0208 437 0817

Privacy Policy



We, Soter Professional Services Limited, is a company registered in England and Wales, under registration number 07767411 providing insurance and legal products to firms within the insurance and legal markets. We’re fully committed to protecting your personal information and registered with the Information Commissioners Office in the UK under registration number Z3128563. This policy describes how we may collect and use personal information, which is consistent with our legal obligations and your legal rights. Please read this policy carefully.



Defining ‘personal data’

The General Data Protection Regulation (GDPR) is an EU Regulation (2016/679), defining personal data as ‘any information relating to an identifiable person who can be directly or indirectly identified, in particular by reference to an identifier’. This means information that can identify who you are. Personal data that we collect or receive about you is set out below.



Information we collect or receive about you

So that we can provide a product or service, handle claims and for any other related purposes, we’ll need to collect or receive data in relation to the various data subjects shown below.



Data Subjects Type of data collected
Partners Á Suppliers Contact name, address, contact telephone numbers, profession, industry, financial details, business name, company status, FCA status, Directorship details, email address, bank details
Customers of our Partners Full name, date of birth, full address, title, profession, employment status, bank details, gender, details of insured vehicle and/or property, criminal convictions, email address, contact telephone numbers, nationality, applicable excesses, primary insurer details and policy number, additional driver information
Employees, Contractors & Applicants Full name, date of birth, full address, title, employment history, employer reference, bank details, NI number, copy passport, medical information, criminal convictions, nationality, email address, copy licence, next of kin details, credit information


Special Category Data

When we’re collecting and/or receiving personal information that may include “sensitive” data such as health and any criminal convictions, we’ll only use it for the specific purposes set out in this notice and treat it securely. This type of “sensitive data” is typically collected when providing products such as insurance.



Cookies

When browsing our website, we may also collect information relating to the user journey including users’ IP addresses, browser name, type of computer, etc. Some of this information is collected through cookies. Learn more about how we use cookies in our Cookies Policy found on our website. For further information visit www.aboutcookies.org or www.allaboutcookies.org.



How your information is collected

We’ll collect or receive data from the various data subjects using different channels shown below:



Data Subjects Where data comes from
Partners Á Suppliers During telephone calls, emails and letters, in person, when registering for our services, when using our website, from government agencies, regulatory bodies, fraud prevention agencies, credit reference agencies, social networks, introducers and insurance companies
Customers of our Partners Policyholder data is collected or received through data transfer, during telephone calls with policyholders, partners and agents, and by email, letter and text messages
Employees, Contractors & Applicants Receiving application forms, when using our website, from online jobsites and recruitment agencies, from social networks, CVs, emails and letters, from interviews, when conducting pre-employment checks, from HMRC, credit reference agencies, fraud prevention agencies, previous employer, and through return to work interviews, GP reports and occupational therapists


We may also monitor or record our phone calls with you so that we can ensure we’ve acted on what you’ve asked us to do, resolve any queries or concerns you may have, comply with industry regulations and improve our customer service.



Who we share your information with

For us to process your data and fulfil our legal and contractual obligations, we’ll need to share your personal information with relevant organisations as shown below:



Data Subjects Where data goes to
Partners Á Suppliers Fraud prevention agencies, government bodies, regulatory bodies, customers, other partners and financial institutions
Customers of our Partners Insurers, suppliers, regulatory bodies, government bodies, law enforcement agencies, agents, financial institutions
Employees, Contractors & Applicants Future employers, government bodies, local and central authorities, financial institutions, occupational therapist and if necessary, legal representatives


We’ll continue to take steps in ensuring your personal data is safeguarded in accordance with our obligations and your rights, and that all relevant parties involved in handling data on our behalf, safeguard personal data as part of their contractual and legal obligations. In certain circumstances, we may be legally required to share your personal information held by us, for example complying with legal obligations or providing information to a governmental authority.



Transferring data

We’ll not transfer any of your personal information outside of the UK.



The legal grounds for processing your data

Your personal data will always have a lawful basis, either because:



  • We’re processing your data under the authority of our Partners or;
  • It’s necessary for our performance of a contract with you, or;
  • You have consented to our use of your personal data (e.g. subscribing to emails), or;
  • We have a legal obligation to process your data;
  • It’s in our legitimate business interests to use it.


Specifically, we’ll use information we hold about you in the following ways:



Data Subjects How we use your data Legal basis for processing
Partners Á Suppliers To perform and receive services stated in our agreement with you
  • Contract
To comply with our legal and regulatory obligations
  • Legal obligation
Determining our performance through surveys and offering additional services or products that may be of interest to you, either by email, phone and/or post where you have agreed to this. You may opt-out at any time by unsubscribing, or contacting us by phone, email or in writing
  • Consent
Compiling statistics about the use of our site including anonymised data on traffic, usage patterns, user numbers, sales, and other information
  • Legitimate interests
Assessing how well a particular industry sector is working
  • Legitimate interests
Customers of our Partners Claims handling and other related reasons
  • Contract
Using service providers to support our business so that they can provide services to us and/or to you on our behalf
  • Contract
Determining our claims handling performance through surveys and offering additional services or products that may be of interest to you, either by email and/or post where you have agreed to this. You may opt-out at any time by unsubscribing, or contacting us by phone, email or in writing
  • Consent
Using anonymised data for market research which will help in future proofing the business for change and developing new systems and/or products to suit consumer needs
  • Legitimate interests
For fraud prevention, audit, compliance purposes, apprehending or prosecuting offenders
  • Legitimate obligations
Investigating complaints
  • Legitimate obligations
Updating you with changes to our terms and privacy policy
  • Legitimate obligations
Employees, Contractors & Applicants To comply with legal and regulatory obligations
  • Legitimate obligations
To perform and receive services stated in our employment contract with you
  • Contract
Determine our performance through surveys and offering additional services or products that may be of interest to you, either by email and/or post where you have agreed to this. You may opt-out at any time by unsubscribing, or contacting us by phone, email or in writing
  • Legitimate interests
Updating you with changes to our terms and privacy policy
  • Legitimate obligations
Sharing subjective data with medical professionals as part of attendance monitoring
  • Consent
Sharing subjective data with medical professionals and/or understanding disabilities to facilitate adaptations in the workplace, and/or to ensuring special needs are catered for at interview or selection testing
  • Consent
Sharing subjective data with government agencies when assessing the suitability of certain types of employment
  • Consent


How long we keep your personal information


Data Subjects Where data goes to
Partners & Suppliers We won’t keep your personal data for any longer than is necessary to fulfil the contractual obligation and will only keep it for longer when it is required by law
Customers of our Partners Data will be retained in accordance with our Partners data retention and privacy policies. Predominantly, after the expiry of the insurance contract and/or after a service has been provided and until the product provided has expired, personal data will be kept for a minimum of 7 years, or for an unlimited period if required for legal or regulatory reasons
Employees, Contractors & Applicants We do not keep your personal data for any longer than is necessary to fulfil the contractual obligation and will only keep it for longer when it is required by law


The rights you have regarding your personal information

As a data subject, you have the following rights under the General Data Protection Regulation:



  • You have the right to be informed on how we hold and deal with your personal information and this Privacy Policy fulfils that obligation. Our Partners will also have the responsibility of providing you with their Privacy Policies, informing you how your data will be shared with ourselves and how we’ll process your data.
  • If you’re a Partner, Supplier, Employee, Contractor or Applicant, you have the right to ask for a copy of personal information we hold about you or ask for your information to be corrected. If you’re a customer of one of our Partners e.g. you’ve purchased an insurance policy from a broker or insurer, you’ll need to refer to their Privacy Policy and exercise your rights directly with them.
  • You can also ask us to delete the information we hold about you, prevent us from processing your information and object to us processing your information (withhold consent). Please note, these rights may not apply where our basis for processing is by legal or contractual obligations.


If you require more information about your rights, or would like to exercise them, please contact us using the following details:



For the attention of: Daniel Humphreys (Data Protection Officer)
Email: danielhumphreys@soterps.com
Phone: 01480 274210
Address: 28 Eaton Avenue, Buckshaw, Village Chorley, Lancashire PR7 7NA.


Please refer to the section below ‘Accessing your personal data’, for more information on exercising this right.



Accessing your personal data

This Privacy Policy explains the type of personal data we hold about you and you can ask us for a copy of your personal data at any time. This is known as a “subject access request”.



When making a subject access request, this should be made in writing either by email or by post to the details shown in ‘The rights you have regarding your personal information’ section above.



Normally, we do not charge for a subject access request, however if you make repetitive requests, we may charge a fee to cover our administrative costs in responding.



We’ll aim to reply to your request within one month of receiving it and try to provide you with a copy of your personal data within this timeframe. However, in instances where we receive complex subject access requests, we may need more time to gather the information for you. This may take up to a maximum of three months from the date we receive your request. You’ll be kept fully informed of our progress.



Complaints

If you feel unhappy with the way we’ve handled your personal information, please give us the opportunity to put matters right and contact us by phone, email or in writing.



For the attention of: Daniel Humphreys (Data Protection Officer)
Email: danielhumphreys@soterps.com
Phone: 01480 274210
Address: 28 Eaton Avenue, Buckshaw, Village Chorley, Lancashire PR7 7NA.


If we’re unable to help, you also have the right to refer the matter to the Information Commissioners Office at: - Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or call: 0303 123 1113. Website: https://ico.org.uk



How and where we store your data

Data security is very important to us, and we have physical, technological and organisational measures in place to protect your data to help prevent loss, theft and authorised access/use. Steps we take to secure and protect your data include:



  • SFTP protocol that allows for the transfer of files over a secure connection
  • All data transferred is encrypted with encryption keys
  • SQL back-up server stored in the UK
  • IP protection on our claims management system and weblink
  • Security and data protection policies
  • Staff training


We also require our Partners and Suppliers to ensure they keep up with safeguarding data and comply with all the required laws.



We only keep your personal data for as long as we need in order to use it as described in this Policy and for as long as we have your permission to keep it.



As part of our security and back up procedures, your data will only be stored in the UK.



We also require our Partners and Suppliers to ensure they keep up with safeguarding data and comply with all the required laws.



Although we endeavour to provide standard security measures for information we process and maintain, no security system can prevent all potential security breaches.



If our business ownership changes

If our ownership changes in anyway, any personal information that you’ve provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the same purposes for which it was originally collected by us.



Information on how you can control your data

We want to ensure that you can control our use of your data for direct marketing purposes. You’ll have the option to opt-out of receiving emails by using the unsubscribe links provided, or by contacting us by email, in writing or by phone.



You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”).



These may help to prevent you receiving unsolicited marketing. Please note that these services will not prevent you from receiving marketing communications that you have consented to receiving.



Changes to our Privacy Policy

We may change this Privacy Policy from time to time (for example, if the law changes or if we change our business in a way that affects personal data protection). Any changes will be immediately posted on our website and you will be deemed to have accepted the terms of the Privacy Policy on your first use of our website following the alterations. We recommend that you check our website regularly to keep up-to-date. This notice was last updated on the 30 April 2018.