Legal basis for processing data
There are several lawful bases under which we can hold and process your data. John Heath (UK) Limited will hold and process your data where:
- Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract
- Processing is necessary for compliance with a legal obligation
- Necessary for the purposes of legitimate interests pursued by the controller or a third party, except
where such interests are overridden by the interests, right or freedoms of the data subject
- Processing is necessary for reasons of substantial public interest
Information we collect about you
When you contact us for an insurance quotation we collect the relevant information needed by an insurer to calculate the premium and understand and arrange insurance to meet your needs, and also arrange premium finance where applicable. The information varies dependant on the risk to be insured. It may be necessary to collect sensitive personal data, and/or we may need information (including sensitive personal data) about other members of your household or family (including children) who may also be included as a beneficiary on your policy e.g. family members who may drive your car or may be included on a travel insurance policy.
Where this involves passing information to us relating to children you acknowledge that in doing so you are the responsible parent or guardian of the child and are providing explicit consent for us to use this information specifically to fulfil the insurance cover and services requested.
We collect this information
Information is collected during our meetings, telephone conversations, letters, e-mails with you and through the completion of proposal forms and fact finds or via online submission forms.
We store your personal data
John Heath (UK) Limited use several data storage methods which include:
- Electronically on our Acturis and Open GI system
- Manually in paper records
- On Microsoft Office 365 (for Word, Excel, Emails, PDF’s etc.)
- Feefo and Mailchimp (or similar email or review systems)
Information held on Acturis, Open GI, Office 365, Feefo and Mailchimp is securely backed up and your data encrypted to protect your data from cyber-attacks and on-line hackers and manual records are stored in secure locked offices.
How will your information be used and who might it be shared with
The information we collect will be passed to insurers to enable them to calculate a competitive insurance quotation to meet your requirements and/or handle a claim you are making under the policy.
In order to obtain the most appropriate policy it may be necessary to pass your information to other insurance intermediaries who are authorised and regulated by the Financial Conduct Authority.
Information provided by you may be put onto a register of claims and shared with other insurers to prevent fraudulent claims.
We may share your data with other third parties in order to meet our legal or regulatory requirements. This includes statutory bodies and third parties who request information about you that they need to help prevent or detect crime and fraud or organisations who are responsible for tax or where we are required to give this information under an order of the court or legislation.
Should you wish to pay your premium by instalments we may pass your information to a premium finance provider however, this will not be done without discussing payment options with you first. When applying or taking out credit we will share your data with lenders. John Heath (UK) Limited, or the lenders, may carry out anti-money laundering checks and credit underwriting to assess creditworthiness and affordability to meet regulatory or business obligations. Credit checks may include a search of your records (for limited companies this may include directors and the organisation itself) at a credit reference agency. This type of search will leave a footprint that other lenders will be able to see but not the outcome of the search. The type of search made should not have a detrimental effect on the credit rating of an individual.
We keep your data for...
We will retain any information held in manual files for not less than 7 years.
We will retain any information held electronically for not less than 7 years.
Your personal data is processed by us by our staff in the UK. However, for the purposes of IT hosting and maintenance this information may be located on servers within the European Economic Area.
You have the right to request the deletion or removal of your personal data if you feel there is no compelling reason for its continued processing.
Your rights of access
Under the GDPR (General Data Protection Regulations) you have a right to obtain a copy of the personal information that we hold about you free of charge. If you believe that any information held is incorrect or incomplete, you should contact us (see contact details below). Any information that is found to be incorrect or incomplete will be amended promptly.
Your right to data portability
You have the right to request us to transmit your data directly to another organisation which we will undertake if this is technically feasible. We will respond to your request within one month and if we are unable to action a request we will explain why.
Your right to object
Under the GDPR you have the right to object to us processing personal data based on grounds relating to your particular situation. If you object to us processing your personal data we will stop unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or, the processing is for the establishment, exercise or defence of a legal claim.
For any of the above please write or email us at the address below in the first instance.
Your right to complain
You have a right to complain to the Information Commissioners Office if you feel there is a problem with the way John Heath (UK) Limited is handling your data. Please contact https://ico.org.uk/concerns/handling
John Heath (UK) Limited take your privacy seriously and will only use your personal information to administer your account and to provide the products and services you have requested from us, or to send you information about other products and services that we believe may be relevant to you.
We will not use your information or share your information with any other company for marketing purposes without your prior consent. If you wish to unsubscribe from receiving marketing material at any time, please use the contact details at the bottom of this notice.
If you need any further information or need to contact us please write, telephone or email us at:
John Heath (UK) Limited
Arrowscroft, 142 Nantwich Road
Tel: 01270 252 252