Confidentiality and Data Protection – Member Firms
In this Privacy Notice, ‘we’, ‘us’ and ‘our’ refers to The Broker Network Limited (data controller registration number) and Countrywide Insurance Management Limited (data controller registration number) and their various registered trading styles.
Our registered address being Hexagon House, Grimbald Crag Close, Knaresborough HG5 8PJ.
As a membership based commercial organisation serving the needs of independent insurance brokers, the privacy and security of your personal information is very important to us so we want to assure you that your information will be properly managed and protected by us at all times.
This privacy notice sets out how we collect and process your personal data. This privacy notice also provides certain information that is legally required and lists your rights in relation to your personal data.
This privacy notice relates to personal information that identifies you as a natural person (whether you are an actual or potential member, an individual who browses our website or an individual outside our organisation with whom we interact). We refer to this information throughout this privacy notice as personal data or personal information and further detail of what this includes are set out in this privacy notice below.
This privacy notice may vary from time to time so please check it regularly. This privacy notice was last updated on 14 May 2020.
What information we hold about you and where we obtain this from
We are the Data Controller for certain personal data and information you provide to us in administering your membership agreement with us as outlined in this section.
As a member organisation we are largely delivering services to commercial organisations however this does mean that we may also collect your personal data from you when you apply to become a member of our organisation and in the course of administering your membership and providing membership services to you:
The personal data that we collect about you may include the following information:
- Personal data you provide to us in person, via our website or by telephone
- Personal data you provide to us when enquiring about membership
- Personal data you provide if you subscribe to any of our mailing or newsletter services
- Details about the principles(s), directors and partners of our member firms. This includes general information such as name, address, contact details, date of birth and financial details, such as bank account and card details. It also includes information such as criminal convictions and credit history.
- We may also collect data from others who are associated with you and your membership such as your employees or representatives such as business contact details including e-mail address used for business correspondence.
- Personal information required from an employee for the administration and setting up of training portals and courses, we may also collect details regarding event attendance, dietary requirements and the need for any disability access etc. when attending an event.
- We also collect information from publicly available sources and third party databases made available to the insurance industry for the purposes of reducing fraud and financial crime as well as any other databases where your personal data may be held and processing is necessary for the fulfilment of a contract with you
- Information about your use of our website such as your IP address ,which is a unique number identifying your computer including personal data using cookies
- In the interests of security and to improve our service, telephone calls you make to us may be monitored and / or recorded for training purposes.
How we will use your data and the lawful basis for doing so
Purposes for which we process your personal data the lawful basis on which we can do this
|Purposes for which we process your personal data||The basis on which we can do this (this is what the law allows)|
|In order to perform our contractual obligations to you. Including the delivery of membership services to your organisation under your membership with us. If you have given us information about someone else for the purpose of administrating our membership agreement with you, you should share this privacy notice with them.||The processing is necessary in connection with any contract that you may enter into with us.|
|To continue to administer you membership with us including any financial transactions.||The processing is necessary in connection with the continuation of any contract you have entered into with us|
|To assist in the prevention and reduction of fraud and other financial crime.||The processing is necessary for us to comply with the law and our legal requirements|
|In the interests improving our service and for training and competence purposes, telephone calls you make to us may be monitored and/or recorded.||The processing is necessary to pursue our legitimate interest in the management and operation of our business. This is for the reasons specified only.|
|To let you know about products and services relevant to your business which are available to you under your membership agreement including information relating to insurance product providers and associated affiliate services that may be of interest to you. (We do not carry on direct marketing activities which are targeted to individuals or pass on details to third parties for this purpose)||The processing is necessary to pursue our legitimate interest in operating our business|
As part of the application for membership we may need to collect information on criminal convictions which we may share with third parties. The lawful basis for doing this will the necessity in connection with a contract (Article 6(b). In addition we will also be complying with the requirements as set out in Article 10 of the regulations and the Data Protection Bill.
Who we pass your personal data to
As part of the processing necessary for your contract of membership, we may need to pass your personal data to other companies which may include:
- Insurers, intermediaries and third party service providers that we use for the purpose of arranging and administering your membership
- Firms that provide administration and processing services to us or on our behalf under contract and to whom we have a legitimate interest in passing your data to in order to complete activities such as, IT Systems and administrative services, the development and approval of internal databases and mail processing.
- Organisations that have a specific role laid out in law, such as statutory bodies, regulatory authorities and other authorised bodies
- Information required by law enforcement agencies, for example if we received a valid request from the police or other third party organisation in the interest of preventing and detecting crime
- Fraud prevention agencies and operators of registers available to the insurance industry to check information and prevent fraud.
- Credit reference agencies to check your credit history. This check will be recorded on your credit reference file without affecting your ability to apply for credit or other financial products
- Third parties we use to recover money you may owe us or to whom we may sell your debt
- Another company, if our business or part of it is bought or taken over by that company to make sure your insurance policies and membership services can continue to be serviced or as part of preliminary discussions with that company about a possible sale or take over
The information you share with us may be transferred by us or any of the types of firms or organisations we have noted above, to other countries in order for processing to take place, including locations outside of the European Union. We will only do so if there are adequate levels of protection in place as required by the General Data Protection Regulation
Accessing our Website
When you visit one of our websites we may collect information from you, such as your email address, IP address and other online identifiers. This helps us to track unique visits and monitor patterns of customer website traffic, such as who visits and why they visit. We use third parties to collate IP addresses to help us understand our Internet traffic data and data regarding your browser type and computer. We may also use web usage information to create statistical data regarding the use of our website. We may then use or disclose that statistical data to others for marketing and strategic development purposes, but no individuals will be identified in such statistical data.
Internet browsers normally accept cookies by default, although it’s possible to set a browser to reject cookies. We’ll ask your permission before using any cookie that’s not essential to the email or the use of the website. However, refusing to accept cookies may restrict your use of our website and/or delay or affect the way in which our website operates. You can find more information on Cookies when you visit our website.
The open nature of the internet is such that data may flow over networks without security measures, and may be accessed and used by people other than those for whom the data is intended. While this is outside of our control, we do take the protection of your information very seriously and aim to apply appropriate levels of security at all times.
There are also cases where you may pass details of third party personal information to us to enable us to deliver the products and services to you under our membership agreement with you. We only receive this data from you to carry out services on your behalf. We are therefore a Data Processor only from the purposes of receiving, processing and storing this information. The terms under which we process this information will be specified in the Membership Agreement and service schedules as issued from time to time.
We will only store your data for as long as is necessary to comply with the requirements of your membership agreement and any legal obligations or lawful processing conditions that may exist as a result.
You have a number of rights concerning the personal information we use, which you may ask us to observe. In some cases even when you make a request concerning your personal information, we may not be required, or be able to carry out your request as this may result in us not being able to fulfil our legal and regulatory obligations under the lawful processing conditions under which we hold your data or because there is a minimum statutory period of time for which we have to keep your information. If this is the case, we’ll let you know our reasons.
You can ask us to:
- Provide a copy of your personal information
- correct or delete unnecessary or inaccurate personal information
- restrict or to object to the use of your personal information at any time
- Object to any automated decision, including profiling. (Where an automated decision has been made we will advise you of this and of your rights)
- Provide your personal data in a structured, commonly used and machine-readable format and to have your personal data transferred to another controller. This right only applies where our processing of your personal data is automated and the processing took place initially with your consent or for the performance of a contract with you
We may also rely on your consent from time to time to use your personal information. We will make it clear to you where consent is our lawful basis for processing and you can withdraw that consent at any time. Where your consent is withdrawn, your previous consent will remain valid in respect of our use of your information prior to the date you withdrew it, or if any marketing material has been sent prior to you advising that you don’t want us to contact you again. Please note that this will not affect us contacting you about products and services that you have specifically requested from us under our membership agreement with you.
You also have the right to make an enquiry or to complain to the Information Commissioner’s Office (ICO) if you are unhappy with our use of your data, or if you think we have breached a legal requirement. Further details about the ICO are available at: www.ico.org.uk
We may update this notice from time to time. We encourage you to periodically review this notice so that you are aware of our privacy practices.
How to contact us
If you need to contact us in connection with the use or processing of your personal data, then you can do so using our contact details as set out below.
Our data protection representative is
Information Security Officer
Telephone 07484 908074