If you are one of these individuals and would like further information on how we collect, use and store your data, please contact us at:
The Civil Service Insurance Society
1st Floor Gail House
Lower Stone Street
The Civil Service Insurance Society is a Not for Profit organisation and is an independent insurance intermediary. We are classed as a Data Controller which means we are responsible for deciding how your personal data will be processed.
We collect your information and use it in different ways depending on your relationship with us and how you have interacted with us. This can include information we share with or receive from other third parties.
To enter into or perform a contract:
for example, to provide an insurance quotation, to arrange and administer your insurance including making any changes, renewing your policy, cancelling your policy answering queries and to action your requests.
This information may also include sensitive (special category) data such as your medical history and conditions or criminal records which we can collect on grounds of substantial public interests to provide you with a quotation and/or arrange your insurance. If you give us information about another person in doing so you are confirming that you have their permission to do so and that we may use their personal data in the same way as we will use yours.
To comply with a legal obligation:
for example, the rules set by our regulator the Financial Conduct Authority (FCA) and also The Financial Ombudsman Service, to fulfil your data rights under data privacy laws, handle complaints about data privacy or our insurance products and services and to comply with other legal requirements.
For yours and our legitimate interests:
for example, to detect and prevent fraud, money laundering and other financial crimes, monitor and improve our business and our products and services, demonstrate compliance with applicable laws and regulations, handle legal claims, respond to other types of complaint not previously mentioned, and sending you postal direct marketing communications.
Where we rely on this lawful reason, we assess our business needs to ensure they are proportionate and do not affect your rights. In some instances, you also have the right to object to this kind of use. For more information, visit the “Your data rights” section of this policy.
With your consent:
for example, by sending you email marketing communications, when you ask us to provide you with information, when you give us your details, where we have obtained your contact details in the course of a sale, when you ask us to contact you for email marketing purposes and have not opted out of marketing messages. You can withdraw your consent at any time, for more information please visit the “Marketing” section of this policy.
To protect vital interests:
in extreme or unusual circumstances, we may need to use your information to protect your life or the lives of others.
We collect personal data from you when:
We also collect your information from other third-party sources where we have legal grounds to do so. These include anti-fraud and crime-prevention agencies, credit reference and vetting agencies, and other data providers.
Depending on your relationship with us, we may hold the following types of information about you:
Some of our processes combine different sets of information we hold. This can include combining different data sets we have about you or combining your information with that of other individuals.
Where applicable, we share your personal information with the following types of third parties when we have a valid reason to do so:
Other third parties including claims handling and assistance service providers may share personal information that you have disclosed to them, with us for the purposes of administering your policy. If you refuse disclosure of data to a third party which prevents the insurer from providing cover, the insurer may be released from any liability for any claim.
Data protection law places restrictions on transferring personal data outside of the United Kingdom (UK) and the European Economic Area (EEA). The EEA consists of the member countries of the European Union (EU), along with Iceland, Liechtenstein, Norway and Switzerland, and who are all considered to have appropriate data protection laws to safeguard your privacy and protect your rights.
We may need to transfer information to our service suppliers in countries outside the UK and the EEA. If we do, we will ensure that your information is properly protected. If the laws of the country where our supplier is based are not considered equivalent to those in the UK or the EEA, we will ensure that the service supplier enters into a formal legal agreement that reflects the standards required.
We will only send you marketing information regarding our own products and services and those from trusted third parties.
If you no longer wish to receive postal and/or email marketing communications from us, you can request us to stop by:
If you do choose to stop receiving marketing communications from us, we will ensure that you do not receive such material going forward, unless you change your mind and specifically request it in the future.
Data protection law gives you rights relating to your personal information. This section gives you an overview of these and how they relate to the information you give us.
The UK supervisory authority for data rights, the Information Commissioner’s Office (ICO), has also published detailed information about your rights on their website: www.ico.org.uk.
You have a right to request copies of the personal information we hold on you, along with meaningful information on how it is used and who we share it with.
This right always applies, but there are some instances where we may not be able to provide you with all the information we hold. If this is the case, we will confirm why we are unable to provide it - unless there is a valid legal reason that means we cannot let you know why.
If information we hold is inaccurate or incomplete, and this has an impact on the way we are using your data, you have the right to have any inaccuracies corrected and for any incomplete data to be completed.
If you ask us to rectify your information, we will either confirm to you that this has been done, or if there is a valid reason that this cannot be done, we will let you know why.
You have the right to request that your personal information is erased. If you ask us to erase your information, we will either confirm to you that this has been done, or if we are unable to delete it, let you know why and also inform you how long we will hold it for. For more information, see the “Retention Policy” section of this policy.
You can ask us to restrict the use of your information. If you ask us to restrict your information, we will either confirm to you that this has been done, or if we are unable to restrict it, we will inform you why.
You can object to receiving direct marketing from us. If you do so, we will ensure that you do not receive such material going forward, unless you change your mind and specifically request it in the future. For more information, see the "Marketing" section of this policy.
You can object to decisions made about you using your information and undertaken by purely automated means. If you do so, we will arrange for someone to assess the automated decision and confirm the outcome of this assessment to you.
You can object to us using your information for statistical purposes in some instances. If you do so, we will either confirm to you that the processing has stopped, or there is a valid reason for the processing to continue, we will inform you why.
You can challenge the use of your personal data where we use a legitimate business interest as a lawful basis to process your information. You can find more information on when we use this lawful basis in the “lawful ways we use your data” section of this policy. If you do so, we will either confirm to you that the processing has stopped, or there is a valid reason for the processing to continue, we will inform you why.
You have the right to request that your information be compiled into a common, machine readable format and either provided directly to you or sent by us to a third-party you nominate. If you request this, we will either act upon your instruction and confirm to you that we have done so, or if there is a valid reason that this cannot be done, we will tell you why.
Or by post:
The Civil Service Insurance Society
1st Floor Gail House
Lower Stone Street
Or calling us on 01622 766960
If you remain unhappy with our response you may raise a complaint with a supervisory authority responsible for data protection and privacy.
In the UK, the supervisory authority is the Information Commissioner’s Office (ICO), who can be contacted using the following details:
By telephone: 0303 123 1113
By post: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.
We will only retain data for as long is necessary for the purposes for which it is being processed and in line with our data retention policy. In most cases this will be a maximum of 7 years from the expiry of an insurance contract.
We are committed to protecting the online privacy of visitors to our website. We have implemented security policies, rules and technical measures to protect your personal data from unauthorised access; improper use or disclosure; unauthorised modification; and unlawful destruction or accidental loss.
If you contact us by email you should be aware that emails are not secure unless they have been encrypted. We cannot accept any responsibility for the unauthorised access to your data that is beyond our control.
Civil Service Insurance Society, 1st Floor Gail House, Lower Stone Street, Maidstone, Kent, ME15 6NB Company Reg. No. 34117. CSIS is authorised and regulated by the Financial Conduct Authority, regulation number 304151. All information on this site is intended for permanent residents of the UK and Northern Ireland only. CSIS is a ‘Not for Profit’ organisation.