Cork Bays and Fisher Privacy Policy

Introduction

Cork Bays and Fisher is a trading name of Kingfisher Insurance Services Limited (We/Us), registered in England No 01469545 at our registered office: 768 Hagley Road West, Oldbury, West Midlands B68 OPJ. Kingfisher Insurance Services Limited is authorised and regulated by the Financial Conduct Authority (FCA) No 310218.

For the purposes of this notice personal data or data may include both personal data, such as your name, address, date of birth and claims history and “special” categories of data such as information about offences, criminal or motoring convictions and medical conditions.

We are committed to ensuring that your privacy is protected. Should We hold or use your personal data, you can be assured that it will only be used in accordance with this privacy notice. You must have received the consent of any third party named on your insurance policy to provide their personal data to Us and you should show this notice to them. This policy should be read in conjunction with the Terms of Business that relates to your insurance policy with Us. Kingfisher Insurance Services Limited may change this policy from time to time, however We are not obliged to give notice of the changes so you should check our websites or contact Us to ensure you are referring to the latest version.

How do We obtain your personal data?

We may obtain your personal data from a variety of sources. We may obtain it from you directly, your family members, representatives acting on your behalf or other parties named on the insurance policy. We may also receive data from introducers you have authorised to act on your behalf, other insurers or insurance brokers you have dealt with in the past, for example if We request them to provide Us with proof of your no claims bonus entitlement.

We may also obtain information available within the public domain for example news articles, court proceedings and public posts on social media.

Information about you may also be obtained from credit reference and fraud prevention agencies; debt tracing agencies; insurance industry databases and registers such as the Claims Underwriting Exchange (CUE), the Motor Insurance Bureau (MIB), Motor Insurers Anti-Fraud and Theft Register (MIAFTR) and from governmental agencies such as the Driver and Vehicle Licencing Agency (DVLA).

We may also obtain data about you through the use of technology such as cookies on our websites or website usage monitoring tools. Our full cookie policy is included below.

What will We use your personal data for?

We will use your data for providing an insurance quotation, managing and administering your insurance policy, assisting with and in some cases administering claims, responding to complaints, policy enquiries, preventing fraud and financial crime, arranging premium finance or managing outstanding balances.

If you are insuring a vehicle or vehicles, details of this/these and the insurer have to be passed to the Motor Insurance Database (MID) run by the MIB. This is to demonstrate that you have insurance cover on the vehicle(s) as required under the Road Traffic Act 1988 (RTA). This is normally done by the insurer but on occasion We may also do this on their behalf.

We may ask you to participate in surveys that assist Us in developing and improving the service We offer. We may use your personal data to keep you informed about other products and services that We have available from Kingfisher Insurance Services Limited.   You can withdraw consent at any time by contacting Us using the information in the contact details section or using the ‘unsubscribe’ option in any marketing emails We send to you.

Before We provide our services, We may undertake checks against you. These checks may require Us to process personal data about you to –
• verify your identity using credit reference agencies,
• establish your insurance claims history, using the Claims Underwriting Exchange (CUE),
• confirm that you or anyone named on the policy does not appear on financial sanctions lists.
• prevent fraud and money laundering by searching various fraud prevention databases.

If We, or a fraud prevention agency determine that you pose a fraud or money laundering risk, We may refuse to provide the service you have requested or We may stop providing existing services to you.

Your personal data may also be used to allow Us to fulfil our legal or regulatory responsibilities, this may involve sharing your personal data with authorities such as the Financial Conduct Authority (FCA), The Information Commissioner’s Office (ICO), police or other law enforcement agencies and governmental agencies if requested and required to do so.
If you are unable or unwilling to allow Us to use your data in line with this privacy notice, We will be unable to enter into a contractual relationship with you.

Who will We share your personal data with?

We take the security of your personal data very seriously and have a ‘data protection by design’ philosophy to the protection of your privacy. In order to provide our range of products and services to you, it is necessary to share your personal data with third parties. We always ensure that the required safeguards are in place before sharing your data outside of Kingfisher Insurance Services Limited. On occasion, it may be necessary to transfer some of your data outside of the EU, but We will only do so if We have a contractual agreement with that company to protect the data to the same levels as We would and the country in which they are domiciled allows them to offer such protection.  

The following outlines who We may share your data with and the circumstances in which We would do this:

  1. If you request a quotation
  • If you request a quotation from Us, We pass your personal data to the insurer(s) and/or their appointed agent(s) who will provide quotations for your policy. Insurers, reinsurers or their agents will act as data controllers alongside Us. The data you provided will be held on our internal systems and those of our software provider(s) until they are removed in line with our retention policy, noted below.
  • In order to verify your identity, We may share your data with various credit reference agencies and other organisations such as the Claims Underwriting Exchange (CUE).
  • In order to reduce instances of fraud or money laundering, We may share your personal data with fraud prevention agencies. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide services to you.
  • We may be requested by government or regulatory authorities, such as the police, HM Revenue & Customs or the Department for Work and Pensions, to provide your personal data to them. If We are legally obliged to do so We may share your data with these government agencies for the purposes of crime and fraud prevention and the apprehension and prosecution of offenders.
  • We may share your personal data with internal or external auditors or professional advisors such as solicitors.
  • We may also share your personal data with anyone named on the insurance policy, close family members of the policy holder or anyone whom you have authorised to discuss the policy on your behalf.
  • If false or inaccurate information is provided or fraud is identified, We may also pass your details to fraud prevention agencies. These and other organisations may access and use this information to prevent fraud and money laundering, for example, when checking details in insurance proposals or processing any type of insurance claim or potential claim. Other organisations, both inside and outside of the UK, may also access the information recorded by these fraud prevention agencies for the prevention of crime or other lawful reason. You can contact your insurer directly to find out which fraud prevention agencies they use.
  • We may share personal data with our IT infrastructure providers. This is for the purposes of data storage, data backups and disaster recovery.
  • We may share your personal data with the Financial Ombudsman Service if you have made a complaint to them about the provision, or a failure to provide our services to you.
  • We may outsource some functions to carefully selected third parties, for example, to follow up on web-based leads to assist Us in arranging a policy for you.
  • It may be necessary to share your personal data with regulatory, supervisory or government agencies if We are required to do so by law.
  • If you take a policy through Us
  • If you decide to take a policy with Us, We pass your personal data to the insurer(s) or their appointed agent(s) who underwrite your policy and they may also share your personal data with their reinsurer(s). Insurers or their appointed agent(s) will act as data controllers alongside Us. If you have a claim your personal data may be passed to a claims management company, loss adjuster, engineer or other party in order to assist with the administration and handling of the claim on your or the insurer’s behalf and to various anti-fraud databases for the detection and prevention of insurance fraud.
  • If your policy is cancelled or is not renewed then We may release details of any no claims bonus accrued, claims information and if applicable the reason for cancellation if this is requested by your new insurer or broker.
  •  In order to verify your identity, We may share your data with various credit reference agencies and other organisations such as the Claims Underwriting Exchange (CUE), and Experian.
  • In order to reduce instances of fraud or money laundering, We may share your personal data with fraud prevention agencies. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide services to you.
  • Details of any vehicle insured and the insurer will also be added to the MID, run by the MIB. This may be consulted by the police in order to establish who is insured to drive the vehicle. If you are involved in an accident, (in the UK or abroad) other UK insurers and the MIB may search the MID to ascertain relevant policy information. Persons with a valid claim in respect of a road traffic accident (including citizens of other countries) may also obtain certain information which is held on the MID. You can find out more about this here.
  • If you apply to pay your premium via a finance agreement with one of our finance partners, We will share your personal data with them in order for them to process your application for credit. They in turn may share this data with their appointed agents and credit reference agencies in order to ascertain your suitability for credit.  
  • We may be requested by government authorities, such as the police, HM Revenue and Customs or the Department for Work and Pensions to provide your personal data to them. Where We are legally obliged to do so, We may share your data with these government agencies for the purposes of crime and fraud prevention and the apprehension and prosecution of offenders.
  • We may share your personal data with internal or external auditors or professional advisors such as solicitors.
  • We may also share your personal data with anyone named on the insurance policy, close family members of the policy holder or anyone whom you have authorised to discuss the policy on your behalf.
  • We may also share your personal data with debt collection agencies (DCAs) or debt tracing services for the purpose of managing debts and recovering outstanding monies owing on your account. We may also share your personal data with credit reference agencies in order to assist Us in the recovery of outstanding balances and may pass your details to the County Courts with a view to recovering any outstanding balance you owe by obtaining a County Court judgement (CCJ) against you. In addition We may sell the outstanding balance to a debt purchasing company.
  • If false or inaccurate information is provided and fraud is identified We may also pass your details to fraud prevention agencies. These and other organisations may also access and use this information to prevent fraud and money laundering, for example, when checking details on proposals and claims for all types of insurance. Other organisations both inside and outside of the UK may also access the information recorded by these fraud prevention agencies for the prevention of crime or other lawful reason. You can contact your insurer directly to find out which fraud prevention agencies they use.
  • We will share personal data with our IT infrastructure providers. This is for the purposes of data storage, data backups and disaster recovery.
  • We use carefully selected third party companies to act as a communication platform to allow Us to contact you efficiently and will share your personal data with them to allow Us to do this.
  • We may outsource some functions to carefully selected third parties, for example, We may employ a third party company to telephone you to remind you that your insurance policy is due for renewal or assess your loss in the event of a claim which we are administering.
  • In the event that We undergo re-organisation or are sold to a third party any personal data We hold about you may be transferred to that re-organised entity or third party.
  • We may disclose your personal data to a card issuing company to validate your debit or credit card details and obtain payment where it is necessary to deliver the products and services bought by you.
  • We may share your personal data with the Financial Ombudsman Service, if you have made a complaint to them about the provision, or a failure to provide our services to you.
  • It may be necessary to share your data with regulatory, supervisory or government agencies if We are required to do so by law.

What legal basis do We use for processing your personal data?

We will only use and store your personal data if We have a legal basis for doing so. It is your right as the subject of this data to be informed what the legal basis is for each type of processing that We undertake.

  • We will process your personal data for the purposes of providing an insurance quotation, managing and administering your insurance policy, assisting with or administering claims, responding to complaints, handling policy enquiries and arranging premium finance on the legal basis that this processing is necessary for the performance of a contract with you or in the course of entering into a contract with you. For the purposes above, personal data that is classed as “special data”, such as information relating to criminal or motoring convictions and medical conditions, will be processed in accordance with the law and on the legal basis that it is necessary for the performance of a contract necessary for reasons of substantial public interest. We will follow all appropriate safeguards to ensure the security of this personal data.
  • Vehicle data added to the MID is processed under the basis of a legal obligation (Road Traffic Act 1988).
  • We may use your personal data for marketing purposes where we have your consent to do so.  You have the right to request that We do not contact you for marketing purposes at any time by contacting Us – see the Contact Us section below. If you withdraw consent then your interests will over-ride ours and We will be unable to use this legal basis to further process your data.
  • If your policy is cancelled or not renewed and We are contacted by your new insurer or broker to confirm details of any no claims bonus, claims history or the reason for cancellation, We may release this personal data under the basis of legitimate interest. If you do not wish Us to do this then you may object or request that We restrict the processing of your personal data.
  • For any processing of personal data for analytical purposes, our legal basis for processing is that it is necessary for the purposes of a legitimate interest.
  • If your personal data is being used for the purposes of debt recovery, our legal basis is that processing is necessary for the purposes of a legitimate interest.

How long will We retain your personal data?

If you decide to take a policy with Us, We will normally retain your personal data for up to seven years from when your policy expires. We may also retain telephone call recordings for up to seven years.

Where We have obtained your personal data directly or via a third party – for example another insurance broker, introducer or a marketing firm and We have your agreement to contact you at your next renewal, We will retain data for up to two years from your next renewal date.

What rights do you have in relation to your personal data?

You have the following rights in relation to the data We hold about you, however some of these rights may not apply in certain circumstances – details are noted below. We have strict internal processes in place that ensure your rights are upheld and that any requests you make in relation to these rights are responded to within 30 days of you making it.

The right to be informed

You have the right as a data subject to be informed in a clear and precise manner about the data We hold about you. Within this privacy notice We detail the nature of this data We hold, the reasons We hold it, how this data is used, who We will share this data with, how long We will retain your data and the rights you have in relation to your data. If you require any further information, you can contact Us using the details below.

The right of access

In order to demonstrate the legitimacy of the personal data We hold on you, its accuracy and the lawfulness of the processing We undertake, you have the right to request a copy of all data We hold about you. You can request this information free of charge using the details below. We will provide a copy of all personal data We hold about you within 30 days of you making this request.

The right to rectification

You have the right to ensure that all data We hold on you is both accurate and complete. If you are concerned that the data We hold about you is inaccurate or incomplete when considering the purposes for which your data is being used, you can ask Us to rectify this. To do so, you should contact Us using the details below.

The right to erasure (the right to be forgotten)

You have the right to request that all of the data We hold about you be erased from our systems. We may only be able to comply with this request in specific circumstances. This request would also apply to any third party whom We had shared your data with, and We would notify them accordingly if your request was valid. We will not be able to erase your data in all circumstances. For example, We would not be able to erase data that is being processed for the purposes of administering a live or lapsed insurance policy unless policy has been lapsed for seven years or more (or longer in some circumstances). This is because We have a legal obligation to retain this data for the defence of legal claims should a third party make a claim against your policy. If you require any further information, or you wish to exercise your right of erasure, you should contact Us using the details below.

The right to restrict processing

You have the right to restrict our processing of your data under the following circumstances:

  • If you contest the accuracy of the information We hold until such time that We are able to verify the accuracy of this data or correct any errors.
  • You believe that the processing of this data is unlawful.
  • We no longer need the data for any purpose other than for the defence of any future insurance claims made against your policy.
  • You are awaiting a decision following an objection you have raised regarding an automated decision-making process.

If you wish to exercise your right to restrict processing, you should contact Us using the details below.

The right to data portability

Where We are processing data under the basis of contractual performance or consent you have the right to request that We provide your data in a machine-readable format that you can then share with other businesses or in any other way you see fit. You have the right to request that We transfer your data to third parties directly for them to use as you see fit. You can utilise your data in this way by contacting Us using the details below.

The right to object

You have the right to object to your data being processed. The right to object for direct marketing purposes or profiling of your data for the purpose of direct marketing is absolute and We must cease the processing of your data for these purposes. However, for other processing the right to object is not absolute and there may be some compelling reason why We need to continue processing your data. Please contact Us using the details below if you want to exercise this right.

The rights regarding automated decision making and profiling

You have the right to request human intervention into any process involving automated decision making where this results in a legal implication to you. This right would not apply to underwriting decisions or to applications for credit made on our website or internal system as this automated decision making is required for entering into a contract with Us. Currently, We do not use automated decision making for any other functions, but if you have concerns regarding this, please contact Us using the details below.

The right to complain

You have the right to complain about the use of your personal data – in the first instance please contact Us using the details below. Our complaint handling procedure is available upon request or can be accessed from Our websites. You are also entitled to complain to the Information Commissioner by writing to –

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Alternatively, you can access their website here.

What responsibilities do you have?

We will always endeavour to ensure that your personal data is accurate and up to date. If you notice that any information on your policy documentation is incorrect or if any of your personal data changes, for example you move house, change your vehicle or occupation or you bank details, please contact Us to make Us aware of these changes.

Security

We are committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure We have put in place suitable physical, electronic contractual and managerial procedures to safeguard and secure the data We hold and use.

Use of Our Websites

By running a quotation on any of the Our websites, you agree that We may call you to discuss the quotation, regardless of whether you chose to proceed with it.

Use of cookies on the Our websites, Universal Analytics and GA4

A cookie consists of information sent by a web server to a web browser and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser. We use session cookies on our websites. We will use the session cookies to keep track of you whilst you navigate the websites.

We use Google Analytics to analyse the use of our websites. Google Analytics is a web analytics tool that helps website owners understand how visitors use with their website; this is also the only cookie We use on our sites. Google Analytics uses first-party cookies to track visitor interactions. User data gathered in Google Analytics can be analysed to help Us to improve our sites.

Google Analytics generates statistical and other information about website use, which are stored on users’ computers. Google will store this information and Google’s privacy policy is available here. For more information on opting out of being tracked by Google Analytics across all the websites you use, visit this here.

For our reporting needs as well as system administration We may gather data about your computer which can include your IP address, operating system and browser type. This is statistical data about our users’ browsing actions and patterns.

Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. For example, in Internet Explorer you can refuse all cookies by clicking, Tools>Internet Options>Privacy and then selecting “Block all cookies” using the sliding selector. Blocking all cookies will, however, have a negative impact upon the usability of many websites, including ours.

Links to other websites

We may provide links to third party websites as part of our service to you. We accept no responsibility for any statements, information, content and products associated with these third-party websites. We accept no liability for these third parties for any viruses or anything else that could be infectious or destructive.

Contact Us

Postal address: The Data Protection Officer, Kingfisher Insurance Services Limited, 768 Hagley Road West, Oldbury, West Midlands B68 OPJ Email: dataprotection@kingfisherinsurance.co.uk