This Privacy Notice (the “Privacy Notice”) relates to Brookhurst Risk Solutions, a trading style of GSI Commercial services LLP (“we” or “us”). A copy can be found on our Website at www.brookhurstrisk.com. We may make changes from time to time so you should check the latest version of this Privacy Notice periodically.
We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information on:
- the personal information we collect about you in relation to the services we provide
- what we do with that information and
- with whom we may share your information
Who We Are
Brookhurst Risk Solutions is a data processor for GSI Commercial Services LLP who is the data controller for the purposes of the General Data Protection Regulation, 2018 (“Data Protection Laws”). We are responsible for, and control the processing of, personal information which we hold about you.
Useful Words & Phrases
|Any information from which a living individual can be identified.
This includes information such as telephone numbers, names, addresses, email addresses, online identifiers, photographs, voice-recordings. It also includes expressions of opinion and indications of intentions about data subjects (and their own expressions of opinion/ intentions).
It also covers information which on its own does not identify someone but which could identify them if put together with other information which we have or are likely to have in the future.
|Special Categories of Personal Data||Sometimes referred to as Sensitive Personal Data and includes any information relating to
· Racial or ethnic origin
· Political opinions
· Religious beliefs or beliefs of a similar nature
· Trade union membership
· Physical or mental health condition
· Sexual life
· Genetic or biometric data for the purpose of uniquely identifying you
· Offences or alleged offences or information relating to any offences committed or allegedly committed.
|This covers virtually anything anyone can do with personal data, including
· Obtaining, recording, retrieving, consulting or holding it
· Organising, amending or altering it
· Disclosing, disseminating or otherwise making it available
· Aligning, blocking, erasing or destroying it
· Extends to manual filing systems and automated or electronic data.
|Data Subject||The person whom the data is about
|Information Commissioner||The UK Information Commissioner who is responsible for implementing, overseeing and enforcing the Data Protection Laws.
|Data Controllers||Decide how and why personal data is processed
|Data Processor||Acts on the Data Controller’s behalf
What information do we use for our services to clients?
Personal information provided by you:
In order to provide services to you, we collect and process personal information about you including – but not limited to – your name, contact information, address information including post code, family details, personal circumstances, financial details and employment details. We may hold some of this information already and will update it periodically when new policies are taken out or existing policies fall due for renewal.
Payment card information you provide when paying for your policy is processed via our secure systems and used solely for the purpose of that transaction. We do not store payment card information on any of our systems.
Please note that if we do not hold your personal information then we will not be able to offer services to you.
Personal Information provided by third parties:
We may receive information about you from third parties including Insurance companies, loss adjusters or finance providers, which we will add to the information we already hold about you where it is relevant to the services we provide to you.
How will we use the information about you?
The processing of data is necessary for the arranging, underwriting, and administration of insurance policies and insurance policy claims, provided the Data Controller shall implement suitable and specific measures to safeguard the data subject’s rights and freedoms in respect of such processing.
Information about you will be treated as private and confidential and may be used in the normal course of arranging and administering your insurance. We may also use your data to inform you of relevant information relating to existing insurance policies or any finance arrangements you may have with us in connection with your insurance.
Who will we share your information with?
We may share information we hold about you with Insurers and other regulatory and law enforcement bodies for the prevention of fraud, financial crime, or where the law requires us to do so.
As part of the service we provide, we may share your personal information with OpenGI (our software provider), the Financial Conduct Authority (FCA), Insurers and other insurance intermediaries, risk management assessors, uninsured loss recovery agents, and other third parties involved either directly or indirectly in your insurance.
We may also pass information about you to credit reference agencies and premium finance providers to assess your financial standing generally and, in particular, where you have requested a premium instalment plan.
We and other organisations may use credit or insurance reference and fraud prevention agency records about you and people financially linked to you, as well as others within your household, to help make decisions about you for underwriting purposes, validating claims and satisfying anti-money-laundering requirements. Upon request, we will tell you which credit reference and fraud prevention agencies we have used so you can obtain a copy of your details from them.
We will not sell, distribute or lease your personal information to third parties without your permission unless required by law to do so.
How long will we keep your data for?
Your data will be kept for as long as it is needed for us to arrange, place and administer your insurance. This means that we will retain your data whilst any insurance policy arranged through us remains valid, and for as long as is reasonable in order to deal with any claims or other outstanding insurance or finance related matters.
Why is processing your personal data Legal?
We are relying upon legitimate interests to process your personal data.
- Your personal data will be used for the purpose of providing insurance services.
- Your data is used to ensure we can contact you regarding any insurance-related communication, arranging and administering your insurance, and dealing with any claims-related matters.
We do not carry out any “Profiling” or automated decision-making but some of the Insurers we work with may do in order to provide you with the most competitive premiums.
Monitoring and recording communications
We may monitor and record communications with you (including telephone calls and emails) for the purpose of quality assurance, training and compliance with the relevant regulations.
Keeping your data secure
We will use technical and organisational measures to safeguard your personal data:
- Access to client records is controlled by password and user name that are unique to our staff and can only be accessed via our own computer systems.
- We will take reasonable steps to ensure the reliability of any employee, agent or contractor who may have access to your personal data, ensuring in each case that access is strictly limited to those individuals who need to access the relevant personal data as strictly necessary for the purposes of lawfully processing that data.
- Staff shall respect and maintain all due confidentiality.
- Personal data is stored on secure servers
- We have an agreement with our software supplier, OpenGI, to ensure that any data that is passed through their systems is kept secure
- We do not employ any sub-contractor to process your data.
- Your data is retained on computer systems located and maintained in the United Kingdom – we do not store your data outside of the European Economic (EEA)
Although we will use all reasonable efforts to safeguard your personal data, you acknowledge that use of the internet is not entirely secure and for this reason we cannot guarantee the security of integrity of any personal data that is transferred from you, or to you, via the internet. Should you have any particular concerns about your data, please contact us.
What rights do you have?
As a data subject, you have the following rights under the Data Protection Laws:
- the rights of access to personal data relating to you
- the right to correct any mistakes in your information
- rights in relation to automated decision taking
- the right to restrict or prevent your personal data being processed
- the right to have your personal data ported to another data controller (e.g. if you decide to transfer your insurance)
- the right to erasure
- compensation for damage caused by contravention of the Data Protection Laws
- the right to complain to the Information Commissioner if you believe we have not handled your personal data in accordance with the Data Protection Laws
These rights are explained in more detail below, but if you have any comments, concerns or complaints about our use of your personal data, please contact us (see the ‘Contact us’ section below). We will respond to any rights that you exercise within 30 days of receiving your request, unless the request is particularly complex, in which case we will respond within 90 days.
Right to access to personal data relating to you
You may ask to see what personal data we hold about you and be provided with:
- a copy
- details of the purpose for which it is being or is to be processed
- details of recipients or classes of recipients to whom it is or may be disclosed, including if they are overseas and what protections are used for those overseas transfers
- the period for which it is held (or the criteria we use to determine how long it is held)
- any information available about the source of that data and
See the ‘Contact us’ for details of who to contact to make a request for your personal data. To help us find the information easily, please provide as much information as possible about the type of information you would like to see.
If, to comply with your request, we would have to disclose information relating to or identifying another person, we may need to obtain the consent of that person if possible. If we cannot obtain consent, we may need to withhold that information or edit the data to remove the identity of that person if possible.
There are certain types of data, which we are not obliged to disclose to you, which include personal data which records our intentions in relation to any negotiations with you where disclosure would be likely to prejudice those negotiations
Right to correct any mistakes in your information
You can ask us to correct any mistakes in your information which we hold, free of charge. If you would like to do this please:
- email, telephone or write to us (see the ‘Contact us’ section below)
- let us have enough information to identify you, and
- let us know the information that is incorrect and how it should be corrected
Right to restrict or prevent processing or personal data
In accordance with the General Data Protection Regulations 2018 you may request that we stop processing your personal data temporarily if:
- you do not think that your data is accurate – we will start processing again once we have checked whether or not it is accurate
- the processing is unlawful but you do not want us to erase your data
- we no longer need the personal data for our processing, but you need the data to establish, exercise, or defend legal claims; or
- you have objected to processing because you believe that your interests should override our legitimate interests
Right to erasure
In accordance with the General Data Protection Regulations 2018 you can ask us to erase your personal data where:
- you do not believe that we need your data in order to process it for the purpose set out in this Privacy Notice
- if you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data
- you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
- your data has been processed unlawfully or has not been erased when it should have been
There may be exemptions which mean we may continue to process your data.
Complaints to the information Commissioners Office
If you do not think that we have processed your data in accordance with this notice, please contact us in the first instance to discuss your concerns. If we cannot resolve your complaint to your satisfaction, you can complain to the Information Commissioner’s Office, who are the supervisory authority in the UK protecting the rights of individuals under current data protection regulations. Further information is available by calling
0303 123 1113 or visiting www.ico.org.uk
For questions regarding your personal information held by us, or if you wish to request a copy of the information we hold about you, please telephone, email or write to us at
The Compliance Officer
GSI Commercial Services LLP
63, Riverside 3
Sir Thomas Longley Road
Medway City Estate
Tel: 01634 727766