Privacy Policy Gullwing Racing Insurance
At Gullwing Racing Insurance, we are well aware that our relationship with you is based upon trust. That trust is premised, in part, on our promise to you that we will protect your personal data and use it only in the ways described in this Privacy Policy.
This Privacy Policy will provide you with information on:
- Who we are
- What personal data Gullwing Racing Insurance collects from you or about you from third parties
- How Gullwing Racing Insurance uses that personal data and the lawful basis to do so
- Who else may access your personal data
- Where your personal data may be stored or transferred
- How we secure your data
- How long we keep your data
- The rights you may have to learn more about the personal data we process
Insurance can be confusing, but we don’t want this policy to be as well. Let’s start with some basics. Personal data is defined as it is in the EU’s General Data Protection Regulation. In essence, it means data that directly or indirectly identifies you. To assist your understanding of how personal data may flow through the insurance process, we set out an Annex 1a diagram of the various stages of insurance and an overview of who may need your personal data to perform the relevant obligations connected to your relationship with us.
This Privacy Policy covers our interactions with you, but does not cover your visits to the gullwing.com website. For information about how Gullwing Racing Insurance collects and uses your personal data from your use of the Gullwing Racing Insurance website and the links contained therein, please see our website privacy notice, which can be found at https://gullwing.com/privacy-notice/. For the avoidance of doubt, the website privacy notice supplements this Privacy Policy and is not intended to override the Privacy Policy.
This version of the Privacy Policy is effective as of 25 May 2018. Any future changes to the Privacy Policy will be posted here. Historic versions can be obtained by contacting us at race[at]gullwing.com
Questions about this Privacy Policy and how we process your data may be sent to:
Data Protection Officer
Gullwing Insurance BV
Jan Gielenlaan 1
5626 HN Eindhoven
The Netherlands
race@gullwing.com
Gullwing Racing Insurance is made up of different legal entities, details of which can be found on our website. This Privacy Policy is issued on behalf of Gullwing Racing Insurance. When we mention “Gullwing Racing Insurance” “we”, “us” or “our” in this Privacy Policy, we are referring to the relevant company responsible for processing your data.
When a company processes your personal data, it is either a “controller” or a “processor”. In different circumstances, Gullwing Racing Insurance may be either. Let’s look at a few examples:
If you took out the insurance policy with us yourself:
We will be the data controller if you took out the policy directly with us. Contact information for our Data Protection Officer is set out below.
Data Protection Officer
Gullwing Insurance BV
Jan Gielenlaan 1
5626 HN Eindhoven
The Netherlands
race@gullwing.com
If you are making a claim in relation to a Gullwing Racing Insurance policy:
We will be the data controller if the claim relates to a policy with us. Contact information for our Data
Protection Officer is set out below.
Data Protection Officer
Gullwing Insurance BV
Jan Gielenlaan 1
5626 HN Eindhoven
The Netherlands
race@gullwing.com
If you took out the insurance policy with a broker / other intermediary:
If you purchased a policy with a broker or other intermediary, the broker / intermediary will be the initial data controller and their data protection contact can advise of the identities of the entities with whom they share your personal data.
If you are not a policyholder or an insured, or not sure if we hold personal data about you:
You should contact the organization that collected your personal data who, in turn, should provide you with details of the entities with whom they share your personal data.
WHAT PERSONAL DATA GULLWING COLLECTS FROM YOU OR ABOUT YOU FROM THIRD PARTIES
We collect personal data about you in two main ways: directly from you and from third parties.
- Direct interactions. You may give us certain data including your identity and contact data and other personal data required for the purpose of entering into a policy with us.
- Third parties or publicly available sources. We may receive personal data about you from various third parties such as other insurers or brokers who you have communicated with in relation to your policy, anti-fraud databases, sanctions lists, court judgments and other databases, government agencies, open electoral register or in the event of a claim, third parties including the other party to the claim (claimant / defendant), witnesses, experts (including, where applicable, medical experts), loss adjustors, solicitors and claim handlers. We may also collect data about you from third parties who take out a policy with us and are required to provide your information, e.g., where you will be a named beneficiary of the policy, a named driver on the policy or where a family member, employer or other entity has taken out a policy which requires personal information about you. The sources where we collect your personal data will depend on your particular circumstances. For us to provide insurance quotes, policies, process any claims you may have in connection with one of our policies (whether it is between you and us, or a third party and us but under which you have a claim) and to deal with any concerns, we will need to collect and process certain personal data about you. The types of personal data we may have to process will depend on the nature of your policy, claim and / or complaint may include the following information set out in Table 1 below.
HOW GULLWING USES THAT PERSONAL DATA AND THE LAWFUL BASIS TO DO SO
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
- If you have a policy with us or otherwise benefit from a policy which a third party (such as an employer or family member) has entered into with us, where we need to perform the contract we are about to enter into or have entered into with you or the relevant third party.
It may be necessary for us to process your personal data such as policy data and claims data using automated analysis and human discretion to ensure premiums properly reflect the relevant underlying risks. This is may also be used to ensure our claims process are fully effective. We do not use any special categories of sensitive personal data such as information about your health or criminal convictions for profiling purposes.
In Table 2 below, we have set out a description of the ways we plan to use your personal data, and the legal basis we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
Table 2: Overview of Legal Basis Relied on by us to process Your Peronsal Data
- Identification data
- Contact data
- Financial data
- Credit and anti-fraud data
- Performance of a contract with you
- Compliance with a legal obligation (i.e., to ensure we do not provide cover in breach of applicable laws and regulations)
- Legitimate interests (i.e., to ensure you are within our acceptable risk profile)
- Identification data
- Risk data
- Policy data
- Previous claims data
- Credit and anti-fraud data
- Performance of a contract with you
- Legitimate interests (i.e., to determine the likely risk profile and appropriate insurance product and premium)
- Compliance with a legal obligation (i.e., to ensure we do not provide cover in breach of applicable laws and regulations)
- Identification data
- Contact data
- Financial data
- Performance of a contract with you
- Legitimate interests (i.e., to recover debts due to us)
- Identification data
- Contact data
- Policy data
- Risk details
- Current and previous claim data
- Performance of a contract with you
- Legitimate interest (i.e. so that we can correspond effectively with our insureds / policy holders, beneficiaries in relation to policies or those who have made claims pursuant to or connected to a policy entered into with us. This information will also facilitate the processing and payment of claims (see below))
- Identification data
- Contact data
- Risk data
- Financial data
- Policy data
- Current and previous claim data
- Credit and anti-fraud data
- Performance of a contract with you
- Compliance with a legal obligation (i.e., to ensure we do not pay a claim in breach of applicable laws and regulations)
- Legitimate interests (i.e., to assess the veracity and quantum of claim(s))
- Identification data
- Contact data
- Risk data
- Financial data
- Policy data
- Current and previous claim data
- Credit and anti-fraud data
See section below concerning instances where we might need special categories of sensitive personal data including information about your health and criminal convictions
- Performance of contract with you
- Legitime interests (i.e. to defend or make necessary legal claims)
- Compliance with a legal obligation (i.e. to ensure we comply with all applicable rules and laws)
- Identification data
- Contact data
- Risk data
- Financial data
- Policy data
- Current and previous claim data
- Credit and anti-fraud data
See section below concerning instances where we might need special categories of sensitive personal data including information about your health and criminal convictions
- Performance of contract with you
- Legitime interests (i.e. to assist with the prevention or detection of fraud)
- Compliance with a legal obligation (i.e. to ensure we comply with all applicable rules and laws)
- Identification data
- Contact data
- Policy data
- Performance of a contract with you
- Legitimate interests (i.e., to correspond with insured / policy holder / beneficiary to facilitate the placing of applicable cover under insurance policies)
- Identifaction data
- Contact data
- Risk data
- Financial data
- Policy data
- Current and previous claim data
- Credit and anti-fraud data
- Legitimate interests (i.e., to structure our business appropriately)
- Compliance with a legal obligation
- Identifaction data
- Contact data
- Risk data
- Financial data
- Policy data
- Current and previous claim data
- Credit and anti-fraud data
See section below concerning instances where we might need special categories of sensitive personal data including information about your health and criminal convictions
- Compliance with a legal obligation
- Identity / Identifaction data
- Contact data
- Risk data
- Financial data
- Policy data
- Current and previous claim data
- Credit and anti-fraud data
See section below concerning instances where we might need special categories of sensitive personal data including information about your health and criminal convictions
- Legitimate interests (i.e., to build risk models that allow for the acceptance of risk with appropriate premiums)
Special Categories of Data: As we have indicated in Table 1 and Table 2 above, in order to process certain polices and / or claims connected to those policies, it may be necessary for us to collect and process certain special categories of data. However, given the limited likelihood of us needing to obtain this information from you, where we do need this information we will write to you to obtain your consent for processing this information. You may withdraw your consent to such processing at any time. However, if you withdraw your consent this may impact our ability to provide you with insurance cover or pay claims.
Change of Purpose: We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact our Data Protection Officer.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
WHO ELSE MAY HAVE ACCESS TO YOUR PERSONAL DATA
We may need to share your personal data information with third parties. For example, we may need to share your personal data to provide you with the insurance under your policy or to pay or otherwise investigate any claim arising from a policy entered into with us.
We share your personal data within Gullwing Racing Insurance and where necessary to perform essential business functions, we share your personal data with our authorized external third parties. For example, to process claims effectively and to carry out necessary business functions, external companies may provide functional support to Gullwing Racing Insurance. Another example is in data storage and processing. Gullwing Racing Insurance, like many companies, uses (cloud) service providers (“CSP”) to provide functional IT support. This includes the storage of personal data you provide to us. Any personal data provided to a third party is used solely for Gullwing Racing Insurance’s necessary business functions.
We may also transfer data to appropriate third parties as required by applicable laws, rules and regulations, in response to a lawful request from governmental authorities, or to comply with legal process.
We will get your express opt-in consent before we share your personal data with any company outside Gullwing Racing Insurance for marketing purposes.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
WHERE YOUR PERSONAL DATA MAY BE STORED OR TRANSFERRED
We share your personal data within Gullwing Racing Insurance and external third parties. Gullwing Racing Insurance and these third parties are located across the world. Some of these countries may be subject to additional or different data protection requirements. Where this is the case, we will take appropriate measures to protect your personal information in accordance with this notice and all applicable data privacy laws. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- We may transfer data to them if they are part of the U.S. Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
- They have EU approved binding corporate rules or other EU approved certifications.
Please contact us if you want further information on the specific mechanism we use when transferring your personal data out of the EEA.
HOW WE SECURE YOUR DATA
Gullwing Racing Insurance maintains physical, electronic, and procedural safeguards that comply with applicable regulations to guard your personal data. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business-need to-know. They will only process your personal data on our instructions. We have put in place procedures to deal with any suspected unauthorized access or loss of personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
HOW LONG WE KEEP YOUR DATA
By law we have to keep basic information about our customers (including Contact, Identity / Identification and Financial Data) for a required period of time even, in some circumstances, after your relationship with Gullwing Racing Insurance has ended. In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. Please contact us if you require specific information about the retention period of your personal data.
YOUR LEGAL RIGHTS
Under certain conditions, you may have the right to require us to:
- provide you with further details on the use we make of your personal data;
- provide you with a copy of the personal data you have provided to us;
- update inaccuracies in the personal data we hold;
- delete personal data we no longer have a lawful ground to use;
- where processing is based on consent, to withdraw your consent so that we stop that particular processing;
- object to any processing of your personal data that we do based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
- restrict how we use your personal data whilst a complaint is being investigated.
In certain circumstances, we may need to restrict the above rights in order to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that your personal data is not disclosed to any other person. We may also ask you for further information to clarify your request.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month. In this case, we will notify you and keep you updated.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
If you wish to exercise any of the rights, please contact our Data Protection Officer by submitting the data via email to race@gullwing.com
We have appointed a Data Protection Officer. If you have any questions about this Privacy Policy or our processing activities, please contact the Data Protection Officer at race@gullwing.com. While we would appreciate the opportunity to address your concerns first, you may have the right to make a complaint to the relevant national supervisory authority for data protection issues.
Annex 1
Flows of Personal Data through the Insurance Lifecycle
WEBSITE PRIVACY NOTICE
This privacy notice governs the collection, storage and use of personal data collected by Gullwing Insurance BV provides you with details about the personal data we collect from you, how we use your personal data and your rights to control personal data we hold about you. Please read this privacy notice carefully – by accessing or browsing this website (the “Services”), you confirm that you have read, understood and agree to this privacy notice in its entirety. If you do not agree to this privacy notice in its entirety, you must not use the Services. This privacy notice was last updated on May 23rd, 2017. Please check back regularly to keep informed of updates to this privacy notice.
Who we are
This website is made available to you by Gullwing Insurance BV. We respect your right to privacy and will only process personal data you provide to us in accordance with the Data Protection Act 1998, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and other applicable privacy laws. If you have any questions about how we collect, store and use personal data, or if you have any other privacy related questions, please contact us.
An important note about children
We do not and will not knowingly collect information from any child under the age of 18. If you are under the age of 18, you must not use any of the Services.
The personal data we collect about you
When you access and browse the Services (including when you submit personal data to us through data entry fields on the Services), we may collect the following information from you:
Identification data;
Contact data;
Risk data;
Previous claims data;
Your payment details if you choose to purchase insurance cover;
In addition, we may collect anonymised details about visitors to our Services for the purposes of aggregate statistics or reporting purposes. However, no single individual will be identifiable from the anonymised details that we collect for these purposes.
Please refer to our Privacy Policy which can be found at https://gullwing.com/privacy/ for more information on how, when and for which purposes we collect your personal data.
How we may store and use your information
We may collect, store and use your personal data listed above for the following purposes:
to make the Services available to you and to provide you with content which is tailored to your individual tastes;
to complete any purchases you make through the Services and to provide you with services that you request;
to further develop and improve the Services;
to maintain and support any customer account that you have with us;
to include (or to permit the inclusion of) advertising within the Services of our own and third party products, services and promotions that we or they think may interest you;
to contact you (including by SMS and e-mail) with products, services and promotions which we think may interest you;
Other than as set out in this privacy notice and our privacy policy, we will not disclose, sell or rent your personal data to any third party unless specified otherwise in our privacy policy.
If a third party acquires all (or substantially all) of our business and/or assets, we may disclose your personal data to that third party in connection with the acquisition.
We may also disclose your personal data where we are required to do so by applicable law, by order of a court, by a governmental body or by a law enforcement agency. We may also disclose your personal data in the context of investigating or reporting any issue arising in connection with activity by you or content supplied or purporting to be supplied by you, to you or on your behalf that we reasonably believe could be unlawful or otherwise in breach of our terms of service.
Technology Licensor disclosures
We may also disclose your personal data to the business that provides us with technology infrastructure and hosting services for the Service (the “Technology Licensor”). The Technology Licensor will use your personal data in order to check that you are using the Services in a way that complies with applicable law, does not infringe the rights of any third party, to maintain and improve the infrastructure and hosting services that it provides to us.
Cookies
This website uses cookies to collect information about you. Cookies are small data files which are placed on your computer by this website and which collect certain personal data about you. This enables us to tailor our service offering (including the website) to provide you with products and services which are more relevant to your individual tastes. However, you may change your website browser settings to reject cookies, although please note that if you do this it may impair the functionality of the Services. As each website browser is different, please visit your browser’s “Help” menu to learn how to change your cookie preferences.
Security
Whilst we take appropriate technical and organisational measures to safeguard the personal data that you provide to us, no transmission over the Internet can ever be guaranteed secure. Consequently, please note that we cannot guarantee the security of any personal data that you transfer over the Internet to us.
Your rights
You have the following rights:
the right to ask us to provide you with copies of personal data that we hold about you at any time, subject to a fee specified by law (currently £10);
the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you free of charge; and
the right to opt out of any marketing communications that we may send you.
If you wish to exercise any of the above rights, please e-mail us at the address specified above.