Privacy Policy
PRIVACY
At i-Wonder, we take your data privacy seriously. In order to provide you with our services we collect and use personal data which means that we are a ‘Data Controller’ and we are responsible for and committed to protecting your privacy and complying with the UK General Data Protection Regulations (UK GDPR), Data Protection Act 2018, the EU General Data Protection Regulations where applicable and any subsequent laws or regulations applicable.
In this Privacy Notice, we want to inform you about what information we collect, how we use it and what rights individuals have in relation to the collection and processing of their personal data.
Our Contact Details
Name: i-Wonder
Address: 3 Warren Farm Barns, Micheldever Station, Winchester, SO21 3FL
Tel: 02380 175 134
Email: info@iwonder.co.uk
If you have any questions in respect of this Privacy Notice or how we manage your personal data, please contact us using the contact details above.
Whose Information Do We Collect?
We collect personal data in different ways in the course of delivering our services. This can belong to our corporate clients, private clients, partners, suppliers, associates, enquirers and often the employees or customers of our clients where it is necessary as part of the process or service we provide.
Where we process customer personal data on behalf of our corporate clients (for example; when providing quotation software and solutions) as part of our services to them, we do so as joint controller or we sometimes act as a data processor on their behalf and they remain the data controller. We maintain data processor agreements with all such clients to ensure that each party is committed to their obligations under the UK GDPR to protect your personal data.
What Personal Data Do We Collect And Process?
We collect the following types of data:
- General contact details such as, name, address, email address, telephone number.
- Business activities of the person whose personal data we are processing.
- Details of services and products discussed or provided to you.
- Details of your demands and needs in relation to insurance.
- Full details of your insurance risks being reviewed.
- Sanctions information.
- Previous insurance arrangements including claims history.
- General communications between you and us.
- Financial Details – such as payment or bank and tax details
- General identity details such as NI number or driving licence
- For recruitment: work and education history and any other information voluntarily submitted within CV content.
- Information obtained through our use of cookies (please see our Cookie Policy)
- Your marketing preferences
Special Categories of Personal Data That We Collect
In the process of facilitating our services we will process special category personal data such as health and medical details, criminal convictions or sanctions.
We do not request any additional special category data, however in some cases, you may voluntarily share additional information during discussion with us. Where this is the case, we collect this only with your consent and retain it for as long as strictly necessary.
How We Collect Your Information
In most cases we collect your data directly from you. We collect data and process it when you:
- Complete an online ‘contact us’ form.
- Input your information into a price comparison website for us or one of our corporate clients.
- Provide information during an appointment or consultation meeting.
- Speak to us on the telephone to discuss or use our services.
- Email or write to us.
- Create an account on our website.
- In relation to potential employment with us:
- Send us a CV
- Complete an application form
- Attend an interview
We also receive your data indirectly from the following sources:
- If you are an employee or customer of our corporate clients, we will receive your personal data in the course of delivering our professional services to them.
- If you are nominated as a point of contact from one of our commercial customers, we may receive your details from them.
- A partner or broker enters your information into a portal to obtain terms or rates.
- Your authorised representatives or those who hold power of attorney will share your information with us.
- Social Media Sites including LinkedIn.
- Public sources – demographic data, Market Research
- Publicly available company data sources such as Companies House and Royal Mail
- Referral from a personal or business contact.
- The use of cookies and similar technologies on our website.
Please Remember: Where you provide any of this information relating to or on behalf of another individual such as a nominated contact, you must remember to ensure that you have the consent of the individual and provide them with a copy of or access to this Privacy Notice.
Why Do We Collect Your Information?
Where we collect and process personal data, we identify both the purpose and legal basis for doing so. There are 6 possible legal bases which are:
Consent – where we have consent from the individual to the processing of his or her personal data for one or more specific purpose.
Contract – where the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legal Obligation – The processing is necessary for compliance with a legal obligation to which we are subject.
Vital Interests – Where the processing is necessary in order to protect the vital interests of the data subject or another natural person.
Public Interest – Where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Legitimate Interests – Where the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Our purpose and legal basis for the information we collect, and process allows us to:
| Our Purpose for Processing | Our Lawful basis | Condition for Special Category Data |
|---|---|---|
| To understand your requirements prior to entering into a contract of service / sale with you. | The processing is necessary for the performance of an anticipated Contract | |
| To understand all requirements to ensure that any information submitted as part of our contract of service or sale is accurate. | The processing is necessary for the performance of a Contract. | |
| To process health and medical details to ensure that contracts and services are suitable for our clients’ needs. | We need to ensure that contracts of services are suitable for the needs of our clients and customers. | We rely additionally on consent to process health and medical information. |
| To note potential vulnerabilities and ensure that our services and products meet the characteristics of our client / customer. | We need to ensure that contracts of services are suitable for the needs of our clients and customers. | We rely additionally on consent to process any details of vulnerability which are categorized as special category personal data. |
| To review and improve our products services and support by analysing complaints, feedback and vulnerable customer data. | It is in our legitimate interests to ensure that we constantly review our services and support to understand what improvements we can make for clients. | It is in the substantial public interest that we understand the different characteristics of clients and improve our services and deliver good customer outcomes. |
| To fulfil our contractual obligations with you. | The processing is necessary for the performance of our Contract. | |
| To manage our business operations and comply with any internal policies and procedures. | It is in our Legitimate Interests to use your personal information to ensure that we provide and adapt our services. | |
| To provide our corporate clients with information required to deliver our services to them. | The processing is necessary for the performance of our Data Processor obligations to the controller as part of our Contract. | |
| To notify you about changes to our service. | To notify you about changes to our service. It is in our Legitimate Interests to use your personal information to keep you informed about any changes that may affect you. | |
| For Electronic Marketing of similar services to existing clients or previous clients or enquirers. | It is in our legitimate interests to use your personal information for marketing purposes where the services being marketed are similar and relevant to you. | |
| To enable us to send renewal invitations to previous or NTU clients. | We rely on your Consent for this type of service when first obtaining a quote. | |
| For Electronic Marketing of services to potential new customers. | We rely on Consent for direct marketing to previously unknown individuals. | |
| To comply with our legal obligations, law enforcement, court, financial and tax requirements set by Government bodies and executive agencies. | We process the data to comply with our Legal Obligations. | |
| To carry out background and reference checks in relation to recruitment. | The processing is necessary when considering an employment Contract. | |
| To communicate with you about a potential or existing contract (for service or employment) | The processing is necessary for the performance and compliance with any Contract of employment. |
Where we rely on your consent you have the right to withdraw this consent at any time by contacting us using the details at the beginning of this notice.
Legitimate Interests – Where the processing of personal data is based on our Legitimate Interests, it is to improve on our service, security and prevent fraud or illegal activity in favour of the wellbeing of our customers, employees and shareholders.
Direct Marketing
We may send you details of similar services to those you have enquired about or purchased from us previously. You can opt out of receiving this information from us at any time by contacting us at the above address or clicking ‘unsubscribe’ on any messages you may receive.
We will never share or sell your information to any other party for marketing purposes.
Who Do We Share Your Information With?
From time to time, we may share your personal information with the following third parties for the purposes set out above:
- Our Accountant or Payment Service Providers
- Corporate Clients where they act as data controller
- Internal third parties acting as joint controllers or processors for i-Wonder.
- Software, App and Cloud storage providers.
- Payment Services and Software Facilities.
- Police and Law Enforcement agencies where reasonably necessary for the prevention or detection of crime.
- Regulators and governing bodies such as HMRC, FCA, Insurance Fraud Bureau or DVLA where required.
- Selected Third Parties in connection with any future sale, transfer, or disposal of our business.
International Data Transfers
With today’s modern technology including Cloud Storage and Software, some recipients of your personal data can be located outside your country or have offices in countries where data protection laws may provide a different level of protection than the laws in your country.
Where this is the case, we make sure that additional safeguards are in place such as ensuring that those countries have a decision of adequacy under the UK GDPR, or those firms have entered into UK updated standard contract clauses with us in their terms to support the ongoing protection of your data.
Automated Decision-Making Or Profiling
In the course of sourcing a suitable quotation based on your input details, our quotation software and portals process personal data for automated decision making or profiling. The information is transferred electronically to insurance product providers who also do so. You have the right to request human intervention at any time.
How Long Do We Keep Personal Data For?
We will retain personal data in accordance with legal and regulatory requirements and for no longer than is necessary to fulfil the purposes set out in this privacy policy. We maintain and review a detailed retention policy which documents how long we will hold different types of data. The time period will depend on the purpose for which we collected the information and is never on an indefinite basis. Subsequently, we will delete your personal data in accordance with our data retention and deletion policy or take steps to properly render the data anonymous, unless we are legally obliged to keep your personal data longer (e.g. for tax, accounting or auditing purposes).
The following details the criteria used to establish the retention period set out within our policy:
Where It Is Still Necessary for The Provision Of Our Services
This includes the duration of any contract for services we have with you and for a period of 6 Years after the end of any contract with a view to maintaining and improving the performance of our products, keeping our systems secure, and maintaining appropriate business and financial records. Most of our retention periods are determined on the basis of this general rule.
Where Required by Statutory, Contractual Or Other Similar Obligations
Corresponding storage obligations may arise, for example, from laws or regulation. It may also be necessary to store personal data regarding pending or future legal disputes. Personal data contained in contracts, notifications and business letters may be subject to statutory storage obligations depending on national law. Where this is the case will retain the data in accordance with our obligations.
Your Rights as a Data Subject
As a data subject, you have rights in relation to your personal data. These are:
The Right to Access – You have the right to request details of personal information held or processed and to copies of this data. We do not usually charge for this service.
The Right to Rectification – You have the right to request that any information be corrected that you believe is inaccurate or to complete any information that you believe is incomplete.
The Right to Erasure – You have the right to request that we erase your personal information under certain conditions.
The Right to Restrict Processing – You have the right to request that we restrict the processing of your personal data under certain circumstances.
The Right to Object to Processing – You have the right to object to our processing of your data, under certain conditions.
The Right to Data Portability – You have the right to request that we transfer the data that we have collected to another organisation or directly to you, under certain conditions.
You also have the Right to Withdraw Consent where you have previously provided this at any time.
To exercise any of these rights, or if you have a complaint, please contact us using the contact details at the beginning of this notice.
You also have the right to complain to the Supervisory Authority. In the UK, where you wish to report a complaint or feel that we have not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office at:
Alternatively, you can contact them at:
The Information Commissioner’s Office
Wycliff House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Contractual Obligations And Consequences
In some circumstances, the provision of personal data is partly required by law (for example, tax regulations, employment and legal obligations) or can also result from contractual provisions. This means that it may sometimes be necessary to conclude or fulfil a contract, that the personal data be provided. In those circumstances where the data is not provided or where certain rights are exercised, (Erasure, Object) there is a possible consequence that the contract could not be fulfilled or concluded and may be cancelled.
Cookies & Similar Technologies
When you visit our Website, we use cookies and similar technologies to provide you with a better, faster and safer user experience or to show you personalised advertising. Cookies are small text files that are automatically created by your browser and stored on your device
when you visit or use the Website. For full information on our use of cookies and how to manage them, please see our Cookie Policy.
To learn more about how to manage your browser cookie settings in general please see www.allaboutcookies.org
Remember: When clicking on external links via our website or when you find us via social media platforms, you are visiting or redirected to the domain of those websites. We have no control over the privacy settings on these websites or the cookies they set, so please bear in mind that you should set your preferences in line with their own policies and cookie controls separately.
Data Security
We aim to protect your personal data through technical and organisational security measures to minimise risks associated with data loss, misuse, unauthorised access and unauthorised disclosure and alteration.
We store customer records in cloud-based services which have controlled and restricted access. We also operate internal policies and procedures detailing physical security, cloud storage security monitoring, access control and password security measures.
Changes To Our Privacy Notice
All businesses change from time to time. At i-Wonder we keep our Privacy Notice under regular review.
This Privacy Notice was last updated on 29th July 2024.