Security & Privacy

Important notice

This is the privacy notice of HFIS plc (registration number: 3252806) whose registered office is at Lumiere, Suite 1-3, Elstree Way, Borehamwood, WD6 1JH.

This privacy notice sets out how we collect and process your personal data. This privacy notice also provides certain information that is legally required and lists your rights in relation to your personal data.

This privacy notice relates to personal information that identifies you as a natural person (whether you are an actual or potential customer, an individual who browses our website or an individual outside our organisation with whom we interact). We refer to this information throughout this privacy notice as personal data or personal information and further detail of what this includes are set out in this privacy notice below.

The privacy and security of your personal information is very important to us so we want to assure you that your information will be properly managed and protected by us at all times. Please read this privacy notice carefully as it explains how we may collect and use your personal data.

This privacy notice may vary from time to time so please check it regularly. This privacy notice was last updated in April 2018.

How to contact us

Controller and contact details

For the purposes of relevant data protection legislation, we are a controller of your personal data. As a controller we use (or process) the personal data we hold about you in accordance with this privacy notice.

If you need to contact us in connection with the use or processing of your personal data, then you can do so using our contact details on our website.

What information we hold about you and where we obtain this from

The personal data that we collect about you may include the following information:

  • Personal data you provide to us in person, via our website or by telephone
  • Personal data you provide when you enquire about insurance or any of our other services, or when you purchase a policy or join one of our Schemes, including information about what you want to insure, or which Scheme you wish to join, such as, business activities, your home or rental properties and tenants
  • General information about you, such as your name, address, contact details and date of birth
  • Personal data you provide if you subscribe to any of our mailing or newsletter services
  • Your claims and credit history
  • Financial details, such as your bank account and card details
  • Criminal convictions
  • Information about your use of our website such as your IP address, which is a unique number identifying your computer, including personal data gathered using cookies

In addition, we may obtain data about criminal convictions, and this privacy notice specifically sets out how we may process these types of personal data.

We collect your personal data from you as a controller when we obtain quotations for insurance for you, when we set up your policy for you and when we make changes to your policy for you. Data will also be collected where you wish to join one of our Schemes or accept other products and services we offer. This may involve the collection of data from or about others who are associated with you and your insurance policy/membership such as other persons insured on your policies or your employees, representatives or tenants. By giving us information about someone else for the purpose of arranging insurance or Scheme membership you confirm that you have their permission to do so and that you have shared this privacy notice with them.

We also collect information from publically available sources and third party databases made available to the relevant industry for the purposes of reducing fraud and financial crime as well as any other third party databases where your personal data may be held, provided such third parties have lawful bases on which to share such personal data with us.

How we use your personal data and the lawful basis for doing so

Where we are relying on a basis other than consent

We may rely on one or more of the following legal bases when processing your personal data for the following purposes:

To assist in the prevention and reduction of fraud and other financial crimeThe processing is necessary for us to comply with the law and our legal requirements

Purposes for which we process your personal dataThe basis on which we can do this (this is what the law allows)
In order to perform our contractual obligations to you. This would include our fulfilling your requests for insurance services (including obtaining insurance for you, fulfilling requests for mid-term adjustments and obtaining renewals)The processing is necessary in connection with any contract that you may enter into with us
In order to perform our legal obligations to you. This would include our fulfilling your requests for our Membership SchemesThe processing is necessary in connection with any contract that you may enter into with us
To administer your account, including financial transactions for the product or service we have provided youThe processing is necessary in connection with any contract that you may enter into with us
In the interests of security and to improve our service, telephone calls you make to us may be monitored and/or recordedThe processing is necessary to pursue our legitimate interest in the management and operation of our business
To let you know about similar products and services that may be of interest to youThe processing is necessary to pursue our legitimate interest in operating our business

Who we pass your personal data to

We may need to pass your personal data to other companies which may include:

  • The insurers, intermediaries and third party service providers that we use for the purpose of arranging and administering your insurance policy or membership. This may also include risk management assessors, uninsured loss recovery agencies, premium finance providers and other third parties involved (directly or indirectly) in the administration of your insurance or membership
  • Firms that provide administration and processing services to us or on our behalf under contract in order to complete activities such as claims handling, IT systems and administrative services and other activities set out in this privacy notice, as well as support activities such as finance and auditing services
  • Organisations that have a specific role laid out in law, such as statutory bodies, regulatory authorities and other authorised bodies
  • Other organisations where we have a duty to or are permitted to disclose your personal information by law, for example if we received a valid request from the police or other third party organisation in the interest of preventing and detecting crime
  • Fraud prevention agencies and operators of registers available to the insurance industry to check information and prevent fraud
  • Credit reference agencies to check your credit history. This check will be recorded on your credit reference file without affecting your ability to apply for credit or other financial products
  • Third parties we use to recover money you may owe us or to whom we may sell your debt
  • Another company, if our business or part of it is bought or taken over by that company to make sure your insurance policy can continue to be serviced or as part of preliminary discussions with that company about a possible sale or take over

The information you share with us may be transferred by us or any of the types of firms or organisations we have noted above, to other countries in order for processing to take place, including locations outside of the UK and the European Union. We will only do so if there are adequate levels of protection in place as required by applicable data protection laws.

Accessing our website and cookies

When you visit one of our websites we may collect information from you, such as your email address, IP address and other online identifiers. This helps us to track unique visits and monitor patterns of customer website traffic, such as who visits and why they visit. We use third parties to collate IP addresses to help us understand our Internet traffic data and data regarding your browser type and computer. We may also use web usage information to create statistical data regarding the use of our website. We may then use or disclose that statistical data to others for marketing and strategic development purposes, but no individuals will be identified in such statistical data.

We may use cookies and/or pixel tags on some pages of our website. A cookie is a small text file sent to your computer. A pixel tag is an invisible tag placed on certain pages of our website, but not on your computer. Pixel tags usually work together with cookies to help us to give you a more tailored service. We also use cookies and pixel tags in our email communication to personalise the email and track whether the email has been opened and whether the recipient has used any website links contained in the email communication. This allows us to monitor and improve our email communications and website. Useful information about cookies, including how to remove them, can be found at www.allaboutcookies.org.

Internet browsers normally accept cookies by default, although it’s possible to set a browser to reject cookies. We’ll ask your permission before using any cookie that’s not essential to the email or the use of the website. However, refusing to accept cookies may restrict your use of our website and/or delay or affect the way in which our website operates. You can find more information on cookies when you visit our website.

The open nature of the internet is such that data may flow over networks without security measures, and may be accessed and used by people other than those for whom the data is intended. While this is outside of our control, we do take the protection of your information very seriously and aim to apply appropriate levels of security at all times.

Google Analytics Cookies

__utma – Google Analytics cookie – tracks each user’s amount of visits, and the time of the first, the previous, and the current visit

__utmb – Google Analytics cookie – used to track how long you stay on a site – when a visit starts and approximately ends

__utmc – Google Analytics cookie – used to track how long you stay on a site – when a visit starts and approximately ends

__utmv – Google Analytics cookie – tracks each user’s amount of visits, and the time of the first, the previous, and the current visit

__utmx – Google website optimiser cookie – used for controlling content

__utmxx – Google website optimiser cookie – used for controlling content

__utmz – Google analytics cookie – used to track where a visitor came from

__utmcw – Google analytics cookie – tracks each users session on the site

__utmcw – Google analytics cookie – tracks each users session on the site

Site Functionality Cookies

coast_firebird_2010 – standard refresh session name

sifrFetch – flash replacement (sets if flash is available or not)

Third Party Cookies

Our website also uses functionality from Twitter and Facebook, which use cookies to make sharing content easier. These are third party cookies, which we have no control over. To find out more about these third party cookies, you may wish to visit the respective sites to view their cookie policies.

In addition our website may use SessionCam for analysis. SessionCam is a product that has been developed by SessionCam LTD. SessionCam may record mouse clicks, mouse movements, page scrolling and any text keyed into website forms. The information collected does not include bank details or any sensitive personal data. Data collected by SessionCam from the Hamilton Fraser website is for Hamilton Fraser internal use only. The information collected is used to improve our website usability and is stored and used for aggregated and statistical reporting.

Sc. UserId, sc.ASP_NET_SESSIONID – These cookies are set by SessionCam on our website. The SessionCam reporting console includes the ability to record mouse clicks, mouse movements, page scrolling and any text keyed into website forms. It includes the ability to sort recorded sessions by unique user. This aggregates multiple visits from the same, unique user over a selected date and time range. The information collected is stored and is used for grouped and statistical reporting, and is not shared with anybody else. We do not store any personal, financial or sensitive information about you within these cookies.

Your rights

We will only store your data for as long as is necessary to comply with the requirements of your insurance contract(s) and any legal obligations or lawful processing conditions that may exist as a result. If you are a member of one of our Membership Schemes your data will be stored for as long as is necessary to comply with the relevant legal obligations. You have a number of rights concerning the personal information we use, which you may ask us to observe. In some cases even when you make a request concerning your personal information, we may not be required, or be able to carry out your request as this may result in us not being able to fulfil our legal and regulatory obligations under the lawful processing conditions under which we hold your data or because there is a minimum statutory period of time for which we have to keep you information.

You can ask us to:

  • Provide a copy of your personal information
  • Correct or delete unnecessary or inaccurate personal information
  • Restrict or to object to the use of your personal information at any time
  • Object to any automated decision, including profiling which may have been used by insurers when underwriting your quotation. Where an automated decision has been made we will advise you of this and of your rights
  • Provide your personal data in a structured, commonly used and machine-readable format and to have your personal data transferred to another controller. This right only applies where our processing of your personal data is automated and the processing took place initially with your consent or for the performance of a contract with you
  • Where we rely on your consent to use your personal information, you can withdraw that consent at any time. Where your consent is withdrawn, your previous consent will remain valid in respect of our use of your information prior to the date you withdrew it, or if any marketing material has been sent prior to you advising that you don’t want us to contact you again

If you have any questions or concerns about this privacy notice or your data protection rights please contact us using our details set out at the beginning of this privacy notice.

You also have the right to make an enquiry or to complain to the Information Commissioner’s Office (ICO) if you are unhappy with our use of your data, or if you think we have breached a legal requirement. Further details about the ICO are available at: www.ico.org.uk.

How we contact you about other products and services

We may from time to time process your personal data to let you know about similar products and services that may be of interest to you. This is because we value your custom and we pride ourselves in offering professional and tailored advice which meets your specific insurance needs. This includes keeping you informed on the latest insurance and industry information and details of any offers or promotions relating to the insurance services we provide to you. Our lawful basis for processing your personal data in this way is as is necessary to pursue the legitimate interests of our business, unless we have otherwise obtained your consent to do so. We may contact you by post, telephone or e-mail. You will be given the option to stop receiving any communications from us in this regard at any time, however, please note that this will not affect us contacting you about the servicing of products that you have specifically requested from us.