Our Approach to Privacy
The privacy and security of your personal information is very important to us. Any personal information submitted to us will be subject to the provisions of the General Data Protection Regulation (“GDPR”) and any legislation enforced within the UK in order to comply with GDPR.
Who we are
Universal Legal Protection Ltd (“ULP”)
ULP are specialist insurance and funding brokers.
When we collect your data
We collect information about you when:
- you visit our websites
- you contact us
- you request a quotation or indication for insurance and/or funding
- you request a report from our consultancy service
- you take out an insurance Policy and/or funding agreement
- you notify a claim
- you request a change to your Policy
- you buy another product or service from us
Some cookies are required to enjoy and use the full functionality of the website.
What information we collect
ULP will be what is known as the ‘controller’ of the personal data you provide to us. In arranging and managing insurance Policies and/or Funding Agreements on your behalf, we may receive and process personal information about you. Depending upon the type of insurance Policy or funding requested, we may need to request and process information that falls within different categorisations, however we will never ask for information that is not relevant to the product being sought.
The personal information we collect about you may include:
- Name, Address, Phone Number, Email
- Marital Status
- Date and Place of Birth
- Government identification numbers - National Insurance, Social Security, Passport, Tax, Driver’s License)
- Family Information
- Banking Information
- Health Information / Medical History
- Criminal History
- Credit History and Credit Score
- Claims/Policy Numbers
Who we share your information with
ULP will share your personal data with third parties that are necessary to source the products and services that you require. ULP will also share this information with third parties that assist in business administration. These third parties can include (but are not limited to):
- Insurers and their Reinsurers
- Managing General Agents or similar (acting on Insurers’ behalf)
- Funders, Credit Providers and/or Agencies
- Regulatory bodies, fraud prevention and Law enforcement bodies (where we are required to do so to comply with our legal and regulatory obligations)
- Legal, financial and other third parties who provide services to help us administer our business
Your information may also be disclosed to third parties when we believe in good faith that the disclosure is required:
to protect the safety of our employees, the public or our property to comply with a judicial proceeding, court order or legal process in the event of a merger or sale of ULP’s business.
How we store your data
All personal data that we hold is processed and stored on databases hosted in the UK.
How long we keep it
We will keep your personal information only so long as is necessary to provide service to you under your Policy and/Funding Agreement. Specifically, we will keep your information for so long as a claim may be brought under the Policy, or where we are required to keep your personal information to satisfy legal or regulatory obligations.
What are your rights?
If at any point you believe the information we process about you is incorrect, you can request to see this information and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the Information Commissioner’s Office (ICO).
Our Data Protection Officer is Richard Myrtle and you can contact him at firstname.lastname@example.org.
Technical Data Processing Policy – Version 1.1 17-05-18
This website is built and hosting on the Fledge Content Management System stack (“Fledge”) and we describe here how this underlying technology works and the principles put in place with our website technology provider to observe personal data processing obligations.
- The Fledge team have fully assessed their own GDPR compliance both in terms of the services they offer to us and in terms of their own internal policies and procedures.
- The Fledge team have appropriate technical and personnel protocols in place to ensure the security of your data
- The Fledge team carry out due diligence against any sub-processors or other third party processors and ensure their GDPR compliance (such as data centres)
- The Fledge team only allow specific members of staff access to servers and what access that is available, is limited to specific circumstances
- The Fledge team do not transfer your data outside the EEA (all services are hosted in the UK)
- The Fledge staff are trained in GDPR compliance and understand their responsibilities for managing the systems that process your personal data
You are the owner of the data you submit to our services. When your data is placed on a Fledge server, the Fledge team do not access the data we store on their services, except where required to support technical queries to us, and any processing (as a Data Processor) is only in terms of the hosting services they provide to us. They do not use your data for any processing of their own. They do not share or provide access to any of your data with third parties unless required to do so by law. Where authorised parties request access to their servers, they follow strict internal policies for dealing with such requests in line with existing UK law. Furthermore, the third parties are required to demonstrate they have a lawful reason to access the data and under what authority.
- Session – We use a cookie called allows us to identify when a user has visited the site. This cookie is an essential part of serving site content to you. Without such a cookie, you would not be able to properly view our site and basic functions of our site would not work. We also use a cookie that allows to detect a user’s geographical location, mainly using the IP address of the connection point. In some cases, this cookie can redirect malicious uses of our site away from our server.
- Source Data - Fledge records the source of how you got to our site, including for example from another website or from a link to our website.
- Log Files - Fledge collects information about you when you visit our site including which pages you visit, when you have visited them etc. The server may also keep log files which contain data about the device you’re using, the IP address, internet service provider, operating system, timestamps and files you view from our site.
- IP Addresses – By visiting our site, your IP address will be recorded by our servers and stored in log files. These log files are used for record keeping, tracking referring websites, inferring your general location, and for security purposes to avoid SPAM, abuse and DDOS attacks.
- Device Data – We collect data about the device and system you use to access our site. In particular, we collection your IP address, operating system, device type, browser type and your general location of accessing the site.
- Analytics – We use analytical cookies that allow us to recognise and count the number of visitors and to see how visitors move around the site when they are using it. This helps us to improve the way our site works, for example by making sure users are finding what they need easily. The collected data provides us only with anonymous traffic statistics (like number of page views, number of visitors, and time spent on each page). By continuing to use our site, you accept the site’s use of audience measurement cookies.
- Usage – We use a cookie that allows us to measure activity on our site, so that we can better evaluate which types of content and formats are interesting and valuable for our visitors.
- AB Testing – We use A/B cookies and multivariate testing to identify a visitor's browser and to analyse the use of this site.
Legal Basis for Processing
Fledge will collect your usage statistics and submitted details on our behalf. Fledge then stores and processes those on our behalf. If you would like your data to be erased, rectified, accessed or for any other queries about your responses, please contact us directly.
As the legal basis of processing data, it is necessary for the purposes of the legitimate interests pursued by both us and our technology providers. Our legitimate interests are:
- Distinguish you from other users of our website and help to improve our website’s performance and your experience of using our website
- Make it easier and more convenient for you to interact with us, including responding to enquiries and provide customer support, and to improve or modify our services
- For regulatory purposes and compliance with industry standards and to ensuring secure usage of the site and to conduct manual or systematic monitoring for fraud and other harmful activity
Fledge will retain data for the period necessary to fulfil the purposes outlined in this policy unless a longer retention period is required or permitted by law. Please note that we have a variety of obligations to retain data provided to us, including to help identify fraud and malicious computer usage such as hacking, phishing, and ransomware attacks. Accordingly, even if you chose to submit a data amendment request, we may retain certain data to meet our obligations under the law.
Contacting the Fledge Team
Attention: Fledge Team, Pint Sized Giants Ltd, i-Lab, Stannard Way, Bedford, MK44 3RZ, UK