QLP is subject to the General Data Protection Regulations (GDPR) and the provisions for the management, retention and security of Personal Data, unless obliged by law or a professional body.
QLP’s services consist primarily of insurance broking, facilitating premium finance and arranging litigation funding. To do this we have access to personal data, including health and financial information and share this with other relevant parties.
Data Protection Officer
40 Lime Street
London EC3M 7AW
You have several rights in relation to how QLP uses your information. They are:
Right to be informed
You have a right to receive clear and easy to understand information on what personal information we have, why and who we share it with and this privacy notice explains all of this.
Right of access
You have the right of access to your personal information. If you wish to receive a copy of the personal information we hold on you, you may make a Data Subject Access Request (DSAR).
Right to request that your personal information be rectified
If your personal information is inaccurate or incomplete, you can request that it is corrected.
Right to request erasure
You can ask for your information to be deleted or removed if there is not a compelling reason for QLP to continue to hold it.
Right to restrict processing
You can ask that we block or suppress the processing of your personal information for certain reasons. This means that we are still permitted to keep your information – but ensures that we won’t use it in the future for the reasons you have restricted.
Right to data portability
You can ask for a copy of your personal information for your own purposes to use across different services. In certain circumstances, you may move, copy or transfer the personal information we hold to another company in a safe and secure way.
Right to object
You can object to QLP processing your personal information where: it’s based on our legitimate interests (including profiling); for direct marketing (including profiling); and if we were using it for scientific/historical research and statistics.
Rights related to automatic decision making including profiling
You have the right to ask QLP to give you information about our processing of your personal information. You may request human intervention or challenge a decision where processing is done solely by automated processes.
It is Personal Data and / or “Sensitive Personal Data” when an individual can be identified. This may include but is not limited to any of the following: name, address, gender, marital status, date of birth, nationality, relevant criminal convictions, employer, and family details, including their relationship to you.
Sensitive Personal Data includes but is not limited to health records and criminal convictions, anything related to children.
Your consent allows us to share the information with insurers, third party funders, third party claims handlers including cost consultants and premium finance companies, all of whom need to process the information in order to undertake their role in the insurance and funding market (which in turn allows for the pooling and pricing of risk in a sustainable manner). This is in order to facilitate the provision of insurance and financial products and administer insurance claims for example.
Where you are providing us with information about a person other than yourself, you agree to notify them of our use of their Personal Data and to obtain such consent for us.
WHAT WE COLLECT AND USE
We take your privacy seriously and we will only ever collect and use your personal data where it is necessary, fair and lawful to do so. We will collect and use your information where it is:
- about who you are e.g. your name, date of birth and contact details
- classified as ‘sensitive’ Personal Data e.g. relating to your marital or civil partnership status
- health data – current or former physical or mental medical conditions, health status, injury or disability information, medical procedures performed, relevant personal habits, prescription information, medical history (e.g., smoking or consumption of alcohol)
- which you may provide us about other people e.g. joint applicants for policies, premium finance or litigation funding
- information about children e.g. where a child is named as a beneficiary on the policy taken out by a parent or guardian on their behalf. In these cases, we will collect and use only the information required to identify the child (such as their name, age, gender) where it’s necessary to provide the product or service you have requested e.g. we will require some personal information including your name, address, date of birth
- it’s necessary for us to meet our legal or regulatory obligations e.g. tell you about changes to Terms and Conditions or for the detection and prevention of fraud
- automatically collected e.g. via cookies when you visit our website
If QLP cannot collect data about you we may not be able to provide you with the service requested because it may be illegal or impossible to do so.
WHERE WE COLLECT YOUR INFORMATION
We may collect your personal information directly from you from a variety of sources, including:
- an application form for a product or service
- phone conversations with us
- emails or letters you send to us
- third parties who introduce business to us on your behalf, specifically solicitors, barristers or insolvency practitioners
- application forms on our website and your interactions with our website
- our online services such as websites, and social media
WHO SHARE YOUR INFORMATION WITH
We may share your information with third parties for the purposes of obtaining insurance, premium financing, litigation funding. These third parties include:
- companies we have chosen to support us in the delivery of the products and services we offer to you and other clients
- our regulators and Supervisory Authority e.g. the Financial Conduct Authority (FCA), the Information Commissioner’s Office for the UK (the ICO)
- Law enforcement, credit and identity check agencies for the prevention and detection of crime
- solicitors, barristers and insolvency practitioners
- in the event of a claim, third parties including the other party to the claim witnesses, experts (including medical experts), solicitors and claims handlers
Where we share personal or sensitive data we do either by encrypted emails, hard copy or encrypted portable device.
Your information may also be disclosed when we believe in good faith that the disclosure is required:
- by Law
- to comply with a judicial proceeding, court order or legal process; or
- in the event of a merger, asset sale, or other related transaction.
We will never sell your details to someone else.
Whenever we share your personal information, we will do so in line with our obligations to keep your information safe and secure.
WHERE YOUR INFORMATION IS PROCESSED
The majority of your information is processed in the UK and European Economic Area (EEA).
However, some of your information may be processed by us or the third parties we work with outside of the EEA, including countries such as the United States, New Zealand and India.
Where your information is being processed outside of the EEA, we take additional steps to ensure that your information is protected to at least an equivalent level as would be applied by UK / EEA data privacy laws e.g. we will put in place legal agreements with our third party suppliers and regularly ensure they meet data privacy obligations.
HOW WE PROTECT YOUR INFORMATION
We take information and system security very seriously and we strive to comply with our obligations at all times. Any personal information which is collected, recorded or used in any way, whether on paper, online or any other media, will have appropriate safeguards applied in line with our data protection obligations.
Your information is protected by controls designed to minimise loss or damage through accident, negligence or deliberate actions. Our employees also protect sensitive or confidential information when storing or transmitting information electronically and must undertake regular training on this.
Our security controls are aligned to industry standards and good practice providing a control environment which effectively manages risks to the confidentiality, integrity and availability of your information.
HOW LONG WE KEEP YOUR INFORMATION
We will keep your personal information only where it is necessary to provide you with our products or services while you are a client.
We may also keep your information after this period but only where required to meet our legal or regulatory obligations. The length of time we keep your information for these purposes will vary depending on the obligations we need to meet.
WHAT ARE COOKIES?
A cookie is a small file – it’s saved onto your computer or other device when you visit our website.
Cookies store small pieces of information. For example – they will remember you’ve visited our website or performed a certain action.
Cookies also let us know which pages of our website you visited, they help us develop and market our products and services.
- Persistent cookies – these stay valid, and will work until their expiry date (unless you delete them before they expire)
- Session cookies – these expire when you close your web browser
HOW TO MAKE A COMPLAINT
If you are still unhappy, you can complain to our Supervisory Authority. Their contact details are:
Information Commissioner’s Office
Cheshire SK9 5AF