Like many businesses operating in the financial services sector, we need to collect and process personal data. In our case, it’s so we can carry out insurance broking on your behalf, which involves sharing your personal data with insurance companies to enable them to provide you with the most appropriate cover. Similarly, we’re required to collect your personal data to meet certain regulatory obligations. You can rest assured, however, that we will never use your personal data for profiling of any kind.
What’s Changing Under The GDPR
What’s different under the GDPR is that all companies must now have a legitimate reason to collect and process your personal data. The new regulation refers to this as the “lawful basis for processing” and sets out six different types of lawful basis. In CLEAR’s case, the main lawful bases allowing us to collect and process your data are ‘contractual’, ‘legal obligation’, and ‘legitimate interest.’
Sharing Your Data Securely with Other Service Providers
As well as insurers, we also share your personal data with other parties who are directly involved in your insurance. For example, loss adjusters, risk surveyors, and premium finance providers. Other service providers such as data hosting and technology suppliers will need us to share personal data with them on an on-going basis.
Remember that insurers and other parties, such as authorised contractors, may have different procedures and safeguards in place when handling your data. With this in mind, we already have confidentiality clauses included in all relevant third-party supplier contracts. But we are reviewing third-party data-processor contracts to ensure that they are in line with the GDPR.
How We Handle Your Personal Data and Keep It Safe
At CLEAR, only authorised staff and IT system administrators have access to your data. Furthermore, all our staff receive training to help them understand and implement the latest data protection rules and guidelines. They also undertake refresher training on data protection and other important topics as part of our ongoing development and competency procedures.
In addition, our computer network is password protected and secured using role-based permissions, which means only staff with the correct authorisation can view and process your personal data. Remote access to our computer network is permitted solely through a system of multi-factor authentication. Moreover, our network sits behind the most up-to-date application-based firewalls, providing real-time antivirus and intrusion protection.
We also have round-the-clock hardware and software monitoring, logging and auditing for our core systems and all users are subject to policies which cover computing equipment use, acceptable use, remote working and travel, email use and password use. Similarly, as part of our business-continuation procedures, we perform backups of our core data systems daily and store the backed-up data on and off site. We send the offsite backups in an encrypted format to a secure UK-based data centre.
How We Dispose of Hardware and Other Storage Media Containing Personal Data
We treat the disposal of all hardware and storage media with the utmost care, ensuring it’s dealt with securely and responsibly. All devices and storage media are either destroyed or recycled by a trusted contractor who meets the latest HMG InfoSec Standard.
CLEAR’s Privacy and Data Arrangements
Our customer privacy notice provides details of how we use and share your information as well as your rights and how to exercise them. You can access it at www.thecleargroup.com/privacy-policy.