Marmalade Limited, subsidiary companies Marmalade Network Limited, Young Marmalade Limited and Provisional Marmalade Limited (which will henceforth be referred to as “We”, and the expressions “us” and “our” should be read accordingly) are totally committed to respecting and protecting your privacy.
We take great care to ensure that your information is kept safe and secure and we understand the importance of not only maintaining your privacy, but keeping your personal information secure so that you are protected, and we are committed to complying with the requirements of the General Data Protection Regulation 2018, as well as any other data protection laws or regulations that might come into effect in the United Kingdom from time to time.
We are the joint data controllers of any personal information you provide to us. Our company details are : Marmalade Limited (registered in England under company number 08676228), Marmalade Network Limited (registered in England under company number 10408264), Young Marmalade Limited (registered in England under company number 04627884) and Provisional Marmalade Limited (registered in England under company number 06779950). Our registered office is Marmalade House, Alpha Business Centre, Mallard Road, Bretton, Peterborough, PE3 8AF.
Please read this Policy carefully to understand what personal information we may collect from you, why we use your personal information, how long we retain your personal information and more generally, the practices we maintain and the ways in which we use your personal information.
If you complete a quote or partially complete a policy application on our website, but choose to exit without proceeding to purchase, or if you experience a system crash, we will retain your email details. This is to allow us to send you a notification advising you that your purchase was not completed and that the details entered were not saved. We will provide you a link so that you can access the appropriate pages, should you wish to proceed. If we do not hear further from you, your email details will be removed after 30 days.
We may rely on one or more of the 6 lawful bases set out in the GDPR to collect and process your personal data. These bases are as follows :-
For the avoidance of doubt, where we are relying on your consent we will seek your consent from the outset (in other words, before we use your personal data) and record when this consent was given.
Please see Section 5 below ‘Purposes for which we process your non-sensitive and sensitive personal information’ for more information.
We may provide you with further notices highlighting certain uses we wish to make of your personal information. We may also give you the ability to opt-in to or (where we are permitted by law to do so) opt-out of marketing when we collect your personal information.
If you choose to receive marketing updates from us, we set out below how we will use your data and communicate with you:
When obtaining a quote or purchasing insurance from Marmalade, you will be offered the option to receive updates on news, products and offers from Marmalade. This could be by email, post, messaging or other online means. If you choose to opt in to these communications, we will keep your data secure and we won’t pass it on to any third parties for any purpose, including marketing. You can unsubscribe from communications at any time by clicking “unsubscribe” in the footer of marketing emails, by emailing email@example.com or by calling 0333 358 3441.
We’ll keep in touch with you for 18 months, after which we will delete your data, if you have not unsubscribed before this time. Don’t worry, if you’re still enjoying hearing from us at the end of this time, we’ll offer you the option to stay in touch.
At the time when you opt in to receive updates, we will send you an email with a link to enable you to update your communications preferences, which reminds you how we will use your data, and allows you to unsubscribe. At this time, we will ask you to be specific about the methods by which you would prefer us to contact you. These include:
When arranging motor insurance we require information relating to your age, your full address and postcode, your occupation, your driving credentials, your vehicle, your claims history (or lack thereof), details of any driving or criminal convictions, the details of any other persons named on the policy, your financial and credit card details (or those of another person making payment on your behalf).
We will additionally require your email and telephone contact details (so that we may correspond with you) and we will request a copy of your Driving Licence and any proof of No Claims Bonus you may have. We may also request supplementary information, as deemed necessary, to verify your details.
This information is required for the underwriter to assess the potential risk presented and to offer (subject to any limitations or restrictions applied) the appropriate premium, based upon the underwriting criteria applicable at the time. This will be the basis of a contract, in the form of an insurance policy
We are required to obtain and verify certain information in accordance with current Anti-Money Laundering and Financial Crime legislation.
We may seek to use your data for the purposes of internal research and statistical analysis, utilising third party agencies to collate the information for us. A list of such agencies is available, upon request.
We may additionally pass your email address onto an independent market research company - such as ‘Trustpilot’ – so that you may have an opportunity to provide feedback as to the service you have received from us. This will only be done once we have obtained your consent to use your information for that purpose.
We may collect your personal information if you :
We may collect the following non-sensitive personal information :
We may also collect information from other sources, including (but not limited to) Google Earth, social media and telematics systems. Where we provide motor insurance for a vehicle equipped with a telematics system, we may use this system to obtain information regarding the location of a vehicle, vehicle crash data and information regarding the operational condition, mileage, diagnostic and performance reporting of vehicles. We may, in the future, also collect information from any cameras which are installed in the vehicle.
We may also collect the following sensitive personal information, referred to in the GDPR legislation as “special categories” of data :
We may collect your non-sensitive and sensitive information :
We use your non-sensitive and sensitive information for a number of different purposes.
Under the current data protection laws, we must be able to rely on a legal basis to justify why we are using your non-sensitive personal information. The legal bases that we may rely on are :
FOR PROCESSING NON-SENSITIVE PERSONAL INFORMATION
For pre-contract purposes
Processing is necessary because you have asked us to take specific steps before entering into a contract, for example preparing a policy of insurance which is intended to form part of a contract between you and us .
To fulfil our obligations arising from any contracts entered into between you and us
Processing is necessary for the initial assessment and continuation of the insurance cover provided. We will carry out identity checks, credit checks or checks into your claims history to ensure that the pricing of your policy is appropriately applied and is consistent with the underwriting terms and conditions in place at the time.
Processing of telematics data relating to motoring history, accident history and claims history is necessary for the purposes of assessing insurance applications and/or processing claims and/or applying increases to the premium (where appropriate, and in accordance with the policy Terms and Conditions).
Compliance with a legal obligation
Processing is required to enable us to fulfil and comply with a legal obligation to which we are subject.
For our legitimate interests where these do not cause you undue harm
Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal information.
Our main legitimate interests for using your personal information are :
Please note that this is not an exhaustive list. We have set out what we consider to be the most important and relevant situations in which it would be in our legitimate interests to use your personal data.
When we use your sensitive personal information (for example information about your health or criminal convictions), we must be able to rely on an additional legal basis. The additional legal bases that we may rely on in such instances are :
FOR PROCESSING SENSITIVE PERSONAL INFORMATION
Your explicit consent
You need to have given your explicit consent to the processing of your sensitive personal information for one or more specified purposes. We will request this consent from you when we request the sensitive personal information
You may withdraw your consent at any time by contacting us at https://www.marmaladenetwork.co.uk However, please note that, If you do withdraw your consent, you may not be able to receive the benefit of some of our services where, in order to provide them, we rely on your explicit consent to process your sensitive personal information.
To fulfil our obligations arising From any contracts entered Into between you and us
Processing of information relating to your physical and/or mental health, as well as details of any criminal convictions is necessary for the initial assessment and continuation of the insurance cover provided.
For legal claims
Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
You have made this Information public
You have made your sensitive personal information manifestly public.
We may share your information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries. For the purposes of this Policy, this will mean Marmalade Limited, Young Marmalade Limited, Provisional Marmalade Limited and Marmalade Network Limited.
We may use Google Analytics and we would recommend you visit the site “How Google uses data when you use our partners’ sites or apps”. This can be found at the website location: www.google.com/policies/privacy/partners/
Please also find the Privacy Notice of the Insurer MGAM Limited, who provide the Professional Indemnity Cover at : www.mgamutual.com/privacy
We may disclose your personal information to third parties :
We are committed to respecting and protecting your privacy and keeping your personal information secure. We keep your personal information in a secure server and have appropriate security measures in place in our offices. In addition to having appropriate security measures in place, we enforce them rigourously and keep them under review in order to monitor their effectiveness, and we shall modify the procedures if we should be of the view that this would provide greater protection for you or your personal data.
Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Whilst we make every effort to protect your personal information, the transmission of data via the internet is, unfortunately, not completely secure. We will always do everything reasonable and within our power to ensure that we comply with the requirements of the law and best practice in relation to the security of personal data. Once we have received your information, we will use strict procedures and security features in an endeavour to prevent unauthorised access.
The factors which will be taken into account when determining the retention period will include regulatory and legal requirements and the need to retain data in the event of there being a claim submitted or a subsequent dispute or complaint relating to the service provided.
Currently, we are required by law to keep certain personal information for a period of 7 years. In addition, we will retain essential policy details in the event of there being a subsequent claim submission, which means that we may need to retain information for up to 10 years. Any non-essential information will not be retained any longer than is reasonably necessary and, where we are able, we will delete any data we have retained after 7 years and 1 month, as part of an automatic process.
We will delete any personal data which there is no foreseeable need for us to retain longer than necessary for the fulfilment of any contract entered between ourselves.
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Are (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.
In the unlikely event that we transfer your personal information outside the EEA we will ensure that an adequate level of protection is in place to protect your personal information, such as putting in place contractual protections which have the purpose of ensuring the security of any information passed and putting in place technical and organisational security measures to prevent the loss or unauthorised access of your personal information. We may rely upon an EC finding of adequacy of the level of protection of personal data in any country, in making a decision to transfer personal data to that country.
Under certain circumstances, you have the following rights:
Please see the relevant sections below for further details on your rights as a data subject. You can exercise any of the above rights by emailing us at : https://www.marmaladenetwork.co.uk/contact-us . You also have the right to lodge a complaint with the Information Commissioner’s Office if you are unhappy in any way with how we have treated your personal information. We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioner’s Office, so please contact us in the first instance.
We shall comply with any request made under this section as soon as possible, and normally within one month from the date of your request. However, if necessary, for example if your request is particularly complex or we receive a number of similar requests, we may extend this period by an additional two months, but we shall notify you if we need to do this. You will not usually have to pay a fee to access your personal data (or to exercise any of your other rights). However, please note that where we receive requests under this section which are manifestly unfounded or excessive, for example because they are repetitive in nature, we may:
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
You have the right to request a copy of the information that we hold about you at any time. This enables you to receive a copy of the personal data that we hold about you and to check that we are lawfully processing it. Please note that in most circumstances, we shall not make a charge for this. However, we may charge a reasonable fee based on administrative costs for any further copies requested.
You have the right at any time to ask us to rectify any personal data that we hold for you which is incorrect or incomplete. This enables you to have corrected any incomplete or inaccurate data we hold about you, though we may need to verify the accuracy of the new data that you provide to us.
If we have disclosed any incorrect or incomplete data to any third parties, we shall inform them of any necessary amendments or corrections made to your personal data under this section.
You have the right to ask us to erase the personal data that we hold about you in circumstances where:
Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
You can ask us to restrict how we use your data in the following circumstances:
You have the right to obtain from us all personal data which you have provided to us in a structured, commonly used and machine readable form, provided that such data was processed based on your consent, or for the purpose of a contract between us and the processing was carried out by automated means. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
This will allow you to move, copy or transfer personal data easily from one IT environment to another. Alternatively, we can transmit such data directly to another organisation.
Please note that we shall not be able to comply with a data portability request if this will affect the rights and freedoms of others.
You have the right to object, on grounds relating to your particular situation, to our processing of your personal data where we are doing this for the performance of a task carried out in the public interest (which we shall have told you about, if applicable), or where we are carrying out processing for the purposes of legitimate interests pursued by us.
You also have the right at any time to ask us not to process your personal data for direct marketing or profiling purposes (to the extent that such profiling is related to such direct marketing). We shall have informed you before the time we obtained your personal data whether we intend to process your personal data for this purpose, or if we intend to disclose your information to any third party for such purposes.
If we process your personal data for automatic decision making or profiling purposes (i.e. to analyse or predict your personal preferences and purchase behaviour, and such profiling is automated) we shall tell you about this beforehand, and will only do this where this is a necessary condition of entering into a contract between you and us, or where you have given us your explicit consent to do this.
Where you have given us your consent to our processing of any of your personal data, you have the right to withdraw your consent at any time, for example if you no longer wish us to share your information with third parties for marketing purposes (where you have previously consented to this). However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
In addition to any other way we make available to you the ability to withdraw your consent, you may also withdraw your consent at any time by contacting us at https://www.marmaladenetwork.co.uk/contact-us
If you are not satisfied with our use of your personal information, our response to any exercise of your rights (as set out in section 10 above), or if you believe us to be in breach of our data protection obligations, you have the right to complain to the Information Commissioner’s Office here (https://ico.org.uk/concerns/).
We are registered with the Information Commissioner’s Office. Our registration details are : -
Young Marmalade Limited : ICO Registration Reference Z9880662
Provisional Marmalade Limited : ICO Registration Reference Z1622466
Pixel tags (also called clear gifs or web bugs) are used to track who is reading a web page or email, when, and from what computer. They provide us with information about your interaction with our email messages (if you receive messages in html format) and to record some of the pages you consequently visit on our website.
We use this information so we can provide you with information tailored to your needs and interests and to upgrade visitor information used in reporting statistics.
Pixel tag technology is used to analyse the reading habits of our customers in order to review and improve the services we offer and we may, on occasion, use this for marketing purposes.