About this policy
This notice is written to comply with the General Data Protection Regulation (GDPR) and provides information about how Secure Refunds Limited collects, uses, shares and stores personal data in the capacity as a ‘Data Controller’.
What personal data do we process?
We collect and use relevant information about you to perform services as refund administrator and can include:
• your name, address, and contact details
• financial information such as bank account details
• where critical for providing the service requested, sensitive details such as information about your health
• other information in connection with the ticket refund protection cover from which you benefit.
How do we collect your personal information?
The information we collect about you may come directly through our contact with you including by online submission, email, telephone or written correspondence.
How do we use your information?
We use your information to enable us to provide you with services relevant to your ticket refund protection purchase:
• to assist with the processing, management and/or the defence of any ticket refund application
• to fulfil the legal and regulatory obligations
• to establish, exercise and defend our legal rights
• to fulfil a legitimate business interest, where such an interest does not conflict with or harm your data privacy rights.
On occasion, it may be necessary for us to process sensitive data such as health information to enable us to provide a service you have requested. We will only process such data if it is critical to providing that service and we will therefore not seek your explicit consent so to do. Should you object to providing your consent or should you later withdraw your consent, we shall not be able to provide you with the services to which that information relates.
Who do we share your information with?
The way ticket refund protection works means that your information may be shared with and used by a number of third parties in the insurance sector for example:
• agents or brokers
• loss adjusters
• law enforcement agencies
• fraud and crime prevention and detection agencies
• compulsory insurance databases.
We will only disclose your personal information in connection with the services that we provide and to the extent required or permitted by law.
For a guide to how and why the insurance industry is required to use and share personal data, You can download a London insurance market information notice at this location https://www.londonmarketgroup.co.uk/gdpr
Please note that under no circumstances do we sell your data or pass on your data to those that wish to use it for marketing purposes.
Where we store your personal data
The data we collect from you may be transferred to and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the processing of your refund request, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice.
All information you provide to us is stored on our secure servers. Any payment transactions and bank accounts will be encrypted.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
How long do we store data?
We will not keep your data for longer than is necessary once we have fulfilled the processing purpose(s) set out in this notice unless we need to do so to comply with our legal and regulatory obligations or to enable us to establish, exercise and defend our legal rights. In most circumstances, this will mean that we keep data for at least six years after the termination of our business relationship with the data subject. Though the exact period of time we retain data will depend on what data we hold and the legal & regulatory obligations.
The data we keep about you should be accurate and up to date. Please contact us if you wish to update your details, view a copy of the information we hold on you, or request that any inaccurate personal data be corrected, blocked, deleted or change your consent choices (where applicable).
If you have any questions about this notice or you wish to exercise any of your rights in relation to the personal data we hold about you please contact Secure Refund’s Data Protection Officer Contact Us
The Data Controller is:
Name: Secure Refunds Limited Address: Gibraltar Heights, Bishop Rapallo’s Ramp, GX11 1AA, Gibraltar
Should you wish to gain more information about your data protection rights or lodge a complaint if you think that your personal data has been inappropriately used please visit the Information Commissioner’s Office website: http://www.ico.org.uk/
Last Updated: April 2023