Hastings Essential and Hastings Direct are trading names of Hastings Insurance Services Limited, which has its registered office at Conquest House, Collington Avenue, Bexhill-on-Sea, East Sussex TN39 3LW.
In addition to those defined words and expressions, references to:
'Personal information' means any information that we have obtained from you or third parties in connection with a service or product provided to you that is held now or at any time in the future by us; and
'Act' means the Data Protection Act 1998, as amended from time to time.
We offer online quotations and online cover, and policy administration and claims handling services, on a range of insurances solely for permanent residents of the United Kingdom accessing and using the Website from within the United Kingdom. Accordingly, this Privacy Statement is directed only at such persons and should be read in conjunction with our Website Terms and Conditions. Please click on the 'Website Terms and Conditions' link provided at the bottom of every page of the Website.
Please take a few minutes to read this information carefully as it contains important information relating to the details that you will give / have given us.
We are required to provide you with this information to comply with Data Protection Act 1998. It explains how we may use your details and tells you about the systems we have in place that allow us to detect and prevent fraudulent applications and claims. The savings that we make help us to keep premiums and products competitive.
You have a right to access personal information held about you by Hastings insurance Services Limited. For details relating to information held about you Data Protection Officer, Hastings Direct, Conquest House, Collington Avenue, Bexhill-on-Sea, East Sussex TN39 3LW, UK.
We collect personal information directly from you when you register for any online service with us or deal with us over the telephone, such as a request for a quote, the purchase of an insurance policy through us or the provision of policy administration or claims handling services. We limit the collection of personal information to what we need to know to maintain the accuracy of our records, to verify the identity and assess the financial standing of customers, to assist us in providing a high standard of service, and to fulfil any legal and regulatory requirements. We will do our best to ensure that your details are accurate and kept up-to-date and we would ask you to assist us in doing so by notifying us in writing of any changes to your personal information.
Hastings Insurance Services Limited is the registered data controller in relation to personal information held about you for the purposes of the Act.
All personal information provided by you is held securely and in confidence by us in our computerised and other records. When we process your personal information we do so in compliance with the terms of Act. We maintain strict security standards and procedures with a view to preventing unauthorised access to your data. We use leading technologies, such as data encryption, fire walls and server authentication to protect the security of your data. All our staff and all third parties we may hire from time to time to provide support services are required to observe our privacy standards.
Monitoring or recording of your calls, e-mails, text messages and other communications may take place in accordance with UK law, and in particular for business purposes such as for quality control and training, processing necessary for the entering into or the performance of a contract; to prevent unauthorised use of our telecommunication systems and web sites; to ensure effective systems operation; to meet any legal obligation; in your vital interests; in order to prevent or detect crime; and for the purposes of the legitimate interests of the data controller. Please visit ico.org.uk for further information:
You have the right to receive a copy of the personal information we hold about you at any time, on written request and payment of a £10 administration fee.
Should you wish to receive a copy of the personal information we hold about you, please write to the Data Protection Officer at our registered office address (shown above) enclosing the £10 administration fee made payable to Hastings Insurance Services Limited, and we will deal with your request within the regulatory 40 day period.
If you would like us to remove any personal information from our records, then please write to our Data Protection Officer at our registered office. Please be ready to quote your full name, address and if applicable your policy number when contacting us. We will make all reasonable efforts to delete your information from our files if it is deemed appropriate.
We may use and analyse your personal information for the following purposes:
- in relation to our online quotation service, provide you with one or more online quotations on behalf of one or more insurers.
- in relation to our online cover service, to consider your application for, and facilitate your purchase of, an insurance policy through us.
- consider whether to accept the relevant risk.
- make decisions about the provision and administration of insurance and related services for you (and members of your household).
- validate your (or any person or property likely to be involved in the policy or claim) claims history (at any time, including upon application for insurance, in the event of an accident or a claim, or at a time of renewal).
Management information purposes i.e. to analyse insurance and other markets for the purposes of:
- portfolio assessment.
- risk assessment.
- performance reporting.
- management reporting.
Anti fraud purposes i.e. to detect and prevent fraudulent claims and/or activities by:
- sharing information about you with other organisations and public bodies including the police.
- tracing debtors or beneficiaries, recovering debt, managing your accounts and or insurance policies.
- undertaking fraud searches. Insurers pass information to the Claims Underwriting and Exchange Register and where appropriate the Motor Insurance Anti-Fraud and Theft Register administered by Insurance Database Services Limited ("IDSL"). This helps insurers check information and prevent fraudulent claims. When we deal with your request for insurance we may search these registers.
Compliance with legal obligations and responsibilities:
- Claims management — In the event of a claim we may need to disclose information with any other party involved in that claim such as third parties involved in the incident, their insurer, solicitor or representative and medical teams, the police or other investigators. We also may have to investigate your claims and conviction history;
- Motor Insurance Database — Information relating to your insurance policy will be added to the Motor Insurance Database (MID) managed by the Motor Insurers' Bureau (MIB). MID and the data stored on it may be used by certain statutory and/or authorised bodies including the Police, the DVLA, the DVLNI, the Insurance Fraud Bureau and other bodies permitted by law for purposes not limited to but including:
- Electronic Licensing;
- Continuous Insurance Enforcement;
- Law enforcement (prevention, detection, apprehension and or prosecution of offenders);
- The provision of government services and or other services aimed at reducing the level and incidence of uninsured driving.
If you are involved in a road traffic accident (either in the UK, the European Economic Area or certain other territories), insurers and or the MIB may search the MID to obtain relevant information.
Persons (including his or her appointed representatives) pursuing a claim in respect of a road traffic accident (including citizens of other countries) may also obtain relevant information which is held on the MID. It is vital that the MID holds your correct registration number. If it is incorrectly shown on the MID you are at risk of having your vehicle seized by the Police. You can check that your correct registration number details are shown on the MID at www.askmid.com;
- Complaints management — If you make a complaint about the service we have provided, we may be obliged to forward details about your complaint, including your personal information, to the relevant ombudsman.
Other purposes that we may use and analyse your personal information:
- to provide you with other services, including managing and administering the insurance policies you take out through us, and providing assistance with your claims and enquiries.
- for the purposes of insurance administration by us or our agents, by our re-insurers and your intermediary (if you have one) and may be disclosed to regulatory bodies for the purposes of monitoring and / or enforcing our compliance with any regulatory requirements.
- to offer you the opportunity to renew a policy or purchase a replacement policy.
- to update our records about you.
- to check your identity to prevent money laundering (unless you furnish us with satisfactory proof of identity).
- for the investigation of or prevention of crime.
- to undertake credit searches and fraud searches (see further below).
- to enable us to conduct research and statistical analysis and facilitate our internal customer service monitoring.
- to improve the quality of our service and the efficiency of our Website and systems.
- if prior consent has been received, we may market you with other products which we believe may be of interest to you.
- To email to offer the opportunity to return and complete a quote.
- compile statistical data on the use of the Website which can be used to manage and plan enhancements to our services,
- to facilitate users' ability to navigate through the Website,
- ascertain whether the Website is operating at an optimal level,
- personalise and improve the service we offer to you by understanding your preferences and establishing which areas of the Website are of most relevance to you.
We also use cookie technology to ensure that, where you have registered for any of our online services, we maintain your confidentiality and security as you move through secure or password protected areas of the website.
We use two types of cookies on the Website:
- Session cookies — temporary cookies which remain in the cookie file of your browser until you leave the Website, for further information please visit: www.allaboutcookies.org
- Persistent cookies — which remain in the cookie file of your browser for a longer period of time (the duration of this period will depend on the 'lifetime' of the specific cookie). For further information on persistent cookies visit: www.allaboutcookies.org
- Google Analytics — is used to provide us with an understanding of how our site is performing. It enables us to ensure your receive a level high standard of customer experience which we would expect when visiting any website. You can find more information on Google's position on privacy by visiting: www.google.co.uk
- Google site search — allows customers to search for pages within the site providing them with a better overall experience: www.google.com
- JSESSIONID — The purpose of JSESSIONID is to match up the session ID stored in the web application with that of the client so we can maintain a user's state throughout their journey. This cookie is imperative when using our site. en.wikipedia.org
- OMG — set cookies to identify which affiliate has delivered a customer to Hastings. If your browser is set to ignore all cookies this will effect the way in which you could claim your cashback. www.omgpm.com
- VeriSign — provides our customers with a safe way to protect their details whilst enabling secure purchases. www.verisign.co.uk
- Survey monkey — allows us to provide a platform for customers to express their opinions about Hastings. www.surveymonkey.com
When you visit the website, our server will record your IP address, the date, time and duration of your visit and which areas of the website you visit. Your IP address is an assigned number allocated to your browser when you log on to the internet which acts as the 'address' of your computer whilst you are online and enables web servers to locate and deliver content to you. It is usually allocated on a temporary basis, i.e. for the duration of your session online.
Cookie-derived information is anonymous and represents a computer rather than a person. You cannot be personally identified from it and we use it solely on an anonymous, aggregated basis.
Some of our web pages may contain electronic images known as web beacons (sometimes known as clear gif's) that allow us to count users who have visited these pages. web beacons collect only limited information, which includes a cookie number, time and date of a page viewed and a description of the page on which the web Beacon resides. We may also carry web beacons placed by third party advertisers. These Beacons do not carry any personally identifiable information and are only used to track the effectiveness of a particular campaign.
You are not obliged to accept a cookie that we (or any other web server) send to you. Most browsers accept cookies automatically but you can modify the settings in your browser to turn off this feature. However, cookies are integral to some areas of the website and to certain parts of our online services, so if you do choose not to accept cookies from us, you may not be able to utilise some areas of the website and we may not be able to provide certain online services to you.
If you would like to accept or decline cookies, you can find help about modifying your browser by visiting: www.aboutcookies.org.
By requesting that we provide you with online services, or contacting us over the telephone to request the provision of services in relation to a quotation or insurance policy, we will consider you to give consent to our collecting and processing (as outlined above) of any sensitive information about you and/or relevant others which you may be required to provide.
Information which is supplied to IDSL and MID can include details such as your name, address and date of birth together with details of any injury arising from a claim.
Your data may be transferred to any country, including countries outside of the European Economic Area, for any of the purposes mentioned above.
Under the conditions of your policy, you must tell us about any incident (such as an accident or theft) which may or may not give rise to a claim. When you tell us about an incident, we will pass information relating to it to IDSL.
Third parties with whom we may have to share your personal information as outlined above may include:
- insurers who provide and administer the insurance policies you purchase through us and any third party insurance administrators who may provide services to you under the terms of such policies
- independent contractors or other third parties we may engage from time to time to provide services to us
- our professional advisers
- any regulatory or governmental body, or other supervisory body with rules and/or codes of practice to which we are subject, which requests or requires access to it.
- insurers who in turn will give your data to Insurance Database Services Limited (IDSL) in relation to the Claims Underwriting and Exchange Database (CUE) and Motor Insurance Anti-Fraud and Theft Register (MIAFTR).
- we and/or your insurer may pass information about you to credit reference agencies, where it is necessary to carry out a credit check search on you before we and/or your insurer provide you with any services (including quotations and prior to offering a renewal). You should be aware that the results of those searches will be recorded by the credit reference agencies and that we and/or your insurer and other organisations may use those records in order to help make credit decisions about you, people financially linked to you and others in your household. Often insurance and other financial services providers will only request a credit check once you have decided on a particular supplier.
- every application you submit for a loan or credit card, however, may affect your credit score so you may wish to keep applications to a minimum to protect your credit rating.
- we/and or your insurer may run checks against the vehicle you wish to insure with us, via our chosen third party HPI. These checks may include searches for outstanding finance, write off information and whether a vehicle has been registered as stolen.
In addition, in order to prevent and detect fraud we may at any time:
- share personal information about you with other insurers or financial institutions
- pass on your personal information to the operator of any database or register used to check new information provided against existing information held to prevent fraudulent claims, including the Claims and Underwriting Exchange Register, and the Insurance Hunter Database (a central insurance and claims checking system), which may result in your details being shared with other insurers
- check your personal information with fraud prevention agencies (please note that where you have provided us with false or inaccurate information and we suspect fraud, we will record this and pass this information on to fraud prevention agencies)
- pass your details to fraud prevention agencies to prevent fraud and money laundering if false or inaccurate information is provided and fraud is identified.
- in respect of motor insurance, pass your personal information on to the Motor Insurance Anti-Fraud and Theft register (please see below for further information on this register)
Further details explaining how the information held by fraud prevention agencies may be used:
- Law enforcement agencies may access and use this information.
- We and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:
- Checking details on applications for credit and credit related or other facilities
- Managing credit and credit related accounts or facilities
- Recovering debt
- Checking details on proposals and claims for all types of insurance
- Checking details of job applicants and employees
- Please contact us if you want to receive details of the relevant fraud prevention agencies. You may contact us either by phone on 0333 321 9801 (Customer Service Helpline), by using the online form or by emailing email@example.com
- We and other organisations may access and use from other countries the information recorded by fraud prevention agencies.
- Before we provide services, goods or financing to you, we undertake checks for the purposes of
preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
The personal data you have provided, we have collected from you, or we have received from third parties will be will be used to prevent fraud and money laundering, and to verify your identity.
- Details of the personal information that will be processed, for example: name, address, date of birth, address, contact details, financial information, employment details, device identifiers including IP address and vehicle details.
- We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
- We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
- Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
Consequences of processing
- If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or to employ you, or we may stop providing existing services to you.
- A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details provided .
- Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to 'international frameworks' intended to enable secure data sharing.
- Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data; request that your personal data is erased or corrected; request access to your personal data.
- For more information or to exercise your data protection rights please, please contact us using at: firstname.lastname@example.org
- You also have a right to complain to the Information Commissioner's Office which regulates the processing of personal data.
The finance option shown to you is arranged by Hastings Direct and is the cheapest available to you from us. An alternative credit option may be available for policies underwritten by Aviva. Please email us at email@example.com for further information.
The Register is run by the Association of British Insurers. When we deal with your request for an online quote or a policy, and/or when you report a claim to us, relating to motor insurance, we may search the register. When you tell us about an incident, we will pass on information in respect of that to the register.
Your policy details will be added to the Motor Insurance Database ("MID") which has been established by the Motor Insurers' Information Centre ("MIIC") to help identify uninsured drivers, and may be searched by the police to confirm the identities of those insured to drive a vehicle and/or for preventing and detecting crime. MID data may be used by the DVLA and DVLNI for the purposes of Electronic Vehicle Licensing. It may be used by the MICC, insurers and the Motorists Insurers' Bureau to help identify relevant policy information in the event of an accident. Persons pursuing a claim in respect of a road traffic accident (including citizens of other countries) may also obtain relevant information, which is held in the MID. You can find out more about this from us, or www.mib.org.uk
From time to time, we may wish to contact you with offers relating to products and services of ours and of carefully selected third parties who provide similar products and services which we think may interest you. However, we will only use your personal information for marketing purposes where you have given prior consent for us to do so.
When you make use of our services and provide us with personal information and we would like to use that personal information for our own marketing purposes and/or pass it on to carefully selected third parties we will make a clear request on each occasion on which we wish to do so. You have the right not to give consent in respect of each and every such request, and we will always provide you with the clear option of doing so. Should you choose not to give consent to your personal information being used for our, and/or third parties', marketing purposes, we will respect your wishes.