Privacy Policy

 

    Welcome to Caspian Insurance Services Privacy Statement


    This privacy notice will help you understand how Caspian Insurance Services uses and protects your personal data.


    We are Caspian Assured Ltd trading as Caspian Insurance Services, directly authorised and regulated by the Financial Conduct Authority under firm reference number 788964. Our registered office is: Tower 12, 2nd Floor, 18-22 Bridge Street, Manchester, M3 BZ.


    Caspian Assured Ltd is a data controller and is registered with the Data Commissioner’s Office (ZA192229). If you have any queries about this Privacy Notice or you would like to exercise your rights please contact us at [email protected]


    Our Promises:


    Caspian never forget it’s your right to total transparency and control on how we use your data. As such

    we give you these promises:

    ● We will only collect data about you that is relevant and necessary;

    ● Your data will only be held on systems that meet compliance standards;

    ● Your data will only be accessed by those who need it and we will minimise the amount of data

    that is processed, wherever possible;

    ● We won’t share except for the marketing of our own services to you, where we are required to

    share it by law, if we need to inform a regulatory body or we need to fulfil our service

    commitments to you through a third party that meets our own privacy standards;

    ● We will always remember that it is your personal data, not ours. As such we will ensure complete

    transparency and openness with you wherever possible.

    ● We respect your rights as outlined in the next section and will respond to all requests promptly


    Your Rights:

    You have certain rights under the Data Protection Law;

    • The right to request access to the personal data that we hold about you and details of how we process it.
    • To have personal data we hold about you rectified or restricted.
    • You may have the right to have personal data we hold about you deleted.
    • You have the right to receive or ask for your personal data to be transferred to a third party.
    • You have the right to object to how we process your personal data in certain circumstances e.g. you can ask us not to process your personal data for marketing purposes.
    • You may have the right to request not to be subject to any automated decision-making processes we operate
    • You may have the right to withdraw consent for processing of your personal data.


    You can read more about your rights here.

    If you would like to uphold your rights then please contact our Data Protection Officer at [email protected]If you are in dissatisfied with our response you also have the right to lodge a complaint with the Data Protection Authority. This can be done at https://ico.org.uk/concerns


    How we Collect your Data?

    We collect information from you when you register for quotes and/or policies, telephone our office, sign up for our newsletter, respond to a survey or marketing communication, surf the website and/or use certain other site features.

    In some cases, we may need personal data about others including your partner, family member or beneficiary. In these cases, you agree and accept liability that you have sought and obtained suitable consent before providing this information.

    When you accept messages via Whatsapp we store WhatsApp messages on our CRM system. We do not collect your image or status when we do so.


    What Data we Collect


    We will always be clear to explain when and why we need this data and the purposes for which we will use it and will obtain your explicit consent to do so. We try and minimise the data held and the exact data elements we hold will be dependent on your journey with us.

    We may collect and process your:

    • Name, date of birth, gender, marital status and contact details for example address, phone number, email address and optional WhatsApp integration to our CRM. 
    • Details of your spouse or partner, a joint applicant, next of kin, dependants, designated beneficiaries or trustees.
    • Financial data including income, expenditure, bank details, loans and credit agreements and any existing insurance arrangements.
    • Details of your professional advisers including financial adviser(s), solicitors and estate agents.
    • Employment details, including length of service, salary, place(s) of work, type of work undertaken, sick pay and salary/bonus entitlements.
    • Health data that is relevant to applying for a policy.
    • Criminal convictions relevant to insurance related activities such as underwriting, claims and fraud management.
    • CCTV images if you visit our offices.


    When handling your personal and health data, we may record and store it on audio files, paper files on our computer systems (websites, email, hard-drives and cloud facilities). When visiting our website, we may collect data such as your email and IP address as well as other online identifiers. Our Cookie Statement can be found on our website.


    What we use your Data for?

      We may use your data:

      • To provide you with our services e.g. to provide a quote, advice and a recommendation.
      • To apply for a policy.
      • To respond to your enquiries about such products.
      • To administer your plan, for arrears purposes and our wider relationship with you.
      • To validate your identity.
      • To help us improve the quality of our service and develop new ones


      How we Process your Data?

      Data is processed/stored on encrypted systems on-premises and on hosted cloud services.

      As such, some data will either be in UK and EU data centres or on US based servers. We may also process your data in countries outside the UK or European Union from time to time in other aspects of our business.

      We operate primarily in the United Kingdom, however as a multinational service provider, we may operate across a number of jurisdictions. We use the following safeguards with respect to data transferred outside the UK and European Union where an “adequacy decision” is not in place:

      • The processing is within the same corporate group as our business or organisation and is obligated to uphold the same standards of Data Protection and Security as our UK entity.
      • Further to Section 119A of the Data Protection Act 2018 and noting Case C-311/18 in the European Court of Justice, if your data is transferred or processed outside of the UK or EEA we ensure the safeguards of International Data Transfer Agreements (IDTAs) or Addendums are enforced. Where this is not possible, we ensure that European Standard Contractual Clauses are entered.

      We regularly review suppliers for data security compliance to ensure your data is safe and track where your data is held.

      All our processes are subject to various internal policies to ensure that your data privacy and security is upheld.


      Data to Third Parties

      We share information where others are involved in the delivery of your service. These include:

      ● Consultants, administrators, service providers, health assessors, insurers and reinsurers for the day-to-day provision of our financial products and/or services through secure insurer portals

      ● Guarantors, government and industry bodies; for example, HMRC, ABI, regulatory authorities, fraud and crime prevention organisations and law enforcement agencies.

      ● Other Caspian Assured Ltd trading styles for the purpose set out in this statement or if we transfer our assets to another entity.

      ● Third parties who operate services to allow you to review, evaluate and obtain financial products and/or services and who allow us to search for policies and assets.

      ● Any trustees of your policy.

      ● Any third party you instruct to act on your behalf.

      ● Where we have a legal obligation to


      In some cases these Third Parties will become Independent Data Controllers when we pass your data to them and Caspian do not warrant the use of your data by them. Please email [email protected] to obtain the full list of companies we may have shared your data with or if you have any concerns.


      Our website and other materials sent to you may contain links to other third-party websites. We may also offer buttons to social media that link to third party services. We’re not responsible for the availability, content or data privacy these sites provide through their tools or sites.


      Data Retention

      Dependant on the data you provide us and for what purpose it is provided we may need to retain your data. We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it. For example We will hold the data linked to applications and/or quotes made or requested through our website for a minimum of six years. We store CCTV footage for 60 days unless an incident occurs to our knowledge that may be required for evidence at a later stage. We may also need to retain your data for compliance with our legal and regulatory obligations for a longer period of time. If you wish to find out more about your specific data retention, please contact us.


      Data Permissions

      We always ask for consent when providing you quotations.

      Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation).

      Every marketing email sent from Us allows you to opt out of receiving emails from us, except for the purposes of fulfilling any contractual arrangements. You can also contact us at the email address above and request to opt out, view, export or delete your data. If you request for your data to be deleted, your name and email address will be added to an exceptions list and all other data removed to the extent possible.


      Legal Compliance

      We seek to uphold our legal obligations as covered by the Data Protection Act 2018, General Data Protection Regulation 2016 and the Privacy and Electronic Communications Regulations. Our Data Protection Authority is designated as the Information Commissioners Office (UK) (Registration ZA192229). We only warrant compliance with our legal obligations under the jurisdiction of the UK Courts.

      This Privacy Policy is reviewed on a regular basis and was last reviewed in July 2023. We will post the most current version on our website.