MCE PRIVACY POLICY


1. Introduction

Insurance is the pooling and sharing of risk in order to provide protection against a possible eventuality. In order to do this, information, including your personal data, needs to be shared between different legal entities in the insurance chain. The insurance market is committed to safeguarding that information.

The General Data Protection Regulation (GDPR) replaces the UK Data Protection Act 1998 on 25 May 2018 and is legislation that will be in place across Europe.

The GDPR builds on previous legislation providing more protections for consumers, and more privacy considerations for organisations.

This is a joint privacy policy for MCE Insurance Limited and MCE Insurance Company Limited and is designed to help you understand how we and others in the insurance chain, process your personal data through the insurance lifecycle.

Personal information is defined as any information relating to an identified or identifiable natural living person; an identifiable person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier (IP address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. We are committed to ensuring that your privacy and your personal information are protected. If we ask you to provide certain personal information when using our services, then you can be assured that it will only be used in accordance with this privacy policy.

If you are providing us with another person’s data you should ask them to also read this privacy policy. By giving us information about another person you are confirming that they have given you consent to provide the information to us. Our preferred method of communicating with you is by e-mail. It is your responsibility to ensure the e-mail contact you have given is monitored regularly. If you are a policyholder, we will deal with you. If you would like someone else to be able to deal with your policy for you, you will need to give us your consent before we can release any information.

It is likely that we will need to update this privacy policy from time to time. We will notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.

2. What personal information will be collected, and how is it collected

Depending on your relationship with us (for example, as a consumer policyholder; non-policyholder insured or claimant; witness; commercial broker or appointed representative; or other person relating to our business), in order for us to provide insurance quotes, insurance policies, and/or deal with any claims or complaints, we need to collect and process personal data about you. The types of personal data that are processed may include:

Types of Personal Data Details
Individual details Name, address (including proof of address), other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employment details, and family details, including their relationship to you
Identification details Identification numbers issued by government bodies or agencies, including Your national insurance number, passport number, tax identification number and driving licence number, driving licence details
Financial information Bank account or payment card details, income or other financial information
Risk details Information about you which we need to collect in order to assess the risk to be insured and provide a quote. This may include data relating to your health, criminal convictions, or other special categories of personal data. For certain types of policy, this could also include telematics data
Policy information Information about the quotes you receive and policies you take out
Credit and anti-fraud data Credit history, credit score, sanctions and criminal offences, and information received from various anti fraud databases relating to you
Previous and current claims Information about previous and current claims, (including other unrelated insurances),which may include data relating to your health, criminal convictions, or other special categories of personal data and in some cases, surveillance reports
Special categories of personal data Certain categories of personal data which have additional protection under the GDPR. The GDPR categorises these as health, criminal convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric, or data concerning sex life or sexual orientation


We will take all reasonable steps to ensure that we only collect the minimum personal information that is necessary to achieve our objectives and will not use it for any other purpose not envisaged in this privacy policy or as otherwise notified to you. If we do not collect the personal information we need it will severely restrict our ability to provide our services to you.

Personal Information can be collected in a variety of ways, for example, through our website or the website of one of our business partners, completion of an application form, or completion of a claim form, submission of a letter of claim, and sent by various methods including by email, telephone, and post.

Information from other sources:

We may also acquire your personal information from reputable third party companies who operate in accordance with EU data protection legislation. We will only take receipt of such personal information where they have a lawful basis to pass it on. We may also obtain information from other sources such as:

  • Credit reference agencies
  • Other insurance market participants
  • In the event of a claim, third parties including the other party to the claim (claimant / defendant), witnesses, experts (including medical experts), loss adjustors, solicitors, and claims handlers
  • Anti-fraud databases (eg, Motor Insurance Anti Fraud and Theft Register , Experian, Cue)
  • Sanctions lists, court judgments
  • Government agencies such as the DVLA and HMRC
  • Public sources
  • Social media

Information we collect through our website (cookies)

We collect certain types of information from your web browser via cookies when you use our website. To find out more information please refer to our cookie policy below.

3. What We Use Personal Information For, Categories Of Personal Information, Lawful Basis For Processing, And Recipients Of Your Personal Data

Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. This includes sharing it outside MCE Insurance and MCE Insurance Company. The law says we must have one or more of the following “lawful basis” to use personal information:

  • Performance of our contract
  • Compliance with a legal obligation
  • In the substantial public interest (eg. to assist with the prevention of crime and fraud)
  • Where processing is necessary to protect a vital interest of an individual
  • Where there is a legitimate interest (eg. when we have a business or commercial reason to use your information, but even then, it must not unfairly go against what is right and best for you.
  • Your consent

If we rely on our legitimate interest, we will tell you what that is.

If you provide data that is specified as special category, we will rely on one of the “lawful basis” above and an additional processing condition “in the substantial public interest for insurance purposes”

Please find below a list of all the ways that we may use your personal information, and which of the reasons we rely on to do so. This is also where we tell you what our legitimate interests are, where this is one of our reasons.

What We Use Your Personal Information For Categories Of Data Lawful Basis Recepients
Quotation & Inception
Setting you up as a customer, including fraud, credit and anti money laundering and sanctions checks
Personal data:
  • Individual details
  • Identification details
  • Financial information
Special categories of personal data:
  • Credit and anti fraud data
Personal data:
  • Performance of our contract with you
  • Compliance with a legal obligation
  • Legitimate interests (to ensure that you are within our acceptable risk profile)
  • In the substantial public interest
Special categories of personal data:
  • In the substantial public interest
  • Business partners providing administration
  • Payment and delivery services
  • Credit reference agencies
  • Anti-fraud databases
  • Reinsurers
Quotation & Inception
Evaluating the risks to be covered & matching to appropriate policy/ premium
Personal data:
  • Individual details
  • Identification details
  • Policy information
Special categories of personal data:
  • Risk details
  • Previous claims
  • Credit and anti-fraud data
Personal data:
  • Performance of our contract with you
  • Legitimate interests (to determine the likely risk profile and appropriate insurer and insurance product)
Special categories of personal data:
  • In the substantial public interest
  • Business partners providing administration
Inception & Policy Administration
Collection or refunding of Premium
Personal data:
  • Individual details
  • Financial information
Personal data:
  • Performance of our contract with you
  • Legitimate interests (to recover debts due to us)
  • Business partners providing administration
  • Payment and delivery
Policy Administration

General client care, including communicating with you regarding administration and requested changes to the insurance policy


Sending you updates regarding your insurance policy


Complaints

Personal data:
  • Individual details
  • Policy information
Special categories of personal data:
  • Risk details
  • Previous claims
  • Current claims
Personal data:
  • Performance of our contract with you
  • Legitimate interests (ensuring your contract remains up to date for the risks insured, to correspond with you, nominated beneficiaries and claimants in order to facilitate the placing of and claims under insurance policies)
  • Your consent
Special categories of personal data :
  • In the substantial public interest
  • Business partners providing administration
  • Financial Ombudsman
  • Reinsurers
  • Your employer, if the policy is being used for hire or reward
Claims Processing

Managing insurance claims including fraud, credit and anti-money laundering and sanctions checks

Personal data:
  • Individual details
  • Identification details
  • Financial information
  • Policy information
Special categories of personal data :
  • Credit and anti-fraud data
  • Risk Details
  • Previous claims
  • Current claims
Personal data:
  • Performance of our contract with you
  • Legitimate interests (to assist all parties involved in assessing and making claims)
Special categories of personal data :
  • In the substantial public interest
  • Compliance with a legal obligation
  • Business partners providing administration
  • Claims & Underwriting Exchange Register
  • Hunter Database, run by Experian
  • The Motor Insurance Bureau database
  • Claims handlers
  • Credit reference agencies
  • Insurance Fraud Bureau
  • The Police
  • Driver Vehicle Licencing Agency
  • Solicitors
  • Loss adjustors
  • Other insurers
  • Reinsurers
  • Third parties involved in the claim
  • Courts
Claims Processing
Defending or prosecuting legal claims
Personal data:
  • Individual details
  • Identification details
  • Financial information
  • Policy information
Special categories of personal data :
  • Credit and anti-fraud data
  • Risk details
  • Previous claims
  • Current claims
  • Health data
  • Criminal records data
  • Other sensitive data
Personal data:
  • Performance of our contract with you
  • Legitimate interests (to assist all parties involved in assessing and making claims)
Special categories of personal data :
  • In the substantial public interest
  • Compliance with a legal obligation
  • Business partners providing administration
  • Claims handlers
  • Solicitors
  • Loss adjustors
  • Other insurers
  • Third parties involved in the claim
Claims Processing
Investigating & prosecuting fraud
Personal data:
  • Individual details
  • Identification details
  • Financial information
  • Policy information
Special categories of personal data :
  • Health data
  • Criminal records data
  • Other sensitive data
  • Credit and anti-fraud data
  • Risk Details
  • Previous claims
  • Current claims
Personal data:
  • Performance of our contract with you
  • Legitimate interests (to assist with the prevention and detection of fraud)
Special categories of personal data :
  • Compliance with a legal obligation
  • In the substantial public interest
  • Business partners providing administration
  • Solicitors
  • Private Investigators
  • Police
  • Experts
  • Third parties involved in the investigation or prosecution
  • Other insurers
  • Anti-fraud databases
  • Courts
Renewals

Contacting you in order to renew the insurance policy

Personal data:
  • Individual details
  • Policy information
Special categories of personal data :
  • Risk details
  • Previous claims
  • Current claims
Personal data:
  • Performance of our contract with you
  • Legitimate interests (to provide accurate information for you to review your options at renewal)
Special categories of personal data :
  • In the substantial public interest
  • Business partners providing administration
Throughout The Insurance Lifecycle

Transferring books of business, company sales and reorganisation

Personal data:
  • Individual details
  • Identification details
  • Financial information
  • Policy information
  • Marketing data
Special categories of personal data :
  • Credit and anti-fraud data
  • Risk details
  • Previous claims
  • Current claims
Personal data:
  • Legitimate interests (to structure our business appropriately)
  • Compliance with a legal obligation
Special categories of personal data :
  • In the substantial public interest
  • Courts
  • Other insurers
  • Other insurance intermediaries
Throughout The Insurance Lifecycle

General risk modelling & Underwriting

Automated decision making

Personal data:
  • Individual details
  • Identification details
  • Financial information
  • Policy information
Special categories of personal data :
  • Credit and anti-fraud data
  • Risk details
  • Previous claims
  • Current claims
Personal data:
  • Legitimate interests (developing products and services, and what we charge for them)
Special categories of personal data :
  • In the substantial public interest
Throughout The Insurance Lifecycle

Complying with our legal or regulatory obligations

Personal data:
  • Individual details
  • Identification details
  • Financial information
  • Policy information
Special categories of personal data :
  • Credit and anti-fraud data
  • Risk details
  • Previous claims
  • Current claims
Personal data:
  • Compliance with a legal obligation
Special categories of personal data :
  • In the substantial public interest
  • Prudential Regulatory Authority, Financial Conduct Authority, Information Commissioner’s Office and other regulators
  • Police
  • Other insurers (under court order)
  • Insurance Fraud database
Throughout The Insurance Lifecycle

To develop and carry out marketing activities

Personal data:
  • Individual details
  • Identification details
  • Financial information
  • Policy information
Personal data:
  • Legitimate interests (to inform you about new products, special offers or other information which we think you may find interesting)
  • Business partners providing administration

This list is not necessarily exhaustive as changing business needs or external factors may influence the use of the information we hold.

4. How we use your information to make automated decisions

When calculating insurance premiums we may compare your personal data against industry averages. Your personal data may also be used to create industry averages. This is known as profiling and is used to ensure premiums reflect risk.

Profiling may also be used by us to assess information you provide to understand fraud patterns. Where special categories of personal data are relevant, such as medical history or past motoring convictions, your special categories of personal data may also be used for profiling. We might make some decisions based on profiling and without staff intervention (known as automatic decision making). The types of automated decision we make are as follows:

  • Pricing - We may decide what to charge for some products and services based on what we know.
  • Tailoring products and services - We may place you in groups with similar customers. These are called customer segments. We use these to study and learn about our customers’ needs, and to make decisions based on what we learn. This helps us to design products and services for different customer segments, and to manage our relationships with them.

Your rights

Automated decision making is an integral part of MCE’s product offering to customers. We cannot accept you as a customer if you object to your personal information being used in this way. If you want to know more about how your personal data is used in this process, please contact us.

5. Where will your personal Information be held?

It may be necessary for us to undertake some of the processing of your personal data in other countries outside of the European Economic Area where data protection safeguards may not be as high as they are in the UK. However, where this is necessary we will ensure that your personal information is treated with the same level of protection as required by the data protection regulations in the UK and EU.

It is also possible that some of our service providers will process your data in other countries. They are also responsible for ensuring your personal information is treated with the same level of protection as required by the data protection regulations in the UK and EU.

If you would like further details of how your personal data would be protected if transferred outside the EEA, please contact our Data Protection Officer at datacontroller@mceinsurance.com in the first instance.

6. How long will Personal Information be held for?

As part of our commitment to your privacy, we will not hold your personal information for any longer than is necessary. Your personal information will be retained in accordance with our retention policy, This is based on the relevant legal and business requirements and, accordingly, the retention periods for personal information will vary according to the nature of the information held.

7. Consent

In most cases when we process your personal information, we will not contact you for consent, for example:

  • When we are under a contract with you to provide our services
  • When we are complying with a legal obligation
  • When processing is in the substantial public interest
  • When we believe it is in our legitimate interests and proportionate to our objective, and that the use of the personal information is not overly intrusive.

However, if your consent is required for the processing of any personal information, for example access to medical records (that do not fall under the low value protocol for personal injury claims following a road traffic accident), we will contact you for your explicit consent. You will have the right to withdraw consent at any time by contacting our Data Protection Officer at the details below. In certain circumstances we do need access to your personal data as part of a statutory or contractual obligation, so any withdrawal of consent may mean we will have to cancel your policy.

8. Marketing

From time to time we may send existing customers details of new promotions, ask for feedback and provide other information about our products, where we feel this may be of interest to you. This will be by e mail phone or SMS. We may also work with carefully selected partners to bring you offers and information related to other products. If you wish to opt out of this communication, please advise us by e mail to info@mceinsurance.com . We will still treat an individual as an MCE customer for 2 years after a policy is lapsed or cancelled.

9. Security

We are committed to ensuring that your personal Information is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal information we collect.

10. Keeping Personal Information up to date

Please let us know if your personal information changes as it is important that the information we hold about you is accurate and up to date. We will not be responsible for any errors or personal information losses because of not being informed of a change in personal information.

11. Your rights regarding Personal Information

You have the following rights under current legislation:

  • The right to be informed – This privacy policy provides our obligation to provide “fair processing information”. We may also provide information to you during a telephone call, notes as part of an application form, and prompts during an e commerce journey
  • The right of access - Access to personal data and supplementary information we hold on you
  • The right to withdraw consent – Where we require explicit consent to process your data, you are able to withdraw this
  • The right to rectification and data quality - To have personal data rectified if it is inaccurate or incomplete
  • The right to erasure including retention and disposal – To request the deletion or removal of personal data where there is no compelling reason for its continued processing, provided that we do not need to retain the personal information to provide you with the services
  • The right to restrict processing – Where you have highlighted an issue with the data
  • The right to data portability – This allows you to request certain categories of data we hold
  • The right to object – Where you have an objection on grounds relating to a situation particular to you

In certain circumstances, we may need to restrict the above rights in order to safeguard the public interest (e.g. the prevention or detection of crime) or the exercise or defence of a legal claim

When exercising your rights regarding personal information, we will request that you submit a copy of your photo card driving licence or passport in order to confirm your identity. This provides us with an additional level of security to ensure we are sending personal information to the correct person

If you wish to exercise any of your rights, please email info@mceinsurance.com

12. Cookie policy

A "cookie" is a small piece of data that is stored on your web browser or hard disk by a web server. This data usually contains encoded information that informs the web server how and when you used the site. Cookies are commonly used on the Internet and do not harm your computer system.

The cookies used on this site do not include any information that others could read and understand about you, such as your name or any account or policy number. They contain no personal Information about you.

Cookies we use:

Google Analytics - We use this to monitor the total number of users visiting the MCE Insurance website, and the links they have clicked on to arrive at the site.

Mobile Website Cookie - A temporary cookie is used to enable the mobile version of the MCE Insurance website; it allows the user of a mobile device to return to the full site once they have been redirected to the mobile version of the website.

13. Complaints

In the event of a complaint regarding the Personal Information we hold, please refer to our Complaints Procedure, which can be found at https://www.mceinsurance.com/content/mce-complaints/

If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights, or if you think that we have breached the GDPR, then you have the right to complain to the ICO. Their contact options can be found at https://ico.org.uk/concerns/

14. Data Controllers and Data Protection Officers

The Data Controller for MCE Insurance is its Operations Committee, who can be contacted on datacontroller@mceinsurance.com

The Data Controller for MCE Insurance Company is its Compliance & Risk Committee, who can be contacted on datacontroller@mceinsurance.com

The insurance lifecycle involves the sharing of your personal data between insurance market participants, some of which you will not have direct contact with. Where data is provided to our business partners in relation to the service you have requested, they may also be acting as Data Controllers and Data Processors. If you would like more information about how any of our partners process data, please contact our Data Protection Officer through datacontroller@mceinsurance.com in the first instance. We will then notify you of the business partners for your data and their contact details, if required.