iprism Data Protection and Privacy Policy

Last updated May 2018

Who Are We?

We are iprism Underwriting Agency Limited.

We are a private limited company incorporated in England and Wales. Our registered company number is 05604278.

We are the “data controller” of the information you provide us with. This term is a legal phrase used to describe the person or entity that controls the way information is used and processed.

We are registered under the Data Protection Act 1998 with the Information Commissioner’s Office (ICO) in the UK. Our registration number is Z9688124.

What Data Do We Collect?

We collect data for the purposes of:

  • Providing insurance quotations
  • Underwriting insurance policies
  • Managing insurance policies
  • Handling insurance claims

The nature and depth of this data varies from case-to-case but constitutes the data required to ascertain risk and provide you with the service you have asked for, shaped by insurance industry best practice.

What Do We Do With Your Data?

We use your data to determine the premium and terms applicable to your insurance proposal – producing a quotation or range of quotations for the insurance you have asked us to provide. The data will probably come to us via your insurance broker or another third party so our systems are designed to ensure that only people directly involved in your insurance chain have access to your data. In order to complete your proposal, create and maintain your policy or process a claim from you we may need to share certain parts of your data with other secure data controllers within the insurance industry. We keep such transactions to an absolute minimum and all parties are authorised and regulated to the same standards as ourselves. We will never pass on your details to other organisations for the purposes of sales or marketing.

How Long Do We Keep Your Data?

We keep your data indefinitely for the purposes of statistical analysis and the tracking of long term liability claims. Access is always restricted to the essential people in your insurance chain. When data is used for the purposes of statistical analysis (e.g. loss ratios, claims or pricing analysis) it is always aggregated and anonymised.

Security, Storage and Access to Your Data

We store all your data in the UK in encrypted form on equipment we fully own and control. Access to the data is strictly controlled by layers of security and our infrastructure and applications are regularly subjected to penetration testing by third party data security professionals

Managing Your Information (Including Subject Access Requests)

You are perfectly within your rights to ask us whether we hold information about you and if so, for us to give you certain details about that information and/or the information itself. This right is commonly known as a ‘subject access request’. Certain exemptions and conditions apply to this right, principally that it should be in writing and that you give us reasonable details about the information you require.

We will respond to all such requests, having first verified your identity. If the request is complex or repetitive we reserve the right to make a charge for fulfilling the request which will be purely based on the administrative overhead involved.

We reserve the right to refuse to comply with any enquiries or requests we receive about the information we collect, where we may lawfully do so. For example, if we have reason to believe that a request is malicious, technically impossible, involves disproportionate effort or could be harmful to others.

If the data we hold about you is not related to an insurance contract you may exercise your right to be forgotten which means we will erase your personal data from our systems in an appropriate timeframe and manner.

To reduce the chances of an error or misunderstanding, we need to keep the information we gather about you accurate and up to date. If you have reason to believe any of the information we collect about you may be inaccurate, please contact us. Contact information can be found on your quotation or policy documentation.

Further Information About Your Privacy Rights

You can find more general information about your rights on the website of the Information Commissioner’s Office (ICO) who regulate data protection and privacy matters in the UK.

If you are still unclear about the information we might hold on you, what we use it for, your privacy rights or if you wish to make a complaint you can get in touch us using the information on our contact page.

Updates to this Privacy Policy

We review the ways in which we use your information regularly and in doing so, we may change what kind of information we collect, how we store it, who we share it with and how we act on it. Consequently, we will need to change this privacy policy from time to time to keep it accurate and up to date.

Whenever we change this policy, rest assured we will make every effort to tell you. That way, you can check to see if you’re still happy and if, following any changes, you continue to use our websites, contact us by telephone or otherwise provide information to us (through your insurance intermediary for example) we will assume that you agree to those changes.

Any queries relating to iprism’s Privacy Policy, please email us at gdpr@iprism.co.uk