Information about us
We, Soter Professional Services Limited, is a company registered in England and Wales, under registration number 07767411 providing insurance and legal products to firms within the insurance and legal markets. We’re fully committed to protecting your personal information and registered with the Information Commissioners Office in the UK under registration number Z3128563. This statement describes how we may collect and use personal information, which is consistent with our legal obligations and your legal rights. Please read this statement carefully.
This Policy aims to ensure compliance with the EU Regulation 2016/679 General Data Protection Regulation (“GDPR”). The GDPR sets out the following principles with which any party handling personal data must comply. All personal data must be:
- Processed for limited purposes and not in any way incompatible with those purposes
- Adequate, relevant and will not be excessive
- Not kept for longer than necessary
- Processed in accordance with your individual rights
- Not transferred to countries without adequate data protection
Defining ‘personal data’
The General Data Protection Regulation (GDPR) is an EU Regulation (2016/679), defines personal data as ‘any information relating to an identifiable person who can be directly or indirectly identified, in particular by reference to an identifier’. This means information that can identify who you are. Personal data that we collect or receive about you is set out below.
Information we collect or receive about you
So that we can provide a product or service, handle claims and for any other related purposes, we’ll need to collect or receive data in relation to the various data subjects shown below.
|Data subjects||Type of data collected|
|Partnership and Suppliers||Contact name, address, contact telephone numbers, profession, industry, financial details, business name, company status, FCA status, Directorship details, email address, bank details|
|Customers of our Partners||Full name, date of birth, full address, title, profession, employment status, bank details, gender, details of insured vehicle and/or property, criminal convictions, email address, contact telephone numbers, nationality, applicable excesses, primary insurer details and policy number, additional driver information|
|Employees, Contractors and Applicants||Full name, date of birth, full address, title, employment history, employer reference, bank details, NI number, copy passport, medical information, criminal convictions, nationality, email address, copy licence, next of kin details, credit information, details of sick leave, prescribed medication, disabilities, interview notes, CVs, application forms, performance reviews, salary information, disciplinary records and grievances|
Special categories of personal data
When we’re collecting and/or receiving personal information that may include “sensitive” data such as health and any criminal convictions, we’ll only use it for the specific purposes set out in this notice and treat it securely. This type of “sensitive data” is typically collected when providing products such as insurance or during employment for specific reasons which employees will have been informed of (or will be informed).
When we’re collecting and/or receiving personal information that may be about a child, such as their name and date of birth, we’ll only use it for the reason set out in this policy and treat it securely. This type of data is typically collected when we’re processing new claims and children have been passengers in the vehicle at the time of the accident. We’ll only use this information as part of an insurance contract you have with our partners, or as part of the defence of a legal claim.
How your information is collected
We’ll collect or receive data from the various data subjects using different channels shown below:
|Data subjects||Where data comes from|
|Partnership and Suppliers||During telephone calls, emails and letters, in person, when registering for our services, when using our website, from government agencies, regulatory bodies, fraud prevention agencies, credit reference agencies, social networks, introducers and insurance companies|
|Customers of our Partners||Policyholder data is collected or received through data transfer, during telephone calls with policyholders, partners and agents, and by email, letter and text messages. The main policyholder will provide us with their child/children’s name and date of birth in the event of an accident|
|Employees, Contractors and Applicants||Receiving application forms, when using our website, from online jobsites and recruitment agencies, from social networks, CVs, emails and letters, from interview notes, when conducting pre-employment checks, from HMRC, credit reference agencies, fraud prevention agencies, previous employer, performance reviews, remuneration, benefits and expenses, disciplinary and grievance matters, medical conditions through return to work interviews, details of sick leave, disabilities, prescribed medication, GP reports and occupational therapists|
We may also monitor or record our phone calls with you so that we can ensure we’ve acted on what you’ve asked us to do, resolve any queries or concerns you may have, comply with industry regulations and improve our customer service. We’ll continue to take steps in ensuring personal data collected, processed, and held by us is kept accurate and up-to-date and checked annually.
Who we share your information with
For us to process your data and fulfil our legal and contractual obligations, we’ll need to share your personal information with relevant organisations as shown below:
|Data subjects||Where data goes to|
|Partnership and Suppliers||Fraud prevention agencies, government bodies, regulatory bodies, customers, other partners and financial institutions|
|Customers of our Partners||Insurers, suppliers, regulatory bodies, government bodies, law enforcement agencies, agents, financial institutions|
|Employees, Contractors and Applicants||Future employers, government bodies, local and central authorities, third-party companies offering employee benefits, financial institutions, occupational therapist and if necessary, legal representatives|
We’ll continue to take steps in ensuring your personal data is safeguarded in accordance with our obligations and your rights, and that all relevant parties involved in handling data on our behalf, safeguard personal data as part of their contractual and legal obligations. In certain circumstances, we may be legally required to share your personal information held by us, for example complying with legal obligations or providing information to a governmental authority.
We’ll not transfer any of your personal information outside of the UK.
The legal grounds for processing your data
Your personal data will always have a lawful basis, either because:
- We’re processing your data under the authority of our Partners or;
- It’s necessary for our performance of a contract with you, or;
- You have consented to our use of your personal data for one or more specific reasons, or;
- We have a legal obligation to process your data, or;
- It’s in our legitimate business interests to use it
Specifically, we’ll use information we hold about you in the following ways:
|Data Subject||How we use your data||Legal basis for processing|
|Partners and Suppliers||To perform and receive services stated in our agreement with you||
|To comply with our legal and regulatory obligations||
|Determining our performance through surveys and offering additional services or products that may be of interest to you, either by email, phone and/or post where you have agreed to this. You may opt-out at any time by unsubscribing, or contacting us by phone, email or in writing||
|Compiling statistics about the use of our site including data on traffic, usage patterns, user numbers, sales, and other information||
|Assessing how well a particular industry sector is working||
|Customers of our Partners||Claims handling and other related reasons||
|As part of the defence of a legal claim||
|Using service providers to support our business so that they can provide services to us and/or to you on our behalf||
|Determining our claims handling performance through surveys and offering additional services or products that may be of interest to you, either by email and/or post where you have agreed to this. You may opt-out at any time by unsubscribing, or contacting us by phone, email or in writing||
|Using data for market research which will help in future proofing the business for change and developing new systems and/or products to suit consumer needs||
|For fraud prevention, audit, compliance purposes, apprehending or prosecuting offenders||
|Updating you with changes to our terms and privacy statement||
|Employees, Contractors and Applicants||Due to the contractual relationship between you and us||
|To collect your data as part of your employment with us||
|For the provision of health and pensions schemes using third parties||
|Determine our performance through surveys and offering additional services or products that may be of interest to you, either by email and/or post where you have agreed to this. You may opt-out at any time by unsubscribing, or contacting us by phone, email or in writing||
|Updating you with changes to our terms and privacy statement||
|Sharing subjective data with medical professionals as part of attendance monitoring and used to assess the health, wellbeing, and welfare of employees and to highlight any issues which may require further investigation||
|Sharing subjective data with medical professionals and/or understanding disabilities to facilitate adaptations in the workplace, and/or to ensuring special needs are catered for at interview or selection testing||
|Sharing subjective data with government agencies when assessing the suitability of certain types of employment||
How long we keep your personal information
|Data subjects||Retained for|
|Partners and Suppliers||We won’t keep your personal data for any longer than is necessary to fulfil the contractual obligation and will only keep it for longer when it is required by law|
|Customers of our Partners||Data will be retained in accordance with our Partners data retention and privacy policies. Predominantly, after the expiry of the insurance contract and/or after a service has been provided and until the product provided has expired, personal data will be kept for a minimum of 7 years, or for an unlimited period if required for legal or regulatory reasons|
|Employees, Contractors and Applicants||We do not keep your personal data for any longer than is necessary to fulfil the contractual obligation and will only keep it for longer when it is required by law|
The rights you have regarding your personal information
As a data subject, you have the following rights under the General Data Protection Regulation:
- You have the right to be informed on how we hold and deal with your personal information and this Privacy Statement fulfils that obligation. Our Partners will also have the responsibility of providing you with their Privacy Statements, informing you how your data will be shared with ourselves and how we’ll process your data.
- If you’re a Partner, Supplier, Employee, Contractor or Applicant, you have the right to ask for a copy of personal information we hold about you or ask for your information to be corrected. If you’re a customer of one of our Partners e.g. you’ve purchased an insurance policy from a broker or insurer, you’ll need to refer to their Privacy Statement and exercise your rights directly with them. However, we will always keep our Partners informed if we’ve received a request direct.
- You can also ask us to delete the information we hold about you, prevent us from processing your information and object to us processing your information (withdraw consent). Please note, these rights may not apply where our basis for processing is by legal or contractual obligations.
If you require more information about your rights, or would like to exercise them, please contact us using the following details:
|For the attention of:||Daniel Humphreys (Data Protection Officer)|
|Address:||28 Eaton Avenue, Buckshaw, Village Chorley, Lancashire PR7 7NA.|
Please refer to the section below ‘Accessing your personal data’, for more information on exercising this right.
Accessing your personal data
This Privacy Statement explains the type of personal data we hold about you and you can ask us for a copy of your personal data at any time. This is known as a “subject access request” (“SARs”).
When making a subject access request, this should be made in writing for the attention of the Data Protection Officer, either by email or by post to the details shown in the ‘The rights you have regarding your personal information’ section above.
Normally, we do not charge for a subject access request, however if you make repetitive requests, we may charge a fee to cover our administrative costs in responding.
We’ll aim to reply to your request within one month of receiving it and try to provide you with a copy of your personal data within this timeframe. However, in instances where we receive complex subject access requests, we may need more time to gather the information for you and this may take up to a maximum of two months from the date we receive your request. You’ll be kept fully informed of our progress.
Data Protection Impact Assessments
We’ll carry out Data Protection Impact Assessments for any and all new projects and/or new uses of personal data and will be overseen by the Data Protection Officer who will address the following:
- The type(s) of personal data that will be collected, held, and processed;
- The reason for processing;
- How this data will be used;
- The parties (internal and/or external) who are to be consulted;
- Whether it is necessary to collect, hold and process this data;
- Risks posed to both to our firm and the data subject; and
- Proposed measures to minimise and handle identified risks
If you feel unhappy with the way we’ve handled your personal information, please give us the opportunity to put matters right and contact us by phone, email or in writing.
|For the attention of:||Daniel Humphreys (Data Protection Officer)|
|Address:||28 Eaton Avenue, Buckshaw, Village Chorley, Lancashire PR7 7NA.|
If we’re unable to help, you also have the right to refer the matter to the Information Commissioners Office at: - Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or call: 0303 123 1113. Website: https://ico.org.uk.
How and where we store your data
Data security is very important to us, and we have physical, technological and organisational measures in place to protect your data to help prevent loss, theft and authorised access/use. Steps we take to secure and protect your data include:
- SFTP protocol that allows for the transfer of files over a secure connection;
- All data transferred via email is to be encrypted;
- Personal data may be transmitted over secure networks only; transmission over unsecured networks is not permitted in any circumstances;
- Personal data may not be transmitted over a wireless network if there is a wired alternative that is reasonably practicable;
- Where personal data is to be sent by facsimile transmission the recipient should be informed in advance of the transmission and should be waiting by the fax machine to receive the data;
- All personal data to be transferred physically, whether in hardcopy form or on removable electronic media shall be transferred in a suitable container marked “confidential”;
- All electronic copies of personal data should be stored securely using passwords and data encryption;
- All hardcopies of personal data, along with any electronic copies stored on physical, removable media should be stored securely in a locked box, drawer, cabinet, or similar;
- Personal data will not be stored on any mobile device (including, but not limited to, laptops, tablets, and smartphones), without the formal written approval of the Data Protection Officer, and kept for no longer than is necessary;
- Personal data will not be transferred to any device personally belonging to an employee;
- Data will be backed up on a SQL server stored in the UK;
- Our claims management system and weblink include IP protection;
- Security and data protection policies are in place; and
- Regular staff training
We also require our Partners and Suppliers to ensure they keep up with safeguarding data and comply with all the required laws.
We only keep your personal data for as long as we need in order to use it as described in this Privacy Statement and for as long as we have your permission to keep it.
As part of our security and back up procedures, your data will only be stored in the UK.
Although we endeavour to provide standard security measures for information we process and maintain, no security system can prevent all potential security breaches.
If our business ownership changes
If our ownership changes in anyway, any personal information that you’ve provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Statement, be permitted to use that data only for the same purposes for which it was originally collected by us.
Information on how you can control your data
We want to ensure that you can control our use of your data for direct marketing purposes. You’ll have the option to opt-out of receiving emails by using the unsubscribe links provided, or by contacting us by email, in writing or by phone.
You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”).
These may help to prevent you receiving unsolicited marketing. Please note that these services will not prevent you from receiving marketing communications that you have consented to receiving.
Changes to our Privacy Statement
We may change this Privacy Statement from time to time (for example, if the law changes or if we change our business in a way that affects personal data protection). Any changes will be immediately posted on our website and you will be deemed to have accepted the terms of the Privacy Statement on your first use of our website following the alterations. We recommend that you check our website regularly to keep up-to-date. This notice was last updated on the 04 May 2018.
This privacy notice explains how Soter Professional Services Ltd uses your data when captured on CCTV.
Soter Professional Services Ltd has CCTV in operation at various sites, including offices and other premises. CCTV will capture images in real time wherever the cameras are pointed. These cameras may capture footage of you whilst you are on the premises. Cameras have been situated both inside and outside the buildings. There are signs in place to inform you where cameras are in use.
Who will be using your data?
Soter Professional Services Ltd will be the data controller for the data you provide to us.
We may also contract third party organisations to process your data on our behalf (e.g. suppliers of business systems such as our Business Management System).
What personal data do we use?
- static and moving images of people
- vehicle registration numbers
What types of special category personal data do we need from you?
We do not deliberately set out to capture any special category personal data. However, cameras may incidentally record information which falls within these categories. Additionally, footage cameras may be used as evidence regarding criminal offences or related security measures.
Why do we use your data?
- to ensure the health and safety of employees, service users and visitors to the sites
- to detect, prevent or reduce the incidence of crime
- to prevent and respond effectively to all forms of possible harassment and disorder
- to reduce the fear of crime
- to create a safer environment
- to provide emergency services assistance
- to assist with health and safety and other serious occurrences, including employment issues, for example, disciplinary investigations, where appropriate to do so
- for the defence of Soter Professional Services Ltd with regards to legal or insurance claims
What legal reasons allow us to use your data in this way?
Our legal basis for processing your personal data is:
- that it is necessary to meet a legal obligation
- that it is necessary to perform tasks in the public interest
- that we have a legitimate interest in processing this information
Our basis for processing special category persona data is:
- there is a substantial public interest in processing this information, for the purposes of detecting and preventing crime
Who may we share your data with or receive it from?
Sometimes we need to share your information with others. We will only do this when it is necessary, or if we are required to do so by law. We do not plan to share it with anyone else or use it for anything else. When it is necessary, we may disclose footage to specific partners.
We may be asked to provide footage to assist the police with any criminal damage or their investigations. We may also be asked for footage from insurance companies should there be an incident involving car accidents or damage to cars parked on council premises.
However, there is no planned regular or scheduled sharing of CCTV footage with any external organisation. Should this situation change, this privacy notice will be updated and reissued, to keep you fully aware of how the council plans to use CCTV footage which you may be captured in.
CCTV footage will only be processed internally by council staff who are authorised to do so and any other departments where there is a legitimate and lawful reason for their involvement, such as HR colleagues in the event of an investigation.
From time to time CCTV on entry points to premises may be used for monitoring purposes, to see if there are any issues with security or access. At no time will individuals be the focus of this monitoring.
May personal data be transferred overseas?
How long is your data kept for?
This information is held in accordance with the Soter Data Retention Policy
Does the service make decisions using fully automated processes?
What rights do you have over this use of your data?
- to be informed about how we use your data
- to access a copy of your data that we process
- to have us rectify or correct your data that we process
- to restrict our processing of your personal data
- to object to the use of your data
- to have your personal data erased
- to request that we transfer your information to you or another organisation
- to object to fully automated decision making
- to withdraw your consent (if it is the legal reason why we use your data)
Some of these rights are subject to exceptions.
Contact the Data Protection Officer:
If you have any concerns about how the council is using your data, you can contact the council's Data Protection Officer by writing to:
Contact details of the Information Commissioners's Office:
If you are unhappy with how your data has been processed by the council or you feel your data protection rights have been breached, you have the right to complain to the Information Commissioner's Office at: