For information about how we intend to safeguard your data please see the information below.
1. About Us
2. What data we collect
3. When we collect your data
4. How we use your data
5. Who has access to you your data
6. Legal basis for using your information
7. Retaining your information
8. Security of your information
9. Your legal rights
10. Related notices and terms
11. Changes to this policy
ROCK Insurance Group is a trading style of ROCK Insurance Services Limited (ROCK) who is authorised and regulated by the Financial Conduct Authority (FCA number 300317).
References to “our Website” or “the Website” are to www.rockinsurance.com.
ROCK acts as Data Controller, which means that we determine the way in which your data is used (as described in this privacy notice). Your data relates to your staff that take part in your relationship with ROCK and your Approved Persons.
We collect personal data as part of providing services to you. We may also monitor or record calls, emails, SMS messages or other communications in accordance with UK law.
Types of Data we collect
Some information is necessary in order to provide you with the service you expect, if you do not provide us with the requested information, we may not be able to provide you with the relevant service.
We will collect your staff personal data during the relationship with your business. We collect the Approved Persons’ personal and special category data if you choose to become an Appointed Representative of ROCK.
ROCK uses a number or third parties to provide and administer your relationship. This includes:
• The Insurer, Underwriter, Underwriting Agent, Claims and Assistance Handlers in order to administer your insurance scheme. See the policy wording for their details.
• FireMelon Limited for the provision of some technology services.
• Pure360 for sending emails.
• Legal Authorities such as the Financial Conduct Authority, Financial Ombudsman Service, Information Commissioners Officer, Department of Social Security and HM Revenue and Customs on request.
We must make sure that there is an appropriate lawful reason for us to process your data. These legal bases are set out in data protection law and we rely on a number of different conditions for the activities we carry out.
We have a legal obligation to:
Assessing the fitness and propriety of the Approved Person
Quality assessing sales
Manage training and competency of Appointed Representative staff
Assessing sales KPIs (key performance indicators)
Giving feedback to your staff
Necessary in our legitimate interests or those of a third party:
Engaging with you in relation to our Partnership
Your personal data shall be retained as long as needed for the authorised purposes listed in section 4. This includes retention of some personal data following the end of our relationship with you, for example to resolve any potential disputes and for ongoing or prospective legal proceedings, to maintain records of our services, and otherwise to comply with our legal obligations and to defend our legal rights. We keep all data of a period of 7 years for these purposes.
Please contact us if you need further information about our retention periods.
We regularly review the technical and organisational security measures we have in place on our information and communications systems in order to prevent the loss, misuse or unauthorised alteration of your personal information. We also use industry standard security to encrypt sensitive data in transit to our servers.
Communications sent through our website, email or social media, rely on the internet which is a publicly hosted network and is therefore not secure unless the site has been encrypted. ROCK cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.
ROCK has deployed an adequate procedure to identify and communicate any incident of data breach within a delay of 24 hours and to resolve it within a reasonable delay.
Further information about security measures we apply to communications sent by email or over our website is available on request.
You have the following Individual Rights:
If you are dissatisfied with the response then you have the right to appeal to the Information Commissioners Office.
Terms relating to your insurance policy (where relevant) are provided separately by us and can be found in your Policy Wording.
From time to time we may need to change the way we use your personal data. Where we believe you may not reasonably expect such a change we will write to you. When we do so, you will have 60 days to object to the change.