Cover-More UK is committed to the safe and careful use of your personal information. We take reasonable steps to protect any personal or sensitive data you provide to us from misuse, interference, loss, unauthorised access, modification or disclosure. We handle information in an open, fair and transparent way in accordance with the applicable data protection laws.
Cover-More Insurance Services Ltd is part of the Cover-More Group. Cover-More Group Limited is a travel insurance, medical assistance and data analytics group of companies.
This Policy will be reviewed at least annually, to ensure it remains up to date. It was prepared in October 2014 and it may be amended from time to time by posting the amended version on our website.
For further information on privacy in the UK, please visit the website of the Information Commissioner at http://ico.org.uk/
Your Personal Information
3. What is Personal and Sensitive Personal Data?
Personal Data means data that relates to a living individual who can be identified from the data or from the data and other information which is in the possession (or is likely to come into possession) of Cover-More.
Sensitive Personal Data is Personal Data that includes information about an individual's health, racial or ethnic origins, religious, philosophical or political beliefs, sexual preferences or practices, trade union memberships and criminal convictions or offences.
Cover-More regularly collects, holds, uses and discloses health information and is committed to providing this type of information (and any other Sensitive Personal Data which Cover-More may less frequently process) with an increased level of privacy protection Personal Data.
4. How We Collect Your Personal Information
Cover-More collects personal information from and on behalf of customers, business partners, suppliers, employers (relating to corporate policies), other insurers and third-party service providers.
In most cases, we will collect your Personal Data directly from you when you fill out an application form for travel insurance, become one of our representatives, make a claim or request assistance. This may occur over the phone, via email, a website or through one of our agents or partners.
In certain cases, we collect your Personal Data from third parties. For example, we may need to collect personal information from your representative (such as a legal guardian), your travel agent, the primary policy holder or any of the other organisations referred to below under Use and disclosure and identified in Appendix 2.
If you are an agent or authorised third party service provider, we may obtain information from a credit reporting agency or your agency group head office.
Where your company is the applicant on a corporate policy we may receive your details from your employer.
In addition, we collect information when you visit our website, social media pages and other pages that we own and manage.
We may also collect information by other means and will take reasonable steps to inform you if and when we do.
5. Your Sensitive Data
Your health information, such as pre-existing medical conditions, is generally required to arrange travel insurance, to make a determination on a claim or to provide you with medical assistance. Health information is Sensitive Personal Data.
As explained in section 4, if you provide your Sensitive Personal Data to us via a third party, you must provide us with your consent via the third party, and if you provide Sensitive Personal Data to us on behalf of other individuals, you must obtain their consent on our behalf.
Subject to certain exceptions set out below, we will not collect your Sensitive Personal Data without your consent. More information about your consent, and the rights and conditions attaching to it, is set out in section 18. The exceptions to reliance on your consent apply where the collection, use and disclosure of the Sensitive Personal Data:
- is necessary for the provision of emergency assistance in order to protect your vital interests, in circumstances where you are unable to give consent.
- is necessary for public interest reasons, on the basis of UK law, such as the prevention of fraud.
- is necessary for the establishment, exercise or defence of a legal claim.
6. What Personal Data does Cover-More Collect?
We collect the Personal Data we need to provide travel insurance and travel related products and services, including assistance when you are travelling.
The type of information Cover-More collects and holds varies depending on the type of product or service we provide to you. For example, Cover-More will hold different information about you if you have a travel insurance policy than if you make a claim on a policy or require assistance when travelling. This information may include information about a disability, or medical condition that you have or health information in general.
If you contact us by telephone, these calls may be recorded for training, quality and business purposes. For the type of personal and sensitive information Cover-More generally holds please refer to Appendix 1.
7. Accuracy of your Personal Information
Cover-More takes reasonable steps to ensure that the Personal Data collected, used or disclosed is accurate, relevant, complete and up-to-date.
If you believe your Personal Data is not accurate, complete or up to date, please contact the Cover-More customer service team.
- Email – email@example.com
- Telephone – 01245 272 408
8. Protecting your Personal Information
We take reasonable steps to securely store your Personal Data so that it is protected from unauthorised use, access, modification or disclosure. We store Personal Data in different ways, including in paper and electronic form, on both Cover-More premises and its data centres and our service providers premises and data centres, which include IT service providers and document storage and management providers. These service providers' premises and data centres may also be located overseas. We take reasonable steps to ensure that these service providers and their data centres meet the Cover-More Group's Privacy standards and the data is stored securely in accordance with the applicable data protection laws.
Cover-More uses SSL (Secure Sockets Layer) encryption to protect all network traffic between your PC and our systems. Any information travelling to and from our website is safe against interception by third parties who might otherwise use that information without your consent. SSL also protects you by confirming that you are looking at the correct Cover-More website and not a fraudulent site tricking you into revealing your personal information.
We maintain administrative, technical, and physical safeguards for the protection of Personal Data. Our security measures include, but are not limited to:
- Access to your Personal Data is limited to authorised personnel who have a legitimate need to know based on their job. In the case of third-party contractors who process personal information on our behalf, similar requirements are imposed. Where an individual employee no longer requires access, that individual's access is revoked.
- Only allowing access where the individual seeking access has satisfied our identification requirements, such as a security check on the commencement of a call.
- Confidentiality requirements for our employees and suppliers
- Secure Document storage
- Training and education is provided to all group employees in the handling of Personal Data.
- Security measures for systems access.
- Antivirus and anti-malware software, and regularly updated virus definitions.
- Third parties who we hire to provide services and have access to personal information agree to implement privacy and security practices that we deem adequate.
- Personal information provided on computer servers is secured in a restricted and controlled network environment.
- When transferring credit card numbers, via payment gateways the data is encrypted.
- Employing firewalls and intrusion detection systems.
- Third-party contractors who process Personal Data on our behalf agree to provide reasonable physical safeguards.
- Employing physical and electronic means such as alarms and cameras to protect against unauthorised access to buildings.
- Effectively and securely destroying data no longer needed, for example, by shredding or pulping in the case of paper records.
- Our security procedures and policies are audited on a regular basis to ensure they are updated in accordance with current legal requirements and current levels of security technology.
While Cover-More has security measures in place to protect your data, no data transmission over the internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, Cover-More cannot warrant or ensure the security of any information you transmit to us or we transmit on your behalf, or to you, in the course of providing services over the internet.
9. Non Completion of Online Quotes
If you do not complete an online quote request for any reason Cover-More may contact you on the contact details supplied to offer help completing it.
Use and Disclosure
10. How We Use and Disclose Your Personal and Sensitive Data
We use your Personal Data to provide you with the relevant product or service you have requested including: assessing your travel insurance application; identifying you; to manage and administer the product or service; assessing and paying a claim; or to provide you with assistance when travelling.
We also use the information of insured persons and claimants, to undertake analysis and actuarial processing which help us to deliver more accurate premiums, better assess claims, and improve the relevance of our products.
Everything we do with your Personal Data is underpinned by a "lawful basis". These are: (i) where the processing is necessary in connection with providing you with a quotation and/or contract of insurance and/or provision of insurance services that you have requested (for example, assessing your policy application, receiving payments or making payments on claims, and providing you with assistance which you are entitled to under your policy); (ii) to comply with our legal or regulatory obligations (for example, maintaining proper records, and complying with reporting requirements to our regulators); or (iii) for our "legitimate interests" (see below).
Where use of your personal information is not necessary for your quotation or policy, or for compliance with a legal or regulatory obligation, that use will instead be in our legitimate interests, in order to provide our services to you more effectively, including providing you with information about our products and services, and to operate our business as an insurer and assistance provider. We will always ensure that we keep the amount of information collected and the extent of any processing to the minimum required to meet this legitimate interest. Examples of our legitimate interests are:
- to identify you when you contact us;
- to deal with policy administration;
- to assess claims;
- to reassess premiums at renewal;
- to obtain feedback on the service we provide to you (including dealing with complaints or queries);
- to administer our website and for internal operations including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- for fraud prevention and detection purposes;
- to build actuarial models.
Use of your Sensitive Personal Data is supported by an additional legal basis, as explained in section 5.
For a list of the types of uses of your Personal Data by Cover-More please refer to Appendix 3.
11. Your Personal Information and Our Related Companies
When assessing your claim, we may refer to information provided by our third party medical and non-medical assistance providers, who include related entities.
We may also use related entities to process and assess your travel insurance application or claim and to administer your insurance policy. These related entities may be based in Australia or overseas in: New Zealand; Australia; Malaysia; China; India or USA.
12. Marketing Our Products and Services
Where we have your consent to do so, we may from time to time, provide you with information about other products, services and offers.
If you do not wish to receive this information, or wish to know the source of the information, please contact the Cover-More customer service team on 01245 272408. You can change your mind about receiving information about our products and services at any time, by contacting us.
Please note we will still need to send you non-promotional "service" information about your insurance, travel alerts, policy and claim documentation.
13. When We Share Your Information with Other Parties
We will only share (disclose) your personal information with third parties if it is required to fulfil service or product obligations to you, or if it is required under law or in an emergency situation.
Before discussing the progress of a claim or medical and non-medical assistance with third parties (other than the parties involved in providing such a service), for example, a relative or companion, we will obtain appropriate consent from you, your parent or guardian, power of attorney or executor (as relevant).
For a list of the types of entities Cover-More generally discloses your personal information to please refer to Appendix 2.
14. Transferring or Processing Data Outside of the EU
By purchasing a policy through us, we may send your information to overseas parties if required to provide you with medical and non-medical assistance or to progress and assess your claim. In addition, we may use third party service providers (for example, IT service providers) who operate or store data outside of the European Economic Area or the UK.
The countries we typically disclose your personal information to are generally located in the geographic regions you travelled during the duration of your policy or countries where Cover-More's offices are located (in particular New Zealand; Australia; Malaysia; China; India and the USA).
The nature of our business means it is often necessary for us to send your personal information outside the European Economic Area or the UK. This occurs because our business and the third parties identified in ‘Entities Cover-More typically discloses to and/or collects from’ have operations in countries across the world. For example, where you are flying outside of the European Economic Area or the UK, and you require assistance, your personal information will be transferred to the medical provider responsible for your care.
This may involve sending your data to countries where under their local laws you may have fewer legal rights. However, we will only transfer your personal data to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. Where we transfer personal information to third parties, we rely on mechanisms including data transfer agreements, certification schemes (such as the EU-U.S. Privacy Shield Framework) or exemptions (such as where the transfer is necessary in the context of a legal claim).
You have the right to ask us for more information about the safeguards we have put in place as mentioned above.
Your Privacy on the Internet
15. Collection of Other Information
Cover-More may also collect information such as the type of browser, or operating system you use, your domain name, IP address, access times, referring website addresses and page views. Our Internet Service Provider ("ISP") automatically identifies your computer by its IP address. When you visit pages on our website, our ISP may log your IP address. We do not link IP addresses to any personally identifiable information. Your IP address is used to gather broad demographic information only. A User Transaction ID is created each time you enter our website. This ID is used to keep track of your dealings with us, and other requests.
A cookie is a small, text-based file used frequently on some websites and portals. They are designed to assist and streamline the exchange of information between your computer's browser and our computer systems. Other cookies used by Cover-More collect information about the use of our websites. The information collected includes where visitors connect from, what version of browser they use and their path through the site. It helps us to provide personalised features and keep our content fresh and relevant.
Cover-More uses both "session" cookies (which are automatically wiped at the end of a browsing session), and "persistent" cookies (which remain on your device between browsing sessions - unless you manually delete them, so that we can tailor our websites to you on return visits).
The data collected is used by Google to compile reports on your use of the website and also to gather information on any other website activity or internet usage for website providers.
We also use other analytics tools such as Full Story and Quantcast to gather additional information on how you use our website, this is for us to understand how we can make your experience on the site smoother and detect any issues customers may be facing on our Cover-More website. Both Full Story and Quantcast have their data servers in the United States and local Privacy laws will apply to the processing and storing of this data. They may transfer information to third parties if this is compulsory by law.
Our web pages may contain electronic images, known as web beacons or spotlight tags. These enable us to count users who have visited certain pages of our website. Web beacons and spotlight tags are not used by us to access your personal information, they are simply a tool we use to analyse which web pages customers view, in an aggregate number.
Links to other Websites
Our web sites may contain links to non-Group web sites. Whilst such links are provided for your convenience, you should be aware that the information handling practices of the linked web sites might not be the same as ours.
Dealing with Cover-More
16. Resolving Your Privacy Issues
17. Personal Information Rights
You have a number of rights under data protection laws, namely:
- to access your data (by way of a subject access request);
- to have your data rectified if it is inaccurate or incomplete;
- in certain circumstances, to have your data deleted or removed;
- in certain circumstances, to restrict the processing of your data;
- a right of data portability, namely to obtain and reuse your data for your own purposes across different services;
- to object to any processing which is based on a 'legitimate interest' and to profiling (irrespective of whether it results in an automated decision being made about you);
- to prevent direct marketing;
- not to be subject to automated decision making (including profiling), where it produces a legal effect or a similarly significant effect on you;
- to claim compensation for damages caused by a breach of the data protection legislation.
- if we are processing your personal information with your consent, you have the right to withdraw your consent at any time.
We take the confidentiality of all records containing personal information seriously, and reserve the right to ask you for proof of your identity if you make a request in respect of such records. We will not ask for a fee to exercise any of your rights in relation to your personal data, unless your request for access to information is unfounded, respective or excessive, in which case we will charge a reasonable amount in the circumstances. We will let you know of any charges before completing your request.
We aim to respond to any valid requests within one month unless it is particularly complicated or you have made several requests, in which case we aim to respond within three months. We will let you know if we are going to take longer than one month. We might ask you if you can tell us what exactly you want to receive or are concerned about. This will help us to action your request more quickly.
To exercise any of your rights, please contact us (see the Contacting Us section). In some cases we may be able to deal with your request over the telephone.
19. Dealing with Us Anonymously or under Pseudonym
You can deal with us anonymously or you may use a pseudonym where it is lawful and practicable to do so. For example, you may inquire about our products or request a quote. However we regret that we will not be able to offer you travel insurance, assess and pay your claim, appoint you as our authorised representative or provide you with medical and non-medical assistance if we cannot identify you.
20. Your Travel Agent and Your Personal Information
We require our agents and partners to handle your personal information in a manner consistent with this policy. Our agents and partners (including travel agents) are authorised to arrange your travel insurance.
We rely on you having provided your travel agent with your consent if you would like us to share information about your claim or existing medical condition assessment with them. You may choose to deal directly with Cover-More if you prefer not to provide them with information about existing medical conditions and health related matters included in your claim.
21. Contact Us
You can contact the Data Protection Officer at: Cover-More Insurance Services Limited, Parkview, 82 Oxford Road, Uxbridge UB8 1UX, United Kingdom, or by emailing the Data Protection Officer at firstname.lastname@example.org.
22. Appendix 1: Information Cover-More Typically Collects and Holds
In general, Cover-More may collect and hold the following personal information:
- Name and address.
- Date of birth.
- Contact details, which may include your telephone number and email address.
- Your gender.
- Personal data of any other person you wish to insure, including date of birth, gender and name.
- Your travel plans.
- Information about your medical history and the medical history of any other person you wish to insure.
- Personal data, including health information, about anyone who requires assistance under their travel insurance policy.
- Information about the medical history of any person that results in a claim that we have to assess.
- Information about claims you make or wish to make under your policy.
- Your bank account details so that we may pay your claim.
- Your credit card provider details so that we may recover any monies payable under the travel insurance provided by the credit card company.
- Other information required to administer the product or services you have requested including determining a claim.
- Any details contained within identity documents provided to us.
- The type of medical and non-medical assistance you have been provided with either by us, our service providers or your own medical practitioner.
- Employment and income information for cancellation and loss of Income claims Background and credit checks (for authorised representatives and suppliers.
23. Appendix 2: Entities Cover-More Typically Disclosures to and/or Collects From
Below are the types of entities Cover-More may collect your personal information from and may disclose your personal information to. This is not an exhaustive list.
- Our Insurer, ERGO Travel Insurance Services Ltd.
- Other insurers, including your insurer if not Cover-More.
- Reinsurers (where policies are reinsured, this means that the insurer will purchase its own insurance, from a reinsurer, to cover some of the risk the insurer has underwritten in your policy).
- The co-insured on any insurance policy, so we may confirm details of the insurance.
- Your travel agent, broker or the agent who sold you the travel insurance.
- Your employer (if a corporate policy).
- Claims administrators.
- Investigators, in relation to claims.
- Translators, for claims and assistance.
- Goods replacement suppliers to settle your claim.
- Banks and foreign currency providers to settle your claim.
- Transportation and accommodation providers.
- Travel agents and wholesale travel agencies.
- Any company who we may claim against.
- Medical practitioners and specialists.
- Medical providers such as hospitals.
- Emergency assistance providers.
- Security providers and agents.
- Family members in the event of a medical emergency.
- Witnesses, when making a claim.
- Record management and storage businesses.
- Companies who perform statistical analysis on our behalf.
- Customer survey businesses and mystery shopping agencies.
- Accreditation or certification organisations.
- Our professional advisors including lawyers, accountants, tax advisors and auditors.
- Debt collection agencies and other parties that assist with debt-recovery functions.
- Police and law enforcement bodies to assist in their functions.
- Courts of Law or as otherwise required or authorised by law.
- Regulatory or government bodies for the purposes of resolving customer complaints or disputes both internally and externally or to comply with any investigation by one of those bodies (including the FCA, PRA and the ICO).
- Insurance reference bureaus.
- Data retrieval agencies.
- Credit providers or credit reporting agencies (if you are our representative or supplier).
- Printing, mail and distribution companies.
- Telecommunication providers.
24. Appendix 3: Cover-More's List of Uses and Disclosure of Personal Information
We use and, in some instances, disclose your personal information when we, or third parties appointed by us, provide the following services:
- To identify you and other policyholders.
- Arranging and managing your travel insurance with us.
- To assess an application for a product, including assessing any existing medical conditions.
- Evaluating, managing, processing and paying an insurance claim.
- To recover monies due by other insurers.
- Evaluating the emergency care and assistance you require and other customer care activities.
- Providing medical and non-medical assistance, including settling costs on your behalf.
- Dealing with enquiries or complaints.
- To monitor and improve the services provided by us and our agents or service providers, the products we provide or our operations.
- For planning, product development and research purposes and to seek feedback on products and services (including those products and services offered by others on our behalf).
- Carrying out market analysis and research and product analysis and development.
- Enhancing our services for our website visitors.
- Conducting internal investigations in relation to crime and fraud prevention, detection or prosecution.
- Training our staff.
- To identify and develop products or services that may interest you and market them to you (unless you ask us not to do so).
- Carrying out accreditation or certification activities.
- For any other purposes that would be reasonably expected.
- Processing orders or applications to become a customer for our additional products and services, such as Global Sim.
- Carrying out credit checks, credit reporting and compliance checks through ASIC on our authorised representatives and suppliers.
- Carrying out debt-recovery functions.