This Privacy Notice covers the information practices of Venture Insurance as well as all Aston Lark group companies and their subsidiaries and associated companies, collectively referred to in this document as “Aston Lark”. For the full list, please click here. Each group company is a Data Controller in its own right.
We have appropriate safeguards in place, in accordance with our data protection obligations, for the protection of any Personal Data which we process. Our security controls are aligned to industry standards and good practice, providing a controlled environment that effectively manages risks to the confidentiality, integrity and availability of your information. Additionally, we ensure that our staff remain aware of our data protection obligations and are required to undertaken annual training and testing. We take the protection of your privacy and the confidentiality of your personal information (“Personal Data”) seriously. This Notice sets out how we meet our obligations regarding data protection and the rights of our customers, prospective customers, and former customers (“Data Subjects”) in respect of their Personal Data as defined under relevant data protection legislation (including the Data Protection Acts of 1998 and 2018 [“the DPA”], the General Data Protection Regulation effective from 25 May 2018 [“the Regulation”] and any subsequent data protection legislation).
The Regulation defines Personal Data as any information relating to an identified or identifiable natural person (a Data Subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Aston Lark is committed not only to the letter of the law, but also to the spirit of the law and places high importance on the correct, lawful, and fair handling of all Personal Data, respecting the legal rights, privacy, and trust of all individuals with whom we deal.
We have identified the Personal Data types that we process and the methods by which we process such Personal Data. We have assessed the inherent risk associated with each particular data type and process, and have in place practices and controls to minimise the risks of loss or damage through accident, negligence or deliberate actions. As well as reviewing this internally we also consider the processing activities of those third parties with whom we share data in order to meet our obligations to customers, staff, insurers, and those individuals that we deal with in our day-to-day activities.
We will collect information from you, your agents or representatives, as well as information received from:
This will include data that you input into our webpages, whether this is in relation to raising an enquiry with us, obtaining a quotation (even if this process is discontinued before being finished), or requesting documentation.
We will process Personal Data for and only to the extent necessary for the specific purpose(s) outlined in this document.
The Data Controllers shall ensure that all Personal Data processed is kept secure and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Your Personal Data will be used to enable us to fulfil our contractual obligations in relation to your insurance cover and the provision of any ancillary risk management services. Our processing of your Personal Data will include:
We will process special category and criminal conviction data we collect about you for the performance of our contract with you, which is deemed to be necessary for reasons of substantial public interest. This allows us to quote for and provide you with insurance products and services, to process claims and renewals and to administer your policy.
Where Personal Data about you is obtained from publicly available sources, we will only use such data fairly, meaning for legitimate purposes as would be anticipated of (and reasonably expected as) the activities of an insurance broker, or employee benefits consultant as appropriate, and not further processed in a manner that is incompatible with those purposes.
Aston Lark seeks to offer clients a wide range of insurance broking and employee benefit consulting services. The Data Controllers will therefore share Personal Data with each other in order to inform you of other similar contracts and services provided by our other group companies that we believe you may benefit from. We only share limited Personal Data to enable this, typically name, contact details and type of insurance/ investment/pension contracts you have effected and its associated renewal date. We will not share special categories of Personal Data (as defined in the Regulation), criminal convictions data or children’s data between Aston Lark group companies.
As a Data Controller, each entity is responsible for safeguarding your Personal Data. Where we have a specific Non-Disclosure Agreement in place with you, your data will only be shared with your explicit prior consent in accordance with its terms.
We may share your information with third parties only to the extent necessary to provide our services to you. These third parties may include:
We do not sell, rent or trade our mailing lists, phone numbers or email addresses.
Aston Lark may contact you about relevant products and services offered by Aston Lark which may be of interest to you as part of your insurance and risk management strategy and also to provide news or information related to our business and the wider insurance market that we believe may be of interest to you in accordance with our legitimate interests.
Former or prospective customers
You may have provided Personal Data to us (including Personal Data provided for a quotation not taken up) or we may have obtained details about you from publicly available Personal Data. Furthermore, you may have effected a contract with us but you subsequently cease to have a relationship with us (for example by having no active policies with us). In these circumstances, we will retain this data for a period not exceeding three years from the date of our last contact or engagement, and will use this data in order to contact you with regard to your insurances and to provide news or information related to our business and the wider insurance market that we believe may be of interest to you in accordance with our legitimate interests.
We want to make it easy for you to make your own choices as to what information you receive from us and how we contact you. Therefore, whether you are an existing, former or prospective client we will always remind you of your right to opt out of future marketing related communications each time we send such correspondence to you. You can elect not to receive any marketing related communications from us at all, or request that you only receive certain types of communication.
PLEASE REFER TO SECTION 13 BELOW FOR DETAILS OF THE DIFFERENT WAYS YOU CAN CONTACT US.
Where we have contracted with you for this service, we have outsourced this service to Motor Data Solutions (MDS) who may add information relating to your motor insurance policies to the Government’s Motor Insurance Database (MID) managed by the Motor Insurers’ Bureau (MIB). The MID and the data stored on it may be used by insurers, the police, DVLA/DVANI, and the Insurance Fraud Bureau or other bodies permitted by law for purposes including, but not limited to:
Where we use third parties to undertake functions on our behalf, as per examples provided in Section 5, above, we will only share relevant information with such third parties as is strictly necessary to enable them to perform those functions.
Information may also be supplied to our external auditors and professional regulatory bodies if required by them and to other parties if required or permitted by law.
It is our policy to retain documents and information about you, including insurances placed on your behalf, in electronic or paper format for a minimum of seven years or such longer period as appropriate having regard to when a claim or complaint may arise in connection with our processing of your information. The legal basis for this processing is that it is necessary to meet contractual, legal or regulatory obligations. After seven years, these may be destroyed or erased without notice to you. You should therefore retain all documentation issued to you.
You have the right to:
If you would like to exercise any of your rights above you may do so by contacting us – PLEASE SEE SECTION 13 BELOW FOR CONTACT DETAILS.
The Data Controllers may from time to time transfer (‘transfer’ includes making available remotely) Personal Data to countries outside of the EEA where this is necessary for us to provide our services to you. This will take place only if one or more of the following applies:
We will always strive to collect, use and safeguard your personal information in line with data protection laws. If you believe we have not handled your information as set out in this Privacy Notice, or that we have processed your personal information in a manner that is not consistent with your rights, please contact us and we will do our utmost to make things right.
PLEASE REFER TO SECTION 13 BELOW FOR CONTACT DETAILS.
If you are still unhappy, you can complain to the Information Commissioner’s Office. Their contact details are:
Information Commissioner’s Office
If you need to contact us relating to any matter associated with this Privacy Notice, the details of the Aston Lark Compliance team are listed below:
Tel: 01732 389 915
Email: [email protected]
Post: Data Protection Compliance Officer – Aston Lark Limited, One Creechurch Place, London, United Kingdom, EC3A 5AF
Alternatively, if you are an existing client of Aston Lark, please feel free to contact your usual advisor directly.