Privacy Notice

The personal data you have provided, we have collected from you, or we have received from third parties includes:

• name, address and address history, date of birth and gender  
• contact details, including telephone numbers and email address  
• financial information, including credit/debit card details (although we do not retain complete payment card information)  
• credit account performance information
• details about your family and dependents (e.g. your marital status and number of children)  
• information about your lifestyle and living circumstances (e.g. your employment details and home ownership)  
• identifiers assigned to your computer or other devices, including your Internet Protocol (IP) address
• criminal convictions (car insurance only), health details and medical history  
• for car insurance only, we collect vehicle details such as registration number  
• when you contact us through any digital channel we will inform you of the methods used by each of those channels at point of entry and at any point where we capture personal information. The information we collect includes IP addresses and is used for fraud prevention and to improve customer experience.

Most of the personal information we hold about you is that which we collect directly from you, for example:

• each time you ask us for an insurance quote
• when you purchase our products or services
• when you register to receive information from us
• when you register a claim and discuss that claim with us as it progresses 
• each time you interact with us, respond to communications or surveys, or enter competitions
• when you make enquiries or raise concerns with our customer service team.
   

In order to understand more about you and provide you with an appropriate insurance quote and cover, and to improve our marketing interaction, we also supplement and combine the personal information that we collect from you with other categories of data obtained from other sources, such as indicated below: For all insurance:
 

• Credit and claims history data, such as bankruptcy records and any county court judgments made against you (which are publicly accessible) and information as to the number of credit searches that have been made about you and your individual claims history (which we may receive from companies such as Experian Limited)  
• Device identification and fraud detection data, which we may receive from companies having passed them your device details (in order to check whether the device you are using to contact us has been used before for fraudulent purposes) or your new claims data (in order to assess the risk to our business of fraudulent claims)
• Data about your home and local area, including census data about the average household size, home ownership, employment statistics, and demographics of your area, and police crime and accident statistics (which are publicly accessible)  
• Electoral register data that confirms your identity and address (which is publicly accessible).
   

For car insurance:
 

• Data as to your eligibility for a no claims discount (which we may receive from companies such as Lexis Nexis Solutions UK Limited)  
• Vehicle ownership details (which we receive from the Driver and Vehicle Licensing Agency (DVLA)) and vehicle data (which we receive from HPI Ltd)
• Data as to the likelihood of floods in your area (which we may receive from companies such as Experian Limited).
   

For home insurance:  
 

• Data as to the likelihood of storms and floods in your area, and soil data (which we may receive from companies such as Experian Limited)

We may store and use your personal information for the purposes of:

(a) administering your insurance quotes and policies (as is necessary for performance of a contract between you and us and/or as is necessary for our legitimate interests);

(b) carrying out anti-fraud and anti-money laundering checks and verifying your identity (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests);

(c) assessing financial and insurance risks, including by carrying out credit reference checks and credit scoring assessments, and calculating your premiums (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);

(d) providing you with insurance cover and related services (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);

(e) using your payment details to process payments relating to your policies, including fees, premiums, renewals of cover, mid-term changes to your policy, and refunds (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);

(f) sending you information about how to renew your insurance cover (as is necessary for compliance with our legal obligations);

(g) handling insurance claims, including by carrying out checks on claims related databases (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);

(h) communicating with you about your quotes, policies, and claims, including responding to your enquiries (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);

(i) administering debt recoveries, where you owe us money under a contract or otherwise (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);

(j) undertaking market research and statistical analysis, including analysing your use of our website. This allows us to underwrite and price your insurance policy, and to develop new, or improve existing, products and services (as is necessary for our legitimate interests); and

(k) fulfilling our obligations owed to a relevant regulator, tax authority or revenue service (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests).

Our "legitimate interests" as referred to above (and below) include our legitimate business purposes and commercial interests in operating our business in a customer-focused, efficient and sustainable manner, in accordance with all applicable legal and regulatory requirements.

We will send you marketing about similar products and services by post, telephone, email, SMS and through digital channels. Digital channels includes social media and similar such digital marketing channels. We may upload and match the personal data you provide to us with the data you provide to social media and similar such digital marketing channels. This allows us to improve our knowledge of you and, in return, serve you with relevant marketing messages.

You can object to receiving marketing from us at any time. Please provide your details via the following online form: www.sheilaswheels.com/unsubscribe; follow the unsubscribe link in our marketing emails or SMS; or send us your name, address and date of birth via email to [email protected] or by post to: Data Protection Officer, esure, The Observatory, Reigate, RH2 0SG.

We consider that it is within our legitimate interests to send you information about our products and services for marketing purposes.

Before we provide you with our products and services, we use your personal data to conduct checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you. We may also share your details with fraud prevention and law enforcement agencies. Please see ‘other data controllers’ for details of the agencies we share your data with. We, and fraud prevention agencies, will use this information to prevent fraud and money laundering, and to verify your identity. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

When we and fraud prevention agencies process your personal data, we do so on the basis that we have a legitimate interest to process your data in such way, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.

We use the personal data you provide to us, information about you provided by third parties (please see “How we collect information about you” for further details), and aggregated data of other individuals who match your risk profile, to enable us to evaluate and predict your behaviour when asking for a quote or processing a claim.

We use algorithms to check any claims, fraud, credit history, data about your local area and the vehicle or home you wish to have insured; and whether your conduct accessing our products or services suggests a risk of fraud. You may automatically be considered to pose a fraud or money laundering risk if our processing of your personal data reveals your behaviour to be consistent with that of known fraudsters or money launderers; or inconsistent with your previous submissions; or you appear to have deliberately hidden your true identity. This activity is essential to allow us to decide whether to offer you a quote, the appropriate insurance premium to offer you, and whether there is a risk of fraud. These decisions may be made by entirely automated means (that is, without human intervention) and through profiling. As with all insurers, where we are taking on more risk in terms of the likelihood of damage to your vehicle or home and the cost of fixing, replacing it or dealing with third party claims and/or there is a higher risk of our being defrauded, we will charge a higher insurance premium, and in some circumstances may refuse to offer a quote or continue to provide services.

We consider that, to the extent our decisions based solely on automated processing produce legal or similarly significant effects for you, those decisions are necessary for entering into, or performance of, our contract of insurance with you. However, you have the right to contact us to express your point of view (including providing any additional information that you want us to consider) and to contest such decisions. A member of our team will then re-consider it. If you wish to exercise these rights, please contact us by emailing: [email protected] or by post: Data Protection Officer, esure, The Observatory, Reigate, RH2 0SG.

If we, or a fraud prevention agency, determine that you pose a risk of fraud or money laundering, we may refuse to provide the products, services and financing you have requested. We may also stop providing existing services to you. A record of any fraud or money laundering risk will be retained by us and the fraud prevention agencies. It may also result in others refusing to provide products, services, financing or employment to you. If you have any questions about our processing of your data for fraud purposes, please contact our Data Protection Officer at the details provided above.

Where relevant given the nature of the products and services provided to you, we may also share your information with the following categories of third parties:

• insurance underwriters and others who are involved with the provision of insurance services to you alongside us (as is necessary for the performance of a contract between you and us);
• third party service providers who we instruct for the purposes of handling claims, including repairers, surveyors, loss adjustors, car hire companies, solicitors, third parties involved in the claim, other insurers, medical agencies (as is necessary for the performance of a contract between you and us);
• third party data suppliers, as explained under “How we collect information about you” (as is necessary for our legitimate interests);
• third party service providers who support the operation of our business, such as IT and marketing suppliers, financial service providers, and debt collection agencies. Where customers pay by instalment, we will exchange information about you with Credit Reference Agencies (CRAs) on an ongoing basis, including your settled accounts and any debts not fully repaid on time.  CRAs will share your information with other organisations.  Your data will be linked to the data of your spouse, any joint applicants or other financial associates.  The identities of the CRAs, and the way in which they use and share personal information, are explained in more detail at www.experian.co.uk/crain/. 
• the operators of claims related databases (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests).
• fraud prevention agencies and associations, (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests);
• regulators and law enforcement agencies, including the police, the Financial Conduct Authority, HM Revenue and Customs or any other relevant authority who may have jurisdiction (as is necessary for compliance with our legal obligations).

If you benefit from the following products and services, we will share your personal data with the following companies (as applicable) and these companies may also act as data controllers with respect to the data you provide to us. If you would like to see a copy of their Privacy Notice, please access the online version of our Policy Booklet.
 

As explained under “Using your data for fraud prevention”, the personal data you have provided, we have collected from you, or we have received from third parties, may be shared with fraud prevention agencies. Please contact our Data Protection Officer if you would like details of the agencies we share your data with.

If you are involved in a claim, we may share your data with our panel of reinsurers and solicitors. As these often change, please contact our Data Protection Officer if you would like details of our current panel.

The personal information that we collect from you, and which is shared with some fraud prevention agencies, may be transferred to and processed in a destination outside of the EEA. It may also be processed by staff operating outside the EEA who work for one of our suppliers. In these circumstances, your personal information will only be transferred on one of the following bases:  

• the country that we send the data is approved by the European Commission as providing an adequate level of protection for personal information; or
• the recipient has agreed with us standard contractual clauses approved by the European Commission, obliging the recipient to safeguard the personal information (in particular, our transfer of personal information to suppliers in India and the United States for marketing, IT development and IT testing purposes are protected in each case by the use of appropriate model clauses); or
• there exists another situation where the transfer is permitted under applicable data protection legislation (for example, where a third party recipient of personal data in the United States has registered for the EU-US Privacy Shield).

To find out more about how your personal information is protected when it is transferred outside the EEA (and if you wish to obtain a copy of the appropriate and suitable safeguards), please contact our Data Protection Officer using the details above.

We will retain your personal information for a number of purposes, as necessary to allow us to carry out our business. Your information will be kept for up to 7 years on our main systems after which time it will be archived, deleted or anonymised. Some of the archived information may be retained for up to 50 years for the purposes of processing of your existing or future claims. Records created for fraud prevention purposes will be deleted 7 years after creation. Fraud prevention agencies can hold your personal data for different periods of time, depending on how that data is being used. If you are considered to pose a risk of fraud or of money laundering, your data can be held by fraud prevention agencies for up to 6 years from its receipt by them. Please contact them for more information. Any retention of personal data will be done in compliance with legal and regulatory obligations and with industry standards. These data retention periods are subject to change without further notice as a result of changes to associated law or regulations. If you have any questions in relation to the retention of your personal data, please contact our Data Protection Officer at the details provided above.

Under the Data Protection Act 1998 you have the following rights:  

• to obtain access to, and copies of, the personal information that we hold about you;
• to require that we cease processing your personal information if the processing is causing you damage or distress; and
• to require us not to send you marketing communications.

Once the GDPR comes into force on 25 May 2018, you will also have the following rights:

• to require us to erase your personal information;
• to require us to restrict or object to our data processing activities;
• to receive from us the personal information we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal information to another data controller; and
• to require us to correct the personal information we hold about you if it is incorrect.
   

Please note that these rights may be limited by data protection legislation, and we may be entitled to refuse requests where exceptions apply.

If you are not satisfied with how we are processing your personal information, you can make a complaint to the Information Commissioner.

You can find out more about your rights under data protection legislation from the Information Commissioner's Office website: www.ico.org.uk.