Privacy Policy

Section for commercial insurance customers

What this section covers

This section of our Privacy Policy covers our bespoke, executive, small business, property owner, motor trade and motor fleet commercial policies provided by Covea Insurance plc.

Definitions used

To help you we have set out here the meaning of certain words and terms used in this section as well as for our products/services.

Disclosure of other people's personal information

Please make anyone whose personal information you have provided to us aware of this Privacy Policy. You must make sure any information you supply about anyone else is accurate and that they’ve agreed to their information being supplied.

How we use your information

If you have a policy with us or you are considering getting a policy with us, we collect information about you and any joint policyholders when you get a quote for insurance, when you buy or renew an insurance policy from us, when you amend or cancel your insurance policy or when you make a claim under your insurance policy.

If you are claiming under another person’s policy as a third party claimant, we collect information about you when you make a claim under the insurance policy.

If you are a witness to an event giving rise to a claim, we collect your information to help us handle the claim.

We only collect information that is relevant and necessary for us to provide the insurance product and to handle claims made under the insurance policy.

If we speak to you on the telephone, we may record calls for training and monitoring purposes to help improve our service and to detect and prevent fraud.

What type of information do we collect?

  • Personal information provided by you and anyone named on the policy, directly or via the company who sold you the policy:
    • Contact details
    • Date of birth
    • Occupation
  • Financial information provided by you, directly or via the company who sold you the policy:
    • Payment details
    • Details of County Court Judgments, bankruptcy, insolvency, debt relief orders, liquidation and independent and company voluntary arrangements to repay debts.
    • Transactions and payments made to us for your policy
  • Sensitive information provided by you, directly or via the company who sold you the policy:
    • Criminal convictions and offences
    • Health information including medical conditions and if applicable, associated restrictions on your driving licence
  • Information about what you are insuring and the cover you require provided by you, directly or via the company who sold you the policy:
    • The commercial property or business that you are insuring
    • The commercial vehicles you are insuring
  • Information about your insurance history provided by you, directly or via the company who sold you the policy:
    • Recent quotes for insurance
    • Your insurance history
    • Claims details
  • Information relating to fraudulent or potentially fraudulent activity provided by fraud agencies and databases or collected from publicly available sources of information:
    • History of fraud
    • Indicators of fraudulent behaviour
    • Investigations into fraud
  • Your credit information provided by credit reference agencies:
    • Your credit history and score
    • Details of any unsecured loans, outstanding amounts and any defaulted payments
    • Information on the electoral register
  • In addition to the information above, we also collect information from third parties to assist us in assessing your insurance risk. Some of this information is publically available such as police crime information, fire response information, census information, information from the Land Registry and National Statistics. Where applicable, we collect information about you and your property from CACI Ltd and Experian, flood data from JBA Risk Management and subsidence data from Business Insight Ltd. Where applicable, we also collect information regarding your vehicle from HPI Ltd.

Why we use your information

The information we collect may be used by us, our employees and third party insurers and/or service providers who are acting under our instruction, for the reasons detailed below. We must always have a lawful basis for processing your information. When we process your sensitive information, we must always have an additional lawful basis.

For each reason for processing your information, we have set out our lawful bases: 

Why do we use your information Our lawful bases for processing

Our legitimate business interest, where applicable

To provide you with a quote

  • Assessing your application for insurance and, if we can, the price and other terms we can offer

Personal Information:

  • Entering into and the performance of a contract
  • Legitimate interest

Sensitive Information:

  • Substantial public interest - insurance
  • To price our products based on your insurance risk and to set policy acceptance parameters to determine when we want to insure certain risks.

To administer and manage your insurance policy

  • Administering the purchase of your policy
  • Managing your policy
  • Processing your insurance premiums
  • Arranging the renewal, cancellation or lapse of your policy

Personal Information:

  • Entering into and the performance of a contract
  • Legitimate interest

Sensitive Information:

  • Establish, exercise or defend our legal rights
  • Substantial public interest - insurance
  • To price our products based on your insurance risk and to set policy acceptance parameters to determine when we want to insure certain risks.

To handle claims made against an insurance policy

  • Registering your claim
  • Assessing your claim
  • Processing payments for your claim
  • Processing reinsurance recoveries

Personal Information:

  • Entering into and the performance of a contract
  • Legitimate interest

Sensitive Information:

  • Establish, exercise or defend our legal rights
  • Substantial public interest - insurance
  • To undertake checks to validate and settle your claim.

To resolve any complaints you may have

  • Register complaints
  • Manage and resolve complaints

Personal Information:

  • Entering into and the performance of a contract
  • Legitimate interest

Sensitive Information:

  • Establish, exercise or defend our legal rights
  • Substantial public interest - insurance
  • To investigate and resolve any complaints made.
To recover any debt that you owe to us
  • Recovery of unpaid debts or reimbursement of damages under a contract

Personal Information:

  • Entering into and the performance of a contract
  • Legitimate interest
  • To recover any debt that is owed to us even if we do not hold a contractual relationship with you.

To conduct credit reference checks and to assess your application for credit

  • Verifying your identity
  • Making decisions about credit
 Personal Information:
  • Entering into and the performance of a contract
  • Legitimate interest
  • To check the details you provide to verify your identity.
  • To check your ability to afford the finance you are purchasing.
 

To prevent, detect and investigate fraud or money laundering

  • Investigating suspicions of fraud and money laundering
  • Prosecuting fraud

Personal Information:

  • Legitimate interest

Sensitive Information:

  • Substantial public interest – preventing or detecting unlawful acts
  • To prevent fraud and money laundering.

For management information purposes and internal analysis of products and services

  • Accounting and financial records, analysis and reporting
  • Audit requirements
  • Legal and professional advice
  • Research into market trends and customer demographics
  • Pricing and underwriting models and analysis
  • System security and effective operation
 Personal Information:
  • Legitimate interest

Sensitive Information:

  • Substantial public interest – insurance
  • To monitor our business performance and maintain appropriate company records.
  • To develop, manage and improve our products and services.
  • To build and refine our pricing models and ensure we are accurately pricing our products.
 

For training purposes to improve your customer experience

  • Assessing customer experiences
  • Developing and improving our customer experience

Personal Information:

  • Legitimate interest

Sensitive Information:

  • Substantial public interest - insurance
  •  To improve the service we provide to customers.

Insurance Policy Renewals

For all of our annual policies, we will contact you prior to your policy expiration date with details of whether we can provide you with another insurance policy and the price of the policy, if you choose to stay with us.

Some of our policies will automatically renew so that you have continuity of cover. This means you need to contact us advising that you do not wish to renew otherwise the policy will automatically renew. We will always make it clear in your renewal letter if this will happen and we will always give you enough time to notify us of the lapse of your policy.

Fraud prevention and detection

Applying for a quote and holding an insurance policy with us: If you apply for a quote and/or take out an insurance policy with us, we will carry out checks with fraud prevention agencies and databases. This helps us to prevent and detect fraud and money laundering.

If we suspect fraudulent behaviour, we may not offer you insurance or we may void your policy.

We will keep a record of individuals and any associated investigations to prevent and detect future fraud or money laundering.

Making a claim: If you make a claim against one of our insurance policies, we will carry out checks with fraud prevention agencies and databases. This helps us to prevent and detect fraud and money laundering.

If we suspect fraudulent behaviour, we may not be able to accept your claim. We investigate potentially fraudulent claims and where appropriate, we will use surveillance to assist our investigation. We appoint fraud investigation and surveillance suppliers to conduct these investigations on our behalf. We also conduct searches with publicly available sources of information including internet searches and social media searches.

We will keep a record of individuals and any associated investigations to prevent and detect future fraud or money laundering.

Fraud agencies and databases: To prevent and detect fraud, we check your details against a range of databases and agencies including other insurers' databases. If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies, fraud databases and other insurers. Law enforcement agencies may access and use this information.

We access and use the information recorded by fraud prevention agencies or fraud databases to prevent fraud and money laundering. These checks are done to identify, predict, investigate and evaluate potentially fraudulent behaviour.

We use the following fraud prevention agencies and databases:

  • CIFAS National Fraud Database
  • CUE (Claims and Underwriting Exchange)
  • IFB (Insurance Fraud Bureau)
  • IFIG (Insurance Fraud Investigators Group)
  • IFED (Insurance Fraud Enforcement Department)
  • IFR (Insurance Fraud Register)
  • NFIB (National Fraud Intelligence Bureau)
  • Lexis Nexis
  • NCA (National Crime Agency)
  • OFSI (Office of Financial Sanctions Implementation)
  • Motor Insurance Database
  • MIAFTR (Motor Insurance Anti-Fraud and Theft Register)
  • DVLA (Driver and Vehicle Licensing Agency)

You can get more information about the CIFAS National Fraud Database here.

Credit checks with credit reference agencies

We will perform credit and identity checks on you with one or more credit reference agencies (CRAs) in the following circumstances:

  • When you apply for an insurance quote with us;
  • Prior to renewals on all existing policyholders;
  • When you apply for credit from us.

To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.

We will use this information to:

  • Assess your creditworthiness and whether you can afford to take the product;
  • Verify the accuracy of the data you have provided to us;
  • Prevent criminal activity, fraud and money laundering;
  • Manage your account(s);
  • Trace and recover debts; and
  • Ensure any offers provided to you are appropriate to your circumstances.

We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.

When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.

If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.

Credit reference agency contact details:

The identities of the CRAs that we use, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail by following the links provided:

Transunion Information Group Limited - www.transunion.co.uk/crain  

Creditsafe UK - www.creditsafe.com/ie/en/legal/privacy-policy

Automated Decisions

Some of our reasons for processing will involve automated decision making. These decisions are set out below. You have a right to obtain human intervention for any of our automated decisions. If you object to an automated decision, we may not be able to offer you an insurance quotation or renewal.

Offering an insurance policy and pricing: We, directly or via the company who sold you the policy, ask you a series of questions when you obtain a quote for insurance from us. This is so we can understand the insurance risk that we are being asked to consider and make an underwriting assessment and decision. The information you provide along with other information helps us to decide whether we can offer you a quote and the price you will need to pay for insurance.

We use lots of factors to assess whether we can provide insurance cover, the price of your policy and any other terms of your policy. These factors include, but are not limited to, your business or profession, the value of your commercial building or equipment, your geographical location, claims history, the past performance of the insurance product, flood and subsidence postcode risk areas, etc.

Based on this information, an automated decision will be produced on acceptability of cover, the price you will need to pay for your policy and any other terms we need to apply.

Credit checks: When we carry out credit checks, an automated score is produced by the credit reference agency. We use this to assess the terms and price on which cover may be offered, verify your identity and prevent and detect fraud.

Flood and subsidence checks: When you take out insurance for a building, we carry out checks to find out if the building may be prone to flooding or subsidence. These checks produce an automated score which we use when underwriting, including pricing your policy and deciding whether we can accept the insurance risk.

Use of Artificial Intelligence (AI)

Your information may be used in processes and systems that use AI, for instance in a Chatbot system or in some pricing, underwriting or fraud prevention models. Prior to deploying any such system a full analysis will be done on the impact on an individuals’ data protection rights, and to manage the risks of any bias arising from implementation.

How we share your information

In order to sell, manage and provide our products and services, prevent fraud and comply with legal and regulatory requirements, we may need to share your information with third parties, including:

  • Reinsurers (A reinsurer is a specialist company that we transfer some or all of the insurance risk to (reinsuring).)
  • Our auditors (for management information purposes)
  • Regulators and other industry bodies (A regulator is a body that supervises specific industry or business activity.)
  • Information Commissioner’s Office (ICO)
  • Financial Conduct Authority (FCA)
  • Financial Ombudsman Service service (FOS)
  • Fraud prevention agencies
  • Crime prevention agencies, including the police
  • Suppliers carrying out a service on our, or your behalf:
    • We use computer software and technology suppliers that provide systems, software and technology so that we can offer our products and services.
    • For some businesses, we use surveyors to understand the business risk we are being asked to insure and to highlight any required improvements to reduce the business risk.
    • For some claims, we appoint a relevant valuation supplier to assess the value of your business.
    • For some claims, we appoint a loss adjustor to assess the damage.
    • For some claims, we will agree to restore, reinstate or replace damage to your commercial buildings. We appoint specialist companies to carry out restorations, reinstatements and replacements.
    • If you are making an overseas claim, we will instruct appropriate local suppliers when required so that we can handle your claim.
    • We use call centres to support some of our telephone helplines outside of normal working hours so that you can always contact us about your claim.
  • Other insurers, business partners and agents: (These companies are data controllers of your information and you should refer to the relevant company’s privacy policy for how they use your information.)
    • Where applicable, legal expenses cover provided by Cigna Insurance Services (Europe) Limited, DAS Legal Expenses Insurance Company Limited or MSL Legal Expenses Limited.
    • Where applicable, engineering cover provided by HSB Engineering Insurance Limited.
    • Where applicable, cyber security cover provided by HSB Engineering Insurance Limited.
    • Where applicable, the company you used to purchase the insurance policy.
    • We share information with Claims Underwriting Exchange (CUE) to help us and other insurers identify non-disclosure, concurrent claims activity and prevent fraud.
  • Other UK and EU based Covea and parent companies
  • In the event of a merger or acquisition or sale or transfer of any of our business or assets, your personal information may be disclosed to the prospective buyer or other party involved. Your information will only be used by them upon transfer to fulfil the original purpose for which it was collected, and you will be made fully aware of the details of the transfer.

Motor Policies: Motor Insurance Database

We work in partnership with the Motor Insurers’ Bureau (MIB) and associated not-for-profit companies who provide several services on behalf of the insurance industry. At every stage of your insurance journey, the MIB will be processing your personal information and more details about this can be found via their website: mib.org.uk. Set out below are brief details of the sorts of activity the MIB undertake: 

  • Checking your driving licence number against the DVLA driver database to obtain driving licence data (including driving conviction data) to help calculate your insurance quote and prevent fraud
  • Checking your ‘No Claims Bonus’ entitlement and claims history
  • Prevent, detect and investigate fraud and other crime, including, by carrying out fraud checks
  • Maintaining databases of:
    • Insured vehicles (Motor Insurance & Policy Data or Motor Insurance Database)
    • Vehicles which are stolen or not legally permitted on the road (Vehicle Salvage & Theft Data or MIAFTR)
    • Motor, personal injury and home claims (CUE)
    • Employers’ Liability Insurance Policies (Employers’ Liability Database)

Policies with Employers' Liability Cover: Employers' Liability Tracing Office

If you have employers’ liability cover, unless you are exempt, the law requires us to obtain your Employer Reference Number (ERN) and add your information to the Employers’ Liability Tracing Office (ELTO) Database.

The information that is shared includes, but is not limited to, your policy number(s), employers’ names and addresses (including subsidiaries and any relevant changes of name), coverage dates, employer’s reference numbers provided by Her Majesty’s Revenue and Customs and Companies House Reference Numbers (if relevant).

This information will be made available in a specified and readily accessible form as required by the Employers’ Liability Insurance: Disclosure by Insurers Instrument 2010. This information will be subject to regular periodic updating and certification and will be audited on an annual basis.

The Database will assist individual consumer claimants who have suffered an employment related injury or disease arising out of their course of employment in the UK for employers carrying on, or who carried on, business in the UK and who are covered by the employers’ liability insurance of their employers, (the Claimants):

  • To identify which insurer (or insurers) was (or were) providing employers’ liability cover during the relevant periods of employment; and
  • To identify the relevant employers’ liability insurance policies.

The Database is managed by the ELTO.

The Database and the data stored on it may be accessed and used by the claimants, their appointed representatives, insurers with potential liability for UK commercial lines employers’ liability insurance cover and any other persons or entities permitted by law.

Marketing

We do not carry out any direct marketing for customers of this product.

International Transfers

We have detailed third parties that we share your information with in the ‘How we share your information’ section. Some of these third parties may be in countries outside of the European Economic Area (EEA) or other countries that have not been given a Data Protection Adequacy Decision by the UK Government.

Under data protection law, when personal information is being transferred to a country not deemed Adequate by the UK government. We as data controller, are under an obligation to ensure that such transfers are performed in a manner that ensures that your personal information is adequately protected.

In the event that we transfer your personal information to such a country, we will always put in place adequate additional safeguards to ensure that your personal information is protected, such as placing contractual obligations on the third party that we are transferring your information to.

There may be some circumstances where we will be required to transfer your information outside of the EEA or other adequate countries and we will rely on it being necessary for the performance of your insurance contract. For example, claims made abroad where we need to instruct a local supplier so that we can handle your claim.

How long we keep your information for

We only keep your information for as long as is necessary, in line with the purposes for which we collected your information. We have set out our general retention periods below however in certain circumstances it will be necessary for us to keep your information for longer, for example when we are required to due to legal obligations or to defend or manage legal claims.

If you get a quote from us but do not take up the policy, we will keep your information for 13 months to support customers returning in the near future and to prevent and detect fraud. If the quote is linked to fraud, we will keep your information for up to 4 years from the expiry date of the quote.

In most cases, we will keep your information for 7 years from the expiry date of the policy or from the settlement/closure of the claim, whichever is the latter. This is applicable if you get a quote from us and you buy the policy, if you have a policy with us, if you make a claim under one of our policies (including if you are a third party claimant) or if you are a witness to an event giving rise to a claim under one of our policies. This is so that we can administer the contract of insurance and handle claims made against the policy.

There are some exceptions to this, for example, we need to keep the information relating to employers’ liability cover for 61 years; for property subsidence claims, we need to keep the information for 15 years; and for policies with public and/or products and/or property owners liability, we need to keep the information for 21 years and 3 months after the expiry date of the policy. This is so that we can handle potential future claims and meet our legal requirements.

If we suspect, detect or investigate fraud or money laundering, information will be held on a case by case basis for up to 7 years.

We will keep any call recordings, chatbot transcripts and other forms of electronic communications for up to 7 years in line with the above policy, subject to storage capacity limitations.

Your rights

Data protection laws give you certain rights. For details of these rights please click here.

How to contact us

We have appointed a Data Protection Officer who is responsible for overseeing how we handle your information. If you have any questions about our Privacy Policy or the information we hold about you please write to us at: dataprotection@coveainsurance.co.uk.