GDPR Privacy Statement

General Data Protection Regulation Privacy Statement

DCL Insurance (DCL) take the protection of your privacy and the confidentiality of your personal information (Personal
Data) extremely seriously. This privacy statement sets out how we meet our obligations regarding data protection and the
rights of our customers, prospective customers, and former customers (Data Subjects) in respect of their Personal Data
as defined under relevant data protection legislation including the Data Protection Acts of 1998 and 2018 (the DPA), the
General Data Protection Regulation effective from 25 May 2018 (the GDPR) and any subsequent data protection legislation.

This privacy statement should be read in conjunction with our Online Privacy Policy and Terms of Business.

What is Personal Data?

GDPR defines Personal Data as any information relating to an identified or identifiable natural person (Data Subject);
an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an
identifier such as an individual’s: name, contact details (including address and e-mail address, telephone number), date
of birth, gender, marital status, financial details, details of occupants of your property, employment details and
benefit coverage or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural
or social identity of that natural person.

We may also collect ‘special categories’ of Personal Data such as trade union membership. We may also collect data
relating to criminal convictions and offences.

Where Personal Data about you is obtained from publicly available sources, we will only use such data fairly, meaning
for legitimate purposes as would be anticipated of (and reasonably expected as) the activities of an insurance broker,
and not further processed in a manner that is incompatible with those purposes.

How does DCL collect your Personal Data?

We collect your Personal Data in the following ways:

Directly from you either on the telephone, through our website, via email or other written correspondence.
From a third-party individual authorised by you to request an insurance quotation on your behalf.
Generally available sources such as information about you in the public domain (for example, information on
directors held at Companies House), online and from third party data processors (provided that it is fair to do so).
Searches that we undertake in relation to sanctions, money laundering, and credit checks.

When does DCL collect your Personal Data?

We will collect your data:

When you or an authorised third party as described above obtains or attempts to obtain a quotation, when your
policy is incepted, renewed or amended or when you make a claim or a claim is made against you.
We may also collect Personal Data from you when you use our website, enter one of our competitions or use our
social media channels.

What Personal Data does DCL gather?

We will only gather Personal Data that is necessary for us to provide our services to you. This data includes personal
and special category data. Below is a list of examples of the data we may gather:

Your name, date of birth, residential address and address history. Residency, marital status, contact details such
as email address and telephone numbers.
DVLA details, driving history, licensing authority, previous insurance details, previous accidents and motor
convictions.
Financial and employment details, including finance commitments and affordability questions, national insurance
number, bank details and credit references (e.g. your credit rating).
In order to assess the terms of the insurance contract or administer claims that arise, we ask for special
category sensitive data, such as medical history, county court judgments and criminal convictions.
Any information which you have provided in support of your policy or insurance claim.
Information from insurers, witnesses, third parties and solicitors in relation to an insurance claim made by you
or against you.
Details of all previous insurance quotations that you have requested from us.
Details of all policies held with us including dates of purchase, dates of inception, lapse and cancellation
dates.
Marketing preferences and browsing insights.

We may also need to gather personal and special category data relating to others in order to provide a quotation and
administer insurance. Where you disclose the Personal Data of others, you must ensure that you have obtained permission
from the individual to do so.

How does DCL handle your data?

The security and protection of your information is extremely important. DCL has appropriate safeguards in place, in
accordance with our data protection obligations, for the protection of any Personal Data which we process. Our security
controls are aligned to industry standards and good practice, ensuring that we effectively manage the risks associated
to the confidentiality, integrity and availability of your information.

Furthermore, we ensure that our employees are aware and remain up-to-date of our data protection obligations; and all
members of staff undertake annual training and testing.

We do not hold more information about you than what is required for the purposes for which it is being processed.
We endeavour to ensure that any information about you is accurate and kept up to date.
We do not keep your information for longer than is necessary or as required by law.
We process your information in accordance with your rights under the relevant Data Protection Laws.

We will share your Personal Data with authorised third parties. This is necessary and required by law in order for us to
quote for, source, place and administer your insurance. This also includes to perform underwriting activities, to
arrange premium finance and to process claims. A list of the authorised third parties we share your Personal Data with
can be found below:

Insurance Companies
Underwriters
Reinsurers
Insurance Brokers
Premium Finance Providers
Credit Reference Agencies
Debt Recovery Agencies
Claims Handling Companies

The insurance companies that we use participate in a sharing of information agreement to combat insurance fraud. When
arranging your insurance with DCL, you are agreeing your insurance company sharing your data in the following ways:

Passing your claims information onto the Claims Underwriting Exchange (CUE).
Supply details of your motor insurance to the Motor Insurance Database (MID).
Pass information to the Motor Insurance Anti-Fraud and Theft Register (MIAFTR).

We will also share your Personal Data within our group of companies including affiliates and subsidiaries. This is
normal practice within the insurance industry where it is necessary to share information in order to place, quantify and
underwrite risks, to assess overall risk exposure, to determine the premium payable and to process claims.

We also record a selection of our telephone calls for training, service and compliance monitoring.

The lawful basis for processing your Personal Data

The lawful basis’ under which we may process your personal data are as follows:

Consent: when you give us your clear consent that we can process your data.
Contract: it is necessary for the performance of a contract to which you are, or will be, a
party.
Legal obligation: processing is necessary for compliance with a legal obligation to which we are
subject.
Vital interests: processing is necessary to protect your vital interests.
Public task: processing is necessary to perform a task carried out in the public interest or in
the exercise of official authority vested in us.
Legitimate interests: processing is necessary for our legitimate interests or the legitimate
interests of a third party, except where such interests are overridden by your fundamental rights and freedoms which
require protection of Personal Data.

Summary table of the collection and processing of Personal Data

Purpose	Type of Personal Data	How we collect Personal Data	Legal basis for processing
To carry out business: · Provide a quotation. · Establish and administer a policy. · Process a renewal. · Mid-Term Adjustments (MTAs), · Process claims. · Complaints handling. · Improve our services and delivery.	· Your name, date of birth, residential address and address history. Residency, marital status, contact details such as email address and telephone numbers. · DVLA details, driving history, licensing authority, previous insurance details, previous accidents and motor convictions. · Financial and employment details, including finance commitments and affordability questions, national insurance number, bank details and credit references (e.g. your credit rating). · Special category sensitive data, such as medical history, county court judgments and criminal convictions. · Personal and special category data relating to others in order to provide a quotation and administer insurance. (Where you disclose the Personal Data of others, you must ensure that you have obtained permission from the individual to do so).	· Directly from you either on the telephone, through our website, via email or other written correspondence. · From a third-party individual authorised by you to request an insurance quotation on your behalf. · Generally available sources such as information about you in the public domain (for example, information on directors held at Companies House), online and from third party data processors (provided that it is fair to do so). · Searches that we undertake in relation to sanctions, money laundering, and credit checks.	Contract Legal obligation.
Marketing and competitions	· Your basic details (e.g. name, telephone no and email address). · Basic details of your business and/or insurance (e.g. renewal date, vehicle type etc.).	· Telephone · Email · Prize draw leaflets · Surveys · Our website	Your consent
To measure our marketing strategies	Online customer behaviour insights (e.g. time and general location when you visited our website). Devices you used to interact with our services (e.g. phone model or computer type). Pages of our websites or blogs you have visited. Time spent on a page. Links clicked. Emails opened.	· Google Analytics. · Google Adwords. · Mailchimp. For more information, please see our online privacy policy.	Our legitimate interest

We will retain your Personal Data at the end of any contractual agreement for seven (7) years.

If you have contacted us for a quote, we will retain your Personal Data for seven (7) years.

We will retain special category Personal Data (criminal convictions) for seven (7) years.

If you have submitted a claim or a claim has been submitted against you; whether the claim is non-injury or an
individual has been injured we will retain your Personal Data for seven (7) years.

If you submit a complaint to us, we will retain your Personal Data for seven (7) years.

There may be occasions where we need to retain your Personal Data for longer than the durations specified above. These
circumstances may include if we are representing you or defending ourselves in a legal dispute or where evidence exists
that a future claim may occur or where required to do so by law.

The retaining of Personal Data is necessary where required for contractual, legal or regulatory purposes or for our
legitimate business interests for statistical analysis, marketing purposes and product development.

Personal Data security

Furthermore, we ensure that our employees are aware and remain up-to-date of our data protection obligations; and all
members of staff undertake annual training and testing.

Your rights

You are provided with legal rights governing the use of your Personal Data. These rights are as follows:

The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.

You can exercise your individual rights at any time. Further information on these rights can be found below:

The right to be informed

It is your right to know how we process your Personal Data.

The right of access

You have the right to access the data we hold about you.

You can request to see what Personal Data we hold on you and there is no charge for this service and will be provided to
you within one (1) month of your request.

Should you wish to receive a copy of the information we hold on you, please contact our Data Controller by email: data@dclinsurance.com

Or you can write to us:

Data Controller
DCL Insurance
19 West Street
Carshalton
Surrey
SM5 2PT

The right to rectification

You have the right to request that incomplete or inaccurate Personal Data about you is rectified without undue delay.

We take all steps to ensure that the Personal Data we hold about you is accurate and complete. If you do not believe
this is the case, please contact us to amend and update it.

The right to erasure

In certain circumstances, you have the right to ask us to erase your Personal Data, for example where the personal
information we collected is no longer necessary for the original purpose, however this will need to be balanced against
other factors, for example legal and regulatory obligations which mean we cannot comply with your request.

The right to restrict processing

In certain circumstances, you have the right to request the restriction of our processing of your Personal Data
(although we will still be permitted to store it where we have a legitimate interest in doing so, for example to address
future disputes, in which case access to such Personal Data will be restricted as appropriate).

The right to data portability

In certain circumstances, you have the right to ask that we transfer any personal information that you have provided to
us to another third party of your choice. Once transferred, the other party will be responsible for looking after your
personal information.

The right to object

You have the right to object to our processing your data (this can be in relation to only certain types of processing if
you wish, so that other types of processing necessary for the performance of our contractual obligations can continue)
where we do so in connection with our legitimate interests, or in relation to our profiling your data or using it for
marketing purposes.

Please note:

In exercising your Individual Rights, you should understand that in some situations we may be unable to fully meet your
request. For example, if you make a request for us to delete all your personal data, we may be required to retain some
data for taxation, prevention of crime and for regulatory and other statutory purposes.

You should understand that when exercising your rights, a substantial public or vital interest may take precedence over
any request you make. In addition, where these interests apply, we are required by law to grant access to this data for
law enforcement, legal and/or health-related matters.

The flow of data within the insurance sector is complex and we ask you to keep this in mind when exercising your ‘rights
of accesses’ to your information. Where we may be reliant on other organisations to help satisfy your request this may
impact on timescales.

Complaints

If you are dissatisfied with any aspect of the way in which we process your Personal Data please contact our Data
Controller. You also have the right to complain to the UK’s data protection supervisory authority, the Information
Commissioner’s Office (ICO). The ICO may be contacted via their website, by live chat or by calling their helpline on 0303 123 1113.

Contact us

If you have any questions regarding this policy, the use of your data and your Individual Rights please contact our Data
Controller via one of the following methods:

Email: data@dclinsurance.com

Telephone: 020 8669 4466

Post: Data Controller, DCL Insurance, 19 West Street, Carshalton, Surrey, SM5 2PT