Please read this privacy policy carefully

This website www.lettingsinabox.co.uk and any subdomains (the “Service”) is operated
by Lettings in a box which is a trading style of Quodex limited and Oops Insurance Services Limited, with the mailing address of Autumn Park Business Centre, Dysart Road, Grantham NG31 7EU (hereinafter, “We”, “Us”, or “Our”). Lettings in a box is the data controller of your Personal Information in the context of the Service.

This Privacy Notice (“Notice”) describes how We will process and protect personal
information relating to an identified or identifiable individual (“Personal
Information”) when you use the Service, which allows users to purchase Our
products, create an account, access policy documents and forms (for example,
view policy terms and conditions, print certificates of coverage, print claims
forms), make payments, and contact customer support (for example, through the
chat function on Our Website), and applies to your use of the Service.

We also use the Personal Information to provide Our insurance or product services to you,
to communicate with you, and to track usage of the Service and Our products and
services.

Your Personal Information shall be held and used in accordance with applicable
legislation relating to the protection of Personal Information (the “Applicable
Law”).

Your Personal Information will be shared with other affiliates and service
providers, some of which are located outside the EEA and are not subject to an
adequacy decision of the European Commission.

Automated decisions may be taken about you, for example to determine your eligibility for
Our products and services, the costs of our products and services and the
viability of claims that you make under Our products and services (see
“Automated Decision Taking” for further information)

Where We rely on your consent, such as for the placement of cookies and sending of
promotional communications, you can withdraw this consent at any time.

This Notice sets out more details of this processing, including details of your data
protection rights, such as your right to object to certain processing (see
“Your Choices and Rights” for further information).

This Notice applies to the Service only and does not necessarily reflect practices
with respect to information gathered through other services We offer or
Websites We operate or the collection of information through off-line means. To
review the privacy practices of those other services, please refer to the
policies provided in association with each.

1. Personal Information We Collect

We collect your Personal Information in the following situations:

1.1 When you Request a Quote

We collect Personal Information from you when you request a quote for our products
or services through the Service. We ask you to provide information about
yourself and your device (such as manufacturer, model, purchase date, and IMEI
number).

1.2.   When you Make a Purchase

We collect Personal Information from you when you make a purchase on the Service. To make a purchase through the Service, We ask individuals to provide Us with their full name, contact details (for example postal address, telephone number, email address), banking information (for example bank name, sort code, account number), date of birth and communication preferences.

1.3.   When you Create an Account

We collect Personal Information from you when you create an account on the
Service. To create an account on the Service, We ask users to provide Us with
their full name, contact details (for example – email address), date of birth,
security questions (for example your mother’s maiden name), password and
communication preferences. We will also collect your Internet Protocol (“IP”)
address.

1.4.   When you Submit a Payment

We collect Personal Information from you when you make a payment (for example an
excess payment). We ask you to provide Us with payment details: cardholder
name, payment or debit card number, CVC, and expiry date.

1.5.   When you communicate with Us or contact Us for Customer Support

When you contact Our customer support team through the chat function on Our Website or
when you call Us (for example, when you enquire about the status of your
account or claim), We will collect information that you provide to Us in your
communications (such as the query or issue that you have raised, information
relating to your device, information relating to your existing policy if you
are communicating with Us about a claim, or payment card information if you are
communicating with Us about premium payment). We will also collect your
responses to surveys about Our products and services and the Service, if you
choose to participate.

1.6.   When you access the Service

We collect information about devices used to access Our Service and
functionalities of the Service (such as the chat function). This includes IP
address, operating system and version, browser used and version, language
preferences, time zone, screen settings and site visited before arriving on Our
Website. Additionally, We use cookies and similar technologies such as web
beacons to collect information about how you use and navigate Our Service (for
example, the pages that you view and links that you click). We use cookies to
help Us recognise you, improve your experience, increase security, and measure
use and effectiveness of Our services. For more information about the cookies
We utilise on the Service, please view Our Cookie Policy.

2. Purposes and Legal Basis for the Processing of your Personal Information

We process your Personal Information for the following purposes:

To fulfil a contract, or take steps linked to a contract: this is relevant where you have
entered into, or are taking steps to enter into, an insurance contract with Us,
or where you submit a claim. This includes:

 

  • providing you with a quote;
  • providing the Service or amending the Service at your request;
  • verifying your identity;
  • processing your claim;
  • taking payment from you;
  • making reimbursement payments to you; and
  • communicating with you.

As required by Us to conduct Our business and pursue Our legitimate interests, in
particular:

 

  • We will use your Personal Information to provide the Service and other products and services that you have requested, to communicate with you and to respond to any comments, queries or complaints you may send Us;
  • We monitor use of the Service and use your Personal Information to help Us to track and analyse preferences and trends, evaluate possible new features, functionality and services, and improve Our Service.
  • We use Personal Information to help Us recognise you on the Service, improve your experience, increase security of Our networks and systems, and measure use and effectiveness of Our Service.
  • We use Personal Information you provide to investigate complaints received from you or from others, about the Service or Our products and services. We also use this Personal Information to track potential issues (for example, issues with fulfilment of services) and trends to better serve you;
  • We use Personal Information to make decisions about, and to effect, reorganisations or sales of all or part of Our business;
  • We monitor customer accounts to prevent, investigate and/or report fraud, misrepresentation, or crime, in accordance with Applicable Law;
  • We will use Personal Information in connection with legal claims (for example, relating to denial of an insurance claim), compliance, regulatory and investigative purposes (for example, theft and fraud investigations) as necessary (including disclosure of such information in connection with legal process or litigation);
  • We use Personal Information of some individuals to invite them to take part in market research and customer surveys; and
  • We use Personal Information to send you information about Lettings in a box and InsureIn1 Global Limited products and services, such as customer experience surveys (where your consent is not required).

Where you give Us consent:

 

  • We place cookies and use similar technologies in accordance with Our Cookie Policy and the information provided to you when those technologies are used;
  • We use Personal Information to send you information about Our products and services, special offers and similar (where your consent is required); and
  • On other occasions where We ask you for consent, We will use the data for the purpose which We explain at that time.

For purposes which are required by law:

 

  • In response to requests by government or law enforcement authorities conducting an investigation; and
  • Responding to complaints where We are under a legal or regulatory obligation to adhere to a complaints handling procedure.

Relying on Our legitimate interests

We have carried out balancing tests for all the data processing We carry out on the
basis of Our legitimate interests, which We have described above. You can
obtain information on any of Our balancing tests by contacting us.

Withdrawing consent

Wherever We rely on your consent, you will always be able to withdraw that consent,
although We may have other legal grounds for processing your data for other
purposes, such as those set out above. Where you have given Us your consent,
you can withdraw it by using the mechanism described to you at the time that
your consent was obtained, or by contacting us.

3. Automated Decision Taking

In certain circumstances, decisions about you will be taken by solely automated
means:

Providing you with a quote: Where you request a quote from Us for an insurance policy,
such as for a gadget or mobile phone, information such as your current level of
cover and your new gadget and/or mobile phone are processed to determine
whether the requested changes can be made to your policy and, if so, whether an
additional premium is necessary. The consequences of this automated decision
taking will be that you are either denied from making the requested change, are
permitted to make the requested change with a charge or are permitted to make
the requested change with no charge. If you do not agree with the result of a
decision taken by solely automated means, you can request human review of the
decision, express your point of view, and obtain an explanation of the decision
and challenge it. If you wish to do so, please contact us.

4. Disclosure of Personal Information

4.1   Disclosure to Our Affiliates

We will disclose your Personal Information to other companies for the purpose of
performing tasks that directly relate to the provision of the Service. For
example, We may share your information with Our affiliates to service your
account or claim (if you have an iPhone, We may use Our group company
information systems to support sharing of your device IMEI with Apple, and may
also share your name and contact details as necessary).

4.2   Disclosure to Our Service Providers and Partners

We employ third party companies and individuals to facilitate the Service (in particular,
third parties assist Us with customer support, the customer chat function on
Our Website, communications, audit, application or database hosting,
development, logistics, payment processing, other insurance products (for
example, reinsurers), and fraud detection and prevention. These third parties
have limited access to your Personal Information to perform these tasks on Our
behalf and are obligated to Us. The personnel of such third parties who use
your Personal Information is limited to those individuals which are authorised
to do so on a need-to-know basis and as necessary to provide these business
services to Us. To fulfil your service your account or claim, We may share your
name, contact details (including postal address, email address and mobile
number), and IMEI of your covered device with the manufacturer. For example, if
you have an iPhone, then We will share your device IMEI with Apple, and may
also share your name and contact details as necessary. We do not authorise such
third parties to disclose or use this Personal Information for other purposes.

4.3   Disclosure to Public Authorities

We may disclose your Personal Information if required for the purposes above, if
mandated by law or if required for the legal protection of Our legitimate
interests in compliance with Applicable Law.

4.4   Other Categories of Recipients

We may also disclose your Personal Information, usage information, and other
information about you to parties acquiring part or all of Our assets, as well
as to attorneys and consultants. Also, if any bankruptcy or reorganisation
proceeding is brought by or against Us, your Personal Information may be
considered a company asset that may be sold or transferred to third parties.

5. Where your Data is Processed

In providing the Service, Personal Information may be transferred to, and
processed in, countries where data protection and privacy regulations do not
offer the same level of protection as the European Economic Area (“EEA”) and
other parts of the world.

Sharing Personal Information with Our affiliates involves transfers outside the EEA to
the US. For example, if We share your data with other companies to service your
account, that data will be processed by Our affiliates.

Sharing Personal Information with Our Service Providers and Partners may also involve
transfers outside the EEA, to the US. For example, if We share your data with
Apple Distribution International, that data will be processed and managed by
Apple, Inc. which is located in the United States. Similarly, if you use the
chat function available on Our Website, your Personal Information is
transferred to Our service providers in the US.

Where Personal Information is transferred outside the EEA to a country that is not
subject to an adequacy decision by the EU Commission, it is adequately
protected by European Commission approved Standard Contractual Clauses, an
appropriate Privacy Shield certification or a vendor’s Processor Binding
Corporate Rules. To obtain a copy of the relevant transfer mechanism or
additional information on the transfers, please address these requests
to Us.

6. Your Choices and Rights

In some countries, you have the right to request access to, correction of, and deletion
of your Personal Information, and to restrict the processing of your Personal
Information, under Applicable Law. You also have the right to request a
structured commonly-used and machine-readable copy of Personal Information that
you have provided to Us for a contract or with your consent, and to ask Us to
transmit (port) this Personal Information to another controller.

You may also object to Our processing of Personal Information in certain circumstances (in
particular, where We don’t need to process the information to meet a
contractual or other legal requirement, or where We are using the data for
customer experience surveying purposes (see Section 2).

You can exercise any of your rights, or obtain other information, such as a copy of a
legitimate interests balancing test, by contacting us. In order to
safeguard your Personal Information from unauthorised access, We may ask that
you provide sufficient information to identify yourself prior to providing
access to your Personal Information.

In certain situations, and subject to Applicable Law, We may not be able or
obliged to comply with part or all of your individual requests. For example, We
may not comply with an access request if doing so would reveal Personal
Information about another person, or comply with a deletion request relating to
information which We are required by law to keep or have compelling legitimate
interests in keeping. Please note that We have the right to refuse requests
which are manifestly unfounded or excessive (for example, due to their
repetitive character). Relevant exemptions are included in both the GDPR and in
the Data Protection Act 2018. We will inform you of relevant exemptions We rely
upon when responding to any request you make.

If you have unresolved concerns, you have the right to complain to an EU data
protection authority (‘supervisory authority’) where you live, work or where
you believe a breach may have occurred.

To provide certain parts of the Service (for example Purchasing a Product,
Creating an Account and Making Payment), the provision of Personal Information
is mandatory: If relevant data is not provided, then We will not be able to provide
certain parts of the Service. All other provision of your information is
optional. If you do not wish to provide optional information, then your
experience on Our Website may be less personalised.

7. Communications from Us

We communicate with you through email, SMS and the Service. We will send you
service-related communications (for example, “Your device has been shipped”),
marketing and promotional messages (with your consent if required) customer
satisfaction and market research surveys.

You can change your email, SMS and contact preferences by contacting us.

Opting Out: You may opt out of receiving marketing and promotional messages from
Us by using the opt out link in emails sent by Us or by replying “Stop” to text
messages sent by Us to you or contacting us.  We will request your consent
prior to sending you marketing and promotional messages, where required.

Please be aware that you cannot opt-out of receiving service-related messages from Us.

8. Data Retention

We retain Personal Information you provide as needed to provide the Service. We may
retain your Personal Information if retention is reasonably necessary to comply
with Our legal obligations, meet regulatory requirements, resolve disputes,
prevent fraud and abuse, or enforce this Notice and Our Websites Terms and
Conditions. We may retain Personal Information for a limited period of time if
requested by law enforcement. Our customer support may retain information for
as long as is necessary to provide support-related reporting and trend analysis
only, but We generally delete or de-personalise transaction-related data
consistent with this Notice. Once Personal Information is anonymised, We may
retain and use such information. Additionally, We maintain logs and backups for
security, debugging, and site stability purposes for up to 30 days after your
transaction has been completed.

We typically delete logs and other backup information through the deletion process
within 30 days of your last activity, except as noted in Section 5. Where We
process registration data, We do this for as long as you are an active user of
Our Website and for 6 years after this. Where We process Personal Information
in connection with performing a contract, We keep the data for 6 years from your
last interaction with Us. We also retain communications that you send to Us
(for example, via email and the chat functionality) for 6 years. Transcripts of
communications sent via the chat functionality on Our Website are stored for 13
months.

9. Information Security

We have implemented safeguards designed to protect your Personal Information in
accordance with industry standards.

We have measures in place to restrict access to Personal Information to those
individuals whom We know have a valid business purpose to have access to such
data. We maintain physical, electronic and procedural safeguards. We follow
generally accepted standards designed to protect the Personal Information
submitted to Us, both during transmission and once We receive it. We require
those who provide services for Us and to whom We provide Personal Information
collected through the Service to keep such information secure and confidential.
However, no method of transmission over the Internet or method of electronic
storage is totally secure. Therefore, We cannot guarantee its absolute
security.

10. Important Information

10.1   Minimum age

We do not knowingly collect Personal Information from anyone under the age of 18. You
must be at least 18 years of age to use the Service.

10.2   Changes to this Notice

We may update this Notice from time to time. If We make any material changes to Our
Notice, We will notify you by email or by means of a notice through the
Service, or by other means prior to the change becoming effective, so that you
may review the changes before you continue to use the Service. Please review
changes carefully.

10.3   Contact Us

For customer enquiries, please contact Us at Lettings in a box, Autumn Park
Business Centre, Dysart Road, Grantham NG31 7EU or by calling us.

We welcome your questions or comments regarding this Notice. Please write to us at
Data Protection Officer, Lettings in a box, Autumn Park Business Centre, Dysart
Road, Grantham NG31 7EU, or by calling us or send Us an email at theteam@lettingsinabox.co.uk.

January
2019