Marketing & Management Services Ltd, trading as MMS
1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data.
Identification can be by the information alone or in conjunction with any other
information in the data controller’s possession or likely to come into such possession.
The processing of personal data is governed by the General Data Protection Regulation
2018 (the “GDPR”).
2. Who are we?
MMS is the data controller and is committed to protecting the rights of individuals
in line with the GDPR. This means MMS decides how your personal data is processed
and for what purposes.
3. How do we process your personal data?
MMS complies with its obligations under the general data protection rules by keeping
personal data up to date; by storing and destroying it securely; by not collecting
or retaining excessive amounts of data; by protecting personal data from loss, misuse,
unauthorised access and disclosure and by ensuring that appropriate technical measures
are in place to protect personal data.
4. The data we may collect about you (your personal data).
In order for us to administer insurance policies and / or deal with any claims or
complaints, we need to collect and process personal data about you. The types of
personal data that are processed may include:
Types of Personal Data
Name, address (including proof of address), other contact details (e.g. email and
telephone numbers), title, date of birth, NI number, employer, job title and employment
Passport, birth certificate, driving licence and other proof of address.
Bank account or payment card details, income or other financial information.
Information about you we may need to collect in order to assess a claim including
details about your health.
Information about the quotes you receive and policies you take out.
Credit and anti-fraud data
Sanctions and information received from various anti-fraud databases relating to
Previous and current claims
Information about previous and current claims, (including other unrelated insurances),
which may include data relating to your health and in some cases surveillance reports.
Special categories of personal data
Certain categories of personal data which have additional protection under GDPR,
this includes health.
5. Where might we collect your personal data from?
We might collect your personal data from various sources, including:
Your family members, employer or representative;
Other insurance market participants;
Anti-fraud databases, sanctions lists and other databases;
Government agencies such as the Jobcentre Plus;
In the event of a claim, third parties including medical experts, expert investigators
and claims handlers.
Which of the above sources apply will depend on your particular circumstances.
6. How will your information be used?
We may use your personal information in the following ways:
(a) To decide whether to enter into any proposed transaction with you in order to
arrange and administer insurance products where you are the beneficiary or a person
involved in any claim, including in certain circumstances, disclosing such information
to third party anti-fraud and money laundering agencies for the purposes of detecting
and preventing fraud and crime (as further set out in section 8 below);
(b) To identify you and to carry out any identity checks as may be required by applicable
law and regulation and best practice at any given time;
(c) To recover any payments due to us and where necessary to enforce such recovery
through the engagement of debt collection agencies or taking other legal action
(including the commencement and carrying out of legal and court proceedings);
(d) To analyse it in order to understand the service we provide and in order to
improve our business;
(e) To monitor calls and transactions to ensure service quality, compliance with
procedures and to combat fraud.
7. What is our legal basis for processing your personal data?
The legal basis for processing your personal data is through contract; processing
is necessary for the performance of a contract.
8. Disclosure to third parties.
We may also permit selected third parties and agents to access your personal information,
for the purposes set out in part 6 above. Specific examples of this are set out
below. All such exchanges will be made in accordance with applicable laws.
If false or inaccurate information is provided and/or fraud is identified or suspected,
details may be passed to fraud prevention and anti-money laundering agencies, law
enforcement agencies or other insurers and may be recorded by us or by them.
We and other organisations may also access and use this information to prevent fraud
and other crime, for example when:
(a) Reviewing applications for products (as outlined in part 6 above);
(b) Deciding whether to make a payment to you under an insurance policy;
(c) Taking steps to recover payments due.
We can provide the names and addresses of the agencies we may use to counter fraud
or money laundering upon request.
We may disclose your personal information to third parties, the courts and/or regulators
or law enforcement agencies in connection with enquiries, proceedings or investigations
by such parties or in order to enable MMS to comply with its regulatory requirements
or dialogue with its regulators as applicable.
In the event that MMS is (i) subject to negotiations for the sale of its business
or (ii) is sold to a third party or undergoes a re-organisation, you agree that
any of your personal information which it holds may be disclosed to such party (or
its advisors) as part of any due diligence process or transferred to that re-organised
entity or third party and used for the same purposes or for the purpose of analysing
any proposed sale or re-organisation.
9. Transmission, storage and security of your personal information.
No data transmission over the Internet or website can be guaranteed to be secure
from intrusion. However, we maintain commercially reasonable physical, electronic
and procedural safeguards to protect your personal information in accordance with
applicable data protection legislative requirements.
All information within our control is stored on our secure servers and internal
systems (or secure hard copies) and accessed and used subject to our security policies
Your personal information may be accessed by staff or authorised third parties.
10. How long will your information be held?
We will keep your personal data only for so long as is necessary and for the purpose
for which it was originally collected. In particular, for so long as there is any
possibility that either you or we may wish to bring a legal claim under this Insurance,
or where we are required to keep your personal data due to legal or regulatory reasons.
11. Your rights & contacting us.
Applicable data protection laws may give you the right to access certain personal
information held about you. We will comply with our obligations to provide you with
access to your personal information and to rectify any inaccuracies we are informed
of in accordance with applicable data protection laws.
We will use reasonable endeavours to ensure that your personal information is accurate.
In order to assist us with this, you should notify us or your agent of any changes
to the personal information that you have provided to us by updating your details
by contacting us at the address listed below.
We can be contacted in relation to your rights or any questions you may have in
the following means:
Post: Data Protection Officer
Your right to complain to the Information Commissioner’s Office (ICO).
If you are unhappy with the way in which your personal data has been processed you
may in the first instance write to us using the contact details above. If you remain
dissatisfied then you have the right to apply directly to the ICO. The ICO can be
Information Commissioner’s Office
where appropriate, through e-mail notification. We encourage you to review it from
time to time to stay informed of how we are using personal information.