General Data Protection Regulations – Information and Your Rights

We at Cavendish Online want to be transparent about the data we collect and what we use it for. If you have any remaining questions after reading the below, please email us at dataqueries@cavendishonline.co.uk.

Cavendish Online relies on contract, legitimate interest and for compliance with legal obligations as the bases for data collection, processing and further contact. Cavendish Online is the Data Controller and does not pass your details to a third party for anything other than the provision of services for which you are applying, without your explicit consent.

Contract

In order to use our service, you agree to provide us with contact details which we can use. The service includes the steps necessary to getting investment accounts set up; getting your life insurance policy/policies activated (on risk); and occasional ongoing contact to check that your insurance policies remain appropriate for your circumstances.

Your data is shared with data processers only for the purpose of obtaining your quotes or account set up; it is only sent on to the insurance provider if you start an application.

Cavendish Online does not store any of the medical or family history data which you may provide during the insurance underwriting process, and only accesses this data when required or where appropriate. Data is passed to the insurance provider if you proceed with application.

All data is stored in the UK. The retention period (i.e. how long the data is stored for) is the life of the investment or term of life insurance policy (either in place or quoted) plus 6 years. E.g. if the term of insurance requested was 22 years, the retention period would be 28 years.

Once your data has passed the retention period it will be anonymised for the purposes of statistical and business analysis and your personal details will be deleted.

Legitimate Interest

It is in our interests as a business to understand our customer base, and how our customers’ needs may change over time.  It is in the commercial interest of the business to provide clients with details about life insurance policies. In addition, we genuinely believe it is in the legitimate interest of the client to contact them to get life insurance in place, if that’s what they want.

If you do not complete an application with an insurer, or if that application doesn’t progress to a live policy, a Cavendish Online representative may call, email or text you to check the performance of our website and see if we can offer further assistance. When we are very busy, we may call you and ask your permission to pass your details on to a third party that we work with, to get your protection in place.

We have general business interest in keeping records, monitoring tasks, auditing and staff training for: compliance as a business regulated and authorised by the Financial Conduct Authority and the Information Commissioner's Office; and for dealing with complaints.

We never sell your data for marketing lists.

We may use your contact data to let you know about our own products which we believe may be of interest to you.
If you do not want to receive any contact from Cavendish Online, please click here to unsubscribe; call us on 03456 44 25 40; or email unsubscribe@cavendishonline.co.uk.
We will then list you as ‘do not contact’. However, we reserve the right to contact you with specific information relating to your policies or investments taken out through Cavendish Online.

Categories of data we collect.

These will be contact details, feedback, and personal data, which may include special category data, that you may willing provide to us in an insurance application or when seeking to set up an investment account. We do not insist you provide us with this data, but if you do not then we may not be able to provide you with our service and your insurance policy or investment account might be invalid if you withhold any personal data that is legally required.

Below are your rights in respect of this data.

General rights:

  • Where the law does allow us to charge a fee then we reserve the right to do so.
  • You have the right to request why we are holding your data, the categories of data we hold, the purpose of the processing, the categories of the recipients of such data, how long we may hold that data, if automated processing is involved, and the possible source of the data if we did not collect the data direct from you.
  • You can ask if any of your personal data is transferred outside of the EEA by us or a processor acting for us.
  • You can ask for copies of personal data undergoing processing, where that does not affect the rights and freedoms of others. If you require further copies we can charge you a reasonable fee.
  • You can ask us to rectify inaccurate information or change and update any data that we hold about you.
  • You have the right to lodge a complaint regarding our processing of your personal data. You can complain to us at our contact address. You can lodge a complaint with the Information Commissioners Office (ICO) if you feel that we are infringing GDPR rules when handling your personal data. You can find out details about how to raise issues with the ICO from their web site www.ico.org.uk or via their help line 0303 123 1113.
  • You have the right to the rectification of any inaccurate personal data we hold about you or to have ‘incomplete data’ made ‘complete’ provided the processing requires such completeness.

In certain cases, listed below, you have the right to request the erasure of personal data we hold about you, but such a request would not override our compliance with any legal obligation we have

  • it is no longer necessary for us to hold such personal data in relation to the purpose for which it was collected
  • you gave consent and now wish to withdraw that consent and there is no legal grounds for us to continue processing,
  • on the grounds that we do not have a legitimate interest in processing your personal data and that legitimate interest was the legal basis we were using, and can verify that is the case
  • where we are using your personal data for marketing purposes
  • the personal data was unlawfully processed. You can ask us to continue storage of such data if you wish rather than select erasure

You have the right to restrict processing, but not continued storage, where the accuracy of the data is contested whilst we verify the accuracy.

There may be cases where you can request that we transfer some personal data to another controller.

You have the right to object to a decision based solely on automated decision making or profiling, where this is not necessary for entering into or the performance of a contract between us and you; or you have already given us your explicit consent and the process has already taken place. We will, where reasonable and appropriate, review any decision made and consider any point of view you make regarding that decision.

Where we have given the legal reason for processing as your having given us ‘consent’ to that processing, then you can withdraw that consent and after that withdrawal no further processing will take place. However, this does not affect processing which is based on other legal grounds. Please note that making such a request may result in us being unable to respond to your service requests or any request made in your communication to us. We may still be obliged to store a record of your communications and requests and our actions to your request to cancel consent.