At esure, we care about privacy.
We only use personal data where we can do so lawfully. We always consider the impact this may have on those whose data we use, and we aim to be fair and proportionate when using personal data. We work hard to ensure that the personal data we hold is safe and secure with us. When we no longer need to keep the information, we delete or anonymise it safely.
Who We Are
The esure Group is made up of a mix of different companies. In this Privacy Notice, "esure", "we", "us" or "our" refers to the esure Group company you have a relationship with, and who processes your personal information as a result. For a full list of the relevant esure Group companies, please see the esure Group companies section below.
About This Document
The purpose of this Privacy Notice is to help you understand how we collect, use, and protect your personal data. This Privacy Notice applies to individuals visiting our offices who do not have a potential, current or former employment or contractor relationship with us.
If you are a current or former candidate for a role with us, you should refer to our Candidate Privacy Notice which can be found here. Current or former Employees or Contractors should refer to our Colleague Privacy Notice available here.
From time to time we may need to make changes to this Privacy Notice, for example, to include legislation changes, new technologies or other developments in privacy law. We will make reasonable efforts to inform you of any material changes in how we use your personal data.
If you have any questions about this Privacy Notice, please contact our Data Protection Officer using the contact details provided in the How to Contact us section of this Privacy Notice.
What Personal Data We Use
Personal data, or personal information, is any information about an individual from which that person can be identified. It does not include data which has been anonymised.
What personal data we use will depend on the nature of your relationship with us. We will only ever use information that is appropriate and necessary. We will collect, store and use personal data, including non-sensitive data, such as:
- Contact details including name, address, telephone number and email address
- The date, time and purpose of your visit to our offices
- Vehicle registration number (if you are using our car parking facilities)
- Details of your employer (if you are visiting esure in a professional capacity or representing your organisation);
- Photographs (if you are issued with a visitor’s security pass for our premises)
- CCTV footage
We do not routinely collect special categories of personal data, criminal convictions and offences data or financial data unless you specifically ask us to take note of any such information.
How We Collect Your Personal Data
We collect your personal data directly from you. For example, when you:
- Arrange to visit our premises by advance appointment (e.g. when you provide your information in advance of your visit)
- Provide us with the information at the point of visiting our offices (e.g. when you provide your information at the reception desk at one of our offices)
- Are physically present at our offices
The Reasons (Purposes) We Use Your Personal Data, and the Lawful Bases We Rely On
|The Reason Why We Use Personal Data||Lawful Basis We Rely On|
It is our legitimate interest to use your personal data to verify the identity of visitors to our sites.We will not process special category data or criminal convictions data for this purpose.
|Ensuring and Improving Physical and Information Security|
It is our legitimate interest to use your personal data to ensure and improve physical and Information Security.We will not process special category data or criminal convictions data for this purpose.
|Health and Safety|
It is our legitimate interest to use your personal data to ensure health and safety of site visitors. If you provide us with personal information that falls within special category data, we may rely on exemptions under the Data Protection Act 2018 to process this data to ensure the health and safety of site visitors.We do not process criminal convictions data for this purpose.
Making Automated Decisions and Profiling
We do not envisage using your personal data to make any decisions about you solely based on an automated decision making, including profiling, process. We will notify you in writing if this position changes.
Sharing Your Personal Data with Others
We will not share information about you with any third parties, except for:
- Third-party service providers and suppliers that assist us or supply our Visitor Management Systems and/or data storage and backup solutions
- Where it is necessary for purposes of the legitimate interests e.g. Ambulance Service, Fire Brigade or the Police
- Where we are required to do so by law
Transferring Personal Data outside the UK
Your personal data may be transferred to, and processed in, a destination outside the UK. In these circumstances, your personal data will only be transferred on one of the following bases:
- The country that we send your data to is approved by the UK Government as providing an adequate level of protection for your personal data (such as countries in the European Economic Area)
- We’ve agreed standard contractual clauses (approved by the UK Government) with the recipient which obliges them to safeguard your personal information
- Another UK Government approved transfer mechanism is in place providing appropriate safeguards to the personal data (for example, an approved certification mechanism or binding corporate rules)
To find out more about how your personal data is protected when it is transferred outside the UK (or if you wish to obtain a copy of the appropriate and suitable safeguards), please contact our Data Protection Officer using the contact details provided in the ‘How to Contact us’ section of this notice.
How Long We Will Store Your Personal Data
We will retain your personal data for as long as necessary to fulfil the purposes we collected it for. Please refer to the Data Protection Officer using the contact details provided in the ‘How to Contact us’ section of this notice for further detail regarding personal data retention periods.
Once your personal data is no longer required, we will either delete the data securely or anonymise it so that you cannot be identified directly or indirectly.
Data protection legislation gives you certain rights. These include the right to:
- Ask us how we use your personal data
- Access your personal data and obtain a copy of the personal data we hold for you
- Ask us to correct any information about you that’s out of date, incorrect or incomplete
- Tell us that you don’t want us to use your personal data in a certain way
- Tell us to delete personal data we have on file for you. In some circumstances, we won’t be able to do this (e.g. if we’re required to keep the information by law or to establish, exercise or defend a legal claim)
- Ask us to give your data to a third party provided it is technically feasible to do so
- Ask us to temporarily pause processing of your data
- Not hold you to a decision that has been made solely in an automated way and ask us to review automated decisions we make about you
Please note that these rights are not absolute. There may be times when we can’t do what you ask us to. If that’s the case, we’ll explain why when we reply to you.
How to Contact us
If you have any questions about this Privacy Notice, how we use your personal information or if you’re not happy with how we process your personal information, please contact the Data Protection Officer:
- By email: [email protected]
- By post: Data Protection Officer, esure, The Observatory, Reigate RH2 0SG
We aim to resolve all complaints internally via our Data Protection Officer who can be contacted using the channels described above. You also have the right to make you’re a complaint to the Information Commissioner at any time. For more details about your rights under data protection legislation, please visit the Information Commissioner's Office website: www.ico.org.uk
Relevant esure Group Companies
esure Services Limited esure
esure Property Limited
esure Group plc
The Privacy Notice was last updated on 28/02/2022. Previous versions of the policy can be obtained by contacting Data Protection Officer.