About us

Capsule Insurance Services Ltd [also referred to as “we”, “us”, or “our”] are a registered company in England [Company no. 13340821]. Our registered address is Festival House, Jessop Avenue, Cheltenham, England, GL50 3SH.

The purpose of this policy

This Policy is designed to help you understand what kind of information we collect in connection with our products and services and how we will process and use this information. In the course of providing our services, we will collect and process information that is commonly known as personal data.

This Policy describes how we collect, use, share, retain and safeguard personal data.

This Policy sets out your individual rights; we explain these later as below but in summary, these rights include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.

We will process your personal data in line with the Data Protection Act 2018 and the UK retained provisions of the EU’s General Data Protection Regulation [The ‘UK GDPR’]

We always declare the geographical territories your information may be stored in, depending upon the territories where JHL operate, and the service providers appointed by JHL, and these territories could be either within the UK, or an EU territory.

What is personal data

Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s name, age, address, date of birth, and gender and contact details.

Personal data may contain information, which is known as special categories of personal data. This may be information relating to an individual’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, or data relating to or sexual orientation.

Personal data may also contain data relating to criminal convictions and offences.

For the purposes of safeguarding and processing criminal conviction and offence data responsibly, this data is treated in the same manner as special categories of personal data, where we are legally required to comply with specific data processing requirements.

Personal data we collect

In order for us to arrange and administer insurance or business contracts or services, we will collect and process personal data about you. We will also collect your personal data where you request information about our services, customer events, promotions and campaigns.

We may also need to collect personal data relating to others in order to arrange and administer insurance. In most circumstances, you will provide us with this information. Where you disclose the personal data of others, you must ensure you are entitled to do so.

You may provide us with personal data when completing online quote or contact forms, when you contact us via telephone, when emailing or writing to us directly or where we provide you with paper based forms for completion or we complete a form in conjunction with you. We will share your personal data within our firm or group of companies and with business partners. This is normal practice within the insurance industry where it is necessary to share information in order to place, quantify and underwrite risks, to assess overall risk exposure

and to process claims. It is also necessary to determine the premium payable and to administer our business.

We also share personal data with authorised third parties. This is necessary where we are required to do so by law, where we need to administer our business, to quote for, source, place and administer your insurances including arranging insurance premium finance , to perform underwriting activities and to process claims [These activities may incorporate anti-fraud measures including credit and identity checks]. Examples of authorised third

parties may include but are not limited to:

• Insurance Companies: , Intermediaries: Reinsurers or Underwriters
• Premium finance providers;
• Credit reference agencies;
• Fraud Prevention Agencies
• Debt recovery agencies;
• Risk Management assessors.
• Claims handling companies;
• Loss adjusters;
• Statutory or regulated authorities or law enforcement bodies.
• Support firms which supply services under contract for information technology systems and compliance
• administration
• Anyone you have authorised to deal with us on your behalf.

We may also collect your personal data when you visit our website, where we may collect your unique online electronic identifier. This is commonly known as an IP address.

We may also collect electronic personal data when you first visit our website where we will place a small text file that is commonly known as a cookie on your computer. Cookies are used to identify visitors and to simplify accessibility, and to monitor visitor behaviour when viewing website content, navigating our website and when using features. You may refuse to accept cookies by changing the settings on your browser or you may manage your consent to the use of cookies by selecting this option on our website. However doing so may affect your ability to access or use certain parts of the Capsule website.

We may monitor or record your communications with us or log details of your interactions with us. This helps us to handle complaints and swiftly improve customer service staff training and security.

Where we collect data directly from you, we are considered the controller of that data i.e. we are the Data Controller. Where we use third parties to process your data, these parties are known as Processors of your personal data.

Where there are other parties involved in underwriting or administering your insurance, they may also be considered to be a Joint Data Controller of your personal data.

A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.

A data ‘processor’ means the individual or organisation, which processes personal data on behalf of the controller.

As a provider of insurance services, we will process the following categories of data:

• Personal data such as an individual’s name, address, date of birth, gender, contact details and details of historic claims
• Special categories of personal data such as health and details on historic claims resulting in injury [physical and physiological]
• Data relating to criminal convictions and offences such as details of driving offences or insurance fraud

If you object to the collection, sharing and use of your personal data, we may be unable to provide you with our products and services.

For the purposes of meeting the Data Protection Act 2018 territorial scope requirements, the United Kingdom is identified as the named territory where the processing of personal data takes place.

If you need to update your data at any time or inform us of any changes, please contact your usual Capsule office.

If you require more information about our insurance processes or further details on how we collect personal data and with whom we share data with, please contact our Privacy Officer as noted below.

Purposes for which we process data and the legal bases on which we do so

We will use your personal data for the performance of our contract with you, to quote for and provide you with insurance products and services, to process claims and renewals, to administer your policy and our business, to respond to any requests from you about services we provide and to process complaints. We will also use your personal data to exercise our legitimate business interests including the management of your account, to perform statistical analysis on the data we collect, for financial planning and business forecasting purposes and to develop new and market existing products and services.

We will use the special category and criminal conviction data we collect about you for the performance of our contract with you, which is deemed necessary for reasons of substantial public interest. This allows us to quote for and provide you with insurance products and services, to process claims and renewals and to administer your policy.

In purchasing our products and services, you should understand that you are forming a contract with us. If you contact us for a quote or request details on the services we provide, we consider ourselves as having a legitimate business interest to provide you with further information about our services.

In some situations, we may request your consent to market our products and services to you, to share your data or to transfer your data outside the European Economic Area. Where we require consent, your rights and what you are consenting to will be clearly communicated to you. Where you provide consent, you can withdraw this at any time.

The retaining of data is also necessary where required for contractual, legal or regulatory purposes. We will normally retain your personal data for no more than 6 years after the termination of any service or contractual agreement with you or for as long as:

• is necessary to comply with our legal or regulatory obligations and / or
• is necessary to comply with our legitimate business interests and / or
• we have your consent to do so

In certain cases we will retain your personal data for a longer period particularly where for example a product includes liability insurance for which a claim could be made against you at a future date even after your contract with us has ended.

You should be aware that we may use automated decision-making [services/tools and techniques] to check for customer suitability to our products. For example, we might perform a credit search to check an individual’s solvency and credit rating. We also analyse data to identify products and services that customers may be interested in; this is commonly known as profiling. You have the right to object to the use of profiling activities and the use of automated decision-making.

Where do we store it

We use applications that store data in the UK or EEA GDPR zone, or countries deemed ‘adequate’ under GDPR. When we use an application that stores data outside of the UK (or EEA), we will use appropriate measures to secure the transfer, including the new US-UK Privacy Framework, Standard Contractual Clauses (SCCs) and the UK Addendum where appropriate, or the UK International Data Transfer Agreement (IDTA). Any necessary Transfer Risk Assessments will be undertaken.

How long do we keep it

We retain personal data only for as long as it is necessary to fulfil the purposes for which it was collected and processed on behalf of our customers, in line with their instructions and our contractual obligations. The specific retention period for each type of data will depend on the customer’s requirements and our own retention obligations when acting as Data Controllers.

At the end of a contract with the customer or once the retention period has expired, or if instructed by our customers, we will securely delete or anonymise personal data in accordance with applicable data protection laws. It is the responsibility of our customers to determine the appropriate retention period based on their legal obligations and business needs.

For our marketing data, we'll retain your name and email address as per retention schedule unless you unsubscribe or ask us to delete your data. Anyone who unsubscribes will be transferred to our ‘do not contact list’. We retain your name and email address so that we know not to contact you with marketing messages.

For our customer data, we will retain your personal data while you are a customer of ours and for up to 12 months after you leave, in line with our business needs. We keep financial data for a minimum of 6 years, in line with UK law.

If you're offered a job with us, we'll retain your data during your employment and remove it in line with our obligations under UK law. Otherwise, if unsuccessful, we will keep your data during your interview process and remove it after 12 months.

Who we share your personal data with

When acting as a data controller, we also share personal data with authorised third parties. This is necessary where we are required to do so by law, where we need to administer our business, to quote for, source, place and administer your insurances including arranging insurance premium finance , to perform underwriting activities and to process claims [These activities may incorporate anti-fraud measures including credit and identity checks]. Examples of authorised third parties may include but are not limited to:

• Insurance Companies: Intermediaries: Reinsurers or Underwriters
• Premium finance providers;
• Credit reference agencies;
• Fraud Prevention Agencies
• Debt recovery agencies;
• Risk Management assessors.
• Claims handling companies;
• Loss adjusters;
• Statutory or regulated authorities or law enforcement bodies.
• Support firms which supply services under contract for information technology systems and compliance
• administration
• Anyone you have authorised to deal with us on your behalf.

We might transfer your personal data, if Capsule Insurance Services Limited or its assets are acquired by or merged with another company. We may share your personal data during the fundraising process for venture capital and when we believe disclosure of personal information is necessary in order to comply with applicable law and legal processes and to enforce a contract with us.

When acting as a data processor, we only share users' personal data as per customers’ instructions and when legally required.

When you visit our website

Our website uses cookies and other similar technologies of which you should be aware.

What cookies do we collect, why do we collect them, and what legal basis do we rely on?

Cookies are text files placed on your hard drive by a web page server when you visit a website and are saved in your browser's history. They allow the website to recognise your device and store some information about your preferences or past actions. Cookies cannot be used to run programs or deliver viruses to your computer; they are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie.
When you use our website, the cookies that can be stored on your device are first party essential cookies, which are placed and read by us directly while you are using our website. As part of the verification flow, you will be redirected via a third party site that will deploy an essential cookie that will count your visit.

Below is a list of the cookies we use and the purposes for which they are used:

Essential cookies

These are essential to the operation of our website and are integral to the functioning of our Website, therefore they cannot be removed.

Non-essential cookies

These cookies enhance our website's performance and enable us to improve our service to you.

You can adjust your browser cookie preference settings. You can find information about how to manage cookies in the most commonly used browsers here:

• Google Chrome /
• Mozilla Firefox /
• Apple Safari /
• Microsoft Internet Explorer /
• Microsoft Edge /
• Opera

When you first visit our website, you will be prompted to customise your cookies selection and be provided with a link to this policy, where you can find more information about the cookies we use.

Your rights

Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.

• The right to be informed
  You have the right to be informed about the collection and use of your personal data, the purposes for processing, the retention periods for that personal data and who it will be shared with. We have set out this information in this privacy notice.
  
  
• The right of access
  You have the right to ask us for copies of the data we hold about you. If you ask us, we’ll confirm whether we’re processing your personal information and, if so, provide you with a copy of that personal information (along with certain other details).
  
  
• The right to object
  You have the right to ask us to stop processing your personal information in some circumstances, such as when we are relying on our own (or someone else’s) legitimate interests to process your personal information, when we are processing your personal information for direct marketing or when we are processing your personal information for research.
  
  
• The right to rectification
  You have the right to ask us to rectify the personal information you think is inaccurate or to complete information you think is incomplete. When you ask us to rectify your information, if we’ve shared your personal information with others, we’ll let them know about the rectification where possible.
  
  
• The right to erasure
  You have the right to ask us to erase your personal information, in some circumstances, such as where we no longer need it or you withdraw your consent (where applicable).
  
  
• The right to restrict processing
  You have the right to ask us to restrict the processing of your personal information for a period of time in some circumstances, such as where you contest the accuracy of that personal information or object to us processing it. This right is separate from the right to object and will only stop us from using your personal information further, not from processing it. If we’ve shared your personal information with others, we’ll let them know about the restriction where possible.
  
  
• The right to data portability
  You have the right to ask that we transfer the personal information you gave us to another organisation, or to someone else, in some circumstances.
  
  

You don't have to pay anything to exercise your rights. Please contact us by sending an email to dataprivacy@capsulecover.com if you wish to make a request under your rights; we have a calendar month to get back to you with a response.

In exercising your Individual Rights, you should understand that in some situations we may be unable to fully meet your request, for example if you make a request for us to delete all your personal data, we may be required to retain some data for taxation, prevention of crime and for regulatory and other statutory purposes.

You should understand that when exercising your rights, a substantial public or vital interest may take precedence over any request you make. In addition, where these interests apply, we are required by law to grant access to this data for law enforcement, legal and/or health related matters.

The flow of data within the insurance sector is complex and we ask you to keep this in mind when exercising your ‘rights of access’ to your information. Where we may be reliant on other organisations to help satisfy your request this may impact on timescales.

If you require further information on your Individual Rights or you wish to exercise your Individual Rights, please contact us.

Protecting your data

We will take all appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data, including when sharing your data within our firm or group of companies and authorised third parties. We will notify you promptly in the event of any breach of your personal data, which may expose you to serious risk.

Privacy Officer

To ensure data privacy and protection has appropriate focus within our organisation we have appointed a Privacy Officer who reports to our senior management team.

If you wish to exercise any of your Rights [ as stated above] or if you have any query in relation to this Policy please address any correspondence to:

The Privacy Officer, Capsule Insurance Services, Festival House, Jessop Avenue, Cheltenham, England, GL50 3SH. or email dataprivacy@capsulecover.com.

Complaints

If you are dissatisfied with any aspect of the way in which we process your personal data, please contact us.

You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office [ICO]. The aforementioned may be contacted via its website which is https://ico.org.uk/concerns/, by live chat or by calling their Helpline on 0303 123 1113.