Commitments Protection values its customers trust and recognises that the safety and lawful use of everyone’s personal data is key to retaining that trust and confidence. Commitments Protection needs to collect, store, share and use personal data about past, current and prospective customers to enable it to meet its requirements in the provision in the provision of innovative products and services.
Commitments Protection takes compliance with privacy laws and regulation very seriously. We take appropriate measures including training our staff about our data protection obligations to protect your personal data and your legal rights. We have implemented effective policies and procedures and security measures to ensure we protect your personal data.
Commitments Protection Limited is Registered in England and Wales CRN 04450200 Regulated and Authorised by the Financial Conduct Authority FRN 307800
Regulated by the Claims Management Regulator in respect of regulated claims management activities CRM 40871
Admin Office: Crown House, 123 Hagley Road, Birmingham, B16 8LD Sales Office: The Anderson Centre, Spitfire Close, Huntingdon, PE29 6XY Tel: 0333 202 7121 Email:email@example.com Web: www.cpluk.net
Commitments Protection respectively are the data controllers for the personal data and special category data that you or your representative provide to us (depending on the product you purchase).
Commitments Protection is listed as a data controller with the Information Commissioner under the following registration numbers;
Commitments Protection Limited: ZA110112
Commitments Protection holds ISO 27001 certification, confirming that we have implemented industry standard security measures to ensure the secure management of your personal data. This includes appropriate physical, organisational and technical measures to safeguard your information. We regularly review these measures and where appropriate, we strengthen and enhance those measures. In particular We have implemented end-to-end encryption.
Whenever we send your personal data to you, we will ensure appropriate security is applied to prevent unauthorised access to your personal data or interception of your personal data by anyone not authorised to have it.
If you wish to send any of your personal data to us, we strongly recommend you do not send it by open email. Instead, you should select a safe method to provide your personal data to us such as recorded post
Personal data You give to Us
You may give us information about you when you request a quote, purchase a plan or our products and/or use our services. For example:
When you provide personal data to us about someone else on their behalf
When giving us information about a family member or another person, you confirm that they have appointed you to act on their behalf including giving your consent to instruct us to process their personal data, to receive this data protection notice on their behalf and to inform them about the way in which we will process their personal data.
Personal data we receive about you from other external sources
We may receive information about you from other people in order to deliver our products and services to you. This could include (but is not limited to):
Information we create from your personal data
We will create some information with your personal data internally, for example:
We will always ensure that any personal data we receive has been collected lawfully and fairly in accordance with your rights under the relevant data privacy laws. Where appropriate we will ask for your consent for the specific use of your personal data. For the use of your health or medical information we will ask for your explicit consent.
Where we are using the personal data that you provide to us or that has been provided to us by your representative, broker or financial adviser for the purpose of setting up and administering your plan, We will not seek your consent for this purpose. This is because the personal data you provide to enable you to purchase the plan will legitimately be used by us to do what you have requested. Your rights and the protection of your personal data are not in any way hindered by this approach.
Personal information we hold about you
The information we hold about you may include:
How we use children’s personal data
We do not collect or use children’s personal data except when that information is provided by an adult who has purchased a plan that also covers or is for the benefit of a child. When a claim is made and a child is the subject of that claim, we will only collect as much information about that child as is necessary for the administration of the claim and for the provision of medical services. We do not use children’s information for any marketing activity.
The security of and appropriate use and disclosure of your health and medical information is of paramount importance to Commitments Protection. We will only disclose your health or medical information to those people or bodies who are involved in your care or treatment or in the provision of services to you.
Commitments Protection will only collect and use sufficient medical information to enable us to deliver the services you purchase from us.
The Commitments Protection group of companies will process personal medical and health data provided by you and/or by your representative as part of your application for your plan.
If we collect your personal medical and health data, we will use this data for the following purposes:
In the application form all the information we collect is measured against key rating factors to allow us to produce a quote via an automated calculation and in order to provide an indicative premium based on risk profile amounts. In the event of higher than normal cover amount we manually calculate the amount.
Should you choose to proceed after being given an initial quote we obtain additional information, and also capture your medical history in order to calculate the actual premium and identify any additional conditions or exclusions that need to be applied to the plan. Where necessary, and with your consent, We may use information provided by healthcare professionals (Your GP or a specialist health provider we ask you to visit) to gain further information on your medical health to ensure the cover given is adequate and any necessary exclusions are identified.
Underwriting third parties based in the European Economic Area, through automated processes, assist with assessing risk based on your personal and medical risk profile as provided in your application. Manual underwriting may be performed in either the UK or South Africa by our underwriters using your risk profile, applying exclusions, identifying non-disclosures, and reviewing additional medical information received from either our own medical collection specialists or a medical third party.
To carry out essential business processes such as auditing, business planning, accounting and delivering our products and services. The servicing administration may be performed in the UK or South Africa, with other essential business processes such as auditing, business development and finance being fulfilled in the UK. This ensures we are able to make and manage customer payments, premium collections and attend to customer queries.
Unless you tell us otherwise we will renew or continue your plan and adjust your premium and coverage amount according to the terms of your plan. We will continue to use the data you have previously provided us.
For life insurance and investment claims, our assessors, based in the UK, review your plan and personal and medical details in order to assess your claim. We may share your information with our approved partners where this is reasonably required to help deal with your claim.
For health insurance claims, the majority of our claims invoices are processed electronically. However, for invoices that fall out of this process for any reason we have a team of invoice administrators in India. The invoice processors match the invoice to the claims information we hold on our claims admin system to ensure the invoice is eligible to pay.
We will communicate with you via email, post, telephone, SMS text and social media depending on your communication preferences and/or the methods you have chosen.
To ensure we are compliant with legal and regulatory obligations, we will use your data, this will include reviewing calls between you and us. This also helps us to train our staff and to improve performance.
We will use data modelling, profiling and statistical analysis of our customer base for future campaigns and cross sell opportunities and to improve the products, services or features we may offer you now or in the future in order to meet your needs.
To enable us to provide you with benefits relevant to your Commitments Protection status.
Processing claims – How we obtain and share medical reports
In the event of a claim we may require medical reports from your GP. Such a report will only be requested with your consent and will be in compliance with the Access to Medical Reports Act 1988 (‘AMRA’). The information requested from your GP will be limited to only the information relevant to your claim. You have the right to request to see the GP’s report and to request any amendments be made by the GP where you consider the data to be inaccurate. The GP may agree to this upon his/her discretion. You will be informed about the AMRA process at the time we request your consent to enable us to ask your GP for a report.
You can access the Access to Medical Reports Act 1988 at: www.legislation.gov.uk/ukpga/1988/28/contents.
How we obtain medical reports and share medical reports
We may have to give some information about your plan and about your health or medical status to those involved in your treatment or care, (and/or your representative if you have consented to us doing this). Any such disclosure will be done confidentially unless you specifically instruct us otherwise.
Processing claims - general
If the claimant is aged 13 or over we will address any correspondence to the claimant in order to protect their right to confidentiality. The plan holder/principal member will be informed only that a claim has been made and the value of the payment we have made; no details about the medical condition or treatment provided will be disclosed to them. If the claimant wishes to waive their right to confidentiality they should inform us at the time the claim is made.
If you have another insurance plan that covers the same costs that you are claiming from us, then we may also disclose your relevant personal data to that other insurer so that we can ensure we only pay our proportion of the claim.
Your information, and that of others also covered by the plan, may be disclosed to other parties (for example other insurance companies) with a view to preventing fraudulent or improper claims.
Collecting data for a business or corporate plan (group plan)
When collecting data for a group plan the Group Secretary/Administrator is responsible for ensuring that employees covered by the plan are aware of their rights for Commitments Protection to use their personal and health data.
As a Group Secretary/Administrator:
When you provide any of Commitments Protection’s products and services to your employees and provide their personal and health information to Commitments Protection to enable us to set up the plan for those individuals, you acknowledge that you are acting on their behalf in the provision of that information about them to us.
Storing and using your employees data
Disclosure for regulatory or legal purposes
Commitments Protection will only share your personal data with other companies or organisations where there is a legitimate reason for doing so. For example we are obligated to provide information to specific Government departments such as HM Revenue and Customs and to regulatory bodies who govern our activity such as the Prudential Regulation Authority, Financial Conduct Authority and the Financial Ombudsman Service.
Sharing your personal data with your authorised representative
If you have appointed an insurance or financial adviser, we may send them copies of correspondence relating to the plan and any renewal documentation. We may disclose information to them if you have made a claim although no medical information will be provided without your consent.
Please be sure to tell us if you authorise a new representative so that we are able to only send your personal data to the right representative so that we send your personal data to the right person.
Our use of other companies to provide our products and services to you
To assist us in the provision of administration, services or benefits for your plan and any claims you make, we use other companies who work under contracts with us. We ensure that the level of security and the quality of service provided by those other companies is equivalent to the standard of services we provide to you.
We need to advise you that as part of the application process we will share your data with credit reference agencies for security purposes. This check (known as a “soft search” or “quotation search”) will not affect your credit score or be visible to lenders.
Some of the companies who work under contracts with us are located in countries outside of the European Economic Area. Where this is the case we transfer your personal data to them on terms that are approved by the Information Commissioner. This is to ensure the appropriate security for your information, both in the transfer stage and when it is processed, and that your rights and confidentiality are protected in the same way as they would be if your personal data was processed in the UK.
Sharing your personal data with our re-insurers
Re-insurance is insurance that is purchased by an insurance company. It allows insurance companies to remain solvent after major claims events and is sometimes used for tax mitigation and other reasons.
We may need to share your personal health or medical data provided by you with our re-insurers in order for them to do the following:
Retaining your personal and health information
Commitments Protection will normally only keep your personal data for as long as necessary to provide you with the services you’ve chosen and to ensure we meet our regulatory obligations. This means that we will normally hold your plan information and the personal data We have collected during the term of the plan for seven years after your plan has finished.
At the end of this time period we will fully anonymise all personal data that identifies you or could be used to identify you. We will also ensure that any of the suppliers who have processed your personal data throughout the term of your plan delete your personal data from their systems.
The General Data Protection Regulation and the Data Protection Act 2018 makes provision for a number of rights under which you are entitled to make a claim. Commitments Protection is committed to ensuring you are given access to these rights and will ensure that this is done appropriately and in compliance with privacy law.
Data subject access requests
Where your personal data is transferred to a third country or to an international organisation you have the right to be informed how appropriate safeguards have been used to transfer your personal information.
If you request it Commitments Protection will provide you with a copy of your personal data undergoing processing by us. Where you make a request by email the information will also be provided by email unless you request otherwise.
If you require access to your personal data that we have disclosed to a company, and that company is also a data controller, you will need to ask them directly to provide your personal data.
Portability of personal data
You have the right to receive personal data about you that you have provided to Commitments Protection in a structured, commonly used electronic format. You also have the right to transmit that personal data to a different data controller company and, if it is technically feasible, Commitments Protection will try to transmit your personal data to such other data controller company. Please note that this attempt may be restricted due to the incompatibility of the various customer record keeping databases.
Withdrawing your consent
Where we rely upon your consent to process your personal data, you have the right to withdraw your consent at any time. From the time that we receive such withdrawal of consent Commitments Protection will stop all processing of your personal data relating to the consent.
Your right to be forgotten
You have the right to ask Commitments Protection to erase your personal data without undue delay and Commitments Protection is obliged to do this where one of the following grounds applies:
The right to be forgotten shall not apply to the extent that processing is necessary in order to:
You have the right to ask Commitments Protection to rectify any personal data about you without undue delay. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by providing a supplementary information statement.
Restriction on processing
In specified circumstances you have the right to restrict the processing of your personal data. These are:
Where Commitments Protection applies restrictions on processing your personal data, apart from storage, the establishment or exercise of legal defence, or the protection of the rights of another individual, Commitments Protection shall seek your consent prior to restarting any processing of the restricted personal data.
You have the right to object to automated decision making and profiling
You have the right to object to automated decision making where the outcome may have a legal or other significant impact on you. This means that you have the right to request that an appropriate member of Commitments Protection staff reviews the outcome of the automated decision making and conducts this process manually, unless you have previously given your consent to automated processing.
For example, you may have given your consent to the annual renewal of your plan. We conduct a number of profiling exercises, mostly to ensure we are able to offer you the most favourable terms.
We profile our customer base to ensure premiums are kept low and to minimise restrictions on the conditions we insure or will cover in the case of a claim. These profiling purposes are entirely legitimate and aimed at ensuring we treat all of our customers fairly.
We constantly review our range of products as we want to provide the most innovative and relevant insurance and investment options to our customers. We are continually negotiating with market leading benefit providers, that we want you to take advantage of, so we would like to keep you informed about all of these exciting new products and services available to you.
You have the right to object to the use of your personal data for marketing purposes and Commitments Protection is obligated to ensure marketing information is not sent to you if you assert this right.
If you do give us your permission to send marketing information to you we will provide you with the opportunity to change your mind every time.
When you purchase a product from Commitments Protection you will be provided with access to the Member Zone where you can manage your marketing preferences and choose your preferred method of receiving information about our products, services and the benefits at any time.
We use your email address to identify you on digital platforms, such as Google, Facebook or Twitter, to provide targeted advertising, we will use the email address of existing customers to exclude them from new business advertising. We will also use your information to build a profile of the type of customers we wish to target, and may share your email address with digital platforms. This will help us identify potential customers like you, whilst excluding you from that particular advertising.
We want all of our members to be happy with the way their personal data and health or medical information has been processed by us. If you are unhappy about the way we have managed your personal data we would like to know about this. We are constantly striving to ensure we do the right thing, and we would like to be able to put things right.
You’ll find the contact details for our complaint’s teams at: Commitments Protection.co.uk/legal/complaints.
However, if you are still dissatisfied you have the right to contact the Information Commissioner, who regulates compliance with Data Protection regulation and laws at: ico.org.uk.
You can also call the ICO on 0303 123 1113 or 01625 545 745 or you can write to them at:
Information Commissioner's Office
Data Protection Officer
123 Hagley Road
Commitments Protection Limited is Registered in England and Wales CRN 04450200
Regulated and Authorised by the Financial Conduct Authority FRN 307800
Regulated by the Claims Management Regulator in respect of regulated claims management activities CRM 40871
Operating Office: The Anderson Centre, Spitfire Close, Huntingdon, PE29 6XY
Administration Office: Crown House, 123 Hagley Road, Birmingham, B16 8LD
Tel: 0333 202 7121 Web: www.cpluk.net Email: firstname.lastname@example.org