Privacy policy
The privacy and security of personal information is very important to us. We promise to respect and protect personal data. This notice explains how we may collect, use and share personal details and tells you about your rights under data protection laws. Sections 1 and 10 contain glossary of key words relevant to this document, which appear throughout the document in bold text.
1. Who we are
We are Hedgehog Limited (also referred to as 'Hedgehog', 'we', 'us' or 'our') and our registered office is at First Floor, Grand Ocean Plaza, Ocean Village, Gibraltar.
- Data Controllers are Hedgehog and each Product Provider named on your policy schedule(s). This means that your Product Provider(s) are also in charge of, and responsible for, how they handle your personal data. We recommend reading your Product Provider's privacy policy which can be found on their websites.
- Data Subjects are Policyholders, named drivers, premium finance customers, payees, residents in the insured home, claimants and witnesses.
- Personal data is information about an identified or identifiable natural person that could allow a living person to be identified.
2. Who do we collect information about?
We collect information about the following types of individuals:
- Previous, current and prospective customers/policyholders
- Previous, current and prospective parties covered under an insurance policy we administer or place.
- Persons authorised to speak to us on behalf of a customer or policy holder
- Third party claimants
- Witnesses to incidents
- Experts instructed in relation to claims
- Users of the Hedgehog websites
- Business Partners;
- All named drivers;
- other people in your household; and
- anyone who may pay your premiums on your behalf.
If you give us information about another person (Data Subject), it's your responsibility to make sure they:
- Have been told about who we are and how their data will be used; and
- Have given their permission for you to use their data (including any sensitive personal data).
If you or other Data Subjects choose not to give personal data
Sometimes we have to collect personal data by law or under the terms of a contract we have with you. If you don't give us the data we ask for, we might not be able to give you a quote or perform the contract we have with you. If this happens, we may have to cancel one of your products or services. We'll tell you if this happens.
3. Information we collect from or about you and other Data Subjects
We'll collect and process information about Data Subjects from a number of sources:
We collect personal data that you or other Data Subjects supply when:
- You ask for a quote;
- You purchase our products and services including those provided by our service partners;
- You make customer enquiries, amend your policy, renew or cancel your policy;
- You register for information or other services;
- You or another party notify us about any incident (like an accident), whether or not you're going to make a claim and during the handling of claim;
- You respond to communications or surveys;
- When you contact us to make a complaint; and
- When we require additional information for validation purposes.
Information we collect from your or other Data Subjects use of our services:
- Quote through our website;
- Website and app usage e.g. cookies and tags. See our cookie policy for more details;
- When we monitor or record inbound and outbound calls, emails, live chat, text messages or other communications; and
- From our records.
Information we get from other sources:
- Price comparison websites
- No Claims Discount Databases;
- Credit reference agencies;
- Claims underwriting exchanges and other registers and databases
- Fraud prevention and detection databases, as well as sanctions screening tools
- DVLA;
- External partners working on our behalf;
- Market researchers;
- Electoral roll;
- Government agencies and lawful enforcements agencies;
- Professional regulators;
- Product Providers;
- From third parties (insurance companies, business partners, suppliers, payment and delivery services, third party claimants under a policy, medical representatives in the event of a claim, accident management companies, advertising networks, analytics providers and, search information providers);
- From other resources, for example, risk assessment models, pricing data, statistics and other information from public databases, websites and other sources, including price comparison websites;
- Other publicly available sources, including, but not limited to, Google Earth and social media; and
- In regard to claims, medical practitioners and other professional service providers.
- Device identification and fraud detection data, which we may receive from companies having passed them your device details.
- Data from 3rd parties operating automated number plate recognition systems when a vehicle is used on public roads or private property.
- Data generated by your vehicle systems and/or technology connected to your vehicle such as car on-board computer; dashcam (integrated or connected) or telematics related data e.g. Black box installed in your vehicle.
- Vehicle ownership details (which we receive from the Driver and Vehicle Licensing Agency (DVLA)) and vehicle data from 3rd parties that hold information about your vehicle.
Information collected about you or other Data Subjects may include:
- General personal data such as name (including former names), date of birth, contact details (e.g. home address and former addresses, telephone numbers and email address), length of time you've been a UK resident, marital status and identifiers such as driving licence number;
- Special category data and criminal data (see below for more information);
- Information about your insurance requirements, such as details of your car, your home, your household, details of family and social circumstances like your marital status, driving licence number or your use of the vehicle or home;
- Policy details such as the dates you joined or left (including your reason for leaving, where relevant);
- Information about your other and past policies such as your claims history, quote history, payment history and claims data;
- Bank account and/or payment card details to arrange payment of your premiums;
- Information about incidents and claims;
- Employment details such as your job title;
- Survey feedback and your responses including customer satisfaction surveys;
- Email addresses;
- Location details;
- Browsing information as part of you going through the quote process to track and keep your quote journey including incomplete quotes;
- In-bound and out-bound phone call recordings;
- Copies of your identification and similar documents (e.g. passport number);
- Information about how you access our website, app and online account service; including the website you visited before landing on our websites. We automatically receive the IP address of your computer, the IMEI number of mobile device, or the proxy server that you use to access the internet and this may include information to identify your browser or device to analyse web traffic;
- Your marketing preferences;
- Vehicle registration number;
- Identification information such as national insurance number;
- Financial status information which is pertinent to the administration of the quote, policy or claim (for example whether you are a homeowner, credit score, county court judgements and bankruptcy notices);
- Personal description when necessary for the administration of the policy (for example as part of a claim investigation);
- Photograph, mobile phone, video footage or CCTV; and
- Driving licence details and driving history.
- Session recordings through our website www.hedgehoginsurance.com.
Special Category (sensitive) Personal Data and Criminal Personal Information:
- Details about your or other Data Subject's health but only if this information is pertinent to a quote, policy administration, a claim (for example to establish the quantum of damages sought and potentially recoverable under the policy) and our fraud prevention investigations.
- Information relating to your criminal and motoring conviction history (including offences and alleged offences and any caution, court sentence or criminal conviction) but only if this information is pertinent to the quote process, policy administration (for example when you update us of any changes to your driving licence) and fraud prevention investigations.
- We do not actively request details about your race and/or ethnicity, but this information may be recorded if it is pertinent to a claim (for example a physical description is given at the time of the incident resulting in the claim or in a later medical report or investigator report), a complaint (for example an allegation is made by you of racial discrimination) or our fraud prevention investigations. It may also be recorded if it is provided by you (or a third party) as part of the quote, policy and /or claim administration processes whether through phone, email, letter, or via a website, App, social media or online chat.
- We do not actively request details about your political opinions, religious or philosophical beliefs or trade union membership but this information may be recorded if it is provided by you (or a third party) as part of the quote, policy and /or claim administration processes whether through phone, email, letter, or via a website, app, social media or online chat.
- We do not actively request details concerning your sex life and/or sexual orientation, but this information may be recorded if it is provided by you (or a third party) as part of the quote, policy and /or claim administration processes whether through phone, email, letter, or via a website, App, social media or online chat. In addition, this information may be apparent from other information you have provided (for example details of your spouse if he/she is a named driver on the policy). Further this information may, in certain limited circumstances, be recorded in a medical report if that information is pertinent to a claim under the policy.
4. How we use your and other Data Subject's information
So that we can provide you with quotes and policies, and to manage your policy and any claims, we must have a legal reason to use your personal data, and this is usually:
- To comply with legal requirements;
- For the performance of contractual requirements;
- When it's in our legitimate interest;
- For the performance of a task carried out in the public interest; or
- With your consent.
Under Data Protection Law, it's in the public interest for the insurance industry to process information about your health and criminal convictions including motoring convictions where it's needed to provide insurance quotes and insurance services. We ask you to tell us about your health and unspent criminal and motoring convictions, so we can assess the risk allocated to your policy, such as the validity and extent of potential claims and to detect and prevent fraud.
Our legitimate interest for processing personal data includes validating the data you've given us against third party sources (both public and private), keeping our records updated, being efficient about how we fulfil our legal and contractual requirements, identifying and detecting fraud and using it to build pricing models and risk acceptance criteria. You have a right to object to this processing, as detailed in Section 7.
This table explains the reasons for processing your data and which of the above lawful reasons we rely on to do so.
Why we process your personal data |
Needed for the preparation or performance of a contract |
Consent |
Compliance with legal obligation |
Legitimate interests |
To evaluate your insurance application and provide (and follow up) a quote |
✔ |
|
✔ |
✔ |
To set you up as a policyholder and add other data subjects such as additional drivers and payees |
✔ |
|
✔ |
✔ |
To evaluate your ability to pay for your policy by instalments (if applicable) |
✔ |
|
✔ |
✔ |
To help us assess the risk allocated to your insurance policy we use motoring convictions data from the DVLA |
|
✔ |
|
✔ |
To manage your policy (e.g. for mid-term adjustments), invite renewal and cancel your policy |
✔ |
|
✔ |
✔ |
To provide and manage your claim (whether we are acting for your insurer or whether you are a third party making a claim against us or a third party insurer for whom we act) |
✔ |
|
✔ |
✔ |
To help identify, prevent, investigate and report potential fraud |
|
✔ |
✔ |
|
To collect and recover money that is owed to us |
✔ |
|
✔ |
✔ |
To communicate with you and resolving any complaints that you might have |
✔ |
|
✔ |
✔ |
To manage how we work with Product Providers and other companies which provide services to our customers and us |
✔ |
|
✔ |
✔ |
To help the research and development of our understanding of individuals behaviour. This is to improve price and risk acceptance models and our marketing strategy and includes use of your quote data (whether you buy a policy with us or not) |
|
|
|
✔ |
To use the personal data of new customers for marketing other products or services (where you've opted in) |
|
✔ |
|
✔ |
To collect and process your personal data through cookies to optimise your customer experience, to develop new ways to meet our customers' need, to grow our business and to identify and prevent fraud |
|
|
|
✔ |
To report data (including personal data) to government organisations e.g. Police, Trading Standards, regulators, Courts |
|
|
✔ |
|
Additional reasons for processing your and other data subject's data:
To make and manage customers payments
We collect and share payment details and personal data with financial institutions to allow us to carry out financial transactions on your policy i.e. to enable the processing of payments, collection and refunds. If you've already agreed to a continuous payment authority, we'll use the card details you gave us to collect payments for mid-term changes, missed instalments (including any fees), balances following cancellation and the renewal of your policy. We'll tell you about this before we take a payment. You can cancel the continuous payment authority at any time by contacting us.
Any payments or refunds will be made to the account / card which was used to make the latest
Surveys
You may be asked to complete a survey or give us feedback on our products and services. Often, we use third parties to carry out these surveys. You don't have to complete them but if you do, we'll use the results to monitor customer service satisfaction and to improve customer service and, where you have given your consent, for marketing purposes.
Call recording
We may record in-bound and out-bound phone calls and use the recordings to prevent fraud, for staff training and for quality-control purposes.
Your use of our website
We use various software including cookies and tags to improve your digital journey and to identify and prevent fraud. We collect and store information about how you access and use our website, app and your account (including the website you visited before coming to our websites). We automatically receive the IP address of your computer, mobile device, or the proxy server you use to access the internet and this may include information to identify your browser or device to analyse web traffic.
Fraud prevention cookies collect information about certain features of your device, such as your IP address, device type, browser type, screen resolution and operating system. This is to prevent and detect devices associated with fraudulent or other malicious activity and allows us to authenticate your account.
We record all user visits through our website www.hedgehoginsurance.com to prevent fraud, to identify site improvements and for quality-control purposes.
Emails and webchat
We record the sending, delivery, opening and use of any links in emails and webchat and whether you mark an email as junk, including the time and date of these actions. This helps confirm the successful delivery and the use of the emails we send. To help us improve the customer experience, we may record the device the email was viewed on, the web browser used, how long an email was viewed and any pages you are directed to on our websites.
Marketing – communications
If you've given your consent, we might also use your personal data to send you communications that contain marketing of products, services or offers that we think might be of interest to you, such as discounts on related products or incentives (like a prize draw) for completing a survey. You can opt out of these at any time by clicking the unsubscribe link in the email or by changing your preferences within your account.
Whatever you choose, you'll still receive other important information about the product and services you have with us such as:
- Payment information;
- Details on how to manage your policy using our online tools;
- Information about a claim; and
- Messages about your renewal.
Marketing profiling
We may use your data to conduct analysis that groups individuals by one or many variables (e.g. age, location) to understand behavioural trends and to target groups of similar individuals who we think may have an interest in our products, services and/or offers. We'll tailor our offers and communications to you based on the results of this profiling.
We'll never provide information about you to companies outside our Group to use for their own marketing purposes.
Industry databases and other sources
We might use information about you from industry-wide databases and other third parties, to help us calculate an insurance quote, manage a policy and for anti-fraud purposes. Details of the databases we currently use are available on request.
We may also validate the information you give us when requesting a quote and if a claim is made on your policy. We do this to identify and prevent crime and fraud to protect the interests of us and our customers. We may at any time check and/or file your details with fraud prevention agencies and databases if you give us false or inaccurate information and fraud is suspected (see Section 5).
Customer database changes
So we can make sure our customer information is up to date, we'll sometimes use external data partners to provide checks on any changes to customer data or status that we might not have been made aware of otherwise, such as changes of address or deaths.
Price comparison websites or other introductory services
If you get a quote through a price comparison website (PCW) or other service, we'll get the information you've given to that service, so we can respond to your request. This is to improve your online experience by not having to re-enter your details.
We also process the information you've given to a PCW and other introductory services to get a quote (whether you buy the policy or not), to validate later data given by you to us and/or PCWs, to detect fraud, to develop acceptance risk criteria and to build both underwriting and retail price models.
Credit searches and identity checks
We or parties on our behalf carry out credit and identity checks to evaluate insurance risks and claims. Such checks may also be used for debt tracing and the prevention of financial crime as well as the administration of your policy, including any claims.
We make searches about you, named drivers and anyone financially associated with you by sharing personal data with credit reference agency databases and other databases. Such database checks will provide us with Electoral Register and credit information.
Where an identity or credit check is made a record of this will be retained by the credit reference agency, who may place a footprint of 'insurance search' on the person's credit file. This footprint will not alter yours or theirs credit score or credit rating. However, should you or any person who may be paying your premiums fail the checks it is unlikely you will be offered the option to pay by instalments on your policy and you will be required to pay the full premium in one payment.
Claims Underwriting Exchange (CUE) and other registers and databases
We, our Product Providers and other Insurers exchange information with various databases and registers to help us, check the information you give us, to detect and prevent crime and fraud and to get information about your no claims history. These may include:
- The Claims and Underwriting Exchange Register (CUE), run by Motor Insurance Bureau (MIB);
- Motor Vehicle Salvage & Theft Data, run by Motor Insurance Bureau (MIB); and
- The No Claims History Database, run by RelX Group trading as LexisNexis.
Information may be shared with these registers and checks carried out against the information held on these registers when we are dealing with:
- Your request for insurance;
- Your renewal;
- When amendments are made to your policy;
- Where a claim is made; and
- Where it is necessary to update our policy records.
Under the Terms and Conditions of your policy, you must tell us about any incident (such as an accident, fire or theft) which might cause a claim. When you tell us about an incident, we will pass this information to the above registers and any other relevant registers.
Fraud prevention agencies
We participate in a number of insurance industry initiatives to prevent and detect crime. We may also check at any time personal data against our own databases. We may at any time share information about your policy and claims with public bodies including the Police, DVLA and Northern Ireland's Driver & Vehicle Agency (DVA).
We will disclose personal data to fraud prevention agencies. If you have provided false or inaccurate information and fraud is identified or suspected, we may pass details to fraud-prevention agencies. Law enforcement agencies may access and use this information.
We and other organisations may also access and use information to prevent fraud and money laundering, for example when:
- Checking applications for, and managing, credit and other facilities;
- Recovering debt;
- Checking insurance quotes, policies and claims;
- Checking details of job applicants and employees; and
- Tracing debtors and beneficiaries and to manage your account or insurance policy.
We and other organisations may access and use, from other countries, the information recorded by fraud prevention agencies.
Fraud prevention agencies will also process personal data in order to assist our prevention of fraud and money laundering, and to verify your identity. If you have requested services and financing from other providers, fraud prevention agencies may receive the above personal data from those providers too.
Fraud prevention agencies may also process your personal data in order to prevent fraud and money laundering by other people. We and fraud prevention agencies may permit law enforcement agencies to access and use your personal data, if they request it.
Fraud prevention agencies will hold your personal data for up to one year, or up to six years if you're considered to pose a fraud or money laundering risk.
If we or a fraud prevention agency, as a result of our processing of your personal data, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested. A record of this risk will be retained by the fraud prevention agencies and may result in others refusing to provide services or financing to you
If you've any questions about this, or for more information on the fraud prevention agencies we share data with or to exercise your data protection rights, you can contact us as explained in Section 7.
MyLicence
The data provided by the DVLA may be used alongside other information you have provided:
- To calculate a motor insurance quote;
- To administer the policy;
- To invite renewal; and
- For anti-fraud purposes.
They will not be used for any other purpose or be made available for anyone else. Only the motor insurance industry may use this information. If you apply for a quote with us and don't decide to take out insurance with us, the data returned from the DVLA database will be anonymised or deleted no later than 30 days after receipt of that data.
Please note that under our User Agreement with the Motor Insurance Bureau, individual agents do not have access to the data returned by a DLN search and as such will not be able to discuss issues relating to your DLN with you. In these instances, we suggest checking the information associated with your DLN is correct at www.gov.uk/view-driving-licence
If you do not provide driving licence numbers, it is your responsibility to ensure that you and all drivers named in the Certificate of Motor Insurance hold a valid driving licence for the type of vehicle you are proposing to insure. Failure to hold a valid licence will make your policy invalid. Please note that we may request you to provide us with a copy of the Driving Licence held by any driver named in the Certificate of Motor Insurance.
More information about MyLicence anti-fraud purposes
As part of our fraud prevention and detection measures, we may undertake searches against your (or any person included on the proposal) DLN against details held by the DVLA to confirm your licence status, entitlement and restriction information and endorsement/conviction data. This helps insurers check information to prevent fraud and reduce incidences of negligent misrepresentation and non-disclosure. A search of the DLN with DVLA should not show a footprint against your (or another relevant person included on the proposal) driving licence.
For more details about MyLicence visit www.mylicence.org.uk
Social Media Use
We may research, collect and use data about persons connected with the policy including you, from publicly available sources including social media and networking sites. We may use such data to access risk and fraud prevention and detection.
Device Reputation Service
If you contact us electronically (computer, tablet or smart phone), we may share data with our chosen Device Reputation Service provider. We do so to protect both you and us, we use such services to help decide whether to accept transactions from electronic devices that visit our website. The service checks whether a device has been identified with fraudulent or abusive transactions in the past, such as reported instances of identity theft, account takeovers, or malware attacks. For this purpose, a cookie file or flash storage token may be placed on your device to identify it in the future when you visit our website. On connection with our site, we will transmit that device identification code to the third-party's server, along with data concerning certain technical attributes of your device such as the model, operating system, and browser version, as well as the IP address, all of which are used to confirm device identification. The service provider responds with a code recommending that transactions be accepted, denied, or reviewed, according to settings we have selected. We also report to the service provider if we conclude that a device has been used in connection with a fraudulent or abusive transaction with us. If you set your browser or device to reject these cookies or tokens, you may not be able to conclude some transactions through our website. We share with the third-party referenced above only information about the device you are using, which may also have been used or appropriated by others, and do not identify you or reveal the details of your transaction to that third-party. If your requested transaction is declined, or if you have questions about our use of this “device reputation” service, please contact us at www.hedgehoginsurance.com.
Please click on the following link How do we use cookies to view all information regarding cookies and how we use them on our websites.
Automated decision-making
The nature of insurance is to provide a price for a potential risk (including its potential claim value) based on the probability of it arising. So we can give you the best possible price at a speed expected when getting quotes on the Internet, we use automated decision-making.
Automated decision-making includes:
- The creation of pricing models and risk acceptance criteria;
- The profiling of you, based on the data we collect and hold about you to validate and supplement the data we hold about you and to maintain its accuracy;
- The application of the pricing and risk models using data we hold about you, to accept or decline your request for insurance and to calculate the price of your policy;
- Assessing your ability to pay the insurance premiums and/or credit; and
- Assessing the risk of fraud being committed on your policy.
From these checks, your premium and policy terms will be determined, or we may not be able to give you insurance or introduce you to our finance provider.
If you do not agree with the result, you may have the right to request that we perform a manual reassessment using the same information that you originally provided. If you wish to do so, please contact us using the contact details contained within section 7.
5. Who do we share the information we collect with?
This section explains how your data and that of other Data Subjects will be shared by us.
Sharing within Hedgehog group of companies
The Hedgehog group of companies includes Rostella Limited, who is a UK based Third Party Administrator providing support services to Hedgehog Limited.
We may share your and other Data Subject's information within our Group for the following reasons:
- To obtain a quote;
- To administer and manage the insurance contract ;
- To provide you with services required as part of insurance contract for example through our claims service company;
- To provide data analysis in order to assist us with the pricing of our products and detect market trends;
- Where you have given your explicit consent, for marketing purposes;
- To administer our websites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- To improve our website, including as part of our efforts to keep our website safe and secure;
- To allow invoicing and to recover any outstanding payments; and
- For legal and regulatory obligations.
Sharing with third parties
Disclosure of your personal data and that of other Data Subjects to a third party outside of Hedgehog will only be made where the third party has agreed to keep your information strictly confidential and shall only be used for the specific purpose for which we provide it to them;
Solicitors:
To manage claims (whether you are an insured or a third party claimant);
To manage legal cases brought against us or on our behalf; and
To manage regulatory investigations.
Business partners:
Software Providers, who provide the technical infrastructure to allow us to provide your quote, policy and claims administrations;
Aggregators (when you have used their website to obtain our quote): to verify the policies obtained through their sites;
Clients for whom we provide insurance policy and administration; and
Companies you have agreed may receive your information to allow you to enter into a contract with them (for example, reward schemes or claims management companies).
Regulators and other authorised bodies, whenever we are required to do so by law.
We believe that such disclosure is necessary in order to assist in the prevention or detection of any criminal action (including fraud) or is otherwise in the overriding public interest.
Motor Policy Insurance Data
We will share your information and that of other Data Subjects with other Insurance Industry databases including the Motor Policy Insurance Data(formally MID) . Policy details will be added to the Motor Policy Insurance Data (MPID) run by the Motor Insurers' Bureau (MIB). MPID data may be used by certain statutory and/or authorised bodies including the police, the DVLA, Northern Ireland's Driver & Vehicle Agency (DVA), the Insurance Fraud Bureau and other bodies permitted by law for purposes not limited to but including:
- Electronic Licensing;
- Continuous Insurance Enforcement;
- law enforcement (prevention, detection, apprehension and or prosecution of offenders); and
- the provision of government services and or other services aimed at reducing the level and incidence of uninsured driving.
If you or other Data Subjects are involved in a road traffic accident (either in the UK, the EEA or certain other territories), the insurers and/or the MIB may search the MPID to obtain relevant information. Persons (including his or her appointed representatives) pursuing a claim in respect of a road traffic accident (including citizens of other countries) may also obtain relevant information which is held on the MPID.
It is vital that the MPID holds your correct registration number. If it is incorrectly shown on the MPID you are at risk of having your vehicle seized by the police. You can find out more about the MPID at www.mib.org.uk and you can check that your correct registration number details are shown on the MPID at www.askmid.com
Claims checks
We may also share your information with organisations that can check your claims history and that of other Data Subjects.
Contracted Services
Companies engaged by us to provide contracted services. This is a wide ranging list of companies and their use will depend upon the circumstances. For example:
To allow us to record our incoming and outgoing calls with you;
In the event of a claim we may engage the services of recovery agents, car hire companies, mechanics or body shops; and
Companies engaged by us to provide aspects of our communications with you (for example, web hosting, online chat provider).
- Credit reference and public data agencies;
- Debt Collectors;
- Finance Providers;
- Enquiry Agents/Counter Fraud Investigators;
- Data analytics advisors;
- Search engine operators who can assist us in the improvement of our website.
- Query search engine operators; and
- Where you have given your explicit consent, to third parties for marketing purposes;
We may also share your and other Data Subject's information with selected third parties, in order to offer services to you or to perform any necessary functions on our behalf. This may include:
- Your relatives, executor or guardians (on your behalf where you are incapacitated or unable) or other people;
- Where you have named an alternative contact (such as a relative) to speak with us on your behalf. Once you have told us your alternative contact, this person will be able to discuss all aspects of your policy (including claims and cancellation) with us and make changes on your behalf. If at any time you would prefer us to deal only with you, please let us know;
- Our insurance partners such as insurers, reinsurers or other companies who act as insurance distributors;
- Other third parties who assist in the administration of insurance policies such as another Insurance Company if there has been an accident which requires a claim to or from that Insurance Company;
- We may share the personal data of any persons named on the policy with third parties to obtain information which may be used by us to inform its risk selection, pricing and underwriting decisions;
- Other third parties you have asked us to engage with;
- Passing information to a third party for the purpose of validating your No Claims Discount (NCD) entitlement and this may be made available to other insurers;
- Overseas assistance companies;
- Loss Adjusters;
- Engineers;
- Emergency Assistance Companies;
- Your healthcare practitioner;
Re-organisation of our business
If we undergo reorganisation, transfer the business to a third party or are sold, personal data we hold about you may be transferred to that re-organised entity or third party. If a change happens, then other parties may use your data in the same way as set out in this privacy notice.
Sending data outside the EEA
We may transfer personal data to, and process personal data in a country outside of the European Economic Area (EEA). If we do transfer your data outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. In most cases, this will be by using approved EU Standard Contractual Clauses. We may also process your data in countries which have reached Adequacy Decisions with the European Commission, or are part of the Privacy Shield in the US.
Whenever fraud prevention agencies transfer your personal data and that of other Data Subjects outside of the European Economic Area, they too will impose contractual requirements on the recipients of that data to protect personal data to the standard required in the EEA. They also require the recipient to subscribe to 'international frameworks' intended to allow secure data sharing.
6. How long will we store your personal data and that of other Data Subjects?
This section provides information about the criteria we use to set how long we will store personal data for. Your Product Providers may store your personal data and that of other Data Subjects for different periods of time and have different criteria, we recommend that you refer to your Product Providers' privacy notice available on their website.
Your and other Data Subjects personal information will be retained by us under one or more of the following criteria:
- We only keep personal information for as long as is reasonably required for the reasons explained in this privacy policy. We do keep certain records, which includes personal data for more extended periods in order to meet legal, regulatory, tax or accounting needs e.g. to allow us to handle claims as required under Road Traffic Legislation, which may be reported long after a policy has been cancelled.
- Where the use of your personal information for a specific purpose is based on your consent, it will be kept for as long as we continue to have your consent (e.g. we would stop contacting you for marketing purposes once you have asked us to).
- Where, for a limited period of time, we are using some of your information to improve the products or services we provide.
- For as long as your information is required to allow us to conduct fraud and/or criminal checks and investigations.
7. Your and other Data Subject's rights and how to contact us
As a Data Controller we are obliged to ensure that individuals can exercise their legally-protected rights regarding their Personal data, which include your right to:
- Request a copy of the personal data we hold for you (please see contact details below);
- Have your data corrected if it's wrong or incomplete;
- Have your data deleted or removed if it's no longer needed;
- Restrict the processing of your personal data;
- Withdraw any permission you've given in respect of your personal data (including marketing). You can do so at any time by clicking the unsubscribe link in the email or by changing your preferences your account;
- Request human intervention on the part of the Data Controller, where you are subject to a decision based solely on automated processing, including profiling, which has a significant effect on you, to express your point of view and/or to contest the decision - see section 4 for more details on the automated decision making;
- Object where we're processing your information on the grounds of it being in our legitimate interests to do so; and
- Make a subject access request to obtain:
- Confirmation personal data is being processed;
- Access to your own personal data; and
- Other supplementary information, which is referred in this privacy notice.
We will uphold your rights to the best of our abilities; however, data protection laws allow us to continue to process your personal data if we have a legitimate reason to do so. For example, if data is needed for fraud prevention or legal requirements.
If you or other Data Subjects want to exercise any of the above rights or have a query related to privacy, please contact us using the below contact details. Please make sure to include your full name, policy and/or quote number if applicable, address and date of birth.
Contact Details
Post
Data Protection Officer
Hedgehog Limited
2nd Floor
Capital Tower
Greyfriars Road
Cardiff
CF10 3AG
8. Complaints
If you're not happy with the way your personal data is held or processed, please tell us using the contact details above. You can complain to the Information Commissioners Office (ICO), the UK supervisory authority for data protection issues.
The above also applies to other Data Subjects.
9. Updates to this privacy notice
We may update or amend this privacy notice from time to time to comply with the law or meet changing business requirements.
10. Glossary
- Compliance with legal obligation means processing your personal data where it's needed for compliance reasons, with a legal or regulatory obligation that we're subject to.
- Contract means using your data where it's needed to carry out a contract that involves you or to take steps at your request before entering into a contract.
- Contractual requirements means using your data where it's needed to carry out a contract that involves you or to take steps at your request before entering into a contract.
- Data Protection Laws means the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK.
- Legitimate interest means our interest in conducting and managing our business to allow us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any possible impact on you (both positive and negative) and your rights before we, or our Product providers, process your personal data for our, and the Product providers, legitimate interests. We, or our Product providers, don't use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or allowed to by law). You can get more information about how we assess our legitimate interests against any possible impact on you in respect of specific activities by contacting us.
- Product Providers for the purposes of this privacy notice shall include your Insurer, reinsurers, administrator and/or provider of your ancillary or additional products purchased your policy. A list of our Product Providers can be found here.
- IP address is the term for an Internet Protocol address which is a numerical code that each device connected to the Internet has in order to identify that device. The code contains an element that supports location identification (to varying levels of accuracy).
- Quote for the purpose of this privacy notice shall include any quote for a new policy, renewal of your existing policy or when you make a mid-term change to your existing policy.
- Regulatory obligation means processing your personal data where it's needed for compliance reasons, with a legal or regulatory obligation that we're subject to.
- Price comparison websites are websites which allow customers to obtain insurance quotes from multiple providers for the purposes of price comparison, such as GoCompare™ and Confused.com.