Privacy Policy | PayingTooMuch
Introduction
Here at PayingTooMuch, we're committed to keeping your personal data safe. We'll always treat your personal data with respect and design our services with your privacy in mind.
This privacy policy should help you understand how we collect, use and protect your personal data. You should also show this policy to anyone who may have personal data included by you in any quote, product or service offered through us.
You acknowledge that by providing your personal data to us, you give permission to its processing as outlined below. When providing personal data about others, you also confirm that you have their permission to supply their personal data. We can't offer you any product or service that requires the processing of special category personal data, unless you provide consent for its collection and use. Special category personal data is defined in the General Data Protection Regulation (GDPR) and for example, includes data collected concerning your health.
Who we are?
“We”, “us” or “our” refers to Payingtoomuch is a trading name of TICORP Limited. Payingtoomuch travel insurance is arranged by TICORP Limited which is registered in Gibraltar. Company number 111526. TICORP Limited is authorised and regulated by the Gibraltar Financial Services Commission and trades in the UK on a freedom of services basis. Financial Conduct Authority FRN 663617
Payingtoomuch is administered by Eclipse Financial Management Limited for financial services that are regulated by the Financial Conduct Authority. Eclipse Financial Management Limited is authorised and regulated by the Financial Conduct Authority, reference 535496.
Processing your data
The data you provide us will be passed to our insurer partners and third-party providers as part of providing our services to you and providing you with quotes. Where you decide to proceed with one of our insurer partners or third-party providers you'll also become subject to the privacy policy displayed on their website, and we encourage you to read this. The categories of insurer partners and third party providers are set out below.
- Travel-related insurers/providers
- Motor-related insurers/providers
- Household insurers/providers
- Staysure Group Limited (registered in Gibraltar – company number 118633)
- Other third-party insurers
Certain insurers/providers may compare your information against data they, or the company behind the brand they represent or their group of companies, already hold on you from existing products or services. They may share this with their underwriters for the purpose of analysing market trends or to assess membership and transactions against certain loyalty schemes and apply a discount if applicable.
Some of our providers may process your data outside of the UK. Where this is the case, we have contractual agreements with them to ensure it is kept securely at all times and that UK data protection standards are met.
The data we collect
We collect personal data, and may collect special category personal data (i.e. health data), as part of providing services to you. We may also monitor or record calls, emails or other communications in accordance with UK law.
It's important that you check that the personal data you provide is correct, complete, accurate and not misleading. Failure to do so may affect the services we can provide or delivery of information we need to send to you.
As part of our price comparison service, data collected will be passed to our insurer partners and third-party providers as noted in the ‘Processing your data’ section above.
Personal data
Examples of personal data we may collect include:
- Names and titles
- Physical address and address history
- Contact details, including; telephone numbers and email addresses
- Date of birth
- Gender
- Lifestyle and other information
Special category personal data
Examples of special category personal data we may collect include:
- Medical history
- Claims history
- Criminal convictions and CCJs
We may also indirectly collect other special category personal data during the course of any fraud investigations.
Call recording and monitoring
We may monitor or record calls, emails, SMS messages or other communications for:
- Business purposes such as quality control and training
- Processing necessary for entering into or performance of a contract
- Prevention of unauthorised use of our telecommunication systems and websites
- Ensuring effective systems’ operation
- Meeting any legal obligation
- Protecting your vital interests
- Prevention or detection of crime
- For the legitimate interests of the data controller
When data is collected
We'll collect your personal data when:
- You request a quote for any service available through our website
- You make a purchase from a third-party provider following a quote using our service
- You make customer enquiries
- You register for information or other services
- You respond to communications or surveys
- We require additional information from you for validation purposes
How we use your data
We'll use your data in the following ways:
- Processing quotes for our products and services
- Fraud prevention and detection
- Verifying your identity (when required)
- Undertaking market research, statistical analysis and product development
- Tracking and verifying sales with our insurance partners and third-party providers
- Keeping you informed about promotions and new developments. This could be by direct mail, email, SMS or where we're permitted to do so and you've not requested we stop
- For assessment and analysis so we can review, develop and improve our services for you
- We may use your information to make decisions about you using computerised technology to profile you, such as assessing which products might be of interest to you.
Legitimate Interests
There are certain circumstances where we process your personal data for our legitimate business interests. These can be for commercial or societal reasons. In order for us to process your data, we'll always balance our interests against your own to ensure it is fair.
The following processes rely on legitimate interest:
- Sharing data with our suppliers and service providers in order to generate a quote
- Fraud detection and prevention
- Engaging and contacting you throughout the lifecycle of your PayingTooMuch account to ensure you have a good experience as a customer
- Engaging you and contacting you at renewal to remind you of our service and to provide renewal quotes
- Internally auditing our processes to ensure we are maintaining high standards
- Providing a summary of your quote results
- Market research, statistical analysis, product development and sharing data within the Staysure Group to add value to our products and services
PayingTooMuch
Britannia House,
3-5 Rushmills Business Park,
Bedford Road,
Northampton,
NN4 7YB
Marketing and your preferences
PayingTooMuch has various offerings and from time to time we'd like to keep you informed of relevant news, products or services. This could be by email, direct mail, SMS or outbound phone channels.
If you'd rather we didn't contact you for this purpose, or to confirm the types of products and services that would be of most interest to you, then you can update your preferences or let us know by emailing us at; [email protected].
Your details may be used by us to provide you with a selection of quotes from among our panel of providers and brands from our partner, Staysure Group Limited. We may contact you to see if you're interested in buying a policy, highlighting any special offers or ways we might be able to help you get an even cheaper price.
Our renewal reminder service means that our systems may re-submit your quote details when your renewal is due (this will be based on the cover start date you entered for your last quote). The quote data will be sent to our panel of providers to calculate their quotes. Credit checks may be carried out as part of this process (as detailed within this privacy policy). The cheapest quotes returned will then be sent to you by email or direct mail with details on how to contact us to renew your policy.
We also use online advertising, to keep you aware of what we’re up to and to help you see and find our services.
We target PayingTooMuch banners and ads to you when you're on other websites and apps. We do this using a variety of digital marketing networks and ad exchanges. We also use a range of advertising technologies like web beacons, pixels, ad tags, cookies, and mobile identifiers, as well as specific services offered by some sites and social networks, such as Facebook’s Custom Audience service.
Our technology
We collect data about you through the use of technology such as cookies. For more information, view our Cookie Policy.
Links to other websites
Please note that we are not responsible for any third-party content provider or other third party offering goods and services via websites or linked to or framed around our website, or what they may do with any personal information that you may provide to them.
For that reason, please ensure that you also read their Data Protection and Privacy terms and conditions very carefully before providing them with your personal information.
Confidentiality and disclosure of your data
We endeavour to treat your personal data as private and confidential. From time to time we may employ agents and subcontractors to process your personal data on our behalf. The same duty of confidentiality and security will apply to them and all processing will be carried out under our instruction.
We would like to bring to your attention our obligations to disclose data in the following four exceptional cases permitted by law, and the other situations set out below. These are:
- Where we are legally compelled to do so
- Where there is a duty to the public to disclose
- Where disclosure is required to protect our interest
- Where disclosure is made at your request or with your consent
If you make a complaint about the service we have provided, we may be obliged to forward details about your complaint, including your personal data, to the relevant ombudsman. Be assured that they are similarly obliged to adhere to the requirements under the Data Protection Act 2018 and the UK General Data Protection Regulation, and keep your personal data strictly confidential.
Please note that we and our suppliers may make a number of checks to assess an application for car finance or verifying identities to prevent and detect crime and money laundering. We may also share data at any time for the purposes of fraud prevention.
Your rights as a Data Subject
You have a number of rights as a data subject. Please note that these rights do not apply in all circumstances.
Request your data
In order to access the data we hold about you, you need to make a ‘Subject Access Request’, or SAR. To make a SAR please email us at: [email protected] or write to:
The Data Protection Officer PayingTooMuch Britannia House, 3-5 Rushmills Business Park, Bedford Road, Northampton, NN4 7YB
Please provide:
- Your name, address, and date of birth and what information you would like a copy of.
- Identification documents; one that shows your name and signature (e.g. a copy of your valid passport) and one that shows your name and address (e.g. a copy of a recent bill, bank statement or other official document). We'll accept just one identification document if it shows your name, address and signature such as a copy of your driving licence. These requirements mean we can take reasonable steps to confirm your identity before providing any personal information we may hold about you.
If your SAR involves the personal data of other people, or you're making a request on behalf of someone else (e.g. on behalf of a parent or child), we may need identification from these people as well. We'll also need a signed letter of authority from them confirming that they're happy for you to act on their behalf and for us to release their data to you.
Once we have your written request and identification documents, we'll have 30 calendar days to fulfil your request. Where for some reason this won't be possible, for instance due to large volumes of data being involved, we're permitted by law to take up to an additional 60 days to fulfil your request. Where any delay is anticipated we'll let you know as soon as possible along with details of when we expect to be able to provide you with the requested documentation.
Other rights
Your other rights as a data subject, where applicable, include:
- The right to be informed about our processing of your personal data
- The right to have your personal data corrected if it is inaccurate, and to have incomplete personal data completed
- The right to object to the processing of your personal data
- The right to have your personal data erased (“right to be forgotten”)
- The right to move, copy, or transfer your personal data (“data portability”)
- Rights regarding automated decision making, including profiling
For more details on these rights and how to exercise them, please contact: [email protected].
If you have any queries about your rights, or believe that they have not been met by PayingTooMuch, please contact our Data Protection Officer at: [email protected]or by writing to:
The Data Protection Officer PayingTooMuch Britannia House, 3-5 Rushmills Business Park, Bedford Road, Northampton, NN4 7YB
Complain to the Supervisory Authority
If you have any complaints relating to the processing of your personal data, you also have the right to complain to the relevant supervisory authority. In the UK this is the Information Commissioner’s Office (ICO). They can be contacted at:
Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
Using your data for fraud and money laundering prevention and detection, and credit decisions
Credit reference
When you apply for an insurance quote through our website, a number of credit checks or other searches may be made through credit reference agencies, fraud prevention agencies or other public or privately available sources of information. For insurance products these checks may be processed by any provider at any stage of a quote, a policy renewal or in certain circumstances where an amendment to your agreement is requested.
Credit checks are made to ensure providers have the necessary facts to assess your insurance and financial profile, verify your identity, to help prevent fraud and to provide you with their best premium and payment options. This is normally a ‘soft’ credit check from a credit referencing agency. Soft credit checks allow you to get quotes without affecting your credit rating. They're visible on your credit report but don't show up in the same way as a 'hard' check.
Your full credit report won't be provided to you directly, and won't be made available to ourselves. If you want to access your credit report, you can contact the credit reference agencies currently operating in the UK. The information they hold may not be the same so it's worth contacting them all. They'll charge you a small fee.
- TransUnion: Consumer Services Team, PO Box 647, Unit 4, Hull HU9 9QZ or call 0330 024 7574 or log on to www.transunion.co.uk .
- Equifax: Credit File Advice Centre, PO Box 1140, Bradford, BD1 5US or call 0844 355 0550 or log on to www.equifax.co.uk.
- Experian: Consumer Help Service, PO Box 8000, Nottingham, NG80 7WF or call 0844 481 8000 or log on to www.experian.co.uk.
Retention of your data
Your personal data will be kept for as long as we require it in order to provide you with the agreed product(s) or service(s). We'll retain this data after any policy, account or service has been concluded or otherwise come to an end in line with legal and regulatory requirements.
Fraud prevention and detection
In order to prevent and detect fraud, insurers and other service providers may at any time share information about you with PayingTooMuch.
Also, we monitor information entered into our website and pass on intelligence of suspected fraud to other parties including insurance providers, aggregators, financial institutions and fraud prevention agencies. Law enforcement agencies may access and use this information.
We and other organisations may also access and use this information to prevent fraud and money laundering, for example, when checking details on proposals and claims for all types of Insurance. This may result in PayingTooMuch not being able to offer a product, or insurers offering a product on different terms.
Insurance providers exchange information through various databases to help check information provided and to prevent fraudulent claims. Specifically, Insurance Database Services Limited (IDSL) hosts the Claims and Underwriting Exchange (CUE), which holds a record of incidents reported to insurance companies by policyholders and third-party claimants. Insurers may validate the information provided by you, both about yourself and about any other person named on the application, against the information held on CUE and against other databases hosted by IDSL. Insurers may use this information to consider whether to accept the risk.
Insurance providers may also use the Motor Insurance Anti-Fraud and Theft Register, run by the Association of British Insurers (ABI). This is accessed by the police, the DVLA and DVLNI (Driver & Vehicle Licensing Agencies), as well as other insurers. Some insurers also participate in other data-sharing schemes.
The aim of all of this is to help PayingTooMuch and our insurance providers decide if they can offer a product, check information provided and prevent fraudulent claims. When we deal with your request for a quote, if applicable, the insurance provider or any intermediary or appointed representative may search these registers, databases and any other anti-fraud registers to provide such services. Under the conditions of your policy, you must tell us about any incident (such as accident or theft) which may or may not give rise to a claim. When you tell us about an incident we'll pass information relating to it, to the insurance provider, intermediary or appointed representative.
When you get a motor insurance policy, including motorbike or van cover, your insurance cover details may also be added to the Motor Insurance Database, run by the Motor Insurers' Information Centre (MIIC). This has been set up to help identify uninsured drivers and may be searched by the police to help them confirm who's insured to drive. If there's an accident the database may be used by insurers, MIIC and the Motor Insurers' Bureau as well as those making a claim for a road traffic accident, to identify the relevant policy information.
Change to this policy
This privacy policy was last updated on 1st May 2023. We reserve the right to make changes to this policy and you will be prompted of any changes when you next visit our website.
From time to time we may need to change the way we use your personal data. Where we believe you may not reasonably expect such a change we will write to you. When we do so, you will have 60 days to object to the change but if we do not hear from you within that time you consent to that change.