Privacy Policy

Scope of this Statement

You may interact with CIR online and offline for a variety of reasons. This section explains when the Statement applies to CIR processing of your personal information.

CIR as Data Controller:  Unless stated otherwise, this Statement applies to any personal information you provide to CIR and any of your personal information we collect when you:

  • visit or use our websites or applications (together the “Site”)
  • visit a CIR office or other physical location
  • request a service from us or use other services that refer to or link to this Statement (each, a “Service”).

This Statement also applies to personal information CIR may collect from or about the corporate representatives of clients, vendors, suppliers, business partners, and others for the purposes of conducting our own business, such as contracting and invoicing.  This personal information generally is limited to contact details and other limited information necessary to complete business transactions (“Business Contact Information”).

Identification of the Data Controller:  The CIR entity whose website or physical location you visit, event you attend, or Service you use also is responsible for the processing of your personal information collected in relation to the visit, event, Service, or business relationship (“data controller”).

This Statement does not apply to the processing of your personal information described below:

CIR as Data Processor:  At times, CIR may collect and otherwise process personal information in our capacity as a data processor, meaning that we handle your personal information only on our client’s behalf and in accordance with their instructions. This Statement does not apply to CIR processing of personal information as a data processor.  For information about this processing of your personal information, please refer to the website of the CIR client on whose behalf CIR is providing the service.

CIR as Employer:  This Statement does not apply with respect to the personal information processed by CIR in our capacity as an employer, including the personal information of job applicants who apply for employment with CIR or the Company’s current or former employees or independent contractors. CIR maintains separate policies, as required by law, with respect to the Company’s processing of personal information in its capacity as employer.

Third-Party Sites: The Site may include links to, and plug-ins from, sites or applications operated by third parties (“Third-Party Sites”). CIR does not control any Third-Party Sites and is not responsible for any personal information they may collect. The information collection practices of Third-Party Sites are governed by their privacy policies. If you choose to enter any Third-Party Site from the Site, please refer to that site’s privacy policy to learn more about that site’s processing of your personal information.

“Consent” means any freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, indicate your unambiguous agreement to the processing of your personal information.

By providing your personal information to CIR as data controller, you consent to CIR processing of your personal information as described in the Statement, as it may be modified from time to time. You also have the right to withdraw your consent at any time. As our business evolves, this Statement may change, so check back to this page periodically to make sure you understand how your personal information will be handled. Where processing of your data requires explicit consent, this will be obtained directly from you prior to proceeding.

Please understand that you are not obliged to provide your personal information to the Company. However, if you do not provide your personal information, or otherwise do not consent to the processing of your personal information or withdraw your consent to the processing, the Company may not be able to provide you with certain Services and may be required to terminate the Services currently provided to you.

Where applicable law requires a lawful basis for collecting, using and otherwise processing your personal information and you do not consent or you withdraw your consent, the Company relies on the following alternative grounds as applicable:

  • as necessary to enter into a contract for Services with you, and to perform our obligations under that contract;
  • as required to fulfill the Company’s legal obligations;
  • as necessary to exercise the Company’s rights or defend against legal claims;
  • where applicable, as necessary for the Company to pursue our legitimate business interests, such as managing our relationship with our clients, suppliers, and you, maintaining our business records, and improving our products and Services.

Before collecting your sensitive personal information, we will, when required by applicable law, provide you with a separate notice and, if the collection is not required by applicable law, request your explicit consent whenever legally required to do so.

Personal Information We Collect

The types of personal information we collect will vary depending upon the reason that you are interacting with us and may include the following:

  • Contact details: such as your name, email, mailing address, and phone number.
  • Identification details: Identification numbers issued by government bodies or agencies, including your Social Security number, national insurance number, passport number, tax identification number, state ID card number, driver’s license number, photographs, or audio or video recordings of you, for example, when you call one of our service centers or visit one of our physical locations.
  • Demographic details: such as your date of birth, age, gender, marital status, and insurance requirements.
  • Employment information: such as employer, job title, employee number, employment status, salary, ethnicity, employer history, employment benefits, and family details, including their relationship to you.
  • Health information: such as medical records, health status, injury or disability information, medical treatment, personal habits (for example, smoking), prescription information and medical history.
  • Benefits information: such as benefit elections, pension entitlement information, date of retirement and any relevant matters impacting your benefits, e.g., voluntary contributions, pension sharing orders, tax protections or other adjustments.
  • Financial information: such as bank account number or other financial account number and account details, credit history and bankruptcy status, salary, bonus payments, benefits and entitlement data, and national insurance contributions details, only as necessary to provide our Services.
  • Claims details:  Information about previous and current insurance claims, (including other unrelated insurances), which may include data relating to claims concerning you or your employer’s insurance policy.
  • Marketing and communications preferences: such as interests and preferred language. To improve our marketing communications, we may also collect information about interactions with, and responses to, our marketing communications.
  • Events information: such as information about food allergies or dietary restrictions along with feedback forms when registering for or attending in-person events.
  • Background checking information: such as inclusion on a sanctions list or a public list of disqualified directors, the existence of previous or alleged criminal offences, or confirmation of clean criminal records, information in relation to politically exposed persons (“PEPs”), only where this information is (i) applicable in the context of the Service you have requested; and (ii) we have obtained your consent, as appropriate.
  • Comments, feedback or other information provided to us: such as social media interactions with our social media presence, comments provided on feedback forms or surveys and questions or information sent to our support services.
  • Account login credentials: such as username and password, and security information related to your account with us.
  • Payment information: such as credit or debit card number and bank account details to facilitate payment on behalf of insurers.
  • Driving history, certifications and insurance details: such as driving license details, the period for which a license has been held, existing and previous insurance policy details, previous accident and claims history and details of any motoring convictions, only as part of your application for and administration of the Service to be provided.
  • Telephone recordings: Recordings of telephone calls with our representatives and call centers.
  • Photographs and video recordings: Images (including photographs and pictures) or video recordings created in connection with our insurance or other business activities, including for claims assessment, administration and settlement, claim disputes, or for other relevant purposes as permitted by law, as well as CCTV recordings captured by equipment on our premises.
  • Online information: Such as device, computer and connection information, device location information, and data collected during use of our website.
  • Business Contact Information: Such as your name, employer, job title, business mailing address, business email address, business phone number, and other information necessary for the administration of the relationship between CIR and your employer.

CIR may collect sensitive personal information (such as health information and criminal history information) as described above. We do so only to the extent necessary for the provision of Services and only if and to the extent permitted by applicable laws. Whenever legally required to do so, we will provide you with a separate notice and request your consent before collecting your sensitive personal information.

If you provide us with personal information relating to other people (e.g., your spouse, civil partner, dependents, beneficiaries, etc.), we will process that information in accordance with this Statement. You are responsible for the accuracy of such information and for ensuring that those people are informed that you provided their personal information to CIR and that we will process their personal information in accordance with this Statement.

Automated Collection of Information on the Site

When you browse our Site, we may collect information automatically through technology to help enhance our ability to serve you. This may include: the name of the domain and host from which you access the Internet; the Internet protocol (IP) address of the computer you are using; the browser software you use and your operating system; the date and time you access our Site; and the Internet address of the site from which you linked directly to our Site.

We may use this information only as anonymous aggregate data to determine the number of visitors to different sections of our Site, to ensure the Site is working properly, and to help us make our Site more useful. For example, we may use your IP address to assist in correcting server problems and to administer our Site. Additionally, we may use this information for statistical purposes, such as determining user demographics for advertising purposes. We do not use this information to track or record information about individuals.

Cookies: Cookies are small pieces of data stored by your internet browser on your computer’s hard drive. They cannot be used to collect data from your hard drive, obtain your e-mail address or personal information about you.

If you are browsing our Site, we may also use cookies or similar mechanisms to help us measure the number of visits, time spent, pages viewed and other statistics about traffic to our Site. We may also use cookies provided by Google Analytics for collecting website analytics and could use the information set forth above. For more information on Google Analytics, and how it collects and processes data, go to: https://www.google.com/policies/privacy/partners/.

You may set your browser to notify you when you receive a cookie or to prevent cookies from being sent. Please note that when you block the acceptance of cookies you limit the functionality we can provide when you visit our Site. For more information about cookies and other technologies we use on the Site, please review our Cookies Policy.

Do Not Track Setting: The Site does not track your online activities over time and across websites or online services on an individually identifiable basis, and we do not allow third parties to use our Site to track your activities over time or across other websites. Your web browser may have settings that allows you to transmit a “Do Not Track” signal when you visit various websites or use online services. Like many websites, the Site is not designed to respond to “Do Not Track” signals received from browsers. To learn more about “Do Not Track” signals, go to: https://allaboutdnt.com/.

Sources of Personal Information

We may collect personal information about you from the following sources:

  • Directly from you: We collect personal information about you when you submit an application for a Service, use a Service, visit our Site, register for or attend an event, or otherwise communicate directly with us.
  • From your employer or representative: We may obtain personal information about you from your employer or the company with which you are affiliated in order to provide Services to them and/or manage your access to such Services.
  • From a third party acting on your behalf: We may collect personal information from your family members, financial advisor or representative.
  • From insurance carriers and third-party agent/brokers: In the event of a claim, we will receive information about you from third parties, including the other party to the claim (claimant/defendant), witnesses, experts (including medical experts), loss adjusters, attorneys, and claims handlers.
  • From automated technologies: We may obtain personal information about you through automated technologies, such as cookies on our Site (as described in more detail in Section 3, above), or from surveillance or recording technologies, such as video surveillance in Company facilities.
  • From acquired entities: If we acquire an entity as part of a corporate transaction, we may obtain personal information about you from that entity.
  • From other third parties: We may obtain your personal information from credit reference agencies, anti-fraud databases, sanctions lists, court judgements and other judicial databases, government agencies, open electoral register and any other publicly available data sources.

How We Use Personal Information

Depending on the nature of your interaction with CIR (e.g., as a policyholder, website user, business contact), we may use personal information about you for the following purposes:

Providing Services to You or on Your Behalf:

  • To arrange insurance coverage (issue quotations, inception of a Service, renewals)
  • To administer policies and process claims
  • To make assessments and decisions, including whether to pay your claim or pursue any losses against you or a third party, provide you with our products and Services, on what terms and whether you are eligible for a payment plan
  • To process payments when you purchase a product or Service and any refunds
  • To collect, forward and refund premiums
  • To facilitate premium finance arrangements
  • To conduct credit assessments and other background checks
  • To provide other Services to you, at your request or at the request of a third party acting on your behalf

Communicating With You:

  • To communicate with you about our products and Services
    • To operate, assess activity on, and improve the Site and related Services
    • To conduct marketing
    • To allow members of the CIR family of companies to notify you of certain products or Services offered by them

Managing Our Business:

  • To process business-related transactions, such as the purchase of products or services from vendors or suppliers
  • To manage relationships with third parties (e.g., brokers and vendors)
  • To facilitate business transfers to successors of the business in the event of sale, reorganisation, or other corporate transaction, including due diligence and planning

Complying With Legal Obligations and Protecting Ourselves:

  • To comply with applicable legal, regulatory and professional obligations, including cooperating with regulatory bodies and government authorities
  • To comply with law enforcement requests
  • To exercise and defend ours, yours, or applicable third parties’ legal rights
  • To undertake anti-fraud, sanction, anti-money laundering and other checks to protect against fraudulent, suspicious or other illegal activities
  • To conduct compliance/security monitoring and screening
  • To conduct internal investigations into alleged violations of Company policy or applicable legal requirements
  • To monitor and ensure the safety and security of our premises, property, employees and visitors
  • To engage in other activities we believe necessary to meet legal, security, and regulatory requirements

 Improving our Services:

  • To conduct research and statistical analysis
  • To build databases related to the Services for use by us and others with which we may share information
  • To improve our products and Services
  • To provide staff training, including by recording and monitoring telephone calls
  • To maintain information security
  • To conduct customer analysis, market research and focus groups, including customer segmentation, campaign planning, creation of promotional materials, gathering customer feedback, and conducting customer satisfaction surveys
  • To manage concerns and complaints, including to allow us to respond to any current complaints or concerns you or others might raise later, for internal training and monitoring purposes and to help us to improve our complaints handling processes.

How We Disclose Personal Information

We do not, and will not, sell your personal information or disclose it to third parties for cross-context behavioral advertising (“sharing”).  We may disclose personal information to the following categories of third parties for the following purposes:

  • Service Providers: We may disclose your personal information to service providers to provide services to us or on our behalf and to assist us in meeting our business needs and contractual and legal obligations — for example, to host all or portions of the Site, to process payments, or to conduct credit, background or other screening. Service providers will be permitted to process your personal information only for the purpose(s) for which it was disclosed to them and in accordance with the Company’s instructions.
  • Professional Advisers and Related Third Parties: For example, we may disclose personal information to lawyers to assist us with legal compliance, auditors, accountants, consultants, insurance carriers, reinsurers, intermediaries, and third-party agents/brokers to assist us in providing Services to you or in otherwise conducting our business.
  • CIR family of companies, for example, to provide you with our products and Services or to provide you with information about their products and Services.
  • Government Authorities or Administrative Agencies: We may disclose your personal information, for example, to law enforcement or regulatory bodies or tax authorities.
  • Other Third Parties:  We may disclose your personal information to other third parties;
  • When Required By Law: for example, when we respond to subpoenas, court orders, legal process, or discovery requests in civil litigation.
  • To Protect Rights, Property or Safety: If we believe that your actions violate applicable law, or threaten the rights, property, or safety of the Company, our clients, or others.
  • In Corporate Transactions: We may disclose and transfer your personal information, including to a subsequent owner or co-owner, of our business, including in connection with a corporate merger, consolidation, bankruptcy, the sale of all or substantially all of our membership interests and/or assets, or other corporate change.

The Company will make the disclosures described above only as permitted by applicable laws.

Information Security

We work to secure your personal information from being lost, accessed, used, modified, or disclosed by/to unauthorized persons. During transmission of personal information between you and our Site, we use Transport Layer Security (TLS) software to encrypt information you input.  Only employees who need the information to perform a specific job are granted access to personal information. These employees are made aware of our security and privacy practices. As another security measure, the servers that we use to store personal information are kept in a secure, restricted access area.

Please note that despite our reasonable efforts, no security measure is ever perfect or impenetrable, so we cannot guarantee the security of your personal information. Consequently, you should take steps to protect against unauthorised access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess and keeping your log-in and password private.

Retention of Personal Information

We keep personal information for as long as is reasonably required for the purposes explained in this Statement. We also hold records, which may include personal information, to meet legal, regulatory, tax, accounting and/or internal data retention policy needs. For example, we are required to retain an accurate record of your dealings with us, so we can respond to any complaints or concerns you or others might raise later. We’ll also retain files if we reasonably believe there is a prospect of litigation. The specific retention period for your personal information will depend on your relationship with us and the reasons we hold your personal information.

Contact Us

If you have any questions about this Statement or the rights conferred to you under the applicable data privacy law, please contact CIR at [email protected] or at the following addresses/emails/telephone numbers:

  • Address: 11th Floor, The Plaza, St Pauls Square, Liverpool, Merseyside. L3 9QJ
  • Email: [email protected]
  • Telephone: 0800 059 0150

Changes to the Statement

We review this Statement regularly and may make changes at any time to take account of changes in our business activities, legal requirements, or the manner in which we process personal information. We will place updates on this website and where appropriate we will give reasonable notice of any changes. You should periodically review this Statement to ensure you understand how we collect and use your personal information.