HELP & SUPPORT

Privacy, Data & Cookies

We act as your agent and will collect data, including personal information and risk details, solely to enable us to obtain and provide insurance quotations, arrange and administer your insurance.

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are contractual obligations, and for our legitimate business interests as an insurance broker.

We will be unable to offer any quotation or insurance if you refuse to provide certain personal data, including health, financial and criminal records data which is collected under the lawful basis of public interest, where these would affect the provision of cover and/or performance of insurance contracts.

For the purposes specified within this privacy statement, we collect and process the following information:

  • Personal & business identifiers, contacts and characteristics (eg name, contacts etc)
  • Health, financial and criminal records

Cookies and Tracking Technologies

To enhance your online experience, our website uses cookies and similar tracking technologies. Cookies are small text files placed on your device to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and compile statistical reports on website activity.

Google Analytics

We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google's privacy policy is available at: https://www.google.com/policies/privacy/.

Data Protection & Privacy Statement

We regard the lawful and correct handling of personal information by the firm as an essential element in achieving fair treatment of customers and to maintaining confidence between those with whom we deal and ourselves. We therefore need to ensure that our organisation treats personal information lawfully and correctly. To this end, we fully endorse and adhere to the Principles of data protection, as set out in the Data Protection Act and General Data Protection Regulations.

In this respect, personal information:

  1. shall be processed fairly and lawfully and, in particular, shall be processed only in accordance with our stated privacy policy;
  2. shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes;
  3. shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed;
  4. shall be accurate and, where necessary, kept up to date;
  5. shall not be kept for longer than is necessary for the specified purpose(s);
  6. shall be processed in accordance with the rights of data subjects under the Act;
  7. should be subject to appropriate technical and organisational measures to prevent the unauthorised or unlawful processing of personal data, or the accidental loss, destruction, or damage to personal data;
  8. shall not be transferred to a country or territory outside the UK unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Therefore, the firm will, through appropriate management and strict application of criteria and controls:

  1. observe fully conditions regarding the fair collection and use of information;
  2. meet its legal obligations to specify the purposes for which information is used in the disclosure documentation provided to customers, obtaining consent for any marketing activities that we intend to provide;
  3. collect and process appropriate information only to the extent that it is needed to fulfil our operational needs or to comply with any legal requirements;
  4. ensure the quality of information used, regularly checking its accuracy;
  5. ensure that the information is held for no longer than is necessary for the purpose for which the data was originally collected, subject to our legal and regulatory obligations and legitimate business interest to protect and defend the company from litigation;
  6. ensure that the rights of people about whom information is held can be fully exercised under the Act (i.e. the right to be informed that processing is being undertaken, to access one's personal information; to prevent processing in certain circumstances, and to correct, rectify, block or erase information that is regarded as wrong information);
  7. take appropriate technical and organisational security measures to safeguard personal information;
  8. ensure that personal information is not transferred abroad without suitable safeguards;
  9. To assist in achieving compliance with the Principles for Business of the Financial Conduct Authority;
  10. appoint an Information Security/Data Protection Officer (as stated on the first page of this document) at a senior level with specific responsibility for data protection and information security assets within the firm who will be responsible for providing staff with guidance on data protection procedures.

Your information will be held securely by us and shared with insurers and their agents, which could include reputable providers in other countries, to enable them to provide accurate terms and they will also obtain data about you and your insurance history from various insurance antifraud databases, such as the Claims and Underwriting Exchange (CUE) as well as publicly available websites and credit referencing agencies.

We will not give anyone else any personal information except on your instructions or authority, or where we are required to do so by law, or our regulatory requirements. Information about you and your insurance will be securely stored in encrypted and secured data centres for the periods detailed in our 'Data Retention - How long do we keep your information for?' section below.

Data Retention - How long do we keep your information for?

We maintain a retention policy to ensure that we only keep your personal information for as long as we reasonably need it for the purposes explained in this policy, and in line with our legal, regulatory, and legitimate business interests (for example, if necessary for any legal proceedings or to protect against future claims).

Generally, we will keep your personal data for seven years following the termination or cancellation of a product, contract or service we provided. This allows us to maintain an accurate record for any complaints or challenges, carry out relevant fraud checks, or comply with legal, regulatory, or tax requirements.

However, in certain cases, particularly where a product includes liability insurances or other types of insurance for which a claim could potentially be made by you or a third party at a future date, we will retain your information for longer periods, potentially up to 12 or even 60 years, as required by the nature of the cover and associated legal and regulatory obligations.

Following the end of the applicable retention period, your personal data will be securely destroyed.

Data Subject Right to Access

The right to access is a fundamental principle of the Act. It allows individuals to request and obtain copies of their personal data and related information.

Under the Data Protection Act, the rights of data subjects include the following:

Data Subject Right to Rectification

If a data subject contacts the firm advising that the information held about them is inaccurate or incomplete, the firm must refrain from processing (ie. using, but not storing) the data, until it has been verified or rectified. The business encourages customers to check and correct data as disclosure is an essential element in ensuring any policy provided by the company will protect the customer.

Full notes of any allegedly incorrect information will be kept on the customer record and, although there is a 30 day period in which to rectify information once notified under the DPA, in practice this must be carried out as soon as possible and confirmed to the customer in writing (email or letter) along with the impact on their insurance of any such change.

Data Subject Right to Erasure (Right to be Forgotten)

The right to erasure is extremely limited where the data subject is a customer of the business due to our legal and regulatory obligations to retain customer data for various periods, as detailed in our 'Data Retention - How long do we keep your information for?' section above, and for our legitimate business purposes for such retention. Once we have no lawful basis for holding data, it will be deleted, and our 'Data Retention - How long do we keep your information for?' section indicates the relevant periods for which we will hold data.

Data subjects do, however, have the right to erasure where their data is being held on the basis of consent (such as previous quotations or for marketing purposes) or their data has been processed unlawfully (such as where data has been obtained/ purchased from a third party that did not have the right to pass on that data)

Any request for erasure must be passed to the company's data protection officer for review and appropriate action.

Data Subject Right to Restrict Processing

Individuals have the right to request that we restrict the processing (but NOT holding) of their personal data where:

  • they allege inaccuracy of the data being processed (see right of rectification, above);
  • data is being unlawfully processed;
  • the individual has raised a formal objection to our processing of data (see Right to Object, below);
  • or where the individual requests you refrain from deleting their data in order to establish or defend a legal claim (NB. In these circumstances the relevant data must be stored in a location and manner which prohibits processing of data)

Any request for restriction of processing must be noted on the file and passed to the company's data protection officer for review and appropriate action.

Data Subject Right to Object to Processing

Again, this is a limited right which only applies in specific circumstances. Primarily in the case of Insurance Intermediaries it will be a specific right to opt-out of marketing communications.

Where a customer opts not to receive marketing communications, or, as a consumer, has not opted-in this must be noted on the client screen and their details must be removed from any marketing lists. Confirmation should be sent to the marketing manager or data protection officer.

In other cases of objection, where the firm has a lawful basis for continued processing, this must be referred to the data protection officer to evaluate whether the firm's legitimate grounds should override the data subject's objection.

Data Subject Right to Portability of Data

The right to data portability gives individuals the right to receive personal data they have provided to us in a structured, commonly used and machine-readable format. It also gives them the right to request that we transmit this data directly to another controller, however it is important to understand that the right to data portability only applies to personal data.

The right applies where the lawful basis for processing is consent or for the performance of a contract, the latter of which would apply to most of our data for individuals.

Your Consent to Cookies

By using our website, you consent to our use of cookies and similar tracking technologies in accordance with this privacy and data statement. You can set your browser not to accept cookies, and the above websites tell you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

Any request for data portability must be noted on the file and passed to the company's data protection officer for review and appropriate action. You are NOT required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please write to our data protection officer at 2nd Floor Northgate House, Upper Borough Walls, Bath, BA1 1RG if you wish to exercise your rights or have a complaint about our use of your data.

Protect the brands you love

dewalt logo
makita logo
festool logo
paslode logo

Very easy to navigate on the webpage and super easy to buy cover, no hundreds of questions, literally took me around 10 minutes.

avatar

C BURGE ELECTRICAL

Account LoginPolicy Summary & Wording
Privacy, Data & CookiesTerms & Conditions
© 2024 Voli Ltd. All rights reserved.
Firstfix is a trading name of Voli Limited. Voli Limited is authorised and regulated by the Financial Conduct Authority for General Insurance Distribution activities and as a Credit Broker. We do not charge any up-front fees for arranging credit. Reg No. 1015906.
Our services are covered by the Financial Ombudsman Service. If you cannot settle a complaint with us, eligible complainants may be entitled to refer it to the Financial Ombudsman Service for an independent assessment. The FOS Consumer Helpline is on 0800 023 4567 and their address is: Financial Ombudsman Service, Exchange Tower, London E14 9SR.
Registered in England No. 15554073 Registered Office: Suite 22 Trym Lodge, 1 Henbury Road, Westbury-On-Trym, Bristol, United Kingdom, BS9 3HQ
For any written postal correspondence, please use: Voli Limited, 2nd Floor Northgate House, Upper Borough Walls, Bath, BA1 1RG
v1.0.1