About Us
This Privacy Statement is provided by C & C Insurance Brokers Ltd, 86-90 Compstall Road, Romiley, Stockport, Cheshire SK6 4DE. Our main switchboard number is 0161 406 4800. It explains how we use your personal data, why we use it and the rights you have in relation to that data.
We trade under a number of trading names, and where we do this, we hold the appropriate approvals and permissions from the relevant authorities to do so. You can view a full list of all our current trading names at any time on the Financial Services Register, which can be accessed by visiting https://register.fca.org.uk and typing in either our company name or our firm reference number – 309053.
We are acting as a Controller in respect of your personal data in carrying out our contractual services on behalf of our clients – it is therefore our responsibility to ensure that any sharing or processing of this data is compliant with the General Data Protection Regulations. A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Data protection and privacy contact
We have appointed a senior individual to oversee compliance with data protection law. While we are not required to appoint a statutory Data Protection officer, our Compliance Director acts as our primary contact for all data protection and privacy matters. If you have any questions about how we use your personal data or wish to exercise your individual rights, please contact our compliance director using the contact details set out at the end of this privacy notice.
A data ‘processor’ means the individual or organisation which processes personal data on behalf of the controller.
For us to arrange a policy, we need to collect and process certain information about the policyholder and those who will be covered on the policy. In addition, to administer a claim we will need to collect and process certain information about the claimant and other people involved. The lifecycle of your insurance may involve sharing your personal data with other companies within our group and other market participants, some of which you may not have direct contact with.
The purpose of this Privacy Statement
This Privacy Statement is designed to help you understand what kind of information we collect in connection with our products and services and how we will process and use this information. In the course of providing you with products and services, we will collect and process information that is commonly known as personal data.
This Privacy Statement describes how we collect, use, share, retain and safeguard personal data.
This Privacy Statement sets out your individual rights; we explain these later in the Statement, but in summary, these rights include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.
We will process your personal data in line with:
- The UK’s updated Data Protection Act 2018, which was initially the UK’s enactment of the EU GDPR
- The UK retained provisions of the EU’s General Data Protection Regulation (‘UK GDPR’) (retained by virtue of the European Union (Withdrawal) Act 2018)
- Regulations based on wider EU legislation, such as the Privacy and Electronic Communications Regulations (EC Directive) 2003 (PECR) and future updates.
- Wider guidance from the Information Commissioner’s Office – www.ico.org.uk
How we obtain personal data from you
We may obtain and process personal data from you via our website, from you directly by telephone, face to face, or email or written correspondence such as a claim form. Occasionally, we may obtain your personal data from your employer, third-party organisations or individuals with whom you have agreed to share your information. We may also receive it from insurers, other insurance intermediaries, firms handling claims and finance providers.
If you object to the collection, sharing and use of your personal data, we may be unable to provide you with our products and services. For the purposes of meeting the Data Protection Act 2018 territorial scope requirements, the United Kingdom is identified as the named territory where the processing of personal data takes place.
The personal data that we collect and hold
Depending on the products or services we supply to you, your employer, or the capacity in which we act, we may collect and process the following categories of personal data.
Personal and contact details – This may include your name, address, contact details (such as email address and telephone number), data and place of birth, gender, marital status, nationality, employer details, job title and employment history. We may also collect the details of beneficiaries, claimants or other individuals connected to an insurance policy, such as their relationship to the policyholder.
Identification and verification information – Where necessary, this may include details from identity documents such as a driving licence, passport, national insurance number or other information required for identity verification, fraud prevention or regulatory purposes.
Financial information – This may include bank account details, sort code, income information, tax identification details and other financial information required for arranging, administering or settling insurance policies and claims.
Criminal offence and fraud-related data – We may process information relating to criminal convictions, alleged offences or sanctions, including driving offences, where this is relevant to insurance underwriting, fraud prevention, claims handling or compliance with legal and regulatory obligations. This may include information obtained from anti-fraud databases, sanctions lists or law enforcement agencies, where permitted by law.
Health and special category data – Some insurance products require us to process special category personal data, including information about medical conditions, health status, injuries, disabilities, medical procedures, lifestyle information (such as smoking or alcohol consumption) and prescription or medical history. This information is only processed where necessary for the purposes of arranging or administering insurance, assessing risk, handling claims or complying with legal or regulatory obligations, and is subject to appropriate safeguards. In limited circumstances, and only where required by Insurers, this may also include genetic or biometric data.
Website and technical information – We may collect information about your use of our website, including IP address and other technical data, as well as information collected through cookies or similar technologies. Further details are provided in our cookie information.
Purpose of processing and lawful basis
We process your personal data only where we have a lawful basis to do so under UK data protection law. The lawful basis we rely on depends on the purpose for which your personal data is being used, as set out below.
Providing insurance and related services – We process your personal data where it is necessary for the performance of a contract, or in order to take steps at your request prior to entering into a contract. This includes arranging quotations, placing cover, administering policies, handling renewals, mid-term adjustments and claims.
Legal and regulatory obligations – We process your personal data where it is necessary for us to comply with our legal or regulatory obligations. This includes obligations relating to FCA rules, anti-money laundering and fraud prevention, financial crime detection, complaints handling, record keeping and responding to lawful requests from regulators or other authorities.
Legitimate interests – We process certain personal data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. These interests include improving our services, maintaining business records, ensuring the security of our systems, preventing fraud and managing risk.
Consent – Where required by law, we will rely on your consent to process your personal data. This typically applies to certain types of electronic marketing communications. Where we rely on consent, you have the right to withdraw it at any time. We do not rely on consent as a condition of providing insurance services, where another lawful basis applies.
Our legitimate interests
Where we rely on legitimate interests as our lawful basis for processing, those interests include operating our business efficiently, maintaining appropriate records, improving our products and services, preventing fraud, ensuring network and information security and managing relationships with insurers and other service providers.
We have considered the potential impact on individuals and have concluded that our legitimate interests do not override your rights and freedoms. You have the right to object to processing based on legitimate interests in certain circumstances.
How we use your personal data
We use your personal data for the following purposes:
- To provide insurance quotations which may include fraud, anti-money laundering and sanctions checks, and subsequently accepting cover on your behalf.
- For the general administration of policies, including the collection or refunding of premiums, paying of claims, processing and facilitating other payments.
- Managing any claims, including the defence or prosecution in any litigation, investigating and prosecuting fraud.
- Contacting you to arrange the renewal of a policy
- For home insurance customers only – we will also use your property address details (first line of address and postcode) to help us identify situations where renovation works are planned or underway at your property. These works may affect the validity of your existing insurance cover. The lawful basis for this processing is our legitimate interest in ensuring that your insurance cover remains appropriate and valid, particularly where material changes such as renovations may impact your risk profile or insurance policy terms. We carry out this activity in line with data protection requirements and with a focus on minimising data use. We may securely share your address data (first line and postcode only) with Renovation Underwriting Ltd and their appointed subcontractors, who will match it against publicly available planning application data to identify any proposed renovation works. No other personal information is shared, and all data is retained only for the duration necessary to complete this matching process. (Typically one calendar month)
These activities will involve us sharing your personal data with insurers and may involve our sharing it with other insurance intermediaries, advisers, agents, contractors, and service and finance providers. This is normal practice within the insurance industry where it is necessary to share information in order to place, quantify and underwrite risks, to assess overall risk exposure and to process claims. It is also necessary to determine the premium payable and to administer our business.
We may retain and disclose your personal data in order to comply with any statutory, legal or regulatory obligations. We are required to report any suspicious transactions to the National Crime Agency (NCA) and may need to provide them with information, including your personal data or related organisations. Similarly, we may also need to disclose information about our clients, including personal data, to certain bodies that have statutory powers, for example, the Department of Work and Pensions.
Marketing communications – We may use your personal data to contact you with information about our products or services where permitted by law. This may include communications sent by email, telephone or post. Electronic marketing communications will only be sent where we have your consent or where permitted under the Privacy and Electronic Communications Regulations (PECR). You can opt of marketing communications at any time by using the unsubscribe details provided or by contacting us directly. Opting out of marketing will not affect our ability to provide insurance services to you.
International transfers – We may share your personal data with insurers, service providers or other organisations that operate outside the UK. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, such as approved international data transfer agreements or other lawful mechanisms, to protect your information.
Retention period
We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. This includes meeting legal, regulatory, accounting and reporting requirements. In the insurance industry, retention periods are influenced by FCA rules, statutory limitation periods, complaints handling requirements and our contractual obligations. In some cases, this means we may retain records for several years after a policy has ended or a claim has been settled.
Individual’s rights
You have a number of rights under data protection law, including the right to access your personal data, request rectification or erasure, restrict processing, object to processing and request data portability in certain circumstances.
There may be situations where we are unable to fully comply with a request, for example, where we are required to retain information to meet legal or regulatory obligations. If this applies, we will explain this to you clearly.
Requests to exercise your rights will be responded to within one calendar month, unless an extension is permitted under the law, in which case we will explain the reason for any delay. Your rights are:
- The right to be informed about the personal data being processed;
- The right of access to your personal data;
- The right to object to the processing of your personal data;
- The right to restrict the processing of your personal data;
- The right to rectification of your personal data;
- The right to erasure of your personal data;
- The right to data portability (to receive an electronic copy of your personal data);
Automated decision making and profiling – We do not make decisions about you that are based solely on automated processing, including profiling, which product legal or similarly significant effects. Some Insurers or other third parties we work with may use automated tools or profiling techniques as part of underwriting, pricing or fraud prevention processes. Where this applies, those organisations are responsible for providing you with further information about their use of automated decision-making.
Under data protection law, you have the right to change or withdraw your consent. Where we have no legitimate reason to continue to hold your information, you have the right to be forgotten. (Please note that your right for your Personal Data to be erased could be overridden by policy terms and conditions and our regulatory and legal based compliance requirements to retain such data).
In exercising your Individual Rights, you should understand that in some situations we may be unable to fully meet your request, for example, if you make a request for us to delete all your personal data, we may be required to retain some data for taxation, prevention of crime and for regulatory and other statutory purposes.
In some circumstances, legal or public interest obligations may mean we cannot fully comply with a request. If this applies, we will always explain the reason clearly.
The flow of data within the insurance sector is complex, and we ask you to keep this in mind when exercising your ‘rights of access’ to your information. Where we may be reliant on other organisations to help satisfy your request, this may impact on timescales.
If you require further information on your Individual Rights or you wish to exercise your Individual Rights, please contact the Compliance Director at compliance@cc-insure.com
If you wish to inform us of changes in consent for marketing, please contact us using the address or telephone number indicated in any recent correspondence or emails you have received from us. Further details of your rights can be obtained by visiting the ICO website at https://ico.org.uk
Should you wish to obtain, transfer, update, rectify or delete your data please send your request to compliance@cc-insure.com. Upon receipt, your request will be actioned within one calendar month, or a suitable explanation for any delay, within ICO requirements will be put in writing to you.
Security and Protecting your data
The security of your personal information is important to us. We have in place appropriate safeguards relevant to the sensitivity of the information we maintain and will take all appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data. Data will only be provided to those who lawfully require information for legitimate and relevant business needs.
How to complain
If you have any concerns about how we process your personal data, please contact our Compliance Director in the first instance so we can try to resolve the matter. You also have the right to lodge a complaint with the Information Commissioners Office (ICO), the UK supervisory authority for data protection matters.
Should you wish to make a complaint about any aspect of the processing of your personal data, please contact the Compliance Director at compliance@cc-insure.com.
If you are not happy with our response, you may contact the ICO directly on 0303 123 1113 or via their website ico.org.uk
How to contact us
If you have any questions regarding this Privacy Statement, the use of your data or your Individual Rights please contact the Compliance Director at C&C Insurance Brokers Ltd, 86-90 Compstall Road, Romiley, Stockport, Cheshire SK6 4DE or by e-mailing compliance@cc-insure.com or by telephoning 0161 406 4800.
