DATA PROTECTION NOTICE

The protection of your personal data is important to the BNP Paribas Group, which has adopted strong common principles in relation to data protection for the entire Group and which are reflected in its Group Privacy Policy.

This Data Protection Notice provides you with detailed information relating to the protection of your personal data by: Pinnacle Insurance plc (trading as helpucover)

(“we”, “us”, “our”). The above companies are part of BNP Paribas Cardif and the BNP Paribas Group (both “Group companies”).

We are responsible for the collecting and processing of your personal data in relation to our activities. The purpose of this Data Protection Notice is to tell you which personal data we collect and process about you and why, who we share your data with and why, how long we keep it and how you can exercise your rights.

Where necessary, further information may be provided to you when you apply for, purchase, renew or make a claim in relation to a specific insurance product or service.

1. WHICH PERSONAL DATA DO WE COLLECT AND USE?

Depending on the data that is required from you for the type of insurance product or service we provide to you and to enable us to provide and improve our services, we may collect any of the following types of personal data about you including but not limited to any of the following types:

• identification information (e.g. name, address, date of birth, gender, national insurance number)
• contact information (e.g. postal and email address, telephone numbers)
• other household information (e.g. marital status, number of occupiers, number of vehicles, number of pets, other types of pet products you have purchased)
• financial information (e.g. bank account or payment card details, income)
• education and employment information (e.g. level of education, type of employment, employer’s name)
• data relating to your insurance contract(s) (e.g. policy number, methods of payment, duration, premium amounts, payments, discounts, claim history, complaint history)
• data necessary to assess your risk (e.g. your locality, information relating to your pet, loan, vehicle, electronic device, purchases and travel)
• data relating to your lifestyle and the insured assets (e.g. hobbies, interests, sports, vehicle use, occupation)
• data from your interactions with us (e.g. our websites, our apps, our social media pages, personal meetings, telephone calls, emails, interviews, correspondence, SMS, web chats);
• CCTV (e.g. where you visit our premises);
• data relating to the locality and geolocation of the insured person or asset or our services (e.g. vehicle geolocation)
• connection and tracking data (e.g. cookies, connections to online customer service, replies to online surveys)
• data relating to your participation in competition and promotional activities (e.g. date of participation, your answers, your pictures and the type of prizes)
• data necessary to prevent insurance fraud, money laundering and terrorist financing Where necessary and subject to your explicit consent, we may collect the following special categories of data for the reasons stated below:
• biometric data: (e.g. voice recognition)
• health data: data that is required to underwrite your insurance cover or to process your claim.
We do not collect or process any data relating to your racial or ethnic origin, political beliefs, religious or philosophical beliefs, trade union membership, genetic data or sexual orientation unless we have a legal obligation to do so. The personal data that we use may be collected directly from you or obtained from the following sources for the purposes of verifying or enriching our data:
• official public records (e.g. census data, electoral roll);
• our service providers;
• third parties such as fraud prevention agencies or data brokers (in accordance with data protection legislation);
• websites and social media containing publicly available information;
• data bases made public by third parties;

2. SPECIFIC CASES OF PERSONAL DATA COLLECTION INCLUDING INDIRECT COLLECTION

In certain circumstances, we may also collect and process information about you where you have no direct relationship with us. This may happen where your personal information is provided by, for example:

• A legal representative / executor / person with power of attorney / insolvency practitioner;
• The policyholder and/or other family members where you are a beneficiary of an insurance policy;
• A co-insured or co-insurer;
• An employer;
• Our commercial partners.

3. WHY DO WE USE YOUR DATA AND WHAT FOR?

a. To comply with our legal and regulatory obligations

• We use your personal data to comply with various legal and regulatory obligations, including:
• prevention of insurance fraud, money-laundering and financing of terrorism;
• compliance with legal and financial legislation and regulations;
• prevention of tax fraud, fulfilment of tax control and tax notification obligations;
• risk monitoring and reporting;
• responding to an official request from a duly authorised public, regulatory or judicial authority.

b. To perform a contract with you or to take steps at your request before entering into a contract

We use your personal data to enter into and perform our contracts, including:

• evaluating the details of the insurance risk in order to determine your premium or renewal premium (e.g. your expected claims frequency, claim cost and expected loyalty);
• handling your claims or complaints;
• providing you with information about your insurance contract;
• respond to your enquiries including a request to update your personal data when your circumstances change;
• evaluating if we can offer you insurance products or services and if so on which terms.
The above processes may include the making of automated decisions, where necessary, for the entering into or the performance of the contract.

c. To fulfil our legitimate interests

We use your personal data in order to offer and develop our insurance products and services, to improve our insurance risk management and to defend our legal rights for the following reasons:

• to prove purchase and premium payments (including the follow-up of rejected payments);
• to prevent fraud;
• to defend or pursue legal claims;
• for IT management, including infrastructure management, business continuity and IT operations and security;
• to establish individual statistical models allowing us to generate competitive premiums or offer you relevant products and services;
• to establish aggregated statistics, for research and development, in order to monitor risk and the performance of our businesses, improve existing products and services or create new ones;
• where we record calls for the purposes of staff training and monitoring, administering your policy, handling complaints, detecting or preventing fraud and other crimes, and to improve the quality of our services;
• to provide customer advisory services relevant to your quote and insurance product (e.g. pet healthcare advice, pothole reporting service, quote reminders and anniversaries);
• to personalise our and other BNP Paribas Group companies’ product offerings to you by:
• improving the quality of our insurance products or services (e.g. customer satisfaction surveys);
• advertising our products or services that might be of interest to you according to your situation and profile which we can assess by:
• segmenting our potential customers and policyholders;
• analysing your habits and preferences in the use of communication channels (e.g. our website and social media apps, emails or messages);
• sharing your data with another BNP Paribas Group company and, in particular, if you are or will become a customer of that other Group company; and
• combining data about your existing insurance products or services or those for which you have obtained a quote with other data that we already hold about you (e.g. where we identify that you have a pet but do not have pet insurance or you have a car but do not have warranty insurance);
• organising prize competitions and promotional campaigns.

d. Respecting your choices where we have requested your consent

In certain cases, we require your consent to process your data, for example:

• to send you communications for direct marketing purposes (e.g. emails, newsletters, SMS, telephone calls) unless you tell us you want to opt out of receiving any further communications by contacting us using the details set out in Section 9 below or by unsubscribing. If you do not exercise this right, you may continue to receive communications from us whether you hold an insurance product with us or not;
• Unless we can rely on another legal ground, where the above purposes lead to automated decision-making, which produces legal effects or which significantly affects you. At that point, we will inform you about the logic involved, as well as the significance and the envisaged consequences of such processing;
• Where we need to process your health data for the purposes of administering your claim - we will ask you to confirm your consent when completing your claim form;
• If we need to carry out further processing for purposes other than those above in Section 3, we will inform you and, where necessary, obtain your consent.

4. WHO DO WE SHARE YOUR PERSONAL DATA WITH?

For the purposes above, we only share your personal data with the following individuals or entities:

• the Group companies named above and their employees for the purposes of providing our services to you;
• independent agents, intermediaries, introducers or brokers (e.g. price comparison websites);
• co-insurers, re-insurers and our corporate insurers;
• any other party who has a legitimate interest in your insurance contract (e.g. your next of kin, a beneficiary or a third party claimant, and their representatives);
• social security agencies when involved in insurance claims or where we provide benefits complementary to social security benefits;
• BNP Paribas Group companies to offer the full range of products and services;
• service providers who perform services on our behalf;
• banking, commercial partners and brokers;
• financial or judicial authorities, arbitrators and mediators, state agencies or public bodies, upon request and to the extent permitted by law (e.g. Financial Ombudsman Service, Financial Services Compensation Scheme, HM Revenue & Customs);
• certain regulated professionals such as healthcare professionals, lawyers, notaries, trustees and auditors;
• debt collecting and credit reference agencies;
• fraud prevention agencies.

5. TRANSFERS OF PERSONAL DATA OUTSIDE THE EEA

Where we transfer your data to a country outside the European Economic Area (EEA), where the European Commission has recognised that non-EEA country as providing an adequate level of data protection, your personal data will be transferred on this basis without your specific authorisation.

For transfers to non-EEA countries whose level of protection has not been recognised as adequate by the European Commission, we will either rely on an exemption from a rule or law that is applicable to the specific situation (e.g. if the transfer is necessary to perform our contract with you) or use one of the following safeguards to ensure the protection of your personal data:

• Standard contractual clauses approved by the European Commission; or
• Binding corporate rules (for inter-group transfers), where applicable.

To obtain a copy of these safeguards or details on where they are available, you can send us a written request as set out in Section 9.

6. RETENTION OF YOUR PERSONAL DATA

Your personal data is retained by us in digital format for as long as we need to comply with our legal and regulatory obligations and for the defence of complaints and claims against us. This includes being able to provide evidence in the case of any legal or regulatory investigations, disputes or claims regarding the provision of our products or services to you. In the case of personal information contained in paper format, the document will be recorded in digital format and retained on our systems; the paper format will then be securely destroyed.

7. WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?

In accordance with applicable regulations, you have the following rights:

• to access: you can obtain information relating to the processing of your personal data and a copy of the personal data held.
• to rectify: where you consider that your personal data are inaccurate or incomplete, you can require that such personal data is updated.
• to erase: you can require the deletion of your personal data, to the extent permitted by law.
• to restrict: you can request the restriction of the processing of your personal data.
• to object: you can object to the processing of your personal data, on grounds relating to your particular situation. You have the absolute right to object to the processing of your personal data for direct marketing purposes, which includes profiling related to such direct marketing.
• to withdraw your consent: where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time.
• to data portability: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically possible, transferred to a third party.

If you wish to exercise the rights listed above, please contact us using the details in Section 9 below.

In accordance with data protection legislation, in addition to your rights above, you are also entitled to make a complaint to:

The Information Commissioner’s Office

Head Office:
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Website: https://ico.org.uk/concerns Email: casework@ico.org.uk Tel: 0303 123 1113

Wales:
2nd Floor, Churchill House, Churchill Way, Cardiff CF10 2HH
Email: wales@ico.org.uk Tel: 029 2067 8400

Scotland:
45 Melville Street, Edinburgh EH3 7HL
Email: scotland@ico.org.uk Tel: 0303 123 1115

Northern Ireland:
3rd Floor, 14 Cromac Place, Belfast BT7 2JB
Email: ni@ico.org.uk Tel: 028 9027 8757 or 0303 123 1114

8. FUTURE CHANGES TO THIS DATA PROTECTION NOTICE

In the context of constant technological evolution we may have to update this Data Protection Notice. Please check the latest version of this Data Protection Notice on our website. We will inform you of any changes through our website or through our other usual communication channels with you.

9. CONTACTING US

To exercise your rights or if you have any questions regarding our use of your personal data please contact us at:
Data Protection Correspondent
Pinnacle House, A1 Barnet Way, Borehamwood, Hertfordshire WD6 2XX
Email: data.protection@cardifpinnacle.com

So that we can answer your requests as quickly as possible, please indicate the right(s) you wish to exercise. An acknowledgement of receipt will be provided.

We are required to answer all requests within one month but we are allowed to extend this period by one further month depending on the complexity of the request. We will contact you in writing if we are unable to reply to your request within one month.

If you have a separate enquiry related to the BNP Paribas Group then you may contact the Group’s Data Protection Officer at:
Jérôme Caillaud – Data Protection Officer,
BNP Paribas CARDIF,
8, rue du Port,
92728 Nanterre, France
Email: group_assurance_data_protection_office@bnpparibas.com

 

10. OUR COOKIES POLICY

Cookies are small text files stored on your computer when you visit some web sites. To use our website properly, you need to have cookies enabled. Cookies allow certain information from your web browser to be collected by us, which we use to track visitor use. They do not identify who is using the computer, just the computer being used. Cookies and other similar technology make it easier for you to use our website on future visits.

Browsers can be used to restrict, block or delete cookies. Each browser is different, so check the 'Help' menu of your particular browser (or your mobile telephone's handset manual) to learn how to change your cookie preferences. Please be aware that if you block all cookies, this website (and many others you visit) will cease to work for you.

These are the main types of cookies we use, and what we use them for:

• Social Media Cookies
  For websites used by individual customers, there may be the opportunity to 'share' content with friends through social networks - such as Facebook and Twitter. You may be sent cookies from these websites. We don't control the setting of these cookies, so we suggest you check the third party websites for more information about their cookies and how to manage them.
• Session cookies (sometimes called phpsessid): this type of cookie allows our web servers to respond to your actions on the website, such as moving through online forms or browsing the website. The website wouldn't work for you without it.
• Analytics cookies (sometimes called utma, utmz): these cookies enable the function of Google Analytics or other analytics software. This software helps us take and analyse collective visitor information such as browser usage, new visitor numbers and response to marketing activity. That information is not held at individual customer level and helps us to improve the website and your experience, and to ensure our marketing campaigns are relevant.
• Third party referral cookies (sometimes called drt): these cookies are set by third party companies which refer you to our website or advertise our products. We don't control the setting of these cookies.
• Preferences cookies: these cookies help us recognise you when you return to our website. For example, your language preferences.

Cookies and other connection and tracking data stored on your device are kept for a period of 13 months from their collection date.