MCE PRIVACY POLICY
1. Introduction
Insurance is the pooling and sharing of risk in order to provide protection against a possible eventuality. In order to do this, information, including your personal data, needs to be shared between different legal entities in the insurance chain. The insurance market is committed to safeguarding that information.
The General Data Protection Regulation (GDPR) replaces the UK Data Protection Act 1998 on 25 May 2018 and is legislation that will be in place across Europe.
The GDPR builds on previous legislation providing more protections for consumers, and more privacy considerations for organisations.
This is a joint privacy policy for MCE Insurance Limited and MCE Insurance Company Limited and is designed to help you understand how we and others in the insurance chain, process your personal data through the insurance lifecycle.
Personal information is defined as any information relating to an identified or identifiable natural living person; an identifiable person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier (IP address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. We are committed to ensuring that your privacy and your personal information are protected. If we ask you to provide certain personal information when using our services, then you can be assured that it will only be used in accordance with this privacy policy.
If you are providing us with another person’s data you should ask them to also read this privacy policy. By giving us information about another person you are confirming that they have given you consent to provide the information to us. Our preferred method of communicating with you is by e-mail. It is your responsibility to ensure the e-mail contact you have given is monitored regularly. If you are a policyholder, we will deal with you. If you would like someone else to be able to deal with your policy for you, you will need to give us your consent before we can release any information.
It is likely that we will need to update this privacy policy from time to time. We will notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.
2. What personal information will be collected, and how is it collected
Depending on your relationship with us (for example, as a consumer policyholder; non-policyholder insured or claimant; witness; commercial broker or appointed representative; or other person relating to our business), in order for us to provide insurance quotes, insurance policies, and/or deal with any claims or complaints, we need to collect and process personal data about you. The types of personal data that are processed may include:
| Types of Personal Data | Details |
|---|---|
| Individual details | Name, address (including proof of address), other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employment details, and family details, including their relationship to you |
| Identification details | Identification numbers issued by government bodies or agencies, including Your national insurance number, passport number, tax identification number and driving licence number, driving licence details |
| Financial information | Bank account or payment card details, income or other financial information |
| Risk details | Information about you which we need to collect in order to assess the risk to be insured and provide a quote. This may include data relating to your health, criminal convictions, or other special categories of personal data. For certain types of policy, this could also include telematics data |
| Policy information | Information about the quotes you receive and policies you take out |
| Credit and anti-fraud data | Credit history, credit score, sanctions and criminal offences, and information received from various anti fraud databases relating to you |
| Previous and current claims | Information about previous and current claims, (including other unrelated insurances),which may include data relating to your health, criminal convictions, or other special categories of personal data and in some cases, surveillance reports |
| Special categories of personal data | Certain categories of personal data which have additional protection under the GDPR. The GDPR categorises these as health, criminal convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric, or data concerning sex life or sexual orientation |
We will take all reasonable steps to ensure that we only collect the minimum personal information that is necessary to achieve our objectives and will not use it for any other purpose not envisaged in this privacy policy or as otherwise notified to you. If we do not collect the personal information we need it will severely restrict our ability to provide our services to you.
Personal Information can be collected in a variety of ways, for example, through our website or the website of one of our business partners, completion of an application form, or completion of a claim form, submission of a letter of claim, and sent by various methods including by email, telephone, and post.
Information from other sources:
We may also acquire your personal information from reputable third party companies who operate in accordance with EU data protection legislation. We will only take receipt of such personal information where they have a lawful basis to pass it on. We may also obtain information from other sources such as:
- Credit reference agencies
- Other insurance market participants
- In the event of a claim, third parties including the other party to the claim (claimant / defendant), witnesses, experts (including medical experts), loss adjustors, solicitors, and claims handlers
- Anti-fraud databases (eg, Motor Insurance Anti Fraud and Theft Register , Experian, Cue)
- Sanctions lists, court judgments
- Government agencies such as the DVLA and HMRC
- Public sources
- Social media
Information we collect through our website (cookies)
We collect certain types of information from your web browser via cookies when you use our website. To find out more information please refer to our cookie policy below.
3. What We Use Personal Information For, Categories Of Personal Information, Lawful Basis For Processing, And Recipients Of Your Personal Data
Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. This includes sharing it outside MCE Insurance and MCE Insurance Company. The law says we must have one or more of the following “lawful basis” to use personal information:
- Performance of our contract
- Compliance with a legal obligation
- In the substantial public interest (eg. to assist with the prevention of crime and fraud)
- Where processing is necessary to protect a vital interest of an individual
- Where there is a legitimate interest (eg. when we have a business or commercial reason to use your information, but even then, it must not unfairly go against what is right and best for you.
- Your consent
If we rely on our legitimate interest, we will tell you what that is.
If you provide data that is specified as special category, we will rely on one of the “lawful basis” above and an additional processing condition “in the substantial public interest for insurance purposes”
Please find below a list of all the ways that we may use your personal information, and which of the reasons we rely on to do so. This is also where we tell you what our legitimate interests are, where this is one of our reasons.
| What We Use Your Personal Information For | Categories Of Data | Lawful Basis | Recepients |
|---|---|---|---|
| Quotation & Inception Setting you up as a customer, including fraud, credit and anti money laundering and sanctions checks |
Personal data:
|
Personal data:
|
|
| Quotation & Inception Evaluating the risks to be covered & matching to appropriate policy/ premium |
Personal data:
|
Personal data:
|
|
| Inception & Policy Administration Collection or refunding of Premium |
Personal data:
|
Personal data:
|
|
| Policy Administration General client care, including communicating with you regarding administration and requested changes to the insurance policy Sending you updates regarding your insurance policy Complaints |
Personal data:
|
Personal data:
|
|
| Claims Processing Managing insurance claims including fraud, credit and anti-money laundering and sanctions checks |
Personal data:
|
Personal data:
|
|
|
Claims Processing
Defending or prosecuting legal claims |
Personal data:
|
Personal data:
|
|
|
Claims Processing
Investigating & prosecuting fraud |
Personal data:
|
Personal data:
|
|
|
Renewals Contacting you in order to renew the insurance policy |
Personal data:
|
Personal data:
|
|
|
Throughout The Insurance Lifecycle Transferring books of business, company sales and reorganisation |
Personal data:
|
Personal data:
|
|
|
Throughout The Insurance Lifecycle General risk modelling & Underwriting Automated decision making |
Personal data:
|
Personal data:
|
|
|
Throughout The Insurance Lifecycle Complying with our legal or regulatory obligations |
Personal data:
|
Personal data:
|
|
|
Throughout The Insurance Lifecycle To develop and carry out marketing activities |
Personal data:
|
Personal data:
|
|
This list is not necessarily exhaustive as changing business needs or external factors may influence the use of the information we hold.
4. How we use your information to make automated decisions
When calculating insurance premiums we may compare your personal data against industry averages. Your personal data may also be used to create industry averages. This is known as profiling and is used to ensure premiums reflect risk.
Profiling may also be used by us to assess information you provide to understand fraud patterns. Where special categories of personal data are relevant, such as medical history or past motoring convictions, your special categories of personal data may also be used for profiling. We might make some decisions based on profiling and without staff intervention (known as automatic decision making). The types of automated decision we make are as follows:
- Pricing - We may decide what to charge for some products and services based on what we know.
- Tailoring products and services - We may place you in groups with similar customers. These are called customer segments. We use these to study and learn about our customers’ needs, and to make decisions based on what we learn. This helps us to design products and services for different customer segments, and to manage our relationships with them.
Your rights
Automated decision making is an integral part of MCE’s product offering to customers. We cannot accept you as a customer if you object to your personal information being used in this way. If you want to know more about how your personal data is used in this process, please contact us.
5. Where will your personal Information be held?
It may be necessary for us to undertake some of the processing of your personal data in other countries outside of the European Economic Area where data protection safeguards may not be as high as they are in the UK. However, where this is necessary we will ensure that your personal information is treated with the same level of protection as required by the data protection regulations in the UK and EU.
It is also possible that some of our service providers will process your data in other countries. They are also responsible for ensuring your personal information is treated with the same level of protection as required by the data protection regulations in the UK and EU.
If you would like further details of how your personal data would be protected if transferred outside the EEA, please contact our Data Protection Officer at datacontroller@mceinsurance.com in the first instance.
6. How long will Personal Information be held for?
As part of our commitment to your privacy, we will not hold your personal information for any longer than is necessary. Your personal information will be retained in accordance with our retention policy, This is based on the relevant legal and business requirements and, accordingly, the retention periods for personal information will vary according to the nature of the information held.
7. Consent
In most cases when we process your personal information, we will not contact you for consent, for example:
- When we are under a contract with you to provide our services
- When we are complying with a legal obligation
- When processing is in the substantial public interest
- When we believe it is in our legitimate interests and proportionate to our objective, and that the use of the personal information is not overly intrusive.
However, if your consent is required for the processing of any personal information, for example access to medical records (that do not fall under the low value protocol for personal injury claims following a road traffic accident), we will contact you for your explicit consent. You will have the right to withdraw consent at any time by contacting our Data Protection Officer at the details below. In certain circumstances we do need access to your personal data as part of a statutory or contractual obligation, so any withdrawal of consent may mean we will have to cancel your policy.
8. Marketing
From time to time we may send existing customers details of new promotions, ask for feedback and provide other information about our products, where we feel this may be of interest to you. This will be by e mail phone or SMS. We may also work with carefully selected partners to bring you offers and information related to other products. If you wish to opt out of this communication, please advise us by e mail to info@mceinsurance.com . We will still treat an individual as an MCE customer for 2 years after a policy is lapsed or cancelled.
9. Security
We are committed to ensuring that your personal Information is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal information we collect.
10. Keeping Personal Information up to date
Please let us know if your personal information changes as it is important that the information we hold about you is accurate and up to date. We will not be responsible for any errors or personal information losses because of not being informed of a change in personal information.
11. Your rights regarding Personal Information
You have the following rights under current legislation:
- The right to be informed – This privacy policy provides our obligation to provide “fair processing information”. We may also provide information to you during a telephone call, notes as part of an application form, and prompts during an e commerce journey
- The right of access - Access to personal data and supplementary information we hold on you
- The right to withdraw consent – Where we require explicit consent to process your data, you are able to withdraw this
- The right to rectification and data quality - To have personal data rectified if it is inaccurate or incomplete
- The right to erasure including retention and disposal – To request the deletion or removal of personal data where there is no compelling reason for its continued processing, provided that we do not need to retain the personal information to provide you with the services
- The right to restrict processing – Where you have highlighted an issue with the data
- The right to data portability – This allows you to request certain categories of data we hold
- The right to object – Where you have an objection on grounds relating to a situation particular to you
In certain circumstances, we may need to restrict the above rights in order to safeguard the public interest (e.g. the prevention or detection of crime) or the exercise or defence of a legal claim
When exercising your rights regarding personal information, we will request that you submit a copy of your photo card driving licence or passport in order to confirm your identity. This provides us with an additional level of security to ensure we are sending personal information to the correct person
If you wish to exercise any of your rights, please email info@mceinsurance.com
12. Cookie policy
A "cookie" is a small piece of data that is stored on your web browser or hard disk by a web server. This data usually contains encoded information that informs the web server how and when you used the site. Cookies are commonly used on the Internet and do not harm your computer system.
The cookies used on this site do not include any information that others could read and understand about you, such as your name or any account or policy number. They contain no personal Information about you.
Cookies we use:
Google Analytics - We use this to monitor the total number of users visiting the MCE Insurance website, and the links they have clicked on to arrive at the site.
Mobile Website Cookie - A temporary cookie is used to enable the mobile version of the MCE Insurance website; it allows the user of a mobile device to return to the full site once they have been redirected to the mobile version of the website.
13. Complaints
In the event of a complaint regarding the Personal Information we hold, please refer to our Complaints Procedure, which can be found at https://www.mceinsurance.com/content/mce-complaints/
If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights, or if you think that we have breached the GDPR, then you have the right to complain to the ICO. Their contact options can be found at https://ico.org.uk/concerns/
14. Data Controllers and Data Protection Officers
The Data Controller for MCE Insurance is its Operations Committee, who can be contacted on datacontroller@mceinsurance.com
The Data Controller for MCE Insurance Company is its Compliance & Risk Committee, who can be contacted on datacontroller@mceinsurance.com
The insurance lifecycle involves the sharing of your personal data between insurance market participants, some of which you will not have direct contact with. Where data is provided to our business partners in relation to the service you have requested, they may also be acting as Data Controllers and Data Processors. If you would like more information about how any of our partners process data, please contact our Data Protection Officer through datacontroller@mceinsurance.com in the first instance. We will then notify you of the business partners for your data and their contact details, if required.