We are committed to safeguarding the privacy of our website visitors; this policy sets out how we will treat your personal information.
(1) How we use your information
We only collect personal information such as your name, address, telephone number and email address when you provide it to us, or when you have given a third party permission to share your information with us.
We will only use the data captured for specific purposes in relation to the provision of insurance policies and services from us, whether that’s as part of the Contact Us follow up process (contractual) or as part of the provision of that service (contractual).
If you have given consent using an opt-in process on our website, we may also use your information to keep you up to date with relevant services and useful updates. At all times recipients will be given the option to opt-out of communications and removed if requested.
This applies to information we collect about:
• People who use our services
• Visitors to our website
• Personal data via third party services
(2) What information do we collect?
When you contact Carriagehouse Insurance to supply a quotation, general enquiry or general request relating to an existing service we are providing, we may collect data online or offline. We will request just enough information about you to enable us to respond to you and to provide you with a positive experience in any further communication we may have with you in order to fulfil your requirements.
Personally identifiable information would include:
• Telephone (home/mobile)
A cookie consists of a piece of text sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
We use both “session” cookies and “persistent” cookies on the website. We will use the session cookies to: keep track of you whilst you navigate the website. We will use the persistent cookies to: enable our website to store quotes for 30 days when you press the “Save” button.
Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.
Google Analytics may collect basic information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector. Blocking all cookies will, however, have a negative impact upon the usability of many websites, including this one.
(4) Using your personal information
We may use your personal information to:
(a) administer the website;
(b) enable your use of the services available on the website;
(c) send to you insurance policies purchased via the website, and supply to you services purchased via the website;
(d) send statements and invoices to you, and collect payments from you;
(e) send you general (non-marketing) commercial communications;
(f) send you email notifications which you have specifically consented to receive;
(g) deal with enquiries and complaints made by or about you relating to the website
Where you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the licence you grant to us.
In addition, we may disclose your personal information:
(a) to the extent that we are required to do so by law;
(b) in connection with any legal proceedings or prospective legal proceedings;
(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
(d) to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
(e) to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
(6) Security of your personal information
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
Any personal information provided via our website is only accessed by people who need it to perform their role.
Your personal data is encrypted at rest and in transit as far as possible, we secure the information you submit through this site using ‘SSL’. Information is collected using forms on our website, are transmitted over SSL to our web server.
Our website is hosted within the EEA in a data centre in the UK which has ISO 27001 Information Security accreditation.
The data is also stored in backups of the website which are currently stored in the US and are encrypted. Backups are created on the server by a system process to disk and sent over SSL to Amazon S3 where they are stored. AWS has in place effective technical and organisational measures for data processors to secure personal data in accordance with the GDPR. They are encrypted during the send process and while stored in S3. Backups are stored in S3 for 30 days, at which point they are deleted.
In regards to data stored on our website Content Management System (contact form enquiries), Our website host, Rubious, perform daily security scans to detect any potential breaches. They also protect logins to the CMS from brute force attacks by blocking out suspicious users who attempt to log in too many times. they keep an audit log of the changes that happen our own website, which cannot be modified or deleted by even an administrator user, so if a breach is suspected we can see what the malicious user did on the website
In relation to to data stored with sub-processors (Customer Relations and Quotation platforms) Rubious have reviewed security and GDPR compliance of these providers and conclude they meet the necessary requirements.
Within 72 hours of the breach being identified, Carriagehouse Ins will inform the Data Subject by telephone/email. An internal investigation will then take place to identify how the breach happened and what controls can be put into place. We shall inform the Data Subject if any data is lost or destroyed or becomes damaged, corrupted, or unusable, or if there is any accidental, unauthorised or unlawful disclosure of or access to any of the Data. In such case, We with Rubious will use reasonable endeavours to restore the data. The Data Subject will then be informed in writing of the outcome.
Carriagehouse Ins will also inform ICO within seventy two (72) hours), where the breach is likely to result in a high risk to the rights of such Data Subjects.
(7) Policy amendments
We keep our privacy notice under regular review. This privacy notice was last updated on 25th May, 2018.
(8) Your rights
You have the right to request a copy of any data we may hold about you. We will ensure that it is transmitted to you in an easy to understand way. You will not be charged for this service, except in unfounded or excessive circumstances. We will require proof of your identification before we will allow access to any data. Additionally, you have the right to rectify, restrict and object to the data we hold about you, and to request that it is erased.
You may exercise these rights by sending an email to email@example.com
We will normally respond to any request we receive within one month of receiving it, and we will let you know if we are unable to fully comply with your request for a legitimate reason.
(9) Third party websites
The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.
(11) Data controller
The data controller responsible in respect of the information collected on this website is Carriagehouse Insurance
Our data protection registration number is Z5078152