Data Protection

We are governed by the Data Protection legislation applicable in both the United Kingdom and Gibraltar. Under this legislation we are required to tell you about how we will use the information that you give us, who we may share information with and the systems we have in place that allow us to detect and prevent fraudulent applications for insurance and claims.

The processing of personal data is governed by the General Data Protection Regulation 2016/679 (“the GDPR”).

Pukka Insure Ltd will be the data controller of your data for the purposes of the GDPR. This means that we exercise control over the processing of the personal data and carry data protection responsibility for it. Our contact details are shown below:

Pukka Insure Ltd

Suite 2

The Cottage

13-15 Giro’s Passage

Gibraltar

GX11 1AA

Email: compliance@pukka.gi

 

Why we need your data

Insurance administration

The information that you give to us will be used by us and your insurance intermediary and anybody appointed by us or them for the purposes of administering your insurance or a claim. It may be disclosed to reinsurers and to regulatory authorities for the purposes of monitoring our or your insurance intermediary’s compliance with regulatory requirements.

Where this happens we will ensure that anyone to whom we send your information agrees to treat it with the same level of protection as if we were dealing with it.

We and your insurance intermediary may undertake checks against publicly available information (such as electoral roll, county court judgements, bankruptcy orders or repossessions). These checks may be made when you take out insurance with us or if you make a claim and the information shared with anyone acting on our behalf to administer your insurance or a claim (e.g. loss adjusters or investigators).

Credit searches

To help us prevent fraud and to check your identity, we and your insurance intermediary may search files made available to us by credit reference agencies, who may keep a record on that search.

 

Types of data collected

In order to assess the terms of your insurance or to administer a claim we may need to collect personal data, some of which is defined as sensitive (such as medical conditions and convictions).

This information may include:

  • basic personal details such as your name, address, e-mail address or date of birth; additional information about your lifestyle and insurance requirements, such as details of your insured vehicle, your home or access to other vehicles;
  • sensitive personal information – in certain cases we may collect sensitive personal information such as medical information or disclosures about previous convictions. This policy wording explains why we need this information and the purposes for which we will use it;
  • information about other members of your household or family, for example, family members who may use your insured vehicle.

The legal basis for processing your data

The legal basis for processing your basic personal data as described above is the necessity for the performance of a contract of insurance between you and us, and in some cases for us to comply with a legal obligation, or in our legitimate interests.

The legal basis for processing your sensitive personal data as described above is substantial public interest, or where we deal with legal claims.

How we will use your data

Insurance underwriting purposes i.e. to examine the potential risk in relation to your (and/or a third party’s) prospective policy so that we can:

  • consider whether to accept the relevant risk;
  • make decisions about the provision and administration of insurance and related services for you (and members of your household);
  • validate your claims history (or the claims history of any person or property likely to be involved in the policy or claim) at any time, including upon application for insurance, in the event of an accident or a claim, or at a time of renewal.

Management information purposes i.e. to analyse insurance and other markets for the purposes of:

  • portfolio assessment;
  • risk assessment;
  • performance reporting;
  • management reporting.

 Anti – fraud purposes i.e. to detect and prevent fraudulent claims and/or activities by:

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity.  If fraud is detected, you could be refused certain services, finance or employment.  Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be requested from us by contacting compliance@pukka.gi.

 

Claims management purposes

In the event of a claim we may need to disclose information with any other party involved in that claim such as third parties involved in the incident, their insurer, solicitor or representative and medical teams, the police or other investigators.  We also may have to investigate your claims and conviction history.

 

Motor Insurance Database

Information relating to your insurance policy will be added to the Motor Insurance Database (MID) managed by the Motor Insurers’ Bureau (MIB). MID and the data stored on it may be used by certain statutory and/or authorised bodies including the police, the DVLA, the DVANI, the Insurance Fraud Bureau and other bodies permitted by law for purposes including but not limited to:

  1. Electronic Licensing;
  2. Continuous Insurance Enforcement;
  3. Law enforcement (prevention, detection, apprehension and or prosecution of offenders);
  4. The provision of government services and or other services aimed at reducing the level and incidence of uninsured driving;
  5. If you are involved in a road traffic accident (either in the UK, the EEA or certain other territories), insurers and or the MIB may search the MID to obtain relevant information;
  6. Persons (including his or her appointed representatives) pursuing a claim in respect of a road traffic accident (including citizens of other countries) may also obtain relevant information which is held on the MID.

 

It is vital that the MID holds your correct registration number. If it is incorrectly shown on the MID you are at risk of having your vehicle seized by the police.

  • you can check that your correct registration number details are shown on the MID at www.askmid.com;
  • you can find out more about the MID by visiting the MIB web site at www.mib.org.uk;
  • you should show these notices to anyone insured to drive the vehicle(s) covered under this insurance.

 

DVLA – MyLicence

The “MyLicence” programme gives insurers access to accurate data from the Driver and Vehicle Licensing Agency (“DVLA”) on motoring entitlements, convictions, and penalty points when providing quotes for insurance policies.

 

  1. Insurance underwriting purposes:

MyLicence is used for insurance underwriting purposes i.e. to examine the potential risk in relation to your  (and/or a third party’s) prospective policy so that we can:

  • Provide your (or any person included on the statement of fact) Driving Licence Number (“DLN”) to the DVLA to confirm your (or the relevant person included on your application for insurance), licence status, entitlement and relevant restriction information and endorsement/conviction data. Searches may be carried out prior to the date of the insurance policy and at any point throughout the duration of your insurance policy including at the mid-term adjustment and renewal stage. A search of the DLN with DVLA should not show a footprint against your (or another relevant person included on the statement of fact) driving licence.
  • Search your (or any person included on the statement of fact) no claim discount details against a No Claim Discount Database (“NCD”) to obtain information in relation to your no claim discount entitlement. Such searches may be carried out against your (or the relevant person included on the statement of fact) driving licence.
  • Searches may be carried out at a point of quote and if an insurance policy is incepted at the renewal stage.

 

  1. Anti-fraud purposes: 
  • Undertaking searches against your (or any person included on the statement of fact) DLN against details held by the DVLA to confirm your licence status, entitlement and restriction information and endorsement/conviction data. This helps insurers check information to prevent fraud and reduce incidence of negligent misinterpretation and non-disclosure. A search of the DLN with the DVLA should not show a footprint against your (or any person included on the statement of fact) driving licence.

 

Your personal data will not be used for marketing. It will only be shared with organisations involved with the administration of your insurance policy or as otherwise set out in this Data Protection Notice.

 

We will pass details of your no claim discount to certain organisations to be recorded on the NCD Database. This will occur if information required updating or correcting at any stage, and also at the renewal stage of your policy and upon or after the cancellation of your policy prior to the expiry date.

 

For details relating to information held about you by the Driver and Vehicle Licencing Agency (“DVLA”) please visit www.dvla.gov.uk.

 

How long we keep your data

We are required by law to keep your basic personal data (name, address, contact details) for a minimum of six years. Your information will be kept for a maximum of seven years by Pukka Insurance Ltd after which time it will be destroyed.

 

Fraud prevention, detection and claims history

Under the conditions of your policy you must tell us about any insurance related (such as accidents, fire, water damage, theft, etc.) whether or not they give rise to a claim. When you tell us about an incident we will pass information relating to it to industry databases.

We may search these databases when you apply for insurance, in the event of any incident or claim, or at the time of renewal to validate your claims history or that of any other person or property likely to be involved in the policy or claim.

In order to prevent and detect fraud we may at any time:

  • share information about you with other organisations and public bodies including the police;
  • check and/or file your details with fraud prevention agencies and databases, and if you give us false or inaccurate information and we suspect fraud, we will record this.

We and other organisations may also search these agencies and databases to:

    • help make decisions about the provision or administration of insurance, credit and related services for you and members of your household;
    • trace debtors or beneficiaries, recover debt, prevent fraud and to manage your accounts or insurance policies;
    • check your identity to prevent money laundering, unless you furnish us with other satisfactory proof of identity;
  • undertake credit searches and additional fraud searches.

We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.

We  also process your sensitive  personal data on the basis that it is necessary in the substantial public interest for us to prevent fraud and money laundering, and to verify identity, in order to protect ourselves and to comply with laws that apply to us.

Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to seven years.

Automated decisions

As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact us using the details above.

Consequences of processing

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or we may stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services to you. If you have any questions about this, please contact us on the details above.

 

Data transfers

Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

 

Insurance agencies and databases

We pass information to the Claims and Underwriting Exchange Register (CUE) and the Motor Insurers’ Anti-Fraud and Theft Register (MIAFTR) , run by the Motor Insurance Bureau (MIB). The aim is to help us to check information provided by you and also to prevent fraudulent claims. These registers may be searched in considering any application of insurance in connection with this policy. We will pass any information relating to any incident (such as an accident or theft), which may or may not give rise to a claim under this policy and which you have to notify us of in accordance with the terms and conditions of this policy, to the relevant registers.

 

Insurers

We may pass information about you and this policy to insurance companies with which we either reinsure our business or who are dealing with a claim made under this policy. In addition, information may be passed to other insurance related organisations in common with industry practice. These companies will usually be located in countries inside the European Economic Area (“EEA”). Where information is passed to companies outside of the EEA, we will make sure they comply with the same standards of data security as though they were located inside de EEA.

 

Your rights and your personal data

Under the GDPR, you have the following rights with respect to your personal data:

You are entitled to receive a copy of the information we hold about you. A request for personal data is free, unless the request is manifestly unfounded or excessive, in which case a reasonable fee may be charged.  

We want to make sure that your personal data is accurate and up to date.  You are entitled to rectify any inaccurate personal data held by us.  You have a right to request that your personal data held by us is erased, subject to meeting certain criteria.  If you would like to find out more details, please write to us at the contact details provided below.

You have the right to restrict or object to processing your data. Please note that this may result in the cancellation of your policy where we feel your data is necessary for the performance of your insurance contract with us.

Please be reassured that we will not make your personal details available to any companies other than those to provide services relating to your insurance with us.

You have the right to data portability. This right allows you to obtain the information previously provided to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hinderance from us.

You have the right to object, on grounds relating to your particular situation at any time to processing your personal data.

You have the right to object to direct marketing at any time to the processing of your personal data.

If you would like to find out more about your rights or exercise any of the above, you can write to the Compliance Department at Pukka Insure Ltd. Our address is shown below:

Compliance Department

Pukka Insure Ltd

Suite 2

The Cottage

13-15 Giro’s Passage

Gibraltar

GX11 1AA

 

Alternatively, you may request the information by emailing compliance@pukka.gi.

 

If you wish to raise a complaint on how we have handled your personal data, you can contact our Compliance Department who will investigate the matter.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Gibraltar Regulatory Authority, see contact details below:

Gibraltar Regulatory Authority

2nd Floor

Eurotowers 4

1 Europort Road

Gibraltar

GX11 1AA