometimes we will ask for special categories of personal data (e.g. driving offences for motor insurance, medical records in case of injury).
Once you become a customer, we’ll need to take your payment details to set up your cover. This could be direct debit, credit or debit card information. To service your policy, we might contact you via our website, emails, telephone calls or post. When using these services we might record additional information, such as passwords, online identifiers and call recordings.
For some of our products, we may collect information through smart sensors to assess your insurance needs (e.g. a black box installed in your vehicle when you buy a telematics driving product, which collects and uses geo-location and driving behaviour data).
If you need to claim against your insurance policy, we will need to collect information about the incident and this may be shared with other selected companies to help process the claim. If other people are involved in the incident, we may also need to collect additional information about them which can include special categories of personal data (e.g. injury and health data).
In submitting an application to us, you may provide us with equivalent or substantially similar information relating to other proposed beneficiaries under the policy. You agree that you will bring this Privacy Notice to the attention of each beneficiary at the earliest possible opportunity.
Data protection laws require us to meet certain conditions before we are allowed to use your personal information in the manner described in this Privacy Notice. To use your personal information, we will rely on one or more of the following grounds:
- Performance of contract: We need to use your personal information in order to provide you with the policy (which is a contract of insurance between you and us), and perform our obligations under it (such as making payments to you in respect of a claim made under the policy).
- Consent: In certain circumstances, we may need your consent unless authorised by law in order to use personal information about you which is classed as "special categories of personal data".
For marketing, you will always be given a choice over the use of your data.
- Necessity to establish, exercise or defend legal claim: If you, or we, bring a legal claim (e.g. a court action) against the other, we may use your information in either establishing our position, or defending ourselves in relation to that legal claim.
- Compliance with a legal obligation: Where laws or regulations may require us to use your personal information in certain ways.
- Legitimate Interests: We will also process your personal information where this processing is in our "legitimate interests". When relying on this condition, we are required to carry out a balancing test of our interests in using your personal information (for example, carrying out market research), against the interests you have as a citizen and the rights you have under data protection laws. The outcome of this balancing test will determine whether we can use your personal information in the ways described in this Privacy Notice. We will always act reasonably and give full and proper consideration to your interests in carrying out this balancing test.
Where else do we collect information about you?
Where possible, we’ll collect your personal information directly from you. However, on occasion we may receive details about you from other people or companies. For example, this might happen if:
It was given to us by someone who applied for an insurance product on your behalf (e.g. an insurance broker, a family member) where you have given them the permission to do so; or
It was supplied to us when you purchased an insurance product or service that is provided by us in partnership with other companies; or
It was lawfully collected from other sources (e.g. Motor Insurance Database, Claims and Underwriting Exchange or fraud prevention databases) to validate the information you have provided to us.
We request those third parties to comply with data protection laws and to be transparent about any such disclosures. If you would like some further information, please contact us.
Will we share your personal information with anyone else?
We do not disclose your information outside of RSA except:
- Where we need to check the information you gave to us before we can offer you an insurance product (e.g. reference agencies);
- Where we are required or permitted to do so by law or relevant regulatory authority (e.g. financial crime screening, fraud detection/prevention);
- Where we provide insurance services in partnership with other companies (e.g. building societies, large retailers);
- In the event that we are bought or we sell any business or assets, in which case we will disclose your personal information to the prospective buyer of such business or assets;
- As required to enforce or apply this Privacy Notice, or the contract of insurance itself;
- Within our group for administrative purposes;
- As required in order to give effect to contractual arrangements we have in place with any insurance broker and/or intermediary through which you have arranged this policy;
- With healthcare providers in the context of any relevant claim being made against your policy;
- If we appoint a third party to process and settle claims under the policy on our behalf, in which case we will make your personal information available to them for the purposes of processing and settling such claims;
- With our third party service providers (including hosting/storage providers, research agencies, technology suppliers etc.);
- With our reinsurers (and brokers of reinsurers) in connection with the normal operation of our business;
Sometimes your personal information may be sent to other parties outside of the European Economic Area (EEA) in connection with the purposes set out above. We will take all reasonable steps to ensure that your personal information is treated securely and in accordance with this Privacy Notice, and in doing so may rely on certain "transfer mechanisms" such as the EU-US Privacy Shield, and the standard contractual clauses approved by the European Commission. If you would like further information please contact us.
Which decisions made about you will be automated?
Before we can offer you an insurance product or service, we may need to conduct the following activities, which involve automated (computer based) decision-making:
Pricing and Underwriting – this process calculates the insurance risks based on the information that you have supplied. This will be used to calculate the premium you will have to pay.
Credit Referencing – using the information given, calculations are performed to evaluate your credit rating. This rating will help us to evaluate your ability to pay for the quoted products and services.
Smart Sensor Data Analytics – an insurance product that collects your information using smart sensors (e.g. in car black box) to calculate your insurance risk (e.g. driving score). This may then be used to determine your policy rewards (e.g. cash back for safe driving) and to calculate your policy renewal premium.
Automated Claims – some small claims may qualify for automated processing, which will check the information you provide, resulting in a settlement or rejection of your claim.
The results of these automated decision-making processes may limit the products and services we can offer you. If you do not agree with the result, you have the right to request that we perform a manual reassessment using the same information that you originally provided. If you wish to do so please contact us.
For how long will we keep your information?
Your personal information will be retained under one or more of the following criteria:
- Where the personal information is used to provide you with the correct insurance cover, which will be kept as long as it is required to fulfil the conditions of the insurance contract.
- Where the use of your personal information for a specific purpose is based on your consent, it will be kept for as long as we continue to have your consent (e.g. we would stop contacting you for marketing purposes once you have asked us to).
- Where, for a limited period of time, we are using some of your information to improve the products or services we provide.
- For as long as your information is required to allow us to conduct fraud and/or criminal checks and investigations.
Will you be contacted for marketing purposes?
If you have agreed, we might contact you by post, email, phone and text message to let you know about offers and services we think you’ll like. The messages may be personalised using information you have previously provided us.
You can ask us to stop contacting you for marketing purposes at any point.
We will only contact you for marketing purposes if we collected your information directly, except when authorised and instructed by the third-party acting on your behalf.
Your information is incorrect what should you do?
If you hold a product or service with us and think that the information we hold about you is incorrect or incomplete, please contact us and we will be happy to update it for you.
What are your rights over the information that is held by RSA?
We understand that your personal information is important to you, therefore you may request the following from us to:
- Provide you with details about the personal information we hold about you, as well as a copy of the information itself in a commonly used format. [Request Ref: DSR 1]
- Request your personal information be deleted where you believe it is no longer required. Please note however, we may not be able to comply with this request in full where, for example, you are still insured with us and the information is required to fulfil the conditions of the insurance contract. [Request Ref: DSR 2]
- Request the electronic version of the personal information you have supplied to us, so it can be provided to another company. We would provide the information in a commonly used electronic format. [Request Ref: DSR 3]
- Request to restrict the use of your information by us, under the following circumstances [Request Ref: DSR 4]:
- If you believe that the information we hold about you is inaccurate, or;
- If you believe that our processing activities are unlawful and you do not want your information to be deleted.
- Where we no longer need to use your information for the purposes set out in this Privacy Notice, but it is required for the establishment, exercise or defence of a legal claim.
- Where you have made an objection to us (in accordance with section 5 below), pending the outcome of any assessment we make regarding your objection.
- Object to the processing of your data under the following circumstances [Request Ref: DSR 5]:
- Where we believe it is in the public interest to use your information in a particular way, but you disagree.
- Where we have told you we are using your data for our legitimate business interests and you believe we shouldn’t be (e.g. you were in the background of a promotional video but you did not agree to be in it.)
In each case under section 5 above, we will stop using your information unless we can reasonably demonstrate legitimate grounds for continuing to use it in the manner you are objecting to.
If you would like to request any of the above, please contact us and submit a written request, including the request reference (e.g. DSR 1), as this will speed up your request. To ensure that we do not disclose your personal information to someone who is not entitled to it, when you are making the request we may ask you to provide us with:
- Your name;
- Date of birth;
- Any policy IDs or reference numbers that you have along with a copy of your photo identification.
All requests are free of charge, although for requests for the provision of personal information we hold about you (DSR1) we reserve the right to charge a reasonable administrative fee where, we believe an excessive number of requests are being made. Wherever possible, we will respond within one month from receipt of the request, but if we don’t, we will notify you of anticipated timelines ahead of the one month deadline.
Please note that simply submitting a request doesn’t necessarily mean we will be able to fulfil it in full on every occasion – we are sometimes bound by law which can prevent us fulfilling some requests in their entirety, but when this is the case we will explain this to you in our response.
Our Privacy Notice
If you have any queries regarding our Privacy Notice please contact us and we will be happy to discuss any query with you. Our Privacy Notice will be updated from time to time so please check it each time you submit personal information to us or renew your insurance policy.
How you can contact us about this Privacy Notice?
If you have any questions or comments about this Privacy Notice please contact:
The Data Protection Officer
Dean Clough Industrial Park
You may also email us at firstname.lastname@example.org.
How you can lodge a complaint?
If you wish to raise a complaint on how we have handled your personal information, please send an email to email@example.com or write to us using the address provided. Our Data Protection Officer will investigate your complaint and will give you additional information about how it will be handled. We aim to respond in a reasonable time, normally 30 days.
If you are not satisfied with our response or believe we are not processing your personal information in compliance with UK Data Protection laws, you may lodge a complaint to the Information Commissioner’s Office, whose contact details are;
Information Commissioner’s Office
Cookies are small text files placed on your computer and are commonly used on the internet. There are various types of cookies which perform different functions, such as remembering which items you have placed in your shopping basket or analysing your browsing behaviour to enable advertisers to present you with adverts more relevant to you and your interests.
Accepting or rejecting cookies
Most web browsers will accept cookies, but if you would prefer we did not collect data by this method, you can disable this function within your browser settings. If you want to delete any cookies that are already on your computer, please refer to the instructions for your file management software to locate the file or directory that stores cookies.
- Collect information that will help us to distinguish visitors, to understand visitors’ browsing habits on our website and to improve their experience.
- Compile statistical reports on website activity e.g. numbers of visitors and the pages they visit
- Collect information that will allow us to tailor advertising to make it more relevant for you, based on your previous interactions with our website.
- Remember information about you when you visit our site. Some of the cookies are essential in order to provide our services to you.
Below, we have set out the four categories of cookies that we use on our websites. These cookies are:
- Strictly necessary cookies
- Performance cookies
- Functionality cookies
- Targeting cookies
Some of our websites also include third party cookies, which are cookies not set by RSA. In each of the four categories above, we have specified where third party cookies are used.
The following types of cookies may be used during your visit to our website:
Strictly necessary cookies
These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies, services you have asked for, such as obtaining a quote or logging into your account, cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.
These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. They also allow us to record and count the number of visitors to the website, all of which enables us to see how visitors use the website in order to improve the way that our website works. These cookies do not collect information that identifies a visitor, as all information these cookies collect is anonymous and is only used to improve how our website works.
These cookies allow our website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced features. For instance, a website may be able to provide you with news or updates relevant to the policies you buy. These cookies can also be used to remember changes you have made to text size, font and other parts of web pages that you can customise. They may also be used to provide services you have requested such as viewing a video or commenting on a blog. The information these cookies collect is usually anonymised. They do not gather any information about you that could be used for advertising or remember where you have been on the internet
These cookies collect several pieces of information about your browsing habits. They are usually placed by advertising networks rather than website operators. They remember that you have visited a website and share this information with other organisations such as advertisers. They do this in order to provide you with targeted adverts more relevant to you and your interests. Quite often they will be linked to site functionality provided by the other organisation. Although the cookies can track your visits around the web they do not usually know who you are. Without these cookies, online advertisements you encounter will be less relevant to you and your interests.
- Cookies placed by advertising networks to collect browsing habits in order to target relevant adverts to you. The site you are visiting need not actually be serving adverts, but often this will also be the case.
- Cookies placed by advertising networks to complement services used by website operators to increase functionality, for example, commenting on a blog, adding a site to your social network, providing maps or counters of visitors to a site.
Information on deleting or controlling cookies is available at www.allaboutcookies.org
Please note that if you disable cookies, the website functionality may be impaired and prevent you from obtaining a quotation or completing your purchase online.
How we protect your information
We capture your personal information, such as names and addresses, over a secure link using recognised industry standard Secure Sockets Layer (SSL) technology which encrypts the data whilst passing it over the web. This will be indicated on most browsers by a lock in the status bar at the bottom of the screen.
Firewalls are used to block unauthorised traffic to the servers and the actual servers are locked in a secure location which can only be accessed by authorised personnel.
0800 numbers are free and any numbers beginning 03 will be charged at local rate. Other providers charges including calls from mobile phones, will vary depending on your network rate.