Insurance involves the use and disclosure of your personal data by various insurance market participants such as intermediaries, insurers and reinsurers.
Who do we collect personal information about
- Prospective and existing policyholders and beneficiaries
- Third parties or individuals who will act on behalf of a policyholder such as a power of attorney, solicitor or family member
- Third party claimants
- Users of our claims portal
- Visitors to our website
- Individuals with whom we do business such as brokers and third party suppliers
How we collect your Personal Information
We collect your Personal Information from:
- you (e.g. via your application or claim form, correspondence with us including telephone calls (please note that telephone calls are recorded) and emails and via your use of our claims portal);
- third parties such as witnesses and medical professionals;
- the policyholder (where you are a third party such as a beneficiary);
- financial crime and fraud detection agencies and third parties we use to carry out credit checks;
- other companies in the Lighthouse Group;
- other third parties involved in your insurance policy or claim such as brokers, claims handlers, investigators, loss adjusters;
- publically available sources (for example, searches using google, public registers and social media);
- any third parties in the event of a sale, merger, reorganisation, transfer or dissolution of our business; and
- your use of our website (e.g. our web servers collect the name of the domain you used to access the internet, such as "aol.com" or "yahoo.com," and the website you came from and visit next).
Types of Personal Information that we collect
Depending on your relationship with us, Personal Information that we collect may include:
- General identification and contact information such as your name, address and other contact details and date of birth;
- ID documents such as passport/driving licence;
- Any information relevant to your insurance policy such as lifestyle, income and employment status;
- Job information where it relates to a claim made on a policy, for example where the policyholder can’t make repayments due to unemployment;
- Information relevant to any claims made;
- Details about family such as dependents or spouses;
- Information which is available publically;
- Financial information such as your bank account details and credit history;
- Your marketing preferences as you advise us;
If relevant, we will also collect "special category data" which is Personal Information relating health, genetic or biometric data, criminal convictions, For example:
- Medical information such as your current health status, the details of any injuries or disabilities and medical history because it is relevant to your insurance policy or claims.
- Your religious beliefs where you disclose it to us (for example if it relates to any medical treatment you are having).
- Criminal convictions data where we carry out anti money laundering and fraud checks.
How and why we use your Personal Information
We use your Personal Information to:
- Assess and process your insurance application;
- Administer a policy;
- Process any claims you may make;
- Send you information regarding your policy;
- Provide improved quality, training and security;
- Carry out market research;
- Comply with applicable laws and regulatory obligations;
- Establish and defend legal rights;
- Prevent, detect and investigate crime, including fraud;
- To carry out fraud, credit and anti-money laundering checks;
- To conduct sanction checks;
- For business purposes such as management information, internal audit, reviewing products, systems development, accounting records, responding to enquiries, maintaining records of communications, enforcing compliance with our terms and providing quality training and security
- To handle complaints.
We collect, use and disclose your Personal Information for the purposes set out above. For each purpose, we must have a legal ground to use your Personal Information.
When we process your Personal Information we will rely on the following legal grounds:
- Such use is necessary to enter into or perform your contract of insurance. We rely on this legal ground in order to assess and process your application, administer a policy, handle claims and provide insurance services.
- We have a legitimate interest which is not overridden by your rights or interests. We rely on this legal ground to manage our business; where you are a named party under a policy - to assess and process the application, administer the policy and handle claims and provide insurance services; respond to enquiries; maintain records of communications; enforce compliance with our terms.
- Such use is necessary to comply with our legal obligations. We rely on this legal ground to prevent, detect and investigate crime, including fraud and to comply with applicable laws and regulatory obligation (for example where our regulator or law enforcement authorities require us to do something such as keeping records of our dealings with you and to conduct sanctions checking).
- We have obtained your consent. We rely on this legal ground for any direct marketing communications.
When we process your 'special category data' we must have an additional legal ground. We will rely on the following legal grounds:
- Such use is necessary for an insurance purpose. We rely on this legal ground in order to advise and arrange your contract of insurance, assess and process your insurance application, administer your policy and handle claims under an insurance policy.
- We need to establish, exercise or defend our legal rights. We rely on this legal ground in order to handle complaints, to prevent, detect and investigate crime, including fraud or to comply with applicable laws and regulatory obligations.
- It is in the substantial public interest to comply with regulatory requirements relating to unlawful acts and dishonesty. We rely on this legal ground in order to comply with applicable laws and regulatory obligations for example where our regulator or law enforcement authorities require us to do something or to keep records of our dealings with you and to prevent, detect and investigate crime.
- It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud). We rely on this legal ground to prevent, detect and investigate crime, including fraud and to comply with applicable laws and regulatory obligations for example where our regulator or law enforcement authorities require us to do something or to keep records of our dealings with you.
- We have your explicit consent.
We will not share your Personal Information with any third parties for any purpose other than those described above. For example, we will not sell Personal Information to third parties that may wish to market their products and services to you.
Sharing your Personal Information
We may disclose Personal Information we collect to other organisations as detailed below. The organisations to whom we disclose Personal Information are obligated to use such information only for the purposes stated above. Disclosures may be made to the following third parties: s
- Third parties involved in the administration of a policy such as our reinsurer or brokers.
- Third parties who brand and sell our insurance policies.
- Third party administrators who we use to assist with the administration of a claim such as claims handlers, loss adjustors and independent medical advisers.
- Third parties who provide sanctions checking services, anti-fraud and credit checks.
- Financial crime and fraud detection agencies.
- Our group companies.
- Other insurers, regulators and industry/public bodies.
- Any third parties in the event of a sale, merger, reorganisation, transfer or dissolution of the business.
- entering into contractual obligations with the party we are transferring your Personal Information to;
- transferring to countries which have been deemed 'adequate' by data protection authorities; or
- complying with 'binding corporate rules' which are a set of rules approved by the Information Commissioner's Office which allow Lighthouse group companies to transfer Personal Information between themselves.
- Obtain a copy of the Personal Information we hold about you, together with other information about how we process it;
- Request rectification of inaccurate or incomplete Personal Information, and, in some circumstances, to request us to erase or restrict our use of it, or otherwise to object to our processing of your Personal Information for direct marketing purposes;
- Receive a copy or have a copy transmitted to another company (portability of data) (in a machine-readable format) of Personal Information which you have provided to us;
- Make a complaint about how we handle your data to the Information Commissioner's Office. Please visit www.ico.org.uk for further information about how to do this.
- Withdraw any consent which you have given relating to use of your Personal Information, at any time. This includes consents to receiving direct marketing communications.
Disclosure of your Personal Information to the parties listed above, may involve the transfer of such information to other countries, including those outside of the EEA (see section “International transfers of Personal Information” below).
Security of collected information
E-mail communications outside of our website may not be protected. If you are sending us an e-mail communication that includes highly confidential information, such as a credit card number, you may want to call us or send it by registered post.
We have deployed an adequate procedure to identify and communicate any incident of data breach within 72 hours and to resolve it within a reasonable period of time.
Retention of Personal Information
We undertake to keep your Personal Information safe, confidential, accurate and efficient for the relevant usage duration period.
At the end of the retention period, your Personal Information will be anonymized or destroyed.
International transfers of Personal Information
Third party websites
We are not responsible for the content, security or information collection practices of any third party websites, including those that you link to from our website. You should carefully review the privacy policies of each web site you visit to understand how they collect, use, and disclose information.
Your legal rights
In accordance with data protection laws, you have a right to:
Note that there are certain limitations and exemptions to these rights which we may apply depending on the circumstances.
To exercise any of these rights, please contact us using the details set out in the 'contacting us' section.
Changes to this Policy