Brown & Brown Group Privacy Policy

Last Updated 10/08/23

We are part of the Brown & Brown (Europe) Ltd (Brown & Brown) Group of Companies, for a full list of Brown & Brown trading companies please visit www.bbrowneurope.com/tradingentities

This privacy notice tells you what to expect when Brown & Brown collects and processes your personal information. We take the protection of your data seriously and are committed to being transparent with you about the data we collect and how it is used and shared. We are committed to ensuring that we meet all our obligations under relevant Data Protection laws, including the United Kingdom (UK) and European Union (EU) General Data Protection Regulations (GDPR) and UK Data Protection Act 2018, as amended from time to time. 

Contents

Personal Information we collect1

How and why we use this information2

Where we obtain your information3

How we share this information4

Retention of your personal data5

Security6

International Data Transfers – 7

Your rights8

Cookies and similar technologies9

Who to contact about your Personal Data10

Changes to our privacy notice11

1. Personal Information we collect

We will receive personal information about you when you contact us, for example by requesting or obtaining a quote, purchasing a product from us or from one of our partners or using one of our websites.  The information may include:

Individual details  Name, address (including proof of address), other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and employment history, and family details, including their relationship to you.
Identification details  Identification numbers issued by government bodies or agencies, including your national insurance number, passport number, tax identification number and driving licence number.
Financial information  Payment card number (credit or debit card), bank account number, or other financial account number and account details, credit history, credit reference information and credit score, assets, income, and other financial information, account log-in information and passwords for accessing insurance policy, claim and other accounts.
Risk details  Information about you (and others insured under the policy) which we need to collect to assess the risk to be insured and provide a quote. This may include data relating to health, criminal convictions, or other special categories of personal data (see below). For certain types of policy, this could also include telematics data.
Policy information  Information about the quotes you receive and policies you take out.
Credit and anti-fraud data  Credit history, credit score, sanctions and criminal offences, and information received from various anti-fraud databases relating to you.
Medical condition and health status  Current or previous physical, mental or medical condition, health status, injury or disability information, medical diagnosis, medical procedures performed and treatment given, personal habits (for example, smoking or consumption of alcohol), prescription information, and medical history.
Previous and current claims  Information about previous and current claims, (including other unrelated insurances), which may include data relating to your health, criminal convictions, or other special categories of personal data (see below) and in some cases, surveillance reports.
Other sensitive information  Information about religious beliefs, ethnicity, political opinions or trade union membership, sexual life and orientation, or genetic or biometric information 

We may obtain information about criminal records or civil litigation history (for example, for preventing, detecting and investigating fraud)

Telephone recordings Recordings of telephone calls with our representatives and call centres
Photographs and video recordings Images (including photographs and pictures) or video recordings created in connection with our insurance or other business activities, including for claims assessment, administration and settlement, claim disputes, or for other relevant purposes as permitted by law, as well as CCTV recordings captured by equipment on our premises
Marketing preferences and marketing activities  Marketing preferences including preferences for our method of contact.

To improve our marketing communications, we may collect information about interaction with, and responses to, our marketing communications

2. How and why we use this information

We will process any personal data lawfully under one or more of the following bases:

Performance of a Contract  the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
Compliance with a Legal obligation  the processing is necessary for us to comply with the law (not including contractual obligations).
Legitimate interests  the processing is necessary for our legitimate interests pursued by us. In such cases our legitimate interests are as follows:

  • To add value to your product by offering you other general insurance products;
  • To provide high standards of service to our customers by ensuring they are fully informed about all of our products;
  • To engage in activities to improve and adapt the range of products and services we offer and to help our business grow;
  • To investigate and prevent potential fraudulent and other illegal activity.
Consent  where you have given clear consent for us to process your personal data for a specific purpose, such as marketing activities. If we need consent to process personal information, we’ll ask for this first. This consent can be withdrawn at any time.
Necessary for reasons of substantial public interest  under the UK Data Protection Act 2018 processing for an insurance purpose is included within this basis when processing special category and conviction data. 

We will use personal information about you primarily in connection with the provision of insurance, namely:

  • Establishing and maintaining communications with you;
  • Comply with applicable legal, regulatory and professional obligations, including cooperating with regulatory bodies and government authorities, to comply with law enforcement and to manage legal claims;
  • Make assessments and take decisions, including whether to pay your claim or pursue any losses against you or a third party, provide you with our products and services, on what terms and whether you are eligible for a payment plan;
  • Arranging insurance cover (issuing quotations, renewals, policy administration);
  • Handling claims;
  • Undertaking anti-fraud, sanction, anti-money laundering and other checks to protect against fraud, suspicious or other illegal activities;
  • Process payments when you purchase a product or service and any refunds;
  • Collecting, forwarding and refunding premiums;
  • Facilitating premium finance arrangements;
  • Processing transactions through service providers;
  • Credit assessments and other background checks;
  • Where we believe it is necessary to meet legal, security, processing and regulatory requirements;
  • Business transfers where we sell whole or part of our business and/or assets to a third party purchaser to allow the purchaser to administer your insurances;
  • Marketing and client profiling;
  • Allowing our group and associated companies to notify you of certain products or services offered by them;
  • Research and statistical analysis; and
  • Building databases for use by us and others we may share information with.
  • Manage relationships with third parties, e.g. brokers and service providers;
  • Improve our products and services, provide staff training and maintain information security, including by recording and monitoring telephone calls;
  • Conduct customer analysis, market research and focus groups, including customer segmentation, campaign planning, creating promotional materials, gathering customer feedback and customer satisfaction surveys;
  • Manage complaints, including to allow us to respond to any current complaints, or challenges you or others might raise later, for internal training and monitoring purposes and to help us to improve our complaints handling processes. We may be obliged to forward details about your complaints, including your Personal Information, to the appropriate authorities, e.g. the relevant ombudsman;

We may monitor calls, emails, text messages and other communications with you.  When you contact us we may keep a record of that correspondence and any information provided to us during that or any subsequent communication. 

We may use your purchase history to tell you about our offers and products that we think you will be most interested in.  If you prefer not to receive these messages, you can opt out at any time. 

If you’ve chosen to receive marketing information from us, profiling and automated decision making may be used to make our marketing more relevant, for example by personalising the methods we use to market to you, the marketing messages you receive and the offers you’re sent.

3. Where we obtain your information

We will collect personal information about you from you directly but also potentially from your family members, employer or representative, other insurance market participants, credit reference agencies, anti-fraud databases, sanctions lists, court judgements and other judicial databases, government agencies such as the DVLA and HMRC, open electoral register and any other publicly available data sources.  In addition, in the event of a claim, we will receive information from third parties including the other party to the claim (claimant / defendant), witnesses, experts (including medical experts), loss adjustors, solicitors, and claims handlers. 

4. How we share this information

In using personal data for the above purposes, we may disclose personal data to third parties including (but not limited to) insurers, reinsurers, intermediaries or other brokers; outsourcers, sub-contractors, agents and service providers; claim handlers; premium finance providers; professional advisers and auditors.  Third parties to whom we disclose personal data are required by law and contractual undertakings to keep personal data confidential and secure, and to use and disclose it for purposes that a reasonable person would consider appropriate in the circumstances and in compliance with all applicable legislation.

We may share and aggregate information about you from across the Brown & Brown Group of companies, including personal information held within the Group relating to other policies held with us, quotes or claims details and we may use this information to:

  • help us identify products and services that could be of interest to you, to tailor and package our products and services; to determine pricing and/or offer available discounts; and
  • conduct customer research and develop marketing campaigns.

5. Retention of your personal data

We keep Personal Information for as long as is reasonably required for the purposes explained in this Privacy Policy. We also keep records, which may include Personal Information, to meet legal, regulatory, tax or accounting needs. For example, we are required to retain an accurate record of your dealings with us, so we can respond to any complaints or challenges you or others might raise later. We’ll also retain files if we reasonably believe there is a prospect of litigation. The specific retention period for your Personal Information will depend on your relationship with us and the reasons we hold your Personal Information.

To support us in managing how long we hold your data and our record management, we maintain a data retention policy which includes clear guidelines on data retention and deletion.

6. Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. We may need to transfer your information outside the United Kingdom to other service providers and business partners. We will only transfer your personal information in this way where there is an adequate level of protection that is the same as the level of protection required under United Kingdom data protection legislation.

7. International Data Transfers

In the event that we process personal information outside the UK, the processing in those locations is protected by UK and European data standards. If the information you provide to us is transferred to countries outside the UK and the European Economic Area (EEA) by us or our suppliers, steps will be taken to make sure appropriate security measures are in place with the aim of ensuring your privacy rights continue to be protected.

8. Your rights

Data protection laws provide you with a number of rights as set out below.

We may ask you for proof of identity when you make a request to exercise any of these rights. We do this to ensure we only disclose information to the right individual.

We aim to respond to all valid requests within one calendar month. It may take us longer if the request is particularly complicated or you have made several requests. We’ll always let you know if we think a response will take longer than one calendar month. We may also ask you to provide more detail about what you want to receive or are concerned about.

We may not always be able to do what you have asked. This is because your rights will not always apply, for example if it would impact the duty of confidentiality we owe to others, or if the law allows us to deal with the request in a different way. We will always explain to you how we are dealing with your request. 

Right to access your personal data  You may request confirmation that we hold personal data about you, as well as access to a copy of any such data.
Right to rectification  You may ask us to rectify any inaccurate information we hold about you.
Right to erasure  You may ask us to erase your Personal Information, but this right only applies in certain circumstances, e.g. where:

  • it is no longer necessary for us to use your Personal Information for the original purpose; 
  • our lawful basis for using your Personal Information is consent and you withdraw your consent; or
  • our lawful basis is legitimate interests and there is no overriding legitimate interest to continue using your Personal Information if you object.

This isn’t an absolute right and we have to balance your request against other factors such as legal or regulatory requirements, which may mean we cannot erase your Personal Information. 

Right to restriction  You may ask us to stop using your Personal Information in certain circumstances such as:

  • where you have contacted us about the accuracy of your Personal Information and we are checking the accuracy;
  • if you have objected to your Personal Information being used based on legitimate interests.

This isn’t an absolute right and we may not be able to comply with your request. 

Right to portability  In some cases, you can ask us to transfer Personal Information that you have provided to us to another third party of your choice. This right only applies where:

  • we have justified our use of your Personal Information based on your consent or the performance of a contract with you; and
  • our use of your Personal Information is by electronic means. 
Right to object  You can object if you no longer wish to receive direct marketing from us. 

You may also object where you have grounds relating to your particular situation and the lawful basis we rely on for using your Personal Information is our (or a third party’s) legitimate interests. However, we may continue to use your Personal Information where there are compelling legitimate grounds to do so. 

Automated decision making   You have the right not to be subject to a decision using your Personal Information which is based solely on automated processing (without human involvement) where that decision produces a legal effect or otherwise significantly affects you. This right does not apply if the decision is:

  • necessary for the purposes of a contract between us and you;
  • authorised by law (e.g. to prevent fraud); or
  • based on your explicit consent.

You do however have a right to request human intervention, express your view and challenge the decision.

Right to make a complaint  You have the right to lodge a complaint with the supervisory authority (although we would encourage you to contact us in the first instance).

The Information Commissioner can be contacted at;

Information Commissioners Office, Wycliffe house, Water Lane, Wilmslow, Cheshire, SK9 5AF www.ico.org.uk   

9. Cookies and similar technologies

Cookies are small text files that can be used by websites to make a user’s experience more efficient.  The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.  You can at any time change or withdraw your consent from the Cookie Declaration on our website.

Learn more about what cookies we are using and the purpose of their use in our Cookie Policy.

10. Who to contact about your Personal Data

Use the contact details in the ‘Contact us’ section for any questions or concerns relating to this Privacy Notice or our data protection practices, or to make a request relating to your rights such as a subject access request.

Our Brown & Brown Group Data Protection Officer can be contacted at:

data.protection@grpgroup.co.uk  

Brown & Brown (Europe) Ltd

7th Floor

Corn Exchange

55 Mark Lane

London

EC3R 7NE

11. Changes to our privacy notice

This Privacy Policy was last updated on 10/08/2023.

We review this Privacy Policy regularly and reserve the right to make changes at any time to take account of changes in our business activities, legal requirements, and the manner in which we process Personal Information.  We will place updates on this website and where appropriate we will give reasonable notice of any changes.