Privacy statement

Privacy Statement

This Privacy Statement details Our policies and procedures in relation to the Personal Data We process. Haven Insurance Company Limited (“Haven”) are committed to processing data in accordance with the General Data Protection Regulation (“GDPR”) and the Data Protection Act (“DPA”) and take all reasonable steps to prevent any unauthorised access to Your Personal Data.

Key Definitions

Data Controller - A Data Controller determines the purpose and means of processing personal data.

Data Processor - A Data Processor is responsible for processing data on behalf of the controller.

Personal Data - Any information relating to an identifiable person who can be directly or indirectly identified.

Special Categories of Personal Data - Genetic Data, Racial or Ethnic Origin, Political Opinions, Religious or Philosophical Beliefs, Trade Union Membership, Biometric Data, Health/Medical Data, Sexual Orientation.

You or Your - Means the individual whose personal data we are processing.

We, Our or Us - Means Haven Insurance Company Limited (“Haven”).

Data Controller

Haven Insurance Company Limited
No. 1 Grand Ocean Plaza,
Ocean Village,
Gibraltar

0345 0920704
dataprotection@haven.gi

Registration Number: 85914


Processing

If you are providing Us with another person’s data you should ask them to also read this Privacy Policy. By giving Us information about another person you are confirming that they have given you consent to provide the information to Us.

We use Your Personal Data for the following purposes:

Insurance Provision
We process Your Personal Data in order to underwrite and manage Your insurance policies.

This may include sharing Your Personal Data with:

1.       Our Agents to process and administer Your insurance. As part of Our Agents processing they may carry out checks with credit reference and fraud prevention agencies in order to verify Your identity, assess Your application for a quotation or credit and offer You the best terms.  The checks may be against both public data (such as information from the electoral roll) and private data (such as your credit history). A record of the search will appear on Your credit report. As part of the quote process, Our Agent may exchange information with various industry databases in order to verify the information that You have provided such as the Claims and Underwriting Exchange (CUE), the Hunter Database, the Motor Insurance Anti-Fraud and Theft Register or the No Claims Discount Database. Our Agents may also carry out checks against data they already hold on You such as data from existing products or account data. They may use this data to help them assess and rate Your application for a quote and determine Your premiums. 

2.       Subcontractors and service providers to process Your Personal Data and provide services on Our behalf.

3.       Our Appointed Claims Handlers to manage claims under Your insurance.

4.       Industry Regulators to monitor and enforce Our compliance with any applicable regulations.

5.       Other Insurers, if You move to a new insurer We may confirm certain details about Your insurance to them. We will only confirm details to genuine organisations. Any requests for policy information by an individual other than the insured will require permission from the insured to do this.

6.       Third parties involved in a claim, including their insurer, solicitor, or representative.

7.       The Compensation Recovery Unit, Department for Work and Pensions, and National Health Service in relation to a claim.

8.       The Financial Ombudsmen Service, if You make a complaint about the service We have provided.

9.       The Motor Insurance Anti-Fraud and Theft Register and to the Claims and Underwriting Exchange Register, which are both administered by Motor Insurance Bureau (MIB).

10.   The DVLA, Your Driving Licence Number may be provided to the DVLA in order for a search to be carried out to confirm Your licence status, entitlement and relevant restriction information and endorsement/conviction data. Searches may be carried out as part of Your quote and at any point throughout the duration of Your insurance policy. A search with the DVLA will not show on Your driving licence record. For details relating to information held about You by the DVLA, please visit www.dvla.gov.uk. Undertaking searches using Your driving licence number helps insurers check information to prevent fraud and reduce incidences of negligent misrepresentation and non-disclosure.

11.   The Motor Insurance Database (MID); information relating to Your insurance policy will be added to the Motor Insurance Database (MID) managed by the Motor Insurers’ Bureau (MIB). MID and the data stored on it may be used by certain statutory and / or authorised bodies including the Police, the DVLA, the DVANI, the Insurance Fraud Bureau and other bodies permitted by law for purposes not limited to but including:

11.1.                     Electronic Licencing;

11.2.                     Continuous Insurance Enforcement;

11.3.                     Law enforcement (prevention, detection, apprehension, and/or prosecution of offenders);

11.4.                     The provision of government services and other services aimed at reducing the level and incidence of uninsured drivers.
If You are involved in a road traffic accident (either in the UK, the EEA or certain other territories), insurers and/or the MIB may search the MID to obtain relevant information. Persons (including their appointed representatives) pursuing a claim in respect of a road traffic accident (including citizens of other countries) may also obtain relevant information which is held on the MID. It is vital that the MID holds Your correct registration number. If it is incorrectly shown on the MID You are at risk of having Your vehicle seized by the Police. You can check that Your correct registration number details are shown on the MID at www.askmid.com

Administration
To manage and administer Our relationship with You, including Your registrations, transactions and communications with Us, to perform all orders and contracts with You, to provide the products and information You request, and to respond to Your comments, questions and support requests, and to monitor compliance with and enforce the terms of Our relationship and any contracts with You.

Telephone Calls
We may monitor and record telephone calls for the purpose of security and training.

Market Research/Data Analysis
To help improve Our services We, Our Agents and recipients of Your Personal Data may also use Your Personal Data for the purposes of marketing research and data analysis. This helps to develop and improve the products and services that are offered.

Website Analysis
We may use cookies on www.haven.gi. A cookie is a small file that is placed on Your device, which enables a server to identify that device and allows Us to recognise You as a unique user and provide Us with information about how You use Our website.  Cookies are commonly used on the Internet and do not harm Your computer system.

We may also use web beacons and pixel tags, these are similar to cookies and allow Us to collect information about how You use Our website and help Us to offer You the best service.  We may use web beacons and pixel tags alongside cookies both on Our website and in any emails We sent to You. Again, web beacons and tags are commonly used across many websites and do not harm Your computer system.

Information collected may include items such as the IP address of Your computer, the time You visited Our website and what links You clicked on or when You opened Our emails. 

We may, from time to time use and serve cookies, pixel tags, action tags or similar technologies. We use the information We collect for various purposes, including to understand how You use Our website and to assist Us in tailoring the website to customer needs.

Complaints
To investigate and respond to complaints made in relation to insurance policies We underwrite.

Fraud Prevention
Before We provide services, goods or financing to You, We undertake checks for the purposes of preventing fraud and money laundering, and to verify Your identity. These checks require Us to process Personal Data about You.

The Personal Data You have provided, We have collected from You, or We have received from third parties will be Used to prevent fraud and money laundering, and to verify Your identity.

Details of the Personal Data that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address and vehicle details.

We and fraud prevention agencies may also enable law enforcement agencies to access and Use Your Personal Data to detect, investigate and prevent crime.

We process Your Personal Data on the basis that We have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect Our business and to comply with laws that apply to Us. Such processing is also a contractual requirement of the services or financing You have requested.

Fraud prevention agencies can hold Your personal data for different periods of time, and if You are considered to pose a fraud or money laundering risk, Your data can be held for up to six years.

If We, or a fraud prevention agency, determine that You pose a fraud or money laundering risk, We may refuse to provide the services or financing You have requested, or to employ You, or We may stop providing existing services to You. 

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to You. If You have any questions about this, please contact Us on the details below. 

Whenever fraud prevention agencies transfer Your Personal Data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect Your Personal Data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

Your Personal Data is protected by legal rights, which include Your rights to object to Our processing of Your Personal Data; request that Your Personal Data is erased or corrected; request access to Your Personal Data.

Legitimate Interests

Insurance Provision
Administration
Prevention of fraud and financial crime
Establishment, exercise or defence of legal claims

We will release Your Personal Data when We are required to do so for legal or regulatory purposes or as part of legal proceedings.

Categories of Personal and Special Category Data

Including, but not limited to: Name, Address, Date of Birth, Residential Address and Address History, Contact Details, Claims History, Motoring Convictions, Criminal Convictions, Employment Details, Financial Information, Identifiers assigned to your computer including your Internet Protocol (IP) Address, Vehicle Details, Driving Licence Details, Driving Qualifications, Claims History, Medical Conditions, Residency Details, Property Details, Insurance Cover details.

We do not use any automated decision making or profiling when handling Your Personal Data.

Recipients of Personal Data

Depending on the type of insurance policy You have with Us and whether You make a claim on Your policy, Your Personal Data may be provided to the following recipients.

Policy Administration
Brokers/Agents
Other Insurers

Claims Handling
Claims Handlers
Fraud Prevention Agencies
Claims Investigators
Engineers
Medical Assessors/Providers
Hire Car Providers
Repairers
Solicitors
Reinsurers
Salvage Agents
Windscreen Repairers
Service Providers
Subcontractors
Third Parties, including their insurer, solicitor, or representative
Department for Work and Pensions
National Health Service
Compensation Recovery Unit


Regulation/Compliance
Regulators
Other Insurers
Financial Ombudsmen Service
Motor Insurers Database
DVLA
Motor Insurance Anti-Fraud and Theft Register

We may also receive Your Personal Data from the above parties.

Where Personal Data is provided to other parties in relation to the service You have requested, the other parties may also be acting as Data Controllers. If you would like more information about how any of these other parties process data, you should read the privacy policy for the relevant party which they will be able to provide You.

We may pass Your Personal Data to other companies who process the data on Our behalf. Some of these companies may be based outside the European Economic Area. In all cases We always take steps to ensure that Your personal data is kept securely.

Retention Period

Policy records – 6 years plus 4 months from expiration of policy.

Claim records – 6 years plus 4 months from the date of file closure, unless the claim involved a minor, in which case the data will be retained for 6 years 4 months from when that party turned 18.

Insurance Certificates for Haven – 6 years from expiration of policy.

Your Rights

Right to be informed
This Privacy Statement sets out how We will collect and use Your data.

Right to access
You have the right to obtain confirmation as to whether Your data is being processed, and a copy of Your personal data which is being processed.

Right to rectification
You have the right for Your personal data to be rectified where it is inaccurate or incomplete.

Right to be forgotten/Right to erasure
You have the right to request the deletion or removal of personal data where there is no compelling reason for its continued processing.

Right to restrict processing
You have the right to restrict the processing of Your personal data.

Right to data portability
You have the right to obtain a copy of Your personal data which You provided to us in order to transfer the data to other service providers.

Right to object
You have the right to object to:
- processing based on legitimate interests
- direct marketing (including profiling)
- processing for purposes of scientific/historical research and statistics.

Rights on automated decision making – including profiling
Automated decision making may only be carried out where the decision is:

necessary for the entry into or performance of a contract; or

authorised by Union or Member state law applicable to Haven; or

based on Your explicit consent.
You may notify us at any time if you wish to withdrawn your consent.

Please contact Us at dataprotection@haven.gi if You wish to exercise any of Your above rights.

You have the right to make a complaint to Haven’s Supervisory Authority:

Gibraltar Regulatory Authority
2nd Floor, Eurotowers 4,
1 Europort Road,
Gibraltar
info@gra.gi
+35020074636

If you wish to make the complaint to the Supervisory Authority in the UK, their information is detailed below:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
0303 123 1113
www.ico.org.uk


Links to other websites

Our website may contain links to other websites of interest. However, once You have used these links to leave Our site, You should note that We do not have any control over that other website. Therefore, We cannot be responsible for the protection and privacy of any information which You provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question. 

We reserve the right to amend or modify this privacy policy at any time.