Privacy Policy

Section for Credit Union Group insurance customers

What this section covers

This section of our Privacy Policy covers our policies for groups sold to credit unions provided by Covea Insurance plc and Covéa Life Limited. In this case the companies will both be controllers of your personal data.

Definitions used

To help you we have set out here the meaning of certain words and terms used in this section as well as for our products/services.

Disclosure of other people's personal information

Please make anyone whose personal information you have provided to us aware of this Privacy Policy. You must make sure any information you supply about anyone else is accurate and that they’ve agreed to their information being supplied.

How we use your information

We provide insurance to the credit union group that you are a member of. We collect information about you when you make a claim under the insurance policy. We only collect information that is relevant and necessary for us to provide the insurance product and to handle claims made under the insurance policy. The insurance products we provide are Payment Protection insurance; Life insurance; Critical Illness insurance; Income Protection insurance and Debt Waiver insurance.

If you are a beneficiary to a life insurance policy, we collect your information so that you can receive claim settlement.

If you are a witness to an event giving rise to a claim, we collect your information to help us handle the claim.

If you contact us by telephone, we may record calls for training and monitoring purposes to help improve our service and to detect and prevent fraud.

What type of information do we collect?

  • Personal information provided by you, directly or via your credit union:
    • Contact details
    • Date of birth
    • Occupation
    • Employment Status
    • Gender
    • National Insurance Number
    • Where applicable, mortgage account numbers
    • Where applicable, loan account and agreement numbers
  • Financial information provided by you, directly or via your credit union:
    • Payment details
    • Where applicable, details of your lending commitments
    • Where applicable, your income and salary details and any government benefits you receive
      • When you make a claim, we may validate this information with your employer and the Department of Work and Pensions in the United Kingdom or Department of Social Protection in Ireland, depending on where you are located.
    • Transactions and payments made to us for your policy
  • Special Category Data personal information provided by you, directly or via your credit union:
    • Health information including medical conditions and your doctor/hospital details.
  • Information about what you are insuring provided by you, directly or via your credit union:
    • Details about your lending commitments
    • Where applicable, your employment, income and salary details.
  • Information about your insurance history provided by you, directly or via your credit union:
    • Recent quotes for insurance
    • Your insurance history
    • Claims details
  • Information relating to fraudulent or potentially fraudulent activity provided by fraud agencies and databases or collected from publicly available sources of information:
    • History of fraud
    • Indicators of fraudulent behaviour
    • Investigations into fraud
  • Information relating to claims made under the policy provided by third parties in order to validate the claim, such as the police, associations, clubs, companies, etc.

Why we use your information

The information we collect may be used by us, our employees, third party insurers and/or service providers who are acting under our instruction, for the reasons detailed below. We must always have a lawful basis for processing your information. When we process your Special Category Data information or criminal conviction information, we must always have an additional lawful basis.

For each reason for processing your information, we have set out our lawful bases: 

Why do we use your information Our lawful bases for processing

Our legitimate business interest, where applicable

To handle claims made against an insurance policy

  • Registering your claim
  • Assessing your claim
  • Processing payments for your claim
  • Processing reinsurance recoveries

Personal Information:

  • Entering into and the performance of a contract
  • Legitimate interest

Special Category Data Information:

  • Establish, exercise or defend our legal rights
  • Substantial public interest - insurance
  • To undertake checks to validate and settle your claim.

To resolve any complaints you may have

  • Register complaints
  • Manage and resolve complaints

Personal Information:

  • Entering into and the performance of a contract
  • Legitimate interest

Special Category Data Information:

  • Establish, exercise or defend our legal rights
  • Substantial public interest - insurance
  • To investigate and resolve any complaints made.
To recover any debt that you owe to us
  • Recovery of unpaid debts or reimbursement of damages under a contract

Personal Information:

  • Entering into and the performance of a contract
  • Legitimate interest
  • To recover any debt that is owed to us even if we do not hold a contractual relationship with you.

To prevent, detect and investigate fraud or money laundering

  • Investigating suspicions of fraud and money laundering
  • Prosecuting fraud

Personal Information:

  • Legitimate interest

Special Category Data Information:

  • Establish, exercise or defend our legal rights
  • Substantial public interest – preventing or detecting unlawful acts
  • To prevent fraud and money laundering.

For management information purposes and internal analysis of products and services

  • Accounting and financial records, analysis and reporting
  • Audit requirements
  • Legal and professional advice
  • Research into market trends and customer demographics
  • Pricing and underwriting analysis
  • System security and effective operation
Personal Information:
  • Legitimate interest

Special Category Data Information:

  • Substantial public interest – insurance
  • To monitor our business performance and maintain appropriate company records.
  • To develop, manage and improve our products and services.
 

For training purposes to improve your customer experience

  • Assessing customer experiences
  • Developing and improving our customer experience

Personal Information:

  • Legitimate interest

Special Category Data Information:

  • Substantial public interest - insurance
  •  To improve the service we provide to customers.

Insurance Policies

These insurance policies will remain active for as long as your credit union holds an insurance policy with us or until/if you leave your credit union.

Fraud prevention and detection

Making a claim: In certain circumstances where we suspect fraudulent behaviour, we will carry out checks with fraud prevention agencies and databases. We also conduct searches with publicly available sources of information including internet searches and social media searches.

We will keep a record of individuals and any associated investigations to prevent and detect future fraud or money laundering.

If we suspect fraudulent behaviour, we may not be able to accept your claim. We investigate potentially fraudulent claims and where appropriate, we will use surveillance to assist our investigation. We appoint fraud investigation and surveillance suppliers to conduct these investigations on our behalf.

Fraud agencies and databases: When we check your details against fraud prevention agencies and databases, we will use a range of databases and agencies including other insurers' databases. If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies, fraud databases and other insurers. Law enforcement agencies may access and use this information.

We access and use the information recorded by fraud prevention agencies or fraud databases to prevent fraud and money laundering. These checks are done to identify, predict, investigate and evaluate potentially fraudulent behaviour.

We use the following fraud prevention agencies and databases:

  • CIFAS National Fraud Database
  • CUE (Claims and Underwriting Exchange)
  • IFB (Insurance Fraud Bureau)
  • IFIG (Insurance Fraud Investigators Group)
  • IFED (Insurance Fraud Enforcement Department)
  • IFR (Insurance Fraud Register)
  • NFIB (National Fraud Intelligence Bureau)
  • Lexis Nexis
  • NCA (National Crime Agency)
  • OFSI (Office of Financial Sanctions Implementation)

How we share your information

In order to sell, manage and provide our products and services, prevent fraud and comply with legal and regulatory requirements, we may need to share your information with third parties, including:

  • Reinsurers (A reinsurer is a specialist company that we transfer some or all of the insurance risk to (reinsuring).)
  • Our auditors (for management information purposes)
  • Regulators and other industry bodies (A regulator is a body that supervises specific industry or business activity.)
    • Information Commissioner’s Office (ICO)
    • Financial Conduct Authority (FCA)
    • Financial Ombudsman Service service (FOS)
  • Fraud prevention agencies
  • Crime prevention agencies, including the police
  • Suppliers carrying out a service on our, or your behalf:
    • We use computer software and technology suppliers that provide systems, software and technology so that we can offer our products and services.
  • Other insurers, business partners and agents: (These companies are data controllers of your information and you should refer to the relevant company’s privacy policy for how they use your information.)
    • Where applicable, the company you used to purchase the insurance policy.
    • Where applicable, the credit union that you are a member of and that holds the insurance policy.
  • Other UK Covéa Companies:
    • Covea Insurance plc
    • Covéa Life Limited
    • Sterling Client Services Limited
    • Covéa Insurance Services Limited

Marketing

We do not carry out any direct marketing for customers of this product.

International Transfers

We have detailed third parties that we share your information with in the ‘How we share your information’ section. Some of these third parties may be in countries outside of the European Economic Area (EEA).

Under data protection law, when personal information is being transferred outside the EEA, we as data controller, are under an obligation to ensure that such transfers are performed in a manner that ensures that your personal information is adequately protected.

In the event that we transfer your personal information outside of the EEA, we will always put in place adequate safeguards to ensure that your personal information is protected. Adequate safeguards may include placing contractual obligations on the third party that we are transferring your information to or ensuring that the third party is certified to the EU-US Privacy Shield Framework if we are making transfers to third parties located in the United States.

How long we keep your information for

We only keep your information for as long as is necessary in line with the purposes for which we collected your information. We have set out our general retention periods below however in certain circumstances it will be necessary for us to keep your information for longer, for example when we are required to due to legal obligations or to defend or manage legal claims.

If you make a claim under one of your credit union’s policies, we will generally keep your information for 7 years from the expiry date of the policy or from the settlement/closure of the claim, whichever is the latter. This is so that we can administer the contract of insurance and handle claims made against the policy.

The 7 year retention period for Payment Protection insurance policies will only be applied once we reach 29th August 2019 which is the deadline for making claims for being mis-sold Payment Protection insurance.

If we suspect, detect or investigate fraud or money laundering, information will be held on a case by case basis for up to 7 years.

Your rights

Data protection laws give you certain rights. For details of these rights please click here.

How to contact us

We have appointed a Data Protection Officer who is responsible for overseeing how we handle your information. If you have any questions about our Privacy Policy or the information we hold about you please write to us at:

The Data Protection Officer
Covéa Insurance
Norman Place
Reading
RG1 8DA

Or email: dataprotection@coveainsurance.co.uk