Privacy Policy

Privacy Policy

Privacy Policy
We are committed to safeguarding the privacy of our website visitors; this policy sets out how we will treat your personal information.
Our website uses cookies.  By using our website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy.

(1) How we use your information
We only collect personal information such as your name, address, telephone number and email address when you provide it to us, or when you have given a third party permission to share your information with us.

We will only use the data captured for specific purposes in relation to the provision of insurance policies and services from us, whether that’s as part of the Contact Us follow up process (contractual) or as part of the provision of that service (contractual).

If you have given consent using an opt-in process on our website, we may also use your information to keep you up to date with relevant services and useful updates. At all times recipients will be given the option to opt-out of communications and removed if requested.

This applies to information we collect about:

• People who use our services
• Visitors to our website
• Personal data via third party services

(2) What information do we collect?
When you contact Carriagehouse Insurance to supply a quotation, general enquiry or general request relating to an existing service we are providing, we may collect data online or offline. We will request just enough information about you to enable us to respond to you and to provide you with a positive experience in any further communication we may have with you in order to fulfil your requirements.

Personally identifiable information would include:

• Title
• Name
• Email
• Telephone (home/mobile)

(3) Cookies
A cookie consists of a piece of text sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
We use both “session” cookies and “persistent” cookies on the website. We will use the session cookies to: keep track of you whilst you navigate the website. We will use the persistent cookies to: enable our website to store quotes for 30 days when you press the “Save” button.
Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.

​Google Analytics
Google Analytics may collect basic information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
Google’s privacy policy is available at: http://www.google.com/privacypolicy.html.
Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies.  For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector.  Blocking all cookies will, however, have a negative impact upon the usability of many websites, including this one.

(4) Using your personal information
Personal information submitted to us via this website will be used for the purposes specified in this privacy policy or in relevant parts of the website.
We may use your personal information to:
(a) administer the website;
(b) enable your use of the services available on the website;
(c) send to you insurance policies purchased via the website, and supply to you services purchased via the website;
(d) send statements and invoices to you, and collect payments from you;
(e) send you general (non-marketing) commercial communications;
(f) send you email notifications which you have specifically consented to receive;
(g) deal with enquiries and complaints made by or about you relating to the website

Where you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the licence you grant to us.

All our website financial transactions are handled through our payment services provider, Sagepay.  You can review the Sagepay privacy policy at www.sagepay.com.  We will share information with  Sagepay only to the extent necessary for the purposes of processing payments you make via our website and dealing with complaints and queries relating to such payments.

(5) Disclosures
We may disclose information about you to any of our employees, insures, officers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes as set out in this privacy policy.
In addition, we may disclose your personal information:
(a) to the extent that we are required to do so by law;
(b) in connection with any legal proceedings or prospective legal proceedings;
(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
(d) to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
(e) to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
Except as provided in this privacy policy, we will not provide your information to third parties.

(6) Security of your personal information
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

Any personal information provided via our website is only accessed by people who need it to perform their role.

Your personal data is encrypted at rest and in transit as far as possible, we secure the information you submit through this site using ‘SSL’. Information is collected using forms on our website, are transmitted over SSL to our web server.

Our website is hosted within the EEA in a data centre in the UK which has ISO 27001 Information Security accreditation.

The data is also stored in backups of the website which are currently stored in the US and are encrypted. Backups are created on the server by a system process to disk and sent over SSL to Amazon S3 where they are stored. AWS has in place effective technical and organisational measures for data processors to secure personal data in accordance with the GDPR. They are encrypted during the send process and while stored in S3. Backups are stored in S3 for 30 days, at which point they are deleted.

Breach reporting
In regards to data stored on our website Content Management System (contact form enquiries), Our website host, Rubious, perform daily security scans to detect any potential breaches. They also protect logins to the CMS from brute force attacks by blocking out suspicious users who attempt to log in too many times. they keep an audit log of the changes that happen our own website, which cannot be modified or deleted by even an administrator user, so if a breach is suspected we can see what the malicious user did on the website
In relation to to data stored with sub-processors (Customer Relations and Quotation platforms) Rubious have reviewed security and GDPR compliance of these providers and conclude they meet the necessary requirements.

Reporting Breaches
Within 72 hours of the breach being identified, Carriagehouse Ins will inform the Data Subject by telephone/email. An internal investigation will then take place to identify how the breach happened and what controls can be put into place. We shall inform the Data Subject if any data is lost or destroyed or becomes damaged, corrupted, or unusable, or if there is any accidental, unauthorised or unlawful disclosure of or access to any of the Data. In such case, We with Rubious will use reasonable endeavours to restore the data. The Data Subject will then be informed in writing of the outcome.
Carriagehouse Ins will also inform ICO within seventy two (72) hours), where the breach is likely to result in a high risk to the rights of such Data Subjects.

(7) Policy amendments
We may change this Privacy Policy from time to time (for example, if the law changes). Any changes will be immediately posted on Our Site and you will be deemed to have accepted the terms of the Privacy Policy on your first use of Our Site following the alterations. We recommend that you check this page regularly to keep up-to-date.

We keep our privacy notice under regular review. This privacy notice was last updated on 25th May, 2018.

(8) Your rights
You have the right to request a copy of any data we may hold about you. We will ensure that it is transmitted to you in an easy to understand way. You will not be charged for this service, except in unfounded or excessive circumstances. We will require proof of your identification before we will allow access to any data. Additionally, you have the right to rectify, restrict and object to the data we hold about you, and to request that it is erased.

You may exercise these rights by sending an email to info@carriagehouseinsurance.co.uk

We will normally respond to any request we receive within one month of receiving it, and we will let you know if we are unable to fully comply with your request for a legitimate reason.

(9) Third party websites
The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.

(10) Contact
If you have any questions about this privacy policy or our treatment of your personal information, please write to us by email to carriagehouseinsurance@btopenworld.com or by post to Spring Farm, Stratford St Mary, Colchester, Essex, CO7 6NB.

(11) Data controller
The data controller responsible in respect of the information collected on this website is Carriagehouse Insurance
Our data protection registration number is Z5078152