Your privacy matters to us and we are committed to collecting and using personal information in accordance with applicable data protection laws. This Privacy Notice will help you to understand how we collect, use and protect your personal information. We will keep this Privacy Notice up to date with the latest legal requirements so please check our website periodically for the most up to date Privacy Notice. You should also show this notice to anyone else whose details you provide to us.
In this Privacy Notice, "esure", "we", "us" or "our" refers to esure Group plc and “you” refers to anyone who uses www.esuregroup.com (the “Site”) website. We are the data controllers under the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.
Personal information we collect
We collect and process the following types of personal information:
- Personal Information that you provide in forms on the Site, including your full name, country and email address.
- Details of your visits to the Site including identifiers assigned to your computer or other devices, including your Internet Protocol (IP) address, cookies, traffic data, location data, weblogs and other communication data and the resources that you access on the Site. For more information, please see our Cookie Notice.
How we collect and use your personal information
Most of the personal information we hold about you is the information provided directly by you, for example when you register for services, news updates etc. We collect, store and use your personal information for the following purposes:
- ensuring that content on the Site is presented in the most effective manner for you and for your computer or other device;
- providing you with information or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes;
- to operate our business in a customer-focused, efficient and sustainable manner, in accordance with applicable legal and regulatory requirements (we refer to these activities as our legitimate interests); and
- where we have obtained appropriate consents to collect or use your personal information for a particular purpose.
How you can stop receiving our services
You can select the services you wish to receive at the time of subscribing to our service. If you no longer wish to receive our services or, wish to amend your personal preferences, please do so by re-submitting the registration form.
Sharing personal information
In order to provide you with our services, we share your personal information with third party service providers who support the operation of our systems and help us deliver the services to you.
Processing personal information outside the United Kingdom
The personal information that we collect from you may be transferred to, and stored at, a destination outside the United Kingdom. The personal information may also be processed by staff operating outside the United Kingdom who work for one of our suppliers. In these circumstances, your personal information will only be transferred on one of the following bases: (i) the country has been assessed by the United Kingdom as providing adequate levels of protection; or (ii) contractual protection is in place that safeguards the personal information; or (iii) the transfer is permitted under applicable data protection legislation.
Retention of personal information
We retain your personal information for a number of purposes to allow us to carry out our business. Any retention of personal information will be done in compliance with relevant legal and regulatory obligations and with industry standards.
You have legal rights under data protection laws in relation to your personal information, including as follows:
- ask us how we use your personal data;
- access your personal data;
- ask us to correct any information about you that is out of date, incorrect or incomplete;
- tell us that you do not want us to use your personal data in a certain way;
- tell us to delete personal data we have on file;
- ask us to give your data to a third party;
- ask us to temporarily pause processing your data;
- not hold you to a decision that was made solely in an automated way;
- ask us to review automated decisions we make about you;
- to request a copy of, or reference to, the safeguards we have put in place when your personal information is transferred outside of the EEA; and
- to withdraw consent where we have asked for your consent to use your personal information.
Please note that these rights may be limited by data protection legislation, and we may be entitled to refuse requests where exceptions apply, for example if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way.
We may ask you for proof of identity when making a request to exercise any of these rights. We do this to ensure we only disclose information where we know we are dealing with the right individual. We will not ask for a fee, unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, we will inform you before proceeding with your request.
We aim to respond to all valid requests within one month. It may, however, take us longer if the request is particularly complicated or you have made several requests.
Complaints to Information Commissioner’s Officer
If you are not satisfied with how we are processing your personal information, you can make a complaint to the Information Commissioner. You can find out more about your rights under data protection legislation from the Information Commissioner's Office website at www.ico.org.uk. We ask that you please attempt to resolve any issues with us before contacting the ICO.
If you have any questions about this Privacy Notice or how to exercise your rights, please contact our Data Protection Officer:
- By email - [email protected]
- By post - Data Protection Officer, The Observatory, Reigate RH2 0SG
This privacy notice was last updated on 14/07/2022. Previous versions of the policy can be obtained by contacting the Data Protection Officer.