GoSkippy Connect

Telematics Privacy Notice

Quick Links

Introduction

This privacy notice provides important information about how we collect and use your personal data.
This information includes:

  • Who we are and how you can contact us;
  • Who we collect personal data about;
  • What personal data we collect and when we collect it;
  • How we use personal data and the lawful reasons we rely upon to do so;
  • Your legal obligation to provide us with personal data, what those obligations are,
and the potential consequences of not complying;
  • Who we share personal data with and when we do so;
  • How we protect your personal data in the event we must transfer it outside the UK;
  • How long we keep your data for and how we securely destroy it when no longer needed;
  • Your data rights and how they apply to the personal data we hold about you.

This version of our privacy notice was published on the 27th November 2025.

There have been no previous versions of this privacy notice since GoSkippy Connect was launched.

Definitions of terms used in this notice

To help you understand, this section explains the meaning of certain terms used in this notice.

“GoSkippy Connect”, “we” and “us”

“GoSkippy Connect”, “we” and “us” means Somerset Bridge Insurance Services Limited, the FCA-authorised and regulated company trading under the registered trading name “GoSkippy Connect”.

Somerset Bridge Group

“Somerset Bridge Group” means the Somerset Bridge group of companies, which includes Somerset Bridge Group Limited and its subsidiaries; Somerset Bridge Limited, Somerset Bridge Insurance Services Limited, and Somerset Bridge Shared Services Limited. You can find out more about our group of companies on our group website here.

Arch Re

“Arch Re” means Arch Reinsurance, a leading reinsurer and the owner of the Somerset Bridge Group. You can find more information about Arch Re on their website here.

Third-Party

“Third-party” means a person or organisation which isn’t you, us, Somerset Bridge Group, or Arch Re.

Personal Data

“Personal data” means any information which, either in isolation or when combined with other information we hold, both identifies and relates to you as an individual.

Sensitive Data

“Sensitive data” means the categories of personal data which you will naturally be more selective about disclosing and which receive additional protection under law, and which is also known as “special category data” and “criminal” offence data”. You can find out more about the types of personal data falling into this definition here.

The GoSkippy Connect App

“The GoSkippy Connect App” means the GoSkippy Connect mobile phone/device application, available from app stores such as the Apple Store and Google Store.

Wedge Device

“Wedge Device” means the Bluetooth-enabled device provided by us and installed in your car, which, in conjunction with the GoSkippy Connect App, collects and uses your personal data and other information about your driving habits and style.

Driving Score

“Driving Score” means the score we generate from the personal data and other information we collect, and which provides an indication of how well you are driving.

More about us and how you can get in touch

Somerset Bridge Insurance Services Limited is the provider of GoSkippy Connect insurance policies.
It is directly authorised and regulated by the FCA for this purpose and acts as the data “controller”,
which means we are legally responsible and accountable for the way your personal data is collected
and used when quoting, selling and administering your policy.

We take data protection matters seriously and your opinion matters to us. If you have any questions about this notice or how we use your personal data, you can contact us using the details shown on your quotation or policy documentation, or use the methods below to contact our Customer Services Team:

By Webchat

Start Live Chat

By Email

goskippyconnect@goskippy.com

By Phone

0333 049 9050

Where insurance claims arise, we appoint another company in the Somerset Bridge Group, Somerset Bridge Limited, to administer these. Where they do so, they act as a separate data “controller” in relation to the claims information they hold. You can find out more information about how they collect and use personal data in their own published privacy notice, available here.

Who this notice applies to

This notice is relevant to you if you:

  • Have visited our GoSkippy Connect website;
  • Are a customer of GoSkippy Connect. This includes prospective policyholders who have received an insurance quotation, current policyholders who hold a valid insurance policy with us, those who were previously a GoSkippy Connect policyholder, and those who represent our customers, for example those with power of attorney or appointed litigation friends;
  • Are named on a GoSkippy Connect insurance policy, such as named drivers, employees of our business/corporate policyholders, or otherwise receive benefits under someone else’s policy;
  • Have downloaded the GoSkippy Connect App to your mobile device and/or installed a Wedge Device in your vehicle;
  • Request information from us or allow us to contact you for marketing purposes;
  • Engage with our social media posts or contact us directly with queries, concerns or complaints;
  • Are a third-party (or someone representing a third-party) who makes a claim against, or is subject to
a claim made by a GoSkippy Connect policyholder in relation to a collision or other insured incident.

If you are a customer of a different brand or trading name other than GoSkippy Connect, please visit our Privacy Centre for the correct privacy notice which applies to you.

What is Telematics Vehicle Insurance?

Our telematics insurance policies use your mobile device, coupled with the GoSkippy Connect App and the Wedge Device, to collect real-time information about your journeys and driving habits. This allows the pricing and terms of the insurance to be based on how you actually drive, and for us to provide you with feedback on your driving patterns and how you can change your driving habits to improve your Driving Score.

 

 

More information about how telematics works:

Like traditional vehicle insurance policies, telematics polices collect information about you, your driving history, your vehicle, and previous claims or motoring convictions, to provide you with a quotation and allow you to buy an insurance policy.

However, where traditional insurances rely upon periodic refreshes of your information to calculate future pricing and terms (for example, when you renew your policy each year or make changes mid-term), GoSkippy Connect uses the GoSkippy Connect App, coupled with the Wedge Device, to collect
real-time information about your driving habits and style.

This provides significantly more insight into how a person drives their vehicle, and offers
the following benefits:

Coins
Future Pricing

Future pricing can be determined based on how an individual drives, allowing good drivers to access lower prices, terms or other benefits;

warning-icon
Poor Driving

Poor driving habits can be flagged to the driver for remediation and unacceptable, dangerous or reckless behaviour can be identified quickly;

Fully comprehensive cover icon
Claims

Where a claim arises, these can often be resolved more quickly as information about an incident is easily available or known with precision, such as speed, deceleration/braking, location and direction of travel, reducing the need to rely on witness statements or potentially conflicting views of the drivers and passengers concerned.

Essentially, telematics insurance allows pricing and terms to be set based on how a person actually drives, rather than using the insurer’s “best guess”, which is predominantly based on statistical likelihood calculated from historic claims and policy data.

Where persistently poor or unacceptable driving behaviours occur (e.g. dangerous or reckless driving), we are also able to remove those individuals from cover more quickly, which helps reduce both the number and the severity of insurance claims and, by extension, helps keep the cost of our insurance products down.

We provide feedback on driving behaviour by using the information we collect to generate a Driving Score. Policyholders and named drivers are able to view the Driving Score in real-time via the
GoSkippy Connect app.

The personal data we collect and when we do so

We collect data directly from you and from third-party sources when you request a quotation, purchase insurance, and during the lifetime of your policy, including in the event you make a claim.

This information is collected in different ways, including through our websites, the GoSkippy Connect App and Wedge Device, or via correspondence (such as e-mails, phone calls or webchats) you exchange with us.

We hold different types of personal data in relation to you, some of which we may have learned or created by studying your quotations, policies and driving behaviour.

Some information we may only hold in certain circumstances, for example if you have had a claim on your policy, have opted to pay by monthly instalments, or have raised a complaint or concern.

The types of personal data we collect and use

Below shows the types of data we commonly hold in relation to GoSkippy Connect insurance policies:

  • Name & General Identifiers – Information that allows us to identify you, such as your name, salutation, policy number, claim number(s), and other unique references relating to you.
  • Contact Details & Permissions – Information comprising your e-mail and postal addresses, phone number, and any associated marketing permissions or contact preferences.
  • Socio-Demographic Information – Information about your employment status, profession, nationality, and where you fit in terms of social or economic groupings or profiles.
  • Vehicle Information – Including the make, model, registration number, construction, any after-market modifications, overnight storage location, and in the event of a claim, any damage incurred.
  • Driving Licence & History Data – Information about your driving licence (including licence type, issuing country/authority and time held), claims history and any relevant motoring convictions.
  • Relationship Data – The nature of any relationship between the policyholder and any named drivers, personal representatives or third-party claimants.
  • Telematics Data (“Driving Data”) – Information collected about how your vehicle is driven, including trip data, GPS co-ordinates, accelerometer readings and how this relates to the speed limits of the roads travelled upon, braking and deceleration data, Bluetooth connectivity between mobile device and Wedge Device, information identifying who was driving and whether any mobile device use is indicative of driver distraction.
  • Contractual Terms & Conditions – Information comprising the specific terms of your insurance, including excesses, level of cover and uses insured, and any limitations or exclusions.
  • Financial and Transactional Data – Information about payments made (and payment methods used) when purchasing a policy and/or in relation to a claim, including related finance agreements, instalment plans, arrears and debt recovery, and refunds.
  • Locational Data – Information which confirms your geographical or online location, such as map co-ordinates or other latitude/longitude data, IP addresses and, in the event of a claim, the location of the incident.
  • Correspondence Data – Information contained in any contact we exchange with you, including webchats, e-mail, telephone calls and associated recordings, social media interactions and postal correspondence.
  • Technical Data – Information contained in any contact we exchange with you, including webchats, e-mail, telephone calls and associated recordings, social media interactions and postal correspondence.
  • Behavioural Information – Details about how you use our products and services and those of other organisations.
  • Open Data & Public Records – Details about you that are in public records such as the Electoral Register, and information about you which is openly available in the public domain.
  • Identity & Verification Data – Information stored in copies of documentation you provide to us to verify your identity or other material facts relating to your insurance, including driving licences, passports, birth certificates, bank statements, utility bills, witness statements and photographs.
  • Complaint, Dispute and Legal Claims Data – Information detailing concerns or complaints made by you, as well as any associated investigations, legal claims and interactions with third-party adjudication services or other relevant authorities.

“Sensitive” personal data

Some information we hold may be considered more sensitive due to the nature of the data and what it reveals. This is normally information which people will be more cautious or selective about disclosing, and receives additional protections under law.

The types of data deemed “sensitive” broadly comprise:

  • Data revealing racial or ethnic origins;
  • Information revealing religious, political or philosophical beliefs;
  • Trade union memberships;
  • Biometric data (information such as fingerprints and facial recognition);
  • Data concerning physical or mental health or genetics;
  • Information revealing sexual orientation or details of a person’s sex life, and;
  • Data relating to criminal convictions, including allegations, investigations and sentencing.

We only collect and use these types of data where the law allows us to do so.

When we collect and use your personal data

We collect your personal data from you directly when you:

  • Visit our website or interact with our other online presences such as via social media;
  • Request an insurance quotation from us, including via price comparison websites and similar services;
  • Purchase, change, or cancel a GoSkippy Connect insurance policy;
  • Make an insurance claim in relation to a GoSkippy Connect policy;
  • Drive your vehicle with a Wedge Device installed and/or connected to the GoSkippy Connect app on your mobile device;
  • Raise a query or request information from us;
  • Make a complaint or raise a concern;
  • Correspond with us via  webchat, e-mail, phone or post.

We also collect your data from other sources when:

  • You have authorised someone else to provide us with your personal data, such as when you are a named driver, or if someone has formal authority to represent you, such as Power of Attorney;
  • Your personal data is provided to us by a third-party with legal grounds to do so, such as insurance claim databases and anti-fraud services;
  • Your personal data is found in the public domain, and we have a legitimate business reason to collect it.

Collecting personal data of those under the age of 18

Unless you have a disability or long-term health condition, you can normally start driving a car when you’re 17 years old. This means that we may collect personal data relating to someone under the age of 18, when they visit our website, request a quotation from us, or purchase a policy.

If you are under the age of 18 and do not fully understand this privacy notice, you should speak to your parent or guardian. You can also contact our Data Protection Officer (DPO) using the details shown here.

GoSkippy Connect insurance policies are not available to children under the age of 13 and we do not knowingly collect or use personal data relating to those under 13, unless this is necessary for the handling of an insurance claim, for example if a child is injured in a collision involving a vehicle insured by us.

How we use your personal data lawfully

Our uses of your personal data stem from our business as a provider of motor insurance. Some of these uses relate to you and your relationship with us specifically, such as providing quotations, administering your policy, handling insurance claims and investigating any complaints.

Other uses relate to broader requirements placed upon us under financial service regulations or other legal requirements; for example, preventing and detecting financial crimes such as insurance fraud and money laundering, ensuring fair pricing practices, or complying with accountancy, book-keeping and taxation laws. Some of these uses involve combining your personal data with that of other individuals to perform statistical analysis.

We also use your personal data when it is necessary to meet a legitimate business interest, such as monitoring business performance, identifying ways to improve our products and services, and developing new business opportunities.

We will additionally use your personal data to provide you with marketing and promotional materials,
if you have agreed to this.

More information about how we use your personal data and the lawful reasons we rely upon to do so:

Where the personal data we hold is deemed “sensitive”, we only use this this data in the following scenarios:

Where necessary to perform or enter into a contract with you

Where the use of your personal data is necessary either to meet our contractual commitments to you, such as:

  • Providing quotations, selling policies and administering any mid-term adjustments;
  • Handling claims arising under the insurance policy;
  • Cancelling or voiding policies in accordance with contract terms or at your request;
  • Issuing insurance documents and other correspondence required under contract terms;
  • Processing payments, debt recovery and refunds.

Where necessary to meet a legal or regulatory requirement to which
we are subject

Where the use of your personal data is necessary to meet requirements arising from financial service regulation, data protection laws, insurance law and other legal requirements, such as:

  • FCA requirements and principles around fair pricing, consumer duty, insurance, complaint handling and regulatory reporting;
    The requirements of data protection law, including the fulfilment of data rights;
  • Preventing and detecting crime, including financial crimes such as fraud, money laundering and the financing of terrorism;
  • Accountancy, book-keeping and taxation laws. Cooperating with official authorities and regulators.

To meet our legitimate business interests

Where the use of your personal data is necessary to meet a real, legitimate and lawful business objective, and that objective is not overly invasive to your right of privacy, such as;

  • Monitoring business performance;
  • Statistics and market research;
  • Improving our products and services;
  • Complying with industry best-practice and relevant certification regimes;
  • Meet our contractual obligations with third party suppliers and business partners;
  • Handle legal claims and disputes.

With your consent

Where you have freely consented to the use of your personal data, such as:

  • When you have raised a query or requested specific information from us;
  • When you have agreed that we can contact you for marketing purposes.

Where essential to preserve life

Information about your driving licence (including licence type, issuing country/authority and time held), claims history and any relevant motoring convictions.

Where the personal data we hold is deemed “sensitive”, we only use this this data in the following scenarios:

Where necessary for insurance reasons

Where the use of your sensitive data is necessary either to meet our contractual commitments to you under an insurance policy, or to meet legal or regulatory requirements arising from the contract of insurance, such as:

  • Arranging non-critical health care following an insured event;
  • Meeting the requirements and principles of financial service regulation;
  • Meeting requirements arising under insurance or contract law;
  • Cooperating with requests from financial service authorities such as the Financial Conduct Authority (FCA) and the Financial Ombudsman Service.

Where necessary to prevent and detect crime

Where the use of your sensitive data is necessary to prevent and detect financial or non-financial crime, such as:

  • Taking steps to prevent or detect fraud, money laundering or financing of terrorism, including assisting other insurers or financial service providers with their own investigations;
  • Assisting the police and competent authorities with criminal investigations;
  • Assisting and supporting the apprehension and prosecution of offenders.

Where necessary to exercise legal rights or defend legal claims

Where the use of your sensitive data is necessary to either:


  • Exercise our legal rights arising under law, regulation, or applicable contract;
  • Defending against legal claims brought against us.

Where necessary to safeguard vulnerable individuals

Where the use of your sensitive data is necessary to safeguard or otherwise protect individuals who, due to physical or mental health, are less-able to protect themselves and their own best interests.

With your explicit consent

Occasionally, and with your express and informed permission, where the collection and use of your sensitive data is necessary, such as:


  • Arranging some kinds of routine health care following a claim;
  • Complying with specific requests you make of us.

Our use of automated decision-making and profiling

We use automated decision-making (decisions made by computers without significant human involvement)
to make decisions about the insurance quotations and policies we offer. These include decisions about whether we can offer you insurance, and if so, the pricing and terms (such as excesses, exclusions and limitations) which apply to your policy.

Some of these decisions include profiling, which is the act of combining your personal data with that of other individuals to assess or predict behaviour, social or economic status or capabilities, including any associated categorisation. This is then used to help determine the risk of insuring a particular individual, such as:

  • The likelihood of a claim arising during the lifetime of the policy.
  • The potential costs which could arise in the event a claim is made.
  • Identify potential insurance fraud or other financial crimes.

We also sometimes use profiling without automated decision-making to provide us with information
to help manage our business, for example:

Money pig

Fair Pricing

To comply with legal and regulatory requirements, including fair pricing rules;
Improvements

Improvements

To identify where we can make improvements to products and services;
Stats & Performance

Stats & Performance

To provide statistical information about business and product performance;
Future Business

Future Business

To identify future business opportunities.

You have rights in relation to automated decision-making and profiling.
You can find more information on these rights here.
 
You can also find out more about how profiling and automated decision-making is used in telematics insurance policies, and the effects these decisions can have on you here.

You are under a legal duty to provide us with information, including personal data, when answering our questions. Exactly which legal duty applies depends on whether you are purchasing insurance for personal
or business reasons.

Failing to provide requested information, or providing inaccurate information, can have a range of
consequences, including:

  • Additional premiums being payable;
  • Less-favourable terms being applied to the insurance policy, such as increased excesses or additional
exclusions or limitations;
  • Claims being declined, in whole or in part;
  • Policies being cancelled or, in extreme cases, voided from the outset.

The legal duty applicable to personal customers

If you are a personal customer, which is someone buying insurance wholly or mainly for purposes unrelated to your profession, trade or business then you are under the “duty to take reasonable care not to make a misrepresentation”. This means that you must answer all questions we ask of you truthfully and honestly, to the best of your knowledge and belief.

This duty arises from the Consumer Insurance (Disclosure & Representations) Act 2012.

The legal duty applicable to business & corporate customers

If you are purchasing insurance wholly or mainly for purposes related to your profession, trade or business then you are under the duty of “fair presentation”. This means that you must answer all questions asked by us truthfully and honestly and to the best of your knowledge and belief and in good faith. In addition, you must also disclose to us all material circumstances which you know or ought to know about which are relevant to the insurance you are arranging and ensure that all matters of fact you give us are substantially correct.

This duty arises from the Insurance Act 2015.

Who we share your data with

Where necessary, we share your personal data with third parties. These organisations provide a range of services which assist us in providing you with insurance, meeting our legal and regulatory obligations, and supporting our business objectives.

Some third parties undertake activities on our behalf and act as our “processors” under data protection law.
This means that we remain responsible for them and how they use your personal data.

The categories of third-parties we share your data with:

  • Other companies in the Somerset Bridge Group and/or Arch Re;
    Personal representatives appointed by you;
  • Organisations who introduce you to us, including price comparison websites,
insurance brokers, retail stores, car
dealerships and financial advisors;
    Our suppliers and agents involved in the delivery of our products and services, including solicitors, medical advisors, loss adjusters, claims experts and
IT systems providers;
  • Insurance databases such as the Motor Insurance Database (MID) and the Claims and Underwriting Exchange (CUE);
  • Crime detection and fraud prevention agencies and services;
  • Credit reference and credit scoring agencies;
  • Services which allow us to verify your identity and other information you provide to us;
  • Vehicle valuation, recovery, storage, engineering, and repair services;
  • Debt collection agencies;
  • Premium finance providers;
  • Law enforcement, government agencies, regulatory bodies, courts and public authorities, and independent complaint adjudication services such as the Financial Ombudsman Service;
  • Third-party insurers and those acting on
their behalf;
  • Social media platforms and media agencies that we advertise with or conduct marketing
activities through;
  • Third-parties where disclosure is required to comply with legal or regulatory requirements;
  • Third parties involved in possible merger, takeover or other asset or business purchase activities with us.

Transferring personal data internationally

Where necessary, we may transfer your personal data to suppliers or third-parties based outside the UK. We only do this where we can ensure that your personal data is appropriately protected to a standard comparable to that under UK law.

How we protect your personal data when transferring it overseas:

The most-common way we protect your personal data when moving it internationally is to transfer it to a country or organisation which is deemed “adequate” under UK law. This means that the laws of the receiving country have been reviewed and approved by the UK Secretary of State as offering equivalent protection as the laws of the UK itself.

If we have a valid reason to transfer your personal data to a country or territory which is not currently deemed “adequate” by the UK, we will ensure that the data is protected by a formal and legally enforceable agreement that meets the standards required under UK data protection law. These agreements are known as “appropriate safeguards” or “standard contract clauses” and have been written and approved by the UK Government as providing appropriate protection even where the laws of the receiving country do not provide this.

You can request more information about how we protect your personal data when sending it overseas by contacting us using the details shown here.

Retaining & destroying your personal data

We retain your personal data for a period of time after collection. Exactly how long we keep your data for will depend on whether you purchased a policy or not, and if so, whether a claim was made under the policy. This is because statutory retention requirements and liability limitation periods vary depending on these points.

We only keep your personal data beyond the relevant statutory retention requirements and liability limitation periods if there is a legitimate and justifiable business need to do so.

Once the retention period for your data is reached, we ensure that it is destroyed securely. For electronic records, we use secure erasure techniques to remove the data from our systems. Paper records and computer hardware are subject to physical destruction such as shredding or incineration by certified suppliers.

Retention periods for common data types

The table below gives the specific retention periods we currently apply to the most common types of personal data we hold about you.

Data Type
Current Retention Period
Unsold Quotation Data
3 years from the end of the quote validity period.
Insurance Policy Data
7 years from the policy expiry date.
Customer Correspondence (including e-mails, letters and call recordings)
7 years from the date of receipt.
Complaints Data
6 years from the date of complaint settlement or closure.
Data Rights Requests
7 years from date of receipt.
Data Relating to Insurance Claims
23 years from the date of claim settlement or closure.

Your data rights

Data protection law gives you certain rights in relation to your personal data.

The rights which are applicable to the data we hold are:

  • The right to be informed about how your personal data is used;
  • The right of access to your personal data;
  • The right to have inaccurate information rectified and incomplete information completed;
  • The right to have your personal data erased (also known as the “right to be forgotten”);
  • The right to restrict the use of your personal data;
  • The right to have your personal data provided to you or a third-party you nominate in a common,
machine-readable format (also known as the “right to data portability”);
  • The right to object to certain uses of your personal data;
  • The right to seek human intervention in certain automated decisions;
  • The right to withdraw consent;
  • The right to contact our Data Protection Officer (DPO);
  • The right to complain to us or the supervisory authority.

Some of these rights are broad and always apply, others are highly specific and only apply in certain scenarios.
 
Requests to exercise one or more data rights may also be rejected if they are considered “manifestly excessive” or “manifestly unfounded” under current data protection laws. You can find out more about these types of requests here.
 
The following sections give more detailed information on your specific rights and when they apply. If you would like to exercise any of your data rights in relation to the personal data we hold, you may do so by contacting us using the details provided here.

Click below to view the definitions of each of you data rights:

The right to be informed

You have the right to be provided with certain information in relation to your personal data and how we use it. This right always applies, unless it is overridden by broader legal requirements or restrictions.

The information you are entitled to comprises:

  • Who we are and how you can contact us;
  • Who we collect personal data about;
  • What personal data we collect and when we collect it;
  • How we use personal data and what lawful reasons we rely upon to do so;
  • When you are under a legal obligation to provide us with personal data and what those obligations are;
  • Who we share personal data with;
  • How we protect your personal data in the event we must transfer it outside the UK;
  • How long we keep your data for;
  • Your data rights and how they apply to the personal data we hold about you.

The required information is contained in this privacy notice. You can also find elements of this information in your insurance documents and, where appropriate, in other text, for example the help and FAQ sections of our website and the GoSkippy Connect App.

The right of access

You have the right to access copies of your personal data that we hold. This right always applies, but there are certain scenarios where broader legal requirements may restrict what we are able to provide you. These scenarios are known as “exemptions”.

Exemptions take many different forms and can vary significantly in terms of their scope and applicability.

The exemptions that most often arise in connection with insurance are where the release of personal data (or a particular set of personal data) would have a negative impact on one or more of the following:

  1. The privacy, rights and freedoms of other individuals who are also identified by the data;
  2. The prevention and detection of crime, including financial crime such as fraud, money laundering 
 and the financing of terrorism, and including the apprehension and prosecution of offenders;
  3. Legal professional privilege;
  4. Corporate finance and management forecasting, and;
  5. Negotiations, including legal disputes, with the individuals concerned.

The right to rectification

You have the right to have your personal data rectified in two different ways.

Firstly, where your personal data is factually inaccurate or otherwise misleading, your right to rectification entitles you to have this corrected.

Secondly, if your personal data is incomplete, your right to rectification entitles you to have this completed, including adding any missing information.

The right to erasure (the “right to be forgotten”)

You have the right to instruct us to delete, erase or otherwise destroy your personal data.

This right only applies in the following scenarios:

  1. Your personal data is no longer needed by us;
  2. Where you have consented to the processing of your data and then subsequently withdraw that
 consent, and there are no other legal grounds for us to retain your personal data;
  3. Where you object to the processing of your data, and there are no other legal grounds for us to
 retain your personal data;
  4. Your personal data has been unlawfully collected or used, or;
  5. Your personal data must be erased to comply with a legal obligation under broader UK law.

The right to restriction

You have the right to restrict the use of your personal data by us. This right only applies in the following scenarios:

  1. You have contested the accuracy or completeness of the information, for a period enabling us to verify the accuracy of the data;
  2. Your personal data has been processed unlawfully by us, but you oppose the erasure of your data and request restriction instead;
  3. We no longer need to retain your personal data, but you require us to retain it in connection with a legal claim, or;
  4. You have objected to us processing your personal data, for a period enabling us to investigate and respond to your objection.

While personal data is restricted under this right, it may only be used in the following ways:

  1. It may be stored by us;
  2. It may be processed in connection with legal claims;
  3. It may be processed to protect the legal rights (including data rights) of another person;
  4. It may be processed for reasons of important public interest, and;
  5. It may be processed for other purposes if you have specifically consented to them.

Your right to data portability

You have the right to request your personal data be provided to you in a common, machine-readable format. This right only applies if:

We are using your data either because you have consented to it or because it is necessary for us to perform or enter into a contract with you, and;

We are processing your personal data by automated means.

Where this right applies, you can choose whether to receive the information directly, or alternatively, to have us send your personal data to another organisation nominated by you.

Your right to object

You have the right to object to the processing of your personal data in certain circumstances.

This right applies when:

  1. We use your personal data for direct marketing purposes, which includes any profiling activities undertaken to support such activities, or;
  2. We rely on our legitimate business interests as a lawful basis to process your personal data.

If you object to the use of your personal data for direct marketing purposes, we must stop using your information for this purpose.

If you object to us using your personal data to meet our legitimate interests, we can only continue to use your information despite your objection if we are able to demonstrate that there are compelling legal grounds to do so.si

The right to seek human intervention in automated decisions

You have the right to seek human intervention in certain automated decisions we make about you.

This right applies when:

  1. The decision has a “significant effect” on you, such as deciding whether or not to offer you insurance or pay a claim, and;
  2. We are making the decision for one of the following reasons:
      • a. It is necessary to perform or enter into a contract with you, or;
      • b. It is required or authorised by law, or;
      • c. You have explicitly consented to the decision being made.

Where this right applies, you can contest the decision we have made. We will then arrange for a human being to review the automated decision. When conducting such a review, we can also consider any additional information or points of view that you wish to provide.

The right to withdraw consent

Where we process your personal data because you have consented to it, you always have the right to change your mind and withdraw your consent at a later date.n

The right to complain to us or the supervisory authority

You have the right to complain to us if you think we have not handled your personal data responsibly and in line with legal requirements or good practice. This right is in addition to your right to complain under other laws or regulations, for example the complaint handling rules issued by the Financial Conduct Authority (FCA).

You may also escalate your concerns to the Information Commissioner’s Office (ICO), who are the UK authority tasked with upholding data rights in the public interest. Normally, the ICO expect you to have first brought your complaint to our attention and to have given us the opportunity to respond directly, before they will consider your concerns themselves.

The ICO do not award compensation, and they do not fine organisations except in exceptional circumstances. However, they can investigate concerns brought to them by members of the public and order an organisation to act if, in the ICO’s view, the requirements of data protection laws have not been met.

You can find out more about the ICO, their powers, contact details and approach to complaint handling on their website here.

The right to contact our Data Protection Officer (DPO)

You have the right to contact our Data Protection Officer (DPO) with questions or queries about data protection matters, including the collection and use of your personal data and your data rights.

Our DPO can be contacted directly using the details below:

By e-mail: dataprotectionofficer@sbgl.co.uk

By post: FAO the Data Protection Officer, Somerset Bridge Group Limited, Lysander House, Catbrain Lane, Bristol, BS10 7TQ, UK.

More information about “manifestly excessive” and “manifestly unfounded” requests

“Manifestly excessive” requests are those which are wholly and demonstrably disproportionate in the circumstances in which they are raised, for example if an individual submits repeated requests for the
same information.
 
“Manifestly unfounded” requests are those where there is clearly no genuine intent to exercise the right of access, and the intent is instead to cause disruption or administrative burden to the organisation, possibly as part of a broader campaign against the business due to a complaint, concern or grudge. Such requests are often raised with the intent of securing a preferential outcome for the requestor, for example when an access request is submitted but the individual offers to withdraw the request if a rejected claim is honoured, a payment is made to them, the price of their insurance is reduced, or they are not required to pay
an excess.
 
We are not required to fulfil requests to exercise data rights which can be demonstrated to meet either of these criteria. Alternatively, we can choose to do so voluntarily upon receipt of a fee. Where charged, the
fee is normally reflective of the costs incurred by us in fulfilling the request.
 
If we determine that a request is manifestly excessive or manifestly unfounded, we will write to you and confirm how we have reached this decision. We will also inform you of ways that you can escalate your concerns if you are dissatisfied with the outcome.

Updates to this privacy notice

We may update this privacy notice from time to time, to reflect changes in privacy law, updates to financial service regulations, or to make improvements following customer feedback.
 
If we make any significant changes to how we collect and use your personal data, we will notify you of those changes directly.