Privacy Notice (also known as Fair Processing Notice)
Data Controller: Jove Technology Limited, which is a UK corporation having its registered office 124 City Road, London, EC1V 2NX, United Kingdom
Contact Information: Lizhen Cai, firstname.lastname@example.org
A BRIEF SUMMARY OF THIS PRIVACY NOTICE
In general terms, we will only use your information on the basis that it is necessary to provide you the best service possible, administer your insurance contract or help you make a claim. Where we need to pass information to other firms, it will only be for that purpose. These firms will be Insurers, other insurance brokers, price comparison sites and firms handling claims. It includes finance providers and firms that process or administer our records and payments.
When we contact you, it will either be for the above reason, or because we have a legitimate interest in marketing related products. For any other marketing, it will only be with your consent and you will be able to withdraw your consent or unsubscribe easily at any time.
If we have to transfer information to a third country outside the UK/EEA/EU, we will only do so if a similar level of protection applies. If we need to obtain information which is by nature sensitive, we will only do so on the basis that it is in the public interest - for example to fight crime, prevent fraud or to make sure insurance is available.
For more information on how and what type of information we collect, why we do so, how we process it, etc. please read this document and contact us if you have any questions.
WHAT TYPE OF PERSONAL INFORMATION DO WE NEED?
We may need personal details (for example, name and contact details), which might include details of members of your family, lifestyle, finances, business or education.
We will only collect what is necessary and will only keep it for as long as we are required and in line with our data retention policy.
What other types of information do we need?
Under certain circumstances, we may also need to obtain information about Race or Origin, Gender, Religion, Health, Politics, Genetics, Trade Union Membership, Sex or Sexual Orientation.
We might also need details of criminal convictions.
We will only collect what is necessary and protect it with appropriate security measures.
WHY DO WE COLLECT PERSONAL DATA?
We only collect Personal Data for specific purposes. These purposes are explained below so you can understand the reason why we collect your Personal Data.
Note that it is possible that we might need to process Personal Data for another purpose which has not yet been identified by this Privacy Notice. In such case, we will update this Privacy Notice and endeavour to inform the Data Subjects that we are using their Personal Data for this new purpose.
Future or current insureds or policyholders
As explained above, we need to collect information about you in order to provide you the best services regarding your insurance coverages. Certain data is also collected as part of the administration of your insurance contract and the administration of claims in order to check that the conditions for compensation are fulfilled. Also, we collect your Personal Data to fulfil our contractual obligations with you and our Business Partners, as well as our legal and regulatory obligations.
Below we list the purposes for which we ask you for your Personal Data:
Ensuring registration to our services (via websites, applications…);
Completion of the contract;
Managing the contract (pricing, underwriting…);
Answering your questions;
Managing claims payments;
Analysing client’s loss history;
Assisting you regarding your insurance policy coverage, etc.;
Contacting you to propose you our insurance solutions;
Managing all billings matters;
Verification of the accuracy of some Personal Data;
Communication about services quality;
Management of complaints;
Compilation of statistics;
Preparing market analysis;
Building a client database;
Organising of contests or games;
Personalization of our offer.
We may also collect Personal Data relating to your health (so-called sensitive data) for claims management purposes (for applicable insurance products only) to verify that you meet the conditions of your insurance policy. This enables us to compensate you if you meet these conditions.
When you provide Personal Data to conclude a contract, but you decide not go ahead with the contract, Jove may contact you in the future, for example, to understand why the product offered was not purchased, to offer alternative products or improve our offering.
We might also process your data for our legitimate interests, as permitted by applicable law, more specifically to:
Fight against fraud and infringement;
Assess a security breach and or conduct a risk analysis;
Improve our applications and websites (access, uses…);
Improve our services (claims handling…);
Analyse client loss history;
Analyse our database and security testing;
Conduct internal audits;
Make back-up copies to recover lost data;
Ensure adequate technical management;
Comply with our legal and regulatory requirements, for example, in the event of audit or investigation by the Information Commissioner’s Office or the Financial Conduct Authority, to implement and show compliance with applicable Data Protection Laws or with MifiD (IDD) rules
WHICH PERSONAL DATA DO WE COLLECT?
Future or current insureds or policyholders
As your agent, we want to ensure that we offer the coverage that best suits your needs. As an insured, you want to be sure you are rightly covered. Therefore, and in order to do so, we need to collect Personal Data which will allow us to identify you and offer you the best services and insurance coverage for your specific profile.
We also collect certain data when you submit a claim to be able to process it. This concerns the administration of your insurance contract and claims.
For the above purposes, we will collect the following Personal data:
Personal identification data (first name, last name, ID information such as passport and driving licence, VAT number in case of an independent worker…);
Contact Data (address, email, phone…);
Personal Data (age or birth date);
Third parties Personal Data in the context of a claim or legal proceedings;
Financial identification data (credit card number, billing address, credit rating, criminal record);
Data related to claims management (moment of damage, damage circumstances, invoice, receipt of the purchase, police report, doctor record or other evidence necessary for us to assess the validity of claims as appropriate);
Family composition (children, husband/wife/partner name, siblings);
Current and historic job data (job title, industry, sector, date of employment, job status, employer, job location);
Housing features (accommodation location, property type, …);
Vehicle information (Vehicle type, vehicle model, past driving history and road convictions, commercial rider reward engagement)
Financial specifications (monthly rent, salary, contract rate, expenditures);
Life Habits (trips details, trips duration information, …);
Data related to previous accident(s);
Data related to life habits (car type, number of km, …);
Data/information appropriate to the insured risk, the insurance beneficiary, the policyholder and the insureds;
Health related data (such as sick notes, birth certificates, death certificates, etc...);
Any other data you voluntarily communicate to us.
Note that the type of Personal Data we request from you depends on the insurance product you enquire about or purchase.
Third parties (neither future or current insured / policyholder nor Partners) Personal Data
As an insurer intermediary, we might have to deal with some third-parties Personal Data (for example, in case of claims, witness identification data, etc.). Depending on the specific circumstances, we may need the type of Personal Data collected for insureds and or policyholders (please refer to the section above).
In these specific cases, we limit the processing of their Personal Data to the specific purpose for which it is collected.
We may also collect non-personal data that does not identify you directly or indirectly. Non-personal data may be used for any purpose (for example, for statistical purposes).
HOW DO WE OBTAIN YOUR PERSONAL DATA?
We may gather your Personal Data from information you submit to a website, our app, by telephone, face to face or by email.
We may receive your Personal Data from insurers, other insurance brokers, introducers, price comparison sites, firms handling claims, as well as from finance providers and firms that process or store our records and payments.
We use two types of distribution channels to offer our insurance solutions.
This is when we integrate our software widget into our Business Partners’ systems. In such cases, you navigate their websites or applications but we are behind this insurance solution via Open APIs.
This is when our Business Partners sell their services and Jove insurance solutions has a branded premium account, which they directly offer to you via their website or application.
Future or current insureds or policyholders
By filling in the online form to subscribe to an insurance policy (this can be done through one of our Partners’ website or application, via a Jove widget, or through Jove’s branded premium account), you will share your Personal Data with us. We will collect, store, use and process the data to administer your insurance contract and, where needed, help you make a claim.
In this context, we also collect Personal Data via:
Our website (including our contact page);
Some of the cookies present on our website;
Subscription to our newsletter;
Communication through our website, app and social media;
All other communications between you and us (phone conversations, claims forms, etc.).
ON WHICH BASIS DO WE COLLECT YOUR PERSONAL DATA (LAWFULNESS OF THE PROCESSING)? (see why we collect your Personal Data)
The legal basis for processing Personal Data depends on the processing and the stakeholders involved in such processing. If you are an end-customer (potential or actual policyholder and or insured), we will not process your Personal Data in the same way we deal with third parties Personal Data or our Business Partner’s Personal Data (legal entity).
We process your Personal Data for various purposes. For each processing operation, only Personal Data relevant for the purpose in question is processed.
Generally speaking, and as an example, we use your Personal Data either:
within the framework of the completion of the contract or to take pre-contractual measures at your request. For example, we process your Personal Data for the following purposes:
analysis as to the advisability of concluding an insurance contract, and/or as to the conditions to be imposed on the insurance contract;
conclusion and management of insurance contracts forming part of the range of products and services offered by Jove;
customer relationship management and claims management;
performing a service you have requested, for example by providing us with your Personal Data online to subscribe to the newsletter, submit your application or to request an insurance offer. In these cases, we process the data you have provided to send you the newsletter, process your application or send you the insurance offer requested.
to comply with all legal, regulatory and administrative obligations to which we are subject, in particular and not exhaustive:
prevention of money laundering;
implementation of MiFID legislation;
combating tax fraud.
for reasons that are in our legitimate interest, in which case we ensure that we maintain a proportionate balance between our legitimate interest and respect for your privacy. These are the situations in which we process your Personal Data in order to be able to function and offer you the best service.
when we have obtained your consent, in which case we process your personal data for the specific purpose(s) to which you have consented.
For example, we process your data for the following purposes:
detection and prevention of abuse and fraud;
control of the regularity of transactions;
monitoring and control;
recognition, exercise, defence and preservation of our rights or of the persons we may represent, for example in litigation;
constitution of evidence;
global vision of the customers (for example, by establishing statistics of our customers in order to know who our customers are and to know them better);
follow-up of our activities and administrative knowledge of the various persons in contact with the company, which may allow the identification of the files, the intermediary and other parties involved;
testing, evaluation, simplification, optimisation and/or automation of Jove’s purely internal processes in order to make them more efficient (for example: optimisation/automatisation of internal risk assessment and acceptance processes, automation of the procedure for handling your questions and requests, etc.);
testing, evaluating, simplifying and optimising online systems to make your user experience better (for example, fixing bugs on our websites and mobile applications, contacting you to solve technical problems when we found that you started filling in your data online for a service but were unable to continue this process, etc.);
management and adjustment of authorised products.
WE DO PROCESS YOUR DATA FOR PROFILING PURPOSES…
We may process your Personal Data for profiling and profile-based decision-making purposes, including data analysis and the compilation of statistics, models and profiles.
Wherever possible, we only use anonymous or pseudonymized data for profiling.
Profiling is any form of automated processing of personal data consisting in using this data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict elements concerning their work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Depending on the purpose pursued by profiling, the legal basis for profiling is either:
The performance of the contract binding us or the taking of pre-contractual measures at your request. For example, in order to properly assess risk, both in accepting insurance and in determining the premium and extent of cover, we use objective «segmentation criteria» which meet all applicable legal requirements. These criteria vary according to the product and stem from the statistical observation that they have an impact on the occurrence and/or severity of a claim.
A legal, regulatory or administrative obligation;
Our legitimate interest, in which case we ensure that a balance is maintained between our legitimate interest and respect for your privacy. For example, we may process your profiling data as part of the prospecting process, to identify and prevent fraud or to help automate internal processes. Where we profile on the basis of our legitimate interest, we always make sure that there is a balance between your interests and our own legitimate interest.
In cases where we use your Personal Data in the context of profiling for the purposes mentioned above, we assure you that you will not be the subject of a decision based exclusively on profiling, and the decision will not have a legal impact on you and will not significantly affect you in a similar manner.
In other cases, we will ensure that such a decision is:
necessary for the conclusion or performance of a contract between you and us;
based on your express consent (usually for direct marketing purposes); or
We will inform you when the above apply and you will always be informed of the fact that you will be the subject of such a decision as well as the logic behind such a decision and its meaning, as well as its envisaged consequences.
Unless we are legally authorised, you always have the right to request the intervention of one of our employees to express your point of view and to contest the decision.
In any case, we assure you that we will always process Personal Data on the basis of, and in compliance with, our legal and regulatory obligations.
WHO HAS ACCESS TO YOUR DATA AND TO WHOM IS IT TRANSFERRED?
In order to protect your privacy, the persons authorised to access your Personal Data are precisely determined according to their tasks.
If necessary, your Personal Data may be communicated to other intervening insurance companies, their representatives in the UK, their correspondents abroad, the reinsurance companies concerned, claims settlement administrators, relevant experts and or lawyers, technical advisors, other insurance intermediaries or subcontractors.
As far as our subcontractors are concerned, they are specialised partners in the UK or abroad to whom we call for certain services in order to offer you the best service within the framework of your insurance contract. These may be subcontractors who are typical to the insurance industry, for example (non-exhaustive list):
Intermediaries with whom we work (Brokers, Insurance intermediaries, registered companies, external collaborators, business introducers);
Investigators for fraud investigations;
(inter)national claims offices;
Insurance and reinsurance undertakings;
They may also include other subcontractors, such as (non-exhaustive list):
lawyers and other specialised consultants;
IT service providers;
marketing and communication offices.
Whenever we need to share your Personal Data, we ensure that such persons are contractually obliged to comply with Data Protection Laws, follow our instructions and comply with our Data Protection Policy. By way of example as to what this means, we will ensure that:
only the Personal Data which we are required to disclose by contractual or legal obligation, or which they need in order to perform their legal obligations, are limited to what is strictly necessary and proportionate to the legitimate interest justifying the transfer; and
that these persons undertake to treat the Personal Data securely and confidentially and to use it only for the purpose for which the Personal Data were transferred to them.
No transfer for commercial use
We do not forward your Personal Data to third parties for commercial use unless you have given your explicit consent to do so.
Transfers outside the UK and the European Economic Area (EEA)
We may transfer your data outside the UK and the EEA to a country that may not provide an adequate level of protection for personal data. In such cases, we will ensure that your Personal Data is protected by contractually obliging our international counterparts to comply with Data Protection Laws, follow our instructions and comply with our Data Protection Policy. In addition, we will further strengthen IT security and contractually require a higher level of IT security from our international counterparts. If you wish, you can obtain a copy of the adapted contractual clauses by contacting us.
HOW DO WE PROTECT YOUR PERSONAL DATA?
Access to your Personal Data is only granted to persons for whom it is necessary for the performance of their tasks. They are contractually bound to comply with Data Protection Laws, follow our instructions and comply with our Data Protection Policy. In addition, they are bound by strict professional discretion and must comply with all the technical and organisational requirements laid down to ensure the confidentiality of Personal Data.
We have put in place technical resources and specialised teams that deal primarily with the protection of your Personal Data. We want to prevent unauthorised persons from accessing, processing, modifying or destroying Personal Data.
We therefore recommend that you read their Privacy Notice carefully to find out how they respect your privacy.
HOW WE STORE YOUR INFORMATION AND HOW LONG DO WE KEEP IT FOR?
Your information is securely stored using Google cloud storage, for information on how google store data please visit https://cloud.google.com/privacy/gdpr
We only keep Personal Data for a reasonable and necessary time taking into account the purposes of the processing and the legal and regulatory requirements.
If there is no more reason to keep your Personal Data (such as a claim pending), we will retain your Personal Data in line with our GDPR Personal Data Retention Policy.
At the end of the retention period, we will make every effort to ensure Personal Data has been made unavailable or inaccessible. We will then dispose of your information by deleting data stored via Google cloud. This process is detailed here https://cloud.google.com/docs/security/deletion
WHAT ARE YOUR LEGAL RIGHTS?
In broad terms…
You have the right to complain to the Information Commissioner atwww.ico.org.uk, Tel 0303 123 11132.
You can obtain a copy of your personal information from us without charge by contacting us at the address above. This may include the right to transfer information to other providers.
You have the right to ask us to correct information.
You have the right to ask us to delete your information or stop using it, unless it is necessary for us to retain it for insurance or financial purposes as set out in our document retention policy.
You may have the right to object if decisions about you are made solely by a computer.
For more information on your legal rights, please read through the following section
Your right of access and copy
You have the right to obtain a free copy (including in an electronic format) of the Personal Data we collected about you.
When necessary, you can always ask us to rectify, complete or delete Personal Data that are inaccurate, incomplete or irrelevant.
In cases where you request additional copies, we may require the payment of reasonable fees to cover administrative costs.
If you decide to submit this request electronically, we will provide you the copy in an electronic form commonly used, unless you request otherwise.
In any event, we will send you a copy of your data within the month after receipt of your request at the latest.
Your right to restriction of processing
As a Data Subject, you have the right to restrict the processing of your Personal Data when one the situations described below occur:
You contest the accuracy of a Personal Data. The restriction will apply for a period enabling us to verify the accuracy of this Personal Data;
If we unlawfully process your Personal Data and you prefer to request a restriction instead of the erasure of this Personal Data;
If we don’t need your Personal Data anymore for one of the purpose we defined in this policy but you need it for the establishment, exercise or defence of legal claims;
If you object to processing (explanation is just hereunder) pending the verification whether our legitimate grounds override yours.
When the restriction has ended, we shall immediately inform you.
Your right to object
There are two specific cases where you can object for your Personal Data to be processed:
Firstly, when we process Personal Data for direct marketing purposes (we shall ask your consent for that), you have the right to object at any time for your Personal Data to be processed.
Secondly, you can object to the processing of your Personal Data for reasons linked to your specific situation if we based it on our legitimate interests. We shall no longer process your Personal Data in such a case unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or when we need it for the establishment, exercise or defence of legal claims
Right to data portability
When we process your Personal Data on the basis of your consent or for the execution of a contract, you may ask us to send you your Personal Data in a structured and commonly used format.
When technically feasible, you may also ask us to directly transmit your Personal Data to another data controller.
Right to erasure (‘right to be forgotten’)
Finally, you have the ultimate right to be forgotten by us.
That means you have the right to obtain the erasure of your Personal Data without undue delay in the following specific situations:
If your Personal Data are no longer necessary in regard to the purposes for which we collected them;
If we unlawfully processed your Personal Data;
If you object to the processing and we have no overriding legitimate grounds for the processing;
If we have to erase your Personal Data in order to comply with a European or UK legal obligation.
Also, you have the right to ask us to delete any of your Personal Data which, taking into account the purpose of the processing, would be incomplete or irrelevant or whose registration, communication or storage would be prohibited, or, eventually, which has been retained beyond the necessary and authorised retention period.
How to exercise your rights?
It’s good to have rights but it’s better to know how you can request to enforce them!
To be able to help you, we’ll need to check that your request concerns your Personal Data.
For that purpose, we’ll ask you to send us a written request with a proof of your identity (ID card copy).
B. When shall we answer?
We’ll get back to you with our answer as soon as possible and within a month at the latest.
That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. In such a case, we’ll inform you about the reasons for the delay (it might be because the case is complex or because we have to process too many requests).
HOW TO COMPLAIN?
If you wish to react to one of the practices described in this document or if you have any questions or feel that you have cause for complaint, please contact us using the communication channel you prefer.
Jove’s contact details:
Address: 124 City Road, London, EC1V 2NX, United Kingdom
Please try to be digital when contacting us!
For further information on complaints and possible remedies, we advise you to consult all information available on the UK Information Commissioner's Office website: https://ico.org.uk/
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s contact details:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113