Privacy Policy

Information about us

We, Soter Professional Services Limited, are a company registered in England and Wales, under registration number 07767411 providing insurance and legal products to firms within the insurance and legal markets. We’re fully committed to protecting your personal information and we are registered with the Information Commissioners Office in the UK under registration number Z3128563. This statement describes how we may collect and use personal information, which is consistent with our legal obligations and your legal rights. Please read this statement carefully.

GDPR principles

This Policy aims to ensure compliance with the EU Regulation 2016/679 General Data Protection Regulation (“GDPR”). The GDPR sets out the following principles with which any party handling personal data must comply. All personal data must be:

  • Processed for limited purposes and not in any way incompatible with those purposes
  • Adequate, relevant and will not be excessive
  • Accurate
  • Not kept for longer than necessary
  • Processed in accordance with your individual rights
  • Secure
  • Not transferred to countries without adequate data protection

Defining 'personal data'

The General Data Protection Regulation (GDPR) is an EU Regulation (2016/679) and defines personal data as ‘any information relating to an identifiable person who can be directly or indirectly identified, in particular by reference to an identifier’. This means information that can identify who you are. Personal data that we collect or receive about you is set out below.

Information we collect or receive about you

In order for us to provide a product or service, handle claims and for any other related purposes, we’ll need to collect or receive data in relation to the various data subjects shown below.

Data subjects Type of data collected
Partnership and Suppliers Contact name, address, contact telephone numbers, profession, industry, financial details, business name, company status, FCA status, Directorship details, email address, bank details
Customers of our Partners Full name, date of birth, full address, title, profession, employment status, bank details, gender, details of insured vehicle and/or property, criminal convictions, email address, contact telephone numbers, nationality, applicable excesses, primary insurer details and policy number, additional driver information
Employees, Contractors and Applicants Employees, Contractors and Applicants Full name, date of birth, full address, title, employment history, employer reference, bank details, NI number, copy of passport, medical information, criminal convictions, nationality, email address, copy of driving licence, next of kin details, credit information, details of sick leave, prescribed medication, disabilities, interview notes, CV's, application forms, performance reviews, salary information, disciplinary records and grievances

Special categories of personal data

When we’re collecting and/or receiving personal information that may include “sensitive” data such as health and any criminal convictions, we’ll only use it for the specific purposes set out in this notice and treat it securely. This type of “sensitive data” is typically collected when providing products such as insurance or during employment for specific reasons which employees will have been informed of (or will be informed).

Children’s data

When we’re collecting and/or receiving personal information that may be about a child, such as their name and date of birth, we’ll only use it for the reason set out in this policy and treat it securely. This type of data is typically collected when we’re processing new claims and children have been passengers in the vehicle at the time of the accident. We’ll only use this information as part of an insurance contract you have with our partners, or as part of the defence of a legal claim.

Cookies

We may also collect information relating to the user journey on our website, including users’ IP addresses, browser name, type of computer, etc. Some of this information is collected through cookies. Learn more about how we use cookies in our Cookies Policy found on our website. For further information visit www.aboutcookies.org or www.allaboutcookies.org

How your information is collected

We’ll collect or receive data from the various data subjects using different channels shown below:

Data subjects Where data comes from
Partnership and Suppliers During telephone calls, emails and letters, in person, when registering for our services, when using our website, from government agencies, regulatory bodies, fraud prevention agencies, credit reference agencies, social networks, introducers and insurance companies
Customers of our Partners Policyholder data is collected or received through data transfer, during telephone calls with policyholders, partners and agents, and by email, letter and text messages. The main policyholder will provide us with their child/children’s name and date of birth in the event of an accident
Employees, Contractors and Applicants Receiving application forms, when using our website, from online jobsites and recruitment agencies, from social networks, CV's, emails and letters, from interview notes, when conducting pre-employment checks, from HMRC, credit reference agencies, fraud prevention agencies, previous employer, performance reviews, remuneration, benefits and expenses, disciplinary and grievance matters, medical conditions through return to work interviews, details of sick leave, disabilities, prescribed medication, GP reports and occupational therapist reports

We may also monitor or record our phone calls with you so that we can ensure we’ve acted on what you’ve asked us to do, resolve any queries or concerns you may have, comply with industry regulations and improve our customer service. We’ll continue to take steps in ensuring personal data collected, processed, and held by us is kept accurate and up-to-date and checked annually.

Who we share your information with

For us to process your data and fulfil our legal and contractual obligations, we’ll need to share your personal information with relevant organisations as shown below:

Data subjects Where data goes to
Partnership and Suppliers Fraud prevention agencies, government bodies, regulatory bodies, customers, other partners and financial institutions
Customers of our Partners Insurers, suppliers, regulatory bodies, government bodies, law enforcement agencies, agents, financial institutions
Employees, Contractors and Applicants Future employers, government bodies, local and central authorities, third-party companies offering employee benefits, financial institutions, occupational therapist and if necessary, legal representatives

We’ll continue to take steps in ensuring your personal data is safeguarded in accordance with our obligations and your rights, and that all relevant parties involved in handling data on our behalf, safeguard personal data as part of their contractual and legal obligations. In certain circumstances, we may be legally required to share your personal information held by us, for example complying with legal obligations or providing information to a governmental authority.

Transferring data

We’ll not transfer any of your personal information outside of the UK.

The legal grounds for processing your data

Your personal data will always have a lawful basis, either because:

  • We’re processing your data under the authority of our Partners or;
  • It’s necessary for our performance of a contract with you, or;
  • You have consented to our use of your personal data for one or more specific reasons, or;
  • We have a legal obligation to process your data, or;
  • It’s in our legitimate business interests to use it

Specifically, we’ll use information we hold about you in the following ways:

Data Subject How we use your data Legal basis for processing
Partners and Suppliers To perform and receive services stated in our agreement with you Contract
To comply with our legal and regulatory obligations Legal obligation
Determining our performance through surveys and offering additional services or products that may be of interest to you, either by email, phone and/or post where you have agreed to this. You may opt-out at any time by unsubscribing, or contacting us by phone, email or in writing Consent
Compiling statistics about the use of our site including data on traffic, usage patterns, user numbers, sales, and other information Legitimate interests
Assessing how well a particular industry sector is working Legitimate interests
Customers of our Partners Claims handling and other related reasons Contract
As part of the defence of a legal claim Legitimate interests
Using service providers to support our business so that they can provide services to us and/or to you on our behalf Contract
Determining our claims handling performance through surveys and offering additional services or products that may be of interest to you, either by email and/or post where you have agreed to this. You may opt-out at any time by unsubscribing, or contacting us by phone, email or in writing Consent
Using data for market research which will help in future proofing the business for change and developing new systems and/or products to suit consumer needs Legitimate interests
For fraud prevention, audit, compliance purposes, apprehending or prosecuting offenders Legal obligations
Investigating complaints Legal obligations
Updating you with changes to our terms and privacy statement Legal obligations
Employees, Contractors and Applicants Due to the contractual relationship between you and us Contract
To collect your data as part of your employment with us Legal obligations
For the provision of health and pensions schemes using third parties Consent
Determine our performance through surveys and offering additional services or products that may be of interest to you, either by email and/or post where you have agreed to this. You may opt-out at any time by unsubscribing, or contacting us by phone, email or in writing Legitimate interests
Updating you with changes to our terms and privacy statement Legal obligations
Sharing subjective data with medical professionals as part of attendance monitoring and used to assess the health, wellbeing, and welfare of employees and to highlight any issues which may require further investigation Consent
Sharing subjective data with medical professionals and/or understanding disabilities to facilitate adaptations in the workplace, and/or to ensuring special needs are catered for at interview or selection testing Consent
Sharing subjective data with government agencies when assessing the suitability of certain types of employment Consent

How long we keep your personal information

Data subjects Retained for
Partners and Suppliers We won’t keep your personal data for any longer than is necessary to fulfil the contractual obligation and will only keep it for longer when it is required by law
Customers of our Partners Data will be retained in accordance with our Partners data retention and privacy policies. Predominantly, after the expiry of the insurance contract and/or after a service has been provided and until the product provided has expired, personal data will be kept for a minimum of 7 years, or for an unlimited period if required for legal or regulatory reasons
Employees, Contractors and Applicants We do not keep your personal data for any longer than is necessary to fulfil the contractual obligation and will only keep it for longer when it is required by law

The rights you have regarding your personal information

As a data subject, you have the following rights under the General Data Protection Regulation:

  • You have the right to be informed on how we hold and deal with your personal information and this Privacy Statement fulfils that obligation. Our Partners will also have the responsibility of providing you with their Privacy Statements, informing you how your data will be shared with ourselves and how we’ll process your data.
  • If you’re a Partner, Supplier, Employee, Contractor or Applicant, you have the right to ask for a copy of personal information we hold about you or ask for your information to be corrected. If you’re a customer of one of our Partners e.g. you’ve purchased an insurance policy from a broker or insurer, you’ll need to refer to their Privacy Statement and exercise your rights directly with them. However, we will always keep our Partners informed if we’ve received a request direct.
  • You can also ask us to delete the information we hold about you, prevent us from processing your information and object to us processing your information (withdraw consent). Please note, these rights may not apply where our basis for processing is by legal or contractual obligations.

If you require more information about your rights, or would like to exercise them, please contact us using the following details:

For the attention of: Daniel Humphreys (Data Protection Officer)
Email: danielhumphreys@soterps.com
Phone: 01480 274210
Address: 28 Eaton Avenue, Buckshaw, Village Chorley, Lancashire PR7 7NA.

Please refer to the section below ‘Accessing your personal data’, for more information on exercising this right.

Accessing your personal data

This Privacy Statement explains the type of personal data we hold about you and you can ask us for a copy of your personal data at any time. This is known as a “subject access request” (“SARs”).

When making a subject access request, this should be made in writing for the attention of the Data Protection Officer, either by email or by post to the details shown in the ‘The rights you have regarding your personal information’ section above.

Normally, we do not charge for a subject access request, however if you make repetitive requests, we may charge a fee to cover our administrative costs in responding.

We’ll aim to reply to your request within one month of receiving it and try to provide you with a copy of your personal data within this timeframe. However, in instances where we receive complex subject access requests, we may need more time to gather the information for you and this may take up to a maximum of two months from the date we receive your request. You’ll be kept fully informed of our progress.

Data Protection Impact Assessments

We’ll carry out Data Protection Impact Assessments for any and all new projects and/or new uses of personal data and will be overseen by the Data Protection Officer who will address the following:

  • The type(s) of personal data that will be collected, held, and processed;
  • The reason for processing;
  • How this data will be used;
  • The parties (internal and/or external) who are to be consulted;
  • Whether it is necessary to collect, hold and process this data;
  • Risks posed to both to our firm and the data subject; and
  • Proposed measures to minimise and handle identified risks

Complaints

If you feel unhappy with the way we’ve handled your personal information, please give us the opportunity to put matters right and contact us by phone, email or in writing.

For the attention of: Daniel Humphreys (Data Protection Officer)
Email: danielhumphreys@soterps.com
Phone: 01480 274210
Address: 28 Eaton Avenue, Buckshaw, Village Chorley, Lancashire PR7 7NA.

If we’re unable to help, you also have the right to refer the matter to the Information Commissioners Office at: - Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or call: 0303 123 1113. Website: https://ico.org.uk.

How and where we store your data

Data security is very important to us, and we have physical, technological and organisational measures in place to protect your data to help prevent loss, theft and authorised access/use. Steps we take to secure and protect your data include:

  • SFTP protocol that allows for the transfer of files over a secure connection;
  • All data transferred via email is to be encrypted;
  • Personal data may be transmitted over secure networks only; transmission over unsecured networks is not permitted in any circumstances;
  • Personal data may not be transmitted over a wireless network if there is a wired alternative that is reasonably practicable;
  • Where personal data is to be sent by facsimile transmission the recipient should be informed in advance of the transmission and should be waiting by the fax machine to receive the data;
  • All personal data to be transferred physically, whether in hardcopy form or on removable electronic media shall be transferred in a suitable container marked “confidential”;
  • All electronic copies of personal data should be stored securely using passwords and data encryption;
  • All hardcopies of personal data, along with any electronic copies stored on physical, removable media should be stored securely in a locked box, drawer, cabinet, or similar;
  • Personal data will not be stored on any mobile device (including, but not limited to, laptops, tablets, and smartphones), without the formal written approval of the Data Protection Officer, and kept for no longer than is necessary;
  • Personal data will not be transferred to any device personally belonging to an employee;
  • Data will be backed up on a SQL server stored in the UK;
  • Our claims management system and weblink include IP protection;
  • Security and data protection policies are in place; and
  • Regular staff training

We also require our Partners and Suppliers to ensure they keep up with safeguarding data and comply with all the required laws.

We only keep your personal data for as long as we need in order to use it as described in this Privacy Statement and for as long as we have your permission to keep it.

As part of our security and back up procedures, your data will only be stored in the UK.

Although we endeavour to provide standard security measures for information we process and maintain, no security system can prevent all potential security breaches.

If our business ownership changes

If our ownership changes in anyway, any personal information that you’ve provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Statement, be permitted to use that data only for the same purposes for which it was originally collected by us.

Information on how you can control your data

We want to ensure that you can control our use of your data for direct marketing purposes. You’ll have the option to opt-out of receiving emails by using the unsubscribe links provided, or by contacting us by email, in writing or by phone.

You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”).

These may help to prevent you receiving unsolicited marketing. Please note that these services will not prevent you from receiving marketing communications that you have consented to receiving.

Changes to our Privacy Statement

We may change this Privacy Statement from time to time (for example, if the law changes or if we change our business in a way that affects personal data protection). Any changes will be immediately posted on our website and you will be deemed to have accepted the terms of the Privacy Statement on your first use of our website following the alterations. We recommend that you check our website regularly to keep up-to-date. This notice was last updated on the 04 May 2018.