Our GDPR Statement of Compliance
At ProAktive, we understand the importance of you having confidence in us, to do the right thing. Giving you peace of mind that we do everything with the utmost professionalism, discretion and integrity is part of our values.
HOW WE OBTAIN YOUR PERSONAL DATA
Information provided by you
You provide us with personal data via online queries through our website, over the telephone, face to face, by email or by paper documents that you complete. This includes, but isn’t limited to, name, address, date of birth, email address, personal telephone numbers, bank details and medical information. We use this information to obtain relevant insurance, manage claims or to deliver risk management solutions as outlined in the service agreement. Our legal basis for collecting and processing this data is therefore for the performance of a contract.
We may also keep information in any correspondence you may have with us by post or via email.
We may obtain sensitive data directly from you in order to arrange appropriate insurance policies, or as part of our claims process in order to defend future claims or to assist with the management of ongoing claims or notifications. We may also obtain sensitive personal data in the course of providing you with a tailored health and safety or employment support service. The provision of this information is subject to you giving us express consent. If we do not receive this consent from you, then we may be unable to consider insurance claims or advise on issues involving sensitive personal data in a risk management capacity.
Information we obtain from other sources
We may obtain information from third parties if this is permitted by law, or use legal public sources to obtain information about you, for example, to verify your identity. This includes, but isn’t limited to, companies such as Creditsafe.
Please note that we are required by law to check details of all clients against the HM Treasury Financial Sanctions list.
This information shall only be obtained from companies that we are satisfied meet the requirements of GDPR.
HOW WE USE YOUR PERSONAL DATA
We use your personal data to manage and administer your insurance policies, including claims management and risk management services. We undertake at all times to protect your personal data, including any health and financial details, in a manner which is consistent and in line with GDPR concerning data protection. We also take reasonable security measures to protect your personal data in storage. The company has an internal Information Security Policy which outlines the organisational and system measures in place to protect all data stored by the Company.
Do we use your personal data for marketing purposes?
We may use your personal data to share email updates about our services, relevant blogs regarding insurance and risk management subjects and invitations to our events. You have the right to opt out at any point. At no point will ProAktive share or sell your data to third party marketing companies.
DISCLOSURE OF YOUR PERSONAL INFORMATION
We will keep information about you confidential and from time to time we will share your personal data within the ProAktive Group in order to deliver the services we provide, as agreed in our contract with you. We may also share information to satisfy compliance or audit requirements. This may include allowing regulatory companies, such as the ISO or the FCA, temporary access to personal data. ProAktive will ensure that any access is limited and under strict supervision.
We will not share your information without obtaining your express consent except with the following third parties where we need to share this in our role as intermediary and to satisfy our contract with you:
All ProAktive employees have received training on protecting personal data and are duty bound as part of their contract of employment to confidentiality and data protection. A summary of our rules and procedures in respect of IT use and the protection of personal data are contained in our Acceptable Use Policy.
Transfer of your personal data outside of the European Economic Area
We do not transfer your personal data outside of the EEA, however we may transfer your data to insurance companies and their counterparts who may transfer your data outside of the EEA in order to manage your insurance policies. If they transfer your personal data outside of the EEA, we will ensure that the receiver agrees to provide the same or similar protection as we do and that they only use your personal data in accordance with our restrictions.
How long do we keep this information about you?
Our data retention periods are in line with the amount of time we need to keep your personal information in order to manage and administer your insurances or risk management services provided by us, and to handle any insurance claims. We will also retain your personal data to comply with any legal, statutory and regulatory obligations. More information about this can be found in our Data Retention Policy. In all cases our need to keep your personal data will be reassessed on a regular basis and information which is no longer required will be disposed of permanently and confidentially.
Where your data is kept
Your personal data is kept on our Company IT systems, the security of which is governed by ourInformation Security Policy.
DATA SUBJECT RIGHTS
Subject access requests
You have the right to access personal data that we hold about you. This is referred to as a subject access request. In order to make a subject access request please write to the Data Protection Lead at ProAktive, ProAktive House, Sidings Court, White Rose Way, Doncaster, DN4 5NU or email firstname.lastname@example.org
Our response to a formal request shall include details of the personal data we hold about you, including the following:
Right to rectification
You have the right, without undue delay, to have any personal information about you which is not accurate, corrected. You also have the right to any incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure
You have a right to request for us to erase personal data concerning you, without delay. This refers only to data that we are not legally required or entitled to keep for a specified length of time in order to comply with any legal, statutory and regulatory obligations.
Right to the restriction of processing
Subject to exemptions, you have the right to restrict the processing of your personal data when:
a) You are contesting the accuracy of the data, and restrict the processing until the accuracy of the data has been verified
b) The processing is unlawful and you oppose the erasure of the personal data but instead request the restriction in its use.
c) We no longer need the personal data for processing, but it is required by you for the establishment, exercise or defence of claims
d) You object to processing of your personal data pending the verification of whether there are legitimate grounds for us to override these objections.
We shall communicate any rectification or erasure of personal data as described above to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall provide you with information about those recipients if you request it.
Right to data portability
You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine readable format, and have the right to transmit this data to another controller without hindrance from us.
Right to object
You have the right to object on grounds relating to your particular situation, at any time to the processing of personal data concerning you, including any personal profiling; unless this relates to necessary processing for the performance of a task carried out in public interest or an exercise of official authority vested in us. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of you, or in the establishment, exercise and defence of legal claims.
Right to not be subject to decisions based solely on automated processing
We do not carry out any automated processing, which may lead to an automated decision based on your personal data.
Invoking your rights
If you would like to invoke any of the above data subject rights with us please write to the Data Protection Lead at ProAktive, ProAktive House, Sidings Court, White Rose Way, Doncaster, DN4 5NU or email email@example.com
Accuracy of information
In order to provide the highest level of customer service we need to keep accurate personal data about you. We take reasonable steps to ensure accuracy of personal data or sensitive information we obtain. We ensure that the source of any personal or sensitive data is clear. We will consider when it is necessary to update the information, such as names and/or addresses and you can help us by informing us when these changes occur.
ProAktive will review this policy regularly to make sure we meet the highest standards and the protect your information. We reserve the right to update this policy at any time. We will not significantly change how we use data given by you to us, without your prior agreement.
If you have a complaint please write to the Data Protection Lead at ProAktive, ProAktive House, Sidings Court, White Rose Way, Doncaster, DN4 5NU or email email firstname.lastname@example.org
If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them on 0303 123 1113. You also have the right to judicial remedy against a legally binding decision of the ICO where you consider that your rights under this regulation have been infringed as a result of the processing of your personal data. You have the right to appoint a third party to lodge the complaint on your behalf and exercise your right to seek compensation.