Information Security and Privacy Policy

Information Security and Privacy Policy

Last updated: 23.05.2022 www.activeinsurance.co.uk ('Website') is provided by Anthony William Lennon, trading as Active Insurance Services

('we'/'us'/'our'). In doing so, we may be in a position to receive and process personal information relating to

you. As the controller of this information, we're providing this Privacy Notice ('Notice') to explain our approach

to personal information. This Notice forms part of our Web Site Terms Of Use, which governs the use of this

Website.

We intend only to process personal information fairly and transparently as required by data protection law

including the General Data Protection Regulation (GDPR). In particular, before obtaining information from

you (including through use of cookies) we intend to alert you to this Notice, let you know how we intend to

process the information (including through use of cookies) and (unless processing is necessary for at least

one of the 5 reasons outlined in clause 2 below) we'll only process the information if you consent to that

processing. The GDPR also defines certain 'special categories' of personal information that's considered

more sensitive. These categories require a higher level of protection, as explained below.

Of course, you may browse parts of this Website without providing any information about yourself and

without accepting cookies. In that case, it's unlikely we'll possess and process any information relating to

you.

We'll start this Notice by setting out the conditions we must satisfy before processing your data. However,

you may wish to start with this table at clause 5, which summarises what we intend to collect, or this table at

clause 9.5, which summarises our use of cookies. The Notice also explains some of the security measures

we take to protect your personal information, and tells you certain things we will or won't do. You should read

this Notice in conjunction with the Web Site Terms Of Use.

Sometimes, when you take a new service or product from us, or discuss taking a new service or product but

decide against it, we might wish to provide you with further information about similar services or products by

email or other written electronic communication. In that situation, we'll always give you the opportunity to

refuse to receive that further information and you can change your mind at any point (opt-out) by contacting

our Data Protection Officer (DPO) as set in clause 1.3. We'll endeavour to remind you of your right to opt-out

on each occasion that we provide such information.

1. Identity and contact details

1.1 Place of business: Active Insurance Services, 154 Bolton Road, Walkden, Manchester, M28 3BW

1.2 info@activeinsurance.co.uk

1.3 Our Data Protection Officer (DPO), Mr Anthony Lennon, would welcome communication from you

regarding any matter relating to data protection, and can be contacted by email at

t.lennon@activeinsurance.co.uk or by post at the address shown above at 1.2.

2. When we're allowed to collect information from you

We will only collect personal information relating to you if one of the following conditions have been

satisfied:

2.1 You have clearly told us that you are content for us to collect that information for the certain

purpose or purposes that we will have specified.

2.2 The processing is necessary for the performance a contract that we have with you.

2.3 The processing is necessary so that we can comply with the law.

2.4 The processing is necessary to protect someone's life.

2.5 The processing is necessary for performance of a task that's in the public interest.

2.6 The processing is necessary for our or another's legitimate interest - but in this case, we'll balance

those interests against your interests.

3. How to consent

3.1 At the point of collecting the information, we'll endeavour to explain how we intend to use the

information and which of these purposes apply. If we rely on consent, we'll provide you with the

opportunity to tell us that you're happy to provide the information.

3.2 If at any point in time you change your mind and decide that you don't consent, please let us know

and we'll endeavour to stop processing your information in the specified manner, or we'll delete

your data if there is no continuing reason for possessing it.

3.3 If you don't consent to a particular bit of processing, we'll endeavour to ensure that the Website

and our service continue to operate without the need for that information.

4. Sensitive information

4.1 Certain information we collect may be considered to be in a special category of personal

information. In particular, it may relate to your health.

4.2 If we do collect such information as specified in clause 4.1, we'll also ensure that one of the

additional reasons for processing outlined in Article 9 of the GDPR applies.

4.3 It's likely that we'll need to process information relating to criminal convictions or offences or

related security measures. If we do so, we'll make sure we comply with the extra conditions set

out in the GDPR and supplemented by the Data Protection Act 2018. This will normally be where

we're legally required to process such data, where you've consented or where it's clear that you've

made the information public.

5. Information we expect to collect from you

5.1 We envisage asking for the following types of information from you:

Information

type

Purpose and related details Justification

Individual details

Name, address

(including proof

of address),

other contact

details (e.g.

email and

telephone

numbers,

gender, marital

status, date and

place of birth,

nationality,

employer, job

title and

employment

history, and

family details,

including their

relationship to

you, vehicle and

property details.

• We ask for this to We collect, use and store your

personal information in order to fulfil requests for

quotes, products and services as part our

insurance broking, claims handling and risk

management business. It may also be used to

verify your identity, to administer payments and to

enable us to carry out anti-money laundering and

other financial crime checks where required. If

you pay by instalments your information may also

be used to arrange credit.

• It's necessary for the

performance of a contract with

you

Identification

details:

Identification

numbers issued

by government

bodies or

agencies,

including your

national

insurance

number,

passport

number, tax

identification

number and

driving license

number.

• We ask for this to We collect, use and store your

personal information in order to fulfil requests for

quotes, products and services as part our

insurance broking, claims handling and risk

management business. It may also be used to

verify your identity, to administer payments and to

enable us to carry out anti-money laundering and

other financial crime checks where required. If

you pay by instalments your information may also

be used to arrange credit.

• It's necessary for the

performance of a contract with

you

Financial

information:

Bank account or

payment card

details, income

or other financial

information.

• We ask for this to If you wish to pay by

instalments your information may also be used to

arrange credit.

• It's necessary for the

performance of a contract with

you

Risk details: • We ask for this to Information about you which

we need to collect in order to assess the risk to

be insured and provide a quote. This may include

data relating to your health, criminal convictions,

or other special categories of personal data. For

certain types of policy, this could also include

telematics data.

• It's necessary for the

performance of a contract with

you

Credit and antifraud data:

Credit history,

credit score,

sanctions and

criminal

offences, and

information

received from

various antifraud databases

relating to you.

• We ask for this to We collect, use and store your

personal information in order to fulfil requests for

quotes, products and services as part our

insurance broking, claims handling and risk

management business. It may also be used to

verify your identity, to administer payments and to

enable us to carry out anti-money laundering and

other financial crime checks where required. If

you pay by instalments your information may also

be used to arrange credit.

• This is in a special category of data stated at

clause 4.1

• This relates to criminal convictions, offences or

related security matters

• It's necessary for the

performance of a contract with

you

• We'll ensure that one of the

additional special category

justifications applies

• We'll only process this data if

authorised in accordance with

the GDPR for criminal matters

Previous and

current

claims:Information about previous

and current

claims,

(including other

unrelated

insurances),

which may

include data

relating to your

health, criminal

convictions, or

other special

categories of

personal data

and in some

cases,

surveillance

reports.

• We ask for this to We collect, use and store your

personal information in order to fulfil requests for

quotes, products and services as part our

insurance broking, claims handling and risk

management business. It may also be used to

verify your identity, to administer payments and to

enable us to carry out anti-money laundering and

other financial crime checks where required. If

you pay by instalments your information may also

be used to arrange credit.

• This is in a special category of data stated at

clause 4.1

• This relates to criminal convictions, offences or

related security matters

• It's necessary for the

performance of a contract with

you

• We'll ensure that one of the

additional special category

justifications applies

• We'll only process this data if

authorised in accordance with

the GDPR for criminal matters

5.2 We may collect personal information about you from a number of sources, including the following:

5.2.1 From you when you agree to take a service or product from us, in which case this may

include your contact details, date of birth, how you will pay for the product or service

and your bank details.

5.2.2 From you when you contact us with an enquiry or in response to a communication from

us, in which case, this may tell us something about how you use our services.

5.2.3 From documents that are available to the public, such as the electoral register.

5.2.4 From third parties to whom you have provided information with your consent to pass it

on to other organisations or persons - when we receive such information we will let you

know as soon as is reasonably practicable.

5.3 If you refuse to provide information requested, then if that information is necessary for a service

we provide to you we may need to stop providing that service.

5.4 At the time of collecting information, by whichever method is used, we'll endeavour to alert you

and inform you about our purposes and legal basis for processing that information, as well as

whether we intend to share the information with anyone else or send it outside of the European

Economic Area. If at any point you think we've invited you to provide information without

explaining why, feel free to object and ask for our reasons.

6. Using your personal information

6.1 Data protection, privacy and security are important to us, and we shall only use your personal

information for specified purposes and shall not keep such personal information longer than is

necessary to fulfil these purposes. The following are examples of such purposes. We have also

indicated below which GDPR justification applies, however it will depend on the circumstances of

each case. At the time of collecting we will provide further information, and you may always ask for

further information from us.

6.1.1 To help us to identify you when you contact us. This will normally be necessary for the

performance our contract.

6.1.2 To help us to identify accounts, services and/or products which you could have from us

or selected partners from time to time. We may do this by automatic means using a

scoring system, which uses the personal information you've provided and/or any

information we hold about you and personal information from third party agencies

(including credit reference agencies). We will only use your information for this purpose

if you agree to it.

6.1.3 To help us to administer and to contact you about improved administration of any

accounts, services and products we have provided before, do provide now or will or

may provide in the future. This will often be necessary, but sometimes the

improvements will not be necessary in which case we will ask whether you agree.

6.1.4 To allow us to carry out marketing analysis and customer profiling (including with

transactional information), conduct research, including creating statistical and testing

information. This will sometimes require that you consent, but will sometimes be exempt

as market research.

6.1.5 To help to prevent and detect fraud or loss. This will only be done in certain

circumstances when we consider it necessary or the law requires it.

6.1.6 To allow us to contact you by written electronic means (such as email, text or

multimedia messages) about products and services offered by us where:

6.1.6.1 these products are similar to those you have already purchased from us,

6.1.6.2 you were given the opportunity to opt out of being contacted by us at the

time your personal information was originally collected by us and at the

time of our subsequent communications with you, and

6.1.6.3 you have not opted out of us contacting you.

6.1.7 To allow us to contact you in any way (including mail, email, telephone, visit, text or

multimedia messages) about products and services offered by us and selected partners

where you have expressly consented to us doing so.

6.1.8 We may monitor and record communications with you (including phone conversations

and emails) for quality assurance and compliance.

6.1.8.1 Before doing that, we will always tell you of our intentions and of the

specific purpose in making the recording. Sometimes such recordings will

be necessary to comply with the law. Alternatively, sometimes the recording

will be necessary for our legitimate interest, but in that case we'll only

record the call if our interest outweighs yours. This will depend on all the

circumstances, in particular the importance of the information and whether

we can obtain the information another way that's less intrusive.

6.1.8.2 If we think the recording would be useful for us but that it's not necessary

we'll ask whether you consent to the recording, and will provide an option

for you to tell us that you consent. In those situations, if you don't consent,

the call will either automatically end or will not be recorded.

6.1.9 When it's required by law, we'll check your details with fraud prevention agencies. If you

provide false or inaccurate information and we suspect fraud, we intend to record this.

6.2 We will not disclose your personal information to any third party except in accordance with this

Notice, and in particular in these circumstances:

6.2.1 They will be processing the data on our behalf as a data processor (where we'll be the

data controller). In that situation, we'll always have a contract with the data processor as

set out in the GDPR. This contract provides significant restrictions as to how the data

processor operates so that you can be confident your data is protected to the same

degree as provided in this Notice.

6.2.2 Sometimes it might be necessary to share data with another data controller. Before

doing that we'll always tell you. Note that if we receive information about you from a

third party, then as soon as reasonably practicable afterwards we'll let you know; that's

required by the GDPR.

Data and who we share it with:

Software and System Providers including but not limited to:

SSP Limited

BriefYourMarket, Reapit Software, Sage, Iam-Sold

Website Hosts and analytics platform providers including but limited to:

BriefYourMarket, Google Analytics

6.2.3 Alternatively, sometimes we might consider it to be in your interest to send your

information to a third party. If that's the case, we'll always ask whether you agree before

sending.

6.3 Where you give us personal information on behalf of someone else, you confirm that you have

provided them with the information set out in this Notice and that they have not objected to such

use of their personal information.

6.4 In connection with any transaction which we enter into with you:

6.4.1 We may carry out one or more credit checks where you have given us your express

consent.

6.4.2 We may carry out one or more fraud prevention checks with licensed fraud prevention

agencies.

6.4.3 We and they may keep a record of the search. Information held about you by these

agencies may be linked to records relating to other people living at the same address

with whom you are financially linked. These records may also be taken into account in

credit and fraud prevention checks. Information from your application and payment

details of your account will be recorded with one or more of these agencies and may be

shared with other organisations to help make credit and insurance decisions about you

and members of your household with whom you are financially linked and for debt

collection and fraud prevention. This includes those who have moved house and who

have missed payments.

6.4.4 If you provide false or inaccurate information to us and we suspect fraud, we will record

this and may share it with other people and organisations. We, and other credit and

insurance organisations, may also use technology to detect and prevent fraud.

6.4.5 If you need details of those credit agencies and fraud prevention agencies from which

we obtain and with which we record information about you, please write to our Data

Protection Officer as detailed in clause 1.3.

6.4.6 We may need to transmit the payment and delivery information provided by you during

the order process for the purpose of obtaining authorisation from your bank.

6.5 We may allow other people and organisations to use personal information we hold about you in

the following circumstances:

6.5.1 If we, or substantially all of our assets, are acquired or are in the process of being

acquired by a third party, in which case personal information held by us, about our

customers, will be one of the transferred assets.

6.5.2 If we have been legitimately asked to provide information for legal or regulatory

purposes or as part of legal proceedings or prospective legal proceedings.

6.5.3 We may employ companies and individuals to perform functions on our behalf and we

may disclose your personal information to these parties for the purposes set out above,

for example, for fulfilling orders, delivering packages, sending postal mail and email,

removing repetitive information from customer lists, analysing data, providing marketing

assistance, providing search results and links (including paid listings and links) and

providing customer service. Those parties will be bound by strict contractual provisions

with us and will only have access to personal information needed to perform their

functions, and they may not use it for any other purpose. Further, they must process the

personal information in accordance with this Notice and as permitted by the GDPR.

From time to time, these other people and organisations to whom we may pass your

personal information may be outside the European Economic Area. We will take all

steps reasonably necessary to ensure that your personal information is treated securely

and in accordance with this Notice and the GDPR.

7. Protecting information

7.1 We have strict security measures to protect personal information.

7.2 We work to protect the security of your information during transmission by using Secure Sockets

Layer (SSL) software to encrypt information you input.

7.3 We reveal only the last five digits of your credit card numbers when confirming an order. Of

course, we transmit the entire credit card number to the appropriate credit card company during

order processing.

7.4 We maintain physical, electronic and procedural safeguards in connection with the collection,

storage and disclosure of personally identifiable customer information. Our security procedures

mean that we may occasionally request proof of identity before we disclose personal information

to you.

7.5 It is important for you to protect against unauthorised access to your password and to your

computer. Be sure to sign off when you finish using a shared computer.

8. The internet

8.1 If you communicate with us using the internet, we may occasionally email you about our services

and products. When you first give us personal information through the Website, we will normally

give you the opportunity to say whether you would prefer that we don't contact you by email. You

can also always send us an email (at the address set out below) at any time if you change your

mind.

8.2 Please remember that communications over the internet, such as emails and webmails

(messages sent through a website), are not secure unless they have been encrypted. Your

communications may go through a number of countries before they are delivered - this is the

nature of the internet. We cannot accept responsibility for any unauthorised access or loss of

personal information that is beyond our control.

9. Cookies and other internet tracking technology

9.1 When we provide services, we want to make them easy, useful and reliable. This sometimes

involves placing small amounts of information on your computer, which is sent back to us at a later

time. These are called 'cookies'. These cookies are listed in the table at clause 9.5. Some

websites don't use cookies but use related technology for gaining information about website users

such as JavaScript, web beacons (also known as action tags or single-pixel gifs), and other

technologies to measure the effectiveness of their ads and to personalise advertising content.

Multiple cookies may be found in a single file depending on which browser you use.

9.2 Where applicable, this section of the Notice also relates to that technology but the term 'cookie' is

used throughout.

9.3 Some of these cookies are essential to services you've requested from us, whereas others are

used to improve services for you, for example through:

9.3.1 Letting you navigate between pages efficiently

9.3.2 Enabling a service to recognise your computer so you don't have to give the same

information during one task

9.3.3 Recognising that you have already given a username and password so you don't need

to enter it for every web page requested

9.3.4 Measuring how many people are using services, so they can be made easier to use and

that there is enough capacity to ensure they are fast

9.4 To learn more about cookies, you may wish to visit: www.allaboutcookies.org,

www.youronlinechoices.eu or www.google.com/policies/technologies/cookies/

9.5 This Website uses, or allows use of, the following cookies:

Cookie name Cookie qualities Consent

needed

Utma • The utma cookie is part of Google analytics, and is primarily used

to track visits to any site that uses Google analytics. utma stores

the number of visits made from your device, the time of the first

visit, the previous visit, and the current visit.

• Category 2 - performance

• First party: we're placing the cookie

• Session

• The information will be sent to Google so that Cookies help us track

where a sale has come from.

We also use cookies in conjunction with Google Analytics and other

optimisation interfaces to track the performance of our website, we

can use the data we collect to see how useful the information we

display is and help us understand what on our website could be

improved. If you want to opt out from being tracked by Google

Analytics on all websites you can learn how to this by visiting:

http://tools.google.com/dlpage/gaoptout

Yes

9.6 The distinctions referred to in the above table are as follows:

9.6.1 First party versus third party cookies - we set first party cookies ourselves; third party

cookies are set by other entities via our Website.

9.6.2 Session versus persistent cookies - session cookies only persist for the duration of that

visit; persistent cookies last for longer

9.6.3 Identifying information removed - just because we've done this, they will still be personal

information if the relevant information can be reassembled

9.6.4 Categories 1-4 found in the ICC UK Cookie guide, as explained below. Category 1

cookies don't require the user's consent, though you must still tell them about the

cookies. Categories 2-4 do require their specific and informed consent.

Category 1 Strictly

necessary

These cookies are essential in order to enable you to move around the

website and use its features, such as accessing secure areas of the website.

Without these cookies services you have asked for, like shopping baskets or

e-billing, cannot be provided.

We include in this category cookies that are used only for electronic

communication. (The ICC doesn't refer to these cookies, but the law is the

same.)

Note that cookies for which another person is the controller will never be

necessary for a service requested of you. On the other hand, if you've asked

another person to send a cookie on your behalf for an essential feature of

your website, that would be category 1.

Category 2 Performance These cookies collect information about how visitors use a website, for

instance which pages visitors go to most often, and if they get error

messages from web pages. This information is only used to improve how a

website works.

Category 3 Functionality These cookies allow the website to remember choices you make (such as

your user name, language or the region you are in) and provide enhanced,

more personal features. For instance, a website may be able to provide you

with local weather reports or traffic news by storing in a cookie the region in

which you are currently located. These cookies can also be used to

remember changes you have made to text size, fonts and other parts of web

pages that you can customise. They may also be used to provide services

you have asked for such as a live chat session.

Category 4 Targeting and

advertising

These cookies are used to deliver adverts more relevant to you and your

interests. They are also used to limit the number of times you see an

advertisement as well as help measure the effectiveness of the advertising

campaign. They are usually placed by advertising networks with the website

operator’s permission. They remember that you have visited a website and

this information is shared with other organisations such as advertisers. Quite

often targeting or advertising cookies will be linked to site functionality

provided by the other organisation.

9.7 As with any other information we may collect from you, we'll work to protect the security of your

information during transmission by using by using Secure Sockets Layer (SSL) software to encrypt

information you input.

9.8 The Website may include links to third-party websites. We do not provide any personally

identifiable customer personal information to these third-party websites unless you've consented

in accordance with this privacy notice, however as to cookies please see above clause Cookies

and other internet tracking technology.

9.9 We exclude all liability for loss that you may incur when using these third-party websites.

10.Further information

10.1 If you would like any more information or you have any comments about this Notice, please write

to our Data Protection Officer as detailed in clause 1.3.

10.2 Please note that we may have to amend this Notice on occasion, for example if we change the

cookies that we use. If we do that, we will publish the amended version on the Website. In that

situation we will endeavour to alert you to the change, but it's also your responsibility to check

regularly to determine whether this Notice has changed.

10.3 You can ask us for a copy of this Notice by writing to the above address or by emailing us at

info@activeinsurance.co.uk. This Notice applies to personal information we hold about individuals.

It does not apply to information we hold about companies and other organisations.

10.4 If you would like access to the personal information that we hold about you, you can do this by

emailing us at info@activeinsurance.co.uk or writing to us at the address noted above. There is

not normally a fee for such a request, however if the request is unfounded, repetitive or excessive

we may request a fee or refuse to comply with your request. You can also ask us to send the

personal information we hold about you to another controller.

10.5 We aim to keep the personal information we hold about you accurate and up to date. If you tell us

that we're holding any inaccurate or incomplete personal information about you, we will promptly

amend, complete or delete it accordingly. Please email us at info@activeinsurance.co.uk or write

to us at the address above to update your personal information. You have the right to complain to

the Information Commissioner's Office if we don't do this.

10.6 You can ask us to delete the personal information that we hold about you if we relied on your

consent in holding that information or if it's no longer necessary. You can also restrict or object to

our processing of your personal information in certain circumstances. You can do this by emailing

us at info@activeinsurance.co.uk or writing to us at the address noted above.

10.7 We will tell you if there is a breach, or a likely breach, of your data protection rights.

'Just-in-time' notices

Privacy notice about necessary information

We have asked for personal information from you. This information is necessary for one of the reasons

specified in the General Data Protection Regulation.

For more information, please read our full privacy notice at https://www.activeinsurance.co.uk/privacy-policy

If you have any concerns, please contact our Data Protection Officer by email at

t.lennon@activeinsurance.co.uk or by post at the address shown above at 1.2.

----------------------------------------------

Cookie notice

This Website makes use of cookies. These cookies, which are listed below, are not strictly required for a

service you've requested from us, though we think they have the potential to enhance your experience:

- Utma: The utma cookie is part of Google analytics, and is primarily used to track visits to any site that uses

Google analytics. utma stores the number of visits made from your device, the time of the first visit, the

previous visit, and the current visit.

You have the opportunity to set your web browser to a) accept all or some cookies, b) to notify you when a

cookie is issued, or c) to receive no cookies at any time. Option c) means that this Website can't provide

personalised services and you may not be able to take full advantage of all of its features. Refer to your web

browser's 'Help' section for specific guidance on how it allows you to manage cookies and how you may

delete cookies you wish to remove from your computer.

For more information about the cookies we use and our approach to the processing of personal information,

Please read our cookie policy.