PRIVACY

Privacy Notice

Introduction

Welcome to CPP Secure Limited’s privacy notice. CPP Secure sells, and is an administrator of, insurance policies. This privacy notice provides details of how we will use, disclose, transfer and store personal information.

 

About us

CPP Secure Limited is a company registered in England and Wales with company number 10257192 whose registered office is at 6 East Parade, Leeds, United Kingdom, LS1 2AD (CPP Secure, us, we, our).

 

CPP Secure is registered as a Data Controller with the Information Commissioner’s Office with the registration number ZA224060. CPP Secure is registered with the Financial Conduct Authority with firm reference number 790304.

 

CPP Secure is part of the CPPGroup Plc group of companies (CPP Group). You can find out more about the CPP Group by visiting www.cppgroup.com.

 

If you have any questions about this privacy notice, please contact us using the details set out below.

 

Contact details

You can contact us:

• by post at: CPP Secure Limited, Data Protection, 6 East Parade, Leeds, United Kingdom, LS1 2AD; or
• by email at: DataPrivacy@cpp.co.uk

 

What personal information we collect and why

In order to provide insurance products, we will obtain personal information. Details of how that personal information will be used can be found in the privacy notice applicable to the insurance product purchased, which will be provided separately by us (“Product Privacy Notice”).

The information we obtain will may include, but is not limited to, name, address, contact details, occupation and date of birth. Where applicable, we may also collect sensitive personal information, e.g. relating to health. We also collect information from a number of publically available sources, third party insurance industry databases, loss adjustors and claims handling companies.

 

How personal information is used

We will only use personal information when the law allows us to. Most commonly, we will use personal information in the following circumstances:

• Where we need to administer the insurance policy.
• Where we need to comply with a legal obligation.

 

Who personal information might be shared with

We may share personal information with other organisations as necessary, these are:

• The insurer for the insurance products we offer, approved suppliers and service providers (which will include other companies within the CPP Group which provide services to us) where this is reasonably required to provide the insurance policy, deal with claims or provide services on our behalf. These suppliers may have access to personal information needed to perform their functions in relation to the insurance policy but are not permitted to share or to use such information for any other purpose.
• Third parties where this is necessary to comply with any statutory, legal or regulatory obligations.
• Other companies within the CPP Group e.g. to the extent needed for proper management and parental analysis and decision making.

 

How long your information is held

We will hold personal information for the duration of the insurance policy and for seven years after it ends.

 

International transfers

Whenever we transfer personal data out of the UK, we ensure a similar degree of protection is afforded to it.  We will only transfer personal data to countries that have been deemed to provide an adequate level of protection for personal data, or we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

 

Please contact us if you want further information on the specific mechanism used by us when transferring personal data out of the UK.

 

Data security

We have put in place appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process personal information on our instructions and they are subject to a duty of confidentiality.

 

We have put in place procedures to deal with any suspected personal data breach and will notify individuals and any applicable regulator of a breach where we are legally required to do so.

 

Rights under Data Protection legislation

Under certain circumstances, by law individuals we process personal information in relation to have the right to:

• Request access to their personal information, request correction of the personal information that we hold about them, request erasure of their personal information, object to processing of their personal information where we are relying on a legitimate interest (or those of a third party) and there is something about their particular situation which makes them want to object to processing on this ground, the right to object where we are processing your personal information for direct marketing purpose, request the restriction of processing of your personal information, and request the transfer of their personal information to another party.

 

Further details can be found in our Product Privacy Notices.

 

We will try to respond to all legitimate requests within one month from the date of request. Occasionally it may take us longer than a month if a request is particularly complex

 

Individuals also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (see www.ico.org.uk).  We would, however, appreciate the chance to deal with concerns before the ICO is approached so please contact us in the first instance.