This privacy notice is issued on behalf of the esure Group companies within the United Kingdom. When we mention "esure", "we", "us" or "our", what we mean is the relevant company in the esure Group that processes your personal information. Additional details about the esure Group are set out below.
About this document
This Privacy Notice will help you understand how we collect, use and protect your personal information. You should also show this notice to anyone who is included in your policy, and anyone else whose details you provide to us.
We may need to make changes to this privacy notice, for example, to include legislation changes, new technologies or other developments in privacy laws. You should check our website periodically to view our most up to date privacy notice. If you have any queries about this Privacy Notice or how we process your personal information, please contact the Data Protection Officer by email: [email protected] or by post: Data Protection Officer, esure, The Observatory, Reigate, RH2 0SG.
Who we are
When you buy one of our home or motor insurance policies the organisation responsible for the processing of your personal information is esure Insurance Limited. This means that we are a ‘Data Controller’ under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, referred to in this document as Data Protection Legislation. Additional data controllers include esure Services Limited, the organisation responsible for the sale and distribution of your insurance products together with any Underwriters identified in your policy booklet. esure Insurance Limited and esure Services Limited, are wholly owned by esure Group plc. esure Group plc. also includes other companies and brands such as Sheilas’ Wheels and First Alternative. We also partner with other companies providing you with insurance and insurance related services.
What information we collect about you
The personal data you have provided, we have collected from you, or we have received from third parties includes:
- name, address and address history, date of birth and gender
- contact details, including telephone numbers and email address
- financial information, including credit/debit card details (although we do not retain complete payment card information)
- credit account performance information
- details about your family and dependents (e.g. your marital status and number of children)
- information about your lifestyle and living circumstances (e.g. your employment details and home ownership)
- identifiers assigned to your computer or other devices, including your Internet Protocol (IP) address, cookies and similar technologies (For more information on Cookies please see our Cookies Policy online: https://www.firstalternative.com/cookies-policy)
- sensitive personal information such as criminal convictions, health details and medical history for the purposes of providing you with a policy or processing claims, or details of any court or judgements for the purposes of preventing, detecting and investigating fraud.
- for car insurance only, we collect vehicle details such as registration number
- for car insurance only, we may collect your Driving Licence Number
- information about your marketing preferences
- when you contact us through any digital channel, we will inform you of the methods used by each of those channels at point of entry and at any point where we capture personal information. The information we collect includes IP addresses and is used for fraud prevention and to improve customer experience.
How we collect information about you
Most of the personal information we hold about you is that which we collect directly from you, for example:
- each time you ask us for an insurance quote
- when you purchase our products or services
- when you register to receive information from us
- when you register a claim and discuss that claim with us as it progresses
- each time you interact with us, respond to communications or surveys, or enter competitions
- when you make enquiries or raise concerns with our customer service team.
In order to understand more about you and provide you with an appropriate insurance quote and cover, and to improve our marketing interaction, we also supplement and combine the personal information that we collect from you with other categories of data obtained from other sources, such as indicated below:
For all insurance:
- Credit and claims history data, such as bankruptcy records and any county court judgments made against you (which are publicly accessible) and information as to the number of credit searches that have been made about you and your individual claims history (which we may receive from companies such as Experian Limited)
- Device identification and fraud detection data, which we may receive from companies having passed them your device details (in order to check whether the device you are using to contact us has been used before for fraudulent purposes) or your new claims data (in order to assess the risk to our business of fraudulent claims)
- Data about your home and local area, including census data about the average household size, home ownership, employment statistics, and demographics of your area, and police crime and accident statistics (which are publicly accessible)
- Electoral register data that confirms your identity and address (which is publicly accessible).
- Data from other sources where we believe this is necessary to administer or validate policies or claims; investigate fraud; or assist with settlement/claim negotiations. This may include consulting publicly available online information such as public registers, social media and other online sources.
For car insurance:
- Data as to your eligibility for a no claims discount (which we may receive from companies such as Lexis Nexis Solutions UK Limited)
- Vehicle ownership details (which we receive from the Driver and Vehicle Licensing Agency (DVLA)) and vehicle data (which we receive from 3rd parties that hold information about your vehicle such as HPI Ltd and Carweb)
- Data from 3rd parties operating automated number plate recognition systems (when a vehicle is used on public roads in the UK).
- Data as to the likelihood of floods in your area (which we may receive from companies such as Experian Limited).
- We may also collect, your and other drivers’ (if included in the quotation/policy) Driving Licence Number (DLN or “MyLicence”). We use this information to access information held about you by the DVLA. These checks include information regarding: the type and the length of time the licence has been held for; entitlements to drive; penalty points; convictions and conviction dates; and disqualifications. To find out more information, and to see what’s held on your record, you can visit the DVLAs online View Driving Licence Service at www.gov.uk/view-driving-licence
- Data generated by your vehicle systems and/or technology connected to your vehicle such as car on-board computer; dashcam (integrated or connected) or; telematics related data (e.g. Back box installed in your vehicle).
What we use your information for and the legal bases for processing
We may store and use your personal information for the purposes of:
(a) administering your insurance quotes and policies (as is necessary for performance of a contract between you and us and/or as is necessary for our legitimate interests);
(b) carrying out anti-fraud and anti-money laundering checks and verifying your identity (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests);
(c) assessing financial and insurance risks, including by carrying out credit reference checks and credit scoring assessments, and calculating your premiums (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
(d) providing you with insurance cover and related services including financing services (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
(e) using your payment details to process payments relating to your policies, including fees, premiums, renewals of cover, mid-term changes to your policy, and refunds (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
(f) sending you information about how to renew your insurance cover (as is necessary for compliance with our legal obligations);
(g) handling insurance claims, including by carrying out checks on claims related databases (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
(h) communicating with you about your quotes, policies, and claims, including responding to your enquiries (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
(i) administering debt recoveries and helping us with recovering monies you owe us under a contract or otherwise (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
(j) undertaking market research and statistical analysis, including analysing your use of our website. This allows us to underwrite and price your insurance policy, and to develop new, or improve existing, products and services (as is necessary for our legitimate interests); and
(k) fulfilling our obligations owed to a relevant regulator, tax authority or revenue service (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests).
Our "legitimate interests" as referred to above (and below) include our legitimate business purposes and commercial interests in operating our business in a customer-focused, efficient and sustainable manner, in accordance with all applicable legal and regulatory requirements.
Using your personal data for marketing
We will send you marketing about similar products and services by post, telephone, email, SMS and through digital channels. Digital channels include social media and similar such digital marketing channels. We may upload and match the personal data you provide to us with the data you provide to social media and similar such digital marketing channels. This allows us to improve our knowledge of you and, in return, serve you with relevant marketing messages. We may contact you If we consider that it is within our legitimate interests to send you information about our products and services for marketing purposes.
You can object to receiving marketing from us at any time. Please provide your details via the following online form: www.firstalternative.com/unsubscribe; follow the unsubscribe link in our marketing emails or SMS; or send us your name, address and date of birth via email to [email protected] or by contacting the Data Protection Officer.
Using your data for fraud prevention
Before we provide you with our products and services, we use your personal data to conduct checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you. We may also share your details with fraud prevention and law enforcement agencies. Please see ‘other data controllers’ for details of the agencies we share your data with. We, and fraud prevention agencies, will use this information to prevent fraud and money laundering, and to verify your identity. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. When we and fraud prevention agencies process your personal data, we do so on the basis that we have a legitimate interest to process your data in such way, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
We may also share your details with third parties who operate and maintain fraud detection registers for the purposes of preventing and investigating fraud.
Automated decisions and profiling
We use the personal data you provide to us, information about you provided by third parties (please see “How we collect information about you” for further details), and aggregated data of other individuals who match your risk profile, to enable us to evaluate and predict your behaviour when asking for a quote or processing a claim. We use algorithms to check any claims, fraud, credit history, data about your local area and the vehicle or home you wish to have insured; and whether your conduct accessing our products or services suggests a risk of fraud. You may automatically be considered to pose a fraud or money laundering risk if our processing of your personal data reveals your behaviour to be consistent with that of known fraudsters or money launderers; or inconsistent with your previous submissions; or you appear to have deliberately hidden your true identity. This activity is essential to allow us to decide whether to offer you a quote, the appropriate insurance premium to offer you, and whether there is a risk of fraud. These decisions may be made by entirely automated means (that is, without human intervention) and through profiling. As with all insurers, where we are taking on more risk in terms of the likelihood of damage to your vehicle or home and the cost of fixing, replacing it or dealing with third party claims and/or there is a higher risk of our being defrauded, we will charge a higher insurance premium, and in some circumstances may refuse to offer a quote or continue to provide services.
We consider that, to the extent our decisions based solely on automated processing produce legal or similarly significant effects for you, those decisions are necessary for entering into, or performance of, our contract of insurance with you. However, you have the right to contact us to express your point of view (including providing any additional information that you want us to consider) and to contest such decisions. A member of our team will then reconsider it. If you wish to exercise these rights, please contact us by contacting the Data Protection Officer.
Consequences of processing
If we, or a fraud prevention agency, determine that you pose a risk of fraud or money laundering, we may refuse to provide the products, services and financing you have requested. We may also stop providing existing services to you. A record of any fraud or money laundering risk will be retained by us and the fraud prevention agencies. It may also result in others refusing to provide products, services, financing or employment to you. If you have any questions about our processing of your data for fraud purposes, please contact our Data Protection Officer at the details provided above.
Who we share your data with
Where relevant given the nature of the products and services provided to you, we may also share your information with the following categories of third parties which may act as controllers or processors of your data:
- insurance and reinsurance underwriters, intermediaries and others who are involved with the provision of insurance services to you alongside us (as is necessary for the performance of a contract between you and us);;
- third party product providers who provide products or services (e.g. optional cover) you obtained a quote for or purchased alongside the products and services provided by ‘us’. These companies may also act as data controllers with respect to the data you provide to us. If you would like to see a copy of their Privacy Notice, please refer to the terms and conditions of the relevant add-on in the optional extras section of your policy documents. You can find more detail about who we share your data with on our website http://www.firstalternative.com/privacy or, by requesting a copy of the list from the Data Protection Officer.;
- third party service providers who we instruct for the purposes of handling claims, including repairers, surveyors, loss adjustors, car hire companies, solicitors, third parties involved in the claim, other insurers, medical agencies (as is necessary for the performance of a contract between you and us);;
- third party service providers who may add value to the products and services we provide (as is necessary for our legitimate interests);
- third party data suppliers, as explained under “How we collect information about you” (as is necessary for our legitimate interests);
- third party service providers who support the operation of our business, such as IT and marketing suppliers, financial service providers, and debt collection agencies. Where customers pay by instalment, we will exchange information about you with Credit Reference Agencies (CRAs) on an ongoing basis, including your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will be linked to the data of your spouse, any joint applicants or other financial associates. The identities of the CRAs, and the way in which they use and share personal information, are explained in more detail at www.experian.co.uk/crain/.
- the operators of claims related databases (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests).
- fraud prevention agencies and associations and other third parties who operate and maintain fraud detection registers, (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests); regulators and law enforcement agencies, including the police, the Financial Conduct Authority,
- HM Revenue and Customs or any other relevant authority who may have jurisdiction (as is necessary for compliance with our legal obligations).
Other data controllers
Companies within esure Group
|esure Group Limited|
|esure Insurance Limited|
|esure Services Limited|
|esure Broker Limited|
Third party intermediaries and underwriters outside esure Group acting as data controllers:
Where relevant, we may also share your information with the following third parties:
|Data Controller:||Rationale for sharing data:|
|AmTrust Europe Limited||Insurance underwriters in relation to add-ons such as Family Legal Protection|
|Arc Legal Assistance Limited||Insurance administrators in relation to add-ons such as Family Legal Protection|
|AWP Assistance UK Ltd||Insurance underwriters in relation to Travel Cover add-on|
|AWP P&C SA||Insurance administrators in relation to Travel Cover add-on|
|AXA Assistance (UK) Limited||Insurance administrators in relation to add-ons such as: Home Emergency and Pest Cover|
|Cigna Insurance Services (Europe) limited||Insurance underwriters in relation to Travel Cover add-on|
|DAS Legal Expenses Insurance Company Limited||Insurance underwriters in relation to add-ons such as: Home Emergency, Pest and Family Legal Protection Cover|
|Hood Travel Limited||Insurance intermediary in relation to Travel Cover add-on|
|InterPartner Assistance SA (IPA)||Insurance underwriters in relation to add-ons such as: Home Emergency and Pest Cover|
|Irwin Mitchell LLP||Legal helpline service providers in relation to Motoring Legal Protection Cover add on|
|RAC Insurance Limited||Insurance underwriters in relation to add-ons such as: Breakdown, Misfuelling and Key Cover|
|RAC Motoring Services||Breakdown and recovery service providers in relation to add-ons such as: Breakdown, Misfuelling and Key Cover|
|&Travel Insurance Facilities Plc.||Insurance underwriters in relation to Travel Cover add-on|
As explained under “Using your data for fraud prevention”, the personal data you have provided, we have collected from you, or we have received from third parties, may be shared with fraud prevention agencies. Please contact our Data Protection Officer if you would like details of the agencies we share your data with.
If you are involved in a claim, we may share your data with our panel of reinsurers and solicitors. As these often change, please contact our Data Protection Officer if you would like details of our current panel.
Motor insurance database (MID)
Information relating to your policy will be added to the Motor Insurance Database (MID) managed by the Motor Insurers’ Bureau (MIB). The MID and the data stored on it may be used by certain statutory and/or authorised bodies including the police, the DVLA, the Driver & Vehicle Agency (DVA) Northern Ireland (DVANI), the Insurance Fraud Bureau and other bodies permitted by law for purposes not limited to but including:
- Electronic Licensing
- Continuous Insurance Enforcement;
- Law enforcement (prevention, detection, apprehension and or prosecution of offenders)
- The provision of government services and/or other services aimed at reducing the level and incidence of uninsured driving.
If you are involved in a road traffic accident (either in the UK, the EEA or certain other territories), insurers and/or the MIB may search the MID to obtain relevant information.
Persons (including his or her appointed representatives) pursuing a claim in respect of a road traffic accident (including citizens of other countries) may also obtain relevant information which is held on the MID.
It is vital that the MID holds your correct registration number. If it is incorrectly shown on the MID you are at risk of having your car seized by the police. You can check that your correct registration number details are shown on the MID at: www.askmid.com
Processing outside of the european economic area
The personal information that we collect from you, and which is shared with some fraud prevention agencies, may be transferred to and processed in a destination outside of the UK and the EEA. It may also be processed by staff operating outside the UK and the EEA who work for one of our suppliers. In these circumstances, your personal information will only be transferred on one of the following bases:
- the country that we send the data is approved as providing an adequate level of protection for personal information; or;
- the recipient has agreed with us standard contractual clauses approved by the European Commission or the Information Commissioner’s Office, obliging the recipient to safeguard the personal information (in particular, our transfer of personal information to suppliers in India and the United States for marketing, IT development and IT testing purposes are protected in each case by the use of appropriate model clauses); or
- there exists another situation where the transfer is permitted under applicable Data Protection Legislation (for example, where a third party recipient of personal data in the United States has registered for the EU-US Privacy Shield)
To find out more about how your personal information is protected when it is transferred outside the UK and the EEA (and if you wish to obtain a copy of the appropriate and suitable safeguards), please contact our Data Protection Officer using the details above.
How long your information is kept
Where necessary we will retain your personal information for a number of purposes, to allow us to carry out our business. Your information may be kept for up to 7 years on our main systems after which time it will be archived, deleted or anonymised. Some of the archived information may be retained for up to 50 years for the purposes of processing of your existing or future claims. Records created for fraud prevention purposes will be deleted 7 years after creation. Fraud prevention agencies can hold your personal data for different periods of time, depending on how that data is being used. If you are considered to pose a risk of fraud or of money laundering, your data can be held by fraud prevention agencies for up to 6 years from its receipt by them. Please contact them for more information. Any retention of personal data will be done in compliance with legal and regulatory obligations and with industry standards. These data retention periods are subject to change without further notice as a result of changes to associated law or regulations. If you have any questions in relation to the retention of your personal data, please contact our Data Protection Officer at the details provided above.
Data Protection legislation gives you certain rights. These include the right to:
- ask us how we use your personal data
- access your personal data
- ask us to correct any information about you that’s out of date, incorrect or incomplete
- tell us that you don’t want us to use your personal data in a certain way – e.g. to send you marketing communications
- tell us to delete personal data we have on file. In some circumstances we won’t be able to do this however – e.g. if we’re required to keep the information by law
- ask us to give your data to a 3rd party – e.g. another insurer
- ask us to temporarily pause processing your data
- not hold you to a decision that’s been made solely in an automated way
- ask us to review automated decisions we make about you
Please note, these rights are not absolute and there may be times when we can’t do what you ask us to. If that’s the case, we’ll explain why when we reply to you. If you have a question about this Privacy Notice, how we use your personal information, or if you’re not happy with how we process your personal information, please contact the Data Protection Officer:
By email - [email protected]
By post - Data Protection Officer, esure, The Observatory, Reigate RH2 0SG
Complaints can also be made to the Information Commissioner. For more details about your rights under Data Protection legislation, please visit the Information Commissioner's Office website: www.ico.org.uk
Without your consent in some circumstances, we may not be able to provide you with cover under our policy or handle claims or you may not be able to benefit from some of our services.
This privacy notice was last updated on 03/11/2020. Previous versions of the policy can be obtained by contacting Data Protection Officer.