Fair Processing Notice
The privacy and security of your information is important to us. This notice explains who we are, the types of information we hold, how we use it, who we share it with and how long we keep it. It also informs you of certain rights you have regarding your personal data under UK data protection law. We will update this notice as required. Therefore, we suggest you revisit the copy of this notice on our website periodically to keep yourself informed.
The meaning of terms and phrases used in this Fair Processing Notice are based on those used by the Information Commissioner’s Office. You can find out more about the ICO here: https://ico.org.uk/.
Who are we?
Footman James is a trading name of Advisory Insurance Brokers who are registered with the Information Commissioner’s Office and are the Data Controller of the information you provide us for the products and services we offer.
You can contact us for general data protection queries by email to: advisorydataprotection@ardonagh.com or in writing to The Ardonagh Advisory Data Protection Officer, The Octagon, Colchester, CO1 1TG. Please advise us of as much detail as possible to comply with your request.
For further information about The Ardonagh Group of companies please visit http://www.ardonagh.com/about-us/business-portfolio. Please note that different parts of the group may have different data protection officers.
What information do we collect and from whom?
To enable us to provide you with the products or services to meet your needs we will collect personal information which may include your name, telephone number, email address, postal address, occupation, date of birth, additional details of risks related to your enquiry or product and payment details (including bank account number and sort code) from you or your representative. For corporate insurances, we may require similar information about your employees. Some of these details may also be required about other individuals who will benefit from the product or services we provide such as family members, dependants or employees.
In some of our call centre operations we may routinely record telephone conversations, and on some our websites we may record information about the website journeys that have been taken.
When conducting risk surveys or handling claims we may process pictures, videos and dashcam footage provided by you, or taken by other parties including assessors, members of the public and claimants.
We also may need to request and collect sensitive personal information such as details of convictions or medical history, for us to provide you with the product or service, or to process a claim.
We only collect and process sensitive personal data where it is critical for the delivery of a product or service and without which the product or service cannot be provided.
We may also collect personal data for marketing purposes from publicly available sources or product development purposes where it is in our legitimate interests to do so.
How do we use your personal data?
We will use the personal data you provide to us for the purposes set out in the table below.
Purpose for which we may process your data | Legal basis for processing this data | Typical Retention Period | |
Assess and provide the products or services that you have requested; this may include a search with a credit reference bureau, or data enrichment services | Processing in connection with a contract | 7 years from the end of the relevant contract unless there are liabilities or a likelihood of later occurring claims | |
Communicate with you to provide our services, including risk advice and analysis | Processing in connection with a contract | 7 years from the end of the relevant contract unless there are liabilities or a likelihood of later occurring claims | |
Develop new products, systems and services | Legitimate interests | 7 years from the end of the relevant contract unless there are liabilities or a likelihood of later occurring claims | |
Undertake statistical and risk analysis | This will be on a legitimate interested basis unless we conduct specific work for you on a contractual basis | 7 years from the end of the relevant contract unless there are liabilities or a likelihood of later occurring claims | |
To assess and offer the products or services that you have previously requested | Legitimate interests | 3 years from the date of collection of risk data | |
Training AI models | Legitimate interests | 3 years from the date of collection of risk data | |
Marketing and other self-promotional activity, market research, customer feedback and/or customer sentiment analysis | Legitimate interests | 3 years after the last date of contact | |
Support monitoring and quality management of our employees and processes | Processing in connection with a contract | 3 years | |
Complaints, auditing and other meeting other regulatory requirements | FCA regulations | 6 years from the closure of the complaint | |
Sale or negotiations with a view to selling or refinancing all or part of our business | Contractual | 6 years from the closure of the divestment project | |
To discharge FCA and/or ICO regulatory responsibilities e.g. complaints handling, treat customers fairly, supporting clients with additional needs | Regulations (statutory purpose) | 7 years from the end of the relevant contract unless there are liabilities or a likelihood of later occurring claims | |
Prevention and detection of financial crime | Financial Crime regulations (statutory purpose) | 5 years |
In the course of arranging and administering insurance we may, in certain circumstances, need to process special classes of personal information, typically medical or criminal conviction data. The typical legal basis we process these classes of data on is the insurance substantial public interest condition which can be found in part 2 of schedule 1 of the data protection act 2018. Our appropriate policy document in respect of this use is available upon request from advisorydataprotection@ardonagh.com.
Please note that as we typically process data on the legal basis that it relates to a contract of insurance, or a contract to provide you with risk advice, the right to erasure, which does not apply to personal information processed for a contractual purpose, will not be applicable in those instances. This also means that you will be unable to withdrawn consent for personal data that is not processed on the basis of consent, as contractual data will need to be retained for contractual reasons.
We may also take the opportunity to
Contact you about products that are closely related to those you already hold with us
Provide additional assistance and advice about risk and insurance news, products, or services, as part of any advised insurance services that we provide to you
Notify you of important functionality changes to our websites
Occasionally, we may use your information to provide you with details of marketing or promotional opportunities and offers relating to other products and services from other companies in the Ardonagh Group, subject to relevant marketing regulations and permissions.
From time to time we will need to call you for a variety of reasons relating to your products or service (for example, to update you on the progress of a claim or to discuss renewal of your insurance contract). We are fully committed to Ofcom regulations and have strict processes to ensure we comply with them.
To ensure the confidentiality and security of the information we hold, we may need to request personal information and ask security questions to satisfy ourselves that you are who you say you are.
We may aggregate information and statistics on website usage or for developing new and existing products and services, and we may also provide this information to third parties. These statistics will not include information that can be used to identify any individual.
Any new information you provide us may be used to update an existing record we hold for you.
Securing your personal information
We have implemented mandatory security procedures in the storage and disclosure of your personal information in line with industry practices, including storage in electronic and paper formats.
We store all the information that you provide to us, including information provided via forms you may complete on our websites, and information which we may collect from your browsing (such as clicks and page views on our websites).
We also require our business partners, suppliers, and third parties to implement mandatory security procedures that are equivalent to our own, to protect your information from unauthorised access, use, and disclosure
When do we share your information?
Recipient | Data Sharing Rationale |
Fraud prevention agencies including Claims and Underwriting Exchange (CUE) and the Motor Insurers Anti-Fraud and Theft Register (MIAFTR). | To help us prevent and detect financial crime |
Other Ardonagh Group companies | Risk management, risk analysis, which may include pricing analysis, and other related services to support our service to you. Also assist in providing you with risk advice and keep you informed about relevant products and services |
Companies involved in the administration of insurance including Loss adjusters, claims management companies, surveyors and other relevant experts | Administration of insurance |
Insurers | Obtaining and placing insurance covers |
Credit lenders | Finance and payment options |
Data enrichment and insight services | To maintain and improve client, prospect and risk information. To gain insights into our markets and how to reach them. |
Payment Management firms | To facilitate payments |
External auditors | To independently validate our controls |
Market Research companies | To help us obtain feedback and improve the services we offer |
Prospective buyers or alternative service providers | We may share your data with prospective buyers or alternative suppliers in the event that we wish to sell all or part of our business or need to transfer clients to another provider |
Police or other law enforcement body, or statutory or regulatory authority including but not limited to the Employer’s Liability Tracing Office (ELTO) and the Motor Insurance Bureau (MIB) | Statutory and legal obligations |
While the information you provide will be disclosed to these companies, it will only be used for the provision and administration of the service provided (for example verification of any quote given to you or claims processing, underwriting and pricing purposes or to maintain management information for analysis).
We, or our partners, may make searches of your credit history. These searches may leave a record on your credit history.
We may also share your data with other companies who carry out market research on our behalf and who may contact you for the purpose of obtaining feedback on the products and services we offer.
We may share your data within the group and with specialist third parties to enrich this data to provide greater risk insights into your business.
For more information on the companies within the Ardonagh Group, please click here http://www.ardonagh.com/about-us/business-portfolio.
We may share you data with prospective buyers or alternative suppliers in the event that we wish to sell all or part of our business or block transfer insurance risks to another provider.
We may also share your information with anyone you have authorised to deal with us on your behalf.
If we provide information to a third party, we will require it and any of its agents and/or suppliers to take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Fair Processing Notice.
Any personal references we give or receive are done so under and expectations of strict confidentiality.
International transfers
The data we collect about you may be transferred to, and stored at, a destination outside of the European Economic Area (“EEA”). It may also be processed by staff operating outside of the EEA who work for us or for one of our suppliers. Such staff may be engaged in, amongst other things, the provision of information you have requested. Whenever we send information outside of the EEA, we will ensure that we have taken the appropriate steps to do so in a manner compliant with the relevant data protection legislation, typically standard EU contractual clauses with a UK addendum. Transfer risk assessments are undertaken where appropriate.
Your rights
There are a number of rights that you have under data protection law. Commonly exercised rights are:
Access – You may reasonably request a copy of the information we hold about you.
Erasure - Where we have no legitimate reason to continue to hold your information, you have the right to have your data deleted (sometimes known as the right to be forgotten). Please note that this right does not apply to personal data processed in relation to a contract. Therefore, personal data related to contracts of insurance, including quotations, are not subject to this right.
Correction – you may request correction of the personal information we hold about you to enable any incomplete information to be corrected.
We may use automated decision making in processing your personal information for some services and products. You can request a manual review of the accuracy of an automated decision if you are unhappy with it.
The ICO has more information on all of your rights on the ICO website.
How to complain
If you have any concerns about our use of your personal information, our complaints policy and online complaint form can be found here. Alternatively, you can make a complaint to us by email to advisorydataprotection@ardonagh.com or in writing to The Ardonagh Advisory Data Protection Officer, The Octagon, Colchester, CO1 1TG.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk