Who is processing your data?
Where do we get the data from?
Providing data about other people
What do we use your data for?
Part 1 - Providing you with a quote and administering your policy
Part 2 - Fraud Prevention
Part 3 - Other uses of data
Part 4 - Special categories of data and criminal convictions
How long do we keep data for?
Overseas Transfer of Data
Contacting us about data
Discussing your policy and making changes
Information Commissioner’s Office
The main purpose for which we process your personal data is to provide you with services that you request from us. We may need some information from you about health or criminal convictions to do this. We cannot provide you with quotes or policies without this data. We will also process personal data for other purposes, such as marketing (where you have consented), market research and fraud prevention. We will only ever keep your personal data for as long as is necessary for the purpose for which we need that personal data.
We will need to share some of your personal data with some third parties, for example insurers and suppliers, and we will make checks against various databases to verify the information you provide and to help us assess your quote. Some of the decisions that we make in relation to our relationship with you will be made by wholly automated means. These decisions can be reviewed if you ask us to, but this does not necessarily mean that they will be changed.
We are BISL Limited, we arrange and administer Halifax car insurance and we are the data controller of the personal data that you provide and/or that we collect from you. This means that we are the company responsible for deciding how your data is processed.
BISL Limited is part of the BGL Group of Companies and provides products and services under various brands. If you want to know more about the BGL Group of Companies and the brands that BISL operates you can find out more at www.bglgroup.co.uk..
To provide you with car insurance, we need to share your data with the insurers we work with. This is to allow the insurers to consider your application for insurance and to allow them to deal with any claims you make on your insurance policy. The insurers will also be data controllers in relation to the data they receive from us and any additional data the insurer may collect about you when dealing with a claim. This means that the insurers are in charge of how they handle your data and we are not responsible for this.
Ageas Insurance Limited
Covea Insurance Plc
Aviva Insurance Limited
CIS General Insurance Limited
Zenith Insurance plc
Sabre Insurance Company Limited
Zurich Insurance plc
When you choose to add an additional product to your insurance policy, such as breakdown cover, we will also need to share your data with the supplier of the additional product to allow it to be provided.
If you pay for your policy by monthly instalments you will be taking out a credit agreement. Your credit arrangement will be provided by BFSL Limited, which is part of the BGL Group of Companies and which provides credit arrangements on our behalf. Data relevant to your credit agreement will be shared with BFSL Limited. BFSL Limited will also be a data controller of this data and will be responsible for how that data is processed.
Most of the data that we process will be data that we collect from you directly when you request a quote. We will ask you various questions to collect the data we need for the purpose of your policy. We will not be able to provide a quote unless you answer the mandatory questions.
From Lloyds Banking Group
When you obtain a new quote for us, we will use your data to check if you have a previous relationship with the Lloyds Banking Group and obtain a relationship score. The score will be provided by Lloyds Bank, Lloyds Bank Insurance Services Limited or their agents. The score, if available, will relate to your financial conduct and account relationship with Lloyds Bank and other members of the Lloyds Banking Group and is intended to help us provide you with a competitive quote, now and at renewal and for research or analysis. This will be provided to us in the form of a relationship score and will not include any actual details of your account holdings or other data that the Lloyds Banking Group companies may hold about you.
From your use of our website and services
If you contact us electronically, we may collect your electronic identifier e.g. Internet Protocol (IP) address or telephone number supplied by your service provider. This information may be used by us and/or shared with and used by insurers to aid in the detection of fraud.
If we speak to you on the telephone we may record the telephone call. We do this so that we have an accurate record of your conversation with us. We also use this data for monitoring and quality control purposes and may use it for training purposes.
From price comparison sites
If you have been directed to us from a price comparison site then the price comparison site will have provided us with data that you entered in order to allow us to provide you with a quote.
When you purchase one of our policies through a price comparison site we will need to share some information with the price comparison site, for example, information relating to whether the policy has been purchased or the status of the policy. We will also exchange information that is necessary to help resolve any queries or complaints.
Our service providers
We or our insurers will sometimes use third parties to process personal information on our behalf. Where third parties process your personal information on our behalf, we will have a contract in place with them placing obligations on them to keep your data secure and only use it for the purposes that we authorise.
The third parties that we use may include, for example, IT service providers, market research agencies and debt collection agencies or tracing agents appointed by us.
From other companies
As part of considering your quote, administering (including amending or renewing) your policy or dealing with any claims on your policy, we, our insurers and/or our credit providers will exchange information about you with other companies and/or carry out checks with various databases, which is standard practice in the insurance industry. We have set out below some of the common databases that may be checked.
If you provide your, or any named driver's, driving licence number this be passed to the DVLA, either by us or the insurers we work with, in order for a search to be carried out to confirm your (or any named driver’s) licence status, entitlement and relevant restriction information and endorsement/conviction data.
Undertaking searches using your driving licence number helps insurers check information to prevent fraud and ensure policy premiums are fair.
A search with the DVLA will not show on your (or your named driver’s) driving licence record.
For details relating to information held about you by the DVLA, please visit www.dvla.gov.uk.
We and/or our insurers or credit provider(s) will carry out checks with credit reference agencies, including-
- checks against publicly available information such as the Electoral Register, County Court Judgments, bankruptcy or repossession information;
- checks against data relating to your credit history. If you enter into a credit agreement to pay for your policy, we may also pass to Credit Reference Agencies information we hold about you and your payment record with us. Credit Reference Agencies share information with other organisations, enabling applications for financial products to be assessed or to assist the tracing of debtors, or to prevent fraud. We may ask Credit Reference Agencies to provide a credit scoring computation. Credit scoring uses a number of factors to work out risks involved in any application. A score is given to each factor and a total score obtained and this together with other factors will be used to assess your application for a quote or a policy.
The credit reference agencies will keep a record of the search and you may see this recorded on your credit file whether or not you proceed with your quote. If you decide to take out a credit agreement, the search and details of your payment history with the credit provider will also be visible to other lenders. You can find out further information about how the Credit Reference Agencies collect and use personal data at www.callcredit.co.uk/crain which also provides you with details of how to contact the Credit Reference Agencies if you want to check the information that they hold about you.
Claims and Underwriting Exchange and Other Registers and Databases
We, the insurer and/or the re-insurer exchange information with various databases and registers to help us check information provided, to detect and prevent crime or fraud and to obtain information about your no claims history. These may include the Claims and Underwriting Exchange Register, the Hunter Database, the Motor Insurance Anti-Fraud and Theft Register, the No Claims History Database and any other relevant industry databases or registers. Under the conditions of your policy, you must tell us about any incident (such as an accident or theft) which may give rise to a claim whether or not a claim is made. When you tell us about an incident, we or the insurer will pass this information to the registers and any other relevant registers.
Motor Insurance Database
Information relating to your insurance policy will be added to the Motor Insurance Database ("MID") managed by the Motor Insurers' Bureau ("MIB"). MID and the data stored on it may be used by certain statutory and/or authorised bodies including the Police, the DVLA, the DVLANI, the Insurance Fraud Bureau and other bodies permitted by law for purposes not limited to but including:-
- Electronic Licensing
- Continuous Insurance Enforcement
- Law enforcement (prevention, detection, apprehension and/or prosecution of offenders)
- The provision of government services and/or other services aimed at reducing the level and incidence of uninsured driving.
If you are involved in a road traffic accident (either in the UK, the EEA or certain other territories), insurers and/or the MIB may search the MID to obtain relevant information. Persons (including his or her appointed representatives) pursuing a claim in respect of a road traffic accident (including citizens of other countries) may also obtain relevant information which is held on the MID. It is vital that the MID holds your correct registration number. If it is incorrectly shown on the MID you are at risk of having Your vehicle seized by the Police. You can check that your correct registration number details are shown on the MID at www.askMID.com.
We will check our existing records to see if you have held a policy or obtained a quote with us or any of the brands BISL Limited administer before. We will also share personal data with our other brands, Group Companies and insurers for these purposes. The credit providers we work with (as described in the “Who is processing your data?” section above) will also carry out checks against data that they hold on you if you have held a credit agreement with them or applied for credit with them before.
Checking and comparing this data helps us to assess your quote (including at renewal). This data will also be used for research and analysis in accordance with the section headed "What do we use your data for?" below.
Publicly available sources
We or our insurers use some open sources of data which are not personal data (such as information about particular geographic areas) and combine this with the personal data that we hold about you (such as your own address) in order to assess insurance risk and provide you with an accurate quote.
The data that we hold is used for the following purposes:-
The personal data that we use for the purposes set out in this Part includes information you provide during your quote, information about previous or existing policies held by us or our insurers, identification information, information from credit reference agencies, your policy and payment history and behavioural information that we gather from your use of our website and how you manage your policy.
Providing you with a service
As you would expect, this data is used to provide you with the service you have requested, for example a quote or an insurance policy. When you take out a policy, we will continue to use your data to provide you with annual renewal quotes and where we can we will use the data to automatically renew your policy and continue to provide you with insurance cover. If you would prefer that we don’t use your data to automatically renew your policy then you can opt out of the automatic renewal process by contacting us. This means we will still use your data to generate a renewal quote but your policy will not renew unless you tell us that you would like to accept the renewal quote. You can find more information about this in your policy documents.
Credit agreements and payments
Both we and the credit provider use this data (including data held in relation to our other brands) to help us build up a picture of you a customer. This allows us to carry out more accurate assessments of you as a customer when you apply for products with us, including creditworthiness assessments. It helps us to provide you with more relevant information such as making sure we show you the right content at the right time. We also use this information to help calculate your future quotes. This information will also be shared with our insurers for these purposes.
Data will also be used by us or your credit provider (if applicable) to administer any payments due under your policy and this will include (where necessary) sharing data relating to your payments with credit reference agencies, debt collection agencies or any financial organisations such as banks or payment providers for purposes connected with payment processing, refunds, funding or associated services. If you have taken out credit you can find further information within the credit agreement.
Additional information about your circumstances
If you let us know that you have any accessibility requirements or any circumstances which may impact the service we provide to you, we will keep a record of the information you provide so that we can provide an appropriate service to you for example if you tell us that you need documents in an alternative format. Where we can, and if we feel it is appropriate, we may also pass this information to our suppliers or partners to ensure that they can also provide an appropriate service to you.
Data protection law says that we have to tell you the legal basis on which we process your personal data.
In relation to personal data used for the purposes described in this Part 1, we process this data because it is necessary to perform the contract that we have in place with you to provide you with the quote or the policy that you have requested.
In order to prevent and detect fraud we, the credit provider and/or the insurer or the re-insurer may use the personal data set out above at any time to undertake searches to prevent fraud and money-laundering and to verify your identity. This will include checking or sharing your details with credit reference agencies and fraud prevention agencies.
If false or inaccurate information is provided or if we or a fraud prevention agency determine that you pose a fraud or money laundering risk, we may refuse to provide the services and/or financing you have requested and we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and which may be checked by other organisations for example when: checking details on applications for credit and credit related or other facilities; managing credit and credit related accounts or facilities; recovering debt and tracing beneficiaries; checking details on applications for new products and dealing with claims for all types of insurance. This may result in others refusing to provide services, financing or employment to you.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held by them for up to six years
In relation to personal data used for the purposes described in this Part 2, we process this data because we have a legitimate business interest in carrying out these activities to protect against fraud and because there is a substantial public interest in preventing and detecting crime including fraud.
From time to time we will ask you when you request your quote whether you would like to receive marketing material from us. Where you do tell us you are happy to receive this material, we will use your postal address, email address and telephone number to send you marketing materials by post, email, telephone call or SMS. We do not pass your data to third parties for marketing purposes.
Where we have asked you about your marketing preferences, you can change your mind at any time by logging into your Self Service Centre and updating your preferences. Where we do send you any marketing emails you can also unsubscribe from emails by clicking on the unsubscribe link or by contacting us.
If you tell us you don’t want to receive marketing or if we don’t ask you about your marketing preferences, it means that your data will not be used for marketing.
This will not impact any communications that we need to send you for the purpose of your policy, for example communications about your renewal, updates about your policy or information about any quotes we’ve provided to you.
We use the data we hold to help us understand our customer demographic to help us improve the services that we provide to you and to help us target our advertising and marketing so that we show customers adverts or marketing which may be more relevant to them. We may sometimes work with carefully selected third parties to do this for example using advertising services provided by organisations such as Google and Facebook and may share data with them to carry out this research and analysis, however will not sell your data to third parties for them to market to you.
From time to time we may want to use your postal address, email address and/or telephone number to contact you to assist us with our research by asking you a few questions about the service you have received or by asking if you would like to complete a review of our services. We may sometimes ask market research companies to contact you on our behalf.
If you would prefer us not to contact you for market research purposes then you can let us know by contacting us.
Competitions and Special Offers
From time to time we may run promotions such as competitions or special offers. If you decide to participate in a promotion, the personal data collected as part of that promotion (such as your name, contact details and other information provided for the promotion, for example responses to any questions asked as part of the promotion) will be used to administer the promotion and your participation in it. We may need to share your data with third parties for this purpose. For example, we may need to send your contact details to our suppliers so they can send you your prize.
We may, from time to time, offer a functionality on the website to allow you to ask us to send details regarding the website to a friend. Before you provide us with your friend’s details for us to send than an email you will need to make sure you’ve checked your friend is happy for you to do this. When we email the friend we will also include your name so that they know who asked for the email to be sent.
Research and Analysis Activities
We use data relating to your quotes or your policy, including your claims history, to carry out various research and analysis activities to help us to regularly review and improve the products and services we provide and carry out research relating to underwriting, claims and pricing. We also share this data with our insurers to enable them to use this data for these purposes. Where possible, data will be shared on an anonymised basis. The data will not be used to make any decisions that will affect you or any other individual.
We also use the data that we collect about you through your website usage to carry out research and analysis into usage and activities on our website to enable us to continue to improve our website and our products and services.
In relation to personal data used for the purposes described in this Part 3, we process this data because we have a legitimate business interest in carrying out these activities to promote and improve our business. We have ensured appropriate safeguards to protect your rights when processing this data for these purposes.
In order to provide your quote and administer your policy we may ask you to provide data which data protection law classifies as "special personal data". This includes information about your health (such as any medical conditions) or information relating to criminal convictions or alleged or actual criminal offences.
Where we collect special personal data and criminal conviction or offence data to provide you with your quote and your policy, we process this data because it is in the substantial public interest to do so for the purposes of advising on, arranging, underwriting or administering an insurance contract.
It may also be necessary for us to retain a copy of any special personal data and criminal conviction or offence data for the purpose of making or defending claims or preventing or detecting crime, including fraud.
We’ll only keep your personal data as long as we need it and ensure it is securely destroyed when it is no longer required. We do however need to keep certain data after your policy has ended for certain periods as detailed below.
Generally, if you take out a policy with us, you can expect us to keep your data for a period of 10 years following the end of your policy unless there is a requirement for us to keep the data for longer, for example if there are any ongoing queries or claims relating to the policy.
When you obtain a quote, if the policy is not purchased, we will not keep the data you provide for any longer than 5 years from the date of your quote.
We keep data for these periods as it plays an important part in allowing us to undertake fraud detection and prevention activities, allows us to deal with any queries or complaints that may arise regarding the quote and allow us to carry out research and analysis to help us improve our products and services (as described in the section headed "What do we use your data for?" above).
We may use third party suppliers to process personal data about you. Some of these suppliers may be located in countries outside the UK which may not have equivalent laws in place to protect your personal data. For example, we use third party software suppliers to process data such as your IP address and email address. Our insurers may also process personal data in countries outside the UK which may not have equivalent laws in place to protect your personal data. Our insurers are data controllers in respect of any such processing.
Data protection law gives you various rights in relation to your personal data. All the rights set out below can be exercised by contacting us using the contact details set out under the "Contacting us" section below. Those rights include:-
- You have the right to ask us to provide a copy of the personal data that we hold about you. This is called a Data Subject Access Request or "DSAR".
- You can access information about your policy and your policy documents by logging into your Self Service Centre. If you want to receive other personal data that BISL Limited holds then please contact us using the contact details below. When contacting us please describe the information you require and include the following: your full name, your date of birth, your full address and your quote/policy number. For security purposes we may need to ask you for further information to verify your identity. If you require information sending to different contact details to those held on your policy please include a copy of your passport or driving licence and proof of address such as a recent utility bill to assist us in verifying your identity. We might also need to ask you for additional information to help us locate the data that you are looking for.
- Once we have all the information that we need to process your DSAR, we will respond within one month unless your DSAR is very large or complex, in which case we may need to extend this period. If we need to do this we will let you know.
- If you want to make a DSAR in relation to personal data that is held by the insurer of your policy then you will need to contact the insurer directly. You can find their details in your policy documents.
- You have the right to ask us to correct inaccurate personal data that we hold about you. If you think any of your personal data is inaccurate, please contact us and, provided we can verify your identity and are satisfied as to the accuracy of the correction requested, we will correct the relevant personal data as soon as we can.
- You have the right to request that we provide a copy of your personal data in a machine readable format or to ask us to send your personal data to another company. This applies to personal data that you have provided to us, which we have processed electronically, such as data you entered on our website when you obtained a quote.
- You also have the right to ask us to delete personal data that we hold about you. We are obliged to delete personal data in some circumstances, such as where it is no longer needed. However, data protection laws allow us to keep the personal data if we need to, for example if the data is needed to allow us to administer your policy or if the data is needed for fraud prevention. In any case, we will retain your personal data in line with the retention periods detailed under "How long do we keep data?" above.
- You have the right to ask us not to do anything with your personal data except store it in limited circumstances, such as if you and we do not agree on the accuracy of personal data and steps are required to validate it.
- You have the right to object to us processing certain personal data about you. For example, you can ask us to stop processing data for marketing or market research purposes. However, where we need to continue to process the personal data, for example to administer your policy or for fraud prevention purposes, we are not obliged to stop processing it.
- You have the right to ask to review significant decisions that we have made about you wholly by automated means. The nature of the quotes that we provide to you means that we have to use this kind of automated decision making in relation to your personal data (including special categories of personal data) to assess your quotes. This means that our computers will consider lots of different pieces of information about you and about the policy you have requested (such as information about your vehicle) in order to calculate whether or not we are able to offer you a quote, at what price this should be and whether we can offer you a credit agreement to pay for your premium. Automated decision making will be used when you request a quote, when we are considering whether we can offer you a renewal quote and also if any changes are made to your policy. We may also use automated decision making to decide if you pose a fraud or money laundering risk. If you ask us to review the decision, we will make sure that it is examined by a human and we will confirm the outcome to you. This does not necessarily mean that the decision will be changed.
If you would like to contact us about one of your data rights set out under "Your Rights" above, then please contact firstname.lastname@example.org or write to Data Requests, BGL Customer Services, Fusion House, Bretton Way, Bretton, Peterborough, PE3 8BG. You can use these details to contact BISL Limited, BFSL Limited or ACM ULR Limited which are all part of the BGL Group of Companies,
For security, we will only discuss the policy with, or allow changes to be made, by the policyholder or someone named on the policy unless you have told us otherwise or the third party is able to provide confirmation that they have authority to act on your behalf (for example under a Power of Attorney). If you don’t want us to accept instructions from someone named on your policy then you can let us know. However, please be aware that we may still need to discuss with them any matters that directly concern them, for example, where they are insured on the policy and details of the information about them that is held in relation to the policy.
We aim to provide a high level of service to all Our customers but occasionally things can go wrong, when this happens We will do everything We can to put things right.
If you have a complaint about Our service or your policy, please contact Us first by phone and if after talking to Us you are still not happy please write to Our Customer Relations Manager at the address shown below. Should you wish to use an alternative means of communication, We are happy on request to correspond with you by e-mail, or fax.
For the purposes of handling complaints Our working day is 9am to 5pm Monday to Friday, not including Bank Holidays.
By telephone - Please ring 0344 209 0471 and you will be put through to the Customer Service Team. We will attempt to resolve your complaint within 24 hours. If this does not happen We will agree your next step with you.
In writing - Please address your letter to:
The Customer Relations Manager
Please include details of your name and address, a contact telephone number, your policy or quote number and details of why you are unhappy. This will help Us to respond to you as quickly as possible. If We do not have enough information to investigate your complaint We will contact you to ask you for further details. In all cases We will send a written acknowledgement of your complaint to you within 5 working days of its receipt. In Our acknowledgement We will advise you of the name and job title of the person who will be dealing with your complaint.
Within four weeks of receiving your complaint We will send you either: A final response; or A letter explaining why We are not yet in a position to resolve your complaint and advising you of when We will be contacting you again.
By the end of eight weeks after receipt of your original complaint letter, We will send you:
A final response; or
A letter explaining why We are still not in a position to issue a final response and advising you of when We expect to be able to do so. If We cannot settle your complaint or you are not happy with the final response you may be entitled to refer it to the Financial Ombudsman Service. For more information please go to www.financial-ombudsman.org.uk.
For full details of Our complaints handling process please see the section marked 'Customer Information' in your main policy documentation.
You also have the right to complain to the Information Commissioner’s Office, which regulates data protection compliance. You can find more information by visiting their website www.ico.org.uk.