This policy was last updated 22 May 2018
Postal address: 79 Straight Bit, Flackwell Heath, HP109NE
Before you complain, bear in mind that as a regulated business already, robust complaints rules protect you - so please submit any complaint to us first for the opportunity of review and resolution.
You do, of course, have the right to make a complaint at any time to the Information Commissioner's Office (ICO), they are the UK's supervisory authority for data protection issues (www.ico.org.uk).
You have the right to be informed about the collection and use of your personal data. We are required to inform you about the purposes of processing your personal data, our retention periods for that personal data, and who it will be shared with. (This is the main basis of our Privacy Policy)
You have the right to access your personal data in a usable format, this will typically be a CSV format, PDF or another widely used form of information.
All the Personal and Contact Data we hold about you is accessible via your Worry+Peace account at all times.
You have the right to have inaccurate personal data rectified, or completed if it is incomplete.
You have right to erasure is also known as ‘the right to be forgotten’ in certain circumstances you can request the deletion of your data.
You have the right to request the restriction or suppression of your personal data.Please note that this is not an absolute right and only applies in certain circumstances.
This allows you to obtain and reuse your personal data for your own purposes across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. This right only applies to information you have provided to us.
This is your right to stop your data being used for a certain purpose - it's most relevant for Direct Marketing and you should be offered an ability to opt-in, as opposed to opt-out as standard.
You can make a request for any of your rights by email verbally or in writing. We have one calendar month to respond to a request.
We may need to request specific information from you to help us confirm your identity as a security measure to ensure that personal data is not disclosed to any person or entity that does not have the legal right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We also use a tool, known as Yoti,to help us identify you.
We will typically hold Personal data, or personal information - that means any information about an individual from which that person can be identified. It will not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of data and have three distinct uses:
Personal and Contact Data Personal and contact Data includes your full name(s), username or similar identifier, marital status, title, date of birth and gender; phone number(s), email address, postal address, or social media profile handles.
Activity Data includes your experiences using our website and services, internet protocol (IP) addresses, login data, browser type and version(s), time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website(s).
Marketing and Communications Data includes your preferences in receiving marketing from us, or third parties, and our general communications.
Explore the purposes we need your data for
We have utilised robust measures to protect and secure your personal data from being stolen or accidentally lost. We also limit access to our data where required by staff or third party contractors. According to our legal requirements, we've created procedures to deal with any suspected personal data breach and will duly notify you and any applicable regulator of a breach where obliged to do so.
Your access to our software is secured through secure web pages, two-factor authentication and a minimum password strength policy.
We will hold your data for no longer than 7 years which is pursuant to our obligations as an entity regulated by the Financial Conduct Authority. How long we hold your data for is relevant to the purpose for which we initially acquired it. So the time we retain your data may vary.
We use a number of methods to collect data from you and about you which include:
Submissions by you through our website(s), by phone, email or post, where you provide data upon reasonable request or required in order for us to provide a service.
This also includes personal data you provided when you:
We may use your three categories of data to form a view on what we think you may want or need in the future, or what may be of interest to you. We may use the following methods to market these views to you.
Marketing Tools and Channels
If you have requested it, you'll receive marketing communications from us. These will be in the form of verbal calls, post, email and text messages.
Third-party marketing
We will always seek your express and explicit consent prior to sharing your data with any company outside Worry+Peace. In fact, our main search directory passes no data whatsoever to third-parties, it's all up to you!
Opting Out
If you have already opted in, at any time, you can ask us or third parties to stop sending you marketing messages using the mechanisms provided.
These are Automated technologies or interactions. As you interact with our website, we may automatically collect Activity Data about the technology or equipment you're using, the browsing method, actions and interactions. We collect this personal data by using cookies, third-party services, server logs and other similar technologies.
Worry+Peace will only use your personal data for the purposes for which we collected it, unless we deem another reason legally and reasonably compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Your rights, as listed herein will still apply at all times.
We may need to share your data with third parties in order to meet the purposes we've outlined herein.
Those third parties may include:
Alternatively, we may seek to acquire other businesses or be acquired by them. In such an outcome, the new owners may use your personal data in the same way as set out in this privacy notice.
All third parties are subject to respective legal requirements and we will never process data in a way you have not explicitly given your permission to do.
We do not currently share your personal data with any international entities or companies. We will amend our terms in the event this changes.
Legitimate Interest means the targeted and proportionate methods we use to pursue commercial interests as well as wider societal benefits we aim to provide to our stakeholders. We also have a legitimate interest in disclosing information about possible criminal acts or security threats to the authorities. We aim not to process your data where your interests override ours such as the potential of its use to cause you unwarranted harm.
Performance of Contract means processing your data where it is necessary for the performance of a contract of insurance and insurance quotation to which you are a party; or connecting you to a third party - by way of display advertisement - that can provide both the aforementioned.
Comply with a legal or regulatory obligation means processing your personal data is a requirement under our authorisation as part of the regulatory remit of the Financial Conduct Authority or another state regulator.