Todd & Cue Ltd is committed to protecting the privacy and the confidentiality of your Personal Data. Insurance is a means of protection against financial loss. In order for Todd & Cue to arrange this protection and to handle insurance claims, information including your personal data, needs to be shared between different insurance market participants.
During the insurance lifecycle Todd & Cue Ltd will receive Personal Data relating to prospective or existing policyholders, beneficiaries, family members, claimants and other parties involved in a claim. This notice sets out Todd & Cue’s use of this personal data and the disclosures it makes to other insurance market participants and third parties.
IDENTITY OF CONTROLLERS AND CONTACT DETAILS
Todd & Cue Ltd of Kingfisher House, Kingsway Team Valley, Gateshead, Tyne & Wear, NE11 0JQ is the Data Controller in respect of the Personal Data it receives in connection with the services provided under the relevant engagement with its client. This means that we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Laws to notify you of the information contained in this privacy notice.
PERSONAL INFORMATION THAT WE PROCESS
We collect and process the following Personal Data:
Individual details ► name, address, contact details, gender, marital status, family details, date and place of birth, employer, job title and employment history, relationship to the policyholder, insured, beneficiary or claimant.
Identification details ► identification numbers issued by government bodies or agencies (e.g.depending on the country you are in, social security or national insurance number, passport number, ID number, tax identification number, driver’s license number).
Financial information ► payment card number, bank account number and account details, income and other financial information.
Risk Details ► Information about you which we need to collect in order to assess the risk to be insured and provide a quote. This may include data relating to your health, criminal convictions, or other special categories of personal data. For certain types of policy, this could also include telematics data
Policy information ► information about the quotes individuals receive and the policies they obtain.
Credit and anti-fraud data ► credit history and credit score, information about fraud convictions, allegations of crimes and sanctions details received from various anti-fraud and sanctions databases, or regulators or law enforcement agencies.
Previous claims ► information about previous claims, which may include health data, criminal records data and other Special Categories of Personal Data (as described in the Insured Risk definition above).
Current claims ► information about current claims, which may include health data, criminal records data and other Special Categories of Personal Data (as described in the Insured Risk definition above).
Marketing data ► whether or not the individual has consented to receive marketing from us and/or from third parties.
Any Other data required to process your insurance
Website and communication usage ► details of your visits to our websites and information collected through cookies and other tracking technologies, including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access
Special Categories of Personal Data
- Health data ► current or former physical or mental medical conditions, health status, injury or disability information, medical procedures performed, relevant personal habits (e.g.smoking or consumption of alcohol), prescription information, medical history;
- Criminal records data ► criminal convictions, including driving offences; and
- Other Special Categories of Personal Data ► racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning an individual’s sex life or sexual orientation.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
SOURCES OF PERSONAL DATA
We collect and receive Personal Data from various sources, including (depending on the service provided and country you are in):
- Individuals and their family members, online or by telephone, or in written correspondence
- Individuals’ employers
- In the event of a claim, third parties including the other party to the claim (claimant/ defendant), witnesses, experts (including medical experts), loss adjusters, lawyers and claims handlers
- Other insurance market participants, such as insurers, reinsurers and other intermediaries
- Credit reference agencies
- Anti-fraud databases and other third party databases, including sanctions lists and court judgements
- Government agencies, such as DVLA and HMRC
- Claim forms
- Open electoral registers and Companies House
- Business information and research tools
- Third parties who introduce business to us and;
- Forms on our website and your interactions with our website
HOW WE USE AND DISCLOSE YOUR PERSONAL DATA
We hold your personal information as Data Controllers in accordance with the requirements of the Data Protection Act 2018 and the EU General Data Protection Regulation, together referred to as the ‘Regulations’.
We use this information to place your insurance, service any plans throughout their lifecycle and assist in the handling of claims so that we can ensure that any advice takes due account of, and is suitable to, your circumstances.
We will not share your information with any other party except as indicated in this Privacy Statement or where required to do so by any statutory, governmental or regulatory body for legitimate purposes.
LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
We will only use your personal data when the law allows us to. We will rely on the following legal grounds to use your personal data:
For processing personal data and special categories of personal data
|Performance of our contract with you||Processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract|
|Compliance with a legal obligation||Processing is necessary for compliance with a legal obligation to which we are subject|
|In the public interest||Processing is necessary for the performance of a task carried out in the public interest|
|For our legitimate business interests||Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where you are a child. These legitimate interests are set out next to each purpose below|
For processing special categories of personal data
|Your explicit consent (optional)||You have given your explicit consent to the processing of those personal data for one or more specified purposes. You are free to withdraw your consent, by contacting us|
|Your explicit consent (necessary)||You have given your explicit consent to the processing of those personal data for one or more specified purposes, where we are unable to procure, provide or administer insurance cover without this consent. You are free to withdraw your consent by contacting us. However withdrawal of this consent will impact our ability to place or administer insurance or assist with the payment of claims.|
|Legal claims||Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity|
|In the public interest||Processing is necessary for reasons of public interest, on the basis of EU/UK law|
In order to facilitate the provision of insurance cover and administer insurance claims, unless another legal ground applies, we rely on the data subject’s consent to process Special Categories of Personal Data and Criminal Records Data, such as medical and criminal convictions records, as set out in the table and for profiling as set out in the next section. This consent allows us to share the information with other Insurers, Intermediaries and Reinsurers that need to process the information in order to undertake their role in the insurance market (which in turn allows for the pooling and pricing of risk in a sustainable manner).
The affected individual’s consent to this processing of Special Categories of Personal Data and Criminal Records Data may be necessary for Todd & Cue to be able to provide the services the client requests.
Where you are providing us with information about a person other than yourself, you agree to notify them of our use of their Personal Data and to obtain such consent for us.
Individuals may withdraw their consent to such processing at any time by contacting Todd & Cue using the contact details at the footer of this Notice. However, doing so may prevent Todd & Cue from continuing to provide the services. In addition, if an individual withdraws consent to an Insurer’s processing of their Special Categories of Personal Data and Criminal Records Data, it may not be possible for the insurance cover to continue.
SHARING AND TRANSFERRING PERSONAL DATA
Where necessary to the provision of our service, we may share your personal information with third parties. The categories of third party are listed below.
- Insurance Market Participants
- Finance Providers
- Compliance Advisers
- Legal Advisers
- Back Office Systems Providers
- Third Party Software Providers
PROFILING AND AUTOMATIC DECISION MAKING
When calculating insurance premiums, insurance market participants may compare your personal data against industry averages. Your personal data may also be used to create the industry averages going forwards. This is known as profiling and is used to ensure premiums reflect risk.
Profiling may also be used by insurance market participants to assess information you provide to understand fraud patterns. Where special categories of personal data are relevant, such as medical history for life insurance or past motoring convictions for motor insurance, your special categories of personal data may also be used for profiling. Insurance market participants might make some decisions based on profiling and without staff intervention (known as automatic decision making). Insurance market participants will provide details of any automated decision making they undertake without staff intervention in their information notices and upon request including:
- where they use such automated decision making;
- the logic involved;
- the consequences of the automated decision making;
- any facility for you to have the logic explained to you and to submit further information so the decision may be reconsidered
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We also have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are required to do so.
We have in place physical, electronic, and procedural safeguards appropriate to the information we maintain. Such safeguards include measures designed to keep Personal Data protected from unauthorized access. We restrict access to Personal Data to personnel and third parties that require access to such information for legitimate, relevant business purposes.
LIMITING COLLECTION AND RETENTION OF PERSONAL DATA
We will keep your personal data only for so long as is necessary and for the purpose for which it was collected. In particular, for so long as there is any possibility that either you or we may wish to bring a legal claim under or in relation to your insurance, or where we are required to keep your personal data due to legal or regulatory reasons.
In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
CROSS BORDER TRANSFER OF PERSONAL INFORMATION
Todd & Cue may transfer Personal Data to, or permit access to Personal Data from, countries outside the European Economic Area (EEA). These countries’ data protection laws do not always offer the same level of protection for Personal Data as offered in the EEA. Those transfers would always be made in compliance with the GDPR.
ACCURACY, ACCOUNTABILITY OPENNESS AND YOUR RIGHTS
We strive to maintain Personal Data that is accurate, complete and current. Individuals should contact us at info@ToddCue.com to update their information.
Questions regarding Todd & Cue’s privacy practices should be directed to Mark Armstrong; Managing Director at Todd & Cue. Please refer to the contact details at the bottom of this Notice.
YOUR PRIVACY RIGHTS
You have the right to see what personal information Todd & Cue hold about you and you can ask us to correct inaccuracies, delete or restrict personal information or ask for some of your personal information to be provided to someone else. You have the right to object to how we use your personal information. If you need to contact us in relation to any of your rights or wish to make a complaint about how we have used your personal information directly to us or to the Information Commissioner’s Office, you can use the contact details indicated on the first page of this notice.
- Right to withdraw consent: Where you have given us your consent to use personal information, you can withdraw your consent at any time.
- Access to your personal information: You can request access to a copy of your personal information. We will not normally charge for providing this information to you.
- Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you in a commonly used electronic form.
- Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.
- Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it. Note that we might be required by regulations to retain your information even if you want it to be deleted.
- Right to object: You can object to our processing of your personal information.
- Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
These rights are subject to certain exemptions to safeguard the public interest (e.g., the prevention or detection of crime) and our interests (e.g., the maintenance of legal privilege). We will respond to most requests within 30 days.
If we are unable to resolve an enquiry or a complaint, individuals have the right to contact the UK data protection regulator, the Information Commissioner’s Office.
Our websites may contain links to other third party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third party websites.
To submit questions or requests regarding this Privacy Notice or Todd & Cue’s privacy practices, please contact Mark Armstrong at;
Todd & Cue Ltd
A2 Kingfisher House Kingsway
Team Valley Gateshead
Tyne & Wear
Tel: 0191 4820050
Information Commissioner: ico.org.uk/global/contact-us
Changes to this Privacy Notice
This Privacy Notice will be reviewed regularly. The date in the bottom footer indicates the date this version was released. We will notify you of any changes we make to this Privacy Notice and publish the updated Privacy Notice on our website
WHAT IS A COOKIE?
Cookies are small files comprised of letters and numbers that are downloaded onto your desktop computer, mobile or other handheld device when you access certain websites. Cookies allow a website to recognise a user’s device and help your browser navigate through the website by allowing you to log in automatically by remembering settings you selected during earlier visits, amongst other functions. Cookies do not harm your computer. If you would like to learn more about cookies in general you can visit www.allaboutcookies.org
We may collect information about your computer, including where available your IP address, operating system and browser type all of this is for system administration. This is only statistical data and does not identify any individual.
The transmission of information via the Internet is not completely secure, although we will do our best to protect your personal details but can not guarantee the security of your data. Any transmission is at the risk of the site user. Once we have received any information we will use strict procedures and security features to try and prevent unauthorised access.
USES OF YOUR INFORMATION
We use the information held about you in the following ways:
- To ensure that content from our site is presented in the most effective way for you and your computer.
- To carry out any requests or obligations arising from any contact you may have with us.
- To provide you with information or services that you have requested from us or which we feel may interest you, if you have given us consent to get in contact with you.
- To enable you to participate in any interactive features our service offers, as and when you choose to do so.
- To notify you of any changes to our service.
DISCLOSURE OF YOUR INFORMATION
We may disclose your personal information to third parties if we are under a duty to disclose or share your data in order to comply with any legal obligation. This includes exchanging information with other companies and organsiations for the purposes of fraud protection and credit risk solution.
You have the right to ask us not to process your personal data for marketing purposes, although we will usually ask your permission before we collect any information if we intend to disclose any details to and third party for any such purposes.
You have the right to refuse such intentions by checking the correct boxes on any forms we use to collect data, or by contacting us at any time.
Our site may from time to time contain links to and from other websites. If you were to follow a link to any of these sites please note that these websites have their own privacy policies and we do accept any responsibility or liability for these policies. Please make sure to check these policies before you submit any personal data to any of these websites.
Any changes we make to our policy will be displayed on this page and where appropriate notified to you via email.