Assurant General Insurance Limited, its subsidiaries and affiliates (collectively “Assurant”, “We”, “Our” or “Us”) respect the privacy of Our users (“you” or “user”). This Privacy Notice (the Notice) describes how We collect and further use the Personal Information that We collect from you or otherwise process in connection with your use of Our mobile insurance information and claims website www.monzo-assurant.com (the “Service”). Assurant General Insurance Limited is the data controller of your Personal Information in the context of the Service.
This Notice applies to the Service only and does not reflect practices with respect to information gathered through other services We offer or websites We operate or the collection of information through off-line means. To review the privacy practices of those other services, please refer to the policies provided in association with each.
Please read this Notice carefully so that you understand your rights and how We will collect, use and process your Personal Information. If you do not agree with this Notice or any part thereof, you should not access or use any part of the Service. If you change your mind in the future, you must stop using the Service and you may exercise your rights in relation to your Personal Information as set out in this Notice.
We collect your Personal Information in the situations set out below. In this Notice, “Personal Information” means any information related to an identified or identifiable individual, and does not include data whereby personally identifiable information has been removed (such as anonymous data).
1.1 When you create or update your account: You provide Us with Personal Information when you create an account on the Service. To create an account on the Service, We ask users to provide Us with their policy number, email address and password.
1.2 When you add a covered device: You may add the details of which devices are covered by your policy (“covered devices”). As part of this you will provide information on your covered device, including, proof of purchase IMEI, serial number, manufacturer, model, memory and colour.
1.3 When you submit a claim: You provide Us with Personal Information when you submit a claim. When you submit a claim, We may ask you to provide Us with your: contact details (including telephone number, address, delivery information), covered device information (including mobile number, manufacturer, model, memory, colour, serial number, IMEI), proof of purchase (for example, a receipt), phone bill, network provider, contract type and details of the incident that you choose to provide (including the nature, location and time of the incident, reports to police or network provider and details of what is being claimed). We store your claims history, including claim ID, and information on any replacements or repairs made, including a repair ID.
1.4 When you communicate with Us or contact Us for Customer Support: When you contact Our customer support team via email, phone or otherwise (for example, when you enquire about the status of your replacement device or repaired device), We will collect information that you choose to provide to Us in your communications (such as the query or issue that you have raised).
1.5 When you access the Service: We collect information about devices used to access Our Service, (including IP address, device ID, browser used, browser language preferences, screen settings). We also collect information on how you use Our Service, including time and date stamps of actions such as access, record, share, edit and delete events, interactions with Our teams and transaction records.
1.7 When you submit a suspicious claim: If you submit a claim in respect of a device which has the same IMEI number as a previous claim, this will be flagged by Our fraud prevention database, which contains information (name, contact information, address and IMEI) entered by Us, other insurers, and fraud prevention agencies.
1.8 Information from payment processors: When you make a payment on Our Service, or receive a refund, We receive certain information from Our payment processors such as Barclaycard Payment Solutions and Eckoh UK Ltd.. From these parties We receive transaction reference numbers.
1.9 Information from Monzo: When you register, We receive your name, contact details (i.e., address, email address, mobile telephone number), banking details (i.e., account number, sort code, customer identification number) and date of birth from Monzo through whom you have obtained Our product.
We also process your Assurant policy information, including date of birth, product details and cover start date, previous claims history, policy ID, details of your excess and premium, and policy status, incurred devices and details of payments, for financial management and analytical purposes,.
We also collect, use and share aggregated data such as statistical or demographic data for Our purposes. Aggregated data may be derived from your Personal Information but this is not Personal Information as this data will not directly or indirectly reveal your identity. However, if We combine or connect aggregated data with your Personal Information so that it can directly or indirectly identify you, We will treat the combined data as Personal Information which will be used in accordance with this Notice.
We process your Personal Information for the following purposes:
How We Use your Personal Information to make automated decisions
3.1 Disclosure to Our Affiliates: We will disclose your Personal Information to other Assurant group companies for the purpose of performing tasks that directly relate to the provision of the Service. For example, We may share your information with Our affiliates to fulfil your claim.
3.2 Disclosure to Our Service Providers: We share your Personal Information with vendors and service providers We rely on for the provision of the Service, including website operators, customer support and providers of communication systems, cloud services and warehouse management. Please see Our list of service providers and third parties for more information.
3.3 Disclosure to Third Parties: We share your Personal Information with third parties to provide the services, who will use the data in accordance with their own privacy policies, which We encourage you to read, including providers of covered devices, Monzo bank, repair providers and payment processors. Please see Our list of service providers and third parties for more information.
3.4 Disclosure for Legal Reasons: Information about Our users, including Personal Information, will be disclosed to law enforcement agencies, regulatory bodies, public authorities or pursuant to the exercise of legal proceedings if We are legally required to do so, or if We believe, in good faith, that such disclosure is necessary to comply with a legal obligation or request, to enforce Our terms and conditions, to prevent or resolve security or technical issues, or to protect the rights, property or safety of Assurant or the Assurant group, Our users, a third party, or the public.
3.5 Change of Corporate Ownership: If We are involved in a merger, acquisition, bankruptcy, reorganisation, partnership, asset sale or other transaction, We may disclose your Personal Information as part of that transaction.
In providing the Service your Personal Information will be processed in the UK and European Economic Area (the “EEA”). Personal Information may also be transferred to, and processed in, countries where data protection and privacy regulations do not offer the same level of protection as the UK or the EEA, including the Isle of Man and the US.
Sharing Personal Information with Our affiliate involves transfers outside the UK and EEA to the US. For example, if We share your data with other Assurant group companies to fulfil your claim, that data will be processed by Our affiliate located in the United States.
Sharing Personal Information with Our Service Providers and Partners involves transfers outside the UK to the US. For example, if your covered device is an iPhone We share your data with Apple Distribution International, that data will be processed and managed by Apple, Inc. which is located in the United States.
Where Personal Information is transferred outside the UK and EEA to a country that is not subject to an adequacy decision by the EU Commission, or the equivalent in the UK, We shall ensure that relevant safeguards are in place to afford adequate protection for your Personal Information. To obtain a copy of the relevant transfer mechanism or additional information on the transfers, please address these requests to Us.
In some circumstances, you have the right to request access to, correction of, and deletion of your Personal Information, and to restrict the processing of your Personal Information. You also have the right to request a structured commonly-used and machine-readable copy of Personal Information that you have provided to Us for a contract or with your consent, and to ask Us to transmit (port) this Personal Information to another controller.
You may also object to Our processing of Personal Information in certain circumstances including where We are processing your data on the basis of Our legitimate interests, or in some cases where We are using your Personal Information for automated decision making (see section 2).
You can exercise any of your rights by contacting Us. In order to safeguard your Personal Information from unauthorised access, We may ask that you provide sufficient information to identify yourself prior to providing access to your Personal Information.
In certain situations, We may not be able or obliged to comply with part or all of your individual requests. For example, We may not comply with an access request if doing so would reveal Personal Information about another person, or comply with a deletion request relating to information which We are required by law to keep or have compelling legitimate interests in keeping. Please note that We have the right to refuse requests which are manifestly unfounded or excessive (for example, due to their repetitive character).
To provide certain parts of the Service (for example – Create an Account, Claims Submission and Making Payment), the provision and retention of Personal Information is mandatory: If relevant data is not provided, then We will not be able to provide certain parts of the Service.
We communicate with you through email, SMS and the Service. We will send you service-related communications (for example, “Your device has been shipped”) and customer experience surveys.
Please be aware that you cannot opt-out of receiving service-related messages from Us, but can opt-out of other communications using the unsubscribe mechanism at the bottom of each email, or by responding STOP to SMS communications.
We retain Personal Information you provide as long as necessary to fulfil the purposes set out in this Notice, or for as long as We are required to do so by law or in order to comply with a regulatory obligation. For example, We may retain claims related information for up to 6 years from the end of the insurance contract. When deleting Personal Information, We will take measures to render such Personal Information irrecoverable or irreproducible, and the electronic files which contain Personal Information will be permanently deleted.
We have implemented safeguards designed to protect your Personal Information in accordance with industry standards.
We have measures in place to restrict access to Personal Information to those individuals whom We know have a valid business purpose to have access to such data. We maintain physical, electronic and procedural safeguards. We follow generally accepted standards designed to protect the Personal Information submitted to Us, both during transmission and once We receive it. We require those who provide services for Us and to whom We provide Personal Information collected through the Service to keep such information secure and confidential. However, no method of transmission over the Internet or method of electronic storage is totally secure. Therefore, We cannot guarantee its absolute security.
We do not knowingly collect Personal Information from anyone under the age of 18. You must be at least 18 years of age to use the Service.9.2 Changes to this Notice
We may update this Notice from time to time. If We make any material changes to Our Notice, We will notify you by email or by means of a notice through the Service, or by other means. Please review changes carefully. Your continued use of the Service following notification of changes will be deemed as acceptance of the revised Notice.9.3 Contact and concerns
For customer enquiries, please contact us at: firstname.lastname@example.org.
If you have unresolved concerns, you have the right to complain to the UK’s Information Commissioner’s Office (https://ico.org.uk/make-a-complaint/), or the data protection authority where you live, work or where you believe a breach may have occurred.
If you wish to contact Assurant General Insurance Limited you can do so by writing to Us c/o Emerald Buildings, Westmere Drive, Crewe CW1 6UN.
We welcome your questions or comments regarding this Notice. Please write to Assurant General Insurance Limited (an Assurant group company), Data Protection Officer, PO Box 98, Blyth, NE24 9DL, or send Us an email at email@example.com. You may also write to Us at Assurant Privacy Office, 260 Interstate North Circle SE, Atlanta, Georgia 30339, USA.Effective date: 12th April 2020
As set out in Our Privacy Notice at section 3, We disclose your Personal Information to certain service providers and third parties.
1. Disclosure to Our Service Providers: We share your Personal Information with vendors and service providers We rely on for the provision of the Service, including: