Privacy notice

Information about us and the website

    Introduction

    About Hastings Group Holdings Limited

    1. About Hastings Insurance Services Ltd.

    2. What we mean by personal information

    3. How we use your personal information

    3.1 If you've taken out a quote, have a policy with us, or are responsible for paying for a policy, or are acting on behalf or our policyholder

    3.1.1 The personal information we'll collect and where we'll collect it from

    3.1.2 What we use your personal information for

    Type of processing

    Grounds for using personal information

    Grounds for special categories

    To assess your insurance application and provide a quote (or a quote you're named in)

    • PH – To enter into or perform a contract
    • ND – We have a legitimate interest (to assess the insurance application and provide a quote)
    • It's necessary for an insurance purpose

    To verify your identity or carry out fraud, credit and anti-money laundering checks for an insurance application or to provide a quote (or a quote you're named in)

    • PH – To enter into or perform a contract
    • ND – We have a legitimate interest (to carry out appropriate fraud/credit checks)
    • It's necessary for an insurance purpose
    • It's in the substantial public interest to prevent or detect unlawful acts
    • To establish, exercise or defend legal rights

    To set up your insurance policy (or a policy you're covered on)

    • PH – To enter into or perform a contract
    • ND – We have a legitimate interest (to set up and validate insurance policies)
    • It's necessary for an insurance purpose

    To set up a loan or monthly payment plan

    • PH – To enter into or perform a contract
    • TOP – To enter into or perform a contract
    • We won't process your special categories of information for this purpose

    To communicate with you to manage queries and resolve any complaints you might have

    • To enter into or perform a contract
    • We have a legitimate interest (to send you communications, record and handle complaints)
    • It's necessary for an insurance purpose
    • To establish, exercise or defend legal rights

    To comply with our legal or regulatory obligations

    • We have a legal or regulatory obligation
    • It's necessary for an insurance purpose
    • To establish, exercise or defend legal rights

    To make sure we consider any customers who may be in a vulnerable circumstance

    • We have a legitimate interest (to ensure a consistent service to all of our customers and that all customers are treated equally)
    • It's necessary for an insurance purpose
    • Explicit consent

    To manage any claims you make under your insurance policy (or a policy you're covered on)

    • PH – To enter into or perform a contract
    • ND – We have a legitimate interest (to pay claims and manage the claims process)
    • It's necessary for an insurance purpose
    • To establish, exercise or defend legal rights

    When involved in an accident with a Hastings customer we search prior quote data for enhancement of the third party's contact details (for example, to locate missing telephone numbers).

    • TP – We have a legitimate interest
    • We won't process your special categories of information for this purpose

    Using driving data to monitor driving practices

    • PH – To enter into or perform a contract
    • ND – We have a legitimate interest (to monitor the driving style of drivers insured by us)
    • We won't process your special categories of information for this purpose

    To assist in risk modelling and renewal pricing of products

    • We have a legitimate interest (to develop and improve our products and services)
    • It's necessary for an insurance purpose

    To prevent and investigate fraud on an ongoing basis

    • We have a legitimate interest (to prevent and detect fraud and other financial crime)
    • It's in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud)
    • To establish, exercise or defend legal rights

    For debt collection purposes

    • To enter into or perform a contract
    • We have a legitimate interest (for example, to recover a debt)
    • Explicit consent

    To provide improved quality, training and security (e.g. through recorded or monitored phone calls to/from us, or customer satisfaction surveys)

    • We have a legitimate interest (to develop and improve our products and services)
    • We won't process your special categories of information for this purpose

    Managing our business operations (e.g. keeping accounting records, analysing financial results, meeting audit requirements, receiving professional advice, and holding our own insurance)

    • We have a legitimate interest (to carry out business operations and activities that are necessary for the everyday running of a business)
    • We won't process your special categories of information for this purpose

    For insurance administration purposes including trend analysis, actuarial work, pricing analysis, analysis of customer experience, planning service delivery, risk assessment, and costs and charges

    • We have a legitimate interest (to develop and improve our products and services)
    • We won't process your special categories of information for this purpose

    To send you marketing materials about our products and services (with your permission)

    • Consent
    • We won't process your special categories of information for this purpose

     

    3.1.3 Who we'll share your personal information with

    3.2 If you've been involved in a vehicle accident with one of our customers

    3.2.1 What personal information we'll collect and where we'll collect it from

    3.2.2 What we'll use your personal information for

    Type of processing

    Grounds for using personal information

    Grounds for special categories

    To manage claims

    • We have a legitimate interest (to assess and pay your claim and manage the claims process)
    • We have a legal or regulatory obligation
    • To establish, exercise or defend legal rights

    To verify your identity, prevent and investigate fraud

    • We have a legitimate interest (to prevent and detect fraud and other financial crime)
    • It's in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud)
    • To establish, exercise or defend legal rights

    To comply with our legal or regulatory obligations

    • We have a legal or regulatory obligation

    • To establish, exercise or defend legal rights

    • It's necessary for an insurance purpose

    To communicate with you in any way and/or resolve any complaints you might have

    • We have a legitimate interest (to send you communications, record and handle complaints)

    • You've given us your explicit consent

    • To establish, exercise or defend legal rights

    To provide improved quality, training and security (e.g. through recorded or monitored phone calls to/from us or customer satisfaction surveys)

    • We have a legitimate interest (to develop and improve our products and services)

    We won't process your special categories of information for this purpose

    Managing our business operations (e.g. keeping accounting records, analysing financial results, meeting audit requirements, receiving professional advice and holding our own insurance)

    • We have a legitimate interest (to carry out business operations and activities that are necessary for the everyday running of a business)

    We won't process your special categories of information for this purpose

    For insurance administration purposes including trend analysis, actuarial work, pricing analysis, analysis of customer experience, planning service delivery, risk assessment and costs and charges

    • We have a legitimate interest (to develop and improve our products and services)

    We won't process your special categories of information for this purpose

     

    3.2.3 Who we'll share your personal information with

    3.3 Where you witnessed an event involving one of our customers

    3.3.1 What personal information we'll collect and where we'll collect it from

    3.3.2 What we'll use your personal information for

    Type of processing

    Grounds for using personal information

    Grounds for special categories

    To investigate and manage claims made under an insurance policy

    • We have a legitimate interest (to assess and pay claims and manage the claims process
    • You've given us your explicit consent or it's necessary for an insurance purpose
    • To establish, exercise or defend legal rights

    To comply with our legal or regulatory obligations

    • We have a legal or regulatory obligation
    • You've given us your explicit consent
    • To establish, exercise or defend legal rights

    To prevent and investigate fraud

    • We have a legitimate interest (to prevent and detect fraud and other financial crime)
    • It's in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud)
    • To establish, exercise or defend legal rights

    For business processes and activities including analysis, review, planning and transactions

    • We have a legitimate interest (to effectively manage our business)

    We won't process your special categories of information for this purpose

     

    3.3.3 Who we'll share your personal information with

    4. Use of our website and mobile app

    4.1 What personal information we'll collect and where we'll collect it from

    4.2 What we'll use your personal information for

    Type of processing

    Grounds for using personal information

    Grounds for special categories

    Communicating with you and responding to any enquiries you have

    • We have a legitimate interest (to communicate with you or to respond to any enquiries)

    We won't process your special categories of information for this purpose.

    Monitoring usage of our website

    • We have a legitimate interest (to assess usage of and gain insight from our website and/or app)

    We won't process your special categories of information for this purpose

     

    5. Our approach to sending your personal data abroad

    6. Marketing

    7. How long we keep your personal information for

    8. Automated processing

    9. Your rights

    Under data protection law you have a number of rights in relation to the personal information we hold about you. You can exercise these rights by contacting us. We won't usually charge you in relation to a request.

     

     

    The right to access your personal information

    You're entitled to a copy of the personal information we hold about you and certain details of how we use it. We'll usually provide your personal information to you in an email unless you request otherwise.

    The right to rectification

    We take reasonable steps to make sure the information we hold about you is accurate and, where necessary, up-to-date and complete. If you believe there are any inaccuracies, discrepancies or gaps in the information we hold about you, you can contact us and ask us to update or amend it.

    The right to erasure

    This is sometimes known as the 'right to be forgotten'. It entitles you, in certain circumstances, to request your personal information be deleted. For example, where we no longer need your personal information for the original purpose we collected it for or where you have exercised your right to withdraw consent. While we will assess every request, there are other factors that will need to be taken into consideration. For example, we may not be able to erase your information as you've requested because we have a regulatory obligation to keep it.

    The right to restriction of processing

    In certain circumstances, you're entitled to ask us to stop using your personal information, for example where you think the personal information we hold about you may be inaccurate or where you think we no longer need to use your personal information.

    The right to data portability

    In certain circumstances, you can request we transfer personal information you've provided to us to a third party.

    The right to object to marketing

    You have control over the extent to which we market to you and the right to request we stop sending you marketing messages at any time. You can do this either by clicking on the 'unsubscribe' link or button in any email we send you or by contacting us using the details set out in section 10. Even if you exercise this right because you do not want to receive marketing messages, we may still send you service related communications where necessary.

    The right to object to processing

    In addition to the right to object to marketing, in certain circumstances you'll also have the right to object to us processing your personal information. This will be when we're relying on there being a legitimate interest to process your personal information. In some circumstances, we will not be able to cease processing your information, but we'll let you know if this is the case.

    Rights relating to automated decisions

    If you've been subject to an automated decision and don't agree with the outcome, you can ask us to review it.

    The right to withdraw consent

    Where we rely on your consent in order to process your personal information, you have the right to withdraw such consent to the further use of your personal information. We'll advise you of this at the point of collection of your data.

    The right to lodge a complaint with the ICO

    You have a right to complain to the Information Commissioner's Office if you believe that any use of your personal information by us is in breach of applicable data protection laws and/or regulations. More information can be found on the Information Commissioner's Office website. This will not affect any other legal rights or remedies that you have.

     

    10. How we protect your information

    11. Contact us

    12. Updates to this Privacy Policy

    13. Copies of this notice

    Last modified: 7:45 AM - 11 September, 2024