Corporate Website Privacy Notice
1. Introduction
Direct Line Group is committed to protecting the personal data that we collect from users of our corporate website and individuals who subscribe to our email alert service. This Privacy Notice summarises:
- Who ‘we’ are
- The categories of data we collect and the purposes of processing
- How we share your data
- How we retain and protect your data
- Your rights under Data Protection law
- How you can contact us
Please click here if you are looking for our Data Privacy Policy, which provides more detail on our privacy and security programmes, framework and governance.
2. Who ‘we’ are
DL Insurance Services Limited is the data controller in respect of the information covered by this Privacy Notice.
3. Categories and sources of data collected
To provide you with the services offered on our website, we collect the following types of data:
- Personal details - including name, country and occupation.
- Contact details - including email addresses.
- We may collect other data where we have used cookies to collect information from your computer or portable electronic devices. Please see our cookies policy for more information.
If you do not provide information that we require, we will be unable to provide you with these services.
4. Purpose and Legal Basis of processing
We and/or persons acting on our behalf may process your personal data for any of the following purposes:
- To provide you with tailored email alerts that highlight significant changes on our website (the ‘email alert subscription service’) related to company news and results information.
- Any other legitimate business purpose or as otherwise permitted by any applicable law or regulation to facilitate the organisation and delivery of activities that support your ongoing relationship with us.
For each of the purposes outlined above, one or more ‘Legal Bases’ for processing apply. The relevant conditions are outlined below, in order of our level of reliance upon them:
- Consent – This accounts for the processing performed to provide the email alert subscription service and to keep you informed about other products and services that may be of interest.
- Necessary for legitimate interests – This is only used where processing that we wish to undertake is not based on consent. For example, storing of IP addresses for limited periods of time to assist with operational or troubleshooting purposes.
5. How we share your data
To fulfil the purposes for which personal data is processed, we may share personal data with a range of individuals, external companies and other organisations.
Any disclosures of personal data are made using the minimum personal data necessary for the specific purpose and circumstances. Information is only shared with third party organisations where deemed necessary to fulfil the services describer above or where you have consented to the disclosure of your personal data to such persons.
We may obtain and share personal data on a regular and ongoing basis with a wide variety of organisations, which may include but is not limited to:
- Third parties who process your personal data on our behalf (such as the providers of our corporate website hosting services and email alert subscription service).
- Any regulatory, exchange body, enforcement, or court where we are required to do so by applicable law or regulation or at their request.
- Any subsidiary of the ultimate holding company, Direct Line Insurance Group plc, as required for the proper conduct of our business.
6. Where we may transfer your data
The personal data we collect from you may be processed in (including accessed in or stored in) a country or territory outside the United Kingdom, which may not enforce the same level of protection by law or regulation. To safeguard your data, we put in place contractual obligations with third parties, to define technical and organisational measures to provide appropriate protection.
7. How we retain your data
We will only retain your personal data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements. For example:
- Personal and contact details used for the email alert subscription service are processed for the duration of the service provision.
- IP addresses are stored for 14 days to assist with operational or troubleshooting purposes.
- Depersonalised web analytics data is held up to 1 year for website performance trending.
Please be advised that you can change your alerting preferences or unsubscribe at any time directly by visiting our email alert page, or by following ‘unsubscribe’ links in our alert emails.
8. How we protect your data
We are committed to protecting your personal data and maintain a robust Information Security framework to ensure it remains confidential and secure.
Our approach to Information Security is formalised within the Cyber Risk Minimum Standard and supported by further policies, requirements for Third Party Suppliers and security awareness initiatives.
9. Your rights
Under Data Protection law, you have various rights in relation to your own data (i.e. where you are the ‘data subject’), which are summarised below:
- Right of Access
You have the right to request a copy of all the personal information that we have about you. Please note that you can directly access the data we hold about you by visiting our email alert page. - Right to Rectification
You have the right to ask us to update information that we hold about you where it is incorrect or incomplete. Please note that you can change your alerting preferences or unsubscribe at any time directly by visiting our email alert page. - Right to Erasure
You have the right to request the deletion of your personal data, for example where processing is no longer necessary for the purposes for which the data were collected. - Right to Restriction of Processing
You can ask us to stop processing your data (i.e. we cannot make any further changes, delete, or share it). For example, this could be where you wish to challenge the accuracy of data or where you make use of your ‘Right to Object’. - Right to Data Portability
You are entitled to an electronic copy of the data that you provided to us as part of subscribing to the email alert service. - Right to Object
You can object to processing conducted under the ‘Legitimate Interest’ condition (as outlined in Section 4 “Purpose and Legal Basis of processing”) and we must then cease processing unless we can demonstrate compelling grounds. - Right to withdraw consent
You have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. - Automated decision-making and profiling
You have the right not to be subject to a decision which is based solely on automated processing (including profiling), which would have a significant or legal effect on you. You have the right to contact us to express your point of view and challenge the decision.
To exercise these rights, please contact us as described in Section 11 “How to contact us”.
Please note that there will be situations where exceptions apply under Data Protection law that we may rely on. We will tell you if we are unable to comply with your request, or how your request might impact you, when you contact us.
10. How we update this Privacy Notice
We may update this Privacy Notice at any time, in accordance with applicable legislative and regulatory requirements or our internal policies and processes. Service users may be notified of significant changes, for example via an email communication.
11. How to contact us
If you would like to discuss any aspect of this Privacy Notice or anything else about the personal data we collect on you, please contact us using the details below.
Specific queries in relation to exercising your Rights should be directed to:
The Data Protection Officer, DL Insurance Services Limited, Churchill Court, Westmoreland Road, Bromley, BR1 1DP
12. Complaints
If you have any concerns or complaints in relation to the processing of your data, we ask that you contact us first to give us the chance to understand the issue and see how we can address it.
In any event, you have the right to lodge a complaint with our supervisory authority, the Information Commissioners Office. To report a concern to the ICO:
- Telephone helpline 0303 123 1113
- Textphone service 01625 545860
- ico.org.uk/concerns/