Privacy
Our Privacy Notice
Introduction
Orchid Information Systems Limited which includes OrchidServe.com and OrchidPeople.co.uk are the Data Controllers responsible for complying with data protection laws and are committed to ensuring your privacy and personal information is protected.
This privacy notice describes how entities in the Orchid Information Systems Limited handle your personal information collected from providing our services to you as well as services via our websites. All entities are registered with the Information Commissioners Office (ICO) and can be found on the Data Protection Public Register via https://ico.org.uk/esdwebpages/search
Privacy policy amendments
From time to time, it may be necessary for us to change this privacy policy, so we suggest that you check here periodically.
If, at some time in the future, we wish to use your personal data in ways other than those set out in this privacy notice, then we will notify you about this and if required seek your permission to do so.
IP addresses and cookies
This website uses Google to analyse the use of the website. Google generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. Google’s privacy policy is available at: https://policies.google.com/ If you do not want us to use cookies in your browser, you may configure your browser to prevent this. However, if you do so, you may not be able to use certain features on our website.
How we collect your Personal Information
We will collect your personal information in a number of ways, mainly from what you tell us yourself. This will include written information from forms you have completed, notes from conversations via telephone calls, emails, details provided via our websites or social media and information from credit agencies or finance providers.
Our Services and How we use your Personal Information
What personal information we collect will depend on what service we are providing you. Our main aim in gathering your personal information is to provide you with a customised service.
The type of personal information that we may collect will be:
Contact details such as your name, postal address, email address and contact telephone numbers. Details such as your date of birth, occupation if required. Financial information such as your bank or credit card details.
We may collect the following via our websites:
Name, postal address, phone number, occupation, other contact information, online identifier, interest you have in relation to our services or our practice areas, any information that you may volunteer by completing and submitting forms on our websites and details of your visits to and usage of our website.
We may use your personal information in order to fulfil our contractual obligations to you:
- For the purposes of account administration by us in response to your requests for quotations and renewal of services where data will be shared with service suppliers and agents.
- To provide you with payment options to enable finance companies to provide you with a greater choice in making payments.
- To deal with complaints made by you relating to our services or websites.
For Legitimate Interest:
- To correspond with you, notify you of events or changes to our service or otherwise to fulfil your requests and respond to your queries and requests for information which may include marketing to you.
- For our business purposes such as data analysis, audits, to help us better understand our customers and improve our customer engagement in developing new products, enhancing, improving or modifying our websites, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities or for staff training purposes.
For Legal Reasons:
- To meet any applicable legal or regulatory obligations
- To meet compliance requirements with our regulators (e.g. Financial Conduct Authority)
- To comply with law enforcement and to manage legal claims, and
For Public Task/Interest
- We may need to use personal information to carry out anti-money laundering checks & Financial Sanction checks.
With your Consent:
- If you have indicated by opting into receiving marketing information which does not fall under the legitimate Interest basis
- Where you have consented to this for a specific purpose and this has been recorded. Without your consent we may not be able to provide you with the services requested or you may not be able to benefit from some of our services.
- Where a third party is involved we will need you to confirm that they have provided their consent for you to act on their behalf.
You may at any time withdraw your consent by contacting us either by phone, email or by post to the registered office address.
The information we collect about you is used solely for the purposes outlined above. We will only use it for additional purposes if we have received your prior consent to do so.
Sharing of personal information
The information you provide us with may be shared with employees throughout Orchid Information Systems Limited and will be processed in accordance with this privacy policy, the General Data Protection Regulations and other applicable UK legislation.
We may use personal information we hold about you across Orchid Information Systems Ltd for general business administration, to help us identify and tailor products and services that may be of interest to you. We will do this in accordance with any marketing preferences you have provided to us. We may continue to do this after your service or project with us has ended.
We may also share the information you provide with third parties such as payment providers, suppliers and providers of goods and services associated with your our services and selected companies that provide technical assistance and support to perform functions that support our marketing or website hosting activities.
Credit Searches
Where you agree to pay monthly or require credit payment terms, we may run a credit search and store the result.
The information we collect about you is used solely for the purposes outlined above. We will only use it for additional purposes if we have received your prior consent to do so.
We may transfer personal information about you outside of the European Economic Area – primarily for services provides via the Internet. The data protection and other laws of those countries may not be as comprehensive as those in the UK and the European Economic Area, but we will take steps to ensure that your privacy rights are respected and that your data is treated securely and in accordance with this privacy policy.
We may disclose your personal information to third parties in the event:
- selected third parties in connection with the sale, transfer or disposal of our business
- we are under a duty to disclose or share your personal data in order to comply with UK law which may include laws outside your country of residence to respond to requests from courts, law enforcement agencies, regulatory agencies and other public and government authorities.
- of any legal proceedings or to establish, exercise or defend our legal rights (including exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
- to third parties involved with events that you register for or accept invitations for to facilitate your participation in those events
We will have in place safeguards through organisational and technical measures to ensure that your personal information is protected from unauthorised use or disclosure. We ensure that where your data is shared there are procedures and contractual arrangements in place to keep your data confidential.
Security of your personal data via the internet
The Internet is not a secure medium of communication and we cannot guarantee the security of any information transmitted via the Internet. However, once received we will take reasonable technical and organisational precautions to prevent the loss, misuse, alteration of, or unauthorised access to your personal data.
Data Retention
Data is retained for the period necessary in order to fulfil the purposes outlined in this privacy policy unless a longer retention period is required or permitted by law. This is usually between three and ten years and it will depend on the nature of the personal information and what we do with it.
In the absence of a specific business case supporting a longer period the Group will retain client data, accounts data and complaints data from the date of the complaint, for seven years, quotation data for 3 years and subsidence claims records for 10 years. Liability insurance products will often be kept for extended periods.
Your rights
You have the right to access your personal data. We may ask for verification of identity in order to ensure your privacy is protected. We will not generally charge for this service but if any are attributed these will only be to the extent that current regulations allow and you will be advised.
If any personal data held is inaccurate or incomplete you have the right to request rectification. Any refusal will be fully explained together with your rights to complaint to the supervisory authority and to legal remedy.
You may also have the right to request erasure of your personal data held; where this is no longer necessary for the purpose originally intended; if you have withdrawn consent; if we have no legitimate reason to hold the data or there is no legal reason. However, there are some specific circumstances where the right of erasure does not apply, and we may be able to refuse your request on certain grounds under current regulations.
Also, you may be able to withdraw your consent for further use of your personal information although we may not be able to process your insurance request if you do this in some circumstances.
You may have the right to object to processing your data unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual or the processing is for the establishment, exercise or defence of legal claims.
We will inform you of your right to object at the point of first communication with you.
You have the right not to be subject to automated decision making where decisions are made by inputting data into a system or computer and the decision is calculated using automated means without any human involvement. Insurers will often use this method when deciding on the premium to charge where they use data to determine rates and they may also use it for fraud prevention where they check against lists and may reject applicants on the basis they are likely to defraud the Company. Scoring methods are also used to assess applications and exclusions will be applied for a scheme depending on information collected. Examples of such data will be age, postcode, lifestyle (eg. smokers or non-smokers) and medical history. If you don’t consent to processing your data in this way this may limited our ability to facilitate the provision of certain insurance covers for you.
You have the right to lodge a complaint to the Information Commissioner’s Office (ICO) at any time if you object to the way we use your personal information. Further information can be found at http://ico.org.uk/
Exercising any of the above rights may mean we cannot continue to deal with your insurances and may result in policy cancellations. You will therefore lose the right to bring any claim or receive any benefit under the policy and you may also lose benefits under the policy for an event prior to you exercising your rights as well, if the ability to deal with the claim has been prejudiced.
Marketing
We will only contact you if you have agreed that we can to tell you about products and services that we feel you will benefit from or may interest you. These may be from any company in the group or under their respective trading styles.
You may unsubscribe to receiving emails or marketing communications at any time by contacting us to update your preferences. In such circumstances we will continue to send you service related communications which are non-marketing where necessary.
However, we may run specific marketing campaigns through social media and digital marketing where individuals personal data is not used for the campaign and in such situations you will need to adjust your social media and cookie browser settings to adjust your preferences.
When submitting your personal information via any of the Group’s websites you are given the option to opt-in to the use of your personal information for marketing purposes. However, you may instruct us not to process your personal information for marketing purposes at any time using the contact details stated below.
Contacting us
If you have any questions, wish to exercise any of your rights detailed in this privacy policy or update your marketing preferences please contact our Compliance Manager:
By phone : 01763 244007
Email : solutions@orchidinfo.co.uk
By Post : Orchid Information Systems Ltd, The Lanterns, Melbourn Street, Royston SG8 7BZ
If you have a complaint or concern about how we use your personal information, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have the right to lodge a complaint with the Information Commissioners Office at any time.
09/05/2018