Privacy Policy

• Who are we?
• How do we collect personal information?
• What personal information do we collect?
• How do we use your personal information?
• Why do we process your personal information?
• Who do we share your personal information with?
• Who might our providers share your personal information with?
• Third-party data processors
• What cookies do we use?
• What advertisements do we show on our Sites?
• How secure is our site and what steps do we take to keep you safe?
• How can you amend your preferences?
• Your personal data rights and how to contact us
• How long do we keep your personal information?
• Changes to this Privacy Policy

Who are we?

Halo Insurance Services Limited includes the brands iCarhireinsurance.com and InsuretheGap.com, both of which operate in the UK. We all take your privacy very seriously.

Halo Insurance Services Limited (company number 69229208) is the data controller in relation to the processing of the personal information that you provide to us when you use our Services. Its registered address is Suite 1, 56 Gloucester Road, London, SW7 4UB.

If you have any queries relating to our use of your personal information, or any other related data protection questions, please contact our Customer Services Team at customerservices@iCarhireinsurance.com.

This Privacy Policy explains how we will use personal information about you and the steps we take to ensure your personal information is kept secure and confidential in accordance with the following legislation:

EU General Data Protection Regulation 2018 (GDPR)

The Privacy Policy should be read together with our Terms of Business.

How do we collect personal information?

We may obtain personal information from you through the websites, mobile applications or other similar devices, channels or applications operated by or on behalf of any of the following brands (referred to collectively in this Privacy Policy as the "Sites"):

• iCarhireinsurance.com;
• InsuretheGap.com; and
• iCarhire App.

Halo Insurance Services Limited is owned by its parent Company Cover-More PTY Ltd (Registered in Australia ACN 609 090 397), however we do not share control of your personal data within this wider group. In some circumstances, group companies may be used to perform some data processing functions on behalf of Halo, but this will not provide any group companies with authorisation to use your data outside of these specific functions.

What personal information do we collect?

We collect personal information that you give to us when using our Services via any of the Sites, for example we may collect your name, address, date of birth, email address or telephone number as well as some details relevant to the products you are enquiring about. This might be, for example, to obtain an insurance quote, to buy a product, or enter a competition. When providing our Service to you, we may also store information about how you use our Sites, for example, the pages viewed, the website from which you came to visit our Sites, changes you make to information you supply to us, details of the quotes you request and your transactions, together with details of your financial information, for example, bank account or payment details. We make sure that we have appropriate security measures to protect your information (see section 11 “How secure is our site and what steps do we take to keep you safe?” below). We will periodically review your personal information to ensure that we do not keep it for longer than is permitted by law see section 14 below which details how long we keep your personal information for.

It is your responsibility to check and ensure that all information and data you provide on the Sites is correct, complete, accurate and not misleading and that you disclose all relevant facts.

When providing our Services to you we do not need to collect or process personal information which data protection legislation defines as sensitive personal information, such as medical history or criminal convictions.

We do not knowingly collect or store any personal information about children under the age of 16. If you are aged under 16 please get your parent or guardian’s permission before you provide any personal information to us.

If you are providing us with another person's information you should first ask them to read this Privacy Policy and our Terms of Business. By giving us information about another person you are confirming that they have given you consent to provide the information to us and that they understand how their details will be used.

To ensure the Services we provide continue to meet your needs, we may ask you for feedback on your experience of using the Sites. Any feedback you provide will only be used as part of our programme of continuous improvement and will not be published on the Sites.

We may also use your personal data to send you an invitation to provide a public review of our service on a third-party website. If you choose to respond to this invitation, you will be asked to submit your review directly to the third-party review site and your use of that site will be subject to their own terms of business and privacy policy.

How do we use your personal information?

We may use your personal information:

1. to enable you to access and use the Services;
2. to personalise and improve aspects of our Services;
3. for research, such as analysing market trends, and customer demographics;
4. to communicate with you, including some or all of the following:
   1. sending you information about products and services which we think may be of interest to you - If you agree, we will contact you (depending on your contact preferences) via email, post, telephone, SMS, or by other electronic means such as via social and digital media. This may include new product launches, newsletters, promotions, competitions and opportunities to participate in market research.
   2. sending you annual renewal quotes based on information you previously provided to us (if you have requested quotes) - when our systems indicate that your renewal is due (either when a policy you bought from us is due to expire, or based on the dates you entered for your most recent quote) we may resubmit your quote details to give you an idea of what your quotes could be for your next renewal.
   3. sending you a confirmation email of your quote - when you obtain a quote with us, you may automatically be sent confirmation of your quote by email or SMS so that you have a record of it and can easily retrieve your quote in the future. This is a standard part of our Services and by using the Services you agree to receive these communications;
5. to process a transaction between you and a third party, such as an Insurer;
6. to track sales, which may involve us sharing data with your Insurer relating to the product(s) you have bought. Your Insurer may also send us information they hold relating to the product(s) you have bought for this purpose;
7. to match our data with data from other sources - we may validate and analyse your information and, in some cases, match it against information that has been collected by a third party to ensure that the information we hold about you is as accurate, as possible. As well as ensuring that any marketing material that we send you is appropriate to your needs;
8. to enable you to share our content with others, e.g. by using any 'Recommend a friend' or 'Social Sharing' functionality on our Sites.

We will store the personal information you provide and may use it to pre-populate fields on the Sites and to make it easier for you to use the Sites when making return visits (for example, when you visit our renewal sites).

We may monitor or record your calls, emails, SMS or other communications but we will do so in accordance with data protection legislation and other applicable law. Monitoring or recording will always be for business purposes, such as for quality control and training (e.g. where you call our customer services help line), to prevent unauthorised use of our telecommunication systems and Sites, to ensure effective systems operation, to meet any legal obligation and/or to prevent or detect crime.

Why do we process your personal information?

We will only collect and use your personal information (as described in section 4) in accordance with data protection laws. Our grounds for processing your personal information are as follows:

1. Consent – Where necessary we will only collect and process your personal information if you have given your consent for us to do so, for example, we will only send you certain marketing emails and process any sensitive information about you if we have your consent.
2. Legitimate Interests – We may use and process some of your personal information where we have sensible and legitimate business grounds for doing so. Under European privacy laws there is a concept of “legitimate interests” as a justification for processing your personal information. Our legitimate interests for processing your personal information are:
   1. to enable you to access and use the Services by: searching the websites to obtain quotes; processing any transaction between you and a third party; and tracking sales. Using your information in this way is an essential part of us being able to provide the Services to you;
   2. to communicate with you about the Services. We need to keep you informed about your use of the Services for example sending you a confirmation email of your quotes and renewal notices. This won’t include marketing communications unless you have given us your consent to receive these; and
   3. to improve our Services. We may use your personal information to: personalise aspects of our service and for market research. We constantly aim to improve our Services to you and using your personal information in this way helps us to do this.

You have a right to object to our use of your personal information for these legitimate interests, including where we may use your personal information to create a profile to inform customer demographics. If you raise an objection we will stop processing your personal information unless very exceptional circumstances apply, in which case we will let you know why we are continuing to process your personal information. Please contact our Customer Services Team at customerservices@iCarhireinsurance.com if you wish to exercise this right.

Who do we share your personal information with?

When you use any of our Services, we may disclose your personal information to the following parties:

1. other members of the Halo Insurance Service Limited Group
2. our partners and Insurers including Zurich Insurance plc, MAPFRE ASISTENCIA and other companies whose products or services are featured on our Sites, with a view to them: (i) providing you with an Insurance product, or other service which you have requested. When these companies use your personal information in this way, they will be acting as data controllers (or Joint Data Controllers, alongside Halo) of your information and therefore we advise you to read your chosen provider's Privacy Policy;
3. our channel operators: whilst the majority of the channels on our Sites are run by us, some of our channels are designed and maintained for us by our service providers. We may receive your personal information from these service providers and use it in accordance with section 4 above. We will only use the personal information we receive from third parties where the relevant third party can show that it was collected and processed in accordance with the law;
4. other service providers that we engage to help us provide certain services and/or functionality, such as hosting, data storage and analytics companies, including those listed in section 8 below
5. the Financial Conduct Authority and/or other regulatory/governing bodies, for the purposes of compliance monitoring;

   Where permitted by data protection and privacy law, we may also disclose information about you (including electronic identifiers such as IP addresses) and/or access your account:

6. if required or permitted to do so by law;
7. if required to do so by any court, the Financial Conduct Authority, the Competition and Markets Authority or any other applicable regulatory, compliance, Governmental or law enforcement agency;
8. if necessary in connection with legal proceedings or potential legal proceedings; and/or
9. in connection with the sale or potential sale of all or part of our business.

If we reasonably believe false or inaccurate information has been provided and fraud is suspected, details may be passed to fraud prevention agencies to prevent fraud and money laundering.

Who might our providers share your personal information with?

Some of our providers will use your personal information to assess your circumstances (including information about any third party who is named on the policy) and verify the information that you have provided to us.

Some providers may carry out checks with fraud prevention and credit reference agencies, both when you first buy your policy and at renewal (insurers generally run these checks to ensure that they can verify your identity, help prevent fraud and money laundering). If providers do these checks, they will be quotation searches only, but will be visible to other organisations. Both public data (e.g. the electoral roll) and private data (e.g. your personal credit history) may be checked in this way.

Some providers may carry out checks against data they already hold on you, such as data from existing products, account data, data from previous product transactions, and accounts that you may already hold with them.

If you decide to enter into a contract with a provider through any of the Sites, the information you have provided to us, together with any further information requested by, and supplied by you or us to the provider, will be held by the provider for the purposes set out in that provider's privacy policy. Therefore, you are strongly advised to read your chosen provider's privacy policy and satisfy yourself as to the purposes for which the provider will use your personal information before entering into the contract. We have no responsibility for the uses to which a provider puts your personal information.

Third-party data processors

We use a number of third-parties to process personal data on our behalf. These third-parties have been carefully chosen and all of them comply with the legislation set out in section 1. All third parties based in the USA are EU-US Privacy Shield Compliant.

Third Party	Privacy Policy
Open GI	See here
Salesforce	See here
Pardot	See here
Sage	See here
Google	See here
Bing	See here
Stripe	See here
Facebook	See here
Twitter	See here
Hotjar	See here
Amazon Web Services	See here
Cloud IQ	See here
Trustpilot	See here

What cookies do we use?

A cookie is a very small text file placed on your computer or device. Cookies help us to:

1. understand browsing habits on the Sites;
2. understand the number of visitors to the Sites and the pages visited; and
3. remember you when you return to the Sites so we can provide you with access to previously saved quotes, or email you quote details.
4. facilitate navigation of the Sites and retain information you enter as you move from page to page when obtaining a quote or purchasing a product.

For more information on the cookies we use, please see our Cookie Policy.

What advertisements do we show on our Sites?

Halo does not feature third-party advertising on any of its websites and there are no third-party cookies deployed for this purpose.

Halo does use Display Advertising, using Google Analytics which permits advertisements and remarketing to be served on third party websites across the internet relating to a search made on any of the Sites. The Sites and third parties, including Google, use first party cookies and third party cookies to inform, optimise and serve such advertisements. You can opt out of, or customise, these advertisements using the Google Ads Preferences Manager.

How secure is our site and what steps do we take to keep you safe?

The security of your personal data is very important to us and our Sites use HTTPS to help keep information about you secure. Security during the transfer is called the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)

SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser. Typically, SSL is used to secure credit card transactions, data transfer and logins, and more recently is becoming the norm when securing browsing of social media sites.

However, no data transmission over the internet can be guaranteed to be totally secure. Certain information, for example, your credit card details and personal details, are encrypted to minimise the risk of interception during transit.

You may complete a registration process when you sign up to use parts of the Sites or Mobile Applications. This may include the creation of a username, password and/or other identification information. Any such details should be kept confidential by you and should not be disclosed to or shared with anyone. Where you do disclose any of these details, you are solely responsible for all activities undertaken on the Sites where they are used.

We do our best to keep the information you disclose to us secure. However, we can't guarantee or warrant the security of any information which you send to us, and you do so at your own risk. By using our Sites you accept the inherent risks of providing information online and will not hold us responsible for any breach of security.

It might sometimes be necessary for us to transfer your personal information outside of the European Economic Area (EEA) to locations that may not provide the same level of protection as the UK. However, we will only transfer your personal information out of the EEA if we have put in place appropriate safeguards and protections as stated under UK law for example by the use of a data-transfer agreement incorporating certain standard model protection clauses.

How can you amend your preferences?

Any electronic marketing communications we send you will include clear and concise instructions to follow should you wish to unsubscribe at any time. You may also amend your marketing preferences by contacting customerservice@iCarhireinsurance.com.

Should you no longer wish to be contacted by us, you can advise us at any time by contacting our Customer Services team on +44 (0) 203 302 2296 - lines are open Monday to Friday 9.15 to 5.00 or by sending an email to customerservice@iCarhireinsurance.com<./p>

If you no longer wish to be contacted by providers for marketing purposes, please follow the instructions in their marketing communications, or consult their privacy policies for further information about unsubscribing.

Your personal data rights and how to contact us

You have certain rights under existing data protection legislation including:

1. Right to access: the right to request copies of your personal information from us;
2. Right to correct: the right to have your personal information rectified if it is inaccurate or incomplete;
3. Right to erase: the right to request that we delete or remove your personal information from our systems;
4. Right to restrict our use of your information: the right to ‘block’ us from using your personal information or limit the way in which we can use it;
5. Right to data portability: the right to request that we move, copy or transfer your personal information;
6. Right to object: the right to object to our use of your personal information including where we use it for our legitimate interests or where we use your personal information to carry out profiling to inform our market research and customer demographics (see section 5 above).

To make enquiries, exercise any of your rights set out in this Privacy Policy and/or make a complaint please contact our Customer Services Team at customerservice@iCarhireinsurance.com

If you are not satisfied with the way any complaint you make in relation to your personal information is handled by us then you may be able to refer your complaint to the relevant data protection regulator which in the UK is the Information Commissioner’s Office.

This Privacy Policy shall be governed and construed in all respects in accordance with the laws of England and Wales.

How long do we keep your personal information?

Unless a longer retention period is required or permitted by law, we will only hold your personal information on our systems for the period necessary to fulfil the purposes outlined in this Privacy Policy or until you request it is deleted. If, having registered for any of our Services, you do not use them for a reasonable time (which may vary depending on the Service(s) you’ve registered for) we may contact you to ensure you’re still happy to receive communications from us. Even if we delete your personal information it may persist on backup or archival media for legal, tax or regulatory purposes.

Changes to this Privacy Policy

We reserve the right to amend or modify this Privacy Policy at any time and any changes will be published on the Sites. The date of the most recent revision will appear on this page. If we make significant changes to this policy, we may also notify you by other means such as sending an email. Where required by law we will obtain your consent to make these changes. If you do not agree with any changes, please do not continue to use the Sites.

Last updated May 2018