DATA PRIVACY NOTICE
Marketing & Management Services Ltd, trading as MMS
1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Who are we?
MMS is the data controller and is committed to protecting the rights of individuals in line with the UK GDPR. This means MMS decides how your personal data is processed and for what purposes.
3. How do we process your personal data?
MMS complies with its obligations under applicable data protection law by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
4. The data we may collect about you (your personal data).
In order for us to administer insurance policies and / or deal with any claims or complaints, we need to collect and process personal data about you. The types of personal data that are processed may include:
| Types of Personal Data | Details |
| Individual details | Name, address (including proof of address), other contact details (e.g. email and telephone numbers), title, date of birth, NI number, employer, job title and employment history. |
| Identification details | Passport, birth certificate, driving licence and other proof of address. |
| Financial information | Bank account or payment card details, income or other financial information. |
| Risk details | Information about you we may need to collect in order to assess a claim including details about your health. |
| Policy information | Information about the quotes you receive and policies you take out. |
| Credit and anti-fraud data | Sanctions and information received from various anti-fraud databases relating to you. |
| Previous and current claims | Information about previous and current claims, (including other unrelated insurances), which may include data relating to your health and in some cases surveillance reports. |
| Special categories of personal data | Certain categories of personal data which have additional protection under GDPR, this includes health. |
5. Where might we collect your personal data from?
We might collect your personal data from various sources, including:
You;
Your family members, employer or representative;
Other insurance market participants;
Anti-fraud databases, sanctions lists and other databases;
Government agencies such as the Jobcentre Plus;
In the event of a claim, third parties including medical experts, expert investigators and claims handlers.
Which of the above sources apply will depend on your particular circumstances.
6. How will your information be used?
We may use your personal information in the following ways:
(a) To decide whether to enter into any proposed transaction with you in order to arrange and administer insurance products
where you are the beneficiary or a person involved in any claim, including in certain circumstances, disclosing such information
to third party anti-fraud and money laundering agencies for the purposes of detecting and preventing fraud and crime (as further
set out in section 8 below);
(b) To identify you and to carry out any identity checks as may be required by applicable law and regulation and best practice at any given time;
(c) To recover any payments due to us and where necessary to enforce such recovery through the engagement of debt collection agencies or taking
other legal action (including the commencement and carrying out of legal and court proceedings);
(d) To analyse it in order to understand the service we provide and in order to improve our business;
(e) To monitor calls and transactions to ensure service quality, compliance with procedures and to combat fraud.
(f) To comply with legal and regulatory obligations, including fraud prevention, anti-money laundering, and sanctions screening.
7. What is our legal basis for processing your personal data?
We process personal data under one or more of the following lawful bases, depending on the circumstances:
- Performance of a contract (for example, arranging and administering insurance)
- Compliance with legal obligations (such as regulatory, fraud prevention, AML, and sanctions requirements)
- Legitimate interests (such as fraud prevention, risk assessment, business improvement, and service quality)
Where we process health or other special category data, we do so where it is necessary for insurance purposes, including the assessment and administration of claims and where necessary for the establishment, exercise or defence of legal claims in accordance with applicable data protection law.
8. Disclosure to third parties.
We may also permit selected third parties and agents to access your personal information, for the purposes set out in part 6 above. These
may include insurers, brokers, claims handlers, loss adjusters, fraud prevention agencies, professional advisers, regulators, and law enforcement
bodies.
If false or inaccurate information is provided and/or fraud is identified or suspected, details may be passed to fraud prevention and anti-money
laundering agencies, law enforcement agencies or other insurers and may be recorded by us or by them.
We and other organisations may also access and use this information to prevent fraud and other crime, for example when:
(a) Reviewing applications for products (as outlined in part 6 above);
(b) Deciding whether to make a payment to you under an insurance policy;
(c) Taking steps to recover payments due.
We can provide the names and addresses of the agencies we may use to counter fraud or money laundering upon request.
We may disclose your personal information to third parties, the courts and/or regulators or law enforcement agencies in connection with
enquiries, proceedings or investigations by such parties or in order to enable MMS to comply with its regulatory requirements or dialogue with
its regulators as applicable.
In the event that MMS is subject to negotiations for the sale of its business, is sold to a third party, or undergoes a re-organisation, your
personal data may be disclosed to relevant third parties (and their advisers) as part of a due diligence process or transferred to the re-organised
entity.
Any such disclosure or transfer will be carried out in accordance with applicable data protection laws and subject to appropriate confidentiality
and security safeguards. Personal data will continue to be used only for compatible purposes.
9. Transmission, storage and security of your personal information.
No data transmission over the Internet or website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable
physical, electronic and procedural safeguards to protect your personal information in accordance with applicable data protection legislative
requirements.
All information within our control is stored on our secure servers and internal systems (or secure hard copies) and accessed and used subject
to our security policies and standards. We implement appropriate technical and organisational security measures designed to protect personal data.
Your personal information may be accessed by staff or authorised third parties.
10. How long will your information be held?
We will keep your personal data only for so long as is necessary and for the purpose for which it was originally collected, including:
- For the duration of your insurance policy and any active claims;
- For up to seven years following the cancellation or expiry of your policy (or closure of any related claim if later);
- For any periods required by law or regulation, including for tax, accounting, or regulatory reporting;
- For the period during which legal claims may be brought.
Once retention is no longer necessary, personal data will be securely deleted or anonymised.
11. Your rights & contacting us.
Applicable data protection laws give you rights including:
- The right of access
- The right to rectification (see further explanation below)
- The right to erasure (in certain circumstances)
- The right to restrict processing
- The right to object to processing
- The right to data portability (where applicable)
The right to rectification does not require us to amend original insurance policy documentation, contractual records or claims documentation
that has been lawfully issued and must be retained for regulatory, legal or evidential purposes. Where appropriate, we will correct personal
data by updating our administrative records and provide written confirmation of the update.
We can be contacted in relation to your rights or any questions you may have in respect of this Privacy Policy or our processing of your personal
information by the following means:
Email: info@mms-uk.com
Post: Data Protection Officer
MMS
Melbourne House
Melbourne Street
Farsley
Pudsey
Leeds
LS28 5BT
Your right to complain to the Information Commissioner’s Office (ICO).
If you are unhappy with the way in which your personal data has been processed you may in the first instance write to us using the contact
details above. If you remain dissatisfied then you have the right to apply directly to the ICO. The ICO can be contacted at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
www.ico.org.uk
12. Changes to our Privacy Policy.
Any changes to our privacy policy in the future will be posted to our website and, where appropriate, through e-mail notification. We encourage you to review it from time to time to stay informed of how we are using personal information.