We are, WeAreCovered, a trading style of Bankstone Limited ("we", "us" or "our"). We sell and administer insurance products.

Information collected from you & cookies policy

Where we have collected information directly from you it will usually be obvious what this is as you will have given it to us for a specific purpose. This might not be the case where we have used cookies to collect information from your computer or portable electronic devices. For more information about the types of cookies we use please see our cookies policy.

We use Google Analytics to track, monitor and report on traffic to our website.

Information collected from others

To provide you with our services we may collect information about you from others. This includes information from:

• Fraud prevention, law enforcement or government agencies and other data sources e.g. social media or other information-sharing platforms. Please see section 3 c for more details.
• HM Treasury and other authorities in relation to regulatory issues e.g. where someone is subject to a financial sanction they will appear on HM Treasury's asset freezing list.
• Credit reference agencies e.g. credit searches are made as part of an insurers quotation process and are made when we produce a quotation for a new policy or at renewal. (Note that the results of these searches are automatically deleted after 12 months and do not affect your ability to obtain credit.) Please also see section 4 below.
• External sources such as the electoral roll and insurance comparison websites to help us decide what the risk is in selling the policy and from companies that hold information about insurance renewal dates, marital status, household residents, vehicle details, employment status and household income to help us work out which information we should provide to you about our other products and services.

Sensitive personal information

We collect information that is sensitive, such as information about health.

We may also collect information which due to its nature requires additional protection, such as information related to children, biometric (voice recognition) data and geo-location (which could for example reveal medical or religious locations although we never use this information). We may obtain this from the following people:

• The main policyholder will provide most of the information we collect about others named on the insurance policy;
• Fraud prevention or law enforcement agencies.

We may collect and use this information as part of your insurance quotation or contract with us, or where it is necessary for a legal obligation, or as part of the establishment or defence of a legal claim.

We may also use your biometric data (voice recognition) to check your identity. When we do so, we will explain to you why we need it, and where necessary obtain your consent to use it for the relevant purpose. Biometric data may also be used to prevent or detect fraud.

We use your personal information to meet our obligations as set out in our contract with you. We and other companies within our group of companies use your personal information in the following ways:

A. Provide insurance services

When you request a quote for an insurance policy or you purchase an insurance policy, information about you may be used:

• To decide what the risk might be in selling you the policy;
• To quote for, and provide you with, a premium for that policy and any special terms that may apply to that policy (noting that we may use automated decision making to make this assessment - see section 9 below);
• To administer your policy and monitor the payment of instalments if you pay your premium in this way;
• To contact you about the policy (e.g. for billing or renewal purposes); and
• To provide the agreed service if you make a claim (e.g. sending someone to assist you in a roadside breakdown situation).

We cannot provide these services unless we use the information about you in this way.

B. Do what we are required to do by law

As part of our duty when providing insurance services, sometimes we are required by law to use information about you:

• To help make sure our customers are being treated fairly (e.g. to assist our regulators where we have a legal duty to do so) or to help identify if it is necessary for us to make adjustments in our service to aid and meet the needs of vulnerable customers;
• To deal with complaints;
• To help prevent and detect crime (including, for example, the prevention or detection of fraud); and
• To comply with a legal or regulatory obligation.

We can use your personal information in this way because we are required to do so by law.

C. Prevent fraud occurring

Fraud has an impact on all customers as it increases costs for everyone. We use your personal information to check for signs that customers might be dishonest (e.g. if someone has behaved dishonestly in the past it may increase the risk they will do so in the future).

We may use your personal information in this way because it is in our interests to detect fraud and in all our customers' interests to ensure that they are not prejudiced due to increased premiums as a result of a few customers acting dishonestly.

D. Recover debt

If you owe money we will use your personal information to help us recover it.

We can use your personal information in this way because it is a necessary part of the contract of insurance.

We need to ensure that premiums are paid so that the majority of customers do not suffer (e.g. through increased premiums) due to the actions of a small minority of customers.

E. Direct Marketing

Keeping in touch

From time to time, we may send you marketing regarding any of our products, discounts, offers and services where we believe you will have an interest in the communications.

These communications will be sent and displayed to you based on your preferences:

• With your consent we will send your direct marketing via email, text messages or display this information to you in your social media channels or web browser.
• We will contact you by phone or post to let you know about products and services unless you've told us you'd prefer we didn't contact you in this way.

You can let us know at any time if you no longer wish to receive marketing messages. The simplest way to do this is to click on the unsubscribe link on emails or respond using the return address on the envelope. You can also contact our Data Rights Team, please see section 10 for contact information.

We will keep a note of your earlier marketing preferences for six years. If you have chosen not to receive marketing, we will not contact you unless you tell us you have changed your mind.

We process your personal information to evaluate the effectiveness of our advertising and help us provide more relevant offers and information across a variety of marketing channels including online advertising and social media sites such as Facebook.

In certain circumstances we use publicly available or licensed sources of information to enhance the personal data we hold about individuals or groups of individuals.

We analyse our customer database and external data sources to understand who customers are and how they interact with us. In doing this, we can improve our communications by identifying new audiences, ensuring our communications are relevant to you and allow us to be more efficient and cost-effective with our resources.

To help us recognise how recipients interact with our email communications and enhance their display on various devices, we employ a widely recognised method of embedding an image pixel within our emails to collect information about when you open the email such as your IP address, your browser or email client type. If you don’t want us to use tracking pixels, you can use your email settings so that images are not automatically displayed.

We also provide you with a personalised online experience by giving you marketing based on your interactions with us and analysis of your customer behaviour on our websites, such as your purchase and browsing history. Learn more about our use of cookies and similar technologies in our Cookie Policy.

F. Where your or another person's life may be at risk

We will use your personal information to assist where your or another person's life or health is in danger and obtaining your permission is not possible (e.g. arranging emergency medical treatment in a remote location).

G. To administer our services

To administer our services we will share information with others (including to people or organisations that may be based overseas):

• In order to enable us to process your claim or administer your insurance policy more cost effectively;
• To help develop our products, services and systems to deliver you a better sales and claims experience in the future.

H. To improve our services

We may use technology to evaluate opinions you express, including any verbal or written feedback and opinion, to improve our customer experiences, including:

• Recording our calls for training and administration purposes;
• To provide and offer more relevant products;
• To improve our written and online communication for our customers;
• To ensure our staff provide a high level of customer service.

We may also process your personal data to better understand you as a customer, including to determine how best to retain your custom, and to ask you to provide feedback on the service we provide to you.

We can use your personal information in this way because it is in our legitimate interests to provide the services in the most efficient way. We will always ensure that we keep the amount of your personal information that we collect and the extent of any processing to the absolute minimum to achieve this efficiency.

You should make sure everything you tell us is correct because your records may be checked in the following circumstances:

• When you apply for insurance, financial services, or work;
• By police and other law enforcement agencies.

In particular, we may share information with:

• Fraud prevention agencies that provide databases and services, such as CIFAS, National Hunter, SIRA and ENI, to prevent or detect fraud.
  • Fraud prevention agencies will process this personal information in order to assist our prevention of fraud and money laundering, and to verify your identity and may also process your personal information in order to prevent fraud and money laundering by other people.
  • Fraud prevention agencies will hold your personal information for up to 1 year, or up to 6 years if you're considered to pose a fraud or money laundering risk.
  • If we or a fraud prevention agency determine that you pose a fraud or money laundering risk, we may refuse to provide the services and / or financing you have requested.

A record of this risk will be retained by the fraud prevention agencies and may result in others refusing to provide services or financing to you. If you have any questions about this, please contact the appropriate fraud prevention agency.

• Law enforcement or government agencies we and fraud prevention agencies may permit law enforcement or government agencies to access and use your personal information if they request it.
• Regulatory bodies such as the Financial Conduct Authority, Prudential Regulation Authority or the Information Commissioner's Office to meet regulatory and legal obligations and requests for information.
• Credit reference agencies this may be used to verify your identity, and to determine the price of your insurance and your payment options when you take out a quote and at renewal of your insurance policy. This leaves a "soft footprint" on your credit file which can only be seen by you and does not affect your credit score.
• Your spouse or partner who calls us on your behalf, provided they are named on the policy. Please tell us who they are when you take out your policy. If you would like someone else to deal with your policy on your behalf on a regular basis, please let us know. In some exceptional cases, we may also deal with other people who call on your behalf, but only with your permission. If at any time you would prefer us to deal only with you, please let us know.
• Government bodies, such as the Driver and Vehicle Licensing Agency.
• Advertising Partners. We partner with advertising companies, including social media sites, addressable TV providers and third-party websites, to display adverts about our products and services. Our Advertising Partners enable us to identify and engage with the right target audience, to create and distribute personalised content across platforms and services. For example, addressable TV providers allow us to customise the adverts displayed to individual households while they are watching the same programme. They use techniques like device recognition and interactions with social media content to tailor ads, but they don't target individuals by name. In most cases, cookies and similar technologies such as device fingerprinting are used to target this type of advertising. To learn more and manage their use, refer to our cookie policy. We may share personal information, e.g., an encrypted email address or device id, with our Advertising partners. The purpose is to show relevant ads to you on third party websites and apps. To do this, your data is matched with the database of the Advertising partner. If a match is found, you will receive relevant promotional content in your feed or search engine. If no match is found your data is securely destroyed. Your personal data is handled in a secure manner using a technique called hashing. This ensures your data is scrambled in a manner that makes it unreadable to anyone other than the recipient

We are only allowed to keep your personal information if we need it for one of the reasons we describe in section 3 above.

As a general rule, we will keep it for 6 years from the end of your relationship with us, as it is likely that we will need the information for regulatory reasons, fraud prevention, or to defend a claim. For example, should you wish to bring some form of legal action relating to your relationship with us, this would generally need to be done within 6 years from the end of that relationship. However, there may be exceptions where we need to keep your personal information for longer, such as where a claim has involved a minor. We will also retain data in an anonymous form for statistical and analytical purposes.

If we rely on your consent to collect and process your personal information, you can ask us to stop using your personal information at any time by withdrawing that consent and we will stop using your personal information for those purposes.

At any time, you can tell us to stop using your personal information to:

• Tell you about products or services that may be of interest to you
• Allow computers to make decisions about you in order to improve our services or develop our products (see section 9)
• Create and use customer profile for direct marketing purposes

To find out how to do this, please see section 10

Where you do not provide the personal information, we need in order to provide the service you are asking for or to fulfil a legal requirement, we will not be able to provide the service that you are asking us to give you.

We will tell you about why we need the information when we ask for it.

Our Data Rights Team are responsible for responding to your requests to exercise your rights which are set out below. please contact our Data Protection Officer in the first instance at Bankstone Limited, 9 Burnley Road, Todmorden, Lancashire, OL14 7BU . or alternatively by email atCompliance@wearecovered.co.uk.

You may contact us at the address above for one or more of the following reasons:

1. To ask us to correct information about you that is wrong or incomplete.
2. To ask us to delete personal information about you (the "Right to Erasure"). We are not required to erase information if we still need it for the purposes for which it was collected or processed, including to maintain records after cancellation or expiry of your policy, or where we have other legal grounds for processing your information.
3. To tell us you no longer agree to, that you object to, or that you wish to restrict us using information about you and ask us to stop.
4. To tell us to stop using your personal information for direct marketing purposes.
5. A right of access, namely to ask us to provide you with a copy of all of the personal information that we have about you.
6. A ‘data portability’ right, namely to obtain and reuse the information that you have provided to us for your own purposes across different services. You may ask for this information to be provided directly to you or directly to another organisation. We will provide the information in a machine-readable format so that another organisation's software can understand that information.
7. To ask us to review automated decisions made about you (as explained in section 9).

Sometimes we will not be able to stop using your personal information when you ask us to (e.g. where we need to use it because the law requires us to do so or we need to retain the information for regulatory purposes). In other cases, if we stop using your personal information, we will not be able to provide services to you, such as administering your insurance policy or servicing your claim.

We will tell you if we are unable to comply with your request, or how your request might impact you, when you contact us.

If you have any concerns about the way in which we are using your personal information, please contact our Data Protection Officer in the first instance at Bankstone Limited, 9 Burnley Road, Todmorden, Lancashire, OL14 7BU. or alternatively by email at Compliance@wearecovered.co.uk and we will endeavour to resolve your concern. However, you do also have the right to complain about how we treat your personal information to the Information Commissioner's Office ("ICO"). The ICO can be contacted at:

ICO website: https://ico.org.uk/global/contact-us/
ICO telephone: 0303 123 1113
ICO textphone: 01625 545860

If you have any questions or concerns regarding our privacy notice or wish to exercise your rights, please contact our Data Rights Team at Covered.co.uk, Bankstone Limited, 9 Burnley Road, Todmorden, Lancashire, OL14 7BU, or via email at helpme@covered.co.uk.

Complaints

If you're unhappy with how we handle your personal information, you can contact us at helpme@covered.co.uk or lodge a complaint with the Information Commissioner's Office.

ICO website: https://ico.org.uk/global/contact-us/
ICO telephone: 0303 123 1113
ICO textphone: 01625 545860