DOA Underwriting Ltd is an independent underwriting agency, wholesale broker and principal company for David Oliver T/as David Oliver Associates and DOA Special Facilities Ltd. We provide services to both individuals and companies by placing insurance via specific delegated authority arrangements, with other insurers direct or via sub brokers.

Insurance is the pooling and sharing of risk in order to provide protection against a possible eventuality. In order to do this, information, including your personal information, needs to be shared between different insurance market participants.

In order for us to provide you with a quote and then insurance, and deal with any claims or complaints that might arise, we need to collect and process data about you. This makes the relevant DOA company a ‘data controller’. In this notice we use ‘we’ or ‘us’ or ‘DOA’ to refer to the organisation acting as data controller of your information.

The personal information that we collect will depend on your relationship with us. We will collect different personal information depending on whether you are a policyholder, a beneficiary under an insurance policy, a claimant, a broker, another third party or member of staff or job applicant.

In certain circumstances we may request and/or receive ‘sensitive personal information’ about you. For example, if it is relevant, we may need access to information about your health in order to provide you with a quote, provide you with your insurance policy, or process any claims you make. We may also need details of any unspent criminal convictions you have for purposes such as preventing, detecting and investigating fraud. If you provide personal information to us about other individuals (for example, members of your family or as a sub agent acting on behalf of customers) you agree that you will inform the individual about the contents of this notice and obtain any required consent for the processing of that individual’s personal data in accordance with this notice.

Please click on the relevant section below for detailed information about the types of personal information we are likely to collect and use about you in different circumstances.

Policyholder or beneficiary under an insurance policy

This section will apply if you apply for or take out an insurance policy with us directly or if you are listed as an applicant or beneficiary under a policy that someone else has with us (e.g. a named person on a travel policy).

Personal information

• General information such as your name, address, contact details, date of birth, gender and relationship to the policyholder (where you are not the policyholder).
• Information about your job including job title, your status as a director or partner, employment history, education history and professional accreditations.
• Information which is relevant to your insurance policy including details of previous insurance policies and claims history. This will depend on the type of policy you hold with us. For example, if you hold a property owners policy, we may collect and use information which relates to your property or if you hold a travel policy, we may collect and use information which relates to your travel plans.
• Information relevant to any claim or complaint you may make. This will depend on the type of claim or complaint you make. For example, if you make a claim following a holiday, we may use personal information which relates to your trip and named persons on the policy.
• Financial information such as your bank details, payment details and information obtained as a result of our credit checks. This may include details of any bankruptcy orders, individual voluntary arrangements or county court judgments.
• Information relating to criminal convictions (including offences and alleged offences and any court sentence or unspent criminal conviction).
• Information (including photographs) obtained as a result of carrying out checks of publicly available sources such as newspapers and social media sites in the event that we suspect fraudulent activity.
• Information we obtain as a result of checking sanctions lists.
• Information such as your IP address and browsing history obtained through our use of cookies. You can find more information about this in our cookies policy which can be found here.
• Information obtained during telephone recordings.
• Your marketing preferences and details of your customer experience with us.

Sensitive personal information

• If relevant, details of your current or former health condition. For example, if you hold a travel policy, we may ask you about any medical conditions that affect you, another member of your party or any other person upon whose health your trip depends.
• In limited circumstances, we may process other sensitive personal information including details of your race; ethnicity; religious or philosophical beliefs; political opinions; trade union membership; genetic or biometric data; or data concerning your sex life or sexual orientation if relevant to your policy or claim. For example, we may process information relating to your trade union membership if you take out a policy with us via your trade union body and we may process information relating to your religious beliefs if relevant as part of your medical treatment.

Third party under a commercial insurance

This section will apply if your information is processed in relation to a commercial insurance policy held by a third party (for example, if you are an employee of a business which we insure).

Personal information

• General information such as your name, address, contact details, date of birth and gender.
• Information about your job including job title, your status as a director or partner, employment history, education history and professional accreditations.
• Information relevant to any claim made.
• Information relating to previous insurance policies or claims.
• Financial information such as your bank details and payment details.
• Information relating to your criminal convictions (including offences and alleged offences and any court sentence or unspent criminal conviction).
• Information (including photographs) obtained as a result of carrying out checks of publicly available sources such as newspapers and social media sites in the event that we suspect fraudulent activity.
• Information we obtain as a result of checking sanctions lists.
• Information such as your IP address and browsing history obtained through our use of cookies. You can find more information about this in our cookies policy which can be found here.
• Information obtained during telephone recordings.

Sensitive personal information

• If relevant, details of your current or former health condition. For example, if you are injured whilst at a property insured, and the owner of the property makes a claim under their insurance policy in relation to your injury.
• In limited circumstances, we may process other sensitive personal information including details of your race; ethnicity; religious or philosophical beliefs; political opinions; trade union membership; genetic or biometric data; or data concerning your sex life or sexual orientation if relevant to the policy. For example, we may process information relating to your religious beliefs if relevant as part of your medical treatment.

Brokers, appointed representatives and other business partners

This section will apply if you are a broker doing business with us, an appointed representative or other business partner such as an introducer or supplier.

Personal information

• General information such as your name, address and contact details.
• Information about your job such as job title, your status as a director or partner, employment history, education history and professional accreditations.
• Information we obtain as a result of checking sanctions lists.
• Financial information obtained as a result of our credit checks. This may include details of any bankruptcy orders, individual voluntary agreements or county court judgements.
• Information relating to your criminal convictions (including offences and alleged offences and any court sentence or unspent criminal conviction).
• Other information (including publicly available information) obtained as part of our due diligence checks.

We collect personal information from a number of different sources, including:

• Directly from you;
• Other third parties involved in administering insurance policies or claims (such as our business partners and representatives, brokers or other insurers, claimants and defendants;
• Other third parties who provide a service in relation to our insurance policies or claims (such as loss adjusters, claims handlers, experts (including medical experts) and other service providers);
• Publicly available sources such as internet search engines, news articles and social media sites;
• Other companies within the DOA Group;
• Credit reference agencies;
• Financial crime detection agencies and databases (such as for fraud prevention and checking against international sanctions) including the Claims Underwriting Exchange (known as ‘CUE’);
• Government agencies such as the police, the National Crime Agency, the DVLA or HMRC;
• Third parties who provide us with details of individuals who have expressed an interest in hearing about insurance products;
• In limited circumstances, private investigators.
• Third-party data suppliers (for example in relation to flood modelling data);
• Our own websites.

We may use your information for a number of different purposes. For each purpose we must have a ‘legal ground’ to use your personal information in such a way.

When the information that we process is classed as ‘sensitive personal information’, we must have a specific, additional ‘legal ground’ to process such information.

Generally, we will rely on the following ‘legal grounds’ as appropriate:

• We need to use your personal information to enter into or perform a contract that we hold with you. For example, we need to use your personal information to provide you with a quote or to provide your insurance policy and other associated products (e.g. legal expenses cover). We will rely on this for activities such as assessing your application, managing your insurance policy, handling claims and providing other products to you.
• We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you.
• We need to use such personal information to establish, exercise or defend our legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves.
• We have an appropriate business need to use your personal information. We will rely on this for activities such as maintaining our business records, training and quality assurance, and developing and improving our products and services.
• We need to use your personal information for reasons of substantial public interest. For example, we might need to carry out investigations into fraudulent claims or money laundering.
• You have provided your consent to our use of your personal information (e.g. in relation to your marketing preferences).
• Where appropriate we apply an exemption for Insurance purposes.

You will find further details of our ‘legal grounds’ for each of our processing purposes set out below.

To carry out fraud, credit and anti-money laundering checks.

Legal grounds

• The use is necessary to enter into or perform a contract that we hold with you.
• We have an appropriate business need (to prevent fraud and other financial crime).

To evaluate your insurance application and provide you with a quote

Legal Grounds

• The use is necessary to enter into or perform a contract that we hold with you.
• We have an appropriate business need (to assess your insurance application and manage the application process).

Legal ground for sensitive personal information

• Where appropriate we apply an exemption for Insurance purposes.

Managing insurance claims

Legal Grounds

• The use is necessary to enter into or perform a contract that we hold with you.
• We have an appropriate business need (to assess and pay your claim and manage the claims process).

Legal ground for sensitive personal information

• Where appropriate we apply an exemption for Insurance purposes.
• We need to use your information in order to establish, exercise or defend our legal rights.

Preventing and investigating fraud. This might include sharing your personal information with third parties such as the police, other insurance companies, brokers, service providers such as loss adjusters, fraud prevention agencies and database providers and other financial services providers.

Legal Grounds

• The use is necessary to enter into or perform a contract that we hold with you.
• We have an appropriate business need (to prevent and detect fraud and other financial crime).

Legal ground for sensitive personal information

• Where appropriate we apply an exemption for Insurance purposes.
• We need to use your information in order to establish, exercise or defend our legal rights.

Communicating with you and resolving any complaints that you might have.

Legal grounds

• The use is necessary to enter into or perform a contract that we hold with you.
• We have an appropriate business need (to send you communications, record and investigate complaints and ensure that future complaints are handled appropriately).

Legal ground for sensitive personal information

• Where appropriate we apply an exemption for Insurance purposes.
• We need to use your information in order to establish, exercise or defend our legal rights.

Complying with our legal or regulatory obligations

Legal grounds

• We need to use your information in order to comply with our legal obligations.

Legal ground for sensitive personal information

• Where appropriate we apply an exemption for Insurance purposes.
• We need to use your information in order to establish, exercise or defend our legal rights.

To apply for and claim on our own insurance

Legal grounds

• We have an appropriate business need (to ensure that we have appropriate insurance in place).

Legal ground for sensitive personal information

• Where appropriate we apply an exemption for Insurance purposes.
• We need to use your information in order to establish, exercise or defend our legal rights.

For insurance risk modelling and product and pricing refinement

Legal grounds

• We have an appropriate business need (to develop and improve the products and services we offer).

Legal ground for sensitive personal information

• Where appropriate we apply an exemption for Insurance purposes.

Providing improved quality, training and security (for example, through recorded or monitored phone calls to our contact numbers, or carrying out customer satisfaction surveys).

Legal grounds

• We have an appropriate business need (to develop and improve the products and services we offer).

Additional legal ground for sensitive personal information

• Where appropriate we apply an exemption for Insurance purposes.

Managing our business operations, such as by maintaining accounting records, carrying out analysis of financial results, using information to meet internal audit requirements, and receiving professional advice (e.g. tax or legal advice).

Legal grounds

• We have an appropriate business need (to effectively manage our business).

Provide marketing information to you in accordance with preferences you have expressed

Legal grounds

• You have given us your explicit consent.
• We have an appropriate business need (to send you selected communications about other products and services we offer).

From time to time, we may share your personal information with the other companies in our group or with third parties. We will keep your personal information confidential and only share it with the third parties listed below for the purposes explained in section 5.

If you would like further information regarding the disclosures of your personal information, please contact us using the details set out in section 13 below.

Disclosures within the DOA Group

We may share your personal information with other companies in the DOA Group including where:

• One of our Group companies is placing your insurance policy with another group company;
• One of our Group companies is unable to provide you with an insurance policy but another might be able to assist you;
• We are arranging our own insurance;
• Necessary for our business administration purposes;
• We are using information for the prevention or detection of fraud or other crime;
• We need to report information within our group of companies.

Disclosures to third parties

We may disclose your personal information to the third parties listed below where relevant to the purposes described in this notice. This might include:

• Our insurance partners such as brokers, other insurers or other companies who act as insurance distributors;
• Other third parties who assist in the administration of your insurance policy or claim, such as loss adjusters, claims handlers, accountants, auditors, banks, lawyers and other experts including medical experts;
• Companies who provide you with certain services such as legal expenses cover;
• Our regulators;
• Fraud detection agencies and other third parties who operate and maintain fraud detection registers or undertake investigations in cases of suspected insurance fraud;
• The police and other third parties (such as banks or other insurance companies) where reasonably necessary for the prevention or detection of crime;
• Other insurers who provide our own insurance;
• Industry bodies (such as the Association of British Insurers, Lloyd’s Market Association or Employers’ Liability Tracing Office);
• Credit referencing agencies and third parties who carry out sanctions checks on our behalf;
• Our third-party service providers, such as IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers and tax advisers;
• Selected third parties in connection with any sale, transfer or disposal of our business;
• Where necessary, courts and other alternative dispute resolution providers (such as arbitrators, mediators and the Financial Ombudsman Service).

We may use your personal information to provide you with information about products or services which may be of interest to you where you are an existing customer or where you have provided your consent for us to do so.

We are committed to only sending you marketing communications that you have clearly expressed an interest in receiving. If you wish to opt out of marketing, you may do so by clicking on the ‘unsubscribe’ link that appears in all emails or telling us when we call you. Otherwise you can always contact us using the details set out in section 13 to update your contact preferences.

Please note that, even if you opt out of receiving marketing messages, we may still send you service related communications where necessary.

We collect and process information about you for the purpose of arranging and administering contracts of employment. Your information is also used for business purposes such as fraud prevention and financial management. This may involve sharing or obtaining information about you within our group of companies and other third parties such as insurers, credit reference agencies, service providers, professional advisors, our regulators, fraud prevention agencies and governmental databases.

We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years, 10 years for FCA Approved Persons, after which time it will be destroyed. More information on retention can be found within this privacy policy.

If you would like to be kept informed about the particular use of your data please contact our Data Protection Officer (DPO), furthermore if at any point you believe the information we process on you is incorrect you can request to see this information and even have it corrected or deleted.

What information do we collect about you?

To enable us to take the necessary steps to consider you for a position at DOA, we may collect the following information:

• You – First Name, Surname, Address, Postcode, Date of Birth, email address, phone number, current employment details and status including salary, current notice period, your right to work in the UK, a copy of your current CV, an applicable covering letter.
• Optional – expected salary, disability status including special arrangements for an interview, details of interest in future vacancies.
• We also ask employees for health information and bank details. Also other information as part of credit searches.

Under what basis do we collect your information?

We collect your information as part of the initial steps of the recruitment process which may lead to the eventual creation of a contract between us should you be offered a position at DOA.

We have a legal obligation to ask about your disability status to give you the option of providing that information should you wish to do so.

It is not necessary to provide any of the optional information in order to be considered for a position and it is your choice if you choose to provide that information.

Legal grounds

• The use is necessary to enter into a contract of employment with you.

How will we use your information?

We will use your data for:

• Administering your application.
• Creating records in HR and recruitment systems.

We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this notice.

We are also required to keep certain information in order to comply with our legal and regulatory obligations.

The exact time period will depend on your relationship with us and the type of personal information we hold. For example, if you take out an insurance policy with us, we will keep your personal information for longer than if you obtain a quote from us but do not take out a policy.

If you would like further information regarding the periods for which your personal information will be stored, please contact us using the details set out in section 13.

We (or third parties acting on our behalf) may store or process information that we collect about you in countries outside the European Economic Area (‘EEA’). Where we make a transfer of your personal information outside of the EEA we will take the required steps to ensure that your personal information is protected.

Such steps may include placing the party we are transferring information to under contractual obligations to protect your personal information to adequate standards.

If you would like further information regarding the steps we take to safeguard your personal information, please contact us using the details set out in section 13.

We use a range of organisational and technical security measures to protect your information, including firewalls and access controls, which we review periodically. We also ensure that our employees receive appropriate data security training.

Under data protection law you have certain rights in relation to the personal information that we hold about you. There will not be a charge for dealing with these requests. You may exercise these rights at any time by contacting us using the details set out in section 13.

Please note:

• in some cases we may not be able to comply with your request (for example, where there is a conflict with our own obligations to comply with other legal or regulatory requirements). However, we will always respond to any request you make and if we can’t comply with your request, we will tell you why;
• in some circumstances exercising some of these rights (including the right to erasure, the right to restriction of processing and the right to withdraw consent) will mean we are unable to continue providing you with insurance and may therefore result in its cancellation. You will therefore lose the right to bring any claim or receive any benefit, including in relation to any event that occurred before you exercised your right of erasure, if our ability to handle the claim has been prejudiced. Your policy terms and conditions set out what will happen in the event your policy is cancelled.

Your rights include:

The right to access your personal information

You are entitled to a copy of the personal information we hold about you and certain details of how we use it.

Your information will usually be provided to you in writing, unless otherwise requested, or where you have made the request by electronic means, in which case the information will be provided to you by electronic means where possible.

The right to rectification

We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it.

The right to erasure

In certain circumstances, you have the right to ask us to erase your personal information, for example where the personal information we collected is no longer necessary for the original purpose or where you withdraw your consent. However this will need to be balanced against other factors. For example, we may have legal and regulatory obligations which mean we cannot comply with your request.

The right to restriction of processing

In certain circumstances, you are entitled to ask us to stop using your personal information, for example where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to use your personal information.

The right to data portability

In certain circumstances, you have the right to ask that we transfer personal information that you have provided to us to another third party of your choice.

The right to object to marketing

You can ask us to stop sending you marketing messages at any time. If you wish to opt out of marketing, you may do so by clicking on the ‘unsubscribe’ link that appears in all marketing emails or telling us when we call you. Otherwise you can always contact us using the details set out in section 13. Please note that even if you opt out of receiving marketing messages, we may still send you service related communications where necessary.

Rights relating to automated decision-making

Sometimes we may make decisions using automated means where such decisions are necessary in relation to your insurance policy. The automated process will consider the information that you provide us (for example, details of the property that you wish to insure), as well as other information such as postcode and local crime rate to determine whether your application for insurance can be accepted and the premium price.

If you have been subject to an automated decision and do not agree with the outcome, you can contact us using the details set out in section 13 and ask us to review the decision.

The right to withdraw consent

For certain uses of your personal information, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information.

Please note that for some purposes, we need your consent in order to provide your policy. If you withdraw your consent, we may need to cancel your policy or be unable to pay your claim. We will advise you of this at the point you seek to withdraw your consent.

The right to lodge a complaint with the Information Commissioner’s Office (‘ICO’)

You have a right to complain to the ICO if you believe that any use of your personal information by us is in breach of applicable data protection laws and regulations. More information can be found on the ICO website: https://ico.org.uk/.

Making a complaint will not affect any other legal rights or remedies that you have.

If you would like further information about any of the matters in this notice or have any other questions about how we collect, store or use your personal information, you may contact our data protection officer by telephoning 01371 878538 or by emailing us at compliance@doainsurance.co.uk.

From time to time we may need to make changes to this notice, for example, as the result of changes to law, technologies, or other developments. You should check our website periodically to view the most up-to-date notice. This notice was last updated on: 17th May 2018.