COBRA Network Privacy Notice
1 ABOUT THIS NOTICE
COBRA Network Limited is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you in accordance with data protection law. Please read it carefully.
Data protection law says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely
This notice is separated into the following sections for ease of reference. If you have any questions about this notice or how we collect and use personal information about you please contact us.
- About this notice
- Information about us
- What personal information do we collect and how do we collect it?
- How and why do we use your information?
- Sharing your information
- Where we store your information
- Data Security
- How long will we keep your information for?
- Your rights
- Third party websites
- Changes to this privacy notice
2 INFORMATION ABOUT US
- 2.1 We are COBRA Network Limited. Our registered office is at 1 Minster Court, Mincing Lane, London, EC3R 7AA and our registered company number is 04628555.
- 2.2 If you have any questions, we have a dedicated Data Control Officer, who is responsible for data compliance issues.
- 2.3 Data Control Office contact details: Paul Bryant, telephone 020 7204 8802, email [email protected]
3 WHAT PERSONAL INFORMATION DO WE COLLECT AND HOW DO WE COLLECT IT?
Personal data, or personal information, means any information about an individual who can be identified. It does not include data where an individual cannot be identified (anonymous data). We collect personal information from you in the following ways.
3.1 Emails and records of other contact. This is information you provide when you contact us (for example by email, post or SMS) or when you respond to correspondence from us. This may include enquiries about our services or products, reviews, follow-up comments or complaints lodged by or against you and disputes with you or your organisation.
3.2 Technical information. This is information about you which is collected via technical means such as cookies, webpage counters and other analytics tools.
3.3 Caller information. We may collect details of phone numbers used to call our organisation and the date, time and duration of any calls. Please note that if we record your calls to or from us, we will inform you of this.
3.4 Professional information. If you work for one of our network members, suppliers or business partners, the information we collect about you may include your contact information, details of your employment and our relationship with you. This includes information that you or your organisation give us when filling in forms whether on our website or offline. If you are a member of our network this will also include.
3.5 HR information. If you work for one of our network members, we may assist them with in relation to staff issues. We may receive information about you as necessary to provide this service, including your HR record and details of your issue, grievance or disciplinary process.
3.6 Policyholder information. We sometimes help network members manage claims against insurers. If you are a policyholder with one of our network members, we may receive details about you and your dispute (including your name, policy details, and details of an insurance claim you have made) as required to help us provide this service.
3.7 Information we receive from third parties. As well as the information listed above, we may also receive the following types of personal information about you from the following sources:
3.7.1 Your organisation. If we have a business relationship with you or your organisation, we may receive information about you from your organisation. Your organisation should have informed you that your information would be provided to us, and directed you to this policy.
3.7.2 Our other channels. This is information we receive about you if you use any of the other websites we operate or the other services or products we provide. In this case we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on this website. We will also have told you for what purpose we will share and combine your data.
3.7.3 Our service providers. We work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers and credit reference agencies) who may provide us with information about you.
3.7.4 Publicly available sources. We obtain information from the following publicly available sources: the FCA Register, Companies House, your organisation’s website, in order to confirm your trading position.
3.7.5 Businesses we have bought. If we have acquired another business, or substantially all of its assets, which originally held your information, we will hold and use the information you provided to them, or which they otherwise held about you, in accordance with this privacy notice.
3.8 Special Categories of data. We may also collect from you information about your criminal convictions and offences as part of the application process for membership of the network to use as necessary for the purposes of our legitimate interests in preventing or detecting crime, and protecting the public and members of our network from crime. We keep this information in your application form for the duration of your membership, and for 12 months after your membership ends.
4 HOW AND WHY DO WE USE YOUR INFORMATION?
4.1 Common uses of your information
We will only use your personal information when the law allows us to do so. Most commonly, we will use your personal information in the following circumstances:
4.1.1 Where we need to perform a contract we have entered into with you.
4.1.2 Where we need to comply with a legal obligation.
4.1.3 Where it is necessary for our legitimate interests (or those of a third party) and your interests and rights do not override those interests.
4.1.4 We may also use your personal information where we need to protect your interests (or someone else’s interests) or where it is needed in the public interest although these circumstances are likely to be rare.
4.2 Specific examples of ways in which we may use your personal information include:
4.2.1 Website administration. We may use technical information, information about your visit to our website, cookie data, content and other information gathers you’re your participation in discussion boards or other functions on our website. We use this as necessary for our legitimate interests in administering our website and to ensure it operates effectively and securely.
4.2.2 Customer Administration. We may use information about you including form information, content and other information you provide to us or which we collect about you as necessary to carry out our contracts with you or your organisation, and for our legitimate interests in administering your (or your organisation’s) account and any subscriptions we operate, as well as to review and improve our offerings, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
4.2.3 HR information. We may use information about you provided by your organisation to help them resolve an employment issue between you and them. We do this as necessary for our and their legitimate interests in addressing employment disputes.
4.2.4 Direct Marketing. We may send direct postal or electronic marketing to you using your contact details and information you or your organisation have provided us. This will generally relate to the products our insurer partners make available through our network, or the benefits you may be able to obtain from using our network. We use your contact details and professional information as necessary for our legitimate interests in marketing to you and maintaining a list of potential customers. We only market to businesses, and if you feel you have mistakenly been added to our marketing list, please let us know. We will always provide an “opt-out” option on any marketing messages we send you. We retain your details on our marketing list until you “opt-out” at which point we add you to our suppression list. We keep that suppression list indefinitely to comply with our legal obligations to ensure we don’t accidentally send you any more marketing.
4.2.1 Record keeping to deal with legal claims. We may retain your personal information to ensure that we can properly bring or defend legal claims.
4.2.2 Third Party Personnel Administration. If you work for one of our network members, suppliers or business partners, we may hold information on you. This includes information you provide when you correspond with us, as well as details of your employment, contact details, and our relationship with you. We use this as necessary for our legitimate interests in managing our relationship with your organisation.
4.3 Change of purpose
We will only use your personal information for the purposes for which we collected it as set out in this notice, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
5 SHARING YOUR INFORMATION
As well as any sharing listed in section 3 (How and why do we use your information) we may also share your information with third parties, including third-party service providers and other entities in our group. We require third parties to respect the security of your personal information and to treat it in accordance with the law. We never sell your data to third parties.
5.1 Why might we share your personal information with third parties?
We may share your personal information with third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our agreements with you, or to protect the rights, property, or safety of us, our customers, or others or where we have another legitimate interest in doing so.
5.2 Which third-party service providers process your personal information?
“Third parties” includes third-party service providers (including contractors and designated agents) and other organisations within our group. All of our service functions (excluding IT administration) are carried out by other organisations within our group, or external service providers.
We also share information with our insurer partners as necessary for us to provide our services. Where we do so, those insurer partners act as data controllers in their own right, and have their own direct responsibilities toward you.
5.3 How secure is your information with third-party service providers and other entities in our group?
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal information for their own purposes. We only permit them to process your personal information for specified purposes and in accordance with our instructions.
5.4 When might we share your personal information with other entities in the group?
We will share your personal information with other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support, provision of our services, and hosting of data.
5.5 What about other third parties?
We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or to otherwise comply with the law.
6 WHERE WE STORE YOUR INFORMATION
6.1 Our office headquarters are based in London and our main data centre is located in the UK. However, where required to perform our contract with you or for our wider business purposes (for instance, where an insurer is based outside of the UK or EU), the information that we hold about you may be transferred to, and stored at, a destination outside the UK and the EU. It may also be processed by staff operating outside the UK and EU who work for us or for one of our service providers. We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this privacy notice.
6.2 We may need to transfer data to the following countries outside of the UK and the EU which the EU considers to have an adequate data protection regime in place Andorra, Argentina, Faroe Islands, Guernsey, Isle of Man, Israel, Jersey, New Zealand, Switzerland, Uruguay, and organisations in the United States which are certified under the EU-US Privacy Shield framework.
6.3 We may need to transfer data to countries outside of the UK and the EU which the EU does not consider to have an adequate data protection regime in place. Where we do this, we will ensure that appropriate safeguards are put in place. To obtain more details of these safeguards, please contact us.
7 DATA SECURITY
7.1 We have put in place measures to protect the security of your information. Details of these measures are available upon request.
7.2 Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
7.3 We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
7.4 We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where necessary.
8 HOW LONG WILL WE KEEP YOUR INFORMATION FOR?
8.1 We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
8.2 Details of our typical retention periods for different aspects of your personal information are set out below. If you would like details of our retention periods for a particular aspect of your personal information which is not detailed below, please contact us:
8.2.1 Technical information which is collected via technical means such as cookies, webpage counters and other analytics tools is kept for a period of up to 12 months.
8.2.2 Professional information where you work for one of our network members, suppliers or business partners is kept for up to 7 years after the end of our relationship with your organisation.
8.2.3 HR information where we are providing advice in relation to an issue between you and your organisation is deleted from our systems once we are no longer actively providing advice in relation to your issue.
8.2.4 Emails and records of other contact which don’t fall into any of the categories above will generally be kept for up to 7 years after we have received them.
8.3 In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
9 YOUR RIGHTS
9.1 Data protection law gives you a number of rights when it comes to personal information we hold about you. The key rights are set out below. More information about your rights can be obtained from the Information Commissioner’s Office (ICO). Under certain circumstances, by law you have the right to:
9.1.1 Be informed in a clear, transparent and easily understandable way about how we use your personal information and about your rights. This is why we are providing you with the information in this notice. If you require any further information about how we use your personal information, please let us know.
9.1.2 Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
9.1.3 Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
9.1.4 Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it (for instance, we may need to continue using your personal data to comply with our legal obligations). You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
9.1.5 Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to us using your information on this basis and we do not have a compelling legitimate basis for doing so which overrides your rights, interests and freedoms (for instance, we may need it to defend a legal claim). You also have the right to object where we are processing your personal information for direct marketing purposes.
9.1.6 Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
9.1.7 Request the transfer of your personal information to another party where you provided it to us and we are using it based on your consent, or to carry out a contract with you, and we process it using automated means.
9.1.8 Withdraw consent. In the limited circumstances where we are relying on your consent (as opposed to the other bases set out above) to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate interest in doing so.
9.1.9 Lodge a complaint. If you think that we are using your information in a way which breaches data protection law, you have the right to lodge a complaint with your national data protection supervisory authority (if you are in the UK, this will be the ICO).
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, withdraw your consent to the processing of your personal information or request that we transfer a copy of your personal information to another party, please contact us.
9.2 Marketing Purposes
In addition to the rights set out above, you also have the right to ask us not to process your personal information for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your personal information. You can exercise the right at any time by contacting us in writing. You can also use the unsubscribe option in our marketing emails to unsubscribe from further marketing emails. Please note that where you unsubscribe from any postal marketing, you may initially still receive some content which has already been printed or sent, but we will remove you from any future campaigns.
9.3 No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
9.4 What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Please consider your request responsibly before submitting it. We will respond to your request as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will let you know.
11 THIRD PARTY WEBSITES
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
12 CHANGES TO THIS PRIVACY NOTICE
Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail or otherwise. Please check back frequently to see any updates or changes to our privacy notice.