Your privacy is important and we go to great lengths to protect it. This privacy notice tells you about the personal data we hold about you and explains how we collect, use and share your details. It also tells you about your rights under data protection laws.
Some of the personal information we collect is for vehicle insurance only, so you won’t be asked for all of the information detailed here if you’re applying for home insurance.
Here at Hastings Group Holdings Ltd, we'll always treat your personal data with respect and our products and services are designed with your privacy in mind. Hastings Group Holdings limited consists of the data controllers Hastings Insurance Services Ltd and Advantage Insurance Company Ltd. View the Advantage privacy notice..
This privacy notice relates to Hastings Insurance Services Limited (also referred to as 'Hastings Direct', 'we', 'us' or 'our') and our registered office is at Conquest House, Collington Avenue, Bexhill-on-Sea, East Sussex, TN39 3LW. Our ICO registration number is Z7677970.
This is information relating to you as an individual that's linked to your name or any other way you can be identified, such as your driving licence number or your insurance policy number.
Certain types of personal information are considered to be special categories of information, due to their more sensitive nature. Sometimes we'll ask for (or obtain) special categories of information because it's relevant to your insurance policy or claim. For example, to assess risk correctly, we'll ask you about previous motoring convictions. This privacy notice highlights where we're likely to obtain special categories of information and the grounds on which we process this data. We'll only process special categories of information if they're relevant e.g. information about your health and criminal convictions.
The personal information we collect will depend on our relationship with you. We've included a number of sections below – simply read those which most apply to your relationship with us.
If you give us personal information about other people you must make sure they are aware of this privacy policy. You must also get their consent where we've indicated we'll need it.
This section shows what personal information we collect and use about you if you're:
* Both of these include any quotes obtained from price comparison websites (PCWs). Please note that when you use a PCW to obtain a quote, not only do they retain your personal information, they also pass that information to us so we can offer you Insurance. In many cases, the PCW may also automatically offer you a new quotation on the anniversary of the existing one (see their privacy notice for more details).
3.1.1 The personal information we'll collect and where we'll collect it from
The following information will be collected from you (or anyone applying for a policy on your behalf) online or by phone if relevant to the insurance policy:
We use external sources to supplement and verify the information above. We also use them to provide the following new information, to help us understand you as a customer:
Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud, money laundering and to verify your identity. We use external sources to supplement and verify the information above, and to provide the following new information:
The external sources that provide us with information about you include:
Under our User Agreement with the Motor Insurance Bureau, our individual customer representatives don't have access to the data returned by a driving licence number search (DLN) and won't be able to discuss issues relating to your DLN with you. In these cases, we suggest you check the information associated with your DLN is correct at www.gov.uk/view-driving-licence.
Also, if you provide us with a DVLA check code for a named driver on your policy, it is your responsibility to ensure that you have their permission.
3.1.2 What we use your personal information for
We may process your personal information for a number of different purposes. We must have a legal ground for each purpose and we'll rely on the following grounds:
We must have an additional legal ground for processing special categories of information. We'll rely on the following:
See the table below. Where we've used the acronym PH this refers to the policyholder of any insurance product. In the case of vehicle insurance, ND refers to any named driver on the quote and TPP (third party payer) to a person who is just responsible for paying for the policy, and TP (third party) to a person who isn't insured by Hastings Direct but may have had an accident with our policyholder, or is acting on behalf of a policyholder.
Type of processing | Grounds for using personal information | Grounds for special categories |
---|---|---|
To assess your insurance application and provide a quote (or a quote you're named in) |
|
|
To verify your identity or carry out fraud, credit and anti-money laundering checks for an insurance application or to provide a quote (or a quote you're named in) |
|
|
To set up your insurance policy (or a policy you're covered on) |
|
|
To set up a loan or monthly payment plan |
|
|
To communicate with you to manage queries and resolve any complaints you might have |
|
|
To comply with our legal or regulatory obligations |
|
|
To make sure we consider any customers who may be in a vulnerable circumstance |
|
|
To manage any claims you make under your insurance policy (or a policy you're covered on) |
|
|
When involved in an accident with a Hastings customer we search prior quote data for enhancement of the third party's contact details (for example, to locate missing telephone numbers). |
|
|
Using driving data to monitor driving practices |
|
|
To assist in risk modelling and renewal pricing of products |
|
|
To prevent and investigate fraud on an ongoing basis |
|
|
For debt collection purposes |
|
|
To provide improved quality, training and security (e.g. through recorded or monitored phone calls to/from us, or customer satisfaction surveys) |
|
|
Managing our business operations (e.g. keeping accounting records, analysing financial results, meeting audit requirements, receiving professional advice, and holding our own insurance) |
|
|
For insurance administration purposes including trend analysis, actuarial work, pricing analysis, analysis of customer experience, planning service delivery, risk assessment, and costs and charges |
|
|
To send you marketing materials about our products and services (with your permission) |
|
|
3.1.3 Who we'll share your personal information with
We'll share personal information within Hastings Group Holdings and/or the following third parties, for the purposes laid out in the table above:
Sharing of motor vehicle driving data: Once you've taken a driving policy where collecting your driving behaviour is part of the contract and you've activated the device, it will record and provide us with data about your driving style. It will collect a wide range of driving data such as date, time, location, speed, acceleration, cornering and braking. If the device is an app on a mobile it will also record mobile phone use. It won't record details about the actual use but the fact that it has been used.
For these types of products we'll share driving data only in the following circumstances:
3.2.1 What personal information we'll collect and where we'll collect it from
We'll collect the following personal information from you, or from our customer if details were exchanged at the time of the accident, where relevant to your claim:
We use external sources to supplement and verify the information above and also to provide the following new information:
The external sources that provide us with information about you include:
3.2.2 What we'll use your personal information for
We may process your personal information for a number of different purposes. We must have a legal ground for each purpose and we'll rely on the following grounds:
For special categories of information, we must have an additional legal ground for processing. We'll rely on the following:
Here's how we use your personal information and the legal grounds we rely on:
Type of processing | Grounds for using personal information | Grounds for special categories |
---|---|---|
To manage claims |
|
|
To verify your identity, prevent and investigate fraud |
|
|
To comply with our legal or regulatory obligations |
|
|
To communicate with you in any way and/or resolve any complaints you might have |
|
|
To provide improved quality, training and security (e.g. through recorded or monitored phone calls to/from us or customer satisfaction surveys) |
|
We won't process your special categories of information for this purpose |
Managing our business operations (e.g. keeping accounting records, analysing financial results, meeting audit requirements, receiving professional advice and holding our own insurance) |
|
We won't process your special categories of information for this purpose |
For insurance administration purposes including trend analysis, actuarial work, pricing analysis, analysis of customer experience, planning service delivery, risk assessment and costs and charges |
|
We won't process your special categories of information for this purpose |
3.2.3 Who we'll share your personal information with
We'll share personal information within Hastings Group Holdings limited and/or with the following third parties for the purposes laid out in the table above:
3.3.1 What personal information we'll collect and where we'll collect it from
We'll collect the following personal information from you where relevant:
We use external sources to supplement and verify the information above and also to provide the following new information. We would always have a justification and be proportionate:
The external sources that provide us with information about you include:
3.3.2 What we'll use your personal information for
We may process your personal information for a number of different purposes. We must have a legal ground for each purpose and we'll rely on the following grounds:
We must have an additional legal ground for processing special categories of information. We'll rely on the following:
Here's how we use your personal information and the legal grounds we rely on:
Type of processing | Grounds for using personal information | Grounds for special categories |
---|---|---|
To investigate and manage claims made under an insurance policy |
|
|
To comply with our legal or regulatory obligations |
|
|
To prevent and investigate fraud |
|
|
For business processes and activities including analysis, review, planning and transactions |
|
We won't process your special categories of information for this purpose |
3.3.3 Who we'll share your personal information with
We'll share personal information within Hastings Group Holdings limited and/or with the following third parties for the purposes laid out in the table above:
4.1 What personal information we'll collect and where we'll collect it from
We use various software (including cookies) to improve your digital journey and to identify and prevent fraud. We collect and store information about how you access and use our website, app and MyAccount (including the website you visited before coming to ours). We automatically receive the IP address of your computer, mobile device or the proxy server you use to access the internet and this may include information to identify your browser or device to analyse web traffic.
Fraud prevention cookies collect information about certain features of your device, such as your IP address, device type, browser type, screen resolution and operating system. This is to prevent and detect devices associated with fraudulent or other malicious activity and allows us to authenticate your account.
4.2 What we'll use your personal information for
We may process your personal information for a number of different purposes. We must have a legal ground for each purpose and we'll rely on the following ground:
Here's how we use your personal information and the legal grounds we rely on:
Type of processing | Grounds for using personal information | Grounds for special categories |
---|---|---|
Communicating with you and responding to any enquiries you have |
|
We won't process your special categories of information for this purpose. |
Monitoring usage of our website |
|
We won't process your special categories of information for this purpose |
Sometimes we'll transfer the personal information we collect about you to other countries.
When a transfer happens we'll take steps to make sure your personal information is protected. We'll do this using a number of different methods including:
When you've requested a quote or bought a policy with us we can contact you about similar products and services unless you have opted out. If we intend to market other products we will ask for your permission to do this first. We'll contact you for marketing purposes – for example, to offer other services or to ask if you want to take part in a competition we might run.
You may also give your permission for us to contact you when you visit a price comparison site for an insurance quote. This would be because our product featured as one with a competitive price you could choose from and you wanted us to contact you.
You're free to object to receiving any marketing material and can edit your marketing preferences at any time. To opt out of marketing communications you can click 'unsubscribe' on any marketing message we send you, change your preferences in MyAccount, or contact us (see Section 11).
We have a legitimate interest to be able to contact you to discuss how your policy (or your claim) is being administered. This form of contact falls outside of your marketing preferences and must continue so we can provide you with a policy effectively. This will never include marketing material and all information will be strictly related to your policy or claim.
We are subject to various legal requirements concerning retention of data, and also have our own legitimate interests in retaining your data for a period of time beyond your policy lifetime. These interests include the defense of any late or delayed claims and improving our products and pricing. We will not retain your personal data for longer than is reasonably necessary.
In the circumstances involving the prevention or detection of crime and the apprehension or prosecution of offenders, Hastings Insurance Service Limited and agencies can hold your personal data for different periods of time.
If a human is involved in the decision at any point it is not considered an automated decision. When deciding whether to offer an insurance policy, we use automated processing. The process considers the information you provide us, as well as information from other sources such as search tools. These are used to determine whether your application for insurance can be accepted and what the price of the policy should be. The automated decisions include:
This means we may automatically decide you pose a fraud or money laundering risk. We do this if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity.
If we, or a fraud prevention agency, determine you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or we may stop providing existing services to you. A record of any fraud or money laundering risk may be passed to the fraud prevention agencies such as the Claims and Underwriting Exchange (CUE), CIFAS and the Insurance Fraud Bureau (IFB), and may result in others refusing to provide services, financing or employment to you.
Under data protection law you have a number of rights in relation to the personal information we hold about you. You can exercise these rights by contacting us. We won't usually charge you in relation to a request.
The right to access your personal information | You're entitled to a copy of the personal information we hold about you and certain details of how we use it. We'll usually provide your personal information to you in an email unless you request otherwise. |
The right to rectification | We take reasonable steps to make sure the information we hold about you is accurate and, where necessary, up-to-date and complete. If you believe there are any inaccuracies, discrepancies or gaps in the information we hold about you, you can contact us and ask us to update or amend it. |
The right to erasure | This is sometimes known as the 'right to be forgotten'. It entitles you, in certain circumstances, to request your personal information be deleted. For example, where we no longer need your personal information for the original purpose we collected it for or where you have exercised your right to withdraw consent. While we will assess every request, there are other factors that will need to be taken into consideration. For example, we may not be able to erase your information as you've requested because we have a regulatory obligation to keep it. |
The right to restriction of processing | In certain circumstances, you're entitled to ask us to stop using your personal information, for example where you think the personal information we hold about you may be inaccurate or where you think we no longer need to use your personal information. |
The right to data portability | In certain circumstances, you can request we transfer personal information you've provided to us to a third party. |
The right to object to marketing | You have control over the extent to which we market to you and the right to request we stop sending you marketing messages at any time. You can do this either by clicking on the 'unsubscribe' link or button in any email we send you or by contacting us using the details set out in section 10. Even if you exercise this right because you do not want to receive marketing messages, we may still send you service related communications where necessary. |
The right to object to processing | In addition to the right to object to marketing, in certain circumstances you'll also have the right to object to us processing your personal information. This will be when we're relying on there being a legitimate interest to process your personal information. In some circumstances, we will not be able to cease processing your information, but we'll let you know if this is the case. |
Rights relating to automated decisions | If you've been subject to an automated decision and don't agree with the outcome, you can ask us to review it. |
The right to withdraw consent | Where we rely on your consent in order to process your personal information, you have the right to withdraw such consent to the further use of your personal information. We'll advise you of this at the point of collection of your data. |
The right to lodge a complaint with the ICO | You have a right to complain to the Information Commissioner's Office if you believe that any use of your personal information by us is in breach of applicable data protection laws and/or regulations. More information can be found on the Information Commissioner's Office website. This will not affect any other legal rights or remedies that you have. |
There may be some circumstances where we cannot comply with your request. For example, we would not be able to agree to your request if it would mean we couldn't comply with our own legal or regulatory requirements. In these instances, we'll let you know why we cannot agree to your request.
The protection of your personal data is very important to us. We take a number of technical and procedural measures to protect personal data. For example:
If you want to exercise the rights set out above, or if you have any questions about how we collect, store or use your personal information, our Data Protection Officer and Team can be reached as follows:
We may need to make changes to this Privacy Policy periodically. This could be as the result of government regulation, new technologies or other developments in data protection laws or privacy generally or where we identify new sources and uses of personal information (provided such use is compatible with the purposes for which the personal information was originally collected). The Data Protection Officer will make sure that this document is updated regularly or as legislation requires.