Privacy and Cookies Policy

Data Protection Notice

Last updated August 2022

The protection of your personal data is important to the Pinnacle Pet Group ("Group") and we have adopted strong principles in relation to data protection for our Group.

This Data Protection Notice provides you with transparent and detailed information relating to the protection of your personal data by the following Group companies, acting as Data Controller:

Pinnacle Pet Group Limited

("we", "us", "our")

The above companies are part of the Pinnacle Pet Group (all "Group companies"). Registered Address: Pinnacle House, A1 Barnet Way, Borehamwood, Hertfordshire, WD6 2XX

We are responsible, as a Data Controller, through the above legal entities for collecting and processing your personal data, in relation to our activities. The purpose of this Data Protection Notice is to tell you which types of personal data we collect and process about you, the reasons why, who we share your data with and why, how long we keep it, what your rights are and how you can exercise them.

Where necessary, further information may be provided to you when you apply for, purchase, renew or make a claim in relation to a specific insurance product or service.

1. Which personal data do we collect and use?

Depending on the types of data that we require from you in relation to the type of insurance product or service we provide to you and to enable us to provide a high standard of personalised products and improve our services, we may collect any of the following types of personal data about you including, but not limited to, any of the following types:

Where necessary and subject to your explicit consent, we may collect the following special categories of data for the reasons stated below:

We do not collect or process any data relating to your racial or ethnic origin, political beliefs, religious or philosophical beliefs, trade union membership, your genetic data or sexual orientation, unless we have a legal obligation to do so.

2. Who is affected by this notice and from whom do we collect personal data?

We collect data directly from you as a potential customer or policyholder, a client party or supplier. We also collect data about other individuals directly and indirectly during our interactions with you who may have no direct relationship with us but who are connected to you or to the insurance product, for example:

Where you provide us with another person's personal data, please direct the individual to our Data Protection Notice. We will also provide them with the Data Protection information directly, where we have their contact details.

We also collect data about you from the previous insurer of your insurance product and/or your chosen brand provider where we become your new insurer for your continuing insurance product and where your chosen brand provider enters into a new client relationship with us.

We may also obtain personal data about you from the following sources for the purposes of verifying or enriching our data:

3. Why do we use your personal data and what for?

In this section, we describe how and why we use your personal data and draw your attention to some types of data processing activities that we consider could have a greater impact on you and, in certain cases, may require your consent.

a. To comply with our legal and regulatory obligations

We use your personal data to comply with our various legal and regulatory obligations, which include:

b. To perform a contract with you or to take steps at your request before entering into a contract

We use your personal data to enter into and perform our contracts as well as to manage our relationship with you, which includes:

The above processes may include the making of automated decisions at all stages, for the entering into or the performance of the contract including, but not limited to, generating a quote and the assessment of certain types of claims made in relation to the insurance contract.

c. To fulfil our legitimate interests

We use your personal data in order to offer, develop and promote our insurance products and services, to improve our insurance risk management and to defend our legal rights for the following reasons:

We achieve this personalisation by:

We achieve this by:

In each case, our legitimate interests remain proportionate and, where we are required to do so, we verify these according to a balancing test so that your interests and fundamental rights are preserved. Should you wish to obtain more information about the balancing test, please contact us using the contact details provided in Section 9 below "How to contact us".

The carrying out of the above processes may include the making of automated decisions at any stage.

d. Respecting your choices where we requested your consent

In certain cases, we require your consent to process your data. Please note that you may withdraw your consent to these types of processing at any time. For example:

If we need to carry out further processing for purposes other than those listed above in Section 3, we will inform you and, where necessary, obtain your consent.

4. Who do we share your personal data with?

a. Sharing of information within our Group

(i) We share your personal data within our Group for commercial and efficiency requirements such as:

(ii) We share your personal data outside our Group with the following:

and where we:

b. Sharing aggregated or anonymised information

We share aggregated or anonymized information with partners such as research groups, universities or advertisers, service providers or data analysis providers. The recipients will be unable to identify you from the data sets we provide.

Your data may be included in aggregated or anonymised data and statistics that that may be offered to professional clients to assist them in developing their business. In this case, your personal data will never be disclosed and the recipients of the aggregated or anonymised data and statistics will be unable to identify you from the data sets we provide. These clients and service providers may include:

5. Transfers of personal data

IIn cases of international data transfers originating from the UK or the European Economic Area (EEA) to a non-EEA country, the transfer of your personal data may take place. Where the Information Commissioner's Office or the European Commission has recognised that non-EEA country as providing an adequate level of data protection, your personal data may be transferred on this basis without your specific authorisation.

In cases of international data transfers originating from the UK to non-EEA countries where the level of protection has not been recognised as adequate by the Information Commissioner's Office or the European Commission, we will either rely on an exemption from a rule or law that is applicable to the specific situation (e.g. if the transfer is necessary to perform our contract with you) or use one of the following safeguards to ensure the protection of your personal data:

To obtain a copy of these safeguards or details on where they are available, you can send us a written request as set out in Section 7.

6. Retention of your personal data

We retain your personal data for a minimum period from the date of the data collection or the date of our last contact with you so that we can comply with applicable laws and regulations and our operational requirements, such as appropriate account maintenance, facilitating client relationship management, being able to respond to legal claims or regulatory complaints or requests.

If you are a prospective client / prospective policyholder:

We retain your data in digital format for 2 years following the date of the data collection or the date of our last contact with you. As we need to comply with our legal and regulatory obligations and to defend complaints and claims against us, your data is retained for this period so that we can answer your claims or to present evidence in the event of a dispute (e.g. in relation to a decision not to enter into an insurance contract with you).

If you are a client / policyholder:

We retain your data in digital and, only if required, paper format, in the majority of cases for the duration of the contractual relationship and thereafter, for the statutory limitation period for claims and complaints relevant to the contract, unless law or regulation imposes a shorter or longer retention period. Where we retain a digital format of your data for the required retention period, we will destroy any corresponding documents that we collect in paper format, in the majority of cases, within 1 year after the date of collection.

All data subjects:

Bank account details for the payment of direct debits are retained indefinitely. We do not record or retain any payment card details.

We retain indefinitely telephone recordings that we make to improve the quality of delivered services and for the training of our employees.

Information relating to the validation of your identity and provided by you (or your nominated representative) in relation to the exercise of your data subject rights, as set out in Section 7, is retained indefinitely following the date of exercise of that right by you and depending on the type of right exercised by you.

7. What are your rights and how can you exercise them?

In accordance with applicable regulations and where applicable, you have the following rights:

If you wish to exercise the rights listed above, please contact us using the following address details in Section 9 below.

You may be required to verify your identity in certain cases when you exercise your rights.

In accordance with data protection legislation, in addition to your rights above, you are also entitled to make a complaint to:

The Information Commissioner's Office

Head Office:

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Website: https://ico.org.uk/concerns

Email: casework@ico.org.uk Tel: 0303 123 1113

Wales:

2nd Floor, Churchill House, Churchill Way, Cardiff, CF10 2HH

Email: wales@ico.org.uk Tel: 0330 414 6421

Scotland:

Queen Elizabeth House, Sibbald Walk, Edinburgh, EH8 8FT

Email: scotland@ico.org.uk Tel: 0303 123 1115

Northern Ireland:

3rd Floor, 14 Cromac Place, Belfast, BT7 2JB

Email: ni@ico.org.uk Tel: 0303 123 1114

8. Future changes to this data protection notice

In the context of constant technological evolution, we will update this Data Protection Notice from time to time. Please check the latest version of this Data Protection Notice on our website.

9. Contacting us

To exercise your rights or if you have any questions regarding our use of your personal data please contact us at:

Data Protection Correspondent

Pinnacle House, A1 Barnet Way, Borehamwood, Hertfordshire, WD6 2XX

Email: dataprotection@pinnaclepetgroup.com

So that we can answer your query or request as quickly as possible, please indicate the right(s) you wish to exercise. We will acknowledge receipt of your communication.

We are required to answer all requests within one month but we are permitted to extend this period by one further month depending on the complexity of the request. We will contact you in writing if we are unable to reply to your request within one month.

If you wish to learn more about cookies and security, please read our Cookie Policy below.

Cookie Policy

We are committed to delivering the best possible service to you while maintaining the confidence that you place in us. As part of this, we have adopted strong principles across our Group to ensure the protection of your personal data.

We set out below information about how we place, use and store cookies on your device when you use our website and/or our mobile application (the "Website" and/or "Application") and you select the option to manage and delete cookies.

1. What is a cookie?

Cookies are small text, image or software files that are placed on your device when you access our Website. The word "device", when used in this Cookies Policy, refers notably to computers, smartphones, tablets and all other devices used for accessing the internet.

Cookies may be either: (i) session specific, meaning that they are deleted from your device once the session and browser are closed; or (ii) persistent meaning that they will remain on your device until they are removed.

Cookies perform a number of useful functions, such as to:

2. What kind of information can be stored in a cookie?

The information stored by the cookies on your device may relate to the following, subject to its retention period:

Cookies may contain personal data. Our Data Protection Notice above covers where we use cookies that collect your personal data.

3. What kinds of cookies do we use and for what purpose?

Cookies used on our Websites are classified into different categories:

3.1 Strictly necessary cookies (mandatory)

These cookies are necessary for the Website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

3.2 Functional cookies

These cookies enable the Website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

3.3 Performance cookies

Performance cookies collect information about how you use our Website. For example, which pages you visit and if you experience any errors. These cookies are essential to us being able to operate and maintain our Website.

3.4 Targeting cookies

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

4. Who places the cookies on your device?

When you select which types of cookies you allow on your device, the cookies may be deposited directly by us or by one of our partners.

This means that when you authorise the installation of certain so-called "third-party" cookies on your device, our partners will also be able to access the information they contain (such as, for example, your browsing statistics when you allow third-party analysis cookies) within the limits of our Data Protection Notice and those of our partners.

See below for the full list and categories of the cookies that we currently use on our Website:

5. How can you manage cookies?

To see the different categories of cookies that we use on the Site and/or Application and configure your choices, you can consult the cookie management module accessible here. You can modify at any time your preferences, withdraw or re-provide your consent at any time.

Please note that the use of strictly necessary cookies for the proper functioning of the Site does not require your consent. This is why the option "strictly necessary cookies" is pre-checked in our cookie management tool and is not optional.

By refusing certain types of cookies (preference cookies for example), we will not be able to optimize your user experience on our Website and some parts may not function properly.

By default, we save your cookie choices on a device for a maximum of 6 months. If you change your mind about the preferences you have expressed regarding cookies, you can update your choices at any time, by following the below link. We will ask you to repeat your choice every 12 months.