However, we will keep information for much shorter periods if that information related merely to a quotation which did not then result in a contract of insurance being arranged, in these circumstances we will keep information for a minimum retention period of 12 months.
In any event all information shall be stored in strict compliance with the GDPR legislation at all times; and using appropriate technical or organisational measures we will regularly:
- review the length of time we keep and or maintain information about you;
- consider the purpose or purposes why we hold the information about you in deciding whether (and for how long) to retain it;
- securely delete information about you that is no longer needed for this purpose or these purposes; and,
- update, archive or securely delete information about you if it goes out of date.
Sensitive Data In carrying out our duties as Data Controller and Data Processor we will collect sensitive information, about you, and other parties related to this insurance because it is:
- necessary for the performance of or to take steps for you to enter into a contract of insurance; or
- necessary for compliance with a legal obligation; or
- necessary to protect your vital interests; or
- necessary for our own legitimate interests or those of other controllers or third parties; and,
- necessary for a task carried out in the public interest or for an exercise of an official authority (e.g. a regulatory body)
What we mean by sensitive data includes information such as:
- about an individual’s health including medical conditions
- motoring or other criminal convictions
- racial or ethnic origin or religious beliefs
We will always apply additional organisational and technical measures for this category of data, including restrictions to access this data (this is where data may be secured with additional layers of security to prevent misuse and protect personally identifiable information).
Use and storage of your information overseas
We will never knowingly transfer, store, or process information about you or an individual, outside the European Economic Area (EEA). In any event, if we are compelled to transfer your information outside the EEA (e.g. because it is an insurance arrangement with an Insurance Company who is outside the EEA or part of a larger group of companies who pass information outside the EEA) it shall be in compliance with the conditions for transfer set out in the GDPR and or restricted to a country which is considered to have adequate data protection laws.
All reasonable steps shall typically have been undertaken to ensure the firm to which information is being transferred has suitable standards in place to protect such information.
Using our Website and Cookies
You will be asked to accept a cookie, which is a small file of letters and numbers that is downloaded on to your computer when you visit any of our group of companies’ websites. This will be clearly explained to you when you visit the website and you will typically have to accept the cookie to benefit from the services the website can offer.
Cookies are operated in strict accordance with Privacy and Electronic Communications Regulations 2011 (PECR) and are widely used by many websites and primarily enable the website to remember an individual’s preferences, recording information the individual may have entered into the webpages.
These same rules also apply if any individual accesses or uses any other type of technology to gain access to information stored electronically by us (e.g. a quote facility or app using a smartphone or similar portable device).
Individuals have a number of rights relating to the information we hold these rights include but are not limited to:
- a copy of the personal information we hold (once requested, we have a maximum of one month to give an individual such information);
- rectify information, if it is inaccurate or incomplete;
- request the deletion or removal of an individual’s personal data where there is no compelling reason for its continued processing;
- suppress processing of an individual’s personal data, when processing is restricted, we are permitted to store the personal data, but not carry out further processes. We will retain sufficient information about the individual to ensure that the restriction is respected in future (see ‘Marketing’);
- object to certain uses of an individual’s personal information (see ‘Marketing’);
- in certain circumstance to not be subject to a decision when it is based on automated processing; and or it produces a legal effect or a similarly significant effect on an individual;
- withdraw any permission you or an individual may have previously provided; and,
- complain to the Information Commissioner’s Office at any time if you or an individual is not satisfied with our use of such information. Individuals can request a copy of the personally identifiable information we hold by contacting us about them, including the right to have such information in a portable form ‘a right to data portability’ so we will normally, not only provide the information free of charge (however we may apply a charge where information requests are excessive), but we will provide that information in a format that is easily accessible, sometimes in a CSV format, should an individual require it in that format to ensure information can be exchanged easily with other organisations.
If you would like further information or wish to make a Subject Access Request (SAR) you can e-mail firstname.lastname@example.org or write to our Compliance Department at 29 Waterloo Rd, Wolverhampton, West Midlands WV1 4DJ.
When marketing to you as an individual (including individual sole traders and partnerships), we will either rely on the permission we have (if we are able to do so) or we will ask for your permission (consent) to contact you, including the means to contact you (such as by phone, or e-mail, push notifications, SMS text, or post) to tell you about;
- new products or services we have or are developing;
- trialling products and services which we think may improve our service to you or our business processes;
- offer you rewards;
- enter you into a competition;
We will typically ask for permission when you first contact us, (usually but not limited to our websites), however, you will maintain the right to easily withdraw such consent whenever you wish (unsubscribe).
We will regularly review any such consent to check that your relationship with us and any processing including the purposes have not changed.
In all situations where we market to a business we will observe both the market standards and those rules and guidelines of the Privacy and Electronic Communication regulations (PECR). We have in place such a process to ensure we refresh your consent at appropriate intervals, including any parental, or third-party consents (where relied upon) and act on withdrawals of consent (unsubscribe) as soon as we can and not penalise you if you not choose to give and later decide to withdraw your consent.
Research and analysis
Personal information we hold may be converted into statistical or aggregated data (e.g. this is data which cannot be traced back to an individual) to produce or undertake statistical or analytical research and development work, which may be shared with our group companies, such as, our underwriting services that we carry on to enable us to provide suitable insurance arrangements to the insurance market now and in the future. We may continue using personally identifiable information we may hold, specifically relating to an individual’s past insurance arrangements or policies, after cessation of any insurance arrangement with us for further processing (e.g. research and analysis).
Residentsline Limited operates under a number of trading names including:
Residentsline Flat Living Insurance London Flats Insurance Property Management Portal
For more information about Residentsline Limited please visit www.residentsline.co.uk.