Snowcard Insurance Services Limited (SIS) statement on The General Data Protection Regulation (GDPR) effective from 25 May 2018
The GDPR replaces the UK Data Protection Act 1998 and takes effect from 25 May 2018. This new law updates previous legislation with a view to providing protection in the 21st century digital era. The intention of the GDPR is to ensure that companies protect customers from the unsolicited use of their data and keep their data safe taking into account hacking threats and invasions of privacy.
SIS has taken the following measures to comply with the GDPR requirements:
Data Audit – SIS has considered what data is required to fulfil the services offered and only stores information that is required to complete the policy purchase transaction. All information is securely stored using the latest SSL technology. Access to data is restricted to authorised personnel only including the emergency assistance and claims personnel at Ageas Insurance who underwrite the Snowcard travel insurance scheme. During registration, customers are asked for names, date of birth, address, telephone number and email address. These are required for the policy certificate document and are not used for any other purpose except that the customer is asked if they would like to receive communications from SIS for newsletter updates or for the claims department to make contact with the customer in the event of a claim. No customer data is shared with any other organisation or sold to data marketing agencies. No financial information with debit or credit card information is stored by SIS at any stage, payments are completed outside of the SIS web site with Worldpay who are responsible for their own GDPR compliance. No payment card information is passed back to SIS at any stage of the payment process.
Customer Consent – when a new customer registers as a user on the SIS web site they are asked if they would like to receive updates via a newsletter from SIS in the future. These are infrequent communications which can be opted out of should the customer wish at any time either from within their SIS online account or when they receive a newsletter email. The customer has to positively ‘opt in’ and if they do not, they will not receive further communication from SIS except for their policy fulfilment. SIS use the Mailchimp email distribution list service whose privacy statement can be accessed via https://mailchimp.com/legal/privacy
Your Rights to correct or delete your Data – all customer data can be viewed online by logging into their online account record. This can be amended by the customer or a request to either make an amendment or to erase the data can be made to email@example.com which will be actioned within 48 hours or within the 31 day limit specified in the GDPR requirements.
Data Breaches – staff at SIS are aware of the GDPR requirements and instructed to report any notifications of a data breach to senior management as soon as the report is made. In the event of a data breach, SIS will immediately lock down all customer data and send instructions on how to reset passwords within 72 hours. Any report of a data breach will be reported to the Information Commissioner’s Office (ICO) within 72 hours. Customers are responsible for reporting any suspected breach of their data to firstname.lastname@example.org
Any questions relating to SIS limited compliance with the GDPR requirements should be directed to email@example.com for the attention of Russell Dadson, Director of Snowcard Insurance Services Limited