This policy was last updated 22 May 2018

Contact Details:

Full name of legal entity: Worry+Peace a trading name of Innovative Risk Ltd.
Email address: hello@worryandpeace.com

Postal address: 79 Straight Bit, Flackwell Heath, HP109NE

PRIVACY COMPLAINTS

Before you complain, bear in mind that as a regulated business already, robust complaints rules protect you - so please submit any complaint to us first for the opportunity of review and resolution.

You do, of course, have the right to make a complaint at any time to the Information Commissioner's Office (ICO), they are the UK's supervisory authority for data protection issues (www.ico.org.uk).

YOUR LEGAL RIGHTS:

Your right to be informed:

You have the right to be informed about the collection and use of your personal data. We are required to inform you about the purposes of processing your personal data, our retention periods for that personal data, and who it will be shared with. (This is the main basis of our Privacy Policy)

Your right of access:

You have the right to access your personal data in a usable format, this will typically be a CSV format, PDF or another widely used form of information.

All the Personal and Contact Data we hold about you is accessible via your Worry+Peace account at all times.

Your right of rectification:

You have the right to have inaccurate personal data rectified, or completed if it is incomplete.

Your right of erasure:

You have right to erasure is also known as ‘the right to be forgotten’ in certain circumstances you can request the deletion of your data.

Your right to restrict processing:

You have the right to request the restriction or suppression of your personal data.Please note that this is not an absolute right and only applies in certain circumstances.

Your right to data portability:

This allows you to obtain and reuse your personal data for your own purposes across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. This right only applies to information you have provided to us.

Your right to object:

This is your right to stop your data being used for a certain purpose - it's most relevant for Direct Marketing and you should be offered an ability to opt-in, as opposed to opt-out as standard.

How to make a request to use one of my rights?

You can make a request for any of your rights by email verbally or in writing. We have one calendar month to respond to a request.

What data do we need for you to use your rights?

We may need to request specific information from you to help us confirm your identity as a security measure to ensure that personal data is not disclosed to any person or entity that does not have the legal right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We also use a tool, known as Yoti,to help us identify you.

What data do we collect about you?

We will typically hold Personal data, or personal information - that means any information about an individual from which that person can be identified. It will not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of data and have three distinct uses:

Personal and Contact Data Personal and contact Data includes your full name(s), username or similar identifier, marital status, title, date of birth and gender; phone number(s), email address, postal address, or social media profile handles.

Activity Data includes your experiences using our website and services, internet protocol (IP) addresses, login data, browser type and version(s), time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website(s).

Marketing and Communications Data includes your preferences in receiving marketing from us, or third parties, and our general communications.

Purposes for which your data is used:

Purposes for which your data is used:

Explore the purposes we need your data for

Types of Data
Lawful Basis for processing
To offer you a quotation for insurance products:
Personal and Contact Data, Activity Data
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to develop our services and grow our business)

Personal and Contact Data, Activity Data

(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to develop our services and grow our business)
To complete and administer a contract of insurance with you
Personal and Contact Data
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation

Personal and Contact Data

(a) Performance of a contract with you (b) Necessary to comply with a legal obligation
To offer you a renewal quotation for existing insurance products
Personal and Contact Data, Activity Data, Marketing and Communications Data
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation, (c) Necessary for our legitimate interests

Personal and Contact Data, Activity Data, Marketing and Communications Data

(a) Performance of a contract with you (b) Necessary to comply with a legal obligation, (c) Necessary for our legitimate interests
To manage our relationship with you
Personal and Contact Data, Activity Data
a) Performance of a contract with you (b) Necessary for our legitimate interests (to build a brand and improve our reputation with customers)

Personal and Contact Data, Activity Data

a) Performance of a contract with you (b) Necessary for our legitimate interests (to build a brand and improve our reputation with customers)

Data security

We have utilised robust measures to protect and secure your personal data from being stolen or accidentally lost. We also limit access to our data where required by staff or third party contractors. According to our legal requirements, we've created procedures to deal with any suspected personal data breach and will duly notify you and any applicable regulator of a breach where obliged to do so.

Your access to our software is secured through secure web pages, two-factor authentication and a minimum password strength policy.

How long will you hold my data for?

We will hold your data for no longer than 7 years which is pursuant to our obligations as an entity regulated by the Financial Conduct Authority. How long we hold your data for is relevant to the purpose for which we initially acquired it. So the time we retain your data may vary.

Who do you share my data with?

  • Our payment providers, Stripe and Premium Credit
  • Our Insurance Supply chain, which you can find on each product

How is my personal data collected?

We use a number of methods to collect data from you and about you which include:

Submissions by you through our website(s), by phone, email or post, where you provide data upon reasonable request or required in order for us to provide a service.

This also includes personal data you provided when you:

  • registered to use our software or seek a quote
  • subscribed to our services, apps, products and tools
  • made a claim or submitted supplementary information
  • provide feedback.

Marketing and Promotion

We may use your three categories of data to form a view on what we think you may want or need in the future, or what may be of interest to you. We may use the following methods to market these views to you.

Marketing Tools and Channels

If you have requested it, you'll receive marketing communications from us. These will be in the form of verbal calls, post, email and text messages.

Third-party marketing

We will always seek your express and explicit consent prior to sharing your data with any company outside Worry+Peace. In fact, our main search directory passes no data whatsoever to third-parties, it's all up to you!

Opting Out

If you have already opted in, at any time, you can ask us or third parties to stop sending you marketing messages using the mechanisms provided.

Cookies, plugins and technical information:

These are Automated technologies or interactions. As you interact with our website, we may automatically collect Activity Data about the technology or equipment you're using, the browsing method, actions and interactions. We collect this personal data by using cookies, third-party services, server logs and other similar technologies.

Change of purpose(s)

Worry+Peace will only use your personal data for the purposes for which we collected it, unless we deem another reason legally and reasonably compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Your rights, as listed herein will still apply at all times.

Disclosures of your personal data

We may need to share your data with third parties in order to meet the purposes we've outlined herein.

Those third parties may include:

  • Companies in the Worry+Peace Group in the future
  • Insurers and members of our supply chain
  • Marketing platforms such as GoSquared
  • Email platforms such as Mailchimp or Rackspace
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets.

Alternatively, we may seek to acquire other businesses or be acquired by them. In such an outcome, the new owners may use your personal data in the same way as set out in this privacy notice.

All third parties are subject to respective legal requirements and we will never process data in a way you have not explicitly given your permission to do.

International transfers

We do not currently share your personal data with any international entities or companies. We will amend our terms in the event this changes.

Legitimate Interest means the targeted and proportionate methods we use to pursue commercial interests as well as wider societal benefits we aim to provide to our stakeholders. We also have a legitimate interest in disclosing information about possible criminal acts or security threats to the authorities. We aim not to process your data where your interests override ours such as the potential of its use to cause you unwarranted harm.

Performance of Contract means processing your data where it is necessary for the performance of a contract of insurance and insurance quotation to which you are a party; or connecting you to a third party - by way of display advertisement - that can provide both the aforementioned.

Comply with a legal or regulatory obligation means processing your personal data is a requirement under our authorisation as part of the regulatory remit of the Financial Conduct Authority or another state regulator.