We are governed by the Data Protection legislation applicable in both the United Kingdom and Gibraltar. Under this legislation we are required to tell you about how we will use the information that you give us, who we may share information with and the systems we have in place that allow us to detect and prevent fraudulent applications for insurance and claims.
The processing of personal data is governed by the General Data Protection Regulation 2016/679 (“the GDPR”).
Pukka Insure Ltd will be the data controller of your data for the purposes of the GDPR. This means that we exercise control over the processing of the personal data and carry data protection responsibility for it. Our contact details are shown below:
Pukka Insure Ltd
13-15 Giro’s Passage
The information that you give to us will be used by us and your insurance intermediary and anybody appointed by us or them for the purposes of administering your insurance or a claim. It may be disclosed to reinsurers and to regulatory authorities for the purposes of monitoring our or your insurance intermediary’s compliance with regulatory requirements.
Where this happens we will ensure that anyone to whom we send your information agrees to treat it with the same level of protection as if we were dealing with it.
We and your insurance intermediary may undertake checks against publicly available information (such as electoral roll, county court judgements, bankruptcy orders or repossessions). These checks may be made when you take out insurance with us or if you make a claim and the information shared with anyone acting on our behalf to administer your insurance or a claim (e.g. loss adjusters or investigators).
To help us prevent fraud and to check your identity, we and your insurance intermediary may search files made available to us by credit reference agencies, who may keep a record on that search.
In order to assess the terms of your insurance or to administer a claim we may need to collect personal data, some of which is defined as sensitive (such as medical conditions and convictions).
This information may include:
The legal basis for processing your basic personal data as described above is the necessity for the performance of a contract of insurance between you and us, and in some cases for us to comply with a legal obligation, or in our legitimate interests.
The legal basis for processing your sensitive personal data as described above is substantial public interest, or where we deal with legal claims.
Insurance underwriting purposes i.e. to examine the potential risk in relation to your (and/or a third party’s) prospective policy so that we can:
Management information purposes i.e. to analyse insurance and other markets for the purposes of:
Anti – fraud purposes i.e. to detect and prevent fraudulent claims and/or activities by:
The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be requested from us by contacting firstname.lastname@example.org.
In the event of a claim we may need to disclose information with any other party involved in that claim such as third parties involved in the incident, their insurer, solicitor or representative and medical teams, the police or other investigators. We also may have to investigate your claims and conviction history.
Information relating to your insurance policy will be added to the Motor Insurance Database (MID) managed by the Motor Insurers’ Bureau (MIB). MID and the data stored on it may be used by certain statutory and/or authorised bodies including the police, the DVLA, the DVANI, the Insurance Fraud Bureau and other bodies permitted by law for purposes including but not limited to:
It is vital that the MID holds your correct registration number. If it is incorrectly shown on the MID you are at risk of having your vehicle seized by the police.
The “MyLicence” programme gives insurers access to accurate data from the Driver and Vehicle Licensing Agency (“DVLA”) on motoring entitlements, convictions, and penalty points when providing quotes for insurance policies.
MyLicence is used for insurance underwriting purposes i.e. to examine the potential risk in relation to your (and/or a third party’s) prospective policy so that we can:
Your personal data will not be used for marketing. It will only be shared with organisations involved with the administration of your insurance policy or as otherwise set out in this Data Protection Notice.
We will pass details of your no claim discount to certain organisations to be recorded on the NCD Database. This will occur if information required updating or correcting at any stage, and also at the renewal stage of your policy and upon or after the cancellation of your policy prior to the expiry date.
For details relating to information held about you by the Driver and Vehicle Licencing Agency (“DVLA”) please visit www.dvla.gov.uk.
We are required by law to keep your basic personal data (name, address, contact details) for a minimum of six years. Your information will be kept for a maximum of seven years by Pukka Insurance Ltd after which time it will be destroyed.
Under the conditions of your policy you must tell us about any insurance related (such as accidents, fire, water damage, theft, etc.) whether or not they give rise to a claim. When you tell us about an incident we will pass information relating to it to industry databases.
We may search these databases when you apply for insurance, in the event of any incident or claim, or at the time of renewal to validate your claims history or that of any other person or property likely to be involved in the policy or claim.
In order to prevent and detect fraud we may at any time:
We and other organisations may also search these agencies and databases to:
We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
We also process your sensitive personal data on the basis that it is necessary in the substantial public interest for us to prevent fraud and money laundering, and to verify identity, in order to protect ourselves and to comply with laws that apply to us.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to seven years.
As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact us using the details above.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services to you. If you have any questions about this, please contact us on the details above.
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
We pass information to the Claims and Underwriting Exchange Register (CUE) and the Motor Insurers’ Anti-Fraud and Theft Register (MIAFTR) , run by the Motor Insurance Bureau (MIB). The aim is to help us to check information provided by you and also to prevent fraudulent claims. These registers may be searched in considering any application of insurance in connection with this policy. We will pass any information relating to any incident (such as an accident or theft), which may or may not give rise to a claim under this policy and which you have to notify us of in accordance with the terms and conditions of this policy, to the relevant registers.
We may pass information about you and this policy to insurance companies with which we either reinsure our business or who are dealing with a claim made under this policy. In addition, information may be passed to other insurance related organisations in common with industry practice. These companies will usually be located in countries inside the European Economic Area (“EEA”). Where information is passed to companies outside of the EEA, we will make sure they comply with the same standards of data security as though they were located inside de EEA.
Under the GDPR, you have the following rights with respect to your personal data:
You are entitled to receive a copy of the information we hold about you. A request for personal data is free, unless the request is manifestly unfounded or excessive, in which case a reasonable fee may be charged.
We want to make sure that your personal data is accurate and up to date. You are entitled to rectify any inaccurate personal data held by us. You have a right to request that your personal data held by us is erased, subject to meeting certain criteria. If you would like to find out more details, please write to us at the contact details provided below.
You have the right to restrict or object to processing your data. Please note that this may result in the cancellation of your policy where we feel your data is necessary for the performance of your insurance contract with us.
Please be reassured that we will not make your personal details available to any companies other than those to provide services relating to your insurance with us.
You have the right to data portability. This right allows you to obtain the information previously provided to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hinderance from us.
You have the right to object, on grounds relating to your particular situation at any time to processing your personal data.
You have the right to object to direct marketing at any time to the processing of your personal data.
If you would like to find out more about your rights or exercise any of the above, you can write to the Compliance Department at Pukka Insure Ltd. Our address is shown below:
Pukka Insure Ltd
13-15 Giro’s Passage
Alternatively, you may request the information by emailing email@example.com.
If you wish to raise a complaint on how we have handled your personal data, you can contact our Compliance Department who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Gibraltar Regulatory Authority, see contact details below:
Gibraltar Regulatory Authority
1 Europort Road