At SSP we’re committed to safeguarding your privacy, whether you’re a customer, a prospective customer or a visitor to one of our websites. The purpose of this policy is to explain how we use the personal data we collect about you, how you can instruct us if you would prefer to limit the use of your data, and the procedures that we have in place to keep your data secure.
It is important that you read this privacy notice together with any other privacy notice and/or any other notices we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements any other notices and is not intended to override them.
We will only use your personal data in ways the law allows us to. Any information that you provide to us is held with the utmost care and security. We will only use your personal data in ways the law allows us to, in ways to which you have consented. More commonly, we will use your personal data in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
We have appointed our Company Secretary, Richard Forrest as Data Protection Officer (DPO), who is responsible for overseeing questions in relation to this policy. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the contact details at the base of this page.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
What personal data do we collect?
We need to collect, store and process personal data from you in order to provide an effective service. You provide some of this data directly when you become a customer, or when you fill out a form on one of our websites. We only collect data that is relevant for the purpose of processing. For example, to join a mailing list we may only require your name and email address; whereas to attend an event we host, we may also require your company name and contact number.
As a consequence of providing software to the general insurance market, and as permitted by law, we may sometimes collect special categories of personal data about you (this may include quotation details, such as information about your health or motoring offences).
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, where we run marketing campaigns and competitions). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
Disclosure of information
The use of your data for any of the purposes explained within this policy, or in any separate communication from us, may involve sharing it with third party suppliers such as contractors, agents or professional advisers appointed by us to assist us in providing our products and services.
These third parties may include entities outside the European Economic Area (EEA), who will be required to comply with our strict privacy requirements, and to demonstrate that they follow best practice guidelines for data protection.
Transfer of Personal Data outside of the EEA
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection by ensuring at least one of the following safeguards is implemented:
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
In no other case, unless obliged to do so by law, will we disclose your data to any third party, unless you have provided your specific, positive and unambiguous consent.
How we use your data
We will process your personal data lawfully.
We will use the information that you provide to us and your preferences to provide our products and services to you. We may also use this data to provide you with communications which we believe to be relevant and of interest to you. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you have opted-in to receive email from us, we may use your details to keep you informed of special offers or products and services that may be of relevance. We may also use your data to tailor promotions to your requirements.
You may be receiving marketing communications for any of the following reasons: you are in contract to receive our products or services, you have opted-in to receive communications using our online forms, or we have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Type of data
Lawful basis for processing including basis of legitimate interest
Our SSP teams will need to register you as a new customer.
Lawful basis for processing including basis of legitimate interest
To process and deliver your order which may include: managing payments, fees and charges. We may also need to collect and recover money owed to us.
Marketing and Communications
Performance of a contract with you, which is necessary for legitimate interests (to recover debts due to us).
Marketing and Communications
Performance of a contract with you, which also includes:
Necessary to comply with a legal obligation
Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To make service and product improvements, we find it invaluable to involve you in customer feedback surveys. Through various marketing campaigns (SSP exhibitions and events and SSP marketing competitions) we will give the opportunities to partake in competitions.
Marketing and Communications
Performance of a contract with you (necessary for our legitimate interests, to study how customers use our products/services, to develop them and grow our business).
To administer and protect our business and our SSP website, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data.
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise). Furthermore, necessary to comply with a legal obligation.
To deliver relevant website content, promotions (which could also include advertisements) to you and measure or understand the effectiveness of this.
Marketing and Communications
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy).
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences.
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).
To make suggestions and recommendations to you about goods or services that may be of interest to you.
Necessary for our legitimate interests (to develop our products/services and grow our business).
How to update your marketing preferences
Whenever we collect personal data from you, we will provide the opportunity for you to opt in to receiving marketing communications.
All email communications sent to you (unless they are operational emails or emails that we are legally obligated to send) will include a link to our email preference centre, allowing you to change and update your preferences, opt out of marketing communications and unsubscribe from receiving all marketing communications.
If you would prefer to send your opt-out request in writing, please send all correspondence to us using the contact details at the base of this page.
Whatever choice you make regarding the receipt of marketing communications at our email preference centre, it will not affect existing decisions you made regarding more traditional forms of marketing, such as receiving letters. If you wish to amend your traditional response, please contact us using the contact details at the base of this page.
Your rights and our responsibility
In addition to the safeguards set out in this policy, your personal data is protected in the UK by the EU General Data Protection Regulation. This means, amongst other things, that the data we hold about you should be processed lawfully and fairly. It should be accurate, relevant and not excessive. The information should, where necessary, be kept up to date and not retained for longer than is needed. It should be kept securely to prevent unauthorised access by other people.
You have the right to see what data is held about you and to correct any inaccuracies. You also have the right to be forgotten by us and have your data removed (or anonymised) to prevent processing under certain circumstances.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
To submit a request to access, rectify or erase your data, please write to us using the contact details the base of this page.
As you browse our websites, small text files called cookies are placed on your computer that allow us to track how you use them and to ensure you get the best functionality and experience. The cookies we use on our sites will not contain personally identifiable information about you.
As a convenience to you, our website may provide links to third party websites. You are under no obligation to use these sites, but if you choose to do so, please note that we are not responsible for and have no control over, information that is submitted to or collected by these third parties. These sites will have different content, privacy and data collection policies. Since we do not control these websites, SSP accepts no responsibility for the content of any site to which a link exists. Such links are provided for your convenience with no warranty, express or implied, for the information provided within them.
Monitoring and analysis
We use aggregate information and statistics collected via the internet to carry out analysis that will allow us to monitor the success of our service and plan future content and activity and may provide such aggregate information to third parties. These statistics will not include information that can be used to identify any individual.
Data may also be used to allow us to profile our customers to understand their requirements better and to help us improve our service.
The Internet is not a secure medium. SSP treats all the data held with the utmost care and security. Any details you give will remain completely confidential. In accordance with the General Data protection Regulation, we are implementing appropriate organisational and technical measures to protect your personal data from unauthorised loss, disclosure or destruction. These measures include firewalls to block unauthorised traffic to servers, which are located in a secure location that can only be accessed by authorised personnel.
Whilst we strive to protect your data, we cannot warrant the absolute security of any data that you transmit to us online. You must not use any computers, computer equipment, network resources or any services provided by us for any illegal purpose, or for accessing, receiving or transmitting any material deemed illegal, indecent, offensive or otherwise unacceptable under UK law.
All passwords and usernames allocated to you must be kept secret and must not be disclosed to anyone without our prior written authorisation.
You must not use any false identity in email or other network communications.
You must not attempt or participate in the unauthorised entry or viewing of another user’s account or into another system.
You must not use the services and/or network systems or any part thereof for fraudulent activities, or to breach another organisation’s security (cross-network hacking). This is an illegal act and prosecution under criminal law may result.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
SSP work with a wide range of solution providers to ensure that our customers are connected with leading broker, insurer and financial adviser specialists.
For Sub-Contractors who may process personal data, you can view their information via our SSP Customer Portal in the General folder of the Document Store. You will require your login details to access our Customer Portal, if you are having any difficulties logging in or do not have an account (but use our systems or services) please contact firstname.lastname@example.org.
If you have any questions about this policy, or you would like to submit a request to access, rectify or erase your data, please write to us at the address below.
Richard Forrest, Data Protection Officer
SSP Limited, 2500 The Crescent, Birmingham Business Park, Solihull, West Midlands B37 7YE
This version was last updated on [DATE].