Data protection and your privacy

“You/Your” means anyone whose personal data we may collect including:

• anyone seeking to obtain a quote from us and anyone named during this process
• policy holders and anyone they might authorise to discuss the policy and / or act on their behalf regarding the policy and any resulting claims
• anyone who might benefit from the policy or become involved in the event of a claim, including third party claimants and witnesses
• users of our websites
• any individuals who may contact us (for example, to obtain further information on our services)
• vet practices or other third parties that we partner with

The Data Controller of your personal data is TVIS Limited trading as ‘Vetsure Pet Insurance’, a limited company registered in England under company number 06820979, whose registered and main trading address is 1st Floor, Helios Court, 1 Bishop Square, Hatfield, Hertfordshire AL10 9NE.  TVIS Limited is authorised and regulated by the Financial Conduct Authority (FCA no.523215) and is a member of the Financial Services Compensation Scheme (FSCS).  TVIS Limited is registered as Data Controller with the Information Commissioners Office (ICO registration no. Z2761214).

You can contact TVIS’s Data Protection Team via email at [email protected] or by post for attention of the Data Protection Team, TVIS Ltd, 1st Floor Helios Court, 1 Bishop Square, Hatfield, Hertfordshire AL10 9NE.

When you take out a policy, the Data Controller of your personal data is also Atlas Insurance PCC Limited (“Atlas”) in respect of its TVIS Cell, a protected cell of Atlas.  The registered office is situated at 419 Ta’Xbiex Seafront, Ta’Xbiex XBX1021, Malta and is registered in Malta under company registration number C 5601.

You can contact Atlas’ Data Protection Officer by email at [email protected] or by post at Data Protection Team, Atlas Insurance PCC Limited, 419 Ta’ Xbiex Seafront, Ta’ Xbiex XBX 1021 Malta.

We only ask for information that we need and have strict controls in place to keep it safe.  We collect your personal data in order to provide our products and services to you.  Without the information we request, we can’t give you a quote or insurance policy and it could affect the outcome of any claims you may make.

We may collect some or all of the following personal data (please also see our cookie policy for details regarding the use of cookies and similar technologies):

• Identity: basic personal details including your title, name and date of birth
• Pet and veterinary: information about your pet(s) including details of their registered veterinary practices, medical history and claims history
• Contact: email addresses, postal addresses and telephone numbers and social media handle
• Financial and transactional: bank details and payment details such as direct debit or payment card details used for payments to and from you (we do not store your full card number; this is encrypted and securely held)
• Profile: Usernames or passwords for any online accounts or portals you have set up with us
• Usage: information you provide to us when you correspond with us and how you use our website, policies, products and services
• Technical: Data from your visiting our websites such as:

• IP addresses
• Interaction information (such as scrolling, clicks and mouse-overs)
• Brower type and version
• Domain
• Device information (including error reports and performance data)
• Activity on our websites.

We do not actively collect special category data. We will only hold this data if you have provided us with this voluntarily and given explicit consent for us to retain this information for the purpose of servicing your contract with us more efficiently.

This includes details of any accessibility requirements you have linked to any medical or health reasons which you have advised us of, so that we may make reasonable adjustments to help you.

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy. Our websites are:

•  https://www.vetsure.com
•  https://insurance.vetsure.com

Please note – This Privacy Policy applies only to your use of these websites and our services.  These may contain links to other external websites. Please note that we have no control over how your data is collected, stored, or used by these other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

We will only speak to someone else about your policy, and / or take any action on your policy based on their instructions, once we are satisfied that you have authorised them to do so. For matters where there is legal intervention such as power of attorney, we will request documentation to confirm this.

Purpose or activity:
Identity, contact details, pet information, payment and financial details, policy and claims history to provide the insurance services under the contract to you, including:

• Servicing and managing your policy;
• Assessing, processing and paying claims for your policy;
• Contacting you in relation to your policy with non-marketing communications, e.g. confirmation of policy set up, policy documentation, complaint communications, mid-term adjustment information, payment reminders and any communication in response to a query you have sent us.

Legal basis:
Necessary for the performance of a contract with you.

Purpose or activity:
Identity, contact details, pet information and feedback from surveys such as Trustpilot.

Legal basis:
Legitimate interests to improve our product and service delivery and customer experience.

Purpose or activity:
Technical and analytical data including website usage patterns and demographic information.

Legal basis:
Legitimate interest to help develop and improve our administration and security systems and the relevance of our advertising and marketing campaigns.

Purpose or activity:
Identity, contact, verification, payment and financial data details, and policy information.

Legal basis:
Necessary to comply with our legal obligation including regulatory requirements for the prevention of financial crime, adherence to financial sanctions legislation, the Companies Act 2006, the Limitations Act 1980 and the Finance Act 2021.

Purpose or activity:
Identity, contact details, financial information and pet data.

Legal basis:
Necessary for the performance of a contract with you to provide quotes and administer policies, including the administration of claims. This includes sharing information with, and obtaining information from, relevant service providers such as veterinary practices and other animal healthcare providers as relevant to your claims. We’ll also collect any other information from other parties as required to process claims, e.g. from third-party claimants, witnesses or police.

Purpose or activity:
To generate and provide you with a quotation when you have made the request via our website.

Legal basis:
Necessary for our legitimate interests to respond to quote requests from you.

Purpose or activity:
Identity and technical usage information.

Legal basis:
It is in our legitimate interest to develop and improve our administration, security systems and insurance applications.

• Veterinary practices and other animal healthcare providers – for the performance of the contract between you and them, and to process claims and provide medical care for your pet. This may include and allow the following;

• • • basic details of any products you hold or have previously held with us – including whether your policy is in financial arrears;
    • status of any lead enquiry that the veterinary practice, with your permission, submits on your behalf;
    • ability to submit a claim, request a claim pre-authorisation on your behalf and / or submit and redeem Preventative Care Vouchers where applicable; and
    • the summary status of any claims that you make.

For a full list of current Vetsure accredited veterinary practices please visit https://www.vetsure.com/our-network

• Reinsurers and reinsurance brokers – to manage insurance risk as described in our contract with you;
• Crime and fraud prevention agencies, law enforcement agencies and other relevant organisations, where we suspect fraud or financial crime;
• Third party claimants, witnesses, and police, as required to process claims;
• Payment processors – to securely process your payments and maintain transaction records;
• Regulators/ authorities/ enforcement agencies if we are under a duty to disclose or share your personal data r to comply with any legal obligation; or to protect our customers’ and others’ rights. This includes exchanging your personal data with other companies and organisations for the purposes of fraud protection; and
• Prospective buyers of our business under our legitimate interest to ensure our business can be continued by the buyer.

We only share your personal data where we have a lawful basis to do so, as described above.

We may process personal data under “recognised legitimate interests” where permitted by law.

We may process your name and contact details to provide you with relevant marketing information where you have provided either consent for this or have not previously opted out of marketing when you have previously expressed an interest in our products and services. You can always withdraw your consent to marketing at any time by contacting us at the emails detailed in the ” Who we are and how to contact us” section above, or, where relevant, by following the unsubscribe link in any marketing communication you receive from us.

In the event that we process personal data outside of the UK, the processing in those locations is protected by UK and European data standards and is necessary for the performance of our contract with you.  For example, where your claim occurs abroad, we will also send data to the necessary service providers as required to service your claim.

Some or all of your data may be stored outside of the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). If we do store data outside of the EEA, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK and under the GDPR.

We may use automated decision making, including profiling, to assess insurance risks, set premiums and administer your policy. This helps us decide whether to offer insurance, determine prices and validate claims.  If you disagree with the outcome of any automated decision, please contact us.

The automated decision making we use includes:

• Risk assessment algorithms that evaluate factors such as pet breed, age, location and medical history to determine insurance eligibility and pricing;
• Fraud detection systems that analyse patterns in applications and claims; and
• Policy administration systems that automatically process routine transactions and renewals.

These automated processes may result in decisions about whether to offer you insurance, the premium you pay, or whether to accept or decline a claim. The logic involved includes statistical models based on actuarial data, industry standards, and regulatory requirements.

You have the right not to be subject to automated decision making where it produces legal effects or significantly affects you.

All individuals have the following rights under data protection laws:

• Right to be informed- This relates to how we collect and use your personal data;

• Right of access (subject access request)- to access the personal data we hold about you;
• Right to rectification – to correct personal data we hold that is incorrect or incomplete;
• Right to erasure – to have your personal data deleted (the right to be forgotten);
• Right to restrict processing- to restrict us processing your personal data;
• Right to data portability- to receive your personal data in a portable format to re-use with another service or organisation;
• Right to object- to object to us processing your personal data for particular purposes;
• Right not to be subject to a decision based solely on automated processing – to appeal a decision with respect to automated decision making and profiling.

If you consider that the processing of personal data by TVIS Limited (trading as Vetsure Pet Insurance) is not in compliance with data protection laws and regulations, you may lodge a complaint with us and/or the Information Commissioners Office by following this link:  www.ico.org.uk.

You can contact Vetsure’s GDPR contact by email at [email protected] or by post at Data Protection Team, Vetsure, 1st Floor, Helios Court, 1 Bishop Square, Hatfield, Hertfordshire AL10 9NE.

If you consider that the processing of personal data by Atlas is not in compliance with data protection laws and regulations, you may lodge a complaint with Atlas and/or the Office of the Information and Data Protection Commissioner by following this link: https://idpc.org.mt/en/Pages/contact/complaints.aspx.

You can contact Atlas’ Data Protection Officer by email at [email protected] or by post at Data Protection Officer, Atlas Insurance PCC Limited, 419 Ta’ Xbiex Seafront, Ta’ Xbiex XBX 1021 Malta.

We will only keep your personal data for as long as we need to, for use as described above.

We will retain your personal data and telephone conversations for a minimum of 3 years and up to 11 years after you cancel your policy or after the last claim is closed, whichever is the later.

We are required to retain your data for as long as required by law or to defend potential legal claims. For all personal data that we retain, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

When you contact us, personal data that you give us will be recorded. This is in our legitimate interest as it helps us optimise our customer service, train and develop our staff, respond to complaints and prevent fraud and other financial crime.

All communications will be in English. You can get this document from us in writing, Braille, large print or audiotape, by contacting us.

We may change this privacy policy from time to time (for example, if the law changes). Any changes will be immediately posted on our website or notified to you (where relevant).