This privacy notice is issued by (collectively referred to as “we”; “us” and “our”) and relates to our use of any personal data, concerning you, (referred to as “data”) collected by us; where you are a policy holder.
We respect your privacy rights and your rights as a data subject. We will manage and protect your data accordingly, whilst it is in our hands, in accordance with all applicable data protection legislation and in accordance with this notice.
We are registered with the Information Commissioner’s Office, as a data controller, under the
registration number of Z5939772. We can be contacted at the following address:
CPA Consumer Guard Ltd/ / The Consumer Protection Association,
CPA House, 11 North Bridge Street, Shefford, SG17 5DQ
Tel: 01462 850062
E-Mail: info@thecpa.co.uk
We have appointed a Data Protection Officer, who is the point of contact for enquiries relating to how your data is processed. The Data Protection Officer can be contacted at the following address:
The Data Protection Officer
CPA Consumer Guard Ltd / The Consumer Protection Association,
CPA House, 11 North Bridge Street, Shefford, SG17 5DQ
E-Mail: info@thecpa.co.uk
We require to process your data in order to arrange and administer a contract of insurance between you and the insurer. The purpose of the insurance is to provide protection to home improvement works.
The legal basis for processing your data are as follows:
We will use your data in the normal course of business to:
We may use your data, in the course of our business, for the prevention and detection of fraud. Where we suspect fraud, this may entail:
Your data will not be used by us for the purposes of any automated decision-making or profiling.
Your data was submitted to us, in order to arrange your insurance cover, by the contractor/installer named in writing on your policy of insurance. Your data was not sourced, by us, from a publicly accessible source.
The data we hold is limited to your name; address; contact details; information about your insured installation; and information we receive as part of a claim or complaint made by you.
In respect of your data: We do not hold or process special categories of data (those relating to your racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; sex life or orientation; genetic data; biometric data; or data relating to any criminal convictions or offences).
Your data shall be passed to the insurer in order for them to perform the contract of insurance.
We have a data sharing agreement with FENSA Limited (referred to as “FENSA”), Certass Limited
(“Certass”) and Assure Certification Limited ("Assure").
FENSA, Certass and Assure may have a legitimate interest in receiving your data because; as authorised
competent person scheme operators named in Schedule 3 of the Building Regulations 2010, they are
bound by specific legal obligations to ensure that works carried out by their member contractors receive
appropriate financial protection. We may share this information with FENSA, Certass or Assure in order for them
to verify and confirm that appropriate financial protection is in place.
We shall not transfer data to any third party without the explicit request of the consumer.
Your data will be retained only for as long as is necessary for us to effectively administer your policy of insurance. This means that your data will be retained until claims under your policy are barred; or as long as is necessary to defend against legal claims; whichever period is the longest.
Right of Subject Access
You can request details of all data we hold about you by submitting a subject access request to the Data Protection Officer, at the address provided above.
We aim to comply with such a request from you within one month of the request being made. Where we cannot provide you with this information within one month; we shall inform you of this and provide the reasons why this cannot be achieved; at which point, we shall have a total of 3 months to comply with this request.
In the normal course of business, we shall not charge a fee for a subject access request. However, in the event that you make a subject access request that is of a manifestly unfounded, repetitive or excessive nature, we reserve the right to charge a fee of £10 per request.
Right of Rectification
In the event that your data is incorrect; you have the right to have this rectified by us. In the event that any of your data is incorrect, please contact the Data Protection Officer at the address provided above. We shall not charge a fee for your data to be rectified.
Right of Objection
You have the right to object to our processing of your data. Please note, that where we require to continue to process your data for reasons such as the defence of claims, we shall not be required to cease processing your data. In the event that you wish to object to us processing your data, please contact the Data Protection Officer at the address provided above.
Right of Erasure
You have the right to request that we delete your data provided that; we no longer require your data; or there is no legitimate legal basis for us to process your data; or we have unlawfully processed your data; or the data must be erased in order to comply with the law.
If you have grounds to request that we delete your data -and you wish to do so- please contact the Data Protection Officer at the address provided above. We shall not charge a fee for your data to be deleted from our databases.
If you have any complaints about how we process your data; please contact the Data Protection Officer, at the address provided above.
In the event that we are unable to resolve your complaint: You have the right to make a complaint to the Information Commissioner’s Office if you believe that your information has been mishandled by us. The Information Commissioner’s Office can be contacted as follows:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Sheshire
SK9 5AF
Tel: 0303 123 1113