Introduction

At esure, we care about privacy.

We only use personal data where we can do so lawfully. We always consider the impact this may have on those whose data we use, and we aim to be fair and proportionate when using personal data. We work hard to ensure that the personal data we hold is safe and secure with us. When we no longer need to keep the information, we delete or anonymise it safely.

Who We Are

The esure Group is made up of a mix of different companies. In this Privacy Notice, "esure", "we", "us" or "our" refers to the esure Group company you have a relationship with, and who processes your personal information as a result. For a full list of the relevant esure Group companies please see the esure Group companies section below.

About This Document

The purpose of this Privacy Notice is to help you understand how we collect, use and protect your personal data. This Privacy Notice applies to all current and former:

  • Employees
  • Workers
  • Contractors

It also applies to their relatives or significant others (where an Employee, Worker or Contractor has shared their personal information with us e.g. as an emergency contact or beneficiary).

You should show this Privacy Notice to anyone else whose details you provide to us, for example your family members, emergency contacts etc.

This Privacy Notice does not form part of any contract of employment or other contract to provide services. It is important that you read this notice, together with any other Privacy Notice we may provide from time to time.

We may update this notice at any time, for example, to include legislation changes, new technologies or other developments in privacy laws. We will make reasonable efforts to inform you of any material changes in how we use your personal data, but we encourage you to check our website to view our most up-to-date Privacy Notice.

If you have any questions about this Privacy Notice, please contact our Data Protection Officer using the contact details provided in the ‘How to Contact us section of this Privacy Notice.

What Personal Data We Use

Personal data, or personal information, is any information about an individual from which that person can be identified. It does not include data which has been anonymised.

What personal data we use will depend on the nature of your relationship with us. We will only ever use information that is appropriate and necessary. We will collect, store and use personal data including:

  • Non-sensitive Data (“NS”)

    • Contact details including name, address, telephone number and email address
    • Date of birth
    • Gender
    • National Insurance Number
    • Marital status and dependants
    • Information about your family, next of kin and emergency contact information
    • Recruitment and employment details, such as references, CV, job titles, work history, training and performance records, professional memberships and disciplinary and grievance information
    • Bank statements or any other official documents (where provided by you as proof of address)
    • Official identification documents (e.g. passports, driving licences)
    • Information about your use of our premises, access to data and communications systems (access to and use of our premises, systems and data held within these systems, including but not limited to what is accessed, when and by whom)
    • Vehicle registration number (e.g. if you are using our parking facilities)
    • Photographs (e.g. when issuing you with security access pass for one of our offices)
    • CCTV footage

  • Special Category Data ("SC")

    • Data concerning health
    • Data concerning sexual orientation
    • Personal data revealing racial or ethnic origin
    • Personal data revealing religious beliefs
  • Criminal Offences and Convictions Data (“CO”)

    • Criminal activity, allegations, investigations and proceedings
    • Personal data relating to criminal convictions and offences, including unproven allegations, information relating to the absence of convictions and personal data of victims and witnesses of crime
    • Personal data about penalties, conditions or restrictions placed on an individual as part of the criminal justice process or civil measures which may lead to a criminal penalty if not adhered to, such as information about any unspent criminal/civil convictions
  • Financial Data ("FD")

    • Bank account details, salary, pension and benefits
    • Financial and credit references

How We Collect Your Personal Data

We collect your personal data either

  • Directly from you - e.g when you:
    • Apply for a role with us
    • Provide us with the information during job-related activities throughout (or after) your employment with us
  • Indirectly via third parties such as:
    • Recruitment, talent management and employment agencies
    • Background check providers such as Disclosure and Barring Service
    • Former employers
    • Credit reference agencies
    • Fraud prevention agencies or other background checking agencies
    • An Employee, Worker or Contractor where the personal information concerns the relatives or significant others which has been shared with us (e.g. as an emergency contact)

The Reasons (Purposes) We Use Your Personal Data, and the Lawful Bases We Rely On

Why We Use Your DataTypes of Personal Data We UseWhose Data We UseLawful Basis We Rely On

Employment or Contractor Engagement

NS

SC

CO

FD

Employees
Contractors

It is necessary to use your personal data to enter into or perform the contract between you and us, such as when paying your salary or other benefits you are entitled to.

SC and CO data may also be processed for this purpose where it is necessary to process this information in the field of employment (e.g. to carry employment checks, for social protection or for health or social care).

Performance and day to day people management, training and development

NS

SC

FD

Employees
Contractors

We rely on legitimate interest to use your personal data to manage your performance, and to ensure you have access to and complete all relevant training and development activities.

SC and CO data may also be processed for this purpose where it is necessary to process this information in the field of employment (e.g. to carry employment checks, for social protection or for health or social care).

Fraud and Money Laundering Prevention and Identity Verification

NS

SC

CO

FD

Employees
Contractors
Relatives or significant others

We rely on legitimate interest to use your personal data to detect and prevent fraud, money laundering and to verify your identity.

SC and CO data may also be processed for this purpose where:

  • it is necessary to process this information in the field of employment (e.g. to carry employment checks); or
  • it is necessary for reasons of substantial public interest to process this information to prevent or detect unlawful acts

Ensuring and Improving Physical Security and Information Security

NS

Employees
Contractors
Relatives or significant others

We rely on legitimate interest to use your personal data to ensure and improve physical security and information security.

We will not process SC or CO data for this purpose.

Health and Safety

NS

SC

Employees
Contractors
Relatives or significant others

We rely on legitimate interest to use your personal data to protect your health and ensure your safety.

SC data may also be processed for this purpose where:

  • it is necessary to process this information in the field of employment (e.g. to carry health and safety checks or to provide appropriate health and safety support/equipment); or
  • it is in substantial public interest to support you (e.g. if you have a disability or a medical condition).

Why We Use Your DataTypes of Personal Data We UseWhose Data We UseLawful Basis We Rely On

Compliance with Legal and/or Regulatory Obligations

NS

SC

CO

FD

Employees
Contractors

We will process your personal data when necessary to comply with our legal or regulatory obligations including (without limitation) for the purposes of:

  • Recruitment e.g. working permits;
  • Employment or contractor engagement e.g. family leave and/or sick pay;
  • Fraud and money laundering prevention and identity verification e.g. criminal history checks;
  • Disclosure of information to regulatory bodies e.g. fitness and propriety checks; or
  • Health and Safety e.g. fitness to work and reasonable adjustments.

HR Operations Management

NS

SC

FC

Employees
Contractors

We rely on legitimate interest to use your personal data to manage our HR operations e.g. to handle queries from colleagues, develop and further improve our processes and procedures.

SC data may also be processed for the purpose of enabling and promoting equal opportunity and diversity at esure. When we process your information for this purpose, we will only do so when you have given us your explicit consent to process your information for this purpose.

Employee Benefits Provision

NS

Employees
Contractors
Relatives or significant others

It is necessary to use your personal data to enter into or perform the contract between you and us, and to provide you with employee benefits such as allowing you to access and decide your contribution level to the employee pension benefit.

We will not process SC or CO data for this purpose.

Voluntary Participation Activities

NS

SC

FD

Employees
Contractors

If we invite you to participate in voluntary activities (e.g. testing products and systems), we will ask for your explicit consent to use your personal data for this purpose. You may choose not to participate in the activity or withdraw your consent at any stage without this affecting your employment/contract.

SC and CO data may also be processed for this purpose. When we process your information for this purpose, we will only do so when you have given us your explicit consent to process your information for this purpose.

Research and Analysis

NS

Employees
Contractors
Relatives or significant others

We rely on legitimate interest to use your personal data for research and analysis purposes e.g. to forecast staffing needs and demands.

We will not process SC or CO data for this purpose.

The above table sets out the personal information that is necessary for us to enter or carry out our contract with you or is a legal requirement. If you choose not to provide us with such information when requested, we may not be able to perform our contract with you (e.g. to pay your salary into your elected account, or to pay or provide your benefits), or may be prevented from complying with our legal obligations (e.g. to ensure the health and safety of our workers).

Please note however that this does not affect your right to withdraw consent where we rely on consent as a lawful basis.

Making Automated Decisions and Profiling

We do not envisage using your personal data to make any decisions about you solely based on an automated decision making, including profiling, process. We will notify you in writing if this position changes.

Sharing Your Personal Data with Others

We may share your data with:

  • Third-party service providers and suppliers that assist us or supply our HR systems (payroll, staff engagement etc)
  • Third-party service providers that provide you with employment benefits
  • Other entities in the esure Group, or other third parties as required in the context of the possible sale or restructuring of the business
  • Third parties as necessary to comply with the law (e.g. our regulators, HMRC)
  • The general public for business promotion purposes
  • The Financial Conduct Authority (“FCA”), the Prudential Regulation Authority and other regulatory bodies where this is required by the rules/regulations. This would be, for example, where the role you applied for is subject to regulatory pre-approval and/or regulatory notification, or when reporting staff conduct rule breaches
  • Any of your future prospective employers where a request is made under relevant applicable regulation (e.g. the FCA’s requirement to provide/obtain regulatory references)
  • Fraud prevention agencies for the purposes of the prevention, detection and investigation of fraud.

Sharing Your Personal Data in Relation to the Prevention, Detection and Investigation of Fraud

The personal data you have provided, we have collected from you or we have received from third parties will be shared with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity.

Further details on how your information will be used by us and Cifas can be found here. Alternatively, you can call esure’s HR department on 0141 343 7400 or contact them by email (at [email protected] ) with ‘data sharing with Cifas’ in the title of the email and clearly stating your full name and contact details.

Transferring Personal Data Outside the UK

Your personal data may be transferred to, and processed, in a destination outside the UK. In these circumstances, your personal data will only be transferred on one of the following bases:

  • The country that we send your data to is approved by the UK Government as providing an adequate level of protection for your personal data (such as countries in the European Economic Area)
  • We’ve agreed standard contractual clauses (approved by the UK Government) with the recipient which obliges them to safeguard your personal information
  • Another UK Government approved transfer mechanism is in place providing appropriate safeguards to the personal data (for example, an approved certification mechanism or binding corporate rules)

To find out more about how your personal data is protected when it is transferred outside the UK (and if you wish to obtain a copy of the appropriate and suitable safeguards), please contact our Data Protection Officer using the contact details provided in the ‘How to Contact us section of this notice.

How Long We Will Store Your Personal Data

We will retain your personal data for as long as necessary to fulfil the purposes we collected it for. Please refer to the Data Protection Officer using the contact details provided in the How to Contact us section of this notice for further detail regarding personal data retention periods.

Once your personal data is no longer required, we will either delete the data securely or anonymise it so that you cannot be identified directly or indirectly.

Your Rights

Data protection legislation gives you certain rights. These include the rights to:

  • ask us how we use your personal data
  • access your personal data and obtain a copy of the personal data we hold about you
  • ask us to correct any information about you that’s out of date, incorrect or incomplete
  • tell us that you don’t want us to use your personal data in a certain way e.g. to send you marketing communications
  • tell us to delete personal data we have on file about you. In some circumstances we won’t be able to do this e.g. if we’re required to keep the information by law or to establish, exercise or defend a legal claim
  • ask us to give your data to a third party provided it is technically feasible to do so (e.g. another employer)
  • ask us to temporarily pause processing of your data
  • not hold you to a decision that has been made solely in an automated way and ask us to review automated decisions we make about you.

Please note that these rights are not absolute. There may be times when we can’t do what you ask us to. If that’s the case, we’ll explain why when we reply to you.

How to Contact us

If you have any questions about this Privacy Notice, how we use your personal information or if you’re not happy with how we process your personal information, please contact the Data Protection Officer:

By email: [email protected]

By post: Data Protection Officer, esure, The Observatory, Reigate RH2 0SG

We aim to resolve all complaints internally via our Data Protection Officer who can be contacted using the channels described above. You also have the right to make your complaint to the Information Commissioner at any time. For more details about your rights under data protection legislation, please visit the Information Commissioner's Office website: www.ico.org.uk

esure Group companies

The esure Group of companies comprises:

  • esure Services Limited
  • esure Insurance Limited
  • esure Broker Limited
  • esure Property Limited
  • esure Group plc
  • esure Finance Limited
  • esure Holdings Limited

Version

This Privacy Notice was last updated on 28/02/2022. Previous versions of the policy can be obtained by contacting our Data Protection Officer.