1 Introduction
This Privacy Policy
covers the information practices of The Read Shepley group companies and all its
subsidiaries and associated companies, collectively referred to in this
document as “The Company” (“us”, “we”, or
“our”). Each group company is a Data Controller in
its own right:
ü RS Risk Solutions Limited. Registered in the UK: No. 11899365. Registered Office: 2 Windsor Mews, Crown
Drive, Heathfield East Sussex TN21 8FP
ü Chariot Schemes Limited. Registered in the UK:
No. 08167208. Registered Office: 2 Windsor
Mews, Crown Drive, Heathfield East
Sussex TN21 8FP
ü Cathedral Associates London Limited. Registered
in the UK: No. 03577654. Registered Office: 2 Windsor
Mews, Crown Drive, Heathfield East
Sussex TN21 8FP
ü RS Support Services Limited. Registered in the UK: No. 9409787. Registered Office: 2 Windsor Mews, Crown
Drive, Heathfield East Sussex TN21 8FP
ü Read Shepley Limited. Registered in the UK: No. 4886649. Registered Office: 2 Windsor Mews, Crown
Drive, Heathfield East Sussex TN21 8FP
ü Executive Hire Management Limited. Registered in
the UK: No. 11831619. Registered Office: 2 Windsor
Mews, Crown Drive, Heathfield East
Sussex TN21 8FP
Note: Cathedral
Insurance Solutions, JMB Insurance Solutions and JMB Chauffeur Insurance
Solutions are trading names of RS Risk Solutions Limited
The Company
holds personal data about its current, previous or prospective customers,
employees, insurers, suppliers, agents and other individuals for a variety of
business purposes. This Privacy Policy
sets out how we seek to protect personal data and ensure staff understand the
rules governing their use of personal data to which they have access in the
course of their work. We take compliance
with our Privacy Policy very seriously and ensure that our employees undergo
regular training and reviews of the latest regulatory requirements to ensure
the appropriate control environment is maintained and continuously
improved.
The Company
collects personal information when you register with us or place your insurance
or other services through our Company.
We will use this information to provide the services requested and
maintain our operational and financial records. We will not share your information for any
other reason because we take the
protection of your privacy and the confidentiality of your personal information
(“Personal Data”) seriously. We will
ensure that all Personal Data processed is kept secure and protected against
unauthorised or unlawful processing and against accidental loss, destruction or
damage.
This Policy sets
out how we meet our obligations regarding data protection and the rights of our
customers, employees, insurers, suppliers, agents and other individuals (“Data
Subjects”) in respect of their Personal Data as defined under relevant data
protection legislation (including the Data Protection Acts of 1998 and 2018
[“the DPA”], the General Data Protection Regulation effective from 25 May 2018
[“the Regulation”] and any subsequent data protection legislation). Please also
refer to our Cookie Policy at www.rsrisk.solutions/cookiepolicy
The Regulation
defines Personal Data as any information relating to an identified or
identifiable Data Subject, which means a natural person who can be identified,
directly or indirectly, in particular by reference to an identifier such as a
name, an identification number, location data, an online identifier, or by one
or more factors specific to the physical, physiological, genetic, mental,
economic, cultural, or social identity of that natural person.
3 Information Collection , Processing and Your Rights to Access
The Personal Data that we collect about you will have been provided
by you, your employer or employees, your representatives or agents (as
appropriate), and/or insurers or their agents.
We may also collect general information about you and/or your company which is available in the
public domain (for example information on directors held at Companies House),
online and from third party data processors (provided that it is fair to do
so); and searches that we undertake in relation to sanctions, money laundering,
and credit checks.
The information we collect about you
may include:
ü Name.
ü Address.
ü Date of Birth.
ü Telephone number(s), email address and other
contact details.
ü Marital status.
ü Gender.
ü Financial Information and bank account details.
ü Passport, driving licence or similar
identity-related information to ensure our compliance with anti-money
laundering or similar regulations.
ü Employment and details of benefits that may
relate to employment.
In addition, we
may collect Personal Data classified as being one within the ‘Special
Categories’ noted in the General Data Protection Regulation (please refer to
this Regulation for a full list of Special Categories of Personal Data). For our purposes, this may include the
collection of information about your health, ethnic or racial
origin or trade union membership, criminal convictions, as well as information
about your family including children.
Your Personal
Data will be used to enable us to fulfil our contractual obligations in
relation to your insurance cover and the provision of any risk management
services. Our processing of your
Personal Data will include:
ü
Assessing
insurance needs.
ü
Providing
information to potential or existing insurers, their agents or other service
providers for the purpose of obtaining quotations and placing cover or
obtaining services and arranging premium finance arrangements.
ü
Management and
processing of claims.
ü
Undertaking
checks to guard against fraud, money laundering, bribery and other illegal
activities.
ü
Handling
complaints.
ü
Reviewing our
service through analysis of data and feedback surveys.
The processing of your Personal Data will only be undertaken if:
ü
It is necessary
for the performance of a contract to which you are, or will be, a party; or
ü
You have given
your consent; or
ü
You confirm that
any personal information you give to us about another person is given with
their informed consent.
ü
Processing is
necessary for compliance with a legal obligation to which we are subject; or
ü
Processing is
necessary to protect your vital interests; or
ü
To perform a
task carried out in the public interest or in the exercise of official
authority vested in us; or
ü
Processing is
necessary for the purposes of the legitimate interests pursued by us or by a
third party, except where such interests are overridden by your fundamental
rights and freedoms which require protection of Personal Data, in particular
where the Data Subject is a child.
You have the
right to:
ü Find out how we process your Personal Data.
ü Access your personal information which will be provided to you free of charge within
one month of your request. We reserve
the right to charge a fee if we believe that your request is excessive.
ü Rectification of Personal Data which is
inaccurate.
ü Request the erasure of the Personal Data and there is
no compelling reason for its continued processing. Where you object
to The Company processing your Personal Data based on our legitimate interests,
we shall cease such processing forthwith unless we have another lawful basis
for such processing that overrides your interests, rights and freedoms; or the processing
is necessary for the conduct of legal claims.
ü Request the restriction blocking or otherwise
suppression of the processing of Personal Data. In these circumstances, we will still be
permitted to store it where we have a legitimate interest in doing so.
ü Request a copy of your Personal Data so that you
can reuse it for your own purposes or across different services.
This will
include data that you input into our webpages, whether this is in relation to
raising an enquiry with us, obtaining a quotation (even if this process is
discontinued before being finished), requesting or reviewing documentation.
If you would
like to exercise any of your rights above or discuss how we process your
Personal Data, contact us compliance@rsrisk.solutions or telephone us on 01342 580106.
4 How We Share Your Information
The Company may
share Personal Data with each of our other group companies should we believe
this is of benefit to you or for legal reporting purposes. We will only share limited Personal Data to
enable this. Where we use third parties
to undertake functions on our behalf, we will only share relevant information
with such third parties as is strictly necessary to enable them to perform
those functions. Typically the
categories of third parties we may share your Personal Data with to provide our
services to you are:
ü
Support
companies for the delivery of the products and services we offer to you in the
course of our insurance broking and risk management services.
ü
Any nominated
adviser, representative or employer (as specified by you).
ü
The Financial
Conduct Authority (FCA) and the Information Commissioner’s Office for the UK
(the ICO), HM Revenue & Customs (HMRC) and any other legitimate supervisory,
professional body, external auditor or law enforcement authority.
It is our policy
to retain documents and information about you, including insurances placed on
your behalf, in electronic or paper format for a minimum of seven years or such
longer period as appropriate having regard to when a claim or complaint may arise
in connection with our processing of your information. The legal basis for this processing is that
it is necessary to meet contractual, legal or regulatory obligations.
After seven years, these may be destroyed or erased without notice to you. You should therefore retain all documentation
issued to you.
The Company may
need to transfer (‘transfer’ includes making available remotely) Personal Data
to countries outside of the UK where this is necessary for us to provide our
services to you. This will take place if
it is necessary to conduct our services on your behalf and/or if there is legal or legitimate need to do so and/or only
if the country ensures the adequate level of protection for Personal Data and/or
with the informed consent of the relevant Data Subject(s).
5 Knowledge Sharing and Marketing Activities
As part of our
commitment to sharing relevant risk knowledge and information with our
customers and prospects, the Company may contact its customers about relevant business
and regulatory information, as well as products and services which we hope will
be of interest and useful to you.
Once a
relationship has ceased to exist with the Company, we will only retain any
Personal Data for a period not exceeding three years from the date of our last
contact or engagement. During this
period, we may use this data to contact you to provide relevant business and
regulatory information, as well as products and services which we hope will be
of interest and useful to you.
You can decide
what, if any, information your wish to receive from The Company. Just let us know your preferences by contacting us at info@rsrisk.solutions
or telephone 01342 580106.
6 Accessing your Personal Data or Making a Complaint
The Company
will continuously strive to safeguard your Personal Data. If you wish to obtain details of the personal
information held by us or make a complaint about how your personal information
is being processed, please contact us on 01342 580106 or email: compliance@rsrisk.solutions and we take all necessary steps to resolve any
issues you may have.
If you remain
unhappy about any data protection matters, you also have the right to complain
to the Information Commissioner’s Office, whose details may be found at www.ico.org.uk.
We would be happy to supply
further information or clarification on our Privacy Policy, please contact us
on:
Ø Telephone: 01342 580106
Ø Email: compliance@rsrisk.solutions
Or contact your usual RS
Risk Solutions, JMB Insurance or Cathedral Associates representative.