Website Privacy & Security Statement

Coversure Ltd Trading as Surety Bonds, hereafter referred to as We/Us/Our, considers that protecting personal information is very important and We recognise that you have an interest in how we collect, use and share such information. We also strongly recommend you read our Terms of Business in relation to terms of using this Website and details regarding transacting business with us. Our policies are outlined below:

Use of Information

We, Coversure Ltd Trading as Surety Bonds, who are the intermediary with whom you may have arranged your insurance; will at all time treat personally identifiable information strictly in accordance with The General Data Protection Regulations (GDPR) with effect from 25th May 2018. This notice will explain how We will use
information provided by yourself and third parties. The information that you provide to Us will be held on a computer, computer database, e-mail, imaged documents, files, telephone recording, CCTV, letter and/or in any other way.

We will ensure data is processed lawfully, fairly and in an open and transparent manner and ensure appropriate security measures are in place against unauthorised or unlawful processing or accidental loss, destruction or damage using appropriate technical or organisational measures, (such as restricting access to key people within our organisation for certain aspects of your information; and periodically checking the level of security we apply to prevent unauthorised use, accidental loss, or misuse of your information). The contractual arrangements we have in place with our suppliers (e.g. Insurance Companies, our Client Database software provider, and similar providers of services to us, including other third-party companies who use our services), are governed by and shall be deemed to operate strictly in accordance with the terms of such contracts. Importantly, from your perspective these contracts set out to define how data will be processed between us, including circumstances when we act as a processor or controller as is required by the GDPR. When acting as a controller of your data, we will, in certain circumstances determine the purposes and means of processing your data; in particular this will include the data processed by brokers who use our Services.

Lawful Bases Collecting Information About You

When we collect information about you, we may collect personal data which may include a variety of information about an individual (e.g. their name, address of residence, details of directorships, financial assets, communication and contact details, and other personal information such as a date of birth). Where relevant to do so we may also collect information relating to an individual, indirectly by reference to an identifier (e.g. an IP address, which is a unique number identifying your computer, laptop or similar portable device). Where required and appropriate to so, we will also collect more sensitive personal information (such as details about an individual’s motoring or criminal convictions, details of health, credit worthiness and other similarly sensitive information). We may request details about you or your company or associated persons under the contract of insurance regarding the material facts and/or acceptance criteria which were accepted at the inception of the contract of insurance or necessary for the underwriting of the contract. In certain circumstances (e.g. when an Insurance Company or similar provider of services to us requires us to do so) we will collect information from a variety of different sources (e.g. publicly available sources, such as social media and networking sites; third party databases generally available to the financial services sector, and the wider insurance industry including, MGA’s, Lloyd’s of London, claims management firms, loss adjusters and or other suppliers appointed in the process of handling a claim or credit reference and similar agencies). This may include information from you regarding your past insurance policies and arrangements, or the activities of your company/companies.

Using Information about You

We will use information, including sensitive information, about individuals, and other parties related to our group companies’ insurance activities, because it is principally:
a) necessary for the performance of or to take steps for an individual to enter into a contract of insurance; or b) necessary for compliance with a legal obligation; or
c) necessary to protect the vital interests of a data subject or another person; and/or d) necessary for our own legitimate interests or those of other controllers or third parties (e.g. to search at credit reference agencies, monitor e-mails, calls and other communications or for market research, analysis and developing statistics) except where such interests are overridden by the interests, rights or freedoms of the data subject.

These bases include, providing an insurance quotation, arranging and placement of a policy or underwriting facility and providing administration through-out the lifecycle of an insurance arrangement as well assisting with making a claim. In certain circumstances, such as when a quotation is requested, or changes are made to an existing policy or at each renewal of an insurance arrangement, we may involve an automated decision to determine whether we are able to provide an insurance arrangement. Individuals can object to us using an automated decision (see the individual rights section) however in those situations it may prevent us from being able to provide you with insurance.

When processing personal data for profiling purposes, we will ensure appropriate safeguards are in place, ensuring:
a) processing is fair and transparent and provides meaningful information about the logic involved; as well as the significance and the envisaged consequences;
b) the use of appropriate mathematical or statistical procedures for the profiling;
c) appropriate technical and organisational measures are in place to enable inaccuracies to be corrected and minimise the risk of errors; and
d) your personal data is secured in a way that is proportionate to the risk to your interests and rights and prevents discriminatory effects.

We will also use your information when there is a justifiable reason for doing so, such as compliance with legal obligation (e.g. for the prevention and detection of fraud and financial crime, which may include processes which profile you); and for the recording and monitoring of telephone calls for auditing reasons.

Sharing your Information

We will share information, including sensitive information, about you, and other parties related to this insurance
because it is:
a) necessary for the performance of or to take steps for you to enter into a contract of insurance; or
b) necessary for compliance with a legal obligation; or
c) necessary to protect your vital interests; or
d) necessary for our own legitimate interests or those of other controllers or third parties; and/or
e) necessary for a task carried out in the public interest or for an exercise of an official authority (e.g. a regulatory body).

This includes sharing your information within our firm and carefully selected third parties providing a service to us or on our behalf. These include, our Insurance Providers, (you can write to our Compliance Department should you wish to view a list of all the insurance companies with whom we have arrangements), and or Premium Credit Limited (who is our selected finance provider governed by consumer credit legislations).

What we will not do with your Information 

Unless required to do so by law, or for other similar reasons, other than those outlined (see sharing your information) we will never otherwise share personal information without good reason and without ensuring the appropriate care and necessary safeguards are in place; we will in any other event ask for your consent to share that information and explain the reasons.

How Long we will Keep Information

We will only keep and or maintain information about an individual for as long as is necessary in providing ourproducts and services or for compliance with a legal or regulatory obligation, including our legitimate interests of a controller (e.g Coversure Ltd and other processors, such as Underwriters). This means, we will only keep, information that is necessary to keep so that we can sufficiently deal with administrative issues, queries, claims and/or for compliance with legal reasons; usually we will keep information for a minimum retention period of 7 years and or maximum period of 40 years, after cessation of a product or service we have provided. However, we will keep information for much shorter periods if that information related merely to a quotation which did not then result in a contract of insurance being arranged; in these circumstances we will keep information for a minimum retention period of 12 months and a maximum period of 18 months unless such information becomes manifestly out-of-date in which case we may keep quotation information for shorter periods.

In any event all information shall be stored in strict compliance with the GDPR legislation at all times; and using appropriate technical or organisational measures we will regularly:
a) review the length of time we keep and or maintain information about you;
b) consider the purpose or purposes why we hold the information about you in deciding whether (and for how long) to retain it;
c) securely delete information about you that is no longer needed for this purpose or these purposes; and
d) update, archive or securely delete information about you if it goes out of date.

Sensitive Data

In carrying out our duties as Data Controller and Data Processor we will collect sensitive information, about you, and other parties related to this insurance because it is:
a) necessary for the performance of or to take steps for you to enter into a contract of insurance; or
b) necessary for compliance with a legal obligation
a) necessary to protect your vital interests;
b) necessary for our own legitimate interests or those of other controllers or third parties; and
c) necessary for a task carried out in the public interest or for an exercise of an official authority (e.g. a regulatory body)
What we mean by sensitive data includes information such as:
a) an individual’s health including medical conditions;
b) motoring or other criminal convictions; and
c) racial or ethnic origin or religious beliefs.

We will always apply additional organisational and technical measures for this category of data, including restrictions to access this data (this is where data may be secured with additional layers of security to prevent misuse and protect personally identifiable information).

Use and Storage of your Information Overseas

We will never knowingly transfer, store, or process information about you or an individual, outside the European Economic Area (EEA). In any event, if we are compelled to transfer your information outside the EEA (e.g. because it is an insurance arrangement with an Insurance Company who is outside the EEA or part of a larger group of companies who pass information outside the EEA) it shall be in compliance with the conditions for transfer set out in the GDPR and or restricted to a country which is considered to have adequate data protection laws. All reasonable steps shall typically have been undertaken to ensure the firm to which information is being transferred has suitable standards in place to protect such information.

Using our Website and Cookies

You will be asked to accept a cookie, which is a small file of letters and numbers that is downloaded on to your computer when you visit any of our group of companies’ websites. This will be clearly explained to you when you visit the website and you will typically have to accept the cookie to benefit from the services the website can offer. Cookies are operated in strict accordance with Privacy and Electronic Communications Regulations 2011 (PECR) and are widely used by many websites and primarily enable the website to remember an individual’s preferences, recording information the individual may have entered into the web pages. These same rules also apply if any individual accesses or uses any other type of technology to gain access to information stored electronically by us (e.g. the Gresham quote facility or app using a smartphone or similar portable device)

Individual Rights

Individuals have a number of rights relating to the information we hold. These rights include but are not limited to
the right to:
a) a copy of the personal information we hold (once requested, we have a maximum of one month to give an individual such information);
b) rectify information, if it is inaccurate or incomplete;
c) request the deletion or removal of an individual’s personal data where there is no compelling reason for its continued processing;
d) suppress processing of an individual’s personal data, when processing is restricted, we are permitted to store the personal data, but not carry out further processes. We will retain sufficient information about the individual to ensure that the restriction is respected in future (see Marketing);
e) object to certain uses of an individual’s personal information (see Marketing);
f) in certain circumstance to not be subject to a decision when it is based on automated processing; and or it produces a legal effect or a similarly significant effect on an individual;
g) withdraw any permission you or an individual may have previously provided; and
h) complain to the Information Commissioner’s Office at any time if you or an individual is not satisfied with our use of such information.

Individuals can request a copy of the personally identifiable information we hold by contacting us and requesting it. This includes the right to have such information in a portable form ‘a right to data portability’ so we will normally, not only provide the information free of charge (however we may apply a charge where information requests are excessive) but we will provide that information in a format that is easily accessible, sometimes in a CSV format, should an individual require it in that format to ensure information can be exchanged easily with other organisations. 

If you would like further information or wish to make a Subject Access Request (SAR) you can e-mail compliance@suretybonds.ie or write to Jane Brady our Data Protection Officer, Coversure Ltd Insurance House, Main Street, Carrick on Shannon, Co. Leitrim.

Right to Complain

In the event that you wish to make a complaint about how your personal data is being processed by Joseph G Brady Insurance Ltd or how your complaint has been handled, you have the right to lodge a complaint directly with Joseph G Brady Insurance Ltd’s Data Protection Officer, Jane Brady

Marketing

When marketing to you as an individual (including, individual sole traders and partnerships), we will either rely on the permission we have (if we are able to do so) or we will ask for your permission (consent) to contact you, including the means to contact you (such as by phone, or e-mail, push notifications, SMS text, or post) to tell you about;
a) new products or services we have or are developing;
b) trialling products and services which we think may improve our service to you or our business processes;
c) offer you rewards;
d) enter you into a competition;

We will typically ask for permission when you first contact us, (usually but not limited to our websites), however, you will maintain the right to easily withdraw such consent when-ever you wish (unsubscribe). We will regularly review any such consent to check that your relationship with us and any processing including the purposes have not changed.

In all situations where we market to a business we will observe both the market standards and those rules and guidelines of the Privacy and Electronic Communication regulations (PECR). We have in place such a process to ensure we refresh your consent at appropriate intervals, including any parental, or third-party consents (where relied upon) and act on withdrawals of consent (unsubscribe) as soon as we can and not penalise you if you choose not to give and later decide to withdraw your consent.

External Online Advertising

We may from time to time use pixels, or transparent GIF files, to help manage online advertising. These files enable us to recognize a unique cookie on your Web browser, which in turn enables us to learn which advertisements bring users to our Website. These files do not contain your name, address, telephone number, or
email address.

Research and Analysis

Personal information we hold may be converted into statistical or aggregated data (e.g. this is data which cannot be traced back to an individual) to produce or undertake statistical or analytical research and development work, which may be shared with our group companies, such as, our underwriting services (Gresham) that we carry-on to enable us to provide suitable insurance arrangements to the insurance market now and in the future. We may continue using personally identifiable information we may hold, specifically relating to an individual’s past insurance arrangements or policies, after cessation of any insurance arrangement with us for further processing (e.g. research and analysis)

Telephone Recording

We may record all telephone calls in order to ensure accuracy in the communication of instructions to us. We may also record telephone calls for training, prevention of fraud, complaints and to improve customer satisfaction. Our recordings shall be and remain our sole property.

Information Automatically Logged

Our site will record unique information from your computer such as your IP address, user agents and referring address.
We monitor this information:
– To help find problems on our Website
– To help administer our Web site
– To help identify unique users of services.
– To help gather broad demographic information to help us improve our site
We do not provide this data to any third party. We do not monitor your browsing preferences outside of our Web sites.

Security

We take our security responsibilities seriously, employing the most appropriate physical and technical measures, including staff training and awareness. We review our security measures and procedures regularly. Any area of our site that is used to capture your personal information or payment details will always be in a secure session using 128-bit Secure Socket Layer (SSL) encryption, which is the industry standard. In addition, Website customers will have the opportunity to register an email address and password. Online transactions are processed through Realex Payments. Realex Payments are Ireland’s leading real-time payment processing company and We do not hold credit card information on file. The transactions are fully encrypted using secure coding and Realex Payments are compliant with the payments card industry to the highest level.

Fraudulent Emails Warning

We will never contact you by email to request an update of your personal or private information. If you receive any such emails please contact us by telephone immediately.

Change to Statement

We may occasionally update this privacy statement. Therefore We would suggest you periodically review this statement to stay informed about how We are meeting our obligations under the Data Protection Acts. Your continual use of the service constitutes your agreement to this privacy statement and any updates.