At Freeway UK Insurance Services Limited we are aware of the trust you place in us when you buy your insurance through us, and our responsibility to protect your information. The General Data Protection Regulation (GDPR), or any subsequent names, regulates the use of ‘personal data’; essentially any information about identifiable living individuals. As a ‘data controller’ under the act, Freeway UK Insurance Services Limited must comply with its requirements.

This privacy policy is designed to help you understand how we collect and use your information. We reserve the right to amend or modify this privacy policy at any time in response to changes in applicable data protection and privacy legislation. This version of the policy has been in use since 25/05/2018.

For further information on the Data Protection Act and you rights please visit the website for the Information Commissioner’s Office – www.ico.org.uk.

1. Who we are and how to contact us

For any questions or concerns relating to this Privacy Policy or our data protection practices, or to make a subject access request or any other request regarding the information we hold, please contact us at:

The Compliance Officer

Freeway UK Insurance Services Limited,

Unit 4 Abbots Park,

Monks Way,

Preston Brook,

Cheshire,

WA7 3GH.

Telephone: 01928 520 520

Email: compliance.mailbox@freewayinsurance.co.uk

2. What information we process and how we use it

 We only collect, use and store your information where we have a lawful basis to do so.

Information collected from you, and Cookies and IP addresses

 Where we have collected information directly from you it will usually be obvious what this is, as you will have given it to us. This might not be the case where we have used cookies or IP addresses to collect information from your computer or portable electronic devices. Please see our cookies policy for more information.

Cookies are used to collate anonymous aggregated information that is used to manage and plan enhancements to our services, and to evaluate the effectiveness of our advertising and promotions on third party websites, for example by tracking whether these advertisements are clicked on by users. If you do not wish for your data to be collected in this way, please refer to our Cookies policy (available on our website) for instructions of how to turn this off.

We collect IP addresses to monitor who is accessing our website as well as to detect and prevent fraudulent activity.

If you provide your driving licence number, national insurance number (optional) and/or a DVLA check code, this information may be passed to the DVLA, the HMRC (Her Majesty’s Revenue and Customs) and DWP (Department of Work and Pensions) in order to confirm your identity, your (or any named driver’s) licence status, entitlement, relevant restrictions and endorsements/conviction data. Undertaking searches using this information will help us to prevent fraud and check the information is correct on your policy

Information collected from others

We also obtain information about you from the claims underwriting exchange, Fraud prevention agencies, DVLA and similar third parties. Some personal information may be provided to us by third parties such as insurance companies, other insurance intermediaries and motor vehicle licensing authorities. In some cases you will have previously submitted your personal information to them and given them approval to pass this information on for certain purposes. This can

include information about you, your driving history (including criminal convictions and offences), details of accidents, and information relating to the licences held with UK licencing authorities.

Such information will only be obtained from reputable sources which operate in accordance with the General Data Protection Regulation [EU 2016/679] and the Data Protection Act 2018 [Chapter 12].

What the information is used for

We have identified four lawful bases which we use to collect and process data. Explanations of each of these are provided below, and beneath the title of each section regarding what the information is used for we have listed the lawful basis which is applicable to that purpose.

Contract’ – the information is needed to manage your account, product or service e.g. we will need to hold your information according to our retention policy, respond to claims, or fraud prevention

‘Legal obligation’ – we are required by law to process your information e.g. to verify your identity

‘Legitimate interest’ – we are allowed to use your information where, on balance, the benefits of us doing so are legitimate and not outweighed by your interests or legal rights e.g. we have an interest in knowing what our customers do and don’t like so we can offer better products and services and analyse information we hold to ensure we are providing the right products you need.

‘Consent´- in some cases we may obtain your consent to use information in a particular way or where the law requires consent to be obtained, e.g. biometric data. If you consent to use providing you with information about our products and services, we will do so for as long as we can legally hold your data. We will never sell or share your data with any company who may wish to market their products and/or services.

To check your identity and eligibility for the policy

 (Contract; Legal obligation, Consent)

The law requires us to verify the identity of our new customers and to re-verify the identity of our existing customers from time to time. This is so we know who our customers are and to make it more difficult for criminals to use false or impersonated identities for criminal purposes, such as hiding the proceeds of crime or committing fraud.

To verify your identity we’ll check the information you provide to us with publicly available information, and relevant databases such as the Claims Underwriting Exchange.

We’ll also check that you meet the criteria to receive the product or service we’re offering.

If you provide consent for biometric recording, you are able to leave ‘your voice as your password’, replacing the requirement to answer our standard security questions on every call. You will provide a recording of a specific phrase, which will be linked to your file and telephone number and when you next call from the number you will be asked to repeat the phrase to verify you against and pass our security check. This will mean you are able to discuss your policy immediately upon connection with an agent.

To do what we are required to by law

 (Legal Obligation)

 As part of our duty as a broker providing insurance services, sometimes we are required by law to use information about you:

  • To help make sure our customers are being treated fairly (e.g. to assist our regulators where we have a legal duty to do so);
  • To deal with complaints;
  • To help prevent and detect crime (including, for example, the prevention or detection of fraud); and
  • To comply with a legal or regulatory

To manage your policy

(Contract; Legal obligation)

We’ll use your information to manage the policy you have with us, in line with the terms of that arrangement and the rules of our regulators. Examples of this are:

  • To decide what the risk might be in selling you the policy, to quote for, and provide you with, a premium for that policy and any special terms that may apply to that policy (noting that we may use automated decision making to make this assessment);
  • To administer your policy;
  • To contact you about the policy (e.g. for billing or renewal purposes); and
  • To provide the agreed service if you make a claim (e.g. sending someone to assist you in a roadside breakdown situation or to provide you with medical assistance if you are injured or unwell when overseas).

To prevent financial crime and fraud

(Legal obligation, Legitimate Interest)

Fraud has an impact on all customers as it increases costs for everyone. We use your personal information to check for signs that customers might be dishonest (e.g. if someone has behaved dishonestly in the past it may increase the risk they will do so in future).

We may use your personal information in this way because it is in our interests to detect fraud and in all our customers’ interests to ensure that they are not prejudiced due to increased premiums as a result of a few customers acting dishonestly.

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services you have requested, or we may stop providing existing services to you.

To recover debt

(Contract)

If you owe us money we will use your personal information to help us recover it.

We can use your personal information in this way because it is a necessary part of the contract of insurance. We need to ensure that premiums are paid so that the majority of our customers do not suffer (e.g. through increased premiums) due to the actions of a small minority of customers. We may instruct a debt collection agent or solicitor to act for us in recovering the debt, including by bringing legal proceedings in the courts and we’ll provide relevant information to them to help recover any money that is owed to us.

To identify other products that you may find useful

(Consent)

If you obtained a quotation from us after 25th May 2018 you will have been asked about your marketing preferences. If you chose to receive marketing communications, a description of the type of marketing you will receive is detailed below. If your policy with us started before this date, you will not be marketed to, however if you would like to ‘opt-in’ to receive marketing communications, please contact a member of our Customer Care department on 01928 520 520. We may use your personal information to offer you suggestions about products and services you might want to buy. We will send you information about our products and services by email, post, telephone or SMS unless you tell us not to, and only in the format in which you have agreed to receive such communications.

You may remove your consent to receive marketing communications at any time. For information on how to do this, please refer to the section titled ‘Error! Reference source not found.’.

To manage and organise our business (Legal obligation; Legitimate Interests) We may use the information we hold to:

  • Analyse how well our Marketing is
  • Train our team
  • Analyse trends or behaviours we can
  • Assess the profitability (or other indicators) of a particular product, or service to inform our future commercial strategy.

  • Report to and communicate with our regulators, auditors and governmental
  • In order to enable us to process your claim or administer your insurance policy more cost effectively;
  • To help develop our products, services and systems to deliver you a better sales and claims experience in the future.

3. Marketing

Regarding our marketing activity, we will ask for your consent to use your information in this way. We will confirm with you what forms of communication you would like to receive marketing information in, and will only communicate marketing with you in the ways you have agreed.

Withdrawal of consent

If you decide you no longer wish to receive these marketing communications at any point, this withdrawal can be activated by contacting the office. You can send an email to compliance.mailbox@freewayinsurance.co.uk, or you can call the office on 01928 520 520.

4. Who we share your information with

When using the information we hold we may share it with other people or organisations. If you wish to obtain a list of the companies with whom your data is shared, please use the contact details at the bottom of this page.

We’ll treat the information we hold as confidential and may share information with the following who are also required to keep the information confidential, safe and secure:

  • Law enforcement or government agencies – We, and fraud prevention agencies may permit law enforcement or government agencies to access and use your personal information, If they request it
  • Fraud prevention agencies to prevent fraud and money-laundering and to verify your identity
  • Insurance companies/Other insurance brokers to help settle any insurance claim or to verify that the information you have provided is correct (e.g. we will check the amount of No Claims Discount you have told us you hold with your previous insurer)
  • Insurance industry bodies such as The Motor Insurance Database to meet our obligations under the Road Traffic Act
  • Insurance industry databases, such as the Claims and Underwriting Exchange where you make a claim so that insurers can check that your claims history is correct, and the Insurance Fraud Register
  • Government bodies such as the Driving and Vehicle Licensing Agency


We may also share information we hold with the following types of organisation, where they request it:

  • UK and overseas regulators, authorities and their service providers (e.g. the Financial Conduct Authority)
  • UK and overseas taxi authorities (e.g. HM Revenue & Customs)
  • UK and overseas law enforcement agencies (e.g. the National Crime Agency).

5. Do we transfer your personal data outside the UK

All countries within the EEA, which includes the UK, have similar standards of legal protection for your personal information. We will only share your data with countries within the EEA, or with firms who meet the requirements for data protection and security under the General Data Protection Regulation.

6. How long we will keep information about you

We will retain all information we hold on you for a minimum of seven years after our relationship has ended, or following the settlement of any claim, whichever is longer. We may keep your information longer for legitimate business reasons, for example, claims settlement purposes. This is to comply with our legal and regulatory obligations to keep a record of our relationship, to resolve disputes, or where is may be needed for future legal proceedings.

We will also retain data in an anonymous form for statistical and analytical purposes after this date.

If you require further information relating to the timescales in which we hold your information please contact The Compliance Manager using the details at the bottom of this page.

7. Your rights under the General Data Protection Regulations (GDPR)

The right to be informed

The right to be informed under GDPR requires us to provide you with information about the purpose of us collecting and processing your personal data, how long we keep the information for, and who we will share this information with. This document has been created in order to provide you with this information. If you have any further queries about anything contained within this document, please contact The Compliance Manager whose details can be found at the bottom of this page.

The right of access

This right allows you to ask whether or not we hold information about you, and if we do, what the information is, why we’re holding it and the ways in which we use it. You also have a right to request a copy of this information. You can exercise this right by contacting The Compliance Manager whose details can be found at the bottom of this page, or alternatively by speaking with one of our Customer Care agents on 01928 520 520.

Where you choose to exercise this right, we have up to 30 days to respond.

The right to rectification

This right allows you to ensure that all the data we hold on you is up to date and accurate. We will always endeavour to ensure the correct information is recorded on your policy, however should anything be incorrect, please call one of our Customer Care agents on 01928 520 520 who will make any corrections necessary.

Where you choose to exercise this right, we have up to 30 days to respond. If we reject your request we will tell you and set out the reasons why we have rejected your request.

The right to erasure

This right allows you to ask us to erase or delete information where you consider there is no longer any justification for us holding it, either because:

  • The information is no longer needed for the reason we collected it
  • We held and used the information based on only your consent, which you have now withdrawn
  • You have previously objected to a way in which we use information
  • We have been using the information unlawfully
  • There is a legal obligation on us to erase the information


Where you choose to exercise this right, we have up to 30 days to respond. If we reject your request we will tell you and set out the reasons why we have rejected your request. This timeframe and the possibility for us to reject a request does not apply to any voice recording as biometric data for the purpose of establishing security on your file, and any requests received for this data to be erased will always be accepted and processed immediately.

The right to restrict processing

This right allows you to request a restriction on the way your data is processed by us. This right may arise where:

  • You have challenged the accuracy of the information we hold and we are verifying this
  • You have objected to a use of information and we are considering whether your objection is valid
  • We have been using your information unlawfully but you want us to continue to hold the information rather than erase it
  • We no longer keep the information but you have asked us to hold it because of legal claims you’re involved in


Where you choose to exercise this right, we have up to 30 days to respond. If we reject your request we will tell you and set out the reasons why we have rejected your request.

If you wish you restrict processing relating to Marketing, you can withdraw the consent you have previously given for this, and you will no longer receive any marketing communications following the withdrawal. If you wish to do this, please contact one of our Customer Care agents on 01928 520 520 who will help to update your preferences.

The right to data portability

This right allows you to request a copy of some of your information that you provided to us in a machine readable format. The information that will be provided if you exercise this right is information you provided to us relating to yourself, your vehicle, your licences and your driving history, which is the information that your policy premium is based on.

Where you choose to exercise this right, we have up to 30 days to respond.

The right to object

This right allows you to object to the way in which your data is processed. This right is only applicable where we have confirmed that the lawful basis used in order to process your data in this was is ‘Legitimate Interest’.

Where you choose to exercise this right, we have up to 30 days to respond. If we reject your request we will tell you and set out the reasons why we have rejected your request.

If you wish you restrict processing relating to Marketing, you can withdraw the consent you have previously given for this, and you will no longer receive any marketing communications following the withdrawal. If you wish to do this, please contact one of our Customer Care agents on 01928 520 520 who will help to update your preferences.

The right to not be subject to automated decision making, including profiling

This right allows you to request a human intervention when any automated decision making (including profiling) occurs. However, the right does not apply where the decision is necessary for the entry into or performance of a contract. As the automated decision making we use relates to

the acceptance of, and pricing of a request for a quotation, our automated decision making is necessary to the contract and therefore this right will not apply.

However, you are able to express your opinion on the decision, or provide comments and feedback. Unless you have already done this when speaking with an agent on the phone, please contact the Compliance Manager at the address detailed at the bottom of this page.

8. Your requirement to provide information

Where you do not provide the personal information we need in order to provide the service you are asking for or to fulfil a legal requirement, we will be unable to provide the service you have requested.

We will tell you why we need the information when we ask for it.

9. Automated decision-making

We will collect information about you and put this into our computer systems. The computer systems will then make certain automated decisions about you which will be based on comparing you with other people. This will have an impact in terms of the level of premium that we offer to you. We may also use automated decision making to conduct an identity verification check.

For example, if you work in a busy city centre, such as London, Birmingham, or Manchester, the computer system may determine that you are more likely to be involved in an accident than a driver who works in a more remote part of the UK where there are less vehicles on the roads.

This is importance because:

  • In providing insurance services it helps us decide what price you should pay for your policy and understand any risks associated with that policy; and
  • In identify verification it helps us to check that you are who you say you are and to prevent others from imitating you.


We also use computer systems to carry out modelling, sometimes using your personal information and sometimes using data in anonymised form. We conduct this modelling for a variety of reasons, for example, for risk assessment purposes to make decisions about you, such as your likelihood to claim. However, we may also use your personal information in that modelling to make decisions about how we improve our pricing and underwriting or to better understand how our prospective customers make decisions about which policy is the optimal policy (i.e. we are not making decisions directly about you).

10. How to complain

If you are unhappy with any way we are using your personal information, you should first contact us so we can understand your issue and try and resolve it. You can contact The Compliance Manager using the details below, or you can contact our Customer Care department on 01928 520 520.

The Compliance Manager 

Freeway UK Insurance ltd 

Unit 4 Abbots Park 

Monksway

Preston Brook 

Cheshire 

WA7 3GH

Email: compliance.mailbox@freewayinsurance.co.uk

Should you wish not to raise your complaint with us, or if you already have but are unhappy with the response you have received, you can contact the ICO directly, and their details are listed below:

Information Commissioner’s Office 

Wycliffe House

Water Lane 

Wilmslow 

Cheshire 

SK9 5AF

Tel: 0303 123 1113 / 01625 545 745

Fax: 01625 524 510

11. Information from other sources

We may collect information about you from third party sources, such as Price Comparison Websites, Insurance Companies, Insurance Brokers, Fraud prevention agencies, The Government and their agencies, or other companies that provide a service to us.