Autonetic Insurance and Pension Services Limited “AIPS” treats the privacy of its customers and website users very seriously and we take appropriate security measures to safeguard your privacy. This Policy explains how we protect and manage any personal data* you share with us and that we hold about you, including how we collect, process, protect and share data.
*Personal data means any information that may be used to identify an individual, including, but not limited to, a first name, a home address or other physical address and an email address or other contact information, whether at work or at home.
Such information will be held not only in respect of personal clients but may also be held on persons employed, contracted or associated to commercial customers, where such data has been provided by the commercial customer to assist with the placement or provision of insurance services or for any lawful business purpose of this Company.
When personal data of individuals is provided by you or your Company, in your capacity for example as an employer or principle, each party shall be deemed to be processors of such personal data and neither party will act as a data processor for the other party. It is the relevant parties’ responsibility to ensure their processing of Personal Data complies with Data Protection Legislation.
How We Obtain Your Personal Data
You provide us with personal data either by using on-line proposal / enquiry forms, by telephone, or in person. This may include name, address, date of birth, email address and Direct Debit mandate instructions. We use this information to arrange and administer appropriate insurance contracts and other related services, including the administration of any claims.
We may also keep information contained in any correspondence you may have with us by post or by email. We also record telephone conversations.
We may obtain sensitive medical information directly from you purely to assist with handling and settlement of insurance claims or for the arrangement or performance of an insurance contract. If we do not receive the information from you then we may not be able to assist in claims or arranging appropriate insurance cover.
Information We Get From Other Sources
We only obtain information from third parties if this is permitted by law. We may also use legal public sources to obtain information about you, for example, to verify your identity.
How We Use Your Personal Data
We use your personal data to manage and administer your insurance arrangements and claims issues. We also act as a processor regarding the processing of your data to relevant insurance company computer systems, including Direct debit instructions. We undertake always to protect your personal data, including any health and financial details, in a manner which is consistent with our duty of professional confidence and ethics and the requirements of the General Data Protection Regulations (GDPR), concerning data protection. We also take reasonable security measures to protect your personal data and storage.
Do We Use Your Personal Data for Marketing Purposes?
Any information that you choose to give us will not be used for marketing purposes by us. We will hold your personal data only for the purposes of arranging, re-negotiating, administering and managing your insurance programme.
Our role as your broker, however, includes a duty to advise you on appropriate products and services which may be available, either now or in the future, which in our professional opinion we feel would enhance and strengthen your insurance protection. We shall use the information we hold to ensure we only provide you with such products and services relevant to you.
We will keep information about you confidential and we will only share your information with partner insurers and suppliers with whom we hold current Terms of Business Agreements which include similar privacy standards to those adopted by the Company. Information will be provided to Third Parties only with your express consent except for the following categories:
- Insurance companies, loss assessors, regulatory authorities and other fraud prevention agencies for the purposes of fraud prevention and to comply with any legal and regulatory issues and disclosure;
- Any mailing or printing agents, contractors and advisors that provide a service to us or act as our agents on the understanding that they keep the information confidential;
- Anyone to whom we may transfer our rights and duties under any agreement we have with you;
- Any legal or crime prevention agencies and/or satisfy any regulatory (including recognized professional bodies) if we have a duty to do so or the law allows us to do so.
We do not currently transfer your personal data outside the European Economic Area (EEA). If in future we transfer your personal data, in accordance with this Policy outside the EEA, we will make sure that the receiver agrees to provide the same or similar protection as we do and that they only use your personal data in accordance with our instructions.
How Long Do We Keep This Information About You?
The Company needs to ensure that we retain and store records in order to:
- Comply with any regulatory requirements, audit requirements or contractual obligations,
- Defend or provide evidence in any pending or actual dispute, litigation or complaint, or to assist you with any claims
- Provide information and answer queries or complaints from regulators or customers
- Discard records* that are no longer needed at an appropriate time in accordance with our legal obligations.
The retention periods are reviewed as part of our data security following the introduction of (GDPR).
*Records, for the purposes of this notice shall mean information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business.
Subject access requests
The General Data Protection Regulation (GDPR) grants you (hereinafter referred to as the “data subject”) the right to access particular personal data that we hold about you. This is referred to as a subject access request. We shall respond promptly, and certainly within one month from the point of receiving the request and all necessary information from you. Our formal response shall include details of the personal data we hold about you, including the following:
- sources from which we acquired the information;
- the purposes for processing the information; and
- persons or entities with whom we are sharing the information.
Right to rectification
You, the data subject, shall have the right to obtain from us, without undue delay, the rectification of inaccurate personal data we hold concerning you. Considering the purposes of the processing, you, the data subject, shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure
You, the data subject shall have the right to obtain from us the erasure of personal data concerning you without undue delay.
Right to restriction of processing
Subject to exemptions, you, the data subject, shall have the right to obtain from us restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by you, the data subject, and is restricted until the accuracy of the data has been verified;
- the processing is unlawful and you, the data subject, oppose the erasure of the personal data and instead request the restriction in its use;
- we no longer need the personal data for the purposes of processing, but it is required by you, the data subject, for the establishment, exercise or defense of legal claims;
- you, the data subject, have objected to processing of your personal data pending the verification of whether there are legitimate grounds for us to override these objections.
Notification obligation regarding rectification or erasure of personal data or restriction of processing
We shall communicate any rectification or erasure of personal data or restriction of processing as described above to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall provide you, the data subject, with information about those recipients if you request it.
Right to data portability
You, the data subject, shall have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller, without hindrance from us.
Right to object
You, the data subject, shall have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, including any personal profiling; unless this relates to processing that is necessary for the performance of a task carried out in the public interest or an
of official authority vested in us. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of you, the data subject, or for the establishment, exercise or defense of legal claims.
Right to not be subject to decisions based solely on automated processing
We do not carry out any automated processing, which may lead to an automated decision based on your personal data. However, insurers may use such systems, to which we are required to submit your data in order to obtain quotations.
Invoking Your Rights
If you would like to invoke any of the above data subject rights with us, please write to the Data Protection Officer at AIPS, 363 Nottingham Road, Mansfield, Nottinghamshire, NG18 4SG or email to: firstname.lastname@example.org
Accuracy of information
To provide the highest level of customer service possible, we need to keep accurate personal data about you. We take reasonable steps to ensure the accuracy of any personal data or sensitive information we obtain. We ensure that the source of any personal data or sensitive information is clear, and we carefully consider any challenges to the accuracy of the information. We also consider when it is necessary to update the information, such as name or address changes and you can help us by informing us of these changes when they occur.
Questions and queries
Our Trusted Partners