Date last updated – December 2018
Citybond Holdings Limited, trading under its brand name – Spectrum Travel Insurance - is committed to respecting your specific data protection rights under the new EU General Data Protection Regulations (GDPR) which replaces the UK Data Protection Act 1998 (the UK Act). It came into effect from 25 May 2018. The GDPR applies to personal data or any information relating to an identifiable person.
This policy explains how we control and process any personal information we collect or you provide about you when you use our website, obtain a quote, buy a policy, subscribe to our newsletter and email or call us by phone.
Citybond Holdings Ltd is registered as a data controller with the Office of the Information Commissioner (ICO) which can be verified by contacting them. Should you wish to find out more about the data protection regulations and your rights in this area, please visit the ICO website at ico.org.uk.
Information about you
As a data controller, we need to collect and process relevant personal information, including sensitive data such as your answers to medical questions, which you give us when you use our services either online or over the telephone. The provision of our services may also require us to store details of your transactions, together with all declared personal information. We do not store any data relating to your debit/credit cards.
We will periodically review all personal information to ensure we do not keep it for longer than is necessary.
The information we hold about you can be made available to you on request free of charge.
Our website contains such computer programming as required to establish a connection and transfer content between our website and your computer and to obtain information about the number of connections to it. This data may contain details such as your IP address, the version of the operating system, screen resolution you are using, the version of your internet browser, page view history and other usage information. This information is used for the purposes of analysing the traffic to and through the website and for diagnosing errors. It does not contain any kind of data about you which may be classified as sensitive.
Our website (visited through any device) uses ‘cookies’, which are files containing small amounts of information that are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit or to another website that recognises that cookie. Cookies do lots of different and useful jobs, such as remembering your preferences, tracking navigation and generally improving your online experience. There are different types of cookies. They all work in the same way but have minor differences as shown in the Cookies table below.
Cookies can be disabled via the web browser settings for each web browser you use, on each device that you use to access the Internet. Please note that this may hamper your ability to effectively obtain a quote and purchase a policy from our website. All of our cookies automatically expire at the end of your session or after one month except where otherwise stated below or if cleared from your system before then.
For more information about cookies, you can visit www.allaboutcookies.org.
This is a list of the cookies we use:
|Cookie Name(s)||Reason we use it|
|ASP.NET_SessionId||This cookie is used for storing your session ID which is used to identify you. Session ID is then used to store data so that you do not have to re-key information when navigating between pages. The cookie remains in place for the session.|
|.ASPXAUTH||This cookie is used to determine if the user is authenticated. No personal information is collected.|
|__cb0xqsd||This cookie is created at the end of order journey and used for some browser validation to prevent duplicate policy purchase.|
|agent||This cookie is used to identify the website or the source of the visit. No personal information is collected.|
|brandingname||This cookie is used to identify the name of our website brand. No personal information is collected. The cookie remains in place for 30 days.|
|cookiespermission||This cookie is used to store the visitor’s cookie consent state for the current domain. No personal information is collected. The cookie remains in place for 1 year.|
|device||This cookie is used to identify the device and also used for debugging website errors. No personal information is collected. The cookie remains in place for the session.|
|_ga||This cookie is part of Google Analytics. It registers a unique ID that is used to generate statistical data on how the visitor uses the website. The cookie remains in place for 2 years.|
|_gid||This cookie is part of Google Analytics. It registers a unique ID that is used to generate statistical data on how the visitor uses the website. The cookie remains in place for the session.|
|_gat||This cookie is part of Google Analytics. It is used to throttle request rate. The cookie remains in place for the session.|
|_gac_property-id||This cookie is part of Google Analytics. It contains campaign related information which can be read by Google AdWords website conversion tracking tags. The cookie remains in place for 90 days.|
|_gwcc||This cookie is part of Google Analytics. The cookie remains in place for 3 months. |
|_gclid||This cookie is part of Google Analytics. It is used to pass information for AdWords attribution. |
|userTK||This cookie is used to identify a unique session to understand at which page you leave our website. The cookie remains in place for 30 days.|
|MediaSource||This cookie is used to identify if you arrived at our site as a result of our advertising and how effective this marketing is. No personal information is collected. This cookie remains in place for 90 days.|
|CampaignName||This cookie enables us to identify the name of an advertising campaign which uses a pay per click (PPC) marketing promotion. No personal information is collected and the cookie remains in place for 1 month.|
We reserve the right to make changes to the cookies and their usage. Any such changes shall appear here and become effective immediately. Your continued use of our website is taken as meaning that you agree to any such changes.
How we use the information
We collect and process information about you so that we can provide you with an appropriate travel insurance policy and services you request or those we think you would reasonably expect to receive in light of what you have bought or sought from us. These include:
- providing a quotation;
- sending a follow-up email with a discount offering, if such is available;
- issuing you with an insurance policy and any other relevant documents;
- meeting our contractual obligations to you such as issuing an annual policy renewal notice;
- servicing your policy or quotation request (including corrections, policy administration, payments, other transactions and public announcements about events affecting you or your travels);
- contacting you about other material we think may be of relevance to you, such as our newsletter filled with travel news, information and special offers. This aspect is further covered under Marketing.
We may monitor and record telephone calls in order to improve our service to you and to detect and prevent financial crime.
We may also use the information we collect to occasionally notify you about important functionality changes to our website.
Security of personal information
All personal information submitted is treated with the utmost confidentiality and with appropriate levels of security. Access to personal information is limited to those employees who have legitimate business needs for such information. We maintain physical, procedural and electronic safeguards to protect the privacy and confidentiality of your personal information.
Your personal information is reviewed periodically under our ‘Retention Policy’. Unless it is deemed to be to our mutual interest or unless we are required for commercial or legal reasons, we do not hold any personal information that has remained inactive for a period of 60 months and beyond.
We engage professional firms to carry out periodic penetration tests on our entire IT infrastructure to ensure security of data and resilience against any illegal or unauthorised attempts to access our servers. We also ensure no user or employee is able to plug an external device to any of our PCs, laptops or any other portable devices without authorisation.
We utilise appropriate security systems to protect all financial transactions carried out on our website. Information, such as credit card details, is automatically protected using a Secure Socket Layer (SSL) between your computer and ours which prevents impersonation. (Click on the padlock symbol at the bottom of the screen to reveal a registration certificate issued by a leading internet security company for us and/or the payment handling company). SSL also encrypts data from the time it leaves your computer until it reaches us, so there is almost no chance of your details being stolen or hijacked as it travels over the internet.
Information we may provide to others
We will not knowingly disclose or pass on your personal data to anyone else except:
- when carried out in conjunction with our normal insurance operations and the administration of your insurance policy, such as to Insurers, claims handlers or emergency assistance companies; and/or
- as authorised by you; and/or
- as provided for in the Marketing section below; and/or
- as permitted or required by law to any regulator, auditor, public office, authorised monitor, governmental or law enforcement agency (such as for the purposes of fraud prevention).
Where data is passed to other companies, it is anonymised, if appropriate, and it is done so on the understanding that they will maintain compliance with the appropriate data security provisions, particularly where such companies are located outside of the European Economic Area (EEA).
We also provide a seven-day a week service to our customer and clients through our legally established and registered Branch in Mumbai, India. To the extent that our Branch receives phone calls and email communications from our UK and EEA based callers, it is deemed to be a data processor. All servicing is done by a secure connection to our servers based in the UK. No data or voice recordings are held locally. There is a strict entry/exit procedure on the customer services floor with electronic passes. Employees in customer services are not allowed to make any notes on paper or carry any recording devices, such as mobile phones, in the work area.
In so far as you have procured our products and/or services through a third party, such as a travel agent or an insurance broker, we are the processor of your data, but we apply the same data retention and security procedures as we do for our direct customers.
Third parties may deliver or provide all or part of the service requested by you or on your behalf. In these instances, while the information you provide will be disclosed to them, it will only be used for the administration of the service provided (including for example verification of any quote given to you and claims processing), underwriting and pricing purposes as appropriate, testing, and to maintain management information for business analysis.
Under the data protection laws and regulations you have the right to:
- be informed about the processing of your personal information
- have your personal information completed and amended
- object to or restrict processing of it
- have your personal information erased
- request access to it
- know how we process your personal information
- move, copy or transfer your personal information
You can also exercise your right to complain to the Information Commissioner’s Office by visiting:ico.org.uk.
You can contact us using the details stated at the end of this notice.
Marketing and Communication
We would like to keep you updated, by phone, email, SMS or text, of information relevant to you or your policy which we feel you may benefit from. For example, we may email you with offers you may be interested in or a newsletter.
We do not share your personal details with any third parties for marketing purposes.
If you have obtained a quotation from us, we will maintain information given by you or on your behalf for a period of 14 days after which all personal information will be deleted from our records. During this period of valid quotation, we may send you details of any relevant discounts not used against the quotation on the grounds of ‘legitimate interest’*.
If you purchase a policy from us you will receive our regular newsletter on the grounds of ‘legitimate interest’. You will have the option to unsubscribe from receiving the newsletter, or to alter your preferences, from the first issue received.
With the advent of the General Data Protection Regulations (GDPR) effective from 25 May 2018, if you become a customer of Spectrum Travel Insurance on or after this date we will periodically write to you about refreshing your consent to continue your subscription.
If you are or have been a customer and/or a subscriber to our newsletter, and have not unsubscribed from the newsletter mailings prior to 25 May, 2018, you will continue to receive the newsletter on the grounds of ‘legitimate interest’*.
However, we will thereafter periodically write to you about refreshing your consent to continue your subscription.
*Legitimate interest provides a valid justification for processing personal data for direct marketing for continued engagement with existing data subjects whilst ensuring that this does not overweigh the legal rights of the data subject. GDPR Article 6(1) (f).
Any electronic communications we send you will include clear instructions to unsubscribe or alter your preferences. Once you have unsubscribed, your details will be removed from our marketing database within seven working days and we will not contact you further, apart from in relation to your policy which we are required by law to do.
We take your privacy seriously and welcome any questions or comments regarding this policy or to make a Subject Access Request free of charge. Please address any such queries to:
Data Protection Officer
Citybond Holdings Limited,
109 Elmers End Road,
Beckenham, Kent BR3 4SY;
by email to firstname.lastname@example.org