This Site requests and collects certain personally identifiable information such as name, address, phone number and e-mail address through various means, including Site registration, surveys,games, questions, comments and communications to the Site, and postings to chat and bulletin areas, if any.
We may collect your IP (Internet Protocol) address to help diagnose problems with our server, and to administer our Site. An IP address is a number that is assigned to your computer when you use the Internet. This information does not contain any personally identifiable information about you. Your IP address is also used to help identify you during a particular session and to gather broad demographic data.
General Data Protection Regulation (GDPR)
The Board of Ross Gower has considered and adopted the following procedure. The responsibility of updating the Board on developments within GDPR rests with the Data Controller.
Note, this procedure replaces any previous versions.
Ross Gower Group Limited officers and staff will treat all information received from clients and third parties in accordance with The GDPR Regulations.
Data Processing Definition
Processing means 'any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.' In other words, anything we do in relation to holding or using customer information.
DATA Controller is Ross Gower Group Ltd.
The Purpose for Collecting Data
The prime purpose of Data collected by Ross Gower Group, is it's use exclusively in the application, provision and management of financial product lines. The company consider that the Processing is necessary for the performance of a contract with you the "data subject" or to take steps to enter into a contract with you. Data is collected to ensure that we understand your needs and to enable us to provide you with a quality service, and in particular for the following reasons:
To establish Internal records, for the provision of our business operations and services.
To maintain records in order that both Regulatory and Legal responsibilities can be met without undue delay.
To safeguard the rights of individuals with regard to personal information which may be held, stored or processed about them.
To ensure that appropriate information is processed and retained in accordance with practices defined by the Information Commissioner.
To ensure that data will only be disclosed to appropriate parties.
We may send promotional emails about new services, special offers or other information which we think you may find relevant using the email address which you have provided.
Consent to Hold Data
Consent must be freely given, specific, informed, unambiguous and must be verifiable.
This means that some form of record must be kept of how and when consent was given.
Individuals have a right to withdraw consent at any time.
Ross Gower Group will ensure consent is provided by the following means:
On acceptance of the conditions, the data will be forwarded from your browser and processed in accordance with the type of application in question. Should you be unwilling to share the data at this point, the application will not be forwarded from your browser and you are free to discard without further interaction with Ross Gower Group Limited.
Your Rights Under the Law
THE RIGHT OF ACCESS
Individuals have the right to access all the personal data
stored on them.
There will be no fee for the first copy of information. A fee may be charged if the individual asks for a copy to be sent to another interested party. We have thirty days to respond to your request.
THE RIGHT TO RECTIFICATION
If individuals finds inaccuracies in their personal data they can ask to rectify it. We have thirty days to respond to your request.
THE RIGHT TO ERASURE
Individuals have the right to request their personal data to be erased without undue delay. We will respond to requests within 48 hours.
Instance where erasure of data would be appropriate:
- If the personal data is no longer necessary in relation to the purposes for which they were collected.
Instance where erasure of data would not be appropriate:
- where the erasure of the data may be in breach of regulatory or legal obligations of the controller.
THE RIGHT TO PREVENT DIRECT MARKETING
Individuals have the right to be excluded from any direct marketing.
THE RIGHT TO DATA PORTABILITY
Individuals have the right to personal data concerning him or her which he or she has provided to a controller and transmitted to another controller. ie. To another financial services provider
You can obtain a reusable copy of the information you provided us within your customer portal, this can then be used for your own purposes. We aim to provide the portable data within five days of your request, but we do have thirty days.
You can make any of the above requests to our Data Protection Officer (Dean De La Rue) by emailing firstname.lastname@example.org, alternatively, you can write to: Data Protection Officer, Ross Gower Group Ltd. Please include your name, address and policy number along with the details of your request
Controlling Your Personal Information
You may choose to restrict the collection or use of your personal information in the following ways:
- We will only collect your data on our website contact form where you specifically agree to our terms of business.
- Ross Gower Group Limited utilise email and SMS notification, for the purposes of client communications, and where applicable, we always include an ability to unsubscribe your email address from any ongoing marketing communications.
- If you believe Ross Gower Group Limited hold any personal data about you, you are welcome to send us a written "Subject Access Request" to request details of this data. We will require you provide comprehensive proof of your identity before releasing any information.
- If you require this personal data to be Deleted / Anonymised / Archived / Updated or Altered in any other way, you should include this in your written request. Ross Gower Group Limited, will be happy to comply where our regulatory, statutory and commercial rights and responsibilities will not be compromised.
- We are only able to respond to "Subject Access Requests" where these are received in writing and sent to our postal contact address on our Home Page.
We will not distribute your personal information to third parties unless we are explicitly required to do so under IT Hosting arrangements, by law, or for accounting or regulatory purposes.
Data Types Held
Data collected and retained comes under the following categories:
Insurable risk data
Insurance claims history
Credit control notes
Recorded and Written Conversations between clients and personnel
It is considered that each of these data categories are required to fulfil the contractual obligations of both the client and the company.
Ross Gower Group Limited
IT Hosting Platforms
Credit Reference Agencies
Payment Gateway Providers
Motor Insurance Bureau
Claims and Underwriting Exchange Register (CUE) run by Insurance Database Services Ltd (IDS Ltd) and the Motor Insurance Anti-Fraud and Theft Register (MIAFTR), run by the Association of British Insurers (ABI).
Regulatory Authorities (including Police, Customs, FIS)
Suppliers of services
Debt Collecting, Tracing and Private Investigators
An organisation processing data on behalf of the company
Fraud Prevention Agencies
If false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies. Law enforcement agencies may access and use this information.
We and other organisations may also access and use this information to prevent fraud and money laundering, for example when:
- Checking details on applications for credit and credit related or other facilities
- Recovering debt
- Checking details on proposals and claims for all types of insurance
- Checking details of job applicants and employees
Please contact the Data Protection Controller, if you want to receive details of the relevant fraud prevention agencies.
We and other organisations may access and use from other countries the information recorded by fraud prevention agencies.
Insurers pass information to the Claims and Underwriting Exchange Register (CUE) run by Insurance Database Services Ltd (IDS Ltd) and the Motor Insurance Anti-Fraud and Theft Register (MIAFTR), run by the Association of British Insurers (ABI).
Under the conditions of your policy, you must tell us about any incident (e.g. accident, fire, theft or malicious damage) which may or may not give rise to a claim. When you tell us about an incident, we will pass information relating to it to the registers.
Motor Insurance Database
Information relating to motor insurance policies will be added to the Motor Insurance Database (MID) managed by the Motor Insurers' Bureau (MIB). MID and the data stored on it may be used by Insurers, the Police, DVLA/DVANI, the Insurance Fraud Bureau or other bodies permitted by law for purposes including, but not limited to:
- Electronic Vehicle Licensing
- Continuous Insurance Enforcement
- Law enforcement (prevention, detection, apprehension and or prosecution of offenders)
- Obtaining information if you are involved in a road traffic accident (either in the UK, the EEA or certain other territories).
Persons (including his or her appointed representatives) pursuing a claim in respect of a road traffic accident (including citizens of other countries) may also obtain relevant information which is held on the MID.
It is vital that the MID holds your current registration number. If it is incorrectly shown on the MID you are at risk of having your vehicle seized.
You can check that your correct registration number details are shown on the MID at askmid.com
How We Protect Your Information
We capture your personal information, such as names and addresses, over a secure link using recognised industry standard Secure Sockets Layer (SSL) technology which encrypts the data whilst passing it over the web. This will be indicated on most browsers by a lock in the status bar at the top of the screen. Firewalls are used to block unauthorised traffic to the servers and the actual servers are locked in a secure location which can only be accessed by authorised personnel.
All providers charges, including calls from landline and mobile phones, will vary depending on your network rate.
Credit Reference Agencies (CRA’s)
In order to process your application we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.
We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates.
The identities of the CRAs we share data with and the ways in which they use and share personal information, are explained in more detail at:
Channel Island Data Services: www.cidsltd.com
Data Retention Periods
Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
It should be noted that records linked to financial transaction are subject to retention rules published from time to time by regulatory authorities and under accounting standards rules. Currently the minimum retention period under these requirements is six years.
In addition, application records are required to be retained in order to ensure Anti Money Laundering / Combatting the Funding of Terrorism (AML/CFT) reporting can be maintained.
The retention period should be measured from the date of application where there is no corresponding business written or where business is written, from the date of the completion of the product.
Customer Information - 6 years after the completion of the last product provided.
Premium Loan Data - 6 years after the completion of the agreement.
Insurance Application Data - 6 years after the completion of the policy.
Application not leading to the sale of a product – 31 days.
At the completion of the retention period, all data will be purged (deleted).
Sensitive Personal Data
Personal data consisting of the following information is deemed to be of a sensitive nature and Ross Gower Group Limited will not enquire or retain information relating to these:
- the racial or ethnic origin of the data subject;
- his/her political opinions;
- his/her religious beliefs or other beliefs of a similar nature;
- whether he/she is a member of a trade union;
- his/her sexual life;
Note, it is necessary in some cases to record medical history in relation to motor, travel and medical insurance plans. Where this is the case, records will be retained in accordance with the above retention policies.
Data Relating to Children
Whilst it may be necessary to collect data relating to children, ie in the case of a family travel insurance policy, information must be provided by the parent or guardian. Under no circumstance may a member of staff enter into direct dialogue with a child or minor.
For the avoidance of any doubt, in this context we treat any persons under the age of 16 years as a child.
We are committed to using our best endeavours to ensure that your information is secure. All information transferred between your browser and our website or third party applications are encrypted using HTTPS protocol, using Digital Certificates with secure TLS Cyphers. This can be verified by looking for the secure padlock symbol in the browser address bar.
In order to prevent un-authorised access or disclosure, we have put in place further physical, electronic and managerial procedures to safeguard and secure the information we collect. These policies and procedures are company confidential, to avoid exposure of this data security, so can only be made available to relevant parties legally bound by a non-disclosure agreement.
It is the responsibility of the Board of Directors of the Company to ensure that registration is maintained with the Data Protection/Information Commissioner, declaring the purposes for which the information is being held or processed, to whom it will be disclosed and the security to be applied.
It is the responsibility of all staff members to ensure that any use of personal data in the course of their work is treated in accordance with the Data Protection Principles.
Consent to Processing
By providing any personal information to this Site, you confirm that you fully understand and unambiguously consent to the transfer of such personal information to, and the collection and processing of such personal information in, the United Kingdom other countries or territories.
If you would like to review and/or update the information that you have provided to the Site, please send an e-mail to email@example.com requesting such access or change.
Choice/Opt-Out Marketing Only
You may choose to have your name taken off Ross Gower Group Limited e-mail marketing list by sending an e-mail to firstname.lastname@example.org with the subject line "Unsubscribe" or by following instructions provided in any e-mail message from Ross Gower Group Limited.
Your Acceptance Of This Policy
By using this Site, you signify your acceptance of our Privacy and Data Policy. If you do not agree to this policy, please do not use our Site. We reserve the right, at our discretion, to change, modify, add, or remove portions from this policy at any time so visitors are encouraged to review this policy from time to time. Your continued use of our Site following the posting of changes to these terms means you accept these changes.