You must read this Privacy Notice carefully as it explains how we use your personal information
In taking out this Insurance Policy with Mulsanne Insurance Company Limited, you or your insurance intermediary have supplied us with your personal information, and this Privacy Notice explains how we will use it. In this Privacy Notice, “we”, “us” and “our” refers to Mulsanne Insurance Company Limited.
When we say, “you” and “your” in this notice, we mean anyone whose personal information we may collect, including:
• Anyone seeking an insurance quote from us or whose details are provided during the quotation process.
• Policyholders and anyone named on or covered by the policy.
• Anyone who may benefit from or be directly involved in the policy or a claim, including claimants and witnesses.
Who we are
Mulsanne Insurance Company Limited is an insurance company owned by Ormiston Holdco Limited and act as a Data Controller. We are part of a Group of Companies including Complete Cover Group Limited, Hyperformance Limited, Key Claims and Administration Services Limited, Dayinsure.com Limited and Abacai Technologies Limited.
Our offices are located at First Floor, Grand Ocean Plaza, Ocean Village, Gibraltar.
When providing personal information about others, you confirm that you have the consent of these individuals to supply their personal information. We are unable to offer you any product or service unless you provide explicit consent for the collection and use of sensitive personal data as defined in data protection laws.
You have the right to withdraw consent at any time (see ‘Your Rights’). This may limit or terminate the contract of insurance that you originally entered into with us. Due to legal obligations with road traffic laws and regulatory requirements we may not be able to remove your personal information.
How we use your information
Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you. Your information includes personal details that you provided to us or your insurance intermediary, which is then used in a number of ways to process your insurance application, administer your insurance policy or any subsequent claim that you may make. The processing of the information you provide is necessary for the performance of the contract, including:
• Providing quotes;
• Performing vehicle and driving licence check, and validating information provided;
• Maintaining and updating your policy record;
• Administering your policy including handling claims;
• The renewal of your policy;
• Processing any claim that you or someone else makes;
• Understanding our customer’s needs and requirements;
• Analysing and research of products and services provided in our Group of Companies;
• Analysing the premium, and terms and conditions we offer where automated decision making applies;
• Performing credit checks and validating information provided to us;
• Dealing with complaints;
• Preventing financial crime to meet our legal obligations.
Where we process special categories of data (including data relating to health or criminal convictions), we will do this on the basis that it is necessary for the performance of your insurance contract and for reasons of substantial public interest.
Automated decision making, including profiling
We may use profiling and automated decision making, to assess insurance risks, detect fraud, and administer your policy. As part of the processing of your personal data, ‘accept’ or ‘decline’ decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if:
• our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers; or is inconsistent with your previous submissions; or
• you appear to have deliberately hidden your true identity.
This helps us decide whether to offer you insurance, determine prices and validate claims. If you disagree with the outcome of an automated decision please contact our Head of Operations by email at firstname.lastname@example.org or by phone on 0344 573 1241 and we will review the decision.
We also use computer systems to carry out modelling. Sometimes using your personal information and sometimes using data in anonymised form. We conduct this modelling for a variety of reasons, for example, for risk assessment purposes to make decisions about you, such as your likelihood to claim. However, we may also use your personal information in that modelling to make decisions about how we improve and develop our products and services, or our pricing, or to better understand how our prospective customers make decisions about which policy is the optimal policy (i.e. we are not making decisions directly about you).
CONSEQUENCES OF PROCESSING
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services, goods or financing you have requested, or to employ you, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us please contact our Head of Operations by email at email@example.com or by phone on 0344 573 1241.
What personal information we collect
We collect the following types of personal information about you so we can complete the activities explained in “How we use your information:”
• Basic personal details such as name, age, address and gender
• Family, lifestyle and social circumstances, such as marital status, dependants and employment type
• Financial details such as bank account, direct debit or payment card information, and other information to access your financial status
• Vehicle details
• Photographs and/or video to help us manage policies and assess claims
• Tracking and location information if it is relevant to your policy or claims, and in some cases surveillance reports
• Identification checks and background information about you we need to collect in order to assess the risk to be insured including previous claims information, data relating to your health and criminal convictions, included requesting a copy of your driving licence summary;
• Medical information if it is relevant to your policy or claim
• Accessibility details if we need to make reasonable adjustments to help
• Business activities if it is relevant to your policy or claim
• Credit history, credit score, sanctions/PEP (politically exposed person) check results and information received from various anti-fraud databases about you.
• Identifiers assigned to your computer or other internet connected device including your Internet Protocol (IP) address.
How we collect personal information
We may collect personal information from various sources including you, your representative, your employer or from publicly available sources, including information you have made public, for example on social media.
We also collect information from other persons or organisations, for example:
• Credit reference and/or fraud prevention agencies such a TransUnion
• Emergency services, law enforcement agencies, medical and legal practices
• Insurance industry registers and databases used to detect and prevent insurance fraud, for example the Claims and Underwriting Exchange (CUE)
• Governmental and regulatory bodies such as HMRC, MIB (Motor Insurers’ Bureau), the Financial Conduct Authority, the Prudential Regulation Authority, the Financial Ombudsman Service, the Information Commissioner’s Office, and the Insurance Fraud Bureau (IFB)
• Insurance investigators and claims service providers
• Service providers who provide the service for our products
• Debt collection agencies who collect money owed to us
• Other involved parties, for example; claimants or witnesses.
Who do we share your information with
We may share your personal information with third parties and other companies within our Group of Companies for the purposes mentioned in ‘How we use your information’, please contact the Data Protection Officer for a full list of Group companies.
We may share your information with third parties, including our product and service suppliers, or other insurers, reinsurers, parties involved in handling a claim, and fraud prevention agencies including the Insurance Fraud Bureau (IFB) https://insurancefraudbureau.org/ . We may also share with the police and government bodies if we believe that this is reasonably required for the prevention and detection of crime and fraud. This assists in keeping your premiums low.
We may also share your information with other companies within the Group that administer policies on our behalf or prospective buyers or purchasers in the event we or the Group of Companies wishes to sell all or part of its business.
We may pass your details and any information or documentation you provide to us to the recognised centralised insurance industry registers and databases, credit reference agencies, and policy and claims checking systems. Data may also be released to third parties if we are required to do so under the terms of a court order or for regulatory purposes or in the investigation and settlement of a claim or a complaint.
When we and fraud prevention agencies process your personal data, we do so on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
We, and fraud prevention agencies, may also enable law enforcement agencies to access and use your
personal data to detect, investigate and prevent crime.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
We will only share your information in compliance with data protection laws.
How long will we keep your information
We will only hold your information for as long as necessary to administer the policy, manage our business or in order to comply with legal or regulatory requirements. This will be in line with our data retention policy.
Transferring personal information outside the UK
Some of the organisations we share your personal information may be located outside of the UK where your personal information is protected by laws equivalent to those in the UK. If we have to transfer data to organisations in a third country outside the UK, our contracts with these parties require them to provide an equivalent level of protection for your personal information to ensure your data continues to be protected by ensuring appropriate safeguards are in place.
You have the right to:
• Object to us using your personal information. We will either agree to stop using it or explain why
we are unable to;
• Ask for a copy of the personal information we hold about you, subject to certain exemptions;
• Ask us to update or correct your personal information to keep it accurate;
• Ask us to delete your personal information from our records if it is no longer needed for the original purpose;
• Ask us to restrict the use of your personal information in certain circumstances;
• Ask for a copy of the personal information you provided to us, so you can use it for your own purposes;
• Ask us, at any time, to stop using your personal information, if using it is based only on your
• Complain about how we handle your data (see ‘Who to contact’ below).
Who to contact
If you wish to exercise any of your rights, or have any queries about how we use your personal information, please contact our Data Protection Officer by email at firstname.lastname@example.org, or write to the Data Protection Officer, 18-19 Station Road, Sunbury on Thames, Surrey, TW16 6SU.
We will consider your request and either comply with it or explain why we are not able to. Please note, we may request evidence of your identity to process your request.
If you are not happy with any aspect of how we handle your data, we encourage you to come to us in the first instance but you are entitled to complain to the Gibraltar Regulatory Authority, 2nd floor, Eurotowers 4, 1 Europort Road, Gibraltar, or ☏ (+350) 20074636, or email email@example.com.
If however you wish to complain to the Information Commissioner’s Office (ICO) in the United Kingdom then contact the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilsmlow, Cheshire, SK9 5AF, or ☏ 0303 123 1113, or via the contact links on their website: https://ico.org.uk/concerns/.