Privacy Notice

Home / Privacy Notice

 

Privacy Notice

During your interactions with us, we may request information from you to assist with the management and administration of your insurance policy which may include providing quotations, as requested by you, prior to cover being placed. This notice sets out who we are, why we collect personal data and how we intend to use this information. We will also tell you who we may share your information with and how you can request access to this information.

This applies to information we collect about:

  • Visitors to our website.
  • People who use our services.
  • People who have entered into a contract of insurance with us or have begun the process of entering into a contract of insurance with us.
  • Employees (insured persons) of the insured party.
  • People identified as having a legitimate interest in our products and services.
  • Our employees/agents and employees/agents of third party companies we engage.

Who we are

We are School Shield Limited, a specialist staff absence insurance provider registered at 2 Regent Street, Knutsford, Cheshire WA16 6GR. We are responsible for the marketing, administration and claims handling associated with the insurance policies we offer. Any questions relating to data protection or our processing of personal data should be directed to our data protection officer at the above address or by email to compliance@schoolshield.com.

How we use personal data

We collect personal data to:

  • provide you with any requested quotations.
  • once cover has commenced, we collect information to manage your insurance policy, which may include general policy administration, underwriting and processing of any related claims.
  • implement wellbeing or occupational health provisions that may be appropriate or recommended from time to time.
  • contact you to send marketing, product information or promotional material that we believe you would have a legitimate interest in receiving.
  • Analyse the performance of our products and services to help us develop and improve them.

Why we use personal data

During the course of our dealings with you, we use your information to:

  • comply with our legal and regulatory obligations.
  • develop our products, services and systems to help improve your experience.
  • prevent and detect financial crime and fraud.
  • assess financial and insurance risks.
  • process and administer claims.
  • request occupational health or wellbeing services.

We may also:

  • share personal data with agents or third parties who carry out certain services or activities as part of your insurance contract with us.
  • periodically send promotional materials about new products or other information which we think you may find interesting using the contact information which you have provided.

Further information is provided within our policy documentation.

Types of personal data we collect

We may collect different types of personal data, depending on your relationship with us.

If you have not entered into a contract of insurance with us, we may collect:

  • Contact details of those responsible for making the decisions relating to staff absence insurance at your School, including names, position and email addresses.

If you have entered into a contract of insurance or have begun the process of entering into a contract of insurance, we may collect:

  • Contact details of those responsible for making the decisions relating to staff absence insurance at your School, including names, position and email addresses.
  • Details of any persons insured/to be insured under the contract, including names, dates of birth, job details.
  • In the event of a claim being made, this may extend to sensitive personal data such as health/medical information.

Lawful basis for processing

Whenever personal information is processed, the processor/controller must have a lawful basis for processing your personal information. We process personal information on the following lawful basis:

  • Contact details – Necessary to carry out the insurance contract or to take measures to enter into an insurance contract.
  • Insured persons – Necessary to carry out the insurance contract or to take measures to enter into an insurance contract. This information would general be provided by the Insured party (the School/employer) who must also document their lawful basis for providing this information.
  • Claim details (including special category data) – Necessary to carry our contractual obligations, specific and informed consent will be obtained from the data subject.
  • Email marketing – Legitimate interest of the Company (Us) and intended recipient (You). A legitimate interest assessment has been conducted and the interests of all parties involved are balanced and no breach of any individual rights has been identified.

Where we might collect personal data from

Depending on the information required or the preferences of the individual data subject, we may collect personal data from various sources, including:

  • You (the data subject)
  • Your employer
  • Your Doctor, GP, or other medical professional*
  • Other representatives as chosen by you
  • Government agencies*
  • Anti-fraud databases, sanctions lists and other databases
    *indicates the information would generally be obtained in the event of a claim.

Who we share personal data with

In order to fulfil our obligations under any contract for services we will need to share your data with third party controllers and processors, this may include:

  • The Financial Conduct Authority
  • The Financial Ombudsman Service
  • Any other regulators where so required
  • Policy underwriters and their agents

Our insurance policies are underwritten by Astrenska Insurance Limited (the underwriter), and any information you provide to us will be shared with the underwriter and their agents or appointed representatives as part of the process for arranging and carrying out your insurance contract.

Your information may also be shared with our agents or appointed representatives who provide specific services or activities as part of the normal operation of your insurance policy such as our Occupational Health and Wellbeing provider and our IT Service and Systems provider.

We will occasionally send out marketing literature that we believe is of interest to prospective, existing and former clients. The service provider we use for these marketing emails is dotmailer limited ‘dotmailer’ and we may use dotmailer to process contact details such as emails addresses to help us carry out this processing activity.

Your information can also be disclosed when we believe that the disclosure is either required by law, to protect the safety of our employees or the public, or in the event of a merger, asset sale or other related transaction such as a change in the policy underwriter.

Where we store your personal information

All the data that we collect is stored on our encrypted servers or encrypted back-up servers in the UK or with our listed processors under contract.

How long we may retain your personal information

We will keep your personal data only for as long as is necessary for the original purpose that the information was obtained. Depending on the type of information and the reason it was collected, this will generally be for as long as your policy is in force, for as long as there is any possibility of a legal claim brought under the insurance contract or where we have a legal, regulatory or contractual reason for retaining such information.

Sensitive information (special category personal data)

When arranging your cover or administering a claim, we may at times ask for sensitive personal data as defined by the General Data Protection Regulations article 9 (medical information for example). We will only use this sensitive personal data for the specific purpose that it is requested for and will only share such information to parties not mentioned within this privacy notice with the data subjects explicit consent. As our claims administration activities are carried out on behalf of the underwriter, any information we collect relating to claims processing can be disclosed to them in accordance with the insurance contract that has been established. Consent will always be obtained and recorded when we gather this type of personal data and the purpose and intended recipients will also be outlined within the obtained consent.

Personal or sensitive information of others

Where you provide us with information about another person (for example an employee), it is your responsibility to ensure that:

  • the individual is aware of who we are and how we may use their information.
  • you have their permission to share that information and have it processed by us.

It is recommended that they are provided with a copy of, or instructions to access, this privacy notice so that they will be aware of who we are, how we use personal data and to whom that data may be disclosed to. We have put measures and processes in place to ensure that we process personal and sensitive personal data in accordance with the provisions set out by all relevant data protection laws. It is your responsibility to ensure that you comply with all data protection requirements, whether this is as a Data Controller or a Data Processor.

Third party processors/controllers

Wherever we engage with third party data processors, for example, our OH/Wellbeing provider, we will ensure that they have sufficient processes and controls in place to adhere to Data Protection laws and requirements and will have agreements in place that outline and govern each parties’ responsibilities.

Access to information

Data Subjects have the right to request a copy of all the personal data we hold about them and to know what we use this information for. To request this, you should contact the Data Protection Officer at 2 Regent Street, Knutsford, Cheshire WA16 6GR. This is referred to as a subject access request and will be processed by us within a month of the request being received. There will be no charge to request this service, however, a small fee may be charged to cover administrative costs in dealing with your request if the request is deemed to be manifestly unfounded or excessive (for example, repetitive requests for information).

Visitors to our website

When you visit our website, we use third party services to collect standard information and details of visitor behaviour patterns to analyse information such as numbers of visitors to specific sections of our website. The information collected in this way is only processed in a way that does not allow you to be identified. We do not make any attempt to identify the individuals visiting our website in this way and will only process personal data in accordance and for the reasons outlined within this privacy notice.

Email marketing

We will occasionally send out marketing literature that we believe is of interest to prospective, existing and former clients. We use a legitimate interest basis for processing personal data relating to the business email addresses of individuals for the purpose of sending out marketing emails that contain product updates, marketing literature and useful information that we believe you may find of interest. We have carried out an assessment of the interests of all parties involved and believe that the processing of personal data for this purpose is reasonable and justified as a legitimate interest. We use dotmailer limited to send marketing emails and may share School contact details such as email addresses to enable this to take place.

Telephone calls and emails

Telephone calls to or from us may be recorded for training, monitoring and quality purposes and any email communications may be monitored as permitted by UK law.

Complaints

We are registered as a Data Controller in the UK with the Information Commissioner’s Office. Please visit https://ico.org.uk/for-the-public/#ICO for more information.