Updated:  9^th April 2021

Privacy Policy

 

We are committed to protecting and respecting your privacy.

 

This policy (together with any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our approach and practices regarding your personal data and how we will treat it.

 

When you visit our website, we process your personal data and offer you our services according to the practices described in this policy. We also need to process your personal data in order to perform our services when you enquire about or purchase our services.

 

By agreeing to provide us with your personal data, you are acknowledging that we are at liberty to use that data as set out in this privacy policy.  You are entitled to exercise various rights under data protection law, including the right to request that we stop processing your personal data in certain circumstances as explained further in this privacy policy or to request that we remove your personal data from our records.

 

It is important that you read this privacy policy together with any other privacy notice or fair processing notice we may issue on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.

 

Sometimes, we ask you for personal data about other people (for example, members of your family) and this policy applies to that information as well. We ask you to tell those people that we are processing their personal data and that this policy applies to it.

 

We are China Taiping Insurance (UK) Co Ltd of 2 Finch Lane, London, EC3V 3NA ("we", "us", "our") and we are the controller of personal data that you provide to us.

 

INFORMATION WE MAY COLLECT FROM YOU

We may collect and process the following data about you:

 

• Information you give us. You may give us information about you when you obtain a quote or by completing and sending proposal and claim forms to us or by corresponding with us online, by post, telephone, email or otherwise including information you provide when you use the “Contact Us” facility on our website or when you report a problem with our website. The information you give us using any one of the methods of communication above may include your name, address, email address and telephone number, financial and credit card information, personal description and other personal identifiers (such as passport or national insurance details), nationality and residence status, your personal and family relationships, your lifestyle and social affairs, employment status, details of bankruptcy, criminal convictions (including motoring offences), details of occupation, including directorships and other relevant information.

 

• Information we collect about you. Each time you visit our website we may automatically collect the following information from you:
  • technical information, including the Internet Protocol (IP) address used to connect your device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
  • information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.

 

• Information we receive from other sources. We may receive information about you if you use any of the other services we provide. We also work closely with third parties (including, for example, insurers, reinsurers, intermediaries, business partners, sub-contractors in technical, payment and delivery services, analytics providers, search information providers, credit reference agencies) and we may receive information about you from them.

 

• Types/classes of information processed. When you apply for a quotation or policy online or write to or email us or when you complete a proposal form or a claim form we process personal information about you that includes some or all of the following: personal details, family details and details about your dependents, lifestyle and social circumstances, financial details, employment and education details and information on goods and services provided.

 

• Sensitive Information. We may also process sensitive classes of information. This includes physical or mental health details, details about your lifestyle and health conditions, offences and alleged offences and details about your sexual life or sexual orientation where relevant to your health.

 

• Tracking or recording what you say or do. We may record details of your interactions with us.  For example, we may record and keep track of conversations you have with us via telephone and any other kinds of communication. We may use these recordings to check your instructions to us, to assess, analyse and improve our services, train our staff, manage risk, process claims or to prevent and detect fraud and other crimes. We may also record and retain information about these interactions such as the telephone number from which you call.

 

• Children. We do not collect data relating to children, except in relation to our Medical Insurance, Group PA or Travel policies or where necessary to process a claim. Where you provide us with information about children, we assume that you are the person with parental responsibility for those children or authorised to act on their behalf. We therefore request that in those circumstances, you make this policy available to them and encourage them to read it if they want to find out more. 

 

• Dependents and family members. We may ask you for information (as described above) about your family members and dependents, in particular if they benefit from one of our policies (such as a private medical insurance policy). We ask you to let those persons know if you are providing us with their information and that we are processing it according to this policy.

 

HOW WILL WE USE YOUR INFORMATION?

The information you supply or we collect from you is generally used for the purposes of insurance administration by us, our associated companies, by reinsurers and your intermediary. We are required under data protection laws to identify certain legal conditions for the processing of your data and these are set out below. We also use information held about you in the following ways:

 

• Information you give to us. We will use this information:
  • to provide you with the information, products and services that you request from us and to carry out our obligations arising from any contracts entered into between you and us;
  • to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
  • to provide you with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by letter, e-mail, telephone or SMS with information about services similar to those which were the subject of a previous sale or negotiations for a sale to you. If you are a new customer, we will contact you only if you have consented to this. If you do not want us to use your data in this way, please tick the relevant box situated on the form on which we collect your data (the proposal form);
  • to notify you about changes to our service;
  • to ensure that content from our website is presented in the most effective manner for you and for your device;
  • to maintain our accounts and records;
  • to enable insurers and the other third parties identified in the section headed “Disclosure of your Information” below to provide services to you, and/or to carry out their work, including the investigation of any claims made by you;
  • if you give us information about another person, in doing so you confirm that they have given you permission to provide it to us to be able to process their personal data (including any sensitive personal data) and also that you have told them who we are and what we will use their data for, as set out in this notice;
  • Where we need to comply with a legal or regulatory obligation.
  • Where we need to exercise our legal rights, for example if we are faced with a legal claim in relation to our relationship with you. We may also use your information for particular matters of public interest such as investigation of fraudulent claims, anti-money laundering compliance activities or health or clinical issues affecting our policy beneficiaries.

 

• Information we collect about you. We will use this information:
  • to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to improve our website to ensure that content is presented in the most effective manner for you and for your device;
  • as part of our efforts to keep our website safe and secure.

 

• Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).

 

Automated Decision Making

Our assessment of your insurance application may involve an automated decision to determine whether we are able to provide you with a quote.     An automated decision involves processing personal information without any human intervention.  The decisions depend on the information you provide us (i.e location, gender, age, health history, claims history) so that we can decide to offer a quote and if so, the relevant price for your policy.    You have certain rights in relation to automated decision making which are described in the “Exercise Your Rights” section below.

 

Consent

Where we process your information, including sensitive information about your health, we do so because you have asked us to provide you with our insurance products and services. Under data protection law, this allows us to process your information without asking for your further consent. Sometimes, we will ask you for your consent to use your information (or information about your family or dependents) or provide it to someone else (such as a medical practitioner) for another reason – for example because it is your private information and confidential to you. We only ask this where necessary, and if you are unwilling to give us that consent (or to provide us with information about your health) we may not be able to provide you with our insurance or other products or services.

 

PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL DATA

We have set out, in a table format, a description of all the ways we may use your personal data, and the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

 

We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using it. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the following table.

 

Purpose/Activity	Type of data	Lawful basis
To provide you with a quote or to process a proposal or a claim	Identity Contact Transaction Financial Health	Performance of a contract Legitimate Interest Provision of insurance
To process, put in place your insurance and to deliver your insurance documentation	Identity Contact Financial Transaction Health	Performance of a contract with youLegitimate interest Necessary to comply with a legal obligation Provision of insurance
To manage our relationship with you which will include: Notifying you about changes to our terms or privacy policy or about changes to your cover, or dealing with your issues or any complaints you may have about us.	Identity Contact Profile Health	Performance of a contract Necessary to comply with a legal obligation Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) Provision of insurance
To administer and manage risk of China Taiping insurance and its website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data); our management information purposes, including record-keeping, financial management, audit and systems and controls	Identity Contact Technical Health	Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) Necessary to comply with a legal obligation Provision of insurance
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the online communications that we furnish you with	Identity Contact Profile Usage Marketing & Communications Technical	Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, services, marketing, client relationships and experiences; training and service quality	Technical Usage Transaction Health	Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) Provision of insurance
To make suggestions and recommendations to you about services that may be of interest to you	Identity Contact Technical Usage Profile	Necessary for our legitimate interests (to develop our services and grow our business)
Prevention, detection and investigation of fraud	Identity Contact Transaction Financial Health	Necessary for our legitimate interest in the prevention of fraud Performance of a contract Substantial public interest in fraud prevention Provision of insurance
Review or audit of healthcare provision by providers contracted by us to provide you with healthcare services, and safeguarding	Identity Transaction Health	Necessary for our legitimate interests in the quality of healthcare services that we fund; and in protecting you and other beneficiaries from harm Substantial public interest in the quality of healthcare services and prevention of harm
Recovery of sums due to us from you	Identity Contact Transaction Health	Necessary for our legitimate interest in recovering sums due to us Establishing or defending our legal rights Provision of insurance
Compliance with our legal and regulatory obligations	Identity Contact Transaction Health	Compliance with legal and regulatory obligations Provision of insurance

 

 

HOW LONG WILL WE KEEP YOUR PERSONAL DATA

 

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

 

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

 

Details of retention periods for personal data are contained within our retention policy which you can request from us at any time.

 

DISCLOSURE OF YOUR INFORMATION

We may share your personal information with any member of the China Taiping Group of Companies, including those outside of the EEA.

We may also share your information with selected third parties including:

• other insurance companies, reinsurers and your intermediary
• your beneficiaries, relatives or dependents if you are incapacitated, or your professional advisors
• healthcare providers providing you with treatment relating to your policy
• professional advisers, suppliers, service providers and sub-contractors (including payment processors, surveyors, auditors, claims handlers, investigators and loss adjusters) to perform any contract we enter into with them or you
• regulatory bodies for the purposes of monitoring and/or enforcing our compliance with any regulatory rules/codes
• analytics and search engine providers that assist us in the improvement and optimisation of our website
• if we are under a duty to disclose or share your personal data in order to comply with or enforce any legal obligation, or our Terms of Business Agreement, or to protect the rights, property, or safety of us or any member of the China Taiping Group of Companies, our customers, or others. This includes exchanging information with other companies, law enforcement agencies andorganisations for the purposes of fraud prevention and detection protection.

 

Where appropriate we make checks with a licensed credit referencing agency and a record of any search will be made. We exchange information with other insurers through various databases to help us check information provided and also to prevent fraudulent claims. We will disclose information about you to regulatory authorities in response to formal requests.

 

TRANSFER OF INFORMATION OVERSEAS

We may store your personal data on our servers located in China in order to manage and back-up all China Taiping Insurance (UK) Co Ltd. data.  This will involve the transfer of your data outside of the European Economic Area (EEA).

 

Certain of our third party service providers who process your Personal Data on our behalf may also transfer your Personal Data outside the EEA to a country that does not provide an adequate level of protection to your personal data.

 

Whenever your personal data is transferred outside of the EEA we will ensure that an equivalent degree of protection is afforded to it by ensuring that it is either transferred to a country which is deemed to provide an adequate level of protection for personal data as the EEA or (if one of the exceptions in the data protection legislation is not available) an appropriate transfer agreement is put in place. If you would like to find out more about any such transfers, please contact our Compliance officer.

 

THIRD PARTY WEBSITES

Our website may, from time to time, contain links to and from the websites of our partner networks and affiliates.

If you follow a link to any of these websites, please note that these websites have their own cookie and privacy policies and that we do not accept any responsibility or liability for these policies. Please check the cookie and privacy policies of third party websites before you submit any personal data to them.

 

EXERCISE YOUR RIGHTS

Right to Object to Processing	In certain circumstances, you have a right to object to our processing of your personal data where we process it on the legal basis of: a) our legitimate business interest, including profiling based on our legitimate business interests; or b) your consent to marketing. We may not be able to comply with such a request where we can demonstrate that there are compelling legitimate grounds for us to process your personal data which override your interests, rights and freedoms or where the processing of your personal data is required for compliance with a legal obligation or in connection with legal proceedings.
Right to Withdraw Consent	You have a right to withdraw your consent, at any time, to our processing of your personal data which is based on your consent. Where you exercise this right, our processing of your personal data prior to your withdrawal of consent will remain valid.
Right of Access	You have the right to access and obtain a copy of the personal data that we hold about you. We will only charge you for making such an access request where we feel your request is unjustified or excessive.
Right to Rectification	You have the right to request that we correct any inaccuracies in the personal data stored about you.
Right to Erasure	In certain circumstances, you have the right to request that we erase your personal data.  For example, you may exercise this right in the following circumstances: your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by us; where you withdraw consent and no other legal ground permits the processing; where you object to the processing and there are no overriding legitimate grounds for the processing; your personal data have been unlawfully processed; or your personal data must be erased for compliance with a legal obligation. Where we store your personal data for statistical purposes, we may not be able to comply with such a request where it would likely impair such statistical purposes or where we require your personal data for compliance with a legal obligation or in connection with legal proceedings.
Right to Restriction	You have the right to restrict our processing of your personal data where any of the following circumstances apply: where you feel that the personal data which we hold about you are not accurate. This restriction will be in place for a period to enable us to verify the accuracy of your personal data; where the processing is unlawful and you do not want your personal data be erased and request the restriction of its use instead; where we no longer need to process your personal data (e.g. any of the Purposes outlined above have been completed or expire), but we require it in connection with legal proceedings; where you have objected to our processing of your personal data pending the verification of whether or not our legitimate business interests override your interests, rights and freedoms. Where you exercise your right to restrict our processing of your personal data, we will only continue to process it with your consent or in connection with legal proceedings or for the protection of the rights of other people or for reasons of important public interest.
Right to Data Portability	You have a right to receive and transfer the personal data that you provide to us in a structured, commonly used and machine readable format where we process your personal data on the legal basis of: a) your consent; or b) where it is necessary to perform our contract with you. Where you make such a request, we will directly transfer your personal data on your behalf to another controller of your choice (where it is feasible for us to do so).
Right to Object to Automated Decision-Making, including profiling	You have a right not to be subjected to decisions based solely on automated decision-making, including profiling, which produce legal effects concerning you or similarly significantly affects you. We may not be able to comply with such a request where we rely on the legal basis of: a) your explicit consent; or b) where it is necessary to enter and perform our contract with you (as detailed in section 2 above). You will however be entitled to have a person from our team review the decision so that you can query it and set out your point of view and circumstances to us.

 

To exercise this right, you may write to us with details of your request, to: Compliance, China Taiping Insurance (UK) Co Limited, 2 Finch Lane, London, EC3V 3NA or by email at compliance@uk.cntaiping.com.

 

If you are unhappy with our response to a request, you can contact the Information Commissioner.

 

COOKIES

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website. For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy.

 

CHANGES TO OUR PRIVACY POLICY

We may amend this notice on occasion, in whole or part, at our sole discretion to take into account changes in the relevant legislation or guidelines or changes in our business practices.  Any changes to notice will be effective immediately upon notification either by e-mail or on our website.  We would recommend that you check our website from time to time to ensure that you are aware of the latest version of the policy.

 

If at any time we decide to use your personal data in a manner significantly different from that stated in this notice, or otherwise disclosed to you at the time it was collected, we will notify you either by e-mail or on our website, and you will have a choice as to whether or not we use your information in the new manner.

 

CONTACT US

Questions, comments and requests regarding this privacy policy should be addressed to Compliance, China Taiping Insurance (UK) Co Limited, 2 Finch Lane, London, EC3V 3NA or by email at compliance@uk.cntaiping.com.

 

COMPLAINTS

We sincerely hope you will not have cause to complain about our service, but if you do, you may access our complaints procedure HERE.