PRIVACY POLICY

PRIVACY POLICY

Please take time to read this carefully as it contains details of the basis on which we will process (including collecting, using, sharing, transferring) and store your information. You should show this notice to all parties related to this insurance arrangement. If you have given us information about someone else, you are deemed to have their permission to do so.

If you have any questions or need further information you can e-mail help@jurny.co.uk or write to our Data Protection Officer, Jurny, Prospect House, Halesowen B62 8DU.

Use Of Information

We will process and store your personally identifiable information in accordance with the requirements of the General Data Protection Regulations (GDPR) and Data Protection Act 2018.

Data Controller And Data Processor

We will ensure data is processed lawfully, fairly and in an open and transparent manner. We will ensure appropriate security measures are in place against unauthorised or unlawful processing or accidental loss, destruction or damage using appropriate technical or organisational measures e.g. restricting access to key people within our organisation for certain aspects of your information, and periodically checking the level of security we apply to prevent unauthorised use, accidental loss, or misuse of your information.

We are governed by and shall operate in accordance with contracts we have in place with our suppliers (e.g. Insurance Companies, our Software Provider, and similar providers of services to us) which set out our relationship as a processor as required by the GDPR.

As a controller, we in certain circumstances also determine the purposes and means of processing data. In particular, the data processed by Minerva Science Limited and other processors, e.g. when we act as a wholesale distributor of insurance, and our Telematics Device data processor, Wunelli Limited.

Lawful Bases Collecting Information About You

We will collect personal data which will include a variety of information about you e.g. your name, address, communication and contact details, and your date of birth. We will also collect, where relevant to do so, information relating to you indirectly by reference to an identifier e.g. your IP address.

Where required and appropriate to do so, we will also collect more sensitive personal information such as, details about an individual’s motoring or criminal convictions, details of health, credit worthiness and other similarly sensitive information.

In certain circumstances, we will collect information from a variety of different sources such as, publicly available sources, including social media and networking sites, third party databases generally available to the financial services sector, and the wider commerce and industry including, credit reference agencies, claims management firms, loss adjusters and/or other suppliers appointed in the process of handling a claim. We will also collect information from you regarding your past policies.

Using Information About You

We will use information, including sensitive information, about individuals, and other parties related to our group companies’ insurance activities, because it is:

  1. necessary for the performance of or to take steps for an individual to enter into a contract of insurance; or
  2. necessary for compliance with a legal obligation; or
  3. necessary to protect the vital interests of a data subject or another person; or
  4. necessary for our own legitimate interests or those of other controllers or third parties (e.g. to search at credit reference agencies, monitor e-mails, calls and other communications or for market research, analysis and developing statistics), except where such interests are overridden by the interests, rights or freedoms of the data subject.

These bases include, providing an insurance quotation, arranging and placement of a policy or wholesale facility, and providing administration throughout the lifecycle of an insurance arrangement, as well as assisting with making a claim.

In certain circumstances, such as when you request a quotation, make changes to an existing policy or at each renewal, our assessment may involve an automated decision to determine whether we are able to provide you with an insurance arrangement. You can object to us using an automated decision (see the individual rights section) however, in those situations it may prevent us from being able to provide you with insurance.

When processing personal data for profiling purposes either undertaken by the My Policy Group (see Group Companies section), we will ensure appropriate safeguards are in place, ensuring:

  1. processing is fair and transparent and provide meaningful information about the logic involved, as well as the significance and the envisaged consequences;
  2. use appropriate mathematical or statistical procedures for the profiling;
  3. appropriate technical and organisational measures are in place to enable inaccuracies to be corrected and minimise the risk of errors; and
  4. secure your personal data in a way that is proportionate to the risk to your interests and rights and prevents discriminatory effects.

We will also use your information when there is a justifiable reason for doing so, such as compliance with legal obligation e.g. for the prevention and detection of fraud and financial crime, which may include processes which profile you; and for the recording and monitoring of telephone calls for auditing reasons.

Analytics (Aggregated Information)

By collecting information regarding your current, ongoing and past insurance arrangements or policies, we will use this to carry out research and analysis (including profiling) principally as part of the actuarial and wholesale services (but not limited to) activities we carry on to provide insurance arrangements to you, now and in the future.

We will do this in such a way, which involves large volumes of information being converted into statistical or aggregated data meaning a particular individual can no longer be identified.

Some aspects of the research and analysis undertaken are separate from using your information directly in connection with your insurance arrangement but are compatible with our activities as a provider of insurance.

Sharing Your Information

We will share information, including sensitive information, about you, and other parties related to this insurance because it is:

  1. necessary for the performance of or to take steps for you to enter into a contract of insurance; or
  2. necessary for compliance with a legal obligation; or
  3. necessary to protect your vital interests; and or
  4. necessary for our own legitimate interests or those of other controllers or third parties; and
  5. necessary for a task carried out in the public interest or for an exercise of an official authority (e.g. a regulatory body).

This includes sharing your information with carefully selected third parties providing a service to us, or on our behalf. These include, Insurance Providers, Minerva Science Limited (including activities undertaken as a wholesale distributor of insurance), Wunelli Limited and/or Close Premium Finance Limited.

What We Will Not Do With Your Information

Unless required to do so by law, or for other similar reasons, other than those outlined in the sharing your information section, we will never share personal information without good reason and without ensuring the appropriate care and necessary safeguards are in place. We will in any other event ask for your consent to share that information and explain the reasons.

How Long We Will Keep Information

We will only keep and/or maintain information about an individual for as long as is necessary in providing our products and services, or for compliance with a legal or regulatory obligation, including our legitimate interests or the legitimate interests of a controller e.g. Minerva Science Limited and other processors, such as Wunelli Limited.

This means we will only keep information that is necessary to keep, necessary to deal with queries, claims and for compliance with legal reasons, usually for a maximum retention period of 14 months for any quotations and/or up to a maximum period of 7 years after cessation of a product or service we have provided.

Where we are required to retain information beyond this period (e.g. for legal reasons) we will ensure the data we retain is minimised so, in the example given here, this would be limited to information which is adequate and relevant for legal reasons.

In the interests of information security, we treat General Packet Radio Service (GPRS) data differently (See GPRS section). This category of data is treated in the same way as sensitive data (see the Sensitive Data section for more information).

This shall be in compliance with the GDPR legislations and using appropriate technical or organisational measures we will regularly:

  1. review the length of time we keep and/or maintain information about you;
  2. consider the purpose or purposes why we hold the information about you in deciding whether and for how long to retain it;
  3. securely delete information about you that is no longer needed for this purpose or purposes; and
  4. update, archive or securely delete information about you if it goes out of date.

Sensitive Data

In carrying out our duties as Data Controller and Data Processor we will collect sensitive information about you and other parties related to this insurance because it is:

  1. necessary for the performance of or to take steps for you to enter into a contract of insurance;
  2. necessary for compliance with a legal obligation;
  3. necessary to protect your vital interests;
  4. necessary for our own legitimate interests or those of other controllers or third parties; and
  5. necessary for a task carried out in the public interest or for an exercise of an official authority (e.g. a regulatory body).

What we mean by sensitive data includes information such as:

  1. your health, including medical conditions;
  2. motoring or other criminal convictions;
  3. a wide range of journey data from your telematics device; and
  4. racial or ethnic origin or religious beliefs.

We will always apply additional organisational and technical measures for this category of data, including restrictions to access this data, and key-coding of journey data (this is where your journey data is secured with additional layers of security to prevent misuse and protect personally identifiable information).

GPRS Data

General Packet Radio Service (GPRS) is a packet orientated mobile data technology used by the JURNYmeter to transmit information about the way the motor vehicle in which it is fitted, is being driven.

Typically, this is the information you can view in your Driver Dashboard, which includes the journeys you have undertaken.

Because we treat this type of information in the same way as sensitive data, we will only keep journey information that is necessary to keep, and purely for compliance with legal reasons (see how long we will keep information section), for a minimum retention period of 7 years after cessation of a product or service we have provided.

We will apply appropriate organisational and technical measures for this category of data including restricting access to key people within our organisation for certain aspects of your information (typically this will be in relation to the journey data we maintain outside what you can access in your Driver Dashboard).

In the event that you no longer have a current or ongoing insurance arrangement with us, we will usually, after a period of between 12 and 14 months, take further steps to safeguard your journey data (this is where your journey data is secured with additional layers of security to prevent unauthorised access, misuse and to ensure we always protect personally identifiable information).

Use And Storage Of Your Information Overseas

We will never knowingly transfer, store, or process information about you outside the European Economic Area (EEA). In any event, if we are compelled to transfer your information outside the EEA, it shall be in compliance with the conditions for transfer set out in the GDPR and/or restricted to a country which is considered to have adequate data protection laws. All reasonable steps shall typically have been undertaken to ensure the firm has suitable standards in place to protect your information.

Using Our Website And Cookies

You will be asked to accept a cookie, which is a small file of letters and numbers that is downloaded on to your computer when you visit our website. This will be clearly explained to you when you visit our website and you will typically have to accept the cookie to benefit from the services our website can offer.

Cookies are operated in strict accordance with Privacy and Electronic Communications Regulations 2011 (PECR) and are widely used by many websites and enable our website to remember your preferences, recording information you have entered.

These same rules also apply if you access or use any other type of technology to gain access to information stored electronically by us e.g. the JURNY dashboard using your smartphone or similar portable device.

Individual Rights

You have a number of rights relating to the information we hold about you; these rights include but are not limited to:

  1. a copy of your personal information we hold;
  2. rectify information, if it is inaccurate or incomplete;
  3. request the deletion or removal of your personal data where there is no compelling reason for its continued processing;
  4. suppress processing of your personal data, when processing is restricted, we are permitted to store the personal data, but not further process it. We will retain sufficient information about the individual to ensure that the restriction is respected in future (see Marketing);
  5. object to certain uses of your personal information (see Marketing);
  6. in certain circumstances to not be subject to a decision when it is based on automated processing and/or it produces a legal effect or a similarly significant effect on you;
  7. withdraw any permission you have previously provided; and
  8. complain to the Information Commissioner’s Office at any time if you are not satisfied with our use of your information.

You can request a copy of your personally identifiable information we hold by contacting us. You have a right to data portability so we will normally provide that information in a format that is easily accessible e.g. in a CSV format, should you require it to allow your information to be exchanged easily with other organisations. We will provide this information free of charge, however we may apply a charge where information requests are excessive.

For further information please e-mail help@jurny.co.uk or write to our Data Protection Officer, Jurny Limited, Prospect House, Halesowen B62 8DU.

Marketing Section

We will ask you separately for your permission to contact you and how you would like to be contacted e.g. by phone, e-mail, push notifications, SMS, or post to tell you about:

  1. new products or services we have or are developing;
  2. trialling products and services which we think may improve our service to you or our business processes;
  3. offer you rewards;
  4. enter you into a competition.

We will typically ask for your permission when you first contact us (usually on our website), but you will maintain the right to easily withdraw your consent whenever you wish. We will regularly review your consent to check that your relationship with us, the processing and the purposes for processing have not changed.

We will have processes in place to refresh your consent at appropriate intervals, including any parental consents and act on withdrawals of consent as soon as we can. We will not penalise you if you choose not to give or later choose to withdraw your consent.

Group Companies

The My Policy Group operates under a number of trading names including:

Jurny (a trading name of My Policy Limited), My Policy Limited which is an insurance intermediary, and My Policy Limited trading as Measured Miles which acts a distributor (wholesaler) of insurance, and Minerva Science Limited which provides our actuarial services.

For more information on the My Policy Group companies please visit www.mypolicy.co.uk.

End.