logo
phonemenu

Call us on 0330 343 8814

Privacy policy

girl in car
semi-circlesemi-circle

Introduction

Marketing Updates

Changes to the Privacy Policy

Why do we collect personal information?arrow

When arranging motor insurance we require information relating to your age, your full address and postcode, your occupation, your driving credentials, your vehicle, your claims history (or lack thereof), details of any driving or criminal convictions, the details of any other persons named on the policy, your financial and credit card details (or those of another person making payment on your behalf).

We will additionally require your email and telephone contact details (so that we may correspond with you) and we will request a copy of your Driving Licence and any proof of No Claims Bonus you may have. We may also request supplementary information, as deemed necessary, to verify your details.

This information is required for the underwriter to assess the potential risk presented and to offer (subject to any limitations or restrictions applied) the appropriate premium, based upon the underwriting criteria applicable at the time. This will be the basis of a contract, in the form of an insurance policy.

We are required to obtain and verify certain information in accordance with current Anti-Money Laundering and Financial Crime legislation.

We may seek to use your data for the purposes of gaining feedback on our products and services, or for internal research and statistical analysis, utilising third party agencies or other members of our Group Companies to collate the information for us. A list of such agencies is available, upon request.

When do we collect personal information?arrow

We may collect your personal information if you :

  • visit or use our website (for more information please see Section 13 on Cookies and Section 14 on Pixel Tags) 
  • complete a quotation online;
  • contact us to arrange insurance cover:
  • have provided your details to a Broker or third party to arrange insurance on your behalf;
  • telephone us;
  • email or write to us;
  • agree to be part of a mailing or marketing campaign;
  • enter a competition which we have arranged;
  • contact us via social media;
  • contact us via an online message service;
  • complete an online review about our products and services; or contact us in connection with a job or position for which we are recruiting.
  • use a telematics App or Services provided by Cambridge Mobile Telematics (CMT). CMT will collect information about your driving style and habits, such as location, speed, acceleration, braking and cornering and combine this with weather, traffic, time of day and other contextual data. Such use is based upon you giving explicit consent to this profiling when registering to use the App or Services. The data will continue to be collected even when the App is not in use to ensure continuity of service and coverage.
What personal information may we collect?arrow

We may collect the following non-sensitive personal information :

  • name;
  • email address;
  • personal phone number(s);
  • personal address;
  • occupation details;
  • date of birth;
  • details of your vehicle;
  • details of any claims;
  • financial information (e.g. credit card and bank account details) when arranging finance and/or payment for your insurance cover, in accordance with any changes made which affect the cover provided and in connection with any penalties incurred for unsatisfactory driving behaviours;
  • telematics data (including GPS co-ordinates) which records the driving behaviours demonstrated by any driver of the vehicle e.g., driving style and habits, such as location, speed, acceleration, braking and cornering (which may be used in combination with non-personal data - such as weather, traffic, time of day and other contextual data);
  • details of transactions that you carry out through our website;
  • information that you provide by filling in forms on our website, even if those forms are not submitted;
  • technical information, including the Internet Protocol (IOP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
  • information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time);
  • products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), and methods used to browse away from the page;
  • any phone number from which you have called us; and
  • information about your credit history;

We may use cookies to collect information about how our website is used. Please see Section 13 on Cookies and Section 14 on Pixel Tags. 

We may also collect information from other sources, including (but not limited to) Google Earth, social media and telematics systems. Where we provide motor insurance for a vehicle equipped with a telematics system, we may use this system to obtain information regarding the location of a vehicle, vehicle crash data and information regarding the operational condition, mileage, diagnostic and performance reporting of vehicles. We may, in the future, also collect information from any cameras which are installed in the vehicle.

We may also collect the following sensitive personal information, referred to in the GDPR legislation as “special categories” of data :

  • information about your physical or mental health; and
  • details of any criminal convictions.
How do we collect your personal information?arrow

We may collect your non-sensitive and special category (previously known as sensitive) information :

  • via our website (including through the use of cookies. For more information please see Section 13 on Cookies and Section 14 on Pixel Tags);
  • via a Broker or third party who you have authorised to arrange insurance on your behalf;
  • via application forms where you are seeking to arrange a Hire Purchase (HP) or Personal Contract Purchase (PCP) agreement; 
  • via reference to the Motor Insurance Database (MID) to ensure that there is valid insurance cover already in place on a vehicle which is to be insured under our Learner Driver, Student Driver or Named Young Driver Insurance Policies;
  • by telephone;
  • by call recording;
  • by email;
  • by letter;
  • via black box technology when commencing insurance policies with us which require the installation of a telematics device or tag as a condition of providing insurance cover;
  • via surveys sent or commissioned by us. We will seek your consent before any such surveys are sent to you;
  • via mailing or marketing campaigns where you have given your consent to be contacted;
  • via competition entry or subscription to a Newsletter or other form of regular communication, again where you have given your consent to be contacted;
  • via attendance at any events where we are represented or exhibiting our products and services. For this purpose we may ask you to complete a contact form where you voluntarily provide your details, so that we may subsequently contact you ;
  • by Customer Relationship Management (CRM) systems, from the information you have provided;
  • from third parties to verify your identity and the accuracy of the information you have provided;
  • from credit reference agencies and organisations which can check your credit and claims history;
  • from publicly available sources including, but not limited to, internet search engines, public records and registers, as well as social media (e.g. Facebook, Twitter, LinkedIn);
  • via recruitment agencies or job websites in connection with a job or position for which we are recruiting;
Purposes for which we process your non-sensitive and sensitive personal informationarrow

We use your non-sensitive and special category information for a number of different purposes.

Under the current data protection laws, we must be able to rely on a legal basis to justify why we are using your non-sensitive personal information. The legal bases that we may rely on are:

FOR PROCESSING NON-SENSITIVE PERSONAL INFORMATION

LEGAL BASIS: For pre-contract purposes

DETAILS: Processing is necessary because you have asked us to take specific steps before entering into a contract, for example preparing a policy of insurance which is intended to form part of a contract between you and us.

LEGAL BASIS: To fulfil our obligations arising from any contracts entered into between you and us

DETAILS: Processing is necessary for the initial assessment and continuation of the insurance cover provided. We will carry out identity checks, credit checks or checks into your claims history to ensure that the pricing of your policy is appropriately applied and is consistent with the underwriting terms and conditions in place at the time.

Processing of telematics data  - including GPS location - relating to motoring history, accident history and claims history is necessary for the purposes of assessing insurance applications and/or processing claims and/or applying increases to the premium (where appropriate, and in accordance with the policy Terms and Conditions).

Cambridge Mobile Telematics (CMT) will use the telematics data to profile and analyse the driving habits of users and work with Marmalade to create a personalised driving score for each user, as well as creating aggregated statistics on all users of the Service and App.

LEGAL BASIS: Compliance with a legal obligation 

DETAILS: Processing is required to enable us to fulfil and comply with a legal obligation to which we are subject.

LEGAL BASIS: For our legitimate interests where these do not cause you undue harm

DETAILS: Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal information. Our main legitimate interests for using your personal information are:
 

 

  1. to enable us, or permit selected third parties to provide you, with information about goods or services we feel may interest you. We may only do this where we have previously obtained your consent to do so. If you are an existing customer, we will only contact you with information about services which we consider will benefit you and which may reflect any change in your circumstances;

 

  1. to promote our services and to update you with any changes to our service and/or our Terms and Conditions;

 

  1. to ensure that content from our site is presented in the most effective manner for you and your computer, and to enable you to participate in interactive features of our service, when you chose to do so;

 

  1. to administer our site and for internal operations, including troubleshooting, data analysis, testing, research statistical and survey purposes;

 

  1. to personalise your repeat visits to our website and to improve our website, as part of our efforts to keep our site safe and secure;

 

  1. to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and

 

  1. in the case of credit checks, to ensure that the products and services in which you are interested are affordable and will not place you into financial difficulties or hardship, also to ensure that the pricing of your policy is appropriately applied and is consistent with the underwriting terms and conditions in place at the time.

 

  1. To gain feedback on the service you have received from Marmalade and the suitability of the product to help us improve customer experience and enhance the products offered.

 

Please note that this is not an exhaustive list. We have set out what we consider to be the most important and relevant situations in which it would be in our legitimate interests to use your personal data.

We may combine with other information that you provide to us information that we have lawfully collected about you or information from other sources. Such information will be used not only for the purposes set out in this Privacy Policy, but in accordance with the Policy itself.

When we use your sensitive personal information (for example information about your health or criminal convictions), we must be able to rely on an additional legal basis. The additional legal bases that we may rely on in such instances are:  

FOR PROCESSING SPECIAL CATEGORY PERSONAL INFORMATION

LEGAL BASIS: Your explicit consent

DETAILS: You need to have given your explicit consent to the processing of your special category personal information for one or more specified purposes. We will request this consent from you when we request the special category  personal information. You may withdraw your consent at any time by contacting us at https://www.wearemarmalade.co.uk. However, please note that, if you do withdraw your consent, you may not be able to receive the benefit of some of our services where, in order to provide them, we rely on your explicit consent to process your special category personal information. 

LEGAL BASIS: To fulfil our obligations arising from any contracts entered into between you and us

DETAILS: Processing of information relating to your physical and/or mental health, as well as details of any criminal convictions is necessary for the initial assessment and continuation of the insurance cover provided.

LEGAL BASIS: For legal claims

DETAILS: Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.

With whom do we share your information?arrow

We may share your information with other companies within the Ardonagh Group and their respective sub-contractors with whom we may share data for the administration of your policy and to process discounts on quotes where we are able to identify positive risk profiles. We may also use the information about you to develop new products and services.

We may also share your personal information to third parties listed below for the purposes described in this Privacy Policy:

  • Insurers;
  • Reinsurers;
  • Claims Management companies, acting on behalf of the Insurers;
  • Premium Finance Companies;
  • Finance Companies (with regards to arranging Hire Purchase (HP) or Personal Contract Purpose (PCP) agreements;
  • Regulators (including The Financial Conduct Authority, The Financial Ombudsman Service, The Information Commissioner’s Office);
  • Professional advisors (including auditors, solicitors, tax advisors and media sales agencies);
  • Information Technology (IT) service providers;
  • Telematics service providers;
  • Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
  • Analytics and search engine providers that assist us in the development, improvement and optimisation of our site;
  • Advertisers and advertising networks that require the data to select and serve relevant advertisers to you and others. Although we do not disclose your personal data to such organisations, we might use your personal data in order to compile the anonymised data that we do provide.

We may use Google Analytics and we would recommend you visit the site “How Google uses data when you use our partners’ sites or apps”. This can be found at the website location: 

www.google.com/policies/privacy/partners/

We may disclose your personal information to third parties :

  • in the event that we are selling or buying, or intend to sell or buy, any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
  • if Atlanta Insurance Intermediaries, or substantially all of their assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use and other agreements; or to protect the rights, property, or safety of Atlanta Insurance Intermediaries, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
  • where the disclosure is required by law or by a regulator with authority over us or you, such as where there is a court order, statutory obligation or FCA request; and
  • if we believe that such disclosure is necessary in order to assist in the prevention or detection of any criminal action (including fraud) or is otherwise in the overriding public interest;
  • in order to check your claims history;
  • where we are required to share your information with other databases including the Motor Insurance Database. These may be accessed by police and other organisations to check the details of your motor insurance or your personal circumstances;
  • where we may be required to pass telematics data to law enforcement agencies, to assist them with their investigations, in the event of there being a road traffic incident.
How do we protect your personal information?arrow

We are committed to respecting and protecting your privacy and keeping your personal information secure. We keep your personal information in a secure server and have appropriate security measures in place in our offices. In addition to having appropriate security measures in place, we enforce them rigorously and keep them under review in order to monitor their effectiveness, and we shall modify the procedures if we should be of the view that this would provide greater protection for you or your personal data.

Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Whilst we make every effort to protect your personal information, the transmission of data via the internet is, unfortunately, not completely secure.  We will always do everything reasonable and within our power to ensure that we comply with the requirements of the law and best practice in relation to the security of personal data. Once we have received your information, we will use strict procedures and security features in an endeavour to prevent unauthorised access.

How long do we keep your information?arrow

We only keep your personal information for as long as is reasonably necessary to fulfil the relevant purposes described in this Privacy Policy. If required by law, we may keep your information for longer.

The factors which will be taken into account when determining the retention period will include regulatory and legal requirements and the need to retain data in the event of there being a claim submitted or a subsequent dispute or complaint relating to the service provided.

Currently, we are required by law to keep certain personal information for a period of 7 years. In addition, we will retain essential policy details in the event of there being a subsequent claim submission, which means that we may need to retain information for up to 10 years. Any non-essential information will not be retained any longer than is reasonably necessary and, where we are able, we will delete any data we have retained after 7 years and 1 month, as part of an automatic process.

We will delete any personal data which there is no foreseeable need for us to retain longer than necessary for the fulfilment of any contract entered between ourselves.

With regards to telematics data, after a policy has lapsed or been cancelled the telematics device may continue to record journeys for up to 7 working days afterwards to ensure continuation of service should there have been a fault with the device. 

International data transfersarrow

The personal data that we collect from you is not, normally, transferred outside the European Economic Area (“EEA”). However, there may be instances when this will be necessary and in these instances we will ensure your personal data is protected in accordance with applicable UK data protection law.

Your rightsarrow

Under certain circumstances, you have the following rights:

1.         to request that we provide you with a copy of the personal data that we hold about you (“Access Request”);

2.         to request that we rectify any personal data that we hold about you (“Right to Rectification”);

3.         to request that we erase any personal data that we hold about you (“Right to be Forgotten”);

4.         to restrict the level of processing we carry out with your personal data (“Restriction of Processing”);

5.         to obtain from us all personal data that we hold about you in a structured, machine readable form, and have this information transmitted to another organisation (“Data Portability”);

6.         to object to our processing your personal data in certain ways (“Right to Object”);  and

7.         to withdraw your consent at any time to our processing of your personal data.

Please see the relevant sections below for further details on your rights as a data subject. You can exercise any of the above rights by emailing us at : https://www.wearemarmalade.co.uk.  You also have the right to lodge a complaint with the Information Commissioner’s Office if you are unhappy in any way with how we have treated your personal information. We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioner’s Office, so please contact us in the first instance.

We shall comply with any request made under this section as soon as possible, and normally within one month from the date of your request. However, if necessary, for example if your request is particularly complex or we receive a number of similar requests, we may extend this period by an additional two months, but we shall notify you if we need to do this. You will not usually have to pay a fee to access your personal data (or to exercise any of your other rights). However, please note that where we receive requests under this section which are manifestly unfounded or excessive, for example because they are repetitive in nature, we may:

1.         charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or

2.         refuse to act on the request.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Access Request

You have the right to request a copy of the information that we hold about you at any time. This enables you to receive a copy of the personal data that we hold about you and to check that we are lawfully processing it. Please note that in most circumstances, we shall not make a charge for this. However, we may charge a reasonable fee based on administrative costs for any further copies requested.

Right To Rectification

You have the right at any time to ask us to rectify any personal data that we hold for you which is incorrect or incomplete. This enables you to have corrected any incomplete or inaccurate data we hold about you, though we may need to verify the accuracy of the new data that you provide to us.

If we have disclosed any incorrect or incomplete data to any third parties, we shall inform them of any necessary amendments or corrections made to your personal data under this section.

Right To Be Forgotten

You have the right to ask us to erase the personal data that we hold about you in circumstances where:

1.         it is no longer necessary for us to handle your personal data for the purpose for which it was originally collected;

2.         you have withdrawn your permission for us to hold your personal data (where this was the basis on which it was collected or used);

3.         you object to the processing of the data and there is no lawful overriding reason for us to continue processing your personal data;

4.         the personal data was unlawfully processed; or

5.         we have to erase your personal data in order to comply with a legal obligation.

Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Restriction Of Processing

You can ask us to restrict how we use your data in the following circumstances:

1.         where you believe that the information we hold about you is inaccurate, you can ask that we refrain from using your data until we can verify the accuracy of it;

2.         where we have unlawfully processed your data, you can ask that we restrict our usage of it rather than erase it completely;

3.         where we no longer need to hold your information, but you wish us to retain your information for the purpose of establishing, exercising or defending a legal claim; or

4.         where you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.

Data Portability

You have the right to obtain from us all personal data which you have provided to us in a structured, commonly used and machine readable form, provided that such data was processed based on your consent, or for the purpose of a contract between us and the processing was carried out by automated means.  Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

This will allow you to move, copy or transfer personal data easily from one IT environment to another. Alternatively, we can transmit such data directly to another organisation.

Please note that we shall not be able to comply with a data portability request if this will affect the rights and freedoms of others.

Right To Object

You have the right to object, on grounds relating to your particular situation, to our processing of your personal data where we are doing this for the performance of a task carried out in the public interest (which we shall have told you about, if applicable), or where we are carrying out processing for the purposes of legitimate interests pursued by us.

You also have the right at any time to ask us not to process your personal data for direct marketing or profiling purposes (to the extent that such profiling is related to such direct marketing). We shall have informed you before the time we obtained your personal data whether we intend to process your personal data for this purpose, or if we intend to disclose your information to any third party for such purposes.

If we process your personal data for automatic decision making or profiling purposes (i.e. to analyse or predict your personal preferences and purchase behaviour, and such profiling is automated) we shall tell you about this beforehand, and will only do this where this is a necessary condition of entering into a contract between you and us, or where you have given us your explicit consent to do this.

Right To Withdraw Consent

Where you have given us your consent to our processing of any of your personal data, you have the right to withdraw your consent at any time, for example if you no longer wish us to share your information with third parties for marketing purposes (where you have previously consented to this). However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

In addition to any other way we make available to you the ability to withdraw your consent, you may also withdraw your consent at any time by contacting us at https://www.wearemarmalade.co.uk

Your right to complain to the Information Commissioner’s Office (ICO)arrow

If you are not satisfied with our use of your personal information, our response to any exercise of your rights (as set out in section 10 above), or if you believe us to be in breach of our data protection obligations, you have the right to complain to the Information Commissioner’s Office here (https://ico.org.uk/concerns/).

We are registered with the Information Commissioner’s Office. Our registration details are : -

Atlanta Insurance Intermediaries: Registration Number Z7563316

Other websitesarrow

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check any such privacy policy before you submit any personal data to these websites. 

Cookiesarrow

A cookie is a small data file that is sent to your computer from a website and is stored on your computer’s hard drive. Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. When accessing our website for the first time you will be presented with details of the cookies used and your options to change and manage these.  For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy

Pixel Tags/Tracking codearrow

Pixel tags (also called clear gifs or web bugs) and Tracking codes are used to track who is reading a web page or email, when, and from what computer. They provide us with information about your interaction with our email messages (if you receive messages in html format) and to record some of the pages you consequently visit on our website.

We use this information so we can provide you with information tailored to your needs and interests and to upgrade visitor information used in reporting statistics. 

Pixel tag technology is used to analyse the reading habits of our customers in order to review and improve the services we offer and we may, on occasion, use this for marketing purposes. 

How to contact usarrow

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to The Atlanta Data Protection Officer, Atlanta Insurance Intermediaries , Embankment West Tower, 101 Cathedral Approach, Salford, M3 7FB

Email : [email protected]

parents

Parent advice

Advice and guides for parents helping their learner driver on their driving journey.

black box myth busters

Black Box Mythbusters

There’s a lot of misconceptions around driving with a black box – we’ve got the facts on what’s true and false!

friends happy on phones

Visit the Driver Hub

Check out the latest stories and blogs from young drivers

ICS member logo
Customer Service Excellence Awards
BIBA scheme provider logo
First car award 2019 winner logo