Last Updated 10/08/23
We are part of the Brown & Brown (Europe) Ltd (Brown & Brown) Group of Companies, for a full list of Brown & Brown trading companies please visit www.bbrowneurope.com/tradingentities
This privacy notice tells you what to expect when Brown & Brown collects and processes your personal information. We take the protection of your data seriously and are committed to being transparent with you about the data we collect and how it is used and shared. We are committed to ensuring that we meet all our obligations under relevant Data Protection laws, including the United Kingdom (UK) and European Union (EU) General Data Protection Regulations (GDPR) and UK Data Protection Act 2018, as amended from time to time.
We will receive personal information about you when you contact us, for example by requesting or obtaining a quote, purchasing a product from us or from one of our partners or using one of our websites. The information may include:
Individual details
|
Name, address (including proof of address), other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and employment history, and family details, including their relationship to you. |
Identification details
|
Identification numbers issued by government bodies or agencies, including your national insurance number, passport number, tax identification number and driving licence number. |
Financial information
|
Payment card number (credit or debit card), bank account number, or other financial account number and account details, credit history, credit reference information and credit score, assets, income, and other financial information, account log-in information and passwords for accessing insurance policy, claim and other accounts. |
Risk details | Information about you (and others insured under the policy) which we need to collect to assess the risk to be insured and provide a quote. This may include data relating to health, criminal convictions, or other special categories of personal data (see below). For certain types of policy, this could also include telematics data. |
Policy information
|
Information about the quotes you receive and policies you take out. |
Credit and anti-fraud data
|
Credit history, credit score, sanctions and criminal offences, and information received from various anti-fraud databases relating to you. |
Medical condition and health status
|
Current or previous physical, mental or medical condition, health status, injury or disability information, medical diagnosis, medical procedures performed and treatment given, personal habits (for example, smoking or consumption of alcohol), prescription information, and medical history. |
Previous and current claims
|
Information about previous and current claims, (including other unrelated insurances), which may include data relating to your health, criminal convictions, or other special categories of personal data (see below) and in some cases, surveillance reports. |
Other sensitive information
|
Information about religious beliefs, ethnicity, political opinions or trade union membership, sexual life and orientation, or genetic or biometric information
We may obtain information about criminal records or civil litigation history (for example, for preventing, detecting and investigating fraud) |
Telephone recordings | Recordings of telephone calls with our representatives and call centres |
Photographs and video recordings | Images (including photographs and pictures) or video recordings created in connection with our insurance or other business activities, including for claims assessment, administration and settlement, claim disputes, or for other relevant purposes as permitted by law, as well as CCTV recordings captured by equipment on our premises |
Marketing preferences and marketing activities | Marketing preferences including preferences for our method of contact.
To improve our marketing communications, we may collect information about interaction with, and responses to, our marketing communications |
We will process any personal data lawfully under one or more of the following bases:
Performance of a Contract
|
the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract. |
Compliance with a Legal obligation | the processing is necessary for us to comply with the law (not including contractual obligations). |
Legitimate interests | the processing is necessary for our legitimate interests pursued by us. In such cases our legitimate interests are as follows:
· To add value to your product by offering you other general insurance products; · To provide high standards of service to our customers by ensuring they are fully informed about all of our products; · To engage in activities to improve and adapt the range of products and services we offer and to help our business grow; · To investigate and prevent potential fraudulent and other illegal activity. |
Consent | where you have given clear consent for us to process your personal data for a specific purpose, such as marketing activities. If we need consent to process personal information, we’ll ask for this first. This consent can be withdrawn at any time. |
Necessary for reasons of substantial public interest | under the UK Data Protection Act 2018 processing for an insurance purpose is included within this basis when processing special category and conviction data. |
We will use personal information about you primarily in connection with the provision of insurance, namely:
We may monitor calls, emails, text messages and other communications with you. When you contact us we may keep a record of that correspondence and any information provided to us during that or any subsequent communication.
We may use your purchase history to tell you about our offers and products that we think you will be most interested in. If you prefer not to receive these messages, you can opt out at any time.
If you’ve chosen to receive marketing information from us, profiling and automated decision making may be used to make our marketing more relevant, for example by personalising the methods we use to market to you, the marketing messages you receive and the offers you’re sent.
We will collect personal information about you from you directly but also potentially from your family members, employer or representative, other insurance market participants, credit reference agencies, anti-fraud databases, sanctions lists, court judgements and other judicial databases, government agencies such as the DVLA and HMRC, open electoral register and any other publicly available data sources. In addition, in the event of a claim, we will receive information from third parties including the other party to the claim (claimant / defendant), witnesses, experts (including medical experts), loss adjustors, solicitors, and claims handlers.
In using personal data for the above purposes, we may disclose personal data to third parties including (but not limited to) insurers, reinsurers, intermediaries or other brokers; outsourcers, sub-contractors, agents and service providers; claim handlers; premium finance providers; professional advisers and auditors. Third parties to whom we disclose personal data are required by law and contractual undertakings to keep personal data confidential and secure, and to use and disclose it for purposes that a reasonable person would consider appropriate in the circumstances and in compliance with all applicable legislation.
We may share and aggregate information about you from across the Brown & Brown Group of companies, including personal information held within the Group relating to other policies held with us, quotes or claims details and we may use this information to:
We keep Personal Information for as long as is reasonably required for the purposes explained in this Privacy Policy. We also keep records, which may include Personal Information, to meet legal, regulatory, tax or accounting needs. For example, we are required to retain an accurate record of your dealings with us, so we can respond to any complaints or challenges you or others might raise later. We’ll also retain files if we reasonably believe there is a prospect of litigation. The specific retention period for your Personal Information will depend on your relationship with us and the reasons we hold your Personal Information.
To support us in managing how long we hold your data and our record management, we maintain a data retention policy which includes clear guidelines on data retention and deletion.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. We may need to transfer your information outside the United Kingdom to other service providers and business partners. We will only transfer your personal information in this way where there is an adequate level of protection that is the same as the level of protection required under United Kingdom data protection legislation.
In the event that we process personal information outside the UK, the processing in those locations is protected by UK and European data standards. If the information you provide to us is transferred to countries outside the UK and the European Economic Area (EEA) by us or our suppliers, steps will be taken to make sure appropriate security measures are in place with the aim of ensuring your privacy rights continue to be protected.
Data protection laws provide you with a number of rights as set out below.
We may ask you for proof of identity when you make a request to exercise any of these rights. We do this to ensure we only disclose information to the right individual.
We aim to respond to all valid requests within one calendar month. It may take us longer if the request is particularly complicated or you have made several requests. We’ll always let you know if we think a response will take longer than one calendar month. We may also ask you to provide more detail about what you want to receive or are concerned about.
We may not always be able to do what you have asked. This is because your rights will not always apply, for example if it would impact the duty of confidentiality we owe to others, or if the law allows us to deal with the request in a different way. We will always explain to you how we are dealing with your request.
Right to access your personal data
|
You may request confirmation that we hold personal data about you, as well as access to a copy of any such data. |
Right to rectification | You may ask us to rectify any inaccurate information we hold about you. |
Right to erasure
|
You may ask us to erase your Personal Information, but this right only applies in certain circumstances, e.g. where:
· it is no longer necessary for us to use your Personal Information for the original purpose; · our lawful basis for using your Personal Information is consent and you withdraw your consent; or · our lawful basis is legitimate interests and there is no overriding legitimate interest to continue using your Personal Information if you object. This isn’t an absolute right and we have to balance your request against other factors such as legal or regulatory requirements, which may mean we cannot erase your Personal Information. |
Right to restriction
|
You may ask us to stop using your Personal Information in certain circumstances such as:
· where you have contacted us about the accuracy of your Personal Information and we are checking the accuracy; · if you have objected to your Personal Information being used based on legitimate interests. This isn’t an absolute right and we may not be able to comply with your request. |
Right to portability
|
In some cases, you can ask us to transfer Personal Information that you have provided to us to another third party of your choice. This right only applies where:
· we have justified our use of your Personal Information based on your consent or the performance of a contract with you; and · our use of your Personal Information is by electronic means. |
Right to object
|
You can object if you no longer wish to receive direct marketing from us.
You may also object where you have grounds relating to your particular situation and the lawful basis we rely on for using your Personal Information is our (or a third party’s) legitimate interests. However, we may continue to use your Personal Information where there are compelling legitimate grounds to do so. |
Automated decision making
|
You have the right not to be subject to a decision using your Personal Information which is based solely on automated processing (without human involvement) where that decision produces a legal effect or otherwise significantly affects you. This right does not apply if the decision is:
· necessary for the purposes of a contract between us and you; · authorised by law (e.g. to prevent fraud); or · based on your explicit consent. You do however have a right to request human intervention, express your view and challenge the decision. |
Right to make a complaint
|
You have the right to lodge a complaint with the supervisory authority (although we would encourage you to contact us in the first instance).
The Information Commissioner can be contacted at; Information Commissioners Office, Wycliffe house, Water Lane, Wilmslow, Cheshire, SK9 5AF www.ico.org.uk |
Cookies are small text files that can be used by websites to make a user’s experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.
This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages. You can at any time change or withdraw your consent from the Cookie Declaration on our website.
Learn more about what cookies we are using and the purpose of their use in our Cookie Policy.
Use the contact details in the ‘Contact us’ section for any questions or concerns relating to this Privacy Notice or our data protection practices, or to make a request relating to your rights such as a subject access request.
Our Brown & Brown Group Data Protection Officer can be contacted at:
data.protection@grpgroup.co.uk
Brown & Brown (Europe) Ltd
7th Floor
Corn Exchange
55 Mark Lane
London
EC3R 7NE
This Privacy Policy was last updated on 10/08/2023.
We review this Privacy Policy regularly and reserve the right to make changes at any time to take account of changes in our business activities, legal requirements, and the manner in which we process Personal Information. We will place updates on this website and where appropriate we will give reasonable notice of any changes.
If you have any further questions about our privacy policy, call us on 0800 197 2770
09:00–17:00 Mon to Fri (excluding bank holidays)