Who we are?
We are startrescue.co.uk, a trading style of Call Assist Ltd, Axis Court North Station Road, Colchester, Essex, CO1 1UX (Registered Company Number: 3668383). Authorised and regulated by the Financial Conduct Authority (Firm Reference Number: 304838).
For the purpose of the Data Protection legislation, depending on the individual relationship we have with you, we might be the Data Controller of your personal data. This means that we are responsible for deciding how we use your information. Alternatively, we might be the Data Processor of your personal data. This means that we are responsible to process your personal data under written instructions from the Data Controller.
Data Protection Officer (“DPO”)
Personal information is information about you from which you can be identified. Dependent on which service you receive from us, we will process different types of information about you. We will not process any personal information about you that we do not actually need in order to provide our services to you.
What personal information we collect?
The types of personal information we collect include:
- personal details, such as title and your full name;
- contact details, such as email address, mobile number, landline phone number and alternative phone number;
- date of birth;
- home address, including house name/number, postcode, street name, town and county;
- vehicle information, such as vehicle registration, make and model, reported faults;
- credit/debit card details, such as the 16 digit card number, name stated on the card, expiry date, and CV2 number. We only provide the mechanism which collects this information, but it is never transmitted through or stored within our systems;
- details of beneficiaries, such as named drivers;
- identification documentation, such as your UK driver’s licence ;Passport; EU Identity Card; Council Tax Bill; Credit Card Statement; Pension Book and Bank Account Statement;
- special categories of data, such as details regarding your health (medical conditions, disabilities) limited to those that might affect the provision of our services to you;
- records of your communication with us, such as call recordings, emails, text messages, survey comments, complaints regarding our products or services, made in any form, including complaints made orally, by email, letter and/or by online contact form submissions;
- information relating to contests or any promotions entered;
- marketing communication, such as your response to marketing from us or through our third parties;
- policy information, such as policy start date, any call outs and/or claims made;
- telemetry information, such as your mobile phone location data and IP address (which is a unique number identifying your computer), , all web pages viewed, server requests, details of the browser (including browser type, timings, connections, updates and exceptions), and details of the device you are connected with;
- fraud and theft information, such as any suspected or actual instances of fraud or theft;
- Information we obtain from third parties, such as third party databases available to the insurance industry and firms, loss adjustors and/or suppliers appointed in the process of handling a claim.
For the Home Emergency cover only:
- Type of the property, such as the classification of the property;
- Ownership status of the property, such as record if you are the owner, occupier of the property, or the Landlord / Tennant.
What are our legal grounds and purposes for collecting your personal information?
The legal basis for processing your personal data can differ depending on the personal data that we collect.
For some of the personal data, the legal basis will be ‘contractual obligation’. Without collecting certain information from you, the data subject, it will not be possible for us to provide you with our contracted services.
In order to fulfil our statutory and regulatory obligations, we may need to process and hold certain personal data about you. For example, we are legally obliged to keep records for the purposes of inspection by HMRC and/or FCA.
For other personal data that we capture, it may be deemed to be in our ‘legitimate interest’. For example, we believe that it is in our legitimate interest that telephone calls are recorded, to help improve our service to you as well as enable complaints and enquiries to be dealt with more efficiently. Where we deem ‘legitimate interest’ to be the correct legal basis, we shall ensure that we balance your interests with those of startrescue.co.uk at all times.
Further personal data, for the purposes of marketing for example, will not be processed without your explicit, informed consent. Where we seek to obtain your consent, we will make this clear to you as well as informing you about how you can withdraw that consent should you change your mind at any time. If we do not have your consent, we will not undertake marketing to you.
It is in our legitimate interests to do so, such as:
- recording and monitoring calls for training purposes, to improve the quality of our service, to help us deal with queries or complaints from you.
Because we have a justifiable reason, such as:
- keeping records about you and our correspondence with you. This is so that we can appropriately and effectively manage our relationship with you. We may also have to keep such records to satisfy any legal and regulatory obligations;
- as well as satisfy any legal and regulatory obligations we may have to keep such records;
- preventing and detecting fraud, financial crime and money-laundering.
We have your consent or explicit consent:
- to send you direct marketing communications to keep you informed of our products and services, including but not limited to breakdown cover (e.g. other automotive or financial products, or other carefully selected offers which we believe may interest you);
- for processing of special categories of your personal data, such as medical conditions or disabilities.
If you do not provide the personal information that we request or if you object to your data being processed by automated decision-making, then we will not be able to provide you with our products and services.
Disclosing and sharing your information
We will only disclose/share information about you or your policy in the following circumstances:
- in the event that we undergo re-organisation or are sold to a third party, in which case you agree that any personal information we hold about you will be transferred to that re-organised entity or third party;
- it has been authorised by you;
- it is with regulatory bodies, including but not limited to the Financial Conduct Authority (“FCA”), Isle of Man Financial Services Authority (“FSA”) and the Financial Services Commission (“FSC”);
- it is with fraud prevention and credit reference agencies;
- it is required by law;
- in case you make a complaint to us about the service we have provided, we may be obliged to forward details about your complaint, including your personal information, to the Financial Ombudsman Service (“FOS”);
- it is being provided to Recovery Operators or other suppliers as required to fulfil our contractual and legal obligations, and in which case your personal data will be limited to the minimum ordinarily required for service provision: additionally, these suppliers will only be able to use your data to provide the specific services;
- it is being shared with aggregators/selling platforms, such as comparison creator groups (Moneysupermarket.com, Comparethemarket.com, Gocompare.com, Confused.com, GC), Quotezone, Knowyourmoney.co.uk and Breakdowncovercomparison.co.uk;
- It is being provided to Cunningham Lindsey, Robert Heath Heating and/or UK Assistance24/7 (for policies incepted on or before 31st March 2019) or Legal Insurance Management Ltd (for policies incepted on or after 1st April 2019) as required to fulfil our contractual and legal obligations for the Home Emergency cover and in which case your personal data will be limited to the minimum ordinarily required for service provision: additionally, these service suppliers will only be able to use your data to provide the specific services.
In the unfortunate event that you have to make a claim, then we will need to disclose information to any other party involved in that claim. This will usually include:
- third parties involved with the claim, their insurer, solicitor or representative;
- medical team, the police or other investigators.
International data sharing and transfers
It may be necessary to transfer your information to other Group companies or service providers located outside of the European Economic Area (EEA). We will not transfer your information outside the EEA unless it is to a country which is considered to have equivalent data protection laws or we have taken all reasonable steps to ensure the firm has suitable standards in place to protect your information.
In the unfortunate event that you have broken down outside the EEA and make a claim, then we will need to disclose your information to either:
- the IMA Group, which is our business partner that is contracted to handle claims on our behalf outside of the UK. All details for assistance required outside of the EEA will be dealt with through them. IMA will select a local Recovery Operator in the country in which you have broken down and will send required job details to the Recovery Operator via IMA Net. The data passed is limited to your: full name, contact number and location of the breakdown.
Or as of February 2019;
- Opteven Services S.A, which is our business partner that is contracted to handle claims on our behalf outside of the UK. All details for assistance required outside of the EEA will be dealt with through them. Opteven will select a local Recovery Operator in the country in which you have broken down and will send required job details to the Recovery Operator. The data passed is limited to your: full name, contact number and location of the breakdown.
During our normal development and hosting operations no personal information is transferred outside of the EEA, however, there are rare circumstances when personal information might be made available to companies or service providers operating outside of the EEA. Those include:
- Microsoft Azure - when we receive support via the Microsoft Azure Subscription, some data is made available to the Microsoft Engineers who may be located outside of the EEA. This support is typically given from such third countries as India or United States of America.
The data transferred is typically telemetry data, which cannot be used to identify individual people For the details of our agreements with Microsoft, please follow the link - https://azure.microsoft.com/en-gb/overview/trusted-cloud/.
- Bing Ads - is a service that provides pay per click advertising on both the Bing and Yahoo! search engines. This service is provided by Microsoft and the same parameters apply as outlined above (see Microsoft Azure).
- Google Ads – is an advertising service by Google for businesses wanting to display ads on Google and its advertising network. There will be support cases that are handled outside of the EEA, mainly in India. Google is opted into the European Commission’s model contract clauses. For the details of the model clauses, please follow the link - European Commission-approved model contract clauses.
Please be aware that communications over the Internet, such as emails or webmails, are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered - this is the nature of the Internet. We cannot accept responsibility for any unauthorised access or loss of information that is beyond our control.
Under the Data Protection legislation, you have a number of rights relating to the information we hold about you. This includes the right to:
- ask for a free copy of any personal data we hold about you;
- ask for correction of any inaccurate information held about you;
- object to the use of your personal data for direct marketing;
- withdraw any permission you have previously given to us to process your personal data except where this is critical to us fulfilling our contractual and legal obligations;
- ask for your personal data to be deleted from our system/database. Please note that there are times when we will not be able to delete your data. This may be as a result of us fulfilling our legal and regulatory obligations, or where there is a minimum statutory period of time for which we have to keep your information. If we are unable to fulfil a request, we will always let you know our reasons;
- not to be subject to an automated decision making (without human involvement) where that decision produces a legal or significant effect on you. This means you can ask that we involve one of our members of staff in the decision-making process;
- obtain, move, copy or transfer your personal information in a format which enables you to transfer that personal data to another organisation. You may ask to have your personal data transferred by us directly to the other organisation, if this is technically feasible;
- request that we suspend our processing of your personal data. Where we suspend our processing of your personal data, we will still be permitted to store your personal data, but any other processing of this information will require your consent, subject to certain exemptions (for example, processing is required by law or to prevent crime);
- complain to the Information Commissioner’s Office if you are not satisfied with our use of your data (https://ico.org.uk).
Should you wish to exercise any of your rights under the Data Protection legislation, please direct your enquiry to the Data Protection Officer, Call Assist Ltd, Axis Court, North Station Road, Colchester, Essex CO1 1UX; email DPO@call-assist.co.uk.
Your data is considered to be an important asset to us, and as such, we make reasonable effort to ensure the necessary measures are in place to prevent unauthorised or inappropriate access, use, modification, disclosure or destruction.
On our website we protect any information you have given us by providing you with a User ID and password. Your User ID will be the email address provided to us during the purchase of the policy. You will need a User ID and password to access your information on our website. You must keep this password safe and must not disclose it to anyone. We will not accept responsibility or liability if a third party obtains and uses your User ID and password. You must tell us immediately if your User Name or password has been compromised in any way Please also tell us if you would like us to change your User ID or password for any other reason.
Other measures we take to keep your data secure include, but are not limited to:
- making regular backups of files;
- protecting file servers and workstations with virus scanning software;
- using a system of passwords so that access to data is restricted;
- allowing only authorised staff into certain computer areas;
- using data encryption techniques to code data when in transit;
- ensuring that staff are only given sufficient rights to any systems to enable them to perform their job function.
Retaining your information
We retain your personal data in order to provide you with our range of products and services to you and/ or to fulfil our legal and regulatory obligations. If you decide that you no longer wish to use our products and services, we will retain your personal data for a maximum of seven years from the end of the insurance relationship with Call Assist Ltd, in line with our legal and regulatory requirements. In any situation where the retention period is longer, we will inform you of this.
Where possible, we will anonymise or remove your personal data that is no longer required for the purpose(s) for which it was obtained.
Links to Other Websites
In this website certain links, including hypertext links, will lead you to website or pages that are not under our control. These links are provided for your information and convenience and the inclusion of any link does not imply endorsement by us in any way of the site to which a particular link leads. We accept no responsibility or liability for the content of other websites. If you are redirected to another website via our website, you will need to contact that organisation separately to remove your details from their records. No one may link into this site without prior written consent.