Privacy policy
Last updated: December 2023 🔏
Contents
INTRODUCTION AND SCOPE
This privacy policy (this “Policy”) describes how Kingsbridge Risk Solutions Ltd t/a rewardsme business Insurance (“rewardsme”) collects, handles, secures, shares and uses the personal data of users (“Users”) visiting our website or providing information to us through other channels, such as by phone or e-mail.
To receive this notice in another format (for example, audio, large print, braille) please contact rewardsme using the contact details in the section how to contact rewardsme.
WHAT PERSONAL DATA DOES REWARDSME PROCESS & HOW IS IT COLLECTED?
Personal Data Collected by rewardsme as a Processor and Controller
Users may provide the following types of personal data to rewardsme which may then be collected, used, stored and transferred in accordance with this Policy for the provision of insurance policy quotes, fulfillment of purchases and mid-term adjustments, and claims notifications:
The following types of personal data may be automatically logged when Users access and use the website, which rewardsme may then collect, use, store and transfer in accordance with this Policy:
rewardsme may also obtain Users’ personal contact data from other third parties including recruiters, accountancy firms or other partners.
HOW DOES REWARDSME USE PERSONAL DATA?
Personal Data Collected by REWARDSME as Controller
rewardsme may process Users’ personal data under more than one lawful basis depending on the specific purpose for which rewardsme is using the personal data. If a User has provided consent to processing and subsequently withdraws that consent, rewardsme may still process that User’s personal data where rewardsme has another lawful basis for doing so. Where more than one lawful basis has been set out in the table above, Users should contact rewardsme if they need details about the specific lawful basis that rewardsme is relying on to process their personal data.
Where rewardsme needs to collect personal data by law or under the terms of a contract that rewardsme has with a User and the User fails to provide that personal data when requested, rewardsme may not be able to perform the contract it has with the User.
Personal Data Obtained by rewardsme from Partners
Where rewardsme acts as a data processor on behalf of a partner, rewardsme will only process personal data in accordance with the agreement that rewardsme has with the partner.
Users should review the privacy policy provided to them by the partner or contact the partner for details about how the partner will collect and use the User’s personal data.
SHARING OF PERSONAL DATA
Personal Data Collected by rewardsme as Controller
rewardsme may share Users’ information with the following categories of third parties:
rewardsme requires all its data processors and any other third party that rewardsme provides Users’ personal data to respect the security of Users’ personal data and to treat it in accordance with applicable law.
rewardsme does not allow its data processors to use Users’ personal data for their own purposes and only permits them to process Users’ personal data for specified purposes and in accordance with rewardsme’s instructions.
MARKETING
Users may receive marketing communications from rewardsme if they have requested such communications from rewardsme or if they have purchased goods or services from rewardsme and they have not opted out of receiving future marketing communications.
rewardsme will obtain Users’ explicit consent before it shares their personal data with any company outside of rewardsme’s group of companies for marketing purposes.
If a User does not wish to receive marketing information from rewardsme, the User can opt-out by contacting rewardsme using the contact details at section 11 below or by clicking the opt-out link in rewardsme’s electronic marketing communications.
INTERNATIONAL TRANSFERS
Users’ personal data will not be transferred outside of the United Kingdom or the European Economic Area without additional contractual or other measures that have been adopted or approved by the United Kingdom or the European Commission being taken.
SECURITY OF PERSONAL DATA
rewardsme maintains appropriate physical, technical, administrative, and organisational security measures to protect personal data from loss, misuse, and unauthorised access, disclosure, alteration, and destruction, including (where appropriate):
- the pseudonymisation and encryption of personal data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
All of rewardsme’s employees, contractors and data processors who have access to, and are associated with, the processing of personal data are obligated to keep the personal data confidential and not use it for any other purpose than to carry out the services they are performing for rewardsme.
While rewardsme will use all reasonable efforts to safeguard Users’ personal data, use of the internet is not entirely secure and for this reason rewardsme cannot guarantee the security or integrity of any personal data that are transferred from Users or to Users via the internet.
RETENTION OF PERSONAL DATA
Personal Data Collected by rewardsme as Controller
rewardsme will only retain Users’ personal data for as long as necessary to fulfil the purposes rewardsme collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, rewardsme considers the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of the personal data, the purposes for which rewardsme processes the personal data and whether rewardsme can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for personal data are available from rewardsme on request using the contact details in the section how to contact rewardsme.
LEGAL RIGHTS
Personal Data Collected by rewardsme as Controller
Users have the following rights, as data subjects, under applicable data protection laws in relation to their personal data:
To exercise any of the rights set out above, please contact rewardsme using the contact details provided in how to contact rewardsme below. rewardsme will respond to any rights that a User wants to exercise within one month of receiving the request, unless the request is complex, in which case it may take longer.
rewardsme may need to request specific information from a User to help it confirm that User’s identity and that User’s right to access its personal data (or to exercise any of its other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. rewardsme may also contact the User to ask it for further information in relation to its request to speed up rewardsme’s response.
Please be aware that there are exceptions and exemptions that apply to some of the rights, which rewardsme will apply in accordance with the applicable data protection laws.
Personal Data Obtained by rewardsme from Third Parties and Other Partners
Users should review the privacy policy provided by the applicable third party or contact that third party for details about what rights the User has in respect of the personal data processed by that third party and how to exercise them.
FINANCIAL CONDUCT AUTHORITY
rewardsme is a trading name of Kingsbridge Risk Solutions Limited who are authorised and regulated by the Financial Conduct Authority. FCA firm reference number: 309149.
HOW TO CONTACT REWARDSME
To ask any questions regarding this Policy or to exercise any rights, please contact the rewardsme Data Privacy Officer using the following contact details:
Address: 9 Miller Court, Tewkesbury, Gloucestershire, GL20 8DN
Telephone: 01684 217141
Email: gethelp@rewardsme.co.uk
AMENDMENTS TO THIS POLICY
rewardsme reserves the right to change, modify, add or remove portions of this Policy from time to time and in its sole discretion but will update Users that changes have been made by indicating on this Policy the date it was last updated.