Skip to content

Privacy policy

Privacy Policy

Your privacy is our priority.

At SSP Group, we're committed to safeguarding your privacy, whether you're a customer, a prospective customer or a visitor to one of our websites. The purpose of this policy is to explain how we use the personal data we collect about you, how you can instruct us if you would prefer to limit the use of your data and the procedures that we have in place to keep your data secure.

You must read this privacy notice together with any other privacy notice and any other notices we may provide on specific occasions when we are collecting or processing personal data. Reading this information lets, you understand how and why we use your data thoroughly. This privacy notice supplements any other information and does not intend to override them.

We will only use your data in ways the law allows us to. We hold any information you provide with the utmost care and security. We will only use your data in ways the law allows us to, to which you have consented. More commonly, we will use your data in the following circumstances:

We need to perform the contract we are about to enter or have entered with you. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights, do not override those interests.

Where we need to comply with a legal or regulatory obligation, We have appointed our Head of Legal & Company Secretary, Neil Forrest, as Data Protection Officer (DPO), who oversees questions concerning this policy. If you have any questions about this privacy notice, including any requests to exercise your legal rights, don't hesitate to contact the DPO using the contact details at the base of this page.

You can complain to the Information Commissioner's Office (ICO), the UK supervisory authority, for data protection issues. However, we would appreciate the chance to deal with your concerns before you approach the ICO, so don't hesitate to contact us in the first instance.

What data do we collect?

We need to collect, store and process personal data from you in order to provide an effective service. You provide some of this data directly when you become a customer, or when you fill out a form on one of our websites. We only collect data that is relevant for the purpose of processing. For example, to join a mailing list we may only require your name and email address; whereas to attend an event we host, we may also require your company name and contact number.

As a consequence of providing software to the general insurance market, and as permitted by law, we may sometimes collect special categories of personal data about you (this may include quotation details, such as information about your health or motoring offences).

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, where we run marketing campaigns and competitions). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

Disclosure of information

The use of your data for any of the purposes explained within this policy, or in any separate communication from us, may involve sharing it with third party suppliers such as contractors, agents or professional advisers appointed by us to assist us in providing our products and services.

These third parties may include entities outside the European Economic Area (EEA), who will be required to comply with our strict privacy requirements, and to demonstrate that they follow best practice guidelines for data protection.

Transfer of Personal Data outside of the EEA

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries
Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
In no other case, unless obliged to do so by law, will we disclose your data to any third party, unless you have provided your specific, positive and unambiguous consent.

How we use your data

We will process your personal data lawfully.

We will use the information that you provide to us and your preferences to provide our products and services to you. We may also use this data to provide you with communications which we believe to be relevant and of interest to you. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

If you have opted-in to receive email from us, we may use your details to keep you informed of special offers or products and services that may be of relevance. We may also use your data to tailor promotions to your requirements.

You may be receiving marketing communications for any of the following reasons: you are in contract to receive our products or services, you have opted-in to receive communications using our online forms, or we have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

PURPOSE/ACTIVITY TYPE OF DATA LAWFUL BASIS FOR PROCESSING INCLUDING BASIS OF LEGITIMATE INTEREST
Our SSP Group teams will need to register you as a new customer. Identity
Contact
Lawful basis for processing including basis of legitimate interest
To process and deliver your order which may include: managing payments, fees and charges. We may also need to collect and recover money owed to us. Identity
Contact
Financial
Transaction
Marketing and Communications
Performance of a contract with you, which is necessary for legitimate interests (to recover debts due to us).
To manage our relationship with you, includes: notifying you about changes to our terms or privacy policy. And also, asking you to leave a review or take a survey. Identity
Contact
Profile
Marketing and Communications
Performance of a contract with you, which also includes:
  • Necessary to comply with a legal obligation
  • Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To make service and product improvements, we find it invaluable to involve you in customer feedback surveys. Through various marketing campaigns (SSP Group exhibitions and events and SSP Group marketing competitions) we will give the opportunities to partake in competitions. Identity
Contact
Profile
Usage
Marketing and Communications
Performance of a contract with you (necessary for our legitimate interests, to study how customers use our products/services, to develop them and grow our business).
To administer and protect our business and our SSP Group website, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data. Identity
Contact
Technical
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise). Furthermore, necessary to comply with a legal obligation.
To deliver relevant website content, promotions (which could also include advertisements) to you and measure or understand the effectiveness of this. Identity
Contact
Profile
Usage
Marketing and Communications
Technical
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy).
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences. Technical
Usage
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).
To make suggestions and recommendations to you about goods or services that may be of interest to you. Identity
Contact
Technical
Usage
Profile
Necessary for our legitimate interests (to develop our products/services and grow our business).
To process your application for employment Identity
Contact
Profile
Financial
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud).

Recruitment data

The recruitment team, who can be contacted on 01422 330022, will be in control of any application data provided and take the privacy of our clients and candidates very seriously. We receive your personal data when you apply directly for an advertised role via email or through a refer a friend scheme. By submitting your curriculum vitae, you understand the legitimate business interest SSP Group has in processing your employment application and you are providing consent for us to process the information contained within it for the purposes of employment application with SSP Group.

The information which you provide and any other information obtained or provided during the course of your application (“the information”) is a requirement to assess your application in the process of a new appointment to SSP Group and failure to provide all of the information requested will impact on the likelihood of you being offered the role. Your information will be used solely for the purpose of assessing your application. If your application is unsuccessful or you choose not to accept any offer of employment we make, the information will be retained for a further 5 years in the event of a new job opportunity, after which time it will be destroyed. You have the right to data portability, request access to, rectification or erasure of your data collected as part of this process. (See the Your Rights and Our Responsibility section of this policy)

During telephone conversations and face to face interviews we may collect personal information with regard to employment preferences, strengths and work experience which may be stored on your personal record. This information facilitates our ability to support your job search and to provide a basis for recommendation when short-listing candidates for a particular role. By registering with us you are providing permission for the storage of this information. We will never share personal information or a curriculum vitae with a third party without your explicit consent. Contact details of our Data Protection Officer are in the Contacting SSP Group section of this policy.

If your application is successful, the information will form part of your employment file and we will be entitled to process it for all purposes in connection with your employment. You have the right to withdraw your consent at any time and the right to lodge a complaint with the Information Commissioner.