Fair processing notice

Updated November 2023

The privacy and security of your information is important to us. This notice explains who we are, the types of information we hold, how we use it, who we share it with and how long we keep it. It also informs you of certain rights you have regarding your personal information under current data protection law. We will update this notice as required and at least annually. Therefore, we suggest you revisit this notice periodically to keep yourself informed.

The terms used in this Fair Processing Notice are based on those used by the Information Commissioner’s Office. You can find out more about the ICO here: https://ico.org.uk/.

Who are we?

Health and Protection Solutions Limited, trading as Towergate Health & Protection, (part of The Ardonagh Group) is the Data Controller of the information you provide us and is registered with the Information Commissioner’s Office for the products and services we offer. You can contact us for general data protection queries by email to haps-compliance@towergate.co.uk, or in writing to:

The Ardonagh Advisory Data Protection Officer, 2nd Floor, The Octagon, Colchester, CO1 1TG. Please advise us of as much detail as possible to comply with your request.

For further information about The Ardonagh Group of companies please visit http://www.ardonagh.com/about-us/business-portfolio. Please note that different parts of the group may have different data protection officers.

What information do we collect?

To enable us to provide you with the products or services to meet your needs, we will collect personal information which may include your name, telephone number, email address, postal address, occupation, date of birth, additional details of risks related to your enquiry or product and payment details (including bank account number and sort code). Some of these details may also be required about other individuals who will benefit from the product or services we provide. In some of our call centre operations we may routinely record telephone conversations.

We may need to request and collect sensitive personal information, such as medical history, for us to provide you with the product or service or to assist you with a claim.

We only collect and process sensitive personal data where it is critical for the delivery of a product or service and without which the product or service cannot be provided. We will therefore not seek your explicit consent to process this information as it is required by us to provide the product or service you have requested and is legitimised by its criticality to the service provision. If you object to use of this information then we will be unable to offer you that product or service.

Please note that typically we process data on the legal basis that it relates to a contract of insurance, or a contract to provide you with risk advice, so the right to erasure, which does not apply to personal information processed for a contractual purpose, will not be applicable in many instances.

However, we may also collect personal data for marketing purposes from publicly available sources or product development purposes where it is in our legitimate interests to do so.

How do we use your personal information?

We will use your personal information for the purposes set out in the table below.

Purpose for which we may process your data Legal basis for processing this data
Assess and provide the products or services that you have requested; this may include a search with a credit reference bureau, or data enrichment services Processing in connection with a contract
Communicate with you to provide our services, including risk advice Processing in connection with a contract
Develop new products and services Legitimate interests
Undertake statistical and risk analysis This will be on a legitimate interested basis unless we conduct specific work for you on a contractual basis
Marketing and self-promotional activity Legitimate interests

We may also take the opportunity to:

  • Contact you about products that are closely related to those you already hold with us
  • Provide additional assistance and advice about risk and insurance news, products, or services, as part of any advised insurance services that we provide to you
  • Notify you of important functionality changes to our websites

From time to time we may use your information to provide you with details of marketing or promotional opportunities and offers relating to other products and services from other companies in The Ardonagh Group, subject to relevant marketing regulations and permissions.

If you do not want to receive marketing information about our products and services, or marketing from the Ardonagh Group please inform your usual contact.

From time to time we will need to call you for a variety of reasons relating to your products or service (for example, to update you on the progress of a claim or to discuss renewal of your insurance contract). We are fully committed to Ofcom regulations and have strict processes in place to ensure we comply with them.

To ensure the confidentiality and security of the information we hold, we may need to request personal information and ask security questions to satisfy ourselves that you are who you say you are.

We may aggregate information and statistics on website usage or for developing new and existing products and services, and we may also provide this information to third parties. These statistics will not include information that can be used to identify any individual.

Any new information you provide us may be used to update an existing record we hold for you.

Securing your personal information

We have implemented mandatory security procedures in the storage and disclosure of your personal information in line with industry practices, including storage in electronic and paper formats.

We store all the information that you provide to us, including information provided via forms you may complete on our websites, and information which we may collect from your browsing (such as clicks and page views on our websites).

We also require our business partners, suppliers, and third parties to implement mandatory security procedures that are equivalent to our own, to protect your information from unauthorised access, use, and disclosure.

When do we share your information?

To help us prevent financial crime, your details may be submitted to fraud prevention agencies and other organisations where your records may be searched, including the Claims and Underwriting Exchange (CUE).

In addition to companies within the Ardonagh Group, third parties (for example insurers or data enrichment services, credit lenders or claims management companies) deliver some of our products or provide all or part of the service requested by you. In these instances, while the information you provide will be disclosed to these companies, it will only be used for the provision and administration of the service provided (for example verification of any quote given to you or claims processing, underwriting and pricing purposes or to maintain management information for analysis).

We, or our partners, may make searches of your credit history.

We may use firms involved in financial management regarding payment.

We may also share your data with other companies who carry out market research on our behalf and who may contact you for the purposes of obtaining feedback on the products and services we offer.

We may share corporate contact information within The Ardonagh Group of companies to assist in providing you with risk advice and keeping you informed about additional products and services. For more information on the companies within the Ardonagh Group, please click here http://www.ardonagh.com/about-us/business-portfolio.

The data we collect about you may be transferred to, and stored at, a destination outside of the European Economic Area (“EEA”). It may also be processed by staff operating outside of the EEA who work for us or for one of our suppliers. Such staff may be engaged in, amongst other things, the provision of information you have requested. Whenever we send information outside of the EEA, we will ensure that we have taken the appropriate steps to do so in a manner compliant with the relevant data protection legislation.

If we provide information to a third party we will require it and any of its agents and/or suppliers to take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this notice.

We may of course be obliged by law to pass on your information to the police or other law enforcement body, or statutory or regulatory authority.

We may also share your information with anyone you have authorised to deal with us on your behalf.

How long do we keep your information for?

We will not keep your personal information longer than is necessary for the purpose for which it was provided unless we are required by law or have other legitimate reasons to keep it for longer (for example if necessary to meet legal and regulatory obligations).

We will typically keep information for no more than 7 years and 1 day after termination or cancellation of a product, contract or service we provide. In certain cases, we will keep your information for longer, particularly where a product includes liability insurances or types of insurance for which a claim could potentially be made by you or a third party at a future date, even after your contract with us has ended.

Your rights

There are a number of rights that you have under data protection law. Commonly exercised rights are:

  • Access - You may reasonably request a copy of the information we hold about you. ICO guidance
  • Erasure – where we have no legitimate reason to continue to hold your information, you have the right to have your data deleted (sometimes known as the right to be forgotten). ICO guidance
  • Correction – you may request correction of the personal information we hold about you to enable any incomplete information to be corrected. ICO guidance
  • We may use automated decision making in processing your personal information for some services and products. You can request a manual review of the accuracy of an automated decision if you are unhappy with it. ICO guidance

Further details of your rights can be obtained by visiting the ICO website at https://ico.org.uk/your-data-matters/

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us by email to advisorydataprotection@ardonagh.com or in writing to The Ardonagh Advisory Data Protection Officer, 2nd Floor, The Octagon, Colchester, CO1 1TG You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk