Privacy Policy
A-Plan Holdings Privacy Notice
Introduction
This privacy notice tells you what you can expect us to do with personal information we hold on you, what kinds of information we hold, how we receive it and who we receive it from. It also explains who else we may share your information with, and gives you details about your data rights and how you may use them.
This privacy notice is updated from time to time, to reflect any changes in how we use and handle personal information. If we make any significant changes we will let you know.
This version of the privacy notice was published on the 2nd September 2019.
In this version, we have reformatted our privacy notice to make it clearer and easier to navigate. This includes adding functionality to allow you to jump easily to different sections. We haven’t made any significant changes to the way we use your personal data since the previous version of our privacy notice was published.
Who does this privacy notice relate to?
This privacy notice relates to the following types of individuals, where we hold your personal information:
• Individuals who are clients, including prospective clients who have received an insurance quotation, former clients who have previously held an insurance policy with us, and client representatives, for example those with power of attorney;
• Our business/corporate clients and their employees, including prospective and former clients and client representatives;
• Visitors to our websites;
• Individuals who contact us with a query, concern or complaint;
• Individuals named on our insurance policies, such as named drivers , joint policy holders, or beneficiaries;
• Individuals who request information from us or permit us to contact them for marketing purposes;
• Third parties who make a claim against, or are subject to a claim from one of our policyholders in relation to a collision, accident or other insured event.
There are types of individuals who this privacy notice does not relate to, for example A-Plan employees and sub-contractors (including prospective and former employees and sub-contractors), employees of our current, former or prospective business partners and service suppliers, and members of the press.
If you are one of these individuals and would like further information on how we collect, use and store your data, please contact us. Our contact details are shown in the “how you can contact us” section of this notice.
A bit about us
Who we are - We are A-Plan Insurance.
• Our full company name is A-Plan Holdings
• We are registered in England under company number 00750484. Our registered office address is 2 Des Roches Square, Witney, OX28 4LE.
• We are regulated in the UK by the Financial Conduct Authority (FCA) under reference number 310164.
• We are registered with the Information Commissioner’s Office (ICO) under registration Z7199305.
We are also known by the following other trading names and brands:
| A-Plan Fleet and Commercial | Cherished Vehicle Insurance Services |
| Diversity Insurance | Donecomparing.com |
| Faith Insurance | Family Insurance Services |
| Golfplan Insurance Services | Golfplan International Golf Insurance Services |
| Golfplan International Insurance Services | Health Service Discounts |
| Home Direct | Insurance for Caravans |
| Insurance for Holiday Homes | Insurance for Homes Abroad |
| Insurance for Trailer Tents | Maserati Insurance Services |
| Motor Direct | Motorhome Direct |
| Oliver & Sanders | Personal Insurance Partners |
| Pol Plan | Sheltons |
| TR Register Insurance Services | Trust a Trader Insurance |
| Whitehouse | |
A few definitions
To be clear on what we mean in this privacy notice:
• “we” and “us” means A-Plan Insurance.
• “the A-Plan Group” means A-Plan Group Limited and any company or organisation in which A-Plan Group Limited holds significant share capital – you can find out more about the companies in our group by visiting aplangroup.co.uk;
• “third-party” means someone who isn’t you, us or the A-Plan Group.
How you can contact us
We take data privacy seriously and your opinion matters to us. If you have any questions about this policy or how we use your information you can contact us in the following ways:
In branch: You can find your nearest A-Plan branch by using our branch locator tool available here.
By e-mail: privacy@aplan.co.uk
By telephone: 01993 893311
By post: A-Plan Insurance, 2 Des Roches Square, Witney, OX28 4LE.
Our Data Protection Officer
A-Plan Insurance’s Data Protection Officer is Jonathan Cumpstey. He can be contacted in the following ways:
By e-mail: dpo@aplan.co.uk
By post: FAO The Data Protection Officer, A-Plan Insurance, 2 Des Roches Square, Witney, OX28 4LE.
What information we collect and how we use it
We collect your information and use it in different ways depending on your relationship with us and how you have interacted with us. This can include information we share with or receive from other third parties.
The lawful ways we use your data
We use your information for the following lawful reasons:
• To enter into or perform a contract; for example to provide you with an insurance quotation, to start, change or cancel an insurance policy, to manage any claims which arise, to answer any queries you may have, action your requests or perform any debt recovery.
• To comply with a legal obligation; for example the rules set by our regulator the Financial Conduct Authority (FCA), to fulfil your data rights under data privacy laws, handle complaints about data privacy or our financial products and services and to comply with other legal requirements;
• For our legitimate business interests; for example to detect and prevent fraud, money laundering and other financial crimes, monitor and improve our business and our products and services, demonstrate compliance with applicable laws and regulations, handle legal claims, respond to other types of complaint not previously mentioned, and some marketing activities. Where we rely on this lawful reason, we assess our business needs to ensure they are proportionate and do not affect your rights. In some instances, you also have the right to object to this kind of use. For more information, visit the “Your data rights” section of this notice.
• With your consent; for example when you ask us to provide you with information or permit us to contact you for marketing purposes. You can withdraw your consent at any time, for more information please visit the “Your data rights” section of this notice.
• To protect vital interests: in extreme or unusual circumstances, we may need to use your information to protect your life or the lives of others.
When we collect your personal data
We collect personal data from you when:
• You request an insurance quotation from us, either directly or via a third-party price comparison website when they have permission to share your information with us;
• When you are named on the insurance policy of another individual, for example as a named driver on a vehicle insurance policy, a joint policy holder, or a beneficiary;
• You purchase, change or cancel an insurance policy;
• We need to manage a claim made against your policy or that you bring against one of our policyholders;
• You contact us to request information or to make a complaint;
• You visit our website or the websites of other A-Plan Group companies;
• You take part in a competition, prize draw or survey;
• You visit one of our stands and give us your information, for example at a show or trade fair;
• You have given permission to other companies to share your information with us;
• You have made your information publically available, and we have a legitimate reason to review it.
We also collect your information from other third-party sources where we have legal grounds to do so. These include anti-fraud and crime-prevention agencies, credit reference and vetting agencies, and other data providers.
We use cookies (small text files stored in your web browser) and other techniques to monitor how you use our website. For more information on what these are and how to opt out of these, please see our Cookies Notice.
What information we use and hold about you
Depending on your relationship with us, we may hold the following types of information about you:
Identity and contact data: for example, your name, date of birth, postal address, telephone number and e-mail address.
Payment and account data: for example, your bank account details, credit/debit card details and information about your purchases with us, including any payment plans or arrears.
Location data: For example, your postal or IP address, the location of any insured property, and in the event of a claim, where the collision, theft or other incident occurred.
Correspondence data: for example, copies of letters and e-mails we send you or you send to us, and notes or call recordings of any telephone conversations.
Internet data: for example, information collected by cookies and other online technologies such as Facebook pixels and Google Analytics, as you use our website or contact us by online methods.
You can find more information about the information we collect using cookies and other technologies in our Cookies Notice.
Information we obtain from other sources; including credit agencies, anti-fraud and other financial crime prevention agencies, price comparison websites, and other data providers. This can include demographic data and interest-based data.
Complaint data: for example, what the complaint was, how we investigated it and how we resolved it, including any contact with the Financial Ombudsman Service or other third party adjudicator services.
Some of our processes combine different sets of information we hold. This can include combining different data sets we have about you, or combining your information with that of other individuals.
Sensitive personal data
Some of the information we collect about you may be sensitive, for example data relating to your health and any medical conditions, or data relating to criminal convictions. We only collect this information where it is relevant to do so, such as:
• When it is relevant to the type of insurance you are enquiring about, have purchased, previously held or that you have been named on;
• When it is relevant to a claim you have made or that someone else has made against you;
• Where it is relevant to a complaint or issue you have raised with us, and;
• To arrange alternate forms of correspondence for you, such as Braille, audio format or Touch-Type services.
Certain types of information are known as “special categories” under data protection law, and receive additional protection due to their sensitivity, for example information that reveals your race or ethnicity, your political views or your religious beliefs. We only use these types of data with your explicit consent, or to protect your vital interests or when it is necessary to meet a lawful purpose under the current legislation.
Who we share your information with
Where applicable, we share your personal information with the following types of third parties when we have a valid reason to do so;
• Other companies in the A-Plan Group;
• Business partners, brokers, intermediaries, suppliers and agents involved in delivering products and services to you, including additional products purchased alongside your insurance policy such as breakdown cover or legal expenses cover;
• Price comparison websites and other similar companies who offer ways to research and apply for financial products and services;
• Credit reference, credit scoring and fraud prevention agencies;
• Debt collection agencies;
• Law enforcement, government bodies, regulatory organisations, courts and public authorities, for example the Financial Conduct Authority (FCA), The Financial Ombudsman Service, The Information Commissioner’s Office (ICO) and HMRC;
• Our panel of insurers and, where necessary, other insurers and those acting on their behalf, for example loss adjusters, solicitors and claims experts;
• Centralised insurance databases such as the Claims and Underwriting Exchange (CUE), the DVLA/DVA (NI), the Insurance Fraud Bureau (IFB) and the Motor Insurance Database (MID);
• Media agencies and other marketing organisations that we advertise with or conduct marketing activities through;
• A third party where disclosure is required to comply with legal or regulatory requirements;
• Personal representatives appointed by you to act on your behalf, or those appointed to represent a third-party claimant.
Transferring data internationally
Data protection law places restrictions on transferring personal data outside of the European Economic Area (EEA). The EEA consists of the member countries of the European Union (EU), along with Iceland, Liechtenstein, Norway and Switzerland, and who are all considered to have appropriate data protection laws to safeguard your privacy and protect your rights.
We may need to transfer information to our service suppliers in countries outside the EEA. If we do, we will ensure that your information is properly protected. If the laws of the country where our supplier is based are not considered equivalent to those in the EU, we will ensure that the service supplier enters into a formal legal agreement that reflects the standards required.
Retaining and destroying data
We retain information about you and the products you purchase to meet a number of legal and regulatory requirements, as well as our own legitimate business interests. For the period we retain your information, it is held securely by us or by third-party service suppliers contracted to store it on our behalf.
Our retention policy gives further information on the types of information we retain, how long we hold it for and why we hold it. You can request a copy by contacting us on the details shown in the “how you can contact us” section of this notice.
Automated decision-making and profiling
We use the information you provide to build a profile of you. We use this to assess whether we are able to offer you an insurance product and to determine the specifics of an insurance policy, for example the premium you pay and the compulsory excess for any claim. Much of the use of your data is done by “automated means” (done by computer without significant intervention by human beings), and this includes some of the decisions we make using your information, for example whether we can offer you insurance cover, the premium you pay and the terms of the policy.
You have rights in relation to automated decision-making and profiling. See the “your data rights” section of this notice for more information.
Obligation to provide information
Where we collect information from you in relation to insurance products and services, you are under a legal duty to give us information.
If you are a personal client – that is, someone buying insurance which is wholly or largely unrelated to their profession, you are under a legal duty to answer all questions we ask fully and honestly, to the best of your knowledge. This is known as a “duty to take reasonable care not to make a misrepresentation”, and is a requirement of the Consumer Insurance (Disclosure & Representations) Act 2012.
Business and commercial clients are under similar duty, known as “fair presentation”. This means that, in addition to answering our questions fully and honestly, you must also make reasonable searches for and disclose any significant or material facts which are relevant to the insurance being arranged. This includes reasonable searches of information available to other interested parties, such as agents and other people or organisations covered by the insurance, and is a requirement of the Insurance Act 2015.
We will provide you with further information on these legal duties, including which duty is applicable to you, when we arrange your insurance.
Failing to answer all questions asked fully and honestly, and failing to make reasonable searches or disclose material facts relevant to the insurance policy if you are a business client, may lead to a higher premium being payable, special terms or a higher excess being imposed, or the policy being cancelled or voided.
Your data rights
Data protection law gives you rights relating to your personal information. This section gives you an overview of these and how they relate to the information you give us.
The UK supervisory authority for data rights, the Information Commissioner’s Office (ICO), has also published detailed information about your rights on their website: www.ico.org.uk.
Your right to access
You have a right to request copies of the personal information we hold on you, along with meaningful information on how it is used and who we share it with.
This right always applies, but there are some instances where we may not be able to provide you with all the information we hold. If this is the case, we will confirm why we are unable to provide it – unless there is a valid legal reason that means we cannot let you know why.
Your right to rectification
If information we hold is inaccurate or incomplete, and this has an impact on the way we are using your data, you have the right to have any inaccuracies corrected and for any incomplete data to be completed.
If you ask us to rectify your information, we will either confirm to you that this has been done, or if there is a valid reason that this cannot be done, we will let you know why.
Your right to erasure (the right to “be forgotten”)
You have the right to request that your personal information is erased in certain circumstances.
If you ask us to erase your information, we will either confirm to you that this has been done, or if we are unable to delete it, let you know why and also inform you how long we will hold it for. For more information, see the “retaining and destroying data” section of this notice.
Your right to restrict processing
You can ask us to restrict the use of your information in certain circumstances.
If you ask us to restrict your information, we will either confirm to you that this has been done, or if we are unable to restrict it, we will inform you why.
Your right to object to direct marketing
You can object to receiving direct marketing from us.
If you do so, we will ensure that you do not receive such material going forward, unless you change your mind and specifically request it in the future.
Your right to object to automated decision-making
You can object to decisions made about you using your information and undertaken by purely automated means.
If you do so, we will arrange for someone to assess the automated decision and confirm the outcome of this assessment to you.
Your right to challenge our legitimate interests
You can challenge the use of your personal data where we use a legitimate business interest as a lawful basis to process your information. You can find more information on when we use this lawful basis in the “lawful ways we use your data” section of this notice.
If you do so, we will either confirm to you that the processing has stopped, or there is a valid reason for the processing to continue, we will inform you why.
Your right to object to the use of your information for statistical purposes
You can object to us using your information for statistical purposes in some instances.
If you do so, we will either confirm to you that the processing has stopped, or there is a valid reason for the processing to continue, we will inform you why.
Your right to data portability
In certain circumstances, you have the right to request that your information be compiled into a common, machine readable format and either provided directly to you or sent by us to a third-party you nominate.
If you request this, we will either act upon your instruction and confirm to you that we have done so, or if there is a valid reason that this cannot be done, we will tell you why.
Your right to complain
If you are unhappy with how we have used your data or if you believe we have failed to fulfil your data rights, you have the right to complain to us, and can contact us to raise your concerns using the details shown in the “how you can contact us” section of this notice.
If you remain unhappy with our response you may raise a complaint with a supervisory authority responsible for data protection and privacy.
In the UK, the supervisory authority is the Information Commissioner’s Office (ICO), who can be contacted using the following details:
By e-mail: casework@ico.org.uk
By telephone: 0303 123 1113
By post: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.
Exercising your data rights
You can exercise any of your data rights by contacting us using the information in the “how you can contact us” section of this notice and telling us which right or rights you would like to exercise.
Cookie Policy
Visitors to our websites
When someone visits our site we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We collect this information in a way which does not identify anyone. We will not associate any data gathered from this site with any personally identifying information from any source. We will make it clear when we collect personal information and will explain what we intend to do with it.
Our use of cookies
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
The table below explains the cookies we use and why:
Cookie list
mbs_session
Names: mbs_session
Purpose: Stores a randomly generated unique reference which allows our web applications to identify visitors. This ensures continuity between each page requested during your visit.
________________________________________
XSRF-TOKEN
Names: XSRF-TOKEN
Purpose: This cookie is written to help with site security in preventing Cross-Site Request Forgery attacks.
_______________________________________
MBSID
Names: MBSID
Purpose: Load balancer sticky session cookie used for server workloads.
_______________________________________
cookieconsent_status
Names: cookieconsent_status
Purpose: This is set automatically after the cookie banner has been viewed, and the banner will not reappear unless the cookie is deleted.
________________________________________
Bing Ads
Names: _SS, _EDGE_S, SRCHUSR, SRCHUID, SRCHD, MUIDB, MUID
Purpose: We use Bing Ads to promote our business online. A cookie records the completion of your transaction. The cookie collects information in an anonymous form.
More info: Microsoft Bing Ads Privacy Policy.
________________________________________
Google Analytics
Names: _gid, _gat_UA-2783041-5, _ga
Purpose: These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
More info: Google’s privacy and security overview.
________________________________________
Google Remarketing
Purpose: Google uses these cookies to show relevant adverts to users who have previously visited our website, as they browse other websites.
More info: Edit your Google Ad Settings.
________________________________________
Facebook
Purpose: Cookies and pixels are used to understand and deliver ads and make them more relevant to you.
More info: We may also use a cookie to learn whether someone who saw an ad on Facebook later visited our website.
________________________________________
Olark
Names: wcsid, hblid, olfsk, _ok, _oklv, _okbk, _okgid, omp__super__properties
Purpose: Olark provides the chat window you can see in the bottom right of the screen. They use various cookies to track what page you are currently viewing and to manage page loading resources.
More info: http://www.olark.com/tos
________________________________________
Online form cookie
Names: ASP.NET_SessionId
Purpose: This cookie is essential for our online forms. This cookie is deleted when you close your browser.
More info: Microsoft’ overview of session IDs
________________________________________
Introducer tracking cookie
Names: introducer
Purpose: This cookie is used to measure the source of some visitors.
________________________________________
Mouseflow
Names: mf_[session], mf_user
Purpose: These cookies are used to measure the activity of some visitors.
More info: http://help.mouseflow.com/knowledge_base/topics/what-is-your-cookie-policy
________________________________________
Reviews cookie
Names: _cfduid
Purpose: These cookies are used when displaying reviews on our site from reviews.co.uk
More info: https://www.reviews.co.uk/front/privacypolicy
________________________________________
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
To opt out of being tracked by Google Analytics across all websites visit tools.google.com/dlpage/gaoptout.
Service Activity Logging
Our application has the capability to monitor your actions while using our service. We use this information to understand the use of our services, to diagnose problems and enhance the features and functionality of our service.
Exceptions
Except as described above, we will not otherwise use or disclose any personally identifiable client information, except to the extent reasonably necessary: –
• To correct technical problems and to technically process your information
• To protect the security and integrity of the web site and our service
• To protect our rights and property and the rights and property of others
• To take precautions against liability
• To respond to claims that your information violates the rights or interests of third parties
• To the extent required by law or to respond to judicial process or
• To the extent permitted under other provisions of law, to provide information to law enforcement agencies or for an investigation on a matter related to public safety, as applicable
You understand and agree that technical processing of your information is and may be required (a) to send and receive messages in your use of the Service; (b) to conform to the technical requirements of connecting networks; (c) to conform to the limitations of our Service; and (d) to conform to other, similar technical requirements.