LEGAL
Privacy policy
“Simply Business” is a trading name of Xbridge Limited. In this Privacy Policy, references to “Simply Business” are to Xbridge Limited.
Simply Business is committed to ensuring your privacy is protected. This Privacy Policy sets out details of the information that we may collect from you and how we may use that information. Please take your time to read this Privacy Policy carefully. When using our website, this Privacy Policy should be read alongside the website terms and conditions
1. About us
In this Privacy Policy references to “we” or “us” or “Simply Business” are to Simply Business.
We are the data controller of any personal information you provide to us. This means that we are responsible for complying with data protection laws. This Privacy Policy describes what personal information we may collect from you, why we use your personal information and more generally the practices we maintain and ways in which we use and protect your personal information.
We have appointed a data protection officer to oversee our handling of personal information. If you have any questions about how we collect, store or use your information, you can contact our data protection officer using the details set out in “14. Contacting us”.
2. How the insurance market works
Insurance is the pooling and sharing of risk in order to provide protection against a possible event. In order to do this, information, including your personal data, needs to be shared with various insurance market participants, such as intermediaries, insurers, and reinsurers. The London Insurance Market Core Uses Information Notice (see link below) sets out those core necessary personal data uses and disclosures. Our core uses and disclosures are consistent with the London Market Core Uses Information Notice.
This Privacy Policy is designed to help you understand how we, as an insurance intermediary, process your personal data through the insurance lifecycle.
View Flows of Personal Data through the Insurance Lifecycle here
3. Who do we collect information about?
Who do we collect information about?:
- Previous, current and prospective policyholders
- Previous, current and prospective parties covered or to whom any benefit is payable under a policy
- Simply Business website users
- Third party claimants, witnesses to incidents and experts instructed in relation to claims
- Business contacts at our insurers and other suppliers
4. When do we collect personal information?
When do we collect personal information?:
- When you apply for a policy (e.g. when you submit a request for a quotation), whether you complete that fully or not
- When you renew a policy (or a policy under which you are insured is taken out or renewed)
- On a claim under a policy
- Whenever you use the Simply Business website
- If you respond to a customer survey, questionnaire, or marketing campaign
- If you contact us for any other reason
- From publicly available third party sources such as credit rating databases and government databases for socio-demographic information
- When you buy a policy through Simply Business through one of our partner websites such as Compare The Market, GoCompare, or MoneySupermarket
- When you contact us through our “refer a friend” scheme
- When you enter a competition or prize draw
5. What personal information do we collect and use?
In order for us to provide insurance quotes and insurance policies, and to deal with any claims or complaints, we need to collect and process personal data about you.
The personal information that we collect will depend on your relationship with us. We will collect different information depending on whether you are a policyholder or prospective customer; covered party under a policy; beneficiary under a policy; or website user, claimant, witness, broker, or other third party.
Due to the nature of our business, we may request and/or receive ‘sensitive’ data about you, known as special category data, for example information pertaining to your health, for claims purposes. We may also request or need to access details of any unspent criminal convictions for the purpose of offering you an insurance product.
Please click on the relevant section below for detailed information regarding the types of personal information we are likely to collect and use about you.
Personal information:
- General information such as your name, address, address of the property or business being insured, contact details, date of birth, gender, family and relationship information, and nationality
- Information about your job including job title, employment history, education history, and professional accreditations
- Information relevant to your insurance policy or request for a quotation for a policy. This will depend on the nature of the policy but could include details of your property,business or vehicle activities
- Information relevant to your claim or your involvement in the matter giving rise to a claim
- Information relating to previous quotations, policies, or claims
- Financial information such as your bank details, credit card and payment details, bankruptcy and company directorship information, and information obtained as a result of our credit checks and those carried out by third parties such as a credit provider
- Information obtained through our use of cookies. You can find more information about this in our Cookie Policy
- Website browsing history
- Information captured during our telephone calls, whether inbound and outbound
- Information captured via our chatbot facility
- Your marketing preferences
- IP address
- Device ID information
Sensitive personal information:
- Information relating to criminal history (including offences and alleged offences and any caution, court sentence, or criminal conviction) which are required to provide insurance services
6. How do we collect your information?
We collect personal information from a number of different sources including:
- Directly from you or from someone else on your behalf
- From introducers, partners, and MGAs (managing general agents)
- From other third parties involved in your insurance policy or claim such as your insurer, another broker, claimants, defendants, or witnesses
- From other third parties who provide a service in relation to your insurance policy or claim such as loss adjusters, claims handlers, and other service providers
- From claims services providers
- From third party data providers who provide us with additional information relating to your quote such as information about your property type or geographical area
- From publicly available sources such as internet search engines and social media sites
- Through customer surveys and responses to various marketing campaigns
- From your use of our website and its cookies – please see our Cookie Policy
- From inbound and outbound phone calls
- From your interactions with our chatbot facility
- From credit reference agencies
- Through insurance industry fraud prevention and detection databases and sanctions screening tools
- From government agencies such as HMRC and from professional regulators
Simply Business has internal policy documents in place to ensure that any information used that’s in the public domain or sourced from social media sites is used in line with our usual obligations.
7. What are the purposes for which your information is used?
We may process your personal information for a number of different purposes and we may use automated tools and technologies, including artificial intelligence (AI) to do this. We always ensure these tools are carefully assessed to avoid any harm and to protect your privacy. For each purpose we must have a legal ground for such processing. When the information we process is classed as sensitive personal information, we must have an additional legal ground for such processing.
Generally we will rely on the following legal grounds:
- where the processing is necessary for our provision of your insurance policy and services for activities such as assessing your application, managing your insurance policy, handling claims, and providing other services to you
- where the processing is in the public interest of fulfilling insurance purposes such as: advising, arranging, underwriting an insurance contract, and involves the use of special category or criminal offence data
- where we have an appropriate business need such as maintaining our business records or developing and improving our products and services where such business need does not harm your interests
- where we have a legal or regulatory obligation to use such personal information
- where the use is necessary to establish, exercise, or defend our legal rights
- where you have provided your consent to our use of your personal information, including where a criminal records check is required
You will find details of our legal grounds for each of our processing purposes below.
1. To set you up as a policyholder, including carrying out fraud, credit, and anti-money laundering checks
Legal grounds:
- this processing is necessary for providing and administering your insurance contract
Additional legal grounds for processing sensitive personal information:
- on the basis that we are an insurance intermediary, in certain circumstances we may have different legal grounds in relation to processing sensitive data than other non-insurance related firms
- there are, however, a number of safeguards. The most important is that the processing must be “necessary” for the insurance process
- in addition, it must also be necessary for reasons of substantial public interest (i.e. because it is necessary for the purposes of preventing fraud)
2. To evaluate your insurance application and provide a quote; this might include us calling you after you submit a request for quotation form so that we can deal with any queries or questions around the quotation process
Legal grounds:
- Simply Business has a legitimate business need to use your data, but we ensure that we use personal information in a way that does not cause harm to your interests
- this processing is necessary for our providing your insurance contract
3. To conduct underwriting/claims analysis
Legal grounds:
- Simply Business has a legitimate business need to use your data, but we ensure that we use personal information in a way that does not cause harm to your interests
4. General administration of policies (general client care, including communicating with you regarding administration and requested changes to the insurance policy, and sending you updates regarding your insurance policy)
Legal grounds:
- Simply Business has a legitimate business need to use your data, but we ensure that we use personal information in a way that does not cause harm to your interests
- this processing is necessary for providing your insurance contract
5. Claims processing
Legal grounds:
- Simply Business has a legitimate business need to use your data, but we ensure that we use personal information in a way that does not cause harm to your interests
- this processing is necessary for providing your insurance contract
6. Prevention and detection of and investigating and prosecuting fraud. This might include sharing your personal information with third parties such as the police, and other insurance and financial services providers.
Legal grounds:
- this processing is necessary for providing your insurance contract
- Simply Business has a legitimate business need to use your data, but we ensure that we use personal information in a way that does not cause harm to your interests
Additional legal grounds for processing sensitive personal information:
- the use is necessary for reasons of substantial public interest (i.e. because it is necessary for the purposes of preventing fraud)
7. Management of complaints (including communicating with you and resolving any complaints that you might have)
Legal grounds:
- this processing is necessary for providing your insurance contract
- Simply Business has a legitimate business need to use your data, but we ensure that we use personal information in a way that does not cause harm to your interests
8. Complying with our legal or regulatory obligations
Legal grounds:
- the use is necessary in order for us to comply with our legal obligations
9. Providing improved quality, training and security (for example, with respect to recorded or monitored phone calls to our contact numbers)
Legal grounds:
- Simply Business has a legitimate business need to use your data, but we ensure that we use personal information in a way that does not cause harm to your interests
10. Managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, and receiving professional advice (e.g. tax or legal advice)
Legal grounds:
- Simply Business has a legitimate business need to use your data, but we ensure that we use personal information in a way that does not cause harm to your interests
11. Provide marketing information to you (including information and marketing campaigns about our other products and services), in accordance with any preferences* you have expressed
Legal grounds:
- Simply Business has a legitimate business need to use your data, but we ensure that we use personal information in a way that does not cause harm to your interests
- where you have provided your consent to our use of your personal information
- please see “section 10: what marketing activities we carry out” for further information, and please see section 12: *The right to object to marketing.
12. Monitoring applications, reviewing, assessing, tailoring, and improving our products and services and similar products and services offered by Simply Business
Legal grounds:
- Simply Business has a legitimate business need to use your data, but we ensure that we use personal information in a way that does not cause harm to your interests
13. Offering renewal on the expiry of your policy
Legal grounds:
- Simply Business has a legitimate business need to use your data, but we ensure that we use personal information in a way that does not cause harm to your interests
14. Tracing and recovering debt
Legal grounds:
- Simply Business has a legitimate business need to use your data, but we ensure that we use personal information in a way that does not cause harm to your interests
15. Monitoring usage of any of the various Simply Business websites
Legal grounds:
- Simply Business has a legitimate business need to use your data, but we ensure that we use personal information in a way that does not cause harm to your interests
16. Ensuring that content from our site is presented in the most effective manner for you and for your device
Legal grounds:
- Simply Business has a legitimate business need to use your data, but we ensure that we use personal information in a way that does not cause harm to your interests
17. Allowing you to participate in interactive features of our services, when you choose to do so
Legal grounds:
- Simply Business has a legitimate business need to use your data, but we ensure that we use personal information in a way that does not cause harm to your interests
18. Investigating or detecting the unauthorised use of our systems, to secure our system and to ensure the effective operation of our systems
Legal grounds:
- Simply Business has a legitimate business need to use your data, but we ensure that we use personal information in a way that does not cause harm to your interests
19. Other purposes outside of the insurance lifecycle but necessary for the provision of insurance throughout the insurance lifecycle period (including, among other things, general risk modelling, transferring books of business, any change in ownership of the company (whether in whole or part), and re-organisations)
Legal grounds:
- Simply Business has a legitimate business need to use your data, but we ensure that we use personal information in a way that does not cause harm to your interests
20. Carrying out customer research and customer insight exercises to understand our customers needs, to help us to improve and monitor our services and products
Legal grounds:
- Simply Business has a legitimate business need to use your data, but we ensure that we use personal information in a way that does not cause harm to your interests
21. Ad-hoc communications and fulfilment of thank you notes, gifts, and other vouchers
Legal grounds:
- Simply Business has a legitimate business need to use your data, but we ensure that we use personal information in a way that does not cause harm to your interests
8. Who do we share your information with?
From time to time we may share your personal information within the Simply Business group, which is part of Travelers Inc., and with carefully vetted third parties. If you would like further information regarding the disclosures of your personal information, please see the details listed below. If you have further questions, please see section 14 for our contact details.
1. Disclosures to third parties
We also disclose your information to the third parties listed below for the purposes described in this Privacy Policy. These might include:
- our insurance partners such as other insurance intermediaries, insurers, reinsurers, introducers, or other companies who act as insurance distributors (including the cancellation of your policy, should you choose to do so)
- insurance reference bureaus
- other third parties who assist in the administration of insurance policies such as loss adjusters, claims handlers, accountants, auditors, lawyers, and other experts
- fraud detection agencies and other third parties who operate and maintain fraud detection registers
- our regulators
- the police and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime
- other insurers who provide our own insurance
- industry bodies
- debt collection agencies
- credit reference agencies
- online search engines
- social media platforms (in a secure format) to help us target our online marketing. This may also involve building ‘lookalike’ profiles of the type of person we are trying to target and providing specific adverts to those people when they browse the internet or use social media. You can ask us to stop sending you marketing or to stop using your data for direct marketing purposes at any time. Please see “Section 12: Your rights”.
- our third party service providers such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, payment processing agencies, document management providers, and tax advisers
- third parties who undertake analysis for the purposes of product improvement
- data providers who support us with developing our products and services
- data providers who provide us with additional information relating to your insurance needs such as information about your property type, geographical area or vehicle. For example, we share information concerning your request for a quote with LexisNexis Risk Solutions who help us to check your identity and evaluate your insurance risk
- selected third parties in connection with the sale, transfer, or disposal of our business. We will ensure that such third parties have the appropriate technical and organisational measures in place to safeguard your data
2. International payments and data processing
We (or third parties acting on our behalf) may store or process information that we collect about you in countries outside the European Economic Area (EEA). Where we make a transfer of your personal information outside of the EEA, we will take the required steps to ensure that your personal information is protected. We do this by using the International Data Transfer Agreements (IDTAs) which were issued by the Information Commissioner’s Office (ICO) to facilitate data transfers. If you would like further information regarding the steps we take to safeguard your personal information, please contact us using the details set out in section 14.
9. Automated decision making
Will decisions about you be made by automated means (including profiling)?
Please note that personal information, including sensitive personal information, may be used in the context of making insurance underwriting decisions, where information (such as criminal convictions data) is included as a standard question on a request for quotation form, and also referenced for auto-renewal of certain types of policies. This involves automated decision making to determine what the cost of providing or renewing the policy will be. Automated decision making may also be used in relation to our marketing of our products to you, in accordance with preferences you have expressed, but is restricted to segmentation of data. Please see section 12 relating to your rights around automated decision making. We will ask you when you purchase your policy if you would like to opt in to auto-renewal. However, even if you opt in at this point, you have the right to opt out at any time.
10. What marketing activities do we carry out?
1. Marketing activities
Email marketing
We may also use your personal information to provide you with information by email about our products or services or those of our partners which may be of interest to you or to send eNewsletters. You have the option to opt out at any time.
If you wish to unsubscribe from emails sent by us, you may do so at any time by clicking on the “unsubscribe” link that appears in all emails. Otherwise you can always contact us using the details set out in section 14 to update your contact preferences, or email [email protected]. In such circumstances, we will continue to send you service-related (non-marketing) communications where necessary.
SMS marketing
We might also use your personal information to provide you with information by text message about our products or services or those of our partners which may be of interest to you. You have the option to opt out at any time.
You can stop receiving text messages sent by us at any time by following the instructions in the text message on how to unsubscribe. This appears in all text messages. Otherwise you can always contact us using the details set out in section 14 to update your contact preferences. In such circumstances, we will continue to send you service-related (non-marketing) communications where necessary.
Telephone marketing
We may also use your personal information to call you regarding products and services you have expressed an interest in, or which we believe may be of interest to you. You can opt out of receiving these calls at any point.
You can stop receiving telephone calls from us at any time by contacting us using the details set out in section 14 to update your contact preferences. In such circumstances, we will continue to send you service-related (non-marketing) communications where necessary.
Post
We may also use your personal information to provide you with information by post about our products or services or those of our partners which may be of interest to you. You have the option to opt out at any time.
You can stop receiving post from us at any time by contacting us using the details set out in section 14 to update your contact preferences. In such circumstances, we will continue to send you service related (non-marketing) communications where necessary.
TO STOP receiving any marketing communications from us please email [email protected]
2. If you have been referred to us through one of our partner’s websites
We will only use your personal information to contact you about our products or services, or those of our partners which may be of interest to you, if our partner has provided us with your consent, indicating that you are happy for us to contact you using one of the methods set out above. You have the option to opt out at any time (please see above).
3. If you have entered a prize draw or competition via any of our social media channels
If you enter a prize draw or competition via one of our social media channels such as Facebook, Instagram or LinkedIn we may collect your email address for the purpose of fulfilling the terms and conditions of such competition or prize draw. We may also use your personal information collected at competition sign up stage to provide you with information by email about our products or services or those of our partners which may be of interest to you or to send eNewsletters. You can choose to receive such emails by clicking ‘Yes’ or ‘No’ on the social media page displaying the marketing option for the specific competition/prize draw. You will always have the option to opt out as shown at point 10.1 above.
11. How long do we keep personal information for?
We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Policy and in order to comply with our legal, statutory, and regulatory obligations – in particular, for so long as there is any possibility that either you or we may wish to bring a legal claim under the insurance policy, or where we are required to keep your personal data due to legal or regulatory reasons. If you would like further information regarding the periods for which your personal information will be stored, please see section 14 below for our contact details.
12. Your rights
Under data protection law you have certain legal rights in relation to the personal information that we hold about you. You may exercise these rights at any time by contacting us using the details set out in section 14.
Please note:
- in some cases we may not be able to comply with your request (e.g. we might not be able to delete your data) for reasons such as our own obligations to comply with other legal or regulatory requirements. However, we will always respond to any request you make, and if we can’t comply with your request we will tell you why
- in some circumstances exercising some of these rights (including the right to erasure, the right to restriction of processing, and the right to withdraw consent) will mean we are unable to continue providing you with cover under the policy and may therefore result in the cancellation of the policy. You will therefore lose the right to bring any claim or receive any benefit under the policy, including in relation to any event that occurred before you exercised your right of erasure, if our ability to handle the claim has been prejudiced. Your policy terms and conditions set out what will happen in the event your policy is cancelled
- For some policies no refunds will be payable on cancellation, for other products a refund may be payable
Your rights include:
- The right to access your personal information You are entitled to a copy of the personal information we hold about you and certain details of how we use it. There will not usually be a charge for dealing with these requests. Your information will usually be provided to you in writing, unless otherwise requested, or where you have made the request by electronic means, in which case the information will be provided to you by electronic means where possible.
- The right to rectification We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it.
- The right to erasure (also known as ‘the right to be forgotten’) In certain circumstances, you have the right to ask us to erase your personal information. Examples would include where the data is no longer required for the original purpose, consent has been withdrawn and there no overriding grounds for continuing the processing, or for compliance with the national law or for legal or regulatory obligations. There are occasions when a request made under data protection law is overridden by other legal and statutory data retention requirements.
- The right to restriction or suspension of processing In certain circumstances, such as a question over its accuracy, you are entitled to ask us to stop using your personal information or to suspend its use.
- The right to data portability In certain circumstances, you have the right to ask that we transfer any personal information that you have provided to us to another third party of your choice.
- The right to object to marketing You can ask us to stop sending you marketing messages at any time. To STOP receiving all marketing communications from us please email [email protected]
- The right not to be subject to automated decision-making (including profiling) You have a right not to be subject to a decision based solely on automated means. Please note that as set out at section 9, personal information including sensitive personal information may be used in the context of auto-renewal of certain types of policies. This involves automated decision-making to determine what the cost of renewing the policy will be. We will ask you when you purchase your policy if you would like to opt in to auto-renewal. However, even if you opted in at this point, you have the right to opt out at any point. As above, automated decision-making may also be used in relation to our marketing of our products to you, in accordance with preferences you have expressed.
- The right to object to processing For certain uses of your personal information, we will ask for your consent. This consent can take the form of an action or affirmative instruction. Where we do this, you have the right to withdraw your consent to further use of your personal information. In other circumstances we may process your data using legitimate interest, and again you have the right to withdraw this right of processing, unless it is necessary in connection with our legal rights.
Please note that in the event that you withdraw your permission for us to use all of your personal data, we may be unable to continue providing you with insurance cover under the policy and this may therefore result in the cancellation of the policy. You will therefore lose the right to bring any claim or receive any benefit under the policy. Your policy terms and conditions set out what will happen in the event your policy is cancelled. - The right to lodge a complaint with the ICO We would hope that you will always raise any issues with us first, and that we will be able to resolve them to your satisfaction. However, if this isn’t possible then you always have a right to complain directly to the Information Commissioner’s Office (ICO) if you believe that any use of your personal information by us is in breach of applicable data protection laws and regulations.
Please see below for contact details of the ICO:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
Email: [email protected]
Making a complaint will not affect any other legal rights or remedies that you have.
13. How we protect your information
We use a wide range of organisational and technical security measures to protect your information. This includes regular and thorough staff training about data security and data rights.
Where we have given you (or where you have chosen) a password, you are responsible for keeping this password confidential. We ask you not to share a password with anyone, and to use a password that is appropriate (i.e. a mixture of upper and lower case letters, and characters, which isn’t used on other sites and isn’t easily guessed).
We restrict access to your information as appropriate within Simply Business to only those who absolutely need to know that information for the purposes set out above.
Firewalls are used to block unauthorised traffic to the servers and the actual servers are located in a secure location which can only be accessed by authorised personnel. Our internal procedures cover the storage, access and disclosure of your information.
14. Contacting us
If you have any questions about how we collect, store or use your personal information, you may contact our data protection officer at:
Data Protection Officer Simply Business 99 Gresham Street London EC2V 7NG Email: [email protected]
15. Updates to this Privacy Policy
From time to time we will make changes to this Privacy Policy, for example as the result of government regulation, new technologies, or other developments in data protection laws or privacy generally. You should check our website periodically to view the most up-to-date Privacy Policy.
This Privacy Policy was last updated 18th November 2024