This policy only applies to personal data that we handle in connection with you using our insurance-related services through:
- the Insurely app (available at https://walletbyinsurely.com/ and referred to in this policy as "The App"); or
- an "Insurely"-branded insurance tool that has been embedded into a third-party website by one of our partners (the "Web Module").
- your bank, where Insurely’s technical solution is used for the collection of your insurance and/or pension data (the “Bank-app”) (Please see relevant section 7 regarding our anonymisation of such data)
The Company is the controller of your personal data that is processed within or in relation to the Service. However, we are not responsible for any personal data processing that takes place on a third party's website outside the context of Insurely's embedded Web Module (and we are not the controller for such other data processing). If you have any questions about such other personal data processing, you should refer to the privacy information provided by the relevant website.
Your privacy is very important to us. We take appropriate steps to protect and secure your information and we take IT security seriously. If you have any questions about how we protect and use your personal data, you will find our contact information at the bottom of this policy.
2. What information does the company collect about you?
The information we collect about you depends on what you choose to do when using the Service.
We collect and process the following information about you where you create an account (or otherwise provide your personal details) to use the Service:
- Email address
- Full name
- Consent to data collection (where applicable)
When you use functionality within the Service (for instance, to automatically retrieve your insurance information), we will process additional personal data about you and in some cases about the other individuals that benefit from your insurance policies ("co-insured"). We may also process insurance-related information about you where we receive such information from our partners (i.e. the third parties that have embedded the Web Module into their website).
We collect the following personal data in these instances:
- Telephone number
- Information about your household, such as information about other family members covered by your policy and address
- Information about your insurance such as:
- Insurance name
- Insurance number
- Insurance company
- Due date of payment
- Start and end date of insurance policy
- Insurance premium
- Insurance amount
Information about objects you have insured (such as your registration number in the case of car insurance, or your address and size of your property
Other information we process to improve your experience ("Additional Information")
You may choose to provide us with Additional Information when you contact us or otherwise interact with us. If you provide us with Additional Information in order to enable us to give you advice, we will process this Additional Information as required to provide the advice you have requested. The type of information that we process will vary depending on the advice requested, but this may include:
- Information on your family situation and marital status
- Information about the things you own or rent
Specifically, the information we collect automatically will include information like your device type, screen size information, unique device identification numbers, browser and browser version, OS, screen height/width information, and other technical information. We will also collect information about how your device has interacted with our website, including the pages accessed, time stamp, links clicked and whether you have correctly filled input fields.
Collecting this information enables our website and/or App to function correctly, and helps us to improve the Service and our website/App by better understanding the visitors who come to our website/App, where they come from, and what content on our website/App is of interest to them.
3. Why does the company process your personal data and on what legal basis?
Data protection law in certain countries (including in the UK) requires that we establish that one of the specified "legal bases" exist for our use of your personal data. In this section, we explain the different purposes for which we use your personal data and the legal basis on which we rely for each.
We use the User Information, Insurance Information, and Sensitive Information (as described in Section 3 above) that we collect for the purposes of:
- providing the Services that you request (such as creating an account with us or collating your insurance information, and/or disclosing it to third parties such as insurance provider as outlined below, as applicable). Where we use your information for this purpose, the legal basis we rely on is that we need to process this data in order to perform a contract with you (i.e. the terms and conditions that you agree to when you request the Services) in accordance with Article 6.1 b of the UK GDPR. Please note that we cannot provide the Services to you if you do not provide us with this personal information;
- improving our Services and managing our relationship with you. This includes: to identify whether you are an existing or potential user, to communicate with you, to manage the requests we receive from you, and to analyse and develop our Services. We may also use any Additional Information that you provide to us (again as defined under Section 3) to improve your insurance overview and experience of the Service and so that we can provide you with relevant advice. The legal basis we rely on for these activities is that we need to process your information for our legitimate interests in managing and administering customer relationships; providing quality Services; and improving our Services;
- marketing and carrying out market research. We may use this information to form the basis for market and customer analyses, market surveys, statistics, business follow-up and business and method development. The legal basis for this use of personal data is that the processing is necessary for our legitimate interests in being able to better market and target our Services and grow our offering.
We will also process Insurance Information about other individuals that are covered by our customer's insurance policies, as described in section 3. The purpose of this processing is to be able to provide the Service, including to give our customers an overview of their insurance policies and who is covered by those policies. The legal basis for our using information about co-insured individuals is that this is necessary for our legitimate interests to provide our users with detailed information about their insurance policies in order to provide the Services (in accordance with Article 6.1 f of the UK GDPR).
As we note in section 3 above, where any of the personal data that we process includes Sensitive Data, we additionally rely on your explicit consent for us to process this Sensitive Data. You can withdraw this consent at any time – see section 7 for more detail on your data protection rights and how you can exercise these. Please note, however, that if you withdraw this consent then Insurely may not be able to continue providing you with the Service.
4. Storing the personal data
We retain your data for the following periods:
- Personal data that we collect through the App will be stored for as long as you have an account with us to fulfil the purposes for which the information was collected in accordance with section 3 including to deal with, and resolve, requests and complaints;
- Personal data that we collect through the Web Module is saved for a maximum of 14 days.
We also save computer logs of programming instructions that have been created when automatically collecting data for 15 days, so that we can provide troubleshooting support in cases where there have been problems automatically collecting insurance information from an insurance provider's site. Whilst we try not to include personal information within these logs, there may be instances where the logs include limited personal information. We then delete this data after 15 days, regardless of the user's account status, unless we need to retain the information for longer in order to comply with legal requirements or to enable us to enforce our legal rights.
When you purchase insurance through Insurely, we are obliged by law to save data about the information we have provided to you, your personal information relevant to the policy you have purchased and information about your new insurance for a longer period of time. We save this data even if you delete your account.
We will also retain your personal data where we have an ongoing legitimate business need to do so, including to comply with applicable tax, legal or accounting requirements. For example, if a court order is received about your account, or we need to keep your data to deal with litigation and regulatory matters, we would retain your data for longer than the usual retention period when an account is deleted.
When we have no ongoing legitimate business need or legal reason to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
5. Which third parties does the company disclose your personal data to?
- To the third party via whose website you access the Service, including insurance providers (but only if requested by you): When you access the Service through a Web Module that has been integrated on a third party's website, you can choose to share your personal data held in the Web Module with such third party, for example, to allow them to offer insurance to you and/or enter into an insurance contract with you. The identity of such third party will be clear from the Web Module We are not responsible for the data processing activities of such third party. You should check the privacy notices of such third parties for information about their privacy practices.
- To third parties where required by law: We may also disclose your personal data to a competent law enforcement body, regulatory or government agency, court, or other third party if we believe disclosure is necessary to: (i) comply with applicable legal requirements or regulation; (ii) to exercise, establish or defend the Company's legal rights; (iii) to detect, prevent or report fraud and other security or technical problems; or (iv) to protect your vital interests or those of any other person.
- To our third-party service providers: The Company may also disclose personal data to companies that process personal data on our behalf (for example, to support the delivery of, provide functionality on, or help to enhance the security of the App and the Web Module). A list of our current service providers is available here; https://walletbyinsurely.com/third-party-service-providers.
- To any other person with your consent to the disclosure.
International data transfers: Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective). Specifically, our servers are located in the United States – and so when we collect your personal information we may process it in this country.
However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice and we have implemented appropriate safeguards for transfers of personal information with our US-based third party service provider. Further details can be provided on request.
6. Your rights
Right of access
You have the right to access the personal data that we process about you.
Right to correction, deletion and limitation
You have the right to have information about you corrected where it is inaccurate and completed where it is incomplete. In some cases, you also have the right to have your data deleted or request that we restrict the processing of your data.
Right to object
You have the right to object to certain processing of your personal information. You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the 'unsubscribe' or 'opt out' link in the marketing emails we send you.
Right to data portability
You have the right to data portability, which means that (in some instances) you have the right to obtain your personal data in a structured, commonly used and machine-readable format and to transfer such data to another data controller without hindrance from us.
Right to withdraw consent
If we collect and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
If you would like to exercise any of the rights set out above, you can do so by contacting us via email at firstname.lastname@example.org (or, to object to marketing, by selecting the relevant link in our marketing emails).
If you are dissatisfied with the way we handle your personal data, you have the right to lodge a complaint with a data protection authority.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. For more information, please contact your local data protection authority. (Contact details for data protection authorities in Europe and the UK are available here.) Certain data protection authorities may require that you exhaust our own internal complaints process before looking into your complaint.
7. Anonymisation of data
We may anonymise certain insurance and/or pension data for the purpose of improving our products and services. We apply several measures to make sure that the data we use for this purpose is anonymised, i.e. by deleting any direct identifiers, converting values into ranges (such as regarding age or postal code), applying hashing algorithms etc.
We base our anonymisation process on our legitimate interest of improving our products and services, as it benefits you as a user of our products and services. If you want to know more about our anonymisation process or what we use the anonymised data for, please contact us using the contact details below in section 9.
8. Updating this policy
9. Contact information
Do not hesitate to contact us if you have any questions about how we use your personal data or if you want to exercise any of your rights (set out in section 7 above).
Our contact information is:
The Great Collective AB
111 57 Stockholm
We have appointed a representative in the UK, which is Lionheart Squared Limited, a private limited company (no. 10819580) in England and Wales, with registered offices at 17 Glasshouse Studios, Fryern Court Road, Fordingbridge, Hampshire, SP6 1QX.