Privacy and Cookies Policy

Edinburgh Insurance Brokers

At Edinburgh Insurance Brokers, we are committed to protecting your privacy and ensuring that your personal information is handled securely and responsibly.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website or use our services. We process your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who We Are

Edinburgh Insurance Brokers provides insurance advice and brokerage services to individuals and businesses. In order to provide these services, we may need to collect and process certain personal information.

If you have any questions regarding this Privacy Policy or how we use your data, please contact us.

Data Controller and Data Processor

We will ensure data is processed lawfully, fairly and in an open and transparent manner and ensure appropriate security measures are in place against unauthorised or unlawful processing or accidental loss, destruction or damage using appropriate technical or organisational measures (such as restricting access to key people within our organisation for certain aspects of your information; and periodically checking the level of security we apply to prevent unauthorised use, accidental loss, or misuse of your information).

The contractual arrangements we have in place with our suppliers (such as the insurance companies we use, our customer database software provider, and similar providers of services to us, including other third-party companies who use our services), are governed by and shall be deemed to operate strictly in accordance with the terms of such contracts. Importantly, these contracts set out to define how data will be processed between us, and providers of services to us, including circumstances when we act as a processor or controller as is required by the UK-GDPR.

When we act as a controller of your data, we will, in certain circumstances also process your data and as a controller also determine the purposes and means of processing that data; in particular this will include the data processed by us as an agent of an insurer operating underwriting facilities and data processed by third parties whose services we may use.

Lawful Basis

Collecting information about you

When we collect information about individuals, we may collect personal data which may include a variety of information about an individual (e.g. their name, address of residence, communication and contact details, and other personal information, such as a date of birth). Where relevant to do so we may also collect information relating to an individual, indirectly by reference to an identifier (e.g. an IP address, which is a unique number identifying your computer, laptop or similar portable device).

Where required and appropriate to do so, we will also collect more sensitive personal information (such as details about an individual’s motoring or criminal convictions, details of health, credit worthiness and other similarly sensitive information).

In certain circumstances (such as when an Insurance Company or similar provider of services to us requires us to do so) we will collect information from a variety of different sources (e.g. publicly available sources, such as social media and networking sites; third party databases generally available to the financial services sector, and the wider commerce and industry including, MGA’s, Lloyd’s of London, claims management firms, loss adjusters and or other suppliers appointed in the process of handling a claim or credit reference and similar agencies), this may also include information from you regarding your past insurance policies and arrangements.

Using information about you

We will use information, including sensitive information, about individuals, and other parties related to our insurance activities, because it is principally:

necessary for the performance of or to take steps for an individual to enter into a contract of insurance; or
it is necessary for compliance with a legal obligation; or
it is necessary to protect the vital interests of a data subject or another person; and
necessary for our own legitimate interests or those of other controllers or third parties (e.g. to search at credit reference agencies, monitor e-mails, calls and other communications or for market research, analysis and developing statistics) except where such interests are overridden by the interests, rights or freedoms of the data subject.

These bases include providing an insurance quotation, arranging and placement of a policy or access to an underwriting facility, and providing administration throughout the lifecycle of an insurance arrangement as well assisting with making a claim.

In certain circumstances, such as when a quotation is requested, or changes are made to an existing policy or at each renewal of an insurance arrangement, Edinburgh Insurance Brokers assessment may involve an automated decision to determine whether we are able to provide an insurance arrangement. Individuals can object to us using an automated decision (see the individual rights section).

However, in those situations it may prevent us from being able to provide you with insurance.

When processing personal data for profiling purposes, we will ensure appropriate safeguards are in place, ensuring:

processing is fair and transparent and provide meaningful information about the logic involved, as well as the significance and the envisaged consequences;
use appropriate mathematical or statistical procedures for the profiling;
appropriate technical and organisational measures are in place to enable inaccuracies to be corrected and minimise the risk of errors; and
secure your personal data in a way that is proportionate to the risk to your interests and rights and prevents discriminatory effects.

We will also use your information when there is a justifiable reason for doing so, such as compliance with legal obligations (e.g. for the prevention and detection of fraud and financial crime, which may include processes which profile you); and for the recording and monitoring of telephone calls for auditing reasons.

Sharing your information

We will share information, including sensitive information, about you, and other parties related to this insurance because it is:

necessary for the performance of or to take steps for you to enter into a contract of insurance; or
necessary for compliance with a legal obligation; or
necessary to protect your vital interests; or
necessary for our own legitimate interests or those of other controllers or third parties; and
necessary for a task carried out in the public interest or for an exercise of an official authority (e.g. a regulatory body).

This includes sharing your information with carefully selected third parties providing a service to us or on our behalf, these include the insurance companies with whom we deal (you can write to our Compliance Department should you wish to view a list of all the insurance companies with whom we have arrangements), and or our finance provider, Premium Credit Limited (who is our selected finance provider governed by consumer credit legislations).

What we will not do with your information

Unless required to do so by law, or for other similar reasons, other than those outlined above (see sharing your information) we will never otherwise share personal information without good reason and without ensuring the appropriate care and necessary safeguards are in place; we will in any other event ask for your consent to share that information and explain the reasons.

How long we will keep information

We will only keep and or maintain information about an individual for as long as is necessary in providing our products and services or for compliance with a legal or regulatory obligation, including our legitimate interests or of a controller.

This means we will only keep information that is necessary so that we can sufficiently deal with administrative issues, queries, claims and or for compliance with legal reasons; usually we will keep information for a minimum retention period of 7 years and or maximum period of 40 years, after cessation of a product or service we have provided.

However, we will keep information for much shorter periods if that information related merely to a quotation which did not then result in a contract of insurance being arranged; in these circumstances we will keep information for a minimum retention period of 12 months and or maximum period of 18 months unless such information becomes manifestly out-of-date in which case we may keep quotation information for shorter periods.

In any event all information shall be stored in strict compliance with the UK-GDPR legislation at all times; and using appropriate technical or organisational measures we will regularly:

review the length of time we keep and or maintain information about you;
consider the purpose or purposes why we hold the information about you in deciding whether (and for how long) to retain it;
securely delete information about you that is no longer needed for this purpose or these purposes; and
update, archive or securely delete information about you if it goes out of date.

Sensitive Data

In carrying out our duties as Data Controller and Data Processor we will collect sensitive information about you, and other parties related to this insurance because it is:

necessary for the performance of or to take steps for you to enter into a contract of insurance; or
necessary for compliance with a legal obligation;
necessary to protect your vital interests;
necessary for our own legitimate interests or those of other controllers or third parties; and
necessary for a task carried out in the public interest or for an exercise of an official authority (e.g. a regulatory body).

What we mean by sensitive data includes information such as:

about an individual’s health including medical conditions;
motoring or other criminal convictions; and
racial or ethnic origin or religious beliefs.

We will always apply additional organisational and technical measures for this category of data, including restrictions to access this data (this is where data may be secured with additional layers of security to prevent misuse and protect personally identifiable information).

Use and storage of your information overseas

We will never knowingly transfer, store, or process information about you or an individual, outside the European Economic Area (EEA). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the EU GDPR and/or to equivalent standards by law. Transfers of personal data to the EEA from the UK are permitted without additional safeguards. In any event, if we are compelled to transfer your information outside the EEA (e.g. because it is an insurance arrangement with an Insurance Company who is outside the EEA or part of a larger group of companies who pass information outside the EEA) it shall be in compliance with the conditions for transfer set out in the GDPR and or restricted to a country which is considered to have adequate data protection laws. All reasonable steps shall typically have been undertaken to ensure the firm to which information is being transferred has suitable standards in place to protect such information.

Using our Website and Cookies

You will be asked to accept cookies when visiting the Edinburgh Insurance Brokers website. Cookies are small files made up of letters and numbers that are downloaded onto your computer or device when you access our website. We will clearly explain the use of cookies when you visit our website and, in some cases, you may need to accept certain cookies in order to access specific website features or services.

Cookies are operated in strict accordance with the Privacy and Electronic Communications Regulations 2011 (PECR). They are widely used across websites to help improve user experience by remembering preferences and recording information entered into web pages.

These same principles also apply where an individual accesses or uses any other form of technology to interact with Edinburgh Insurance Brokers electronically, including online quotation facilities, customer portals, mobile applications, smartphones, tablets, or other portable devices.

Individual Rights

Individuals have a number of rights relating to the personal information we hold. These rights include, but are not limited to:

the right to request a copy of the personal information we hold about you (we will normally respond within one month of receiving your request);
the right to request correction of inaccurate or incomplete information;
the right to request the deletion or removal of personal data where there is no lawful reason for us to continue processing it;
the right to restrict the processing of personal data. Where processing is restricted, we may still store the information but will not carry out further processing activities;
the right to object to certain uses of your personal information, including direct marketing;
the right, in certain circumstances, not to be subject to decisions based solely on automated processing where those decisions produce legal or similarly significant effects;
the right to withdraw consent previously provided for the processing of your information; and
the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you are dissatisfied with how we use your information.

You may also request a copy of your personal information in a portable and commonly used electronic format (‘data portability’). We will normally provide this information free of charge, although we reserve the right to charge a reasonable fee for excessive or repetitive requests.

If you would like further information or wish to make a Subject Access Request (SAR), please contact Edinburgh Insurance Brokers by email at hello@edinburghinsurancebrokers.co.uk.

Marketing

When marketing to individuals, including sole traders and partnerships, Edinburgh Insurance Brokers will either rely on an existing lawful basis to contact you or request your consent to do so. This may include communication by telephone, email, SMS, post, push notifications, or similar methods regarding:

new products or services we offer or are developing;
products or services we believe may improve your experience or benefit your business;
rewards, promotions, or special offers; and
competitions or marketing campaigns.

We will usually request your marketing preferences when you first contact us or use our website. You have the right to withdraw your consent or unsubscribe from marketing communications at any time.

We regularly review marketing consents to ensure they remain valid and appropriate based on your relationship with us and the purposes for which your information is processed.

Where marketing is directed towards businesses, we will ensure compliance with applicable laws and guidance, including the Privacy and Electronic Communications Regulations (PECR).

We also maintain processes to refresh consent where appropriate, including parental or third-party consent where relevant, and we will action requests to withdraw consent promptly and without penalty.

Research and Analysis

Edinburgh Insurance Brokers may convert personal information into anonymised statistical or aggregated data that cannot be used to identify individuals. This information may be used for statistical analysis, business research, product development, and improving the insurance services we provide.

We may also share anonymised or aggregated information with underwriting partners, insurers, and selected service providers in order to support the development and improvement of insurance products and services.

In some circumstances, we may continue to process personal information relating to previous insurance arrangements or policies after the end of your relationship with us where there is a legitimate business or legal reason to do so, including for research, analysis, auditing, or regulatory purposes.

Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact:

Edinburgh Insurance Brokers

Email: hello@edinburghinsurancebrokers.co.uk

Subscribe To Our Newsletter

Thank you for subscribing!