Privacy Policy

We have made some amendments to our existing privacy notice

Website Privacy Policy – (Registration and Claim portal managed by EIP on behalf of Assurant)

Privacy Notice

Assurant General Insurance Limited ( “Assurant”, “We”, “Our” or “Us”) This privacy notice (the Notice) describes how We collect and further use the information related to an identified or identifiable individual (‘’Personal Information’’) that We collect from you or otherwise process in connection with your use of Our mobile insurance information and claims website https://portal.monzo-assurant.com/ (the “Service”).

This Notice applies to the Service only and does not reflect practices with respect to information gathered through other services We offer or websites We operate or the collection of information through off-line means.

Please read this Notice carefully so that you understand your rights and how We will collect, use and process your Personal Information. If you do not agree with this Notice or any part thereof, you should not access or use any part of the Service. If you change your mind in the future, you must stop using the Service and you may exercise your rights in relation to your Personal Information as set out in this Notice.

1. Personal Information We Collect

We collect your Personal Information in the situations set out below.

Information Provided by you

1.1 When you create or update your account: We collect policy number, email address and password.

1.2 When you add a covered device: You may add the details of which devices are covered by your policy. In this context, We collect information on your covered device, including, proof of purchase IMEI, serial number, manufacturer, model, memory and colour.

1.3 When you submit a claim: You provide Us with Personal Information when you submit a claim. We may ask you to provide Us with your: name, contact details (including telephone number, address, delivery information), covered device information (including mobile number, manufacturer, model, memory, colour, serial number, IMEI), proof of purchase (for example, a receipt), phone bill, network provider, contract type and details of the incident that you choose to provide (including the nature, location and time of the incident, reports to police or network provider and details of what is being claimed). We store your claims history, including claim ID, and information on any replacements or repairs made, including a repair ID.

1.4 When you communicate with Us or contact Us for Customer Support: When you contact Our customer support team via email, phone or otherwise, We will collect information that you choose to provide to Us in your communications (such as the query or issue that you have raised).

Information Collected via Automated Means

1.5 When you access the Service: We collect information about devices used to access Our Service, (including IP address, device ID, browser used, browser language preferences, screen settings). We also collect information on how you use Our Service, including time and date stamps of actions such as access, record, share, edit and delete events, interactions with Our teams and transaction records.

1.6 Cookie information: We use cookies and similar technologies such as web beacons to collect information about how you use and navigate Our Service (for example, the pages that you view and links that you click). We use cookies to help Us recognise you, improve your experience, increase security, and measure use and effectiveness of Our services. For more information about the cookies We utilise on the Service, please view Our Cookie Notice.

1.7 When you submit a suspicious claim: If you submit a claim in respect of a device which has the same IMEI number as a previous claim, this will be flagged by Our fraud prevention database, which contains information (name, contact information, address and IMEI) entered by Us, other insurers, and fraud prevention agencies.

Information Received from Third Parties

1.8 Information from payment processors: When you make a payment on Our Service, or receive a refund, We receive certain information from Our payment processors such as Barclaycard Payment Solutions and Eckoh UK Ltd. From these parties We receive transaction reference numbers.

1.9 Information from Monzo: When you register, We receive your name, contact details (i.e., address, email address, mobile telephone number), banking details (i.e., account number, sort code, customer identification number) and date of birth from Monzo through whom you have obtained Our product.

We also process your Assurant policy information, including date of birth, product details and cover start date, previous claims history, policy ID, details of your excess and premium, and policy status, incurred devices and details of payments, for financial management and analytical purposes.

We also collect, use and share aggregated data such as statistical or demographic data for Our purposes. Aggregated data may be derived from your Personal Information but this is not Personal Information as this data will not directly or indirectly reveal your identity. However, if We combine or connect aggregated data with your Personal Information so that it can directly or indirectly identify you, We will treat the combined data as Personal Information which will be used in accordance with this Notice.

2. Legal Basis for the Processing of your Personal Information and Purposes

We process your Personal Information for the following purposes:

• To fulfil Our contract with you, or take steps linked to a contract, including:

• We allow you to register and We set up an account for you at your request;

• We fulfil any insurance contract We have in place with you;

• We add covered devices to your account and policy at Our request;

• We verify your identity to make sure you have the authority under Our contract with you;

• We process your claims at your request;

• We take payment from you as set out in Our contract with you, i.e. for the payment of any excess;

• We make reimbursement payments to you where applicable; and

• We communicate with you about your account and in response to any queries you may have.

• As necessary to pursue Our legitimate interests, or the legitimate interests of a third party, including:

• We monitor use of the Service and use your Personal Information to help Us to track and analyse preferences and trends, evaluate possible new features, functionality and services, and improve Our Service.

• We use Personal Information to help Us recognise you on the Service, improve your experience, increase security of Our networks and systems, and measure use and effectiveness of Our Service.

• We use Personal Information you provide to investigate complaints received from you or from others, about the Service or Our products and services. We also use this Personal Information to track potential issues (for example, issues with fulfilment of services) and trends to better serve you;

• We use Personal Information to make decisions about, and to effect, reorganisations or sales of all or part of Our business;

• We monitor customer accounts to prevent, investigate and/or report fraud, misrepresentation, or crime, in accordance with applicable law;

• We will use Personal Information in connection with legal claims (for example, relating to denial of an insurance claim), compliance, including compliance with Our terms and policies, regulatory and investigative purposes (for example, theft and fraud investigations) as necessary (including disclosure of such information in connection with legal process or litigation);

• We use Personal Information of some individuals to invite them to take part in market research and customer surveys, and for the conducting of such research and surveys. You can opt-out of this at any time; and

• Where you give Us consent:

• For certain cookies and similar technologies, We seek your consent.

• For purposes which are required by law:

• In response to requests by government or law enforcement authorities conducting an investigation; and Responding to complaints where We are under a legal or regulatory obligation to adhere to a complaint handling procedure.

• Withdrawing consent

• Wherever We rely on your consent, you will always be able to withdraw that consent, although We may have other legal grounds for processing your data for other purposes, such as those set out above. Where you have given Us your consent, you can withdraw it by using the mechanism described to you at the time that your consent was obtained, or refer to Our FAQs for details of how to contact us.

• How We Use your Personal Information to make automated decisions

• We use automated decision making to assess insurance risks, detect fraud and administer your policy. For example, when you submit a mobile phone insurance claim online, We carry out automated decision making. We may accept a claim or refer a claim to a specialist based on the length of time a policy has been active. If your claim is referred to a specialist, you may be asked to provide additional information.

• If you have any concerns regarding the decision reached, please refer to Our FAQs for details of how to contact us and We will arrange for a person to check the accuracy of the result. We will need your name, email address, policy or account number and reason for your request.

• Fraud prevention and detection: We share your personal information with fraud agencies for fraud detection and prevention purposes. In this context, We will be a joint controller with a fraud agency, Synectics Solutions. This means We and the fraud agency will be jointly responsible for deciding how and why to process your information. This applies, for example, where We collect information about you, such as when you submit a claim. We have agreed to share some responsibilities to protect your personal information by: ensuring that we have a legal basis for processing your information; honouring your rights about your information; and making sure that your information is secure while it is being processed. You can contact Us to find out more about how We protect your information when We are a joint controller. You can also contact Synectics Solutions about how they handle personal information or read their privacy notice , which includes details of how to exercise your data protection rights. For more information, please get in touch with them at compliance@synectics-solutions.com or in writing to PO Box 3700, STOKE-ON-TRENT, ST6 9ET.

3. Disclosure of Personal Information

3.1 Disclosure to Our Affiliates: We will disclose your Personal Information to other Assurant group companies for the purpose of performing tasks that directly relate to the provision of the Service. For example, We may share your information with Our affiliates to fulfil your claim.

3.2 Disclosure to Third Parties and Service Providers: We share your Personal Information with third parties, vendors and service providers We rely on for the provision of the Service, including website operators, customer support and providers of communication systems, cloud services, warehouse management providers of covered device, Monzo bank, repair providers and payment processors. Please see Our list of service providers and third parties for more information.

3.3 Disclosure to Public Authorities: Information about Our users, including Personal Information, will be disclosed to law enforcement agencies, regulatory bodies, public authorities or pursuant to the exercise of legal proceedings if We are legally required to do so, or if

3.4 Change of Corporate Ownership: If We are involved in a merger, acquisition, bankruptcy, reorganisation, partnership, asset sale or other transaction, We may disclose your Personal Information as part of that transaction.

4. Where your Data is Processed

For individuals in the UK, personal information may be transferred to, and processed in, countries where data protection and privacy regulations do not offer the same level of protection as the UK and other parts of the world. Where personal information is transferred outside the UK to a country that is not subject to an adequacy decision regulation, a UK extension of the appropriate US Data Privacy Framework certification, an UK vendor’s Processor Binding Corporate Rules or other approved transfer mechanism. To obtain a copy of the relevant transfer mechanism or additional information on such transfers, please address these requests to us.

5. Automated decision-making and profiling

Automated decision-making will be used in certain circumstances. These automated decision-making tools are typically used when the insurer makes direct decisions about the policyholder (for example, when a claim is being processed). You will be given additional information about automated decision-making processes by the insurer before, or when decisions are made. You have the right to have someone to review the decision and obtain an explanation of the decision. If you wish to do so, please contact the insurer by using the contact details set out below.

6. Your Choices and Rights

 You have the following rights regarding on your Personal Information:

• Right to access the personal information We hold about you (Access)

• Right to have your personal information corrected (Rectification)

• Right to have your personal information deleted (Erasure)

• Right to request the restriction of the processing of your personal information (Restriction)

• Right to request the portability of your personal information when We base Our processing on a contract or your consent (Data Portability).

• Right to object the use of your personal information when We base the processing on a contract or on Our legitimate interests (Objection)

• Right to withdraw your consent when We base the processing on your consent (Consent)

Please note that in certain situations, and subject to applicable law, We may not be able or obliged to comply with all your requests, for example comply with a deletion request relating to information We are required by law to keep or have a compelling legitimate interest in keeping.

If you wish to submit your privacy right request, please click on the following link: www.assurant.com/dataprotection/eu.

If you have unresolved privacy concerns, and you are located in the UK, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

7. Data Retention

We retain Personal Information you provide as long as necessary to fulfil the purposes set out in this Notice, or for as long as We are required to do so by law or in order to comply with a regulatory obligation. For example, We may retain claims related information for up to 6 years from the end of the insurance contract. When deleting Personal Information, We will take measures to render such Personal Information irrecoverable or irreproducible, and the electronic files which contain Personal Information will be permanently deleted.

8. Information Security

We have implemented safeguards designed to protect your Personal Information in accordance with industry standards.

We have measures in place to restrict access to Personal Information to those individuals whom We know have a valid business purpose to have access to such data. We maintain physical, electronic and procedural safeguards. We follow generally accepted standards designed to protect the Personal Information submitted to Us, both during transmission and once We receive it. We require those who provide services for Us and to whom We provide Personal Information collected through the Service to keep such information secure and confidential. However, no method of transmission over the Internet or method of electronic storage is totally secure. Therefore, We cannot guarantee its absolute security.

9. Minimum age

We do not knowingly collect Personal Information from anyone under the age of 18. You must be at least 18 years of age to use the Service.

10. Changes to this Notice

We may update this Notice from time to time. If We make any material changes to Our Notice, We will notify you by email or by means of a notice through the Service, or by other means. Please review changes carefully. Your continued use of the Service following notification of changes will be deemed as acceptance of the revised Notice.

11. Contact Us

For general enquiries, please contact us at: monzoclaims@assurant.com.

If you have queries about this Notice or wish to lodge a privacy complaint, please contact Our Data Protection Officer:

• By post to: Assurant General Insurance Limited – Data Protection Officer - Emerald Buildings, Westmere Drive, Crewe CW1 6UN

• Effective date: 25 April 2024