Privacy Policy
Introduction
This Privacy Policy aims to provide you with clarity surrounding what information we may collect about you, and how we intend to use and store your personal information.
Acasta European Insurance Company Limited and Acasta Europe Limited are joint controllers of our policyholders’ data. This means that we determine what is done with your data together, and it is processed for the same purposes. Although we are joint controllers, we each have responsibility for complying with data protection requirements.
Acasta European Insurance Company Limited and Acasta Europe Limited are committed to ensuring that all customers personal data is controlled in accordance with the General Data Protection Regulation and Data Protection Act 2018 and equivalent legislation in Gibraltar and the EU. This means that we must ensure any data we collect about you is collected and processed in a secure manner.
About us
Acasta Europe Limited are an administrator based in the United Kingdom, who have permission to administer your policy on behalf of Acasta European Insurance Company Limited, who are based in Gibraltar and sell insurance products in the UK.
Acasta Europe Limited
Office Address: Acasta Europe Limited, 4 Station Road, Cheadle Hulme, Cheadle, SK8 5AE.
Companies House Registration Number: 07270251.
Authorities: Acasta Europe Limited are authorised and regulated by the Financial Conduct Authority (Firm Reference Number 599391) and are also covered by the Financial Ombudsman Service. Acasta Europe Limited is also registered as a controller with the Information Commissioner’s Office (ICO) under reference number Z2687715.
Acasta European Insurance Company Limited
Office Address: Unit 1, 124 Irish Town, Gibraltar, GX11 1AA.
Company Registration Number: 96218.
Authorities: Acasta European Insurance Company Limited is regulated and licensed by the Financial Services Commission of Gibraltar. They are also members of the Financial Services Compensation Scheme and Financial Ombudsman Service in respect of UK Business.
How to get in touch with us
Acasta Europe Limited is Acasta European Insurance Company Limited’s data protection representative in the UK and is responsible for communications with you. Please contact the Data Protection Officer (Rebecca Macfadyen) for Acasta Europe Limited via telephone on 0800 668 1350 between 9am – 5pm Monday to Friday, or via email dataprotection@acastaeurope.co.uk, or in writing at Acasta Europe Limited, 4 Station Road, Cheadle Hulme, Cheadle, SK8 5AE. Please ensure that any envelopes include the Acasta name as the office building is shared with other companies. You should address the envelope to the Data Protection Officer to ensure this reaches the correct person quicker.
If you are an EU resident, please contact our EU data protection representative
You may deal with the representative named below on all issues relating to the processing of your personal data:
Instant EU GDPR Representative Ltd
Office 2, 12A Lower Main Street
Lucan
Co. Dublin
K78 X5P8
Ireland
What is Personal Information/data?
Personal data, or personal information, means any information about you which can be used to identify you. It does not include anonymised personal data where we are unable to identify you.
What is Special Category Information/data?
Under General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA 2018), special categories of data get additional protection and would include information relating to your ethic background, health data, genetic and biometric data, religious or philosophical beliefs, sex life, sexual orientation, political opinions, and trade-union membership.
Depending on your type of claim, we may be required to request documentation relating to your special category information to support your claim assessment. We will always inform you that we require this information at the point of claim, and any information that is not provided may impact the outcome of your claim. We may also receive special category information where you have provided this to one of our third parties appointed to handle regulated activities on your Insurers behalf. In some circumstances we may require information relating to your medical circumstances to help us to do our best to support your needs. Any special category information is stored and processed in accordance with this policy and we treat your information with the utmost care and diligence.
We may record your account as vulnerable where we identify you may require additional support and may record information relating to your circumstances to avoid you having to repeat the information. However, we will always ask for your consent before storing any information relating to your vulnerable circumstances, unless you have provided this in writing.
Any special category information will only be processed for necessary reasons of substantial public interest where this is necessary for an insurance purpose.
What personal information will we collect about you?
Depending on your type of policy, we may collect some or all of the information about you, as listed below. If you wish to understand what personal information we hold about you, relevant to your specific insurance policy, please contact us at dataprotection@acastaeurope.co.uk.
- Full name which may include any middle names and associated prefixes
- Date of Birth
- Full Address including postcode
- Contact information e.g. telephone numbers including mobile and home, email address.
- Vehicle registrations where the insurance policy relates to a vehicle
For Claims and Complaints there may be additional information collected such as:
- Special Category Data in scenarios where medical conditions are considered evidence in support of a claim or complaint.
- Historical information such as information relating to a previous complaint e.g. via liaising with Financial Ombudsman Service.
- Information relating to your circumstances to enable us to support your needs, particularly where you could be considered to demonstrate characteristics of vulnerability.
- Financial information including bank account number and sort code for the processing of any claim or complaint settlements.
- Criminal history, sanctions checking and politically exposed persons validation checks.
How do we receive your personal information?
Acasta Europe Limited administer insurance products on behalf of Acasta European Insurance Limited, which are sold via a network of insurance intermediaries. We only receive personal information that is relevant to your insurance policy when you purchase the insurance policy via the intermediary that sold the product to you.
We also have arrangements in place with third-party claims handling firms. The third-parties responsible for handling your claims or complaints will share your personal information with us where relevant to either your claim or complaint.
Your personal information is shared with us directly and in a secure manner to ensure that your information is kept secure at all times.
Additionally, when entering your personal information on our websites, www.acastaeurope.co.uk or www.acastainsurance.gi, we will also collect any personal information you share with us. Please note that when using our websites, this contains links to other company websites, and we recommend that you check their terms and conditions before sharing your personal data with any other websites. Personal information collected via the website is collected via the enquiry form once submitted.
When using our website, we may also use cookies or similar technologies to collect website usage information. Please refer to the dedicated section on Cookies in this Privacy Policy for more details. In addition, we may also collect IP addresses via a web analytics package.
Acasta Europe Limited administers insurance policies, manages claims, and investigates complaints on behalf of Acasta European Insurance Company Limited, and therefore we may also collect additional information from you in the event of any policy amendments, claims, and/or complaints. Where we require additional information, this will be communicated to you at the relevant time.
We do not use your personal information to conduct any marketing activities to you at this time, and we will ask you for your preferences before conducting any marketing activities using the contact information we hold about you.
Data Protection Officer
We take the protection of your personal data seriously and have appointed a Data Protection Officer (DPO) at Acasta Europe Limited to oversee our data protection strategy and its implementation, ensuring compliance with GDPR requirements. Our DPO is responsible for:
- Monitoring compliance with data protection laws and our data protection policies.
- Providing advice and recommendations regarding data protection.
- Acting as a point of contact for data subjects (customers, employees, etc.) and the Information Commissioner’s Office (ICO).
Our Data Protection Officer is committed to addressing any issues or concerns you may have promptly and ensuring that your data protection rights are respected.
How will your personal information be used?
The table below outlines how we intend to use the information we collect about you, and the lawful basis which we rely upon when using the information we collect. We have also identified what our legitimate interests are where appropriate.
Purpose/Activity | Lawful basis for processing including basis of legitimate interest |
Transactional record of sale, this is where the intermediary confirms to us that your policy has been purchased by supplying us with your identity information only.
|
· Performance of an insurance contract with you in accordance with substantial public interest under Schedule 1 Paragraph 20. · Legitimate interests to prevent fraud and protecting you and us from risks. · Complying with legal obligations e.g. Money Laundering regulations and laws, and rules imposed by Financial Conduct Authority. |
To administer your policy, claim or complaint: · taking into account your circumstances. · conducting verification checks, for example on SmartSearch. · Processing payments to you and by you. · Sending and receiving messages or other communications relating to your policy, claim or complaint. · Recording of calls and Electronic Communications. |
· Performance of an insurance contract with you in accordance with substantial public interest under Schedule 1 Paragraph 20. · Legitimate interests to prevent fraud and protecting you and us from risks. · Complying with legal obligations e.g., Money Laundering regulations and laws, and rules imposed by Financial Conduct Authority. |
To improve our business, products, and services and to create a more personalised service, including: · Analysing and capturing data to share with third parties where necessary. · Conducting data analysis to produce statistical reports. · Understanding customers purchasing and claims habits to determine the target market. · Track, analyse and improve the services we give you and other customers. · Reviewing customer journeys for the purposes of demonstrating compliance with regulatory obligations and ensuring customers receive products that offer fair value. · Monitoring website and database system performance, e.g. performance of cookies, hosting of data, system maintenance, completing end-user testing on system upgrades. |
· Performance of an insurance contract with you in accordance with substantial public interest under Schedule 1 Paragraph 20. · Legitimate interests to understand how customers interact with our products. Information is used to develop products, protect our customers from avoidable harm, inform underwriting and pricing decisions, and to support the growth of our business. · Complying with legal and regulatory obligations such as the Consumer Duty, Insurance Distribution Directive (IDD), General Insurance Value Measures rules, etc. |
We will also use information collected for legitimate interest to safeguard against fraud and money laundering and protecting you and us from risk. We are required to report details of relevant suspicious activities to the National Crime Agency (NCA) and/or the Gibraltar Financial Intelligence Unit (GFIU).
We may also use your information to comply with a legal obligation including the Money Laundering laws and regulations, and rules and regulations imposed by Financial Conduct Authority (FCA), Information Commissions Office (ICO), Gibraltar Financial Services Commission (GFSC) or Gibraltar Regulatory Authority (GRA).
How do we store your information?
We use a database system called Cadmium on which your personal information is securely stored. We will only retain your information for as long as is reasonable in accordance with our legitimate interest to retain your information. Automatic depersonalization processes are triggered 7 years from your policy end date, or last settled status change to enable us to comply with GDPR. By exception, we may need to retain your information for longer periods of time to comply with our legal and regulatory obligations or to fulfil contractual obligations.
Additional, various data sources, such as emails, claims management systems, server folders, cloud services such as Microsoft may be used, however all undergo periodic reviews, depersonalization, and data deletion in compliance with data protection regulations.
Where do we share your information?
We may share your personal data with the following third parties to enable us to comply with our regulatory, legal and company obligations:
- Fraud-prevention services such as SmartSearch.
- Regulatory and law-enforcement agencies, such as the courts or the police.
- Professional or regulatory bodies, where required by regulatory authorities.
- Insurance providers where required, for the purposes of investigating complaints, policy admin services or claims.
- Companies and consultants providing services to us, such as third-party hosting services, who maintain and control our website and systems.
- Third parties who we may choose to sell in whole or part, our business, or our assets. If any changes occur, the new owners may use your personal data in the same way as outlined in this notice.
- Agents where they are involved in the distribution chain, for example, the distributor you purchased your insurance policy from.
- Third party external auditors for the purpose of complying with company continuous improvement initiatives, legal and regulatory obligations.
Acasta Europe Limited operates in the UK however Acasta European Insurance Limited is based in Gibraltar. They will only access your personal information using servers that are hosted in the United Kingdom. Some of our third-party service providers e.g. our external auditors, legal representatives, or EU based claims handlers, may process data or be located outside of the UK, however we will ensure that appropriate safeguards are in place and that your personal information is processed in accordance with relevant data protection legislation.
We may be required to share your personal information with regulators and professional bodies to comply with regulatory obligations. This may include Financial Conduct Authority, Gibraltar Financial Services Commission, Financial Ombudsman Service, UK Information Commissioner’s Office, Gibraltar Regulatory Authority and EU data protection representatives.
What are your rights?
You are entitled at any time to:
- ask about how and why we process your personal data (which is explained in this Privacy Policy),
- ask to have your personal data corrected if it’s incorrect,
- ask us to delete your personal data, though for legal reasons this may not be possible,
- ask us to not use your personal data in a certain way e.g., direct marketing, research or where we rely on ‘legitimate interest’,
- ask us to restrict processing of your personal data temporarily such as while we update your records to the correct information,
- ask us for access to your personal data that we hold about you (Known as a Subject Access Request);
- We will need you to verify your identity before sharing any personal data we hold about you to ensure that we keep your personal information secure.
- You will not have to pay a fee unless you make excessive or regular requests.
- We have one month to respond to you, and where we are unable to respond within this timeframe, we will communicate this to you in writing.
- you can withdraw your consent at any time, but this will not affect any processing of your personal data that occurred prior to withdrawing your consent, only where consent is the lawful basis for processing your personal information.
If you would like to exercise any of these rights in respect of Acasta European Insurance Company Limited or Acasta Europe Limited, please contact Acasta Europe Limited (UK data subjects) or Instant EU GDPR Representative Limited (EU data subjects) using the details provided above.
How will we keep your information secure?
Appropriate security measures have been put in place to prevent your personal data being accidentally lost, stolen, altered, or disclosed in an unauthorised way. We limit access to your personal data across the company and only those staff that need access can access your personal data. Staff will only process your information under our instructions and subject to handling your data with confidentiality.
Where we suspect your personal data has been compromised and is likely to cause you harm, we will notify you immediately and have measures in place to ensure that we report personal data breaches in line with regulatory and legal requirements.
Cookies Policy (When using our websites)
We employ cookies and tracking software to monitor traffic patterns and site usage to enhance site functionality and improve user experience. These includes collecting non-personal data, such as mouse movements and page visits. Users can manage cookie preferences in browser settings. Our cookies do not store personal information such as your name, address, phone number or email in a format that can be read by others. Types of cookies used are as follows:
- Performance cookies: These cookies help us monitor and improve our website by gathering data on frequently visited pages and any error messages encountered, with the collected information being anonymous.
- Functionality cookies: These cookies remember user preferences, such as language region, and login information for convenient future access, whilst also facilitating website performance monitoring for continuous improvement. The information we store in these cookies is encrypted so that only we can read it.
- Session cookies: Session cookies monitor your activity when you are on the website for analytical and user experience information. These are deleted when you leave our website.
- Persistent cookies: Persistent cookies are stored on your hard drive until they are manually deleted or expire. Persistent cookies are used to remember your visit, preferences, usernames, or other information that could be useful on your return to our website.
- Google Analytics: Google Analytics collects information in an anonymous form such as pages visited, browser and operating system used and time spent viewing pages, to help us understand how we can improve our website. We do not allow Google to use or share our analytics data.
- Google Maps: We embed Google Maps on our office pages to help you to locate our buildings. These are third-party cookies which Google may set on your computer when you view the maps.
For more information, please refer to the dedicated Cookie Policy.
How to make a complaint about the way we handle your personal data
Acasta Europe Limited handles certain complaints on behalf of Acasta European Insurance Company Limited.
If you wish to make a complaint regarding any aspect of this policy, or the way we have handled your personal data, you can contact us via email: complaints@acastaeurope.co.uk, telephone: 0800 668 135 between 9am – 5pm Monday to Friday, or in writing at Acasta Europe Limited, 4 Station Road, Cheadle Hulme, Cheadle, SK8 5AE. To protect your personal data, please ensure that any envelopes are clearly addressed to Acasta, as the office building is shared with other companies.
All complaints are handled in line with our Complaints Handling Procedures which can be found on our website: https://www.acastaeurope.co.uk/privacy-policy/complaints/
If you are not satisfied with our response to a complaint relating to your personal data or believe we are processing your data incorrectly you can also complain to the Information Commissioner’s Office or relevant data protection regulator.
The Information Commissioner’s Office ICO’s Contact:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
What can Acasta do for you?