Privacy policy

This privacy notice tells members and customers of UIA Mutual what to expect when we collect, use, retain and disclose your personal information.  Personal information is information that (on its own or together with other information) identifies you and is about you. This includes what you tell us about yourself and what we learn by having you as a member or customer. This notice was last updated in November 2021.

Who we are

When we refer to UIA Group (encompassing ‘UIA Mutual’, ‘UIA Mutual Insurance’ these are trading names of UIA (Insurance) Ltd and UIA (Insurance Services) Ltd), (or to ‘UIA’, ‘we’, ‘us’ or ‘our’), we mean:

• UIA (Insurance) Ltd
• And/or UIA (Insurance Services) Ltd (also trading as ‘UIA Mutual’, ‘UIA Mutual Insurance’)

Both of which are registered at Kings Court, London Road, Stevenage, Herts, SG1 2TP.

To ensure that we process your personal information fairly and lawfully, this notice informs you:

• Why we need your personal information
• How it will be used
• With whom it will be shared and
• What rights you have in relation to the personal information we collect

Within this notice we describe instances where UIA is the ‘data controller’ (the organisations who decide what personal information is collected and how it is used), and where we direct or commission the processing of personal information by third parties (data processors) on our behalf to provide services or improve our offering to you.

When you enquire about, and/or purchase UIA Insurance products, the information you provide will be used by UIA to underwrite and/or arrange and/or administer your insurance quote and/or policy.

Our commitment to your privacy

UIA recognises the importance of protecting personal and confidential information.  We take care to meet our legal duties, and we have put in place all reasonable technical, security, and procedural controls required to protect your personal information, in whatever format we hold that information.

How the law protects you

Your privacy is protected by law, which says that we can use your personal information only if we have a proper reason to do so. This includes sharing it outside of UIA. The reasons why we may process your personal information could be one or more of the following:

• To enter into or perform a contract we have with you
• When it is our legal duty
• When it is our legitimate interest, or
• When you consent to it
• For legal claims (in relation to processing special category data where processing is necessary for the establishment, exercise or defence of legal claims, or where courts are acting in their judicial capacity)
• Substantial public interest (in relation to processing special category data, where processing is necessary for reasons of substantial public interest, on the basis of EU or UK law, including where such processing is necessary for insurance purposes or fraud prevention purposes)

A legitimate interest is when we have a business or commercial reason to use your information, but this must not unfairly go against your rights or freedoms.  If we rely on our legitimate interest, we will tell you what this is.

Below is a list of the ways that we may use your personal information, and which of the reasons we rely on to do so.  This is also where we tell you what our legitimate interests are.  For further information in relation to the marketing that we undertake, please see the table below.

What we use your personal information for	Our reason(s) for processing	Our legitimate interests (where applicable)
Establishing a customer relationship, including fraud, anti-money laundering and sanctions checks	Performance of our contract with you To comply with our legal duty Our legitimate interests In relation to processing special category data: Not-for-profit bodies Substantial public interest for insurance purposes	To ensure that you are within our acceptable risk profile and to assist with the prevention of crime and fraud
To promote or arrange insurance policies where we are not the underwriter	Performance of our contract with you Our legitimate interests In relation to processing special category data: Not-for-profit bodies Substantial public interest for insurance purposes	To provide excellent products and services to our customers and structure our business appropriately
To carry out credit checks and administer payments relating to your insurance policy (including collecting or refunding premiums, paying on claims and processing and facilitating other payments)	Performance of our contract with you To comply with our legal duty Our legitimate interests	To ensure that you are within our acceptable risk profile and to recover debts due to us
To manage insurance claims (which may include using third party service providers to assist us with this)	Performance of our contract with you To comply with our legal duty Our legitimate interests In relation to processing special category data: Your consent Substantial public interest (insurance purposes)	To provide excellent service to our customers and assist them to in assessing and making claims.
To manage our relationship with you as a member	Our legal duty
To communicate with you about the Insurance policy you have purchased and subsequent renewals	Performance of our contract with you Our legitimate interests	To facilitate the continuation of insurance cover
To send marketing material and communications to you	Consent (where required in limited circumstances) Our legitimate interests	To send marketing communications about services and offerings by post, telephone and in other circumstances where we don’t require your consent.
To conduct analysis and research activities to improve and develop our products and services	Our legitimate interests	Enabling us to define audiences to market products and services to To ensure quality of delivery of our services and to improve our future products and service offerings To refine our pricing and risk assessment models across all our products and to improve the accuracy of our premiums
To conduct analysis and research activities to improve and develop our marketing and communication (which may include us creating anonymised look-alike audiences for marketing purposes)	Our legitimate interests	To ensure quality of delivery of our services and to identify and / or improve future product and service offerings To refine our pricing and risk assessment models across all our products and to improve the accuracy of our premiums
To transfer books of business or renewal rights to a replacement service provider	Our legitimate interests In relation to processing special category data: Your consent Substantial public interest (insurance purposes)	To structure our business appropriately and enable us to provide the best possible service to our customers.
To detect, investigate, report and seek to prevent financial crime	Performance of our contract with you Our legal duty Our legitimate interests	To assist with the prevention and detection of financial crime
To manage risk for us and our members or customers, including risk modelling	Our legitimate interests	To appropriately manage our risk
To comply with laws and regulations that apply to us	Our legal duty Our legitimate interests In relation to processing special category data: To establish, defend or prosecute legal claims	To take pre-emptive steps to ensure legal and regulatory compliance
To respond to complaints and seek to resolve them	Performance of our contract with you Our legal duty Our legitimate interests	To ensure quality of deliver of our services and to improve our services
To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, corporate governance and audit	Performance of our contract with you Our legal duty
To exercise our rights as set out in agreements or contracts with you or with third parties	Performance of our contract with you Our legitimate interests	To manage our business appropriately and enable us to deliver quality services to our customers

What types of personal information do we handle?

We process personal information to enable us to run UIA, to support the provision of services to members and customers, to maintain our own records and to promote products and services.

The types of personal information we use include:

• Personal details (such as names, addresses, telephone numbers, dates of birth)
• Trade union membership identifier
• Financial details (including payments to UIA by members and customers and payments made by UIA for service provided to members)
• Details of how you use our website, and where you have accessed it from
• Details of how you interact with us on social media
• Details of when you contact us and when we contact you (including voice recordings of telephone calls and copies of written communications such as emails or letters)
• Details of which UIA (Insurance) Ltd products and services you have purchased
• Details of your use of services offered by UIA (Insurance) Ltd
• Contact details (such as names, roles, telephone numbers and email addresses) of business contacts
• Details of dates of when your other insurances are due to renew
• In certain circumstances, information relating to your health, or the health of a policyholder or members of the policyholder’s household

Where we collect personal information from

We may collect your personal information from the following sources:

• When you request an insurance quote from us or from one of our third-party partners
• When you contact us (for example by phone, email or letter)
• In member or customer surveys or any other research activity we may conduct with you
• In prize draws, competitions or quizzes we may conduct with you
• When you use our services
• When you update your personal information using our website
• Personal information gathered from our website and social media accounts
• When you use or access our website
• Public information e.g. The Electoral Register
• Third party providers

If you choose not to give personal information

We may need to collect personal information by law, or under the terms of a contract we have with you.  If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot provide you with services under your insurance policy. We will notify you if your choice not to give personal information to us would result in a delay or prevent us from meeting our obligations.

Any personal information that is optional will be clearly marked at the point of collection.

Who we share your personal information with

These types of organisations are:

• The providers of UIA insurance products where UIA Mutual is not the underwriter, such as Motor, Pet Travel, and Gadget
• Loss adjusters or suppliers, building companies, and other relevant parties who act on UIA Mutual’s behalf in validating, quoting and completing the repairs of any claim.
• HM Revenue & Customs, our regulators and other authorities, including fraud prevention agencies (where required or permitted by law)
• UIA Insurance reinsurers

In the usual course of our business, we may use other third-party organisations known as ‘data processors’ under data protection law to support the essential delivery of our services. These organisations process your personal information on our behalf.

These types of organisations are:

• Mailing, email, SMS messaging, and/or print fulfilment organisations (to enable us to communicate with you efficiently)
• Providers of records management services such as secure disposal suppliers, and IT storage providers (to enable us to secure data efficiently)
• Market researchers (to help us to improve the services we offer)
• Providers of information management services (to help us learn about our customers)

UIA will never sell your information.

Automated Processing

As part of our sales process, our systems use automated decision making to decide whether or not we are able to offer a quote, examples include automated decisions based on flood risk data and / or theft risk data.  The automated decision making we use is needed to determine whether we can enter into a contract of insurance with you. If you’ve been subject to an automated decision and don’t agree with the outcome, you can ask us to review it.

Sending personal information outside of the EEA

Data protection law holds all countries in the European Economic Area (‘EEA’) to the same high standards. If we transfer information outside of the EEA, we will make sure that it is protected to these standards.

We will only send your personal information to countries outside of the EEA to:

• Comply with a legal duty, or
• Work with other third-party organisations (as detailed above) who we use to help provide our services to you

We will always use one or both of these safeguards:

• Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA
• Make use of Model Clause Contracts or binging corporate rules, where suitable, to facilitate the transfer of personal and special category data between ourselves and an international organisation

How long we keep your personal information

We will keep your personal information for as long as you are a customer of UIA Mutual.

After you stop being a customer: We may keep your personal information for up to 8 years for one or more of these reasons:

• To respond to questions or complaints
• To show that we treated you fairly, or
• To maintain records according to legal requirements and documented business need

We may keep your personal information for longer than 8 years if we cannot delete it for legal, regulatory or technical reasons. In these circumstances, we will make sure that your privacy is protected and only use it for legal or regulatory purposes.

Your rights and how to contact us

In order to exercise your rights under data protection law, we will need to verify your identity for your security.

You can contact us by emailing support@uia.co.uk or writing to Data Protection Officer, UIA Mutual, Kings Court, London Road, Stevenage, Herts. SG1 2TP.

How to get a copy of your personal information

You can request a copy of your personal information, as well as why we have that personal information, who has access to that personal information and where we got that personal information from at any time. Once we have received your request, we will respond within one month.

Letting us know if your personal information needs updating

You have the right to question any information we hold on you that you think is wrong, out of date or incomplete. If you do, we will take reasonable steps to check its accuracy and correct it.

If you need to update your contact details, you can do so by contacting us using the details above.

If you want us to stop using your personal information

You have the right to object to our use of your personal information, or to ask us to delete, remove or stop using your personal information if there is no need for us to keep it. This is known as the ‘right to object’ and the ‘right to erasure’ (or ‘right to be forgotten’).

We may be able to restrict the use of your personal information so that it can only be used for certain things, such as legal claims or to exercise legal rights. In this situation, we would not use or share your information in other ways while it is restricted.

You can ask us to restrict the use of your personal information if:

• It is not accurate
• It has been used unlawfully, but you don’t want us to delete it
• It is not relevant any more, but you want us to keep it for use in legal claims, or
• You have already asked us to stop using your personal information, but you are waiting for us to assess your request and confirm whether we are permitted to continue using the personal information under data protection law

If you want to object to how we use your personal information, or ask us to restrict how we use it, please contact us using the details above.

If you want us to erase your personal information

If you feel that we should no longer be using your personal information, or that we are illegally using your data, you can request that we erase the personal information we hold on you. When we receive your request, we will confirm whether the personal information has been deleted or tell you the reason why it cannot be deleted. There may be legal reasons why we need to keep your personal information.

If you want to request that we erase your personal information, please contact us using the details above.

Obtaining your personal information in a portable format

You have the right to get copies of your personal information from us in a format that can be easily re-used. You can also ask us to pass on your personal information to other organisations. To request this, please contact us using the details above.

Your right to complain

If you are not satisfied with our response or believe that we are not processing your personal information in accordance with the law, you can complain to the Information Commissioner’s Office (ICO) by emailing casework@ico.org.uk or telephoning 0303 123 1113. Additional contact methods are detailed on their website: https://ico.org.uk/global/contact-us

Changes to this privacy notice

We regularly review our privacy notice. We will publish any updates on the website and inform members and customers of any changes within our regular communications. You can request a copy of this privacy notice by using the details above.

What happens when you contact us?

We will need to verify your identity for your security. Verifying identity is an important way of safeguarding against criminal activities including the prevention of illicit access to your information.

If we are unable to validate your identity, we may ask you to provide further evidence so that we can access your information.

UIA Mutual reserve the right to discuss any financial transactions with the relevant bank account holder.

Freedom of Information

UIA Mutual and its subsidiaries are not governed by the Freedom of Information Act as UIA Mutual nor any of its subsidiaries are a public authority.

How to contact our Data Protection Officer

If you have any questions about this privacy notice or our processing of information, if you wish to raise a complaint on how we have handled your personal information, or if you wish to exercise any of the rights set out in this privacy notice, please contact our Data Protection Officer by emailing dpo@uia.co.uk or writing to Data Protection Officer, UIA Mutual, Kings Court, London Road, Stevenage, Herts. SG1 2TP.

Online Security

Because the confidentiality of your personal and financial details is very important our Web site secures your private information using a Go Daddy SSL Certificate. That is why this website uses 256-bit encryption that utilises SSL (Secure Sockets Layer).

It works by automatically scrambling the information you send over the web to make it meaningless. Once it arrives, we have the key to de-scramble the words. When you fill in any personal information or payment details, you will be in a secure area of the site. You can check this by looking for a padlock in the bottom corner of your web browser and that the web address starts with https://. The letter 's' stands for secure. When you send your information over the web, it will be encrypted to protect anyone from reading it.

In some instances the web page may not display https:// or a padlock; this is often the case with websites that use framesets. You can still confirm the security settings on these pages by right-clicking on the page and selecting 'properties'. If the page is secure the address line will begin https://. If you are using a Firefox browser then you will need to select 'This Frame > View Frame Source', and not 'properties'.

All the information that we save for you is protected by firewalls and a wide range of IT security measures.

Unfortunately, the transmission of information via the internet is not completely secure.  Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.  Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Cookies

What Are Cookies? 

Cookies have been an intrinsic part of the online experience for some time and largely go unnoticed, operating in the background. They are small files that are automatically stored on your computer and are there to allow certain features of a website to function properly.

A cookie will typically contain information so that a website can recognise a unique visitor, and optimise the web experience accordingly.

UIA and Cookies 

So that you can benefit from all the features on the UIA.co.uk site your computer, mobile or other device will need to accept cookies.

We only use two types of cookies, session cookies - which are temporary cookies that remain in the cookie file until you leave the site - and persistent cookies - which remain in the cookie file for a specific time, depending on the lifetime of the specific cookie. We don't use any third party tracking cookies.

Why do we use cookies?

• To help us recognise you as a unique visitor (just a number) when you return to our website.
• To allow us to tailor content or advertisements to match your preferred interests or to avoid showing you the same material repeatedly.
• To compile anonymous, aggregated statistics that allow us to understand how our site is used and to help us improve the structure of our website.

Cookies Used on UIA.co.uk

Cookie Name	What It's Used For
ecm	This cookie is used to store information about the anonymous and logged in visitor, including language, currency, user culture, and site information. For authenticated users, the user id and a unique ID are stored, and compared with the values on the server to determine valid authentication.
EktGUID	This cookie is used to track visitors to the site. A unique identifier for the current visitor is generated for all visitors, including anonymous visitors, and assigned to the visitor at the time they first arrive on the site. We use this information to uniquely identify the user when they perform unauthenticated actions on the site, such as commenting on content, and also to compile reports on visitor usage.
EkAnalytics	This tracks which users view which pages. This allows analytics reports to be generated.
ASP.NET_SessionId	This holds user specific non personally identifiable information which can identify individual users and allow applications to track them over a session so the correct content is delivered to the correct user.
whoson	This cookie stores an ID value so we can tell where you came from and if you have been on before; this will enable us to assess the effectiveness of this service.
pageparams	This provides specific information about the current page the user is on.
contextparams	This allows the site to understand what the user is currently doing.
searchcookie	Holds information about the users search.
2823_0	Identifies a user has entered a competition.
__utma __utmb __utmc __utmz	These cookies enable Google Analytics to work. They work to enable, establish and continue a user's session, taking the relevant information to allow us to analyse how the site is used and how we can improve it so that you continue to get the best service possible. The information is only seen by the relevant teams at UIA and Google.
Showcookienotice	This cookie lets the site know you have closed the pop up cookie notice.

Disabling/Enabling Cookies

You have the ability to accept or decline cookies by modifying the settings in your browser. However, this could impact on the use of interactive features on our site. Please refer to your internet browser's 'help' facility, or alternatively, you may wish to visit allaboutcookies.org which contains comprehensive information on how to manage cookies on a wide variety of browsers.

It is also possible to delete cookies; however this may result in difficulties in navigating around the Site.

By deleting cookies, information collected to date becomes redundant. We will still hold the information about the cookie on our system however we will not be able to identify your computer the next time you visit the site. The information we hold about that cookie becomes completely unidentifiable as soon as you have deleted it from your computer.