Privacy policy

1. Who we are and how we approach your privacy

In this privacy notice “we”, “us” and “our” refers to Insurance Factory Limited. Our registered address is: 45 Westerham Road, Bessels Green, Sevenoaks, Kent, TN13 2QB.

We are registered with the ICO, registration number Z7031675.

We are part of the Markerstudy Group of companies. If you want to know more about the Markerstudy Group please go to www.markerstudygroup.com/about-us.

We offer different types of insurance products and this privacy notice relates to our Motor and Home insurance policies (including policies with telematics). We offer our Motor and Home policies under a number of brands including Insurance Factory, Lancaster, Masterquote, Reis, Motorhome Protect, Insurance Choice and The Taxi Insurer.

We take the privacy and security of your personal information very seriously and want you to be confident that information held by us is well managed and protected. We have set out in this notice how we and/or our carefully chosen third parties collect, store, use and share your personal information.

We are a controller of your data. This means we determine the purpose for which we use your personal information and the way in which it is used. When you take out an insurance policy then a third party insurer or ‘underwriter’ will also be a data controller. Depending on exactly how you started your relationship with us other companies (such as insurance brokers) may also be considered controllers of your data. Where a third party is involved in the use of your data we strongly recommend you review their privacy notice so you can understand how they will collect, store, use and share your information.

If you have elected to have a telematics unit, Smart Drivers Club Limited is also a Data Controller in respect of the data collected via that unit.  It will also act as a processor for us in respect of some data.

We have appointed a Data Protection Officer to oversee our handling of personal information. If you wish to know more or want to get in touch about your data, you can contact our Data Protection Officer at: 45 Westerham Road, Bessels Green, Sevenoaks, Kent TN13 2QB or emailing: dataprotection@markerstudy.com

 

2. What personal information do we collect and where does it come from?

 

The information we collect about you will be different depending on the service involved and your personal circumstances, this includes information such as:

  • your general personal information such as name, address, date of birth
  • what you are seeking to insure
  • financial information such as payment card details
  • photographic images, video footage and audio recordings
  • the personal information of other individuals relevant to the insurance (e.g. another individual who wishes to be named on the policy)
  • your insurance claims history
  • criminal offence information relevant to the insurance
  • special categories of personal information such as health or medical information relevant to the insurance
  • your credit history
  • your use of our websites
  • Location and telemetry data from the ‘black box’ installed in your vehicle and/or tracking application installed on your mobile device.

If you provide personal information to us about other individuals you should:

a. Make sure you only share an individual’s personal information with us if you have their permission to do so

b. Share this privacy notice with all individuals whose information is provided to us.

We collect information about the following types of individuals:

  • previous, current and prospective customers/policyholders
  • previous, current and prospective parties covered under an insurance policy we administer, place or underwrite
  • persons authorised to speak to us on behalf of a customer or policyholder
  • third party claimants
  • witnesses to incidents
  • experts instructed in relation to claims
  • users of the Markerstudy Group websites
  • business partners
  • drivers of a vehicle fitted with a telematics device.

We may obtain personal information in a number of different ways:

  • from you or someone connected to you (quote, renewal, policy amendment, complaint, claim etc)
  • from insurance brokers and/or price comparison sites (also known as “aggregators”) on which you have submitted your information
  • from third party databases used by the insurance industry (e.g. DVLA, Motor Insurers Bureau)
  • from our suppliers (e.g. to assess damage following a claim)
  • from publicly available sources (e.g. the electoral register)
  • from other insurers with whom you have held insurance (e.g. to verify no claims eligibility)
  • from credit reference agencies
  • from other companies within the Markerstudy Group
  • from a telematics device installed in an insured vehicle.

If you have any questions about the personal information we collect and use you can get in touch.

 

3. Why do we collect your personal information and how will we use it?

 

We only collect personal information which is necessary and will only use that information when it is appropriate to do so. When an activity does not require personal information we will seek to anonymise (remove personal identifiers from) the information involved wherever possible.

We may collect information about you and your personal circumstances, in line with our regulatory responsibilities to identify customer vulnerability. This can include the recording and use of special category data relevant to you and your insurance which you choose to tell us. We will use this information to help identify and assist where possible, should additional support and assistance be required. We use anonymised data taken from this information to make improvements which help us to better meet the needs of our customers in the future.

When you purchase a policy or renew with us, we may use the Trustpilot platform to send you an invitation to leave a review and rate our service and products. You can unsubscribe at any time using the link in your invitation email.

If you want to understand more about why and how we use your information please use the How to contact us section to get in touch.

We may collect and use your personal information for the following purposes:

 

1. Services which relate to providing you with a quote and/or insurance policy as part of a contractual relationship

This includes:

 

  • Applying for and arranging your insurance, referring to relevant databases to verify information provided and carry out fraud and anti-money laundering checks
  • Evaluating your application and ability to pay for your policy by instalments. This may involve sharing your personal information with credit reference agencies. (See our section on credit reference agencies for more detail)
  • Ongoing management of your policy including amendment, claims, complaints and notifying you of changes to your policy
  • Providing you with the services we have committed to in your policy documents and allow you to participate in interactive features of our services / websites. This may include the transfer of your information to third parties where this is necessary for the provision of a service or product feature.

This use of your personal information is a necessary part of assessing your application, providing you with a quote and offering you insurance. If we do not have this information we will be unable to assess your application and / or provide you with cover.

When we assess your application we will use automated methods to make decisions. More information on this can be found in our section on Automated Decision-Making.

 

2. Where our interests mean it is reasonable and justifiable for us to do so (known as a legitimate interest)

This includes:

 

  • Providing you with a quote
  • Collecting information about you from databases as described in this notice and verifying information you provide against those databases
  • Sharing information with other firms, industry and public bodies necessary to the conduct of our business
  • Recovering outstanding payments
  • To provide you with information about products or services we feel may interest you (see our section on Marketing for more information)
  • Data analysis to support, review and improve our products and services
  • Audit and quality control to improve our customer service and training and to run our business well, this includes call recording or monitoring and may include the use of voice analytics
  • Strictly necessary website cookies such as those which allow the navigation and use of essential website features, or for website maintenance and improvement, more information can be found on our Cookie Policy
  • For development of our business operations, including for troubleshooting, data analysis, testing, research, statistical and survey purposes.

 

3. Where we have your permission to do so

This includes:

4. Where there is a legal requirement to share personal information

 

 

  • To assist with the detection, prevention or investigation of criminal offences (e.g. detection of fraud, money laundering or organised crime), this includes the sharing of personal information in line with a legitimate request from a UK law enforcement agency.

 

Our approach to more sensitive types of personal information (criminal offence and special category information)

 

 

  • When we collect, store and use certain types of sensitive information such as special category (e.g. health or medical records) data or criminal offence data, data protection law includes additional safeguards.
  • You can be assured that we will always minimise the use of this type of information.
  • When we do have cause to use your special category information we will usually do so with an additional specific purpose. This will normally be when processing is necessary for the establishment, exercise or defence of legal claims or when there is a substantial public interest in processing it for insurance purposes (i.e. using this type of information for that purpose is an integral part of the wider public benefits which result from the UK insurance industry).
  • Similarly if we use personal information that relates to a criminal offence we will usually do so for an insurance purpose.

 

4. Who do we share your personal information with and why?

 

We may share your information with:

  • Other brands or companies within the Markerstudy Group of companies (see About Us section for more information)
  • Other insurers, reinsurers, partners, agents or carefully selected third parties – This is usually when a third party either provides services to us (e.g. our postal supplier) or we use a third party to fulfil a service to you on our behalf (e.g. assessing damage following a claim)
  • Third parties that we use to help us identify and maintain accurate information (e.g. payment card providers)
  • Third parties who provide finance facilities in relation to an insurance premium (e.g. when you choose to pay for your insurance premium on a monthly payment basis)
  • Other companies we partner with to provide you with insurance (e.g. insurance underwriters). If your policy is underwritten by another insurer you will be notified of this in your policy documents. We strongly recommend you also review the privacy notice of your underwriter so you understand how they will collect, store and use your information
  • Statutory, regulatory, supervisory or otherwise authorised public bodies (examples include the Financial Conduct Authority, the Prudential Regulatory Authority and the Information Commissioner’s Office) to provide required information.
  • Organisations where we have a duty to disclose your personal information under applicable law (e.g. a UK police force or court)
  • Medical professionals (e.g. in relation to facilitating claims which necessitate medical assessment)
  • Financial crime detection agencies, providers who update on sanctions and third parties who maintain fraud detection databases or provide assistance with investigation in cases of suspected fraud
  • Insurance industry bodies such as the Motor Insurers’ Bureau (MIB) and the Association of British Insurers (ABI)
  • We share information with credit reference agencies to check your credit history. You can find more information on this in our use of credit reference agencies section
  • Third parties with whom you have given us permission to share your information or when you have agreed to benefit from an offer of service fulfilled by them (e.g. promotional vouchers)
  • Third parties in association with recovery of monies owed in relation to your insurance policy, including the sale of debt to a third party
  • We may pass information to third parties for the fulfilment of promotions. This will only be completed where we have appropriate permission to do so. More information on this is available in our section on Communications Promoting Products and Services (Marketing)
  • Another company, where some or all of our business is being sold to them. To ensure cover continues uninterrupted and, as part of any prospective sale, we may share personal information with the purchaser. Any prospective purchaser would be under a duty of confidentiality which covers all personal information that is shared with them
  • Transfer of your information following sale of your policy to another insurer (if this happens we would specifically notify you of this and you will be able to exercise your right to object (see the Your Information Rights section for more detail on this right)
  • Piloting improved systems and services. This may be facilitated wholly or in part by third parties
  • Third parties where you have given permission for us to do so and it is reasonable for us to believe they are acting on your behalf.

We take your security and privacy very seriously and will only share your personal information in a way that is consistent with UK data protection law.

 

5. Will we transfer your personal information internationally?

 

The UK has implemented rigorous standards of data protection designed to keep your personal information safe. Whenever possible we will seek to keep your personal information within the UK. If we do need to transfer, store or use the personal information we hold about you outside of the UK, we will either verify that the location your information is being processed in is one the UK Government has determined to match the UK’s own safeguards (known as “adequacy”), or we will put in place such additional protections as are required to make sure it remains suitably secure. This means your information should keep a similar level of protection at all times.

Transfers outside of the UK may be completed by us or by our third party partners and suppliers. We include requirements necessary to protect personal data in the contracts we agree with third parties and periodically assess and review the arrangements that those third parties have in place, to make sure their information security measures are maintained in line with the requirements of data protection law and industry best practice.

 

6. Communications promoting products and services (marketing)

 

We may contact you in relation to products or services which are similar to the products or services you hold (or have applied for). When we engage with you (by phone, email or website) we will give you the opportunity to choose to not receive such communications. You will be given the choice over the method of communication (e.g. email, telephone, SMS). Depending on the options available at the time and the choices you make you may receive promotional offers in relation to:

  • Similar products and services for other companies within the Markerstudy Group
  • Similar products and services from selected third parties.

We may send this information to you directly or via third parties such as search engine operators and marketing companies on our or the Markerstudy Group’s behalf.

How do I stop promotions from being sent to me?

You can stop us contacting you about products and services at any time by:

  • Clicking on an ‘unsubscribe’ option in an email
  • Getting in touch using the contact details provided in your product documentation
  • Using the Contact Us details provided in this notice.

Although requesting this will mean we stop all communications promoting products or services, we will of course continue to send you service related communications where necessary.

Please note that there is no personal information used in our online ad campaigns so you will need to check your browser or social media settings to avoid seeing these.

 

7. How long will we keep your personal information for?

 

We will only keep your personal information for as long as reasonably necessary, as set out in this Privacy Notice and in order to comply with our contractual, legal and regulatory obligations. 

We have in place a Document Retention Policy which controls how long various types of information should be retained. The Policy is reviewed on a regular basis to ensure that it aligns to current legal and regulatory requirements.

 It is important that you are aware that retention periods vary depending upon the circumstances of an individual matter, but in general our retention periods for customer facing documentation can be set out as follows:

  • quote information – usually 13 months from quote inception
  • policy information – usually 7 years from cancellation of policy (some policies have a longer retention period as required by regulation)
  • claims information – usually 7 years from date of last settlement / order (this period may be extended if the claim involves a minor or the accident resulted in particularly severe injury)
  • complaints information – maximum of 7 years in accordance with the policy retention period.

 If you would like further information regarding the periods for which your personal information will be stored, please get in touch using the Contact Us details provided in this notice.

 

8. When do we use computer systems to make automated decisions about you?

 

Some of our decisions are made automatically by a system or computer reviewing your personal information. This means the decision is calculated using certain automatic processes rather than being made by one of our employees and is known as ‘automated decision-making’.

Our assessment of your insurance application will involve an automated decision to determine whether we are able to provide a quotation (and if so at what price). The decision involves the use of systems which apply our pricing and business acceptance rules. These systems rely on the information you provide to us about yourself and about other relevant individuals. They use this information to automatically determine whether we are able to provide a quotation and, if so, the price we are willing to offer you.

This assessment involves the use of information obtained from third party companies known as credit reference agencies. The assessment includes the use of information such as verification of residence at the address provided, historic payment behaviour on financial products, prior insolvency and any relevant past county court judgements. The outcome of the assessment may result in us varying our offered payment method or we may decline to offer you a quote. For more information please see the section in this notice on Our Use of Credit Reference Agencies.

You have a right to not be subjected to automated decision-making, however you should be aware that if you object to us making an automated decision that is necessary for us to offer you cover or determine your insurance premium, then we will be unable to provide you with an insurance quotation or renewal. For more information on how to exercise your rights in relation to automated decision-making see our Your Information Rights section.

When you purchase the policy and pay by direct debit or annually, we may opt you in to automatic renewal. It is important that you know that you can opt out of this automatic renewal at any time.

If your vehicle is fitted with a telematics unit we will use telematics data collected to determine whether we wish to offer you a further policy and, if so, the applicable premium. Some aspects of this assessment are completed using automated means.

 

9. Our use of credit reference agencies

 

Credit reference agencies are companies that collect, record and monitor an individual’s credit history. We share information with credit reference agencies to check your credit history.

To assess applications we send your personal information to a credit reference agency and they provide us with information about you which is relevant to that application. We do this for a number of reasons including affordability, product suitability, and creditworthiness. We also use this to verify your identity and, where applicable, as part of the recovery of debt. This is what is commonly referred to as a “credit check”. This check is recorded on your credit reference file but does not affect your ability to apply for credit or other financial products.

You should be aware that if you take out a product using credit, failing to make agreed payments may affect your credit history and can affect future applications you make for credit.

We will continue to exchange relevant information with credit reference agencies on an ongoing basis. Credit reference agencies will share your information with other organisations for similar purposes. TransUnion are the main credit reference agency we partner with and are a controller of your data in their own right. For more information on how TransUnion use your information please refer TransUnion’s own privacy notice.

For information on how credit reference agencies handle information you can refer to the Credit Reference Agency Information Notice at:

 

10. Your information rights

 

Data protection law gives you legal rights in relation to your data. We have detailed these below and provide a short summary of our approach to each.

In some cases exercising one or more of these rights may result in us no longer being able to provide a product or service to you. Where this is the case we will inform you and give you the choice of exercising the right or continuing the product or service.

You should also be aware that we may not be able to agree to a request to exercise a right (for example when your request would negatively impact another individual, or the law requires that we do not). If this is the case we will always inform you of our decision and the reason why we have not been able to agree to it.

We will aim to respond to all valid requests within one month. We may take longer to respond if your request is particularly complex or it relates to a particularly large volume of information. If we believe your request is likely to take over one month we will engage with you to make you aware of this.

We may ask you for proof of identity so that we can satisfy ourselves that your information is only ever released to the right person. We may also ask for clarification on your request to better understand what information you wish to receive or clarify any concerns you have.

 

1. The right to access your personal information

 

 

You have the right to access a copy of the personal information we hold about you and certain details of how we use it.

There will not usually be a charge for dealing with these requests, although we may charge a reasonable fee to cover our administrative costs if:

  • Your request is manifestly unfounded or excessive
  • You request further additional copies of your data.

 

2.The right to rectification

 

 

We take reasonable steps to ensure that the personal information we hold about you is accurate and up to date. However, if you do not believe this is the case, you can ask us to update or amend it.

 

3.The right to erasure

 

 

In certain circumstances, you may ask us to erase your personal information.

 

4.The right to restriction of processing

 

 

In certain circumstances, you are entitled to ask us to stop using your personal information.

 

5.The right to data portability

 

 

In certain circumstances, you have the right to ask that the personal information you have provided is transferred to another third party of your choice. This is most likely to be when you choose to switch a provider (e.g. moving your current account from one bank to another). All requests to move information in this way are reviewed on a case-by-case basis, to assess whether they meet the UK GDPR criteria for data portability.

 

6. The right to object

 

 

  • You can ask us to stop sending you marketing messages at any time.
  • You may also object where you have a reason based on your circumstances and we are using your personal information for our legitimate interests (see Why do we collect your personal information and how will we use it? for further details on this). You should be aware that, as long as we can demonstrate a compelling reason to use your personal information, we may continue to do so.

 

7. The right to not be subject to automated decision-making (including profiling)

 

 

You have a right to not be subject to automated decision-making (as described in our section on Automated Decision-Making) and where automated decision-making is used in the assessment of your application or fraud prevention, you can contact us to request that any declined decision is reconsidered. If you want to opt out of automated decision-making, let us know, although in some circumstances this may mean we can’t offer you a quote or policy as some automated decisions are necessary to provide you with insurance.

 

8. The right to withdraw consent

 

 

For certain uses of your personal information, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information.

 

9. The right to be informed about communications following a request under rectification, erasure and restriction of processing

 

 

When we carry out a rectification or erasure of your personal information or a restriction of processing request, we are required to communicate this to the relevant recipients of that information (our suppliers and business partners). This is to make sure all necessary corrections, deletions and restrictions flow through to all records, held by us and by our business partners, which include your information. When we do this you have the right to request that we inform you who those recipients are.

 

10. Right to raise data concerns (complaints)

 

 

You have a right to complain to the Information Commissioner’s Office (ICO) if you believe that any collection, use or storage of your personal information by us is in breach of applicable data protection laws and regulations.


The ICO will usually ask that you try and resolve issues in relation to our handling of your information with us directly before referring your complaint to them, and we would recommend you contact us to allow us the opportunity to investigate and address your concerns.


More information can be found on the ICO's website at: www.ico.org.uk/concerns. Making a complaint will not affect any other legal rights or remedies that you have.

 

11. How to contact us about your requests or concerns

 

If you wish to exercise a right in relation to your information or have a complaint about how we collect, use or store your information, you can get in touch with our data protection team using:

dataprotection@markerstudy.com

Or by post at:

Data Protection Officer, 45 Westerham Road, Bessels Green, Sevenoaks, Kent. TN13 2QB.

When you make your request by electronic means, the information will be provided to you by electronic means whenever possible.

 

12. Privacy notice updates

 

We keep our Privacy Notice under review and will update it to reflect important changes which affect how we use your personal information or how we are require to communicate its use to you.

Those changes may be due to government regulation, new technologies, or other developments in data protection laws or privacy generally.

You should check our website periodically to view the most up-to-date Privacy Notice.

This Privacy Notice was last updated on: [30/09/2022]