Privacy Policy

Introduction

Marmalade Limited, subsidiary companies Marmalade Network Limited, Young Marmalade Limited and Provisional Marmalade Limited (which will henceforth be referred to as “We”, and the expressions “us” and “our” should be read accordingly) are totally committed to respecting and protecting your privacy.

We take great care to ensure that your information is kept safe and secure and we understand the importance of not only maintaining your privacy, but keeping your personal information secure so that you are protected, and we are committed to complying with the requirements of the General Data Protection Regulation 2018, as well as any other data protection laws or regulations that might come into effect in the United Kingdom from time to time.

This Policy (together with our Terms Of Use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, or which we receive from a third party you have authorised, will be processed by us.

We are the joint data controllers of any personal information you provide to us. Our company details are : Marmalade Limited (registered in England under company number 08676228), Marmalade Network Limited (registered in England under company number 10408264), Young Marmalade Limited (registered in England under company number 04627884) and Provisional Marmalade Limited (registered in England under company number 06779950). Our registered office is Marmalade House, Alpha Business Centre, Mallard Road, Bretton, Peterborough, PE3 8AF.

Please read this Policy carefully to understand what personal information we may collect from you, why we use your personal information, how long we retain your personal information and more generally, the practices we maintain and the ways in which we use your personal information.

Where we are legally entitled to use your personal information (for example, where you have consensually provided it to us) we may use it in ways set out in this Privacy Policy. We collect information in a number of ways, including when you use our website, submit an online application form or provide information to us when contacting us by post, email, phone, text, social media or online messaging systems.

If you complete a quote or partially complete a policy application on our website, but choose to exit without proceeding to purchase, or if you experience a system crash, we will retain your email details. This is to allow us to send you a notification advising you that your purchase was not completed and that the details entered were not saved. We will provide you a link so that you can access the appropriate pages, should you wish to proceed. If we do not hear further from you, your email details will be removed after 30 days.

We may rely on one or more of the 6 lawful bases set out in the GDPR to collect and process your personal data. These bases are as follows :-

For the avoidance of doubt, where we are relying on your consent we will seek your consent from the outset (in other words, before we use your personal data) and record when this consent was given.

Please see Section 5 below ‘Purposes for which we process your non-sensitive and sensitive personal information’ for more information.

We may provide you with further notices highlighting certain uses we wish to make of your personal information. We may also give you the ability to opt-in to or (where we are permitted by law to do so) opt-out of marketing when we collect your personal information.

Marketing Updates

If you choose to receive marketing updates from us, we set out below how we will use your data and communicate with you:

When obtaining a quote or purchasing insurance from Marmalade, you will be offered the option to receive updates on news, products and offers from Marmalade. This could be by email, post, messaging or other online means. If you choose to opt in to these communications, we will keep your data secure and we won’t pass it on to any third parties for any purpose, including marketing. You can unsubscribe from communications at any time by clicking “unsubscribe” in the footer of marketing emails, by emailing marketing@marmalade.co.uk or by calling 0333 358 3441.

We’ll keep in touch with you for 18 months, after which we will delete your data, if you have not unsubscribed before this time. Don’t worry, if you’re still enjoying hearing from us at the end of this time, we’ll offer you the option to stay in touch.

At the time when you opt in to receive updates, we will send you an email with a link to enable you to update your communications preferences, which reminds you how we will use your data, and allows you to unsubscribe. At this time, we will ask you to be specific about the methods by which you would prefer us to contact you. These include:

Changes to the Privacy Policy

From time to time we may be required, or may wish, to make changes to this Privacy Policy, for example, as the result of government regulation, new technologies, amendment to, or other developments in data protection laws or privacy in general.

Any changes we make to our Privacy Policy in future will be posted on this page. We recommend that you revisit our websites from time to time to see whether there have been any updates or changes to our privacy policy.

To help you concentrate on the areas in which you may be particularly interested, we have divided our Privacy Policy into 15 sections.

1. Why do we collect personal information?

When arranging motor insurance we require information relating to your age, your full address and postcode, your occupation, your driving credentials, your vehicle, your claims history (or lack thereof), details of any driving or criminal convictions, the details of any other persons named on the policy, your financial and credit card details (or those of another person making payment on your behalf).

We will additionally require your email and telephone contact details (so that we may correspond with you) and we will request a copy of your Driving Licence and any proof of No Claims Bonus you may have. We may also request supplementary information, as deemed necessary, to verify your details.

This information is required for the underwriter to assess the potential risk presented and to offer (subject to any limitations or restrictions applied) the appropriate premium, based upon the underwriting criteria applicable at the time. This will be the basis of a contract, in the form of an insurance policy

We are required to obtain and verify certain information in accordance with current Anti-Money Laundering and Financial Crime legislation.

We may seek to use your data for the purposes of internal research and statistical analysis, utilising third party agencies to collate the information for us. A list of such agencies is available, upon request.

We may additionally pass your email address onto an independent market research company - such as ‘Trustpilot’ – so that you may have an opportunity to provide feedback as to the service you have received from us. This will only be done once we have obtained your consent to use your information for that purpose.

2. When do we collect personal information?

We may collect your personal information if you :

3. What personal information may we collect?

We may collect the following non-sensitive personal information :

We may use cookies to collect information about how our website is used. Please see Section 13 on Cookies and Section 14 on Pixel Tags.

We may also collect information from other sources, including (but not limited to) Google Earth, social media and telematics systems. Where we provide motor insurance for a vehicle equipped with a telematics system, we may use this system to obtain information regarding the location of a vehicle, vehicle crash data and information regarding the operational condition, mileage, diagnostic and performance reporting of vehicles. We may, in the future, also collect information from any cameras which are installed in the vehicle.

We may also collect the following sensitive personal information, referred to in the GDPR legislation as “special categories” of data :

4. How do we collect your personal information?

We may collect your non-sensitive and sensitive information :

5. Purposes for which we process your non-sensitive and sensitive personal information

We use your non-sensitive and sensitive information for a number of different purposes.

Under the current data protection laws, we must be able to rely on a legal basis to justify why we are using your non-sensitive personal information. The legal bases that we may rely on are :

FOR PROCESSING NON-SENSITIVE PERSONAL INFORMATION

LEGAL BASIS DETAILS

For pre-contract purposes

Processing is necessary because you have asked us to take specific steps before entering into a contract, for example preparing a policy of insurance which is intended to form part of a contract between you and us .

To fulfil our obligations arising from any contracts entered into between you and us

Processing is necessary for the initial assessment and continuation of the insurance cover provided. We will carry out identity checks, credit checks or checks into your claims history to ensure that the pricing of your policy is appropriately applied and is consistent with the underwriting terms and conditions in place at the time.

Processing of telematics data relating to motoring history, accident history and claims history is necessary for the purposes of assessing insurance applications and/or processing claims and/or applying increases to the premium (where appropriate, and in accordance with the policy Terms and Conditions).

Compliance with a legal obligation

Processing is required to enable us to fulfil and comply with a legal obligation to which we are subject.

For our legitimate interests where these do not cause you undue harm

Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal information.

Our main legitimate interests for using your personal information are :

  1. to enable us, or permit selected third parties to provide you, with information about goods or services we feel may interest you. We may only do this where we have previously obtained your consent to do so. If you are an existing customer, we will only contact you with information about services which we consider will benefit you and which may reflect any change in your circumstances;
  2. to promote our services and to update you with any changes to our service and/or our Terms and Conditions;
  3. to ensure that content from our site is presented in the most effective manner for you and your computer, and to enable you to participate in interactive features of our service, when you chose to do so;
  4. to administer our site and for internal operations, including troubleshooting, data analysis, testing, research statistical and survey purposes;
  5. to personalise your repeat visits to our website and to improve our website, as part of our efforts to keep our site safe and secure;
  6. to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
  7. in the case of credit checks, to ensure that the products and services in which you are interested are affordable and will not place you into financial difficulties or hardship, also to ensure that the pricing of your policy is appropriately applied and is consistent with the underwriting terms and conditions in place at the time.

Please note that this is not an exhaustive list. We have set out what we consider to be the most important and relevant situations in which it would be in our legitimate interests to use your personal data.

We may combine with other information that you provide to us information that we have lawfully collected about you or information from other sources. Such information will be used not only for the purposes set out in this Privacy Policy, but in accordance with the Policy itself.

When we use your sensitive personal information (for example information about your health or criminal convictions), we must be able to rely on an additional legal basis. The additional legal bases that we may rely on in such instances are :

FOR PROCESSING SENSITIVE PERSONAL INFORMATION

LEGAL BASIS DETAILS

Your explicit consent

You need to have given your explicit consent to the processing of your sensitive personal information for one or more specified purposes. We will request this consent from you when we request the sensitive personal information

You may withdraw your consent at any time by contacting us at https://www.marmaladenetwork.co.uk However, please note that, If you do withdraw your consent, you may not be able to receive the benefit of some of our services where, in order to provide them, we rely on your explicit consent to process your sensitive personal information.

To fulfil our obligations arising From any contracts entered Into between you and us

Processing of information relating to your physical and/or mental health, as well as details of any criminal convictions is necessary for the initial assessment and continuation of the insurance cover provided.

For legal claims

Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.

You have made this Information public

You have made your sensitive personal information manifestly public.

6. With whom do we share your information?

We may share your information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries. For the purposes of this Policy, this will mean Marmalade Limited, Young Marmalade Limited, Provisional Marmalade Limited and Marmalade Network Limited.

We may also share your personal information to third parties listed below for the purposes described in this Privacy Policy :

We may use Google Analytics and we would recommend you visit the site “How Google uses data when you use our partners’ sites or apps”. This can be found at the website location: www.google.com/policies/privacy/partners/

We may disclose your personal information to third parties :

7. How do we protect your personal information?

We are committed to respecting and protecting your privacy and keeping your personal information secure. We keep your personal information in a secure server and have appropriate security measures in place in our offices. In addition to having appropriate security measures in place, we enforce them rigourously and keep them under review in order to monitor their effectiveness, and we shall modify the procedures if we should be of the view that this would provide greater protection for you or your personal data.

Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Whilst we make every effort to protect your personal information, the transmission of data via the internet is, unfortunately, not completely secure. We will always do everything reasonable and within our power to ensure that we comply with the requirements of the law and best practice in relation to the security of personal data. Once we have received your information, we will use strict procedures and security features in an endeavour to prevent unauthorised access.

8. How long do we keep your information?

We only keep your personal information for as long as is reasonably necessary to fulfil the relevant purposes described in this Privacy Policy. If required by law, we may keep your information for longer.

The factors which will be taken into account when determining the retention period will include regulatory and legal requirements and the need to retain data in the event of there being a claim submitted or a subsequent dispute or complaint relating to the service provided.

Currently, we are required by law to keep certain personal information for a period of 7 years. In addition, we will retain essential policy details in the event of there being a subsequent claim submission, which means that we may need to retain information for up to 10 years. Any non-essential information will not be retained any longer than is reasonably necessary and, where we are able, we will delete any data we have retained after 7 years and 1 month, as part of an automatic process.

We will delete any personal data which there is no foreseeable need for us to retain longer than necessary for the fulfilment of any contract entered between ourselves.

9. International data transfers

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Are (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.

In the unlikely event that we transfer your personal information outside the EEA we will ensure that an adequate level of protection is in place to protect your personal information, such as putting in place contractual protections which have the purpose of ensuring the security of any information passed and putting in place technical and organisational security measures to prevent the loss or unauthorised access of your personal information. We may rely upon an EC finding of adequacy of the level of protection of personal data in any country, in making a decision to transfer personal data to that country.

10. Your Rights

Under certain circumstances, you have the following rights:

  1. to request that we provide you with a copy of the personal data that we hold about you (“Access Request”);
  2. to request that we rectify any personal data that we hold about you (“Right to Rectification”);
  3. to request that we erase any personal data that we hold about you (“Right to be Forgotten”);
  4. to restrict the level of processing we carry out with your personal data (“Restriction of Processing”);
  5. to obtain from us all personal data that we hold about you in a structured, machine readable form, and have this information transmitted to another organisation (“Data Portability”);
  6. to object to our processing your personal data in certain ways (“Right to Object”); and
  7. to withdraw your consent at any time to our processing of your personal data.

Please see the relevant sections below for further details on your rights as a data subject. You can exercise any of the above rights by emailing us at : https://www.marmaladenetwork.co.uk/contact-us . You also have the right to lodge a complaint with the Information Commissioner’s Office if you are unhappy in any way with how we have treated your personal information. We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioner’s Office, so please contact us in the first instance.

We shall comply with any request made under this section as soon as possible, and normally within one month from the date of your request. However, if necessary, for example if your request is particularly complex or we receive a number of similar requests, we may extend this period by an additional two months, but we shall notify you if we need to do this. You will not usually have to pay a fee to access your personal data (or to exercise any of your other rights). However, please note that where we receive requests under this section which are manifestly unfounded or excessive, for example because they are repetitive in nature, we may:

  1. charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or
  2. refuse to act on the request.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Access Request

You have the right to request a copy of the information that we hold about you at any time. This enables you to receive a copy of the personal data that we hold about you and to check that we are lawfully processing it. Please note that in most circumstances, we shall not make a charge for this. However, we may charge a reasonable fee based on administrative costs for any further copies requested.

Right To Rectification

You have the right at any time to ask us to rectify any personal data that we hold for you which is incorrect or incomplete. This enables you to have corrected any incomplete or inaccurate data we hold about you, though we may need to verify the accuracy of the new data that you provide to us.

If we have disclosed any incorrect or incomplete data to any third parties, we shall inform them of any necessary amendments or corrections made to your personal data under this section.

Right To Be Forgotten

You have the right to ask us to erase the personal data that we hold about you in circumstances where:

  1. it is no longer necessary for us to handle your personal data for the purpose for which it was originally collected;
  2. you have withdrawn your permission for us to hold your personal data (where this was the basis on which it was collected or used);
  3. you object to the processing of the data and there is no lawful overriding reason for us to continue processing your personal data;
  4. the personal data was unlawfully processed; or
  5. we have to erase your personal data in order to comply with a legal obligation.

Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Restriction Of Processing

You can ask us to restrict how we use your data in the following circumstances:

  1. where you believe that the information we hold about you is inaccurate, you can ask that we refrain from using your data until we can verify the accuracy of it;
  2. where we have unlawfully processed your data, you can ask that we restrict our usage of it rather than erase it completely;
  3. where we no longer need to hold your information, but you wish us to retain your information for the purpose of establishing, exercising or defending a legal claim; or
  4. where you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.

Data Portability

You have the right to obtain from us all personal data which you have provided to us in a structured, commonly used and machine readable form, provided that such data was processed based on your consent, or for the purpose of a contract between us and the processing was carried out by automated means. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

This will allow you to move, copy or transfer personal data easily from one IT environment to another. Alternatively, we can transmit such data directly to another organisation.

Please note that we shall not be able to comply with a data portability request if this will affect the rights and freedoms of others.

Right To Object

You have the right to object, on grounds relating to your particular situation, to our processing of your personal data where we are doing this for the performance of a task carried out in the public interest (which we shall have told you about, if applicable), or where we are carrying out processing for the purposes of legitimate interests pursued by us.

You also have the right at any time to ask us not to process your personal data for direct marketing or profiling purposes (to the extent that such profiling is related to such direct marketing). We shall have informed you before the time we obtained your personal data whether we intend to process your personal data for this purpose, or if we intend to disclose your information to any third party for such purposes.

If we process your personal data for automatic decision making or profiling purposes (i.e. to analyse or predict your personal preferences and purchase behaviour, and such profiling is automated) we shall tell you about this beforehand, and will only do this where this is a necessary condition of entering into a contract between you and us, or where you have given us your explicit consent to do this.

Right To Withdraw Consent

Where you have given us your consent to our processing of any of your personal data, you have the right to withdraw your consent at any time, for example if you no longer wish us to share your information with third parties for marketing purposes (where you have previously consented to this). However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

In addition to any other way we make available to you the ability to withdraw your consent, you may also withdraw your consent at any time by contacting us at https://www.marmaladenetwork.co.uk/contact-us

11. Your right to complain to the Information Commissioner’s Office (ICO)

If you are not satisfied with our use of your personal information, our response to any exercise of your rights (as set out in section 10 above), or if you believe us to be in breach of our data protection obligations, you have the right to complain to the Information Commissioner’s Office here (https://ico.org.uk/concerns/).

We are registered with the Information Commissioner’s Office. Our registration details are : -

Young Marmalade Limited : ICO Registration Reference Z9880662

Provisional Marmalade Limited : ICO Registration Reference Z1622466

12. Other websites

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check any such privacy policy before you submit any personal data to these websites.

13. Cookies

A cookie is a small data file that is sent to your computer from a website and is stored on your computer’s hard drive. Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy

14. Pixel tags

Pixel tags (also called clear gifs or web bugs) are used to track who is reading a web page or email, when, and from what computer. They provide us with information about your interaction with our email messages (if you receive messages in html format) and to record some of the pages you consequently visit on our website.

We use this information so we can provide you with information tailored to your needs and interests and to upgrade visitor information used in reporting statistics.

Pixel tag technology is used to analyse the reading habits of our customers in order to review and improve the services we offer and we may, on occasion, use this for marketing purposes.

15. How to contact us

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to Marmalade Ltd, or one of its subsidiary companies (Provisional Marmalade Limited, Young Marmalade Limited or Marmalade Network Limited) of Marmalade House, Alpha Business Centre, Mallard Road, Bretton, Peterborough, PE3 8AF.

This site uses cookies to give you the best experience, as explained in our cookie policy. If you continue we’ll assume you are happy to receive cookies.

line-icon-cross