Privacy Policy
Section for payment protection insurance customers
What this section covers
This section of our Privacy Policy covers our payment (including mortgages, credit cards, loans, motor and retail finance) protection policies. If your policy includes life cover then this element is provided by Covéa Life Limited all other elements of cover are provided by Covea Insurance plc.
Definitions used
To help you we have set out here the meaning of certain words and terms used in this section as well as for our products/services.
Disclosure of other people's personal information
Please make anyone whose personal information you have provided to us aware of this Privacy Policy. You must make sure any information you supply about anyone else is accurate and that they’ve agreed to their information being supplied.
How we use your information
If you have a policy with us or you are considering getting a policy with us, we collect information about you and any joint policyholders when you get a quote for insurance, when you buy or renew an insurance policy from us, when you amend or cancel your insurance policy or when you make a claim under your insurance policy.
If you are claiming under another person’s policy as a third party claimant, we collect information about you when you make a claim under the insurance policy.
If you are a witness to an event giving rise to a claim, we collect your information to help us handle the claim.
We only collect information that is relevant and necessary for us to provide the insurance product and to handle claims made under the insurance policy.
If we speak to you on the telephone, we may record calls for training and monitoring purposes to help improve our service and to detect and prevent fraud.
What type of information do we collect?
- Personal information provided by you, directly or via the company who sold you the policy:
- Contact details
- Date of birth
- Occupation
- Employment Status
- Gender
- National Insurance Number
- Mortgage account numbers
- Loan account and agreement numbers
- Financial information provided by you, directly or via the company who sold you the policy:
- Payment details
- Details of your lending commitments
- Transactions and payments made to us for your policy
- Sensitive information provided by you, directly or via the company who sold you the policy:
- Health information including medical conditions and your doctor/hospital details.
- Information about what you are insuring provided by you, directly or via the company who sold you the policy:
- Details about your lending commitments
- Information about your insurance history provided by you, directly or via the company who sold you the policy:
- Recent quotes for insurance
- Your insurance history
- Claims details
- Information relating to fraudulent or potentially fraudulent activity provided by fraud agencies and databases or collected from publicly available sources of information:
- History of fraud
- Indicators of fraudulent behaviour
- Investigations into fraud
- Information relating to claims made under the policy provided by third parties in order to validate the claim, such as the police, associations, clubs, companies, etc.
Why we use your information
The information we collect may be used by us, our employees and third party insurers and/or service providers who are acting under our instruction, for the reasons detailed below. We must always have a lawful basis for processing your information. When we process your sensitive information, we must always have an additional lawful basis.
For each reason for processing your information, we have set out our lawful bases:
Why do we use your information | Our lawful bases for processing |
Our legitimate business interest, where applicable |
---|---|---|
To provide you with a quote
|
Personal Information:
Sensitive Information:
|
|
To administer and manage your insurance policy
|
Personal Information:
Sensitive Information:
|
|
To handle claims made against an insurance policy
|
Personal Information:
Sensitive Information:
|
|
To resolve any complaints you may have
|
Personal Information:
Sensitive Information:
|
|
To recover any debt that you owe to us
|
Personal Information:
|
|
To prevent, detect and investigate fraud or money laundering
|
Personal Information:
Sensitive Information:
|
|
For management information purposes and internal analysis of products and services
|
Personal Information:
Sensitive Information:
|
|
For training purposes to improve your customer experience
|
Personal Information:
Sensitive Information:
|
|
Insurance Policies
These insurance policies will remain active until you reach the age restriction stated on your policy document, the end of term selected by you at the start date or you can cancel at any time by contacting us.
Fraud prevention and detection
Applying for a quote, holding an insurance policy with us and making a claim: In certain circumstances where we suspect fraudulent behaviour, we will carry out checks to help us to prevent and detect fraud and money laundering. Some of the checks we carry out are with fraud prevention agencies and databases. We also conduct searches with publicly available sources of information including internet searches and social media searches.
We will keep a record of individuals and any associated investigations to prevent and detect future fraud or money laundering.
If we suspect fraudulent behaviour, we may not offer you insurance, we may void your policy or we may not be able to accept your claim. We investigate potentially fraudulent claims and where appropriate, we will use surveillance to assist our investigation. We appoint fraud investigation and surveillance suppliers to conduct these investigations on our behalf.
Fraud prevention agencies and databases: When we check your details against fraud prevention agencies and databases, we will use a range of databases and agencies including other insurers' databases. If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies, fraud databases and other insurers. Law enforcement agencies may access and use this information.
We access and use the information recorded by fraud prevention agencies or fraud databases to prevent fraud and money laundering. These checks are done to identify, predict, investigate and evaluate potentially fraudulent behaviour.
We use the following fraud prevention agencies and databases:
- CIFAS National Fraud Database
- CUE (Claims and Underwriting Exchange)
- IFB (Insurance Fraud Bureau)
- IFIG (Insurance Fraud Investigators Group)
- IFED (Insurance Fraud Enforcement Agency)
- IFR (Insurance Fraud Register)
- NFIB (National Fraud Intelligence Bureau)
- NCA (National Crime Agency)
- OFSI (Office of Financial Sanctions Implementation)
- Lexis Nexis
You can get more information about the CIFAS National Fraud Database here.
Automated Decisions
Some of our reasons for processing will involve automated decision making. These decisions are set out below. You have a right to obtain human intervention for any of our automated decisions. If you object to an automated decision, we may not be able to offer you an insurance quotation or renewal.
Offering an insurance policy and pricing: We, directly or via the company who sold you the policy, ask you a series of questions when you obtain a quote for insurance from us. This is so we can understand the insurance risk that we are being asked to consider and make an underwriting assessment and decision. The information you provide along with other information helps us to decide whether we can offer you a quote and the price you will need to pay for insurance.
We use lots of factors to assess whether we can provide insurance cover, the price of your policy and any other terms of your policy. These factors include, but are not limited to, your age, your lending commitments, your geographical location, claims history, the past performance of the insurance product, etc.
Based on this information, an automated decision will be produced on acceptability of cover, the price you will need to pay for your policy and any other terms we need to apply.
Use of Artificial Intelligence (AI)
Your information may be used in processes and systems that use AI, for instance in a Chatbot system or in some pricing, underwriting or fraud prevention models. Prior to deploying any such system a full analysis will be done on the impact on an individuals’ data protection rights, and to manage the risks of any bias arising from implementation.
How we share your information
In order to sell, manage and provide our products and services, prevent fraud and comply with legal and regulatory requirements, we may need to share your information with third parties, including:
- Reinsurers (A reinsurer is a specialist company that we transfer some or all of the insurance risk to (reinsuring)).
- Our auditors (for management information purposes)
- Regulators and other industry bodies (A regulator is a body that supervises specific industry or business activity.)
- Information Commissioner’s Office (ICO)
- Financial Conduct Authority (FCA)
- Financial Ombudsman Service (FOS)
- Fraud prevention agencies
- Crime prevention agencies, including the police
- Suppliers carrying out a service on our, or your behalf:
- We use computer software and technology suppliers that provide systems, software and technology so that we can offer our products and services.
- Other insurers, business partners and agents: (These companies are data controllers of your information and you should refer to the relevant company’s privacy policy for how they use your information.)
- Where applicable, the company you used to purchase the insurance policy.
- Where applicable, the credit union that you are a member of and that holds the insurance policy.
- Other UK and EU based Covea and parent companies.
- In the event of a merger or acquisition or sale or transfer of any of our business or assets, your personal information may be disclosed to the prospective buyer or other party involved. Your information will only be used by them upon transfer to fulfil the original purpose for which it was collected, and you will be made fully aware of the details of the transfer.
Marketing
We do not carry out any direct marketing for customers of this product.
International Transfers
We have detailed third parties that we share your information with in the ‘How we share your information’ section. Some of these third parties may be in countries outside of the European Economic Area (EEA) or other countries that have not been given a Data Protection Adequacy Decision by the UK Government.
Under data protection law, when personal information is being transferred to a country not deemed Adequate by the UK government. We as data controller, are under an obligation to ensure that such transfers are performed in a manner that ensures that your personal information is adequately protected.
In the event that we transfer your personal information to such a country, we will always put in place adequate additional safeguards to ensure that your personal information is protected, such as placing contractual obligations on the third party that we are transferring your information to.
How long we keep your information for
We only keep your information for as long as is necessary in line with the purposes for which we collected your information. We have set out our general retention periods below however in certain circumstances it will be necessary for us to keep your information for longer, for example when we are required to due to legal obligations or to defend or manage legal claims.
If you get a quote from us but do not take up the policy, we will keep your information for 13 months to support customers returning in the near future and to prevent and detect fraud. If the quote is linked to fraud, we will keep your information for up to 4 years from the expiry date of the quote.
In most cases, we will keep your information for 7 years from the expiry date of the policy or from the settlement/closure of the claim, whichever is the latter. This is applicable if you get a quote from us and you buy the policy, if you have a policy with us, if you make a claim under one of our policies (including if you are a third party claimant) or if you are a witness to an event giving rise to a claim under one of our policies. This is so that we can administer the contract of insurance and handle claims made against the policy.
The 7 year retention period will only start once we reach 29th August 2019 which is the deadline for making claims for being mis-sold Payment Protection insurance.
If we suspect, detect or investigate fraud or money laundering, information will be held on a case by case basis for up to 7 years.
We will keep any call recordings, chatbot transcripts and other forms of electronic communications for up to 7 years in line with the above policy, subject to storage capacity limitations.
Your rights
Data protection laws give you certain rights. For details of these rights please click here.
How to contact us
We have appointed a Data Protection Officer who is responsible for overseeing how we handle your information. If you have any questions about our Privacy Policy or the information we hold about you please write to us at: dataprotection@coveainsurance.co.uk.