This privacy notice tells you what we do with information we collect about you. It's relevant to anyone who uses our services, including policyholders, prospective policyholders, website users and beneficiaries under our policies, such as named drivers. We refer to all these individuals as "customers" or "you" in this notice.
We are U K Insurance Limited ("we", "us" or "our") and you will know us by our brand names:
Churchill, Direct Line, Privilege, Darwin and Green Flag.
Information collected from you & cookies policy
Where we have collected information directly from you it will usually be obvious what this is, as you will have given it to us. This might not be the case where we have used cookies to collect information from your computer or portable electronic devices. Please see our cookies policy for more information.
Information collected from others
We can collect information about you from others. This includes information from:
Sensitive personal information
We collect information that is sensitive, such as information about health or unspent past criminal convictions or offences.
We may also collect information which due to its nature requires additional protection, such as information related to children, biometric (voice recognition and facial images) data and geo-location (which could for example reveal medical or religious locations although we never use this information). We may collect your sensitive personal information for specific types of policy or applications, for example when offering you a travel policy or a driving application e.g. Telematics. We obtain this from your mobile devices for driving applications and the following people:
We collect and use this information as part of your insurance quotation or contract with us, or where it is necessary for a legal obligation, or as part of the establishment or defence of a legal claim.
We may also use your biometric data (voice recognition and facial images) to check your identity. When we do so, we will explain to you why we need it, and where necessary obtain your consent to use it for the relevant purpose. Biometric data may also be used to prevent or detect fraud.
We use your personal information in order to meet our obligations in our contract of insurance with you. We and other companies within our group of companies use your personal information in the following ways:
A. Provide insurance services
When you request us to provide you with a quote for one of our insurance policies or you purchase an insurance policy from us, we use information about you:
We cannot provide the services unless we use the information about you in this way.
B. Do what we are required to do by law
As part of our duty as an insurer providing insurance services, sometimes we are required by law to use information about you:
We can use your personal information in this way because we are required to do so by law.
C. Prevent fraud occurring
Fraud has an impact on all customers as it increases costs for everyone. We use your personal information to check for signs that customers might be dishonest (e.g. if someone has behaved dishonestly in the past it may increase the risk they will do so in future).
We may use your personal information in this way because it is in our interests to detect fraud and in all our customers' interests to ensure that they are not prejudiced due to increased premiums as a result of a few customers acting dishonestly.
D. Recover debt
If you owe us money we will use your personal information to help us recover it.
We can use your personal information in this way because it is a necessary part of the contract of insurance. We need to ensure that premiums are paid so that the majority of our customers do not suffer (e.g. through increased premiums) due to the actions of a small minority of customers.
E. Direct Marketing
Keeping in touch
From time to time, we may send you marketing regarding any of our products, discounts, offers and services where we believe you will have an interest in the communications. These updates will come from brands and companies in the Direct Line Group.
These communications will be sent and displayed to you based on your preferences:
You can let us know at any time if you no longer wish to receive marketing messages. The simplest way to do this is to click on the unsubscribe link on emails or respond using the return address on the envelope. You can also contact our Data Rights Team, please see section 10 for contact information.
We will keep a note of your earlier marketing preferences for six years. If you have chosen not to receive marketing, we will not contact you unless you tell us you have changed your mind.
Making our communications relevant to you
We process your personal information to evaluate the effectiveness of our advertising and help us provide more relevant offers and information across a variety of marketing channels including online advertising and social media sites such as Facebook.
In certain circumstances we use publicly available or licensed sources of information to enhance the personal data we hold about individuals or groups or individuals.
We analyse our customer database and external data sources to understand who customers are and how they interact with us. In doing this, we can improve our communications by identifying new audiences, ensuring our communications are relevant to you and allow us to be more efficient and cost-effective with our resources.
To help us recognise how recipients interact with our email communications and enhance their display on various devices, we employ a widely recognised method of embedding an image pixel within our emails to collect information about when you open the email such as your IP address, your browser or email client type. If you don't want us to use tracking pixels, you can use your email settings so that images are not automatically displayed.
We also provide you with a personalised online experience by giving you marketing based on your interactions with us and analysis of your customer behaviour on our websites, such as your purchase and browsing history. Learn more about our use of cookies and similar technologies in our Cookie Policy.
F. Where your or another person's life may be at risk
We will use your personal information to assist where your or another person's life or health is in danger and obtaining your permission is not possible (e.g. arranging emergency medical treatment in a remote location).
G. To administer and improve our services
To administer our services we will share information with others (including to people or organisations that may be based overseas):
H. To improve our services
We may use technology to evaluate opinions you express, including any verbal or written feedback and opinion, to improve our customer experiences, including:
We may also process your personal data to better understand you as a customer, including to determine how best to retain your custom, and to ask you to provide feedback on the service we provide to you.
We can use your personal information in this way because it is in our legitimate interests to provide the services in the most efficient way. We will always ensure that we keep the amount of your personal information that we collect and the extent of any processing to the absolute minimum to achieve this efficiency.
We may share your personal information with third parties and other companies within our group of companies for the purposes mentioned in Section 3 above. A list of our group companies can be found at https://www.u-k-insurance.co.uk/group-companies.html. Alternatively, you can contact the Data Protection Officer for a list of them. Please see section 10. You should make sure everything you tell us is correct because your records may be checked in the following circumstances:
In particular we share information with:
Fraud prevention agencies that provide databases and services, such as CIFAS, National Hunter, SIRA and ENI, to prevent or detect fraud.
A record of this risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services or financing to you. If you have any questions about this, please contact the appropriate fraud prevention agency.
Credit reference agencies are used to help us verify your identity, and to determine the price of your insurance and your payment options when you take out a quote and at renewal of your insurance policy. This leaves a "soft footprint" on your credit file which can only be seen by you and does not affect your credit score.
If you choose to pay your premium by instalments we will share this information when you first take a policy with us and at each renewal. We may exchange your personal information with credit reference agencies to reflect your credit application (as payment by instalments means that there will be a credit agreement between us). We will let you know before we do this. This will be visible to other credit providers and is known as a "hard footprint". Failure by you or anyone who pays for your policy to keep up the monthly payments due under your credit agreement will be reflected in your credit score, not theirs.
The identities of the credit reference agencies and the ways in which they use and share personal information are explained in more detail at www.experian.co.uk/crain/. Alternatively, you can call us and we will send you a copy.
Business Insurance Credit reference agencies are used to help us verify your and any joint policyholder's identity, and to determine the price of your insurance and your payment options when you take out a quote and at renewal of your insurance policy. This leaves a "soft footprint" on your and any joint policyholder's credit file which can only be seen by you and does not affect your credit score.
If you choose to pay your premium by instalments, we will share this information when you first take a policy with us and at each renewal. We may exchange your and any joint policyholder's personal information with credit reference agencies to reflect your credit application (as payment by instalments means that there will be a credit agreement between us). We will let you know before we do this. This will be visible to other credit providers and is known as a "hard footprint". Failure by you or anyone who pays for your policy to keep up the monthly payments due under your credit agreement will be reflected in the credit score for your business, and the ability for your business to obtain credit in future, not theirs.
The identities of the credit reference agencies and the ways in which they use and share personal information are explained in more detail at Credit Reference Agency Information Notice (CRAIN) | Experian. Alternatively, you can call us, and we will send you a copy.
Driver and Vehicle Licensing Agency (DVLA) data If you choose to provide your Driving Licence Number (DLN) as part of your application for motor insurance the data provided by the DVLA may be used alongside other information you have provided:
The data will not be used for any other purpose, or be made available to anyone else. Searches of the DVLA driver database may be carried out prior to the date of the insurance policy and at any point throughout the duration of your insurance policy including at the mid-term adjustment and renewal stage. Unlike other DLN searches with the DVLA that you may have authorised, this one will not show a footprint against your driving licence.
MOT data will be collected from the Driver and Vehicle Standards Agency (DVSA) and be used during your policy term with us. Whilst this will not affect your initial quote, the MOT data may be used throughout your policy. It is important to keep your vehicle MOT up to date as missing or incomplete MOT data could result in a decline later in your policy term. The MOT history service contains public sector information licensed under the Open Government Licence.
Advertising Partners We partner with advertising companies, including social media sites, addressable TV providers and third-party websites, to display adverts about our products and services.
Our Advertising Partners enable us to identify and engage with the right target audience, to create and distribute personalised content across platforms and services. For example, addressable TV providers allow us to customise the adverts displayed to individual households while they are watching the same programme.
They use techniques like device recognition and interactions with social media content to tailor ads, but they don't target individuals by name. In most cases, cookies and similar technologies such as device fingerprinting are used to target this type of advertising. To learn more and manage their use, refer to our cookie policy.
We may share personal information, e.g., an encrypted email address or device id, with our Advertising partners. The purpose is to show relevant ads to you on third party websites and apps. To do this, your data is matched with the database of the Advertising partner. If a match is found, you will receive relevant promotional content in your feed or search engine. If no match is found your data is securely destroyed. Your personal data is handled in a secure manner using a technique called hashing. This ensures your data is scrambled in a manner that makes it unreadable to anyone other than the recipient.
We may send your personal information overseas to any part of the world to administer your insurance policy or insurance claim. The protections given to your personal information in other parts of the world may not be as strong as in the UK. Where possible, we will put in place agreements with the people we send your personal information to, to require them to treat your personal information with the same protections that we apply ourselves.
Our agreements may include standard terms called Standard Contractual Clauses or International Data Transfer Agreements (IDTAs) approved by the UK Information Commissioner’s Office or may require the other party to be signed up to government standards that are recognised as providing the right level of protection. But it is possible that regardless of what is set out in the agreement this would not stop a government in any part of the world from accessing your personal information, as they can often have power to overrule any agreements we make, for purposes such as crime prevention and national security.
In some cases we might need to share information to carry out the services we have promised to carry out, for example if you require urgent assistance abroad. In such an urgent situation we may not always have the time to put in place the type of agreement we would normally want to; however, we will ensure that if such a transfer is required that it complies with the standards required by data protection legislation.
We are only allowed to keep your personal information if we need it for one of the reasons we describe in section 3 above.
As a general rule, we will keep it for 6 years from the end of your relationship with us, as it is likely that we will need the information for regulatory reasons, fraud prevention, or to defend a claim. For example, should you wish to bring some form of legal action relating to your relationship with us, this would generally need to be done within 6 years from the end of that relationship. However there may be exceptions where we need to keep your personal information for longer, such as where a claim has involved a minor.
We will also retain data in an anonymous form for statistical and analytical purposes, for example, to assess risk of flood damage occurring.
If we rely on your consent to collect and process your personal information, you can ask us to stop using your personal information at any time by withdrawing that consent and we will stop using your personal information for those purposes.
At any time, you can tell us to stop using your personal information to:
To find out how to do this, please see section 10.
Where you do not provide the personal information we need in order to provide the service you are asking for or to fulfil a legal requirement, we will not be able to provide the service that you are asking us to give you.
We will tell you about why we need the information when we ask for it.
We will collect information about you and put this into our computer systems. The computer systems will make certain automated decisions about you which will be based on comparing you with other people. This will have an impact in terms of the level of premium or product that we offer to you or the products or services that we decide to tell you about. We may also use automated decision making to conduct an identity verification check.
For example, if you are under 25 years of age, the computer system may determine that you are more likely to have a car accident. This is because the computer system has been told that more people aged under 25 have car accidents. Another example is that, if you are under 25, the computer system may determine that you are going to be interested in a travel policy which covers high risk activity, such as skiing. Therefore, we would proactively seek to tell you about such policies as we would consider them to be of interest to you.
This is important because:
We also use computer systems to carry out modelling. Sometimes using your personal information and sometimes using data in anonymised form. We conduct this modelling for a variety of reasons, for example, for risk assessment purposes to make decisions about you, such as your likelihood to claim. However, we may also use your personal information in that modelling to make decisions about how we improve and develop our products and services, or our pricing and underwriting, or to better understand how our prospective customers make decisions about which policy is the optimal policy (i.e. we are not making decisions directly about you).
Our Data Rights Team are responsible for responding to your requests to exercise your rights which are set out below. The Data Rights Team may be contacted at U K Insurance Limited, Churchill Court, Westmoreland Road, Bromley BR1 1DP, by email at Data.Rights.Requests@directlinegroup.co.uk or through this form: https://www.u-k-insurance.co.uk/data-rights-request.html
You may contact us at the address above for one or more of the following reasons:
Sometimes we will not be able to stop using your personal information when you ask us to (e.g. where we need to use it because the law requires us to do so or we need to retain the information for regulatory purposes).
In other cases, if we stop using your personal information, we will not be able to provide services to you, such as administering your insurance policy or servicing your claim.
We will tell you if we are unable to comply with your request, or how your request might impact you, when you contact us.
Complaints
If you have any concerns about the way in which we are using your personal information, please contact our Data Protection Officer in the first instance at U K Insurance Limited, Churchill Court, Westmoreland Road, Bromley, BR1 1DP or alternatively by email at DataProtection@directlinegroup.co.uk and we will endeavour to resolve your concern. However, you do also have the right to complain about how we treat your personal information to the Information Commissioner's Office (“ICO”). The ICO can be contacted at:
ICO website: https://ico.org.uk/global/contact-us/
ICO telephone: 0303 123 1113
ICO textphone: 01625 545860