Privacy Notice
Introduction:
We are committed to ensuring your privacy is protected. Please take time to read this document carefully as it contains details of the basis on which we will process (collect, use, share, transfer) and store your information. You should show this notice to all parties related to any service or related insurance arrangement. If you have given us information about someone else, you are deemed to have their permission to do so.
If you have any questions or need further information you can e-mail DPO@jensten.co.uk or write to our Data Protection Officer, Jensten Group Limited, Coversure House, Washingley Road, Huntingdon, Cambridgeshire, PE29 6SR.
Who we are
We are Melville Burbage Insurance Services Ltd, operating under the trading names, Melville Burbage and Melksham Insurance Brokers. Company registration number 06404074, ICO ref Z1152151; we operate as an Insurance Intermediary. We are part of the Jensten Group of companies and will, at all times, treat all personally identifiable information strictly in accordance with The UK General Data Protection Regulations (“UK GDPR”), supported by the Data Protection Act 2018 (“DPA 2018”).
For more information on the Jensten Group of companies please visit www.jensten.co.uk.
How we collect your personal data
We usually use direct interaction to collect data from and about you through telephone, email, letter, or face to face communication. We also use online forms and quotation facilities for certain policy types. These may be websites administered by Jensten Group or by a third-party provider on our behalf.
What information we collect and how we use this information
We may collect, use, process, store and transfer different kinds of personal data about you for the purpose of arranging your contract(s) of insurance, that is necessary under the lawful basis of contract. We may also use this data to arrange premium finance for you at your request. We do not collect data that we do not need, the data we could collect is categorised as follows:
Identity data: Full name, previous names, title, date of birth, gender, NI number, passport number, driving licence number.
Contact data: Email address, residential address, telephone numbers.
Financial data: Bank details, payment card details.
Insurance data: Claims history, occupation. We may also request special categories of personal information in relation to medical history, any offences, or alleged offences.
Where we need to collect personal data under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case we may have to cancel the insurance that you have in place, and we will notify you if this is the case.
Lawful basis
We will ensure data is processed lawfully, fairly and in an open and transparent manner and ensure appropriate security measures are in place against unauthorised or unlawful processing or accidental loss, destruction or damage using appropriate technical or organisational measures (such as restricting access to key people within our organisation for certain aspects of your information; and periodically checking the level of security we apply to prevent unauthorised use, accidental loss, or misuse of your information).
If you are providing personal data on behalf of a third party, you must provide them with a copy of this privacy notice and obtain any consent where we require it for the processing of their data.
Automated decision making and profiling
In certain circumstances such as, our online- Quote & Buy systems, or when a quotation is requested, or changes are made to an existing policy or at each renewal of an insurance arrangement, any or all of our group companies assessment may involve an automated decision to determine whether we are able to provide an insurance arrangement. Individuals can object to us using an automated decision (see the individual rights section) however in those situations it may prevent us from being able to provide you with insurance.
When processing personal data for profiling purposes, we will ensure appropriate safeguards are in place, ensuring:
a. processing is fair and transparent and provides meaningful information about the logic involved; as well as the significance and the envisaged consequences;
b. use appropriate mathematical or statistical procedures for the profiling;
c. appropriate technical and organisational measures are in place to enable inaccuracies to be corrected and minimise the risk of errors; and secure your personal data in a way that is proportionate to the risk to your interests and rights and prevents discriminatory
For our quotation systems we may use external data from credit agencies, Electoral Roll, etc. to help in decision-making on pricing and risk acceptance. This may be regarded as “profiling” as defined in the legislation.
As explained (a-c above), we have safeguards in place in the event that this has a legal or similarly significant effect on individuals. We do not consider that our processing poses such risks, but you have rights to further information on these processes as explained below.
Marketing
When marketing to you as an individual (including individual sole traders and partnerships), we may share your Personal Data with other companies in the Jensten Group so that they can provide you with information about their products and services. We will rely on the lawful basis of either your prior consent or legitimate interest to contact you, such as by phone, e-mail, push notifications, SMS text, or post, to tell you about products or services we have or are developing which we think may be of interest to you.
Within the Jensten Group, we operate under a number of brands and you may receive such communications from the following of our owned brands and trading names. You can view a full list of our owned brands and trading names here.
You have the right at any time to stop us from contacting you for marketing purposes and may opt out at any time by contacting the DPO on the details below with your instructions.
We may also share limited information with specified Third Parties in order to gain feedback on our service to you, we do this under the basis of legitimate interest. Should we need to use your information for any other purpose we shall request your consent to do so.
Data Controller & Data Processor
The contractual arrangements we have in place with our suppliers (e.g. insurance companies, our client database software providers, lead generation, and similar providers of services to us, including other third-party companies who use our services), are governed by and shall be deemed to operate strictly in accordance with the terms of such contracts. Importantly, from your perspective, these contracts set out to define how data will be processed between us, including circumstances when we act as a processor or controller as is required by the UK GDPR.
Use & Storage of your Information Overseas
We will never knowingly transfer, store, or process information about you or an individual, outside the Europe an Economic Area (EEA). In the event that we are compelled to transfer your information outside the EEA (e.g. because it is an insurance arrangement with an Insurance Company who is outside the EEA or part of a larger group of companies who pass information outside the EEA) it shall be in compliance with the conditions for transfer set out in the GDPR and or restricted to a country which is considered to have adequate data protection laws. All reasonable steps shall typically have been undertaken to ensure the firm to which information is being transferred has suitable standards in place to protect such information.
What we will not do with your information
Unless required to do so by law, or for other similar reasons, other than those outlined (see sharing your information) we will never otherwise share personal information without legal basis or without ensuring the appropriate care and necessary safeguards are in place; we will in any other event ask for your consent to share that information and explain the reasons.
How long we will keep personal data
We will only keep and / or maintain information about an individual for as long as is necessary in providing our products and services, or for compliance with a legal or regulatory obligation, including our legitimate interests or the interests of the controller where we are the processor.
This means, we will only keep information that is necessary so that we can sufficiently deal with administrative issues, queries, claims and / or for compliance with legal reasons; usually we will keep information for a minimum retention period of 7 years after cessation of a product or service we have provided. For Employer’s Liability and certain other specific classes of business that require it, we will retain data indefinitely.
Changes to the Privacy Notice and Your Duty to inform us of changes
This Privacy Notice will be updated from time to time and was last updated on 8 August 2024.
It is important that personal data we hold about you is accurate and current. Please ensure that you keep us informed if your personal data changes during your relationship with us.
Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information that we hold about you.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not usually required to pay any charge for exercising your rights, but we do reserve the right to make an administrative charge for Subject Access Requests if requests are deemed manifestly unfounded or excessive. If you make a request, we have one month to respond to you, but we are permitted by the UK GDPR to extend this by a further two months if the request is sufficiently complex or if you submit a number of requests.
Please contact us at the details provided below if you wish to make a request.
Data Protection Officer contact details:
If you have any cause for concern about our handling of personal information, please contact us using the details below:
Data Protection Officer, Jensten Group Limited, Coversure House Vantage Park, Washingley Road, Huntingdon, Cambridgeshire, PE29 6SR
Or email: DPO@jensten.co.uk
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, Helpline number: 0303 123 1113 and ICO website: https://www.ico.org.uk