SURE THING INSURANCE SERVICES LIMITED PRIVACY NOTICE
At Sure Thing! we want to ensure that we manage your personal data/information in the right way and provide you with clear information on how we do this. We will never sell your personal data to anyone.
Sure Thing! is committed to respecting and protecting your privacy and any information you provide us with. This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you. It applies to all products and services, and instances where we collect your personal data, including via our website, over the phone or information you send us by any means. It will also detail information regarding your rights and how we protect the privacy of our website users.
Who are we?
We are Sure Thing! (which is a trading name of Sure Thing Insurance Services Limited) which is part of the QMetric Group Holdings Limited group.
This privacy notice applies to personal information processed by us either on our own behalf or on behalf of QMetric Group Holdings Limited and all of its subsidiaries and group companies.
Please note: in the Privacy Notice, “our”, “we” and “us” refer to QMetric Group Holdings Limited and all of its subsidiaries and group companies.
Use the links below to find out more about how we use your personal data:
Changes to this privacy notice
We may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes whenever you visit our website – https://www.surething.co.uk
Sure Thing! and our Data Protection Officer
We are, Sure Thing Insurance Services Limited, our registered address is Dukes House, 32 -38 Dukes Place, London, England EC3A 7LP and our trading address is 2 Parklands Avenue, Maxim 3 Eurocentral, Motherwell, ML1 4WQ. We are a data controller of your personal data.
We have a dedicated data protection officer (“DPO”). You can contact the DPO using the details below.
Personal information that we’ll process in connection with all of our products and services, if relevant, includes:
- Personal and contact details, such as title, full name, relationship status, address details, contact details and contact details history
- Your date of birth, gender and/or age
- Details of other people, such as, named drivers, people involved in a claim
- Records of your contact with us such as via the phone number of our contact centre and, if you get in touch with us online using our online services or via our social media site or via email, details such as your mobile phone location data, IP address and MAC address
- Products and services you hold with us, as well as products you have been interested in and products you have held in the past and the associated payment methods used
- The usage of our products and services, claims and whether those claims were paid out or not (and details related to this)
- Marketing to you, including history of those communications, whether you open them or click on links, and information about products or services we think you may be interested in. Analysing data to help target offers and products to you that we think are of interest or relevance to you. Offers and products may include car or van insurance, Dash Cam insurance, and any of our other current or future products and services
- Analysing data to help us improve our services and to operate our business effectively
- Vehicle information, such as make and model, where it is kept overnight, the date you bought the vehicle, repairs and repair costs
- Dash Cam footage that you supply to us in relation to a claim or incident
- Information we obtained from third parties, including information about insurance risk, pricing, claims history, instances of suspected fraud and usage history
- Personal information which we obtain from Credit Reference Agencies and Fraud Prevention Agencies (see the section on 'Fraud Prevention Agencies' below), including public information (for example, defaults, CCJs) and information provided to confirm your identity
- Fraud, and theft information, including details of, suspected instances of fraud or theft, and details of any devices used for fraud
- Criminal records information, including alleged offences
- Information about your health if you have provided this as part of your car insurance
- Financial details about you, such as your payment history with us
- Information about your employment status and occupation
- Information about your property occupier status, such as whether you own your own home and where you live at the time of your application
- Your residency status, if relevant, such as, your length of residency in the UK
- Your marital status
- Information we buy or rent from third parties, including demographic information, vehicle details, vehicle claims history, publicly available information, and information to help improve the relevance of our products and services
- Insights about you gained from analysis of your data
- Third Party transactions; such as where a person other than the policy holder uses the service, information about that person and the transaction, such as additional drivers making a claim or a change to the insurance policy
- Claims information; such as information about past driving claims
We’ll collect personal information from the following general sources:
- From you directly, and any information from family members, associates or beneficiaries of products and services
- Information generated about you when you use our products and services
- Information from review sites such as Reevoo and Trust Pilot about the reviews you have added about us.
- From an insurer or price comparison site who we work with to provide products or services or quotes to you
- Business partners (for example, financial services institutions, insurers, or others who are a part of providing your products and services or operating our business)
- From other sources such as Fraud Prevention Agencies, Credit Reference Agencies, the DVLA, NCD Validation Services, Claims Validation Services, HMRC, DWP, publicly available directories and information (for example, telephone directory, social media, internet, news articles), , other organisations to assist in prevention and detection of crime, police and law enforcement agencies
- We buy or rent information about you or customers generally from third parties including demographic information, vehicle details, claims history, fraud information, publicly available information and other information to help improve our products and services or our business
What do we use your personal data for?
We use your personal data, including any of the personal data listed in section 1 above, for the following purposes:
- Assessing an application for a product or service, including considering whether or not to offer you the product or service, the price, the risk of doing so, availability of payment method and the terms
- Managing products and services relating to the product or service, or application for one
- Updating your records
- Managing any aspect of the product or service
- To make automated decisions on whether to offer you a product or service, or the price,
- To perform and/or test the performance of, our products, services and internal processes
- To improve the operation of our business and that of our business partners
- To follow guidance and best practice under the change to rules of government and regulatory bodies
- For management and auditing of our business operations including accounting
- To carry out checks at Credit Reference, Fraud Prevention Agencies, No Claims Discount Validation and Claims History and the DVLA pre-application, at application, and periodically after that
- To respond to your comments, reviews or complaints about us and to carry out analysis of such in order to improve our services.
- To monitor and to keep records of our communications with you and our staff (see below)
- To administer our good governance requirements, such as internal reporting and compliance obligations or administration required for Governance processes
- For market research, analysis and developing statistics
- For direct marketing communications and related profiling to help us to offer you relevant products and service, including deciding whether or not to offer you certain products and service. We’ll send marketing to you by SMS, email, phone, post, social media and digital channels (for example, using Facebook Custom Audiences). Offers may relate to any of our products and services such as, Breakdown Cover, Legal Expenses Cover and other insurance offers, as well as any other offers we think may be of interest (you can change your preference for these offers by logging into your Customer Area on our Website.
- To send surveys to you about our services and to send you updates about our business services or opening hours
- To provide personalised content and services to you, such as tailoring our products and services, our digital customer experience and offerings, and deciding which offers or promotions to show you on our digital channels
- To develop new products and services and to review and improve current products and services
- To comply with legal and regulatory obligations, requirements and guidance
- To provide insight and analysis of our customers both for ourselves and for the benefit of business partners either as part of providing products or services, helping us improve products or services, or to assess or improve the operating of our businesses
- To share information, as needed, with business partners (for example, financial services institutions, insurers), service providers or as part of providing and administering our products and services or operating our business
- To facilitate the sale of one or more parts of our business
What are the legal grounds for our processing of your personal data (including when we share it with others)?
We rely on the following legal bases to use your personal data:
- Assessing an application for a product or service you hold with us, including considering whether or not to offer you the product, the price, the payment methods available and the conditions to attach
- Managing products and services you hold with us, or an application for one
- Updating your records
- Sharing your personal information with business partners and services providers when you apply for a product to help manage your product
- All stages and activities relevant to managing the product or service including enquiry, application, administration and management of accounts, illustrations, setting up/changing your product
- For some of our profiling and other automated decision making to decide whether to offer you a product and/or service, and the price or terms of this
- For processing of special categories of personal data such as about your medical conditions (if appropriate), or some criminal records information
- In order to respond to a complaint or online comment or review
2. Where it is in our legitimate interests to do so, such as:
- Managing your products and services relating to, updating your records, to contact you about your policy
- To perform and/or test the performance of, our products, services and internal processes
- To follow guidance and recommended best practice of government and regulatory bodies
- For management and audit of our business operations including accounting
- To carry out monitoring and to keep records of our communications with you and our staff
- To administer our good governance requirements and those of our business partners
- For market research and analysis and developing statistics
- For marketing communications and related communications to help us to offer you relevant products and services, including deciding whether or not to offer you certain products and service. We will send marketing to you by SMS, email, and social media and digital channels (for example, using Facebook Custom Audiences and Google Custom Match)
- To contact you following your request for a quotation via our website or on clicking through to our website after receiving a quotation via a Price Comparison Website
- Subject to the appropriate controls, to provide insight and analysis of our customers to business partners either as part of providing products or services, helping us improve products or services, or to assess or to improve the operating of our businesses
- Where we need to share your personal information with people or organisations in order to run our business or comply with any legal and/or regulatory obligation
3. To comply with our legal obligations
4. For a public interest, such as:
a) Processing of your special categories of personal data such as about your health, criminal records information (including alleged offences), or if you are a vulnerable customer
When do we share your personal information with other organisations?
In carrying out our business we use a choice number of trusted external service providers. This can be for reasons such as providing data storage facility and security applications. We endeavour to ensure that all service providers we use meet a high standard of data protection and security. The information we may share with them from time to time is exclusively for the purpose of the service offered. In order to ensure our high standards are met, we contractually bind each provider to keep data/information safe and confidential and to ensure they process data/information according to our instructions only.
We may share information with the following third parties for the purposes listed above:
- Our service providers, including mailing services, claims notification company, debt collection company, IT storage providers, email services providers, confidential waste services
- Business partners (for example, Premium Finance Provider, insurers), or others who are a part of providing your products and services or operating our business
- Governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the Financial Ombudsman, the Information Commissioner’s Office, the Department of Work & Pensions, The Police and the Financial Services Compensation Scheme
- Other organisations and businesses who provide services to us such as debt recovery agencies, back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions
- Credit Reference and Fraud Prevention Agencies (see below)
- Market research organisations who help us to develop and improve our products and services
- We will also share information with other insurance businesses contacting us on your behalf to request details of your insurance history and no claims bonus entitlement. We will ask them to confirm that they have appropriate authority to do so on your behalf and will only share the information required for this purpose.
- Any party named in your policy and transactional documentation
How and when can you withdraw your consent?
Where we’re relying upon your consent to process personal data, you can withdraw this at any time by contacting us using the details below.
You can change your marketing contact preferences at any time by logging into your Customer Area. You can also unsubscribe from any emails we send you.
Is your personal data transferred outside the UK or the EEA?
Some of the third party suppliers we use may be located in countries outside of the EEA.
For example, we use third party software suppliers such as Zendesk to process data such as your email address and other contact details to help manage our customer service. Zendesk stores this in the USA.
This is done by requiring our prior written consent from the third party and only where that country or international organisation provides adequate safeguards, as recognised by the UK’s Information Commissioner’s Office (ICO) or, where an international organisation is located in the United States, that international organisation participates in and adheres to the EU-US Privacy Shield, or such other mechanism that may replace or supersede it.
How do we share your information with credit reference agencies?
To process your application, we’ll perform identity checks on you with one or more credit reference agencies (CRAs). Where you take insurance, from us we may also make periodic searches at CRAs to manage your account with us. To do this we’ll supply your personal information to CRAs and they will give us information about you. This will include information from both public (including the electoral register) and financial history information such as CCJs and Bankruptcy and fraud prevention information.
We’ll use this information to:
- Verify the accuracy of the data you have provided to us
- Prevent criminal activity, fraud and money laundering
- Manage your policy(s)
- Assess payment methods available to you
Do you have to provide your personal information to us?
We’re unable to provide you with our products if you do not provide certain information to us.
Do we do any monitoring involving processing of your personal information?
In this section monitoring means any: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, dash cam footage, social media messages, review sites, in person (face to face) meetings and other communications.
We may monitor where permitted by law and we’ll do this where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes. This information may be shared for the purposes described above.
What about other automated decision making?
We sometimes make decisions about you using only technology, where none of our employees or any other individuals have been involved. For instance, we may do this to decide: whether to offer you a product or insurance quotation, to determine the risk of doing so, the price we will offer, assessing insurance and business risks.
We’ll do this where it is necessary for entering into or performing the relevant contract, is authorised by laws that apply to us, or if required, is based on your explicit consent.
Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:
- For as long as we provide services to you and then for as long as someone could bring a claim against us and/or the insurers
- Retention periods in line with legal and regulatory requirements or guidance.
- Whilst you are an active customer we will not be able to delete your personal data at any time.
- If you have been a previous customer we will delete your data after 5 years however if you have had a claim this could be longer to ensure that we hold details for any future 3rd party claims.
- If you have had an insurance quotation from us we will hold your data for 1 year for fraud prevention purposes.
Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are relevant or not.
- The right to be informed about the processing of your personal information
- The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
- The right to object to processing of your personal information
- The right to restrict processing of your personal information
- The right to have your personal information erased (the “right to be forgotten”)
- The right to request access to your personal information and to obtain information about how we process it
- The right to move, copy or transfer your personal information (“data portability”)
- Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you
You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/.
Your right to object
You have the right to object to certain purposes for processing, in particular to data processed for marketing purposes. You can exercise these rights by going to the Customer Area of our website and updating your preferences. You can also unsubscribe from any emails we send you.
What are your marketing preferences and what do they mean?
We may use your home address, phone numbers, email address and social media or digital channels (for example, Facebook, Google and message facilities in other platforms) to contact you according to your marketing preferences. You can stop our marketing at any time by visiting the Customer Area.
If you have any questions about this privacy notice, or if you wish to exercise your rights or contact the DPO, you can contact us by going to the Contact Us section of our website. Alternatively, you can email DPO@surething.co.uk marking your request for the attention of the DPO.
What are cookies?
Cookies are very small files that are stored on your computer when you visit most websites. They are sent back and forth between the website’s server and your Internet browser to allow the website to remember actions you’ve made.
A cookie often includes a unique identifier, which is a randomly generated number. This is stored on your device's hard drive (cache). Many cookies are automatically deleted after you finish using a website.
Cookies cannot carry viruses or install malware on your computer. You can disable any cookies from us but this may stop our website from functioning properly.
If you do not know what cookies are, or how to control or delete them, then we recommend you visit http://www.aboutcookies.org/ for detailed guidance.
Session cookies are temporary and are erased when you close your browser at the end of your surfing session. The next time you visit that particular site it will not recognise you and will treat you as a completely new visitor as there is nothing in your browser to let the site know that you have visited before
Persistent cookies remain on your hard drive until you erase them or they expire. How long a cookie remains on your browser depends on how long the visited website has programmed the cookie to last
The specific cookies used by Sure Thing are outlined below:
Umbraco Content Management System. Domain: asp.net. Purpose: to store and retrieve values for a user, server retains no knowledge of previous requests.
Google. Domain: google.com. Purpose: The site uses Google cookies to record information about which pages you have landed on and how you have navigated through the site. This data enables us to understand:
- Which pages people visit on the site
- Which internet browsers are being used
- What content is popular