Young Marmalade Limited, and its subsidiary company Provisional Marmalade Limited (which will together henceforth be referred to as “We”, and the expressions “us” and “our” should be read accordingly) are totally committed to respecting and protecting your privacy.
We take great care to ensure that your information is kept safe and secure and we understand the importance of not only maintaining your privacy, but keeping your personal information secure so that you are protected, and we are committed to complying with the requirements of the General Data Protection Regulation 2018, as well as any other data protection laws or regulations that might come into effect in the United Kingdom from time to time.
We are the joint data controllers of any personal information you provide to us. Our company details are : Young Marmalade Limited (registered in England under company number 04627884) and Provisional Marmalade Limited (registered in England under company number 06779950). Our registered office for both companies is Marmalade House, Alpha Business Centre, Mallard Road, Bretton, Peterborough, PE3 8AF.
Please read this Policy carefully to understand what personal information we may collect from you, why we use your personal information, how long we retain your personal information and more generally, the practices we maintain and the ways in which we use your personal information.
If you complete a quote or partially complete a policy application on our website, but choose to exit without proceeding to purchase, or if you experience a system crash, we will retain your email details. This is to allow us to send you a notification advising you that your purchase was not completed and that the details entered were not saved. We will provide you a link so that you can access the appropriate pages, should you wish to proceed. If we do not hear further from you, your email details will be removed after 30 days.
We may rely on one or more of the 6 lawful bases set out in the GDPR to collect and process your personal data. These bases are as follows :-
- Consent - you have given clear affirmative consent for us to process your personal data for a specific purpose;
- Contract - processing your personal data is necessary for a contract that we have with you, or because you have asked us to take specific steps before entering into a contract;
- Legal Obligation - the processing of your personal data is necessary for us to comply with the law (not including contractual obligations);
- Vital Interests - the processing of personal data is vital to protect someone’s life;
- Public Interest - the processing of your data is necessary for us to perform a task in the public interest or for us to fulfil our official functions, and the task or function has a clear basis in law.
- Legitimate Interests – the processing of your personal data is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good
reason to protect your personal data which overrides these legitimate interests.
For the avoidance of doubt, where we are relying on your consent we will seek your consent from the outset (in other words, before we use your personal data) and record when this consent was given.
Please see Section 5 below ‘Purposes for which we process your non-sensitive and sensitive personal information’ for more information.
We may provide you with further notices highlighting certain uses we wish to make of your personal information. We may also give you the ability to opt-in to or (where we are permitted by law to do so) opt-out of marketing when we collect your personal information.
If you choose to receive marketing updates from us, we set out below how we will use your data and communicate with you:
When obtaining a quote or purchasing insurance from Marmalade, you will be offered the option to receive updates on news, products and offers from Marmalade. This could be by email, post, messaging or other online means. If you choose to opt in to these communications, we will keep your data secure and we won’t pass it on to any third parties for any purpose, including marketing. You can unsubscribe from communications at any time by clicking “unsubscribe” in the footer of marketing emails, by emailing firstname.lastname@example.org or by calling 0333 358 3441.
We’ll keep in touch with you for 18 months, after which we will delete your data, if you have not unsubscribed before this time. Don’t worry, if you’re still enjoying hearing from us at the end of this time, we’ll offer you the option to stay in touch.
At the time when you opt in to receive updates, we will send you an email with a link to enable you to update your communications preferences, which reminds you how we will use your data, and allows you to unsubscribe. At this time, we will ask you to be specific about the methods by which you would prefer us to contact you. These include:
- Social media
- Digital media
- Text message
- Push Notifications
- Why do we collect personal information?
- When do we collect personal information?
- What personal information may we collect?
- How do we collect your personal information?
- Purposes for which we process your non-sensitive and sensitive personal information
- With whom do we share your information ?
- How do we protect your personal information?
- How long do we keep your information?
- International data transfers
- Your rights
- Your right to complain to the Information Commissioner’s Office (ICO)
- Other websites
- Pixel Tags
- How to contact us
1. Why do we collect personal information?
When arranging motor insurance we require information relating to your age, your full address and postcode, your occupation, your driving credentials, your vehicle, your claims history (or lack thereof), details of any driving or criminal convictions, the details of any other persons named on the policy, your financial and credit card details (or those of another person making payment on your behalf).
We will additionally require your email and telephone contact details (so that we may correspond with you) and we will request a copy of your Driving Licence and any proof of No Claims Bonus you may have. We may also request supplementary information, as deemed necessary, to verify your details.
This information is required for the underwriter to assess the potential risk presented and to offer (subject to any limitations or restrictions applied) the appropriate premium, based upon the underwriting criteria applicable at the time. This will be the basis of a contract, in the form of an insurance policy.
We are required to obtain and verify certain information in accordance with current Anti-Money Laundering and Financial Crime legislation.
We may seek to use your data for the purposes of internal research and statistical analysis, utilising third party agencies to collate the information for us. A list of such agencies is available, upon request.
We may additionally pass your email address onto an independent market research company - such as ‘Trustpilot’ – so that you may have an opportunity to provide feedback as to the service you have received from us. This will only be done once we have obtained your consent to use your information for that purpose.
2. When do we collect personal information?
We may collect your personal information if you :
- visit or use our website (for more information please see Section 13 on Cookies and Section 14 on Pixel Tags)
- complete a quotation online;
- contact us to arrange insurance cover:
- have provided your details to a Broker or third party to arrange insurance on your behalf;
- telephone us;
- email or write to us;
- agree to be part of a mailing or marketing campaign;
- enter a competition which we have arranged;
- contact us via social media;
- contact us via an online message service;
- complete an online review about our products and services; or
- contact us in connection with a job or position for which we are recruiting.
3. What personal information may we collect?
We may collect the following non-sensitive personal information :
- email address;
- personal phone number(s);
- personal address;
- occupation details;
- date of birth;
- details of your vehicle;
- details of any claims;
- financial information (e.g. credit card and bank account details) when arranging finance and/or payment for your insurance cover, in accordance with any changes made which affect the cover provided and in connection with any penalties incurred for unsatisfactory driving behaviours;
- telematics data which records the driving behaviours demonstrated;
- details of transactions that you carry out through our website;
- information that you provide by filling in forms on our website, even if those forms are not submitted;
- technical information, including the Internet Protocol (IOP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time);
- products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), and methods used to browse away from the page;
- any phone number from which you have called us; and
- information about your credit history.
We may also collect information from other sources, including (but not limited to) Google Earth, social media and telematics systems. Where we provide motor insurance for a vehicle equipped with a telematics system, we may use this system to obtain information regarding the location of a vehicle, vehicle crash data and information regarding the operational condition, mileage, diagnostic and performance reporting of vehicles. We may, in the future, also collect information from any cameras which are installed in the vehicle.
We may also collect the following sensitive personal information, referred to in the GDPR legislation as “special categories” of data. :
· information about your physical or mental health; and
· details of any criminal convictions.
4. How do we collect your personal information?
We may collect your non-sensitive and sensitive information :
- via a Broker or third party who you have authorised to arrange insurance on your behalf;
- via application forms where you are seeking to arrange a Hire Purchase (HP) or Personal Contract Purchase (PCP) agreement;
- by telephone;
- by call recording;
- by email;
- by letter;
- via surveys sent or commissioned by us. We will seek your consent before any such surveys are sent to you;
- via mailing or marketing campaigns where you have given your consent to be contacted;
- via competition entry or subscription to a Newsletter or other form of regular communication, again where you have given your consent to be contacted;
- via attendance at any events where we are represented or exhibiting our products and services. For this purpose we may ask you to complete a contact form where you voluntarily provide your details, so that we may subsequently contact you ;
- by Customer Relationship Management (CRM) systems, from the information you have provided;
- from third parties to verify your identity and the accuracy of the information you have provided;
- from credit reference agencies and organisations which can check your claims history;
- from publicly available sources including, but not limited to, internet search engines, public records and registers, as well as social media (e.g. Facebook, Twitter, LinkedIn);
- via recruitment agencies or job websites in connection with a job or position for which we are recruiting.
5. Purposes for which we process your non-sensitive and sensitive personal information
We use your non-sensitive and sensitive information for a number of different purposes.
Under the current data protection laws, we must be able to rely on a legal basis to justify why we are using your non-sensitive personal information. The legal bases that we may rely on are :
For pre-contract purposes
Processing is necessary because you have asked us to take specific steps before entering into a contract, for example preparing a policy of insurance which is intended to form part of a contract between you and us.
To fulfil our obligations arising from any contracts entered into between you and us
Processing is necessary for the initial assessment and continuation of the insurance cover provided. We will carry out identity checks, credit checks or checks into your claims history to ensure that the pricing of your policy is appropriately applied and is consistent with the underwriting terms and conditions in place at the time.
Processing of telematics data relating to motoring history, accident history and claims history is necessary for the purposes of assessing insurance applications and/or processing claims and/or applying increases to the premium (where appropriate, and in accordance with the policy Terms and Conditions).
Compliance with a legal obligation
Processing is required to enable us to fulfil and comply with a legal obligation to which we are subject.
For our legitimate interests where these do not cause you undue harm
Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal information. Our main legitimate interests for using your personal information are:
(1) to enable us, or permit selected third parties to provide you, with information about goods or services we feel may interest you. We may only do this where we have previously obtained your consent to do so. If you are an existing customer, we will only contact you with information about services which we consider will benefit you and which may reflect any change in your circumstances;
(2) to promote our services and to update you with any changes to our service and/or our Terms and Conditions;
(3) to ensure that content from our site is presented in the most effective manner for you and your computer, and to enable you to participate in interactive features of our service, when you chose to do so;
(4) to administer our site and for internal operations, including troubleshooting, data analysis, testing, research statistical and survey purposes;
(5) to personalise your repeat visits to our website and to improve our website, as part of our efforts to keep our site safe and secure;
(6) to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and (7) in the case of credit checks, to ensure that the products and services in which you are interested are affordable and will not place you into financial difficulties or hardship, also to ensure that the pricing of your policy is appropriately applied and is consistent with the underwriting terms and conditions in place at the time.
Please note that this is not an exhaustive list. We have set out what we consider to be the most important and relevant situations in which it would be in our legitimate interests to use your personal data.
When we use your sensitive personal information (for example information about your health or criminal convictions), we must be able to rely on an additional legal basis. The additional legal bases that we may rely on in such instances are :
FOR PROCESSING SENSITIVE PERSONAL INFORMATION
Your explicit consent
You need to have given your explicit consent to the processing of your sensitive personal information for one or more specified purposes. We will request this consent from you when we request the sensitive personal information.
You may withdraw your consent at any time by contacting us at https://www.wearemarmalade.co.uk
However, please note that, If you do withdraw your consent, you may not be able to receive the benefit of some of our services where, in order to provide them, we rely on your explicit consent to process your sensitive personal information.
To fulfil our obligations arising from any contracts entered into between you and us
Processing of information relating to your physical and/or mental health, as well as details of any criminal convictions is necessary for the initial assessment and continuation of the insurance cover provided.
For legal claims
Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
You have made this information public
You have made your sensitive personal information manifestly public.
6. With whom do we share your information?
We may share your information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries For the purposes of this Policy, this will mean Marmalade Limited, Young Marmalade Limited, Provisional Marmalade Limited and Marmalade Network Limited.
- Premium Finance Companies;
- Finance Companies (with regards to arranging Hire Purchase (HP) or Personal Contract Purpose (PCP) agreements;
- Regulators (including The Financial Conduct Authority, The Financial Ombudsman Service, The Information Commissioner’s Office);
- Professional advisors (including auditors, solicitors, tax advisors and media sales agencies);
- Information Technology (IT) service providers;
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
- Analytics and search engine providers that assist us in the development, improvement and optimisation of our site;
- Advertisers and advertising networks that require the data to select and serve relevant advertisers to you and others. Although we do not disclose your personal data to such organisations, we might use your personal data in order to compile the anonymised data that we do provide.
We may use Google Analytics and we would recommend you visit the site “How Google uses
data when you use our partners’ sites or apps”. This can be found at the website location:
We may disclose your personal information to third parties :
· in the event that we are selling or buying, or intend to sell or buy, any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
· if Young Marmalade Limited or Provisional Marmalade Limited, or substantially all of their assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
· where the disclosure is required by law or by a regulator with authority over us or you, such as where there is a court order, statutory obligation or FCA request; and
· if we believe that such disclosure is necessary in order to assist in the prevention or detection of any criminal action (including fraud) or is otherwise in the overriding public interest;
· in order to check your claims history;
· where we are required to share your information with other databases including the Motor Insurance Database. These may be accessed by police and other organisations to check the details of your motor insurance or your personal circumstances;
· where we may be required to pass telematics data to law enforcement agencies, to assist them with their investigations, in the event of there being a road traffic incident.
7. How do we protect your personal information?
We are committed to respecting and protecting your privacy and keeping your personal information secure. We keep your personal information in a secure server and have appropriate security measures in place in our offices. In addition to having appropriate security measures in place, we enforce them rigourously and keep them under review in order to monitor their effectiveness, and we shall modify the procedures if we should be of the view that this would provide greater protection for you or your personal data.
Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Whilst we make every effort to protect your personal information, the transmission of data via the internet is, unfortunately, not completely secure. We will always do everything reasonable and within our power to ensure that we comply with the requirements of the law and best practice in relation to the security of personal data. Once we have received your information, we will use strict procedures and security features in an endeavour to prevent unauthorised access.
8. How long do we keep your information?
The factors which will be taken into account when determining the retention period will include regulatory and legal requirements and the need to retain data in the event of there being a claim submitted or a subsequent dispute or complaint relating to the service provided.
Currently, we are required by law to keep certain personal information for a period of 7 years. In addition, we will retain essential policy details in the event of there being a subsequent claim submission, which means that we may need to retain information for up to 10 years. Any non-essential information will not be retained any longer than is reasonably necessary and, where we are able, we will delete any data we have retained after 7 years and 1 month, as part of an automatic process.
We will delete any personal data which there is no foreseeable need for us to retain longer than necessary for the fulfilment of any contract entered between ourselves.
9. International data transfers
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Are (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.
In the unlikely event that we transfer your personal information outside the EEA we will ensure that an adequate level of protection is in place to protect your personal information, such as putting in place contractual protections which have the purpose of ensuring the security of any information passed and putting in place technical and organisational security measures to prevent the loss or unauthorised access of your personal information. We may rely upon an EC finding of adequacy of the level of protection of personal data in any country, in making a decision to transfer personal data to that country.
10. Your Rights
Under certain circumstances, you have the following rights:
1. to request that we provide you with a copy of the personal data that we hold about you (“Access Request”);
2. to request that we rectify any personal data that we hold about you (“Right to Rectification”);
3. to request that we erase any personal data that we hold about you (“Right to be Forgotten”);
4. to restrict the level of processing we carry out with your personal data (“Restriction of Processing”);
5. to obtain from us all personal data that we hold about you in a structured, machine readable form, and have this information transmitted to another organisation (“Data Portability”);
6. to object to our processing your personal data in certain ways (“Right to Object”); and
7. to withdraw your consent at any time to our processing of your personal data.
Please see the relevant sections below for further details on your rights as a data subject. You can exercise any of the above rights by emailing us at [insert link]. You also have the right to lodge a complaint with the Information Commissioner’s Office if you are unhappy in any way with how we have treated your personal information. We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioner’s Office, so please contact us in the first instance.
We shall comply with any request made under this section as soon as possible, and normally within one month from the date of your request. However, if necessary, for example if your request is particularly complex or we receive a number of similar requests, we may extend this period by an additional two months, but we shall notify you if we need to do this. You will not usually have to pay a fee to access your personal data (or to exercise any of your other rights). However, please note that where we receive requests under this section which are manifestly unfounded or excessive, for example because they are repetitive in nature, we may:
1. charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or
2. refuse to act on the request.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
You have the right to request a copy of the information that we hold about you at any time. This enables you to receive a copy of the personal data that we hold about you and to check that we are lawfully processing it. Please note that in most circumstances, we shall not make a charge for this. However, we may charge a reasonable fee based on administrative costs for any further copies requested.
Right To Rectification
You have the right at any time to ask us to rectify any personal data that we hold for you which is incorrect or incomplete. This enables you to have corrected any incomplete or inaccurate data we hold about you, though we may need to verify the accuracy of the new data that you provide to us.
If we have disclosed any incorrect or incomplete data to any third parties, we shall inform them of any necessary amendments or corrections made to your personal data under this section.
Right To Be Forgotten
You have the right to ask us to erase the personal data that we hold about you in circumstances where:
1. it is no longer necessary for us to handle your personal data for the purpose for which it was originally collected;
2. you have withdrawn your permission for us to hold your personal data (where this was the basis on which it was collected or used);
3. you object to the processing of the data and there is no lawful overriding reason for us to continue processing your personal data;
4. the personal data was unlawfully processed; or
5. we have to erase your personal data in order to comply with a legal obligation.
Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Restriction Of Processing
You can ask us to restrict how we use your data in the following circumstances:
1. where you believe that the information we hold about you is inaccurate, you can ask that we refrain from using your data until we can verify the accuracy of it;
2. where we have unlawfully processed your data, you can ask that we restrict our usage of it rather than erase it completely;
3. where we no longer need to hold your information, but you wish us to retain your information for the purpose of establishing, exercising or defending a legal claim; or
4. where you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
You have the right to obtain from us all personal data which you have provided to us in a structured, commonly used and machine readable form, provided that such data was processed based on your consent, or for the purpose of a contract between us and the processing was carried out by automated means. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
This will allow you to move, copy or transfer personal data easily from one IT environment to another. Alternatively, we can transmit such data directly to another organisation.
Please note that we shall not be able to comply with a data portability request if this will affect the rights and freedoms of others.
Right To Object
You have the right to object, on grounds relating to your particular situation, to our processing of your personal data where we are doing this for the performance of a task carried out in the public interest (which we shall have told you about, if applicable), or where we are carrying out processing for the purposes of legitimate interests pursued by us.
You also have the right at any time to ask us not to process your personal data for direct marketing or profiling purposes (to the extent that such profiling is related to such direct marketing). We shall have informed you before the time we obtained your personal data whether we intend to process your personal data for this purpose, or if we intend to disclose your information to any third party for such purposes.
If we process your personal data for automatic decision making or profiling purposes (i.e. to analyse or predict your personal preferences and purchase behaviour, and such profiling is automated) we shall tell you about this beforehand, and will only do this where this is a necessary condition of entering into a contract between you and us, or where you have given us your explicit consent to do this.
Right To Withdraw Consent
Where you have given us your consent to our processing of any of your personal data, you have the right to withdraw your consent at any time, for example if you no longer wish us to share your information with third parties for marketing purposes (where you have previously consented to this). However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
In addition to any other way we make available to you the ability to withdraw your consent, you may also withdraw your consent at any time by contacting us at [insert link].
11. Your right to complain to the Information Commissioner’s Office (ICO)
If you are not satisfied with our use of your personal information, our response to any exercise of your rights (as set out in section 10 above), or if you believe us to be in breach of our data protection obligations, you have the right to complain to the Information Commissioner’s Office here (https://ico.org.uk/concerns/).
We are registered with the Information Commissioner’s Office. Our registration details are : -
Young Marmalade Limited : ICO Registration Reference Z9880662
Provisional Marmalade Limited : ICO Registration Reference Z1622466
12. Other websites
Our site may, from time to time, contain links to and from the websites of our partner
14. Pixel tags
Pixel tags (also called clear gifs or web bugs) are used to track who is reading a web page or email, when, and from what computer.
They provide us with information about your interaction with our email messages (if you receive messages in html format) and to record some of the pages you consequently visit on our website.
We use this information so we can provide you with information tailored to your needs and interests and to upgrade visitor information used in reporting statistics.
Pixel tag technology is used to analyse the reading habits of our customers in order to review and improve the services we offer and we may, on occasion, use this for marketing purposes.
15. How to contact us