1. Who we are and our approach to customer’s privacy
If a customer wants to know more about Openstart Ltd go to www.openstart.co.uk The privacy and security of customer’s personal information is very important to us so we want to assure a customer that customer’s information will be properly managed and protected whilst in our hands. Please read this notice carefully as it explains how we and/or carefully selected third parties we work with, collect and use customer’s personal information. A customer can ask for further information about our use of customer’s personal information or complain about its use, by contacting our Data Controller at: Openstart Ltd, 50a Overdale Road, Northfields, London W5 4TT.
2. What information do we collect and where do we get it from?
In order for us to provide our services to a customer and to manage those services we will ask a customer to share customer’s personal information with us. The circumstances in which we use customer’s information, the reasons why we ask for it and details of how we will use it are explained in section 3 of this notice. The information we collect about a customer varies depending on customer’s particular circumstances and requirements and may include, for example:
- General information about a customer such as customer’s name, address, contact details and date of birth;
- Information about what and/or who a customer wants to insure, such as vehicle details and named drivers, customer’s home.
- Customer’s claims and credit history;
- Financial details, such as bank account and card details;
- Sensitive personal information, such as customer’s health and criminal convictions;
We may collect personal information from the following sources:
- A customer or someone connected to a customer as part of a quotation or claim;
- Publicly available sources of information, such as social media and networking sites;
- Third party databases where a customer has given customer’s permission to share information with a third party like us. For more information about these sources, please contact the Data Protection Officer using the details set out in section 1 of this notice;
If a customer has provided information to us about someone else, a customer would have confirmed that a customer has the consent of these individuals to share their personal information with us. A customer should share this privacy notice with all individuals whose personal information a customer has shared with us as it may also apply to them.
3. Why do we collect this information and how will we use it?
We and/or our carefully selected third parties may collect and use customer’s personal information under the following circumstances or for the following reasons:
a) To provide a customer services relating to an insurance quotation and/or insurance policy such as:
- Assessing customer’s insurance application and arranging customer’s insurance policy, such as checking databases showing driving licence records;
- Managing customer’s insurance policy including claims handling and issuing policy documentation to a customer; The collection and use of information such as customer’s name, address, date of birth, claims history, what/who a customer would like to insure, medical conditions and conviction details for motor insurance is necessary to provide a customer with a quotation and/or policy. Without this information, we will be unable to assess customer’s application and/or provide claims services.
b) Where we have a justifiable reason, such as:
- Keeping records about a customer and our correspondence with a customer as well as customer’s current insurance policies and history of insurance claims. This is so that we can appropriately and effectively manage our relationship with a customer as well as satisfy any legal and regulatory obligations we may have to keep such records.
- Preventing and detecting fraud, financial crime and anti money-laundering. We may use customer’s personal information to prevent fraud and in doing so may:
- Collect personal information about a customer from databases as described in this notice and from publicly available sources (such as social media and networking sites);
- Check customer’s personal information against databases including databases showing driving licence records;
- Share customer’s personal information with operators or registers available to the insurance industry to check information a customer provides. These include the Claims and Underwriting Exchange Register and Motor Insurance Anti-Fraud and Theft Register. We may pass information relating to customer’s insurance policy and any incident to the operators of these registers, their agents and suppliers;
- Use any personal information obtained about a customer, or anyone a customer has provided us information about, to carry out the above profiling activity as part of our investigations into fraudulent behaviour. Should fraud be identified as a result of such profiling activity, this could result in the rejection of an application for insurance, a claim and/or voidance of customer’s policy.
- Using information collected from databases we use together with the personal information a customer gives us, to help us to improve and develop our internal databases and systems (such as those used for assessing the risks we insure and communicating with a customer) in order to improve the products and services we offer. For more information about how we communicate our products and services, please refer to section 4 of this notice.
- We may anonymise and combine the information a customer has given us to understand more about a customer, create new products and services as well as helping us with our marketing.
c) A customer has given us customer’s permission:
- To use customer’s sensitive personal information in order to provide a customer with a quotation, price and/or the services set out in customer’s policy documents for example: handling claims. Where a customer has provided sensitive personal information about someone connected to a customer, for example named drivers, a customer would have confirmed that a customer have their permission to share this information with us;
d) For details about how we use customer’s information to communicate our similar products and/or services, customer’s use of our websites and email communications, please refer to section 4 of this notice. We may share customer’s information with third parties in order to carry out the above activities. For further details about who we might share customer’s information with, please refer to section 5 of this notice.
4. How we communicate with a customer about our similar products and services and information about customer’s use of our websites
We will contact a customer, in order to communicate our products and/or services to a customer which we believe may be of interest to a customer. This activity is only applicable to Openstart Ltd There may be times when we will require customer’s permission to provide information about products and services to a customer, such as:
- Where the product or service is not similar to those that we currently provide to a customer but we believe a customer may be interested in it; or
- When a customer has opted out of us sending details of or contacting a customer in relation to the products and services we offer.
We may communicate with a customer by post, email, SMS, telephone and/or digital methods such as social media and online advertising, unless a customer has told us a customer do not want us to. Where a customer no longer holds an agreement with us or we have provided a customer with a quote in the past, we will keep a customer informed about our products and services for a period of up to 3 years if contacting a customer by telephone or for up to 5 years if contacting a customer via other means.
We may look to develop and enhance the information we hold about a customer with the aim of improving our product and service offerings and how we communicate these to a customer, where a customer has given us permission or where we believe that our products and service may be of interest to a customer. We may collect personal information about a customer or share customer’s information with carefully selected third party databases which, when combined with the personal information a customer has given us, helps us to target and tailor communications which we believe may be more relevant to a customer. For further information about the third party databases we use, please contact the Data Protection Officer using the details set out in section 1 of this notice. We may also contact a customer if a customer fails to complete an online quotation to see if we can offer a customer any help with this. A customer can ask us to stop contacting a customer about our products and services by:
- Email – Info@openstart.co.uk
- Post – Openstart Ltd. 50a Overdale Road, Northfields, London W5 4TT.
Use of customer’s personal information when using our websites and email communications:
When a customer visit one of our websites we may collect information from a customer such as, customer’s email address, IP address and other online identifiers. This helps us to track unique visits and monitor patterns of customer website traffic, such as who visits and why they visit. We use third parties to collate IP addresses to help us understand our Internet traffic data and data regarding customer’s browser type and computer.
Internet browsers normally accept cookies by default, although it is possible to set a browser to reject cookies. We will ask customer’s permission before using any cookie that is not essential to the email or the use of the website. However, refusing to accept cookies may restrict customer’s use of our website and/or delay or affect the way in which our website operates. Further information about cookies. The open nature of the internet is such that data may flow over networks without security measures, and may be accessed and used by people other than those for whom the data is intended. Whilst this is outside of our control, we do take the protection of customer’s information very seriously and aim to apply appropriate levels of security at all times.
5. Who might we share customer’s information with?
We may share customer’s personal information with:
- Insurers, business partners, agents or carefully selected third parties providing a service to us or on our behalf, such as: processing our mail, communicating with customers on our behalf via social media, providing IT systems and administrative services, claims handling services and the development and improvement of our internal databases
- Organisations that have a specific role laid out in law such as statutory bodies, regulatory authorities and other authorised bodies;
- Fraud prevention agencies and operators of registers to check information and prevent fraud. This is outlined in more detail under section 3 of this privacy notice;
- Credit reference agencies to check customer’s credit history. This check will be recorded on customer’s credit reference file without affecting customer’s ability to apply for credit or other financial products;
- Third parties we use to recover money a customer may owe us or to whom we may sell customer’s debt;
- Another company, if our business or part of it is bought or taken over by that company to ensure customer’s insurance policy can continue to be serviced or as part of preliminary discussions with that company about a possible sale or take over;
- Other companies when we are trialling their products and services which we consider may improve our services to a customer or our business processes;
- Other third parties if a customer have given us customer’s permission to do so or there is sufficient reason to believe they are acting on customer’s behalf.
Unless required by law, we would never share customer’s personal data without the appropriate and necessary care and safeguards being in place.
6. How long will we keep customer’s information?
We will keep customer’s information only for as long as is reasonably necessary for the purposes set out in this privacy notice and to fulfil our legal and regulatory obligations. For further information about how long we will keep customer’s information, please contact the Data Controller using the contact details outlined in section 1 of this notice.
7. Use and storage of customer’s information overseas
The personal information we and our carefully selected third parties collect from a customer may be transferred to, stored and processed outside the European Economic Area (EEA). We or our service providers may use cloud based computer systems (i.e. network of remote servers hosted on the internet which process and store customer’s information) to which foreign law enforcement agencies may have the power to require access. We will not transfer customer’s information outside the EEA unless it was to a country our information regulator has assessed as having adequate data protection laws, or we had taken all reasonable steps to ensure the firm has the necessary privacy and security controls in place to protect customer’s information as if it were in the EEA. Our contracts with these firms will detail the necessary requirements to ensure customer’s information is protected. We will assess these firm’s security arrangements from time to time ensuring that they are only using customer’s information as agreed. Should a customer wish to obtain further information about the safeguards we have in place, please contact the Data Protection Officer whose contact details are outlined in section 1 of this notice.
8. How will we deal with others acting on customer’s behalf?
To help manage customer’s insurance policy we will deal with individuals a customer nominates, including third parties we reasonably believe to be acting on customer’s behalf provided they are able to answer our security questions. However, for customer’s protection, we will need to speak to a customer directly, customer’s legal representative, someone a customer has nominated and given us permission to discuss customer’s personal details, or power of attorney should a customer require changes to customer’s contact address, policy coverage or to cancel the policy.
9. Customer’s rights
A customer has a number of rights concerning the personal information we use, these include the right to:
- Ask for access to and a copy of customer’s personal information;
- Ask us to correct or delete the personal information;
- Ask us to restrict or object to the use of customer’s personal information at any time;
- Where a customer has previously given us customer’s permission to use customer’s personal information, withdraw that permission. Where customer’s permission is withdrawn, customer’s previous consent will remain valid in respect of our use of customer’s information prior to the date a customer withdrew it, or if any marketing material has been sent prior to a customer advising that a customer do not wish us to contact a customer again;
- Complain to the Information Commissioner’s Office at any time if a customer object to the way we use customer’s personal information. For more information please go to www.ico.org.uk;
- Object to an automated decision including profiling. For details about the profiling activity we undertake, please refer to section 3 of this notice.
- A right “to be forgotten”. This means the customer can ask for the information we hold on them to be deleted from our records but this will mean we will be unable to continue the customer’s insurance arrangements.
To discuss customer’s rights or make a request, please contact the Data Controller using the details outlined in section 1 of this notice.
Please note that in some cases even when a customer makes a request concerning customer’s personal information, we may not be required, or may not be able, to honour it as this may result in us not being able to fulfil our legal and regulatory obligations or there is a minimum statutory period of time for which we have to keep a customer information. If this is the case, then we will let a customer know our reasons.