At MCE, we are committed to ensuring we protect your privacy and security and will process personal information in accordance with the General Data Protection Regulation, the Data Protection Act 2018 and any other applicable privacy laws.
How we may collect your information
2. What personal information will be collected, and how is it collected
Depending on your relationship with us (for example, as a consumer policyholder; non-policyholder, appointed representative; or other person relating to our business). In order for us to provide insurance quotes, purchase and sell vehicle, and deal with complaints, we need to collect and process personal data about you. The types of personal data that are processed may include:
|Types of Personal Data||Details|
|Individual details||Name, address (including proof of address), other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employment details, and family details, including their relationship to you|
|Identification details||Identification numbers issued by government bodies or agencies, including Your national insurance number, passport number, tax identification number and driving licence number, driving licence details|
|Financial information||Bank account or payment card details, income or other financial information|
|Risk details||Information about you which we need to collect in order to assess the risk to be insured and provide a quote. This may include data relating to your health, criminal convictions, or other special categories of personal data. For certain types of policy, this could also include telematics data|
|Policy information||Information about the quotes you receive and policies you take out|
|Credit and anti-fraud data||Credit history, credit score, sanctions and criminal offences, and information received from various anti fraud databases relating to you|
|Previous and current claims||Information about previous and current claims, (including other unrelated insurances),which may include data relating to your health, criminal convictions, or other special categories of personal data and in some cases, surveillance reports|
|Special categories of personal data||Certain categories of personal data which have additional protection under the GDPR. The GDPR categorises these as health, criminal convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric, or data concerning sex life or sexual orientation|
|Location Information||If you have a Subscribe & Ride Policy we will collect location data when riding your motorcycle through the MCE – Subscribe & Ride app|
Personal Information can be collected in a variety of ways, for example, through one of our websites or the website of one of our business partners, or completion of an application form, and sent by various methods including by email, telephone, and post.
We may also collect your personal data via multiple social networks such as Autotrader, Gumtree, eBay, and Facebook who you will hold an account with. You can determine the personal data that we can access when authorising the connection with the single sign-on service.
Information from other sources:
We may also acquire your personal information from reputable third party companies who operate in accordance with EU data protection legislation. We will only take receipt of such personal information where they have a lawful basis to pass it on. We may also obtain information from other sources such as:
- Credit reference agencies
- Other insurance market participants
- In the event of a claim, third parties including the other party to the claim (claimant / defendant), witnesses, experts (including medical experts), loss adjustors, solicitors, and claims handlers
- Anti-fraud databases (eg, Motor Insurance Anti Fraud and Theft Register , Experian, Cue)
- Sanctions lists, court judgments
- Government agencies such as the DVLA and HMRC
- Public sources
- Social media
What are cookies?
A "cookie" is a small piece of data that is stored on your web browser or hard disk by a web server. This data usually contains encoded information that informs the web server how and when you used the site. Cookies are commonly used on the Internet and do not harm your computer system.
The cookies used on this site do not include any information that others could read and understand about you, such as your name or any account or policy number. They contain no personal Information about you.
Cookies we use:
- Google Analytics - We use this to monitor the total number of users visiting the MCE Insurance website, and the links they have clicked on to arrive at the site.
- Mobile Website Cookie - A temporary cookie is used to enable the mobile version of the MCE Insurance website; it allows the user of a mobile device to return to the full site once they have been redirected to the mobile version of the website.
How we may use your information
4. What We Use Personal Information For, Categories Of Personal Information, Lawful Basis For Processing, And Recipients Of Your Personal Data
Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. This includes sharing it outside MCE Insurance. The law says we must have one or more of the following “lawful basis” to use personal information:
- Performance of our contract
- Compliance with a legal obligation
- In the substantial public interest (eg. to assist with the prevention of crime and fraud)
- Where processing is necessary to protect a vital interest of an individual
- Where there is a legitimate interest (eg. when we have a business or commercial reason to use your information, but even then, it must not unfairly go against what is right and best for you.
- Your consent
If we rely on our legitimate interest, we will tell you what that is.
If you provide data that is specified as special category, we will rely on one of the “lawful basis” above and an additional processing condition “in the substantial public interest for insurance purposes”
Please find below a list of all the ways that we may use your personal information, and which of the reasons we rely on to do so. This is also where we tell you what our legitimate interests are, where this is one of our reasons.
|What We Use Your Personal Information For||Categories Of Data||Lawful Basis||Recepients|
Inception & Policy Administration
Throughout The Insurance Lifecycle
Throughout The Insurance Lifecycle
This list is not necessarily exhaustive as changing business needs or external factors may influence the use of the information we hold.
MCE Subscribe & Ride App
For our Subscribe & Ride customers where a MileMate beacon and mobile application is mandatory the following terms also apply.
The MCE Subscribe & Ride App collects and transmits data on location and mileage ridden. The app collects location data whilst you are riding even when the app is closed or in the background. This data is processed to help identify driver mileage. We will communicate this mileage information to you in the MCE Subscribe & Ride App.
For further information we may:
- Collect GPS location information every second during an active journey using the GPS sensor in your phone
- Record Raw Trip Data which consists of the date and time for each one second GPS data point as well as a measurement of the GPS Horizontal Precision at that point in time.
- Capture photographs of your vehicle odometer associated with your policy.
- Collect a GPS location fix for each photograph taken by the app including a date and time stamp.
- Process each photograph taken on our platform and electronically read and store the text within the photographs.
Raw Trip data is anonymised and retained indefinitely and may be used by our Telematics provider and their associated partners for the purposes of improving systems.
5. Where will your personal Information be held?
It may be necessary for us to undertake some of the processing of your personal data in other countries outside of the European Economic Area where data protection safeguards may not be as high as they are in the UK. However, where this is necessary we will ensure that your personal information is treated with the same level of protection as required by the data protection regulations in the UK and EU.
It is also possible that some of our service providers will process your data in other countries. They are also responsible for ensuring your personal information is treated with the same level of protection as required by the data protection regulations in the UK and EU.
If you would like further details of how your personal data would be protected if transferred outside the EEA, please contact our Data Protection Officer at firstname.lastname@example.org in the first instance.
6. How long will Personal Information be held for?
As part of our commitment to your privacy, we will not hold your personal information for any longer than is necessary. Your personal information will be retained in accordance with our retention policy, This is based on the relevant legal and business requirements and, accordingly, the retention periods for personal information will vary according to the nature of the information held.
We will still treat an individual as an MCE customer for 2 years from when a policy is lapsed, cancelled, or after the transaction date, whichever is later.
In most cases when we process your personal information, we will not contact you for consent, for example:
- When we are under a contract with you to provide our services.
- When we are complying with a legal obligation.
- When processing is in the substantial public interest.
- When we believe it is in our legitimate interests and proportionate to our objective, and that the use of the personal information is not overly intrusive.
From time to time we may send existing customers details of new promotions, ask for feedback and provide other information about our products, where we feel this may be of interest to you. This will be by e mail phone or SMS. We may also work with carefully selected partners to bring you offers and information related to other products. If you wish to opt out of this communication, please advise us by e mail to email@example.com.
We are committed to ensuring that your personal Information is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal information we collect.
10. Keeping Personal Information up to date
Please let us know if your personal information changes as it is important that the information we hold about you is accurate and up to date. We will not be responsible for any errors or personal information losses because of not being informed of a change in personal information.
11. Your rights regarding Personal Information
You have the following rights under current legislation:
- The right of access - Access to personal data and supplementary information we hold on you
- The right to withdraw consent – Where we require explicit consent to process your data, you are able to withdraw this
- The right to rectification and data quality - To have personal data rectified if it is inaccurate or incomplete
- The right to erasure including retention and disposal – To request the deletion or removal of personal data where there is no compelling reason for its continued processing, provided that we do not need to retain the personal information to provide you with the services
- The right to restrict processing – Where you have highlighted an issue with the data
- The right to data portability – This allows you to request certain categories of data we hold
- The right to object – Where you have an objection on grounds relating to a situation particular to you
* In certain circumstances, we may need to restrict the above rights in order to safeguard the public interest (e.g. the prevention or detection of crime)
When exercising your rights regarding personal information, we will request that you submit a copy of your photo card driving licence or passport in order to confirm your identity. This provides us with an additional level of security to ensure we are sending personal information to the correct person
If you wish to exercise any of your rights, please email firstname.lastname@example.org
In the event of a complaint regarding the Personal Information we hold, please refer to our Complaints Procedure, which can be found at https://www.mceinsurance.com/content/mce-complaints/.
If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights, or if you think that we have breached the GDPR, then you have the right to complain to the ICO. Their contact options can be found at https://ico.org.uk/concerns/ .
14. Data Controllers and Data Protection Officers
The Data Controller for MCE Insurance is its Executive Committee who can be contacted on email@example.com.
The insurance lifecycle involves the sharing of your personal data between insurance market participants, some of which you will not have direct contact with. Where data is provided to our business partners in relation to the service you have requested, they may also be acting as Data Controllers and Data Processors. If you would like more information about how any of our partners process data, please contact our Data Protection Officer through firstname.lastname@example.org in the first instance. We will then notify you of the business partners for your data and their contact details, if required