Overview
In order to provide our services, we collect, store and use personal information about individuals. This policy describes how we process that data.
In the document below where we refer to ourselves or to Quote Portal we mean quoteportal.net limited, registered with the Information Commissioner’s Office (ICO) under registration number ZA790110. Quote Portal is the ‘data controller’ of the personal information processed in accordance with this policy and we are responsible for complying with data protection laws.
We have appointed a Data Protection Officer to oversee our handling of personal information. If anyone has any questions about how we collect, store or use personal information, they should contact our Data Protection Officer using the details set out in the ‘Contact’ section below.
Other People
We may collect information from our clients about other people, for example members of staff. Where a client gives such information about other people it is their responsibility to ensure and confirm that:
- they have told the individual who we are and how we use personal information, as set out in this privacy policy;
- where necessary they have permission from the individual to provide that personal information to us and for us to use it, as set out in this privacy policy.
Contact
Email
dataprotectionofficer@quoteportal.net
or write to
Data Protection Officer
Quote Portal
Collar Factory, 112 St Augustine Street, Taunton, TA1 1QN
Complaints
Everyone has the right to make a complaint at any time to the ICO, the UK supervisory authority for data protection issues. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/ This will not affect any of their other legal rights or remedies. If possible, Quote Portal should be given the chance to deal with concerns (using the details set out in the ‘Contact’ section) before anyone approaches the ICO.
Who this privacy policy applies to
This Privacy Policy applies to everyone whose personal information we collect, store, and use, which includes:
- our business contacts
- business contacts of our clients,
- clients who are sole traders, partnerships or owner managers,
- business contacts of service providers and partners;
- our staff and job applicants
- any other visitors to our website.
Business contacts
How we collect your personal information
Business contacts provide the personal information we hold when they or the company they work for becomes a client, fills out the enquiry form on our website or enquires about our services by any other means, or becomes contractually involved with us in any other way.
What information we hold
We hold very limited personal information about our business contacts, typically this will be limited to name and business contact details such as phone number, email address and postal address.
In the case of sole traders, partnerships or owner managers we may hold home contact details if these are what were provided.
How we use the information
We collect and use your personal information in order to carry out our business as a web portal. Primarily this involves managing our online insurance products and supporting our integrators and the day to day operation of our business.
From time to time we may provide access to our files for audit, review or other quality assurance checks by our clients, auditors, professional advisers and certification bodies (for example for ISO accreditation). Where appropriate this will be under a Non Disclosure Agreement and we will take all reasonable steps to ensure any recipient has sufficient measures in place to protect your information.
Our lawful grounds for doing so
In the case of sole traders, partnerships or owner managers our lawful basis for processing personal information is contractual. For other business contacts our lawful basis for processing personal information is our legitimate business interests, typically arising from contractual terms with the associated business.
Sharing your information
Please be aware that we may be required to use or pass your personal information to a third party to comply with our legal obligations or make disclosures to government, regulatory or other public bodies.
Typically, we do not share your personal information with any other third party, and where we do so we will always obtain your consent.
Marketing activities
We carry out limited marketing activities but where we do so, our lawful basis for processing personal information is the legitimate business interests of Quote Portal or our affiliated service providers. Typically, we will only be making existing clients aware of additional services offered that are relevant given those already provided.
This means that for any marketing activity we endeavor to use data in a way that is proportionate, has a minimal privacy impact, and the client would not be surprised or likely to object to what we are doing.
Data retention
For our reference and to meet any legal obligations we retain business contacts’ personal information for 6 years following the termination of our relationship, unless the personal information is held for more than one purpose. For example, where it forms part of another contact’s records such as in correspondence with that contact.
Staff and job applicants
How we collect personal information
Typically the employee or applicant provides the personal information we hold when they apply for a job or during the course of their employment at Quote Portal. We may also check public sources of information, including social media, verifying academic and career history and performing other background checks. We will always obtain consent where required, or if it would be reasonable to do so.
What information we hold
We retain any information provided during the course of the original job application. For staff we hold name, business contact details, NI number, payroll details, record of absences, and date of birth and we may hold personal contact details such as phone numbers, home address and email address.
How we use the information
For job applicants we use the information to verify the applicant’s identity and the details provided in their application.
For staff we use the information to administer payments and otherwise carry out our contractual relationship.
Our lawful grounds for doing so
Our lawful basis for processing staff and job applicants’ data is contractual.
Sharing your information
Please be aware that we may be required to use or pass your personal information to a third party to comply with our legal obligations or make disclosures to government, regulatory or other public bodies.
We may also share your name and business contact details with our clients and other business contacts.
Data retention
Please be aware that for our own reference, and to meet any legal obligations, we retain personal information:
- of job applicants for 6 months;
- staff members for 6 years following the termination of employment, unless the personal information is held for more than one purpose. For example, where it forms part of a client record such as in notes written by that staff member or in correspondence with the client.
Other ways we process personal information
CCTV
Our premises are protected by CCTV for the purposes of identifying individuals engaged in criminal activity. The length of time these recordings are stored for depends on the amount of activity recorded but typically they will be kept for one month and will not be stored for longer than 6 months.
Using our website
Our website includes small text files called cookies that are placed on the browser’s computer that allow us to:
- remember their settings and preferences for the next time they visit the website;
- monitor the way our website is used – for this we use Google Analytics, a web analytics service provided by Google LLC (‘Google’).
The information generated by Google Analytics includes the browser’s IP address, which counts as personal information. This information is transmitted to and stored by Google on servers in the United States. Google uses this information for the purpose of evaluating the use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Anyone who wishes to completely opt-out of being tracked by Google Analytics across all websites should visit tools.google.com/dlpage/gaoptout
Learn more about cookies at https://ico.org.uk/for-the-public/online/cookies
Sending Information Abroad
Beyond the use of Google Analytics as described under ‘Using our website’, we are very unlikely to transfer data outside of the European Economic Area (the EEA) and would only ever do so where we are satisfied that the transfer is in accordance with applicable data protection and privacy laws.
Automated decision making or profiling
We do not carry out any automated decision making or profiling.
Third-Party Rights
Third parties have certain legal rights under UK data protection law and regulations, and those applicable to our processing of personal information are summarized below.
The right to be informed about our data processing activities, including through this privacy policy and any other notices we may issue. The most recent version of this policy will always be available from the link in the footer of our website and will be provided when we collect personal information or when a third party makes a subject access request.
The right of access to the personal information we hold. A third party may ask us to provide the personal information we hold about them, i.e. make a ‘subject access request’, using the details set out in the ‘Contact’ section. They will typically not be charged for such a request and can expect a response within one month of our receipt of the request. [We will only charge if the request is clearly unfounded, repetitive or excessive and the third party will be given due warning of the charge before we process the request.]
The right of rectification. Third parties may ask us to correct any inaccurate or incomplete data we hold using the details set out in the ‘Contact’ section. Corrections should be made within one month of our receipt of the request.
The right to erasure and right to restrict processing. Third parties have the right to have their personal data erased and to prevent processing except where we have a legal or contractual obligation to do so. They should bear in mind that by exercising this right they may hinder or prevent our ability to provide our services to them or their company. Any such request should be sent to us using the details in the ‘Contact’ section and we will endeavor to comply or respond within one month of our receipt of it.
Security and accuracy of your personal information
We are strongly committed to data security and we take reasonable and appropriate steps to protect personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to safeguard and secure the information provided to us. These include firewalls to block unauthorised traffic to our servers, which are located in a secure location and can only be accessed by authorised personnel.
We also take reasonable steps to ensure that the personal information we hold is reliable for its intended use and as accurate and complete as is necessary. We should be kept informed if personal information changes or if the owner believes the data we hold is inaccurate by using the details set out in the ‘Contact’ section.