FloodFlash Limited (“FloodFlash”, “we”, “our” or “us”) is the Data Controller for any personal data you provide to us. We are registered in England and Wales under company number 10390196 with our Registered Office at Huguenot Place, 17 Heneage Street, London E1 5LN. We can be found on the Information Commissioner’s Register of Data Controllers under reference number ZA266635. We are also authorised and regulated by the Financial Conduct Authority under firm reference number 784452
At FloodFlash, we use a layered approach to delivering information about data protection through:
The London Market Core Uses Information Notice . This Notice provides further information on how personal data is used within the insurance market.
How we may collect information about you
We may receive information about you from any of the following sources:
When you or your representative visits our website (www.floodflash.co), makes an enquiry or registers with us. This information may consist of basic information such as your name and contact details, for the purpose of responding to any query raised;
Directly from you or from someone you have authorised to incept a policy on your behalf, such as an insurance broker;
When you or your representative obtains a quote, incepts, renews or amends a policy or makes a claim. This information may consist of the following personal information:
your name, contact details (including home address, telephone number and email address) and date of birth;
all other personal information that is provided to us when completing an application for a quote for any policy, including (as necessary) any sensitive information (e.g. information about your financial details, any previous convictions or policy voidances etc.);
details of all previous quotes for policies requested from us;
details of all policies held with us including dates of purchase, lapse and cancellation;
details of claims on policies held with us;
your payment history relating to policies held with us;
correspondence, or a record of it, if you should contact us; and
surveys that you complete.
From third parties such as credit reference or debt collection agencies (e.g. to confirm your personal data); and,
From insurers, brokers, other insurance market participants, witnesses, third parties, solicitors (e.g. for details relating to an event that is the cause of a claim).
If you provide us with information on behalf of a third party, you confirm that the third party has appointed you to act on their behalf and/or that you are able to process their personal data in accordance with relevant data protection laws.
It is important that we keep your personal data accurate and up to date and so we ask you to provide accurate information and inform us of any changes.
Why we collect personal data
We are required by data protection laws to have a legitimate reason to process and use your personal data. FloodFlash Ltd may use your personal information for the following purposes:
quoting, incepting and renewing of an insurance policy;
administration and maintenance of your insurance policy;
contacting you in the event of a claim;
to confirm your identity;
to verify the information provided;
to assess your financial standing;
to prevent, identify and investigate fraud;
to assist you with enquiries;
to assess and process claims;
to defend ourselves against or make any legal claims;
to comply with our legal or regulatory obligations, including: identity and other verification checks, anti-money laundering, anti-fraud, counter-terrorist;
to facilitate our quality and compliance monitoring and reporting;
where we have lawful purpose for processing your data e.g. for maintaining our accounts and records, gathering market intelligence in order to develop and improve our products and services; and
to contact your for marketing purposes such as keeping you informed of our product range and providing you with market commentary (see marketing section below for further details).
Sharing and safeguarding your personal data
In order to prevent unauthorised access or disclosure, we have put in place a number of physical, electronic and managerial procedures to safeguard and secure all personal data supplied to us. All personal data are stored on secure servers and only accessed and used in line with our data protection policies and procedures. Your personal data will only be accessed by our employees or authorised third parties who require the information for their business purposes.
Authorised third parties
In circumstances where it is necessary to share your personal data with a third party, there are contractual agreements in place to ensure the security and confidentiality of your personal data and the information will only be used for the specific purpose for which it has been provided to them. Examples of third parties we may share your personal data with include:
underwriters of any policies you purchase;
companies FloodFlash use to help us deliver our service;
with another company, if we were to merge with them or were acquired by them; and,
anyone you have consented to provide information to.
Any data sharing with third parties will follow applicable data protection laws.
Governmental, legal and regulatory bodies
It may be necessary for us to share your personal data with financial and regulatory organisations (e.g. the Financial Ombudsman Service, the Financial Conduct Authority, the Information Commissioner’s Office) or law enforcement agencies (including courts) in order to assist them with enquiries, investigations or proceedings and ensure our compliance with our regulatory and legal requirements. As a financial services company, we are required to have certain processes in place with regards to anti-bribery and corruption, money laundering and fraud. If any criminal offence is detected or suspected, we may share data with third parties (e.g. law enforcement agencies, fraud prevention agencies, anti-money laundering agencies) in order to prevent crime or aid investigations if crime is identified. We may also access this data as part of our ‘Know Your Client’ procedures to establish the parties we are dealing with and when assessing a claim payment in order to prevent criminal offences.
The data we collect from you may be transferred to and stored somewhere outside the European Economic Area ("EEA"). It may also be processed by staff outside the EEA who work for us or one of our suppliers. The parties we send your information to are obliged to comply with data protection laws, regulations and standards and, where we make a transfer of your personal information outside of the EEA, we will take the required steps to ensure that your personal information is protected. If you would like further information regarding the steps we take to safeguard your personal information, please contact us.
Retention of your personal data
Links to other websites
We may contact you by email or telephone for our legitimate marketing purposes, to inform you of your renewal dates, renew your policy and to let you know about other products and services. With your consent (as necessary), we may from time to time contact you by SMS or email with details of other products and services.
Should you provide us with your email address, we may share your personal information with third parties who may provide you with marketing materials that we consider may be of interest unless you explicitly opt out.
If you would like to opt-out of receiving marketing correspondence of any kind, you can let us know at any time by writing to us, emailing email@example.com or by calling the number at the bottom of this page.
The only cookies we use are for analysing the usage of our service. For example, they allow us to count the number of visitors and identify which pages are being viewed or used. We do this with the sole purpose of analysing data about webpage traffic and to improve our services, to tailor it to our customers’ needs and improve the performance and experience. We do not store unencrypted personally identifiable information within the cookies.
You can remove or block cookies using settings in your internet browser, but in some cases doing so may impact your ability to use our Website. we rely on cookies to provide a high quality and secure service.
We use Google Analytics to help analyse use of our website. These analytical tools collect standard internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the website (including your IP address) is transmitted to Google. This information is then used to evaluate visitors’ use of the service and to compile statistical reports on activity and usage. These services each have their own privacy policies which should be consulted for further information.
We do not (and don’t allow any third party to) use the statistical analytics tool to track or to collect any personally identifiable information about you. We will not associate any data gathered from the service with any personally identifying information from any source as part of our use of the Google statistical analytics tool.
You have a number of rights relating to personal information about you that we hold in our records:
You have the right to have any inaccurate personal data rectified. If you believe this might be the case, please contact us and we will update or remove any information found to be incorrect or incomplete.
If you haven't bought a policy with us, you can ask us to delete your information. We need to keep some information in certain circumstances for the detection and prevention of fraud, to check the accuracy of any information we've provided (like quotes for example) or in case of any future disputes.
In those cases, we'll retain the minimum information needed in the circumstances. To do this, we keep your conversation history, name, date of birth, any legal terms you've agreed to and a copy of the quotes we've issued.
You have a right to restrict the processing of your personal data in certain circumstances. This means you can limit the way we use your data and is an alternative to requesting the erasure of your data. For example, we could securely and temporarily store your data in another system if you contest its accuracy and we need to verify it.
You have a right to get a copy of the personal data we hold about you. We'll provide your data in a standard portable format. If you have any trouble understanding the data, let us know and we will help.
We won't usually charge a fee for providing that information but may do in certain circumstances. For example, if you make repetitive requests for information, we may charge a small fee or refuse your request.
There are some circumstances where we may be required to restrict your rights in order to safeguard the public or our own interests. For further information regarding your rights, please visit the Information Commissioner’s Office’s website or click on the links provided above.
There are some circumstances where we may be required to restrict your rights in order to safeguard the public or our own interests.
For further information regarding your rights, please visit the Information Commissioner’s Office’s website or click on the links provided above.
If you have any questions regarding privacy, how we use personal data, or wish to exercise any of your rights, please contact us via email at firstname.lastname@example.org or by writing to Head of Compliance, FloodFlash Limited, Huguenot Place, 17 Heneage Street, London E1 5LN.
If you have made a complaint and are still unhappy, or have concerns about how we manage personal data, you can contact the Information Commissioners Office: https://ico.org.uk/concerns