Privacy Policy
Our Privacy Policy outlines the information we collect about you, how we use it, disclose and otherwise manage this information, and the choices you have to restrict our usage of this information.
For the purposes of this privacy policy “we” and “us” means Michael Pettifer Insurance Brokers Ltd, trading names of MPI Brokers, Mind the Gap Year, and Douglas Cox Tyrie. In terms of the data protection regulations we are a Data Controller.
Notice
This privacy notice covers the various ways our retail customers, business clients, and staff communicate with us through different channels including via our websites, call centre, business representatives and managers.
You may be a retail customer, a business client, a member of staff or member of a business client. You may be an employee of ours or a prospective employee. This document covers the categories of personal information we collect through each of the ways you communicate with us.
Please click below to learn more about the topic that is of interest to you:
Personal Information we Collect
Why do we collect your personal information?
Information collected via our websites
Information collected about Retail Customers
Information collected about our Business Clients
Who we share your personal Information with
Retention of Personal Information
Information collected about Job Applicants, Current and Former Employees
Retention of staff personal information
Who we share our employees’ personal information with
Security of your Personal Information
How to Contact Us about your personal information
Personal Information we Collect
Why do we collect your personal information?
We collect personal information to manage your communications with us and to:
- provide and manage insurance
- manage and process insurance claims
- be able to answer questions you may have now and in the future about the insurance we have provided
- meet the statutory and legal obligations we have as an insurance broker
- to carry out sanction checks
- help us run and grow our business.
We will not collect any personal information from you we do not need.
Information collected via our websites
You can visit our website without telling us who you are or providing us with any personal information. However, we may collect the I.P. (Internet protocol) addresses of all our website visitors and other related information to be used to improve our websites.
We use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify you.
Website Security
All information provided is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. Please do not share a password with anyone.
Nevertheless, transmission of information via the internet is not completely secure, although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our websites; any transmission is at your own risk.
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Cookies
We use cookies and similar technologies to collect information about the pages you access or visit. Cookies are bits of information that are automatically stored on your computer, so we can recognise you when you return.
This enables us to understand your use of our website so that we can continue to improve and refine it for a better customer experience. Cookies can be disabled via your browser; however, this may affect the quality of the features on our site.
The information collected through cookies may be combined with other identifiable personal information from our records and other sources. We may use this combined information for future marketing purposes. To find out further information about cookies please visit a third-party information site, such as www.allaboutcookies.org.
When you visit our website, you are presented with the option to “opt-in” to accept cookies.
Our lawful basis for using cookies is your consent via opting in.
Making Contact via our website
You may choose to raise a query with us via the contact forms provided on our website. In this case we will collect and store your name and email address.
Information collected about Retail Customers
When you obtain a quote or purchase insurance from us we will collect the personal information required to provide the travel insurance requested. This information includes your salutation, name and address, date of birth, email address, phone number, additional information such as proposed activities, travel destination, health screening information and other material facts you disclose to us.
Should you file a claim with us under the policy, we will collect additional personal data from you relating the claim which may include information such as health and / or accident details and other material facts related to your claim.
We will retain this information to assist you in the future in respect of insurance and to manage our business.
Our lawful bases for processing your personal information are:
- Perform Contract - Processing is necessary for the performance of a contract to which you are party or in order to provide you with a quotation at your request prior to entering into a contract.
- In the substantial public interest – The Data Protection Act 2018 specifically enables certain categories of sensitive personal data (including health information) to be processed for insurance purposes.
- Compliance with a legal obligation - Processing is necessary for compliance with a legal obligation to which we are subject.
- In the event of legal action - Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
- For our legitimate business interests – Where we use your personal information for purposes such as maintaining our business records, developing and improving our products and services and maintaining contact with you.
Information collected about our Business Clients
Where a business, company, corporation, club, association, or school (the entity) obtains insurance from us the members of the entity shall hold an interest in the policy and we will process their personal information.
The insured entity will provide us with the personal information where individuals hold an interest under the policy. The personal information collected includes: salutation, name, address, email address, phone number, location, health and other material facts required to arrange insurance.
We will retain this information to manage the contract and policies you have with us.
Our lawful bases for processing this personal information are:
- Perform Contract - Processing is necessary for the performance of a contract to which the entity is a party or in order to provide the entity with a quotation on request prior to entering into a contract.
- In the substantial public interest – The Data Protection Act 2018 specifically enables certain categories of sensitive personal data (including health information) to be processed for insurance purposes.
- Compliance with a legal obligation - Processing is necessary for compliance with a legal obligation to which we are subject.
- In the event of legal action - Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
- For our legitimate business interests – Where we use your personal information for purposes such as maintaining our business records, developing and improving our products and services and maintaining contact with you.
Who we share your personal Information with
There are other organisations and computers systems deployed to manage the insurance provided with whom we share or send all or part of your personal information who or which are:
- our websites are hosted in the UK or EU in compliance with the EU’s data privacy regulations
- contract documents, claims records and invoices of our Business Clients are held on a local server which is regularly backed up and secure
- our accounting systems, Sage and Zero hold our Business Clients’ personal information related to invoices and payments. The provider hosts your information outside of the EU but is an organisation that complies with the EU’s data privacy regulations
- our CRM system, Capsule, holds name and contact details which may be stored outside of the EEA but will be processed in full accordance with UK data protection laws and/or applicable EU data protection law
- we make available your personal information to the Insurance market such as underwriters, potential underwriters, loss adjusters, the medical assistance company and others as a necessary part of providing insurance and managing claims and recoveries.
- your relatives, guardians (on your behalf where you are incapacitated or unable) or other people or organisations connected to you such as your employer.
- central and local government (for example if they are investigating fraud or because we need to contact them regarding international sanctions).
- the Financial Ombudsman Service and regulatory authorities such as the Financial Conduct Authority and the Information Commissioner’s Office.
All these companies are required to maintain the confidentiality and security of your personal information and to use it only in compliance with applicable privacy laws. These companies are not authorised to use your information in any manner, other than in helping us to provide you with insurance or as otherwise required by applicable law.
We may also disclose specific personal information about you if required by law, governmental request or court order if, based on our good faith belief, it is necessary to conform or comply with such law, request or court order.
Retention of Personal Information
We and the other companies keep your personal information as long as necessary for the purposes we collected it, or as otherwise required by law.
Information collected about Job Applicants, Current and Former Employees
Recruitment
All of the information you provide during the recruitment process will only be used for the purpose of progressing your application and we will not share any of the information you provide during the recruitment process with any third parties apart from referees and our HR advisor. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.
We will use the details you provide to us to contact you to progress your application. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. We will use the information you provide to assess your suitability for the role.
If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained for up to a period of six months.
Employment
If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. We need to confirm the identity of our employees, their right to work in the United Kingdom and to seek assurance as to their trustworthiness, integrity and reliability.
You will therefore be required to provide proof of your identity and proof of your qualifications. We will contact your referees, using the details you provide in your application, directly to obtain references.
If we make a final offer, we will also ask you for the following:
- Bank details – to process salary payments;
- National Insurance number and tax codes for use with HMRC; and
- Emergency contact details – so we know who to contact in case you have an emergency at work.
During your employment with us we will collect and store information in your personnel file such as performance reviews, disciplinary reviews and leave and accident records.
Retention of staff personal information
If you become a member of staff the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 6 years following the end of your employment.
If you are unsuccessful at any stage of the process, the information you have provided until that point, and our interview notes will be retained for 6 months from your application.
Who we share our employees’ personal information with
We share our employees’ personal information with our accountant for preparing payroll, with HMRC, with our pensions provider and our HR advisor. We may also disclose specific personal information about you if required by law, governmental request or court order if, based on our good faith believe, it is necessary to conform or comply with such law, request or court order.
Security of your Personal Information
We maintain reasonable administrative, technical and physical safeguards in an effort to protect against the loss, theft, unauthorised access, use, modification and disclosure of personal information in our custody and control. We only provide access to personal information to employees and authorised service providers who require such information for the purposes described in this Privacy Notice.
To provide you with an increased level of security, online access to certain personal information may be protected with a password you select. We strongly recommend that you do not disclose your password to anyone. We will never ask you for your password in any unsolicited communication.
Sale of our Business
In the event of a merger or transfer of our business to a new owner we may transfer or share information we have about you to a third-party acquirer.
Policy Changes
We may periodically update this Privacy Policy for new, unanticipated uses not previously disclosed. Any changes made will be posted here. We will treat your personal information in accordance with the Privacy Policy in place at the time your information was collected.
This policy was last updated in May 2018.
How to Contact Us about your personal information
Please do contact us with any questions or concerns about our Privacy Policy.
If you wish to access or update the personal information we have about you, or to correct factual errors in our records, please email us or write to us at the addresses below. To protect your privacy, we will take reasonable steps to help verify your identity before granting access or making corrections.
The Data Protection Manager, MPI Brokers Head Office, West House, 19-21 West Street, Haslemere, Surrey, GU27 2AB, United Kingdom
Email: / Telephone: 01428 664265
Your rights
You may request a copy of the personal information we hold about you. Please make access requests in writing. There will be no charge for reasonable requests for information and we will respond within 30 days. If it will take longer than 30 days to meet your request, we will agree an alternative date with you.
If you believe the information we process about you is incorrect you may request to see this information, and have it corrected. If we are providing insurance to you it will not be possible to delete your information. We may also be required to retain some parts of your personal information for legal reasons – such as invoice and payment records.
If you wish to raise a request regarding your personal information or to register a complaint on how we have handled your personal data, please contact us at .
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office at https://ico.org.uk/