Privacy Policy

Introduction

Carbon Insurance Brokers which is a trading name of Lawshield UK Limited (referred to as “We”, “Our” or “Us”) is committed to protecting the privacy and security of your personal information. We take care to protect the privacy of our clients that communicate (online or offline) with us, over the phone or via our website.

We have therefore developed this privacy policy to inform you of the data we collect, what we do with your information, what we do to keep it secure, as well as the rights and choices you have over your personal information.

Throughout this document we refer to Data Protection Legislation which means the Data Protection Act 2018, GDPR (United Kingdom General Data Protection Regulation) (UK GDPR), the Privacy and Electronic communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the aforementioned legislation.

This policy should be read together with our Cookie Policy that can be found on our website.

Data Controller

Carbon Insurance Brokers are the controller for the personal information we process, unless otherwise stated. We are registered with the Information Commissioner’s Office (the ICO) with registration number Z5685935.

Lawshield UK Limited is part of the Connexus Group of companies, (a private limited company registered in England with the company number 03433312).

You can contact us either by phone, email, or post.

  • By phone: 0333 043 1300
  • By email: info@carboninsurancebrokers.co.uk
  • By post: 1210 Centre Park Square, Warrington, WA1 1RU

Our Data Protection team can be contacted at the above address or by emailing dataprotection@lawshield.co.uk

How we collect your personal information

We may collect personal information about you in different ways - directly from you or provided to us by a family members or a third party who may be providing your information which names or benefits you.

However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We only collect personal information that we know we will genuinely use and in accordance with the Data Protection Legislation. The type of personal information that we will collect about you, from third party organisations or that you have voluntarily provided to us on this website or from enquiry/contact forms, or other contact methods includes:

Identity Data includes first name, last name, marital status, title, date of birth, gender, or other identification information, accident/incident details, motoring offences, adverse financial history, vehicle details. This includes details of additional drivers.

Contact Data includes present and previous addresses, email address or telephone numbers.

Employment Data includes your job title and industry worked in.

Sensitive Personal Data including details of any health conditions that you be required to disclose to drive a motor vehicle.

Financial Data includes payment card details protected in line with Payment Card Data Security Standards PCI DSS, bank details.

Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Website. Records of conversations. (Calls may be recorded for training and monitoring purpose).

Profile Data includes information you provide us, services offered and used, your marketing preferences, feedback, and survey responses.

Other Personal Data you voluntarily provide, which may include people appointed to act on your behalf and special category personal data, for example data which you provide about your health where this relates to your ability to meet your obligations under the agreement. If you have taken out travel insurance through us, we will hold travel dates and destinations.

Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature.

Searches such as carrying out a Motor Insurance Database (MID) check to review the vehicle Insurance details.

Surveillance Recording if you visit our offices.

Claimants- We will collect information from you if you notify us of a claim.

How we use your information and Legal basis

We must have a legal basis (lawful reason) to process your personal data. In most cases, the legal basis will be one of the following.

  • Performance of a contract: the processing is necessary to enter into a contract you have with us.
  • Legal obligation: the processing is necessary for us to comply with the law. For example, Money Laundering Regulation and associated laws.
  • Consent: where we have obtained appropriate consents to collect or use your Personal Information for a particular purpose.
  • Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. For example, to understand how customers use our services so we can develop new services and improve the services we currently provide.

When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws.

Where we need to collect personal information by law, or under the terms of a contract we have with you, and you choose not to provide it, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.

Purpose/ Processing activity Lawful basis or bases for processing your personal data
To arrange or request a quotation for motor, commercial, travel, breakdown, excess waiver, or legal expenses insurance Performance of a contract
Taking payment from you or giving you a refund Performance of a contract
Helping us understand more about you as a client, the services you consume, so we can serve you better Legitimate interest
To verify your identity for fraud prevention purposes and security of the vehicle Legal obligation

Who we might share your information with?

We may share your personal data with other organisations in the following circumstances:

  • If the law or a public authority says we must share the personal data.
  • If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk).
  • Insurers
  • Premium finance providers and other third parties involved (directly or indirectly) in the administration of your insurance and its associated benefits.
  • Payment Card providers to verify you and authorise payment.
  • External Auditors who audit our business.
  • Police/ Fraud Detection Agencies in their investigation of an alleged crime/investigation.
  • Financial crime, fraud or uninsured detection agencies, databases and sanctions lists, including the Motor Insurers' Bureau (MIB) who are the data controller for the Motor Insurance Database (MID).
  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If the company or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • To protect the rights, or safety of our clients or others.

If consent is necessary to facilitate this sharing, we will ensure it is obtained prior to processing.

Your rights over your information

Your personal information is protected under data protection law, and you have several rights (see below) available to you depending on our reason for processing. Please contact our Data Protection team should you wish to exercise these rights. We may need to verify your identity before we can act on your request.

You have the right to:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you, subject to certain exceptions.

Request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Request erasure of your personal data. You may ask us to delete information we hold about you in certain circumstances, this is often referred to as the ‘right to be forgotten’. This right is not absolute and only applies in certain circumstances. It may not always be possible for us to delete the information we hold about you, for example, if we have an ongoing relationship with you or we are required to retain information to comply with our legal obligations.

Object to processing of your personal data when it is based upon our legitimate interests or for the purpose of statistical analysis, profiling, or direct marketing.

Request restriction of processing of your personal data. This is not an absolute right and only applies in certain circumstances. For example, where you contest the accuracy of your personal information, it may be restricted until the accuracy is verified, or where the processing is unlawful, but you object to it being deleted and request that it is restricted instead.

Request data portability of your personal data to you or to a third party. You have the right to receive, move, copy, or transfer your personal information to another controller.

We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

For more information about your privacy rights. The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers, such as us, are available publicly. You can access them here. Your data matters.

You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.

How long we keep your information for

We retain a record of your personal information to provide you with a high quality and consistent service. We will always retain your personal information in accordance with the Data Protection Legislation and will never retain your information for longer than is necessary.

Unless otherwise required by law, your data will be stored for a period of seven years after our contract with you expires or two years after an expired quotation, at which point it will be deleted.

We may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

If your information is transferred to a third party their Data Retention Policy may differ to ours.

OAutomated Processing

We do not automate any of our services.

Security of Personal Data

Data security is of great importance to Carbon Insurance Brokers and, to protect your data, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure your collected data.

We take security measures to protect your information including:

  • Limiting access to our buildings to those that we believe are entitled to be there by use of passes.
  • Implementing access controls to our information technology; and
  • We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, website, and offices.
  • Only use trusted third parties who commit to safeguarding the confidentiality, integrity, and availability of your personal data.

Transferring your data abroad

We do not transfer your personal data outside the UK and the European Economic Area (EEA) and, should we require to do so, we will ensure we have standard contractual clauses in place.

Keeping your information accurate

It is important that the personal data we hold about you is accurate and current. Please keep us informed of any changes during your relationship with us. This should include any change of address, telephone numbers and health matters that may affect the management of your account.

Complaints

If you have any questions about how we treat your personal data and protect your privacy, please email dataprotection@lawshield.co.uk or call us on 0333 043 1300.

You also have the right to make a complaint to the Information Commissioner’s Office (ICO) make-a-complaint or call 0303 123 1113.

Changes to this Privacy Policy

This version was last updated on 16 February 2022 and historic versions can be obtained by contacting us at compliance@connexus.co.uk. If changes to this privacy notice have a major effect on what we do with your personal data or on you personally, we will give you enough notice to allow you to exercise your rights (for example, to object to the processing). We recommend that you check this policy regularly to keep up to date.


Updated: April 2022.