Your privacy's important to us and we go to great lengths to protect it. This privacy notice tells you about the personal data we hold about you, so we can provide you with a Quote or insurance policy. It explains how we may collect, use and share your details and tells you about your rights under data protection laws.
If you'd like a copy, you can download a pdf version of our privacy notice for your records.
1. Who we are
We're Hastings Insurance Services Limited (also referred to as 'Hastings', 'we', 'us' or 'our') and our registered office is at Conquest House, Collington Avenue, Bexhill-on-Sea, East Sussex TN39 3LW.
We trade under the names of Hastings Direct, Hastings Direct SmartMiles, insurePink and People's Choice and our brands include Hastings Premier, Hastings Essential, Insure Blue, Argos, Likewise and Renew.
Our Hastings Direct SmartMiles policy has a separate privacy notice
Our ICO registration number is Z7677970
For the purpose of Data Protection Laws:
- 'Data subjects' are Policyholders, premium finance customers, named drivers and residents in the insured home
- 'Personal data' is information about an identified or identifiable natural person that could allow a living person to be identified.
2. Information we collect from or about you
We'll collect and process information about you from a number of sources, including details:
- You give us
- We collect from your use of our services
- We get from other sources (both public and private).
If you choose not to give personal data
Sometimes we have to collect your personal data by law or under the terms of a contract we have with you. If you don't give us the data we ask for, we might not be able to give you a Quote or perform the contract we have with you. If this happens, we may have to cancel one of your
products or services. We'll tell you if this happens.
Information you give us:
- When you apply for our products and services
- When you make payments or give payment details for your premiums or premium finance
- About any incident (like an accident or theft), whether or not you're going to make a claim
- By phone, email or letter e.g. for queries or Quotes
- For surveys or to give feedback on our products and services.
Information we collect from your use of our services:
- Quotes through our website and app
- We may record inbound and outbound calls
- We record the sending, bouncing, opening and use of any links contained directly in emails and whether you mark an email as junk, including the time and date.
Information we get from other sources:
- Price comparison or other introductory services
- Credit reference agencies
- Claims underwriting exchanges and other registers and databases
- Fraud prevention agencies
- External partners working on our behalf
- Medical practitioners
- Market researchers
- Electoral roll
- Government and lawful enforcements agencies
- Product Providers.
Information collected may include:
- Personal details such as your name (including former names), date of birth, contact details (e.g. your home address and former addresses, telephone numbers and email address), length of time you've been a UK resident, marital status and
identifiers such as your driving license number
- Sensitive personal information (special category data and criminal data), such as information about your health or criminal convictions
- Information about your insurance requirements, such as details of your car, your home, your household, details of family and social circumstances like your marital status, driving license number or your use of the vehicle or home
- Policy details such as the dates you joined or left (including your reason for leaving, where relevant)
- Information about your other and past policies such as your claims history, Quotes history, payment history and claims data
- Bank account and/or payment card details to arrange payment of your premiums or premium finance
- Information about incidents and claims
- Employment details such as your job title
- Survey feedback and your responses including customer satisfaction surveys
- Email and IP addresses
- Location details
- Browsing information as part of you going through the Quote process to track and keep your Quote journey including incomplete Quotes
- In-bound and out-bound phone call recordings
- Copies of your identification and similar documents (e.g. driving licences)
- Information about how you access our website, app and the MyAccount online service; including the website you visited before landing on our websites. We automatically receive the IP address of your computer, mobile device, or the proxy
server that you use to access the Internet and this may include information to identify your browser or device to analyse web traffic
- Your marketing preferences.
3. Personal information about others
We may collect information about other people in your household or other named drivers. If you give us information about another person, it's your responsibility to make sure they:
- Have been told about who we are and how their data will be used
- Have given their permission for you to use their data (including any sensitive personal data).
4. How we use your information
So we can provide you with Quotes and policies, and to manage your policy, we must have a legal reason to use your personal data, and this is usually:
- To comply with legal requirements
- For the performance of
- When it's in our
- For the performance of a task carried out in the public interest, or
- Under Data Protection Law, it's in the public interest for the insurance industry to process information about your health and criminal convictions where it's needed to provide insurance Quotes and insurance services. We ask you to tell us
about your health and unspent criminal convictions so we can assess the risk allocated to your policy, such as the validity and extent of potential claims and to detect and prevent fraud.
- With your consent.
Our legitimate interest for processing personal data includes validating the data you've given us against third party sources (both public and private), keeping our records updated, being efficient about how we fulfil our legal and
contractual duties, identifying and detecting fraud and using it to build pricing models and risk acceptance criteria. You have a right to object to this processing, as detailed in Section 8.
This table explains the reasons for processing your data and which of the above lawful reasons we rely on to do so.
|Why we process your personal data
||Needed for the preparation or performance of a contract
|To get or decline your insurance Quote and/or credit application both at the point of sale, after you've made a change to your policy mid-term and on renewal
|To help us assess the risk allocated to your insurance policy we use penalty points and motoring convictions data from the DVLA
|To manage your policy and/or credit agreement e.g. for mid-term adjustments and handling any claims and to keep our records updated
|To help identify, prevent, investigate and report potential fraud
|To collect and recover money that is owed to us
|To manage how we work with Product Providers and other companies which provide services to our customers and us
|To help the research and development of our understanding of individuals behaviour. This is to improve price and risk acceptance models and our marketing strategy and includes use of your Quote data (whether you buy a policy with us or
|To use the personal data of existing customers* for marketing similar products and services (where you haven't opted out)
|To use the personal data of new customers** for marketing other products or services (where you've opted in)
|To collect and process your personal data through cookies to optimise your customer experience, to develop new ways to meet our customers' need, to grow our business and to identify and prevent fraud
|To report data (including personal data) to government organisations e.g. Police, Trading Standards, regulators, Courts
- * Existing customers means individuals who were our customers on or before 25 May 2018.
- ** New customers means individuals who became our customers after 25 May 2018.
Additional reasons for processing your data:
To make and manage customers payments
We collect and share your payment details with financial institutions to allow us to carry out financial transactions on your policy.
If you've already agreed to a continuous payment authority, we'll use the card details you gave us to collect payments for mid-term changes, missed instalments (including any fees), balances following cancellation and the renewal of your
policy. We'll tell you about this before we take a payment. You can cancel the continuous payment authority at any time by contacting us.
You may be asked to complete a survey or give us feedback on our products and services. Often, we use third parties to carry out these surveys. You don't have to complete them but if you do, we'll use the results to monitor customer
service satisfaction and to improve customer service and, where you have given your consent, for marketing purposes.
We may record in-bound and out-bound phone calls and use the recordings to prevent fraud, for staff training and for quality-control purposes.
Your use of our website
We use various software including cookies and tags to improve your digital journey and to identify and prevent fraud. We collect and store information about how you access and use our website, app and MyAccount (including the website you
visited before coming to our websites). We automatically receive the IP address of your computer, mobile device, or the proxy server you use to access the Internet and this may include information to identify your browser or device to
analyse web traffic.
Fraud prevention cookies collect information about certain features of your device, such as your IP address, device type, browser type, screen resolution and operating system. This is to prevent and detect devices associated with
fraudulent or other malicious activity and allows us to authenticate your account.
Emails and webchat
We record the sending, delivery, opening and use of any links in emails and webchat and whether you mark an email as junk, including the time and date of these actions. This helps confirm the successful delivery and the use of the emails
we send. To help us improve the customer experience, we may record the device the email was viewed on, the web browser used, how long an email was viewed and any pages you are directed to on our websites.
Marketing – communications
If you've given your consent, we might also use your personal data to send you communications that contain marketing of products, services or offers that we think might be of interest to you, such as discounts on related products or incentives (like a prize draw) for completing a survey. You can opt out of these at any time by clicking the unsubscribe link in the email or by changing your preferences in MyAccount.
Whatever you choose, you'll still receive other important information about the product and services you have with us such as:
- Payment information
- Details on how to manage your policy using our online tools
- Information about a claim
- Messages about your renewal.
We may use your data to conduct analysis that groups individuals by one or many variables (e.g. age, location) to understand behavioural trends and to target groups of similar individuals who we think may have an interest in our products,
services and/or offers. We'll tailor our offers and communications to you based on the results of this profiling.
We'll never provide information about you to companies outside our Group to use for their own marketing purposes.
Industry databases and other sources
We might use information about you from industry-wide databases and other third parties, to help us calculate an insurance Quote, manage a policy and for anti-fraud purposes. Details of the databases we currently use are available on
We and our Product Providers may also validate the information you give us when requesting a Quote and if a claim is made on your policy. We do this to identify and prevent crime and fraud to protect the interests of us and our customers.
We and our Product Providers may at any time check and/or file your details with fraud prevention agencies and databases if you give us false or inaccurate information and fraud is suspected (see Section 5).
Customer database changes
So we can make sure our customer information is up to date, we'll sometimes use external data partners to provide checks on any changes to customer data or status that we might not have been made aware of otherwise, such as changes of
address or deaths.
Price comparison or other introductory services
If you get a Quote through a price comparison website (PCW) or other service, we'll get the information you've given to that service, so we can respond to your request. This is to improve your online experience by not having to re-enter
We also process the information you've given to a PCW and other introductory services to get a Quote (whether you buy the policy or not), to validate later data given by you to us and/or PCWs, to detect fraud, to develop acceptance risk
criteria and to build both underwriting (insurer(s)) and retail price models.
Where you've bought a policy using an introductory cash back incentive code or link, we get and share information about you with the incentive provider to validate your cash back claim. See our cookie
policy for more details.
Credit searches and data checks
Credit reference agencies collect and maintain information about consumers' and businesses' credit behaviour. This includes the electoral register, fraud data, search history, credit information and public information such as County Court
Judgments and bankruptcy orders.
We pass information about you to a credit reference agency, where it's needed to carry out a search on your credit file to identify you, before we, and/or your Product Provider, can give you any services (including Quotes and before
offering a renewal). We also ask them to give us your credit score and information about your public credit information, for example County Court Judgments or insolvency, as this information is used in our credit assessment.
The credit reference agency keep a record of the search and place a 'soft footprint' on your credit file, whether or not your application continues. This can only be seen by us, them, and you and won't be used by other organisations to
make credit decisions.
We may also carry out an additional credit check to meet legal or
We'll let you know if we do this. The credit reference agency will keep a record of this check and place a 'hard footprint' on your credit file, whether your application for credit goes ahead or not. The hard footprint may be given to other
organisations and used to:
- a) Help calculate credit scores
- b) Help make decisions, such as:
- To confirm your identify
- To check application details
- To assess your eligibility for credit products
- To recover debt.
- c) Detect and prevent crime and fraud
- d) Trace your whereabouts and maintain accurate records.
Claims Underwriting Exchange (CUE) and other registers and databases
We, our Product Providers and other Insurers exchange information with various databases and registers to help us, and our Product Providers check the information you give us, to detect and prevent crime and fraud and to get information
about your no claims history. These may include:
- The Claims and Underwriting Exchange Register (CUE), run by Insurance Database Services Limited (IDS Ltd)
- The Hunter Database run by MCL Software Ltd
- The Motor Insurance Anti-Fraud and Theft Register, run by the Association of British Insurers (ABI)
- The No Claims History Database, run by RelX Group trading as LexisNexis.
Information may be shared with these registers and checks carried out against the information held on these registers when we and our Product Providers are dealing with:
- Your request for insurance
- Your renewal
- When amendments are made to your motor or home policy
- Where a claim is made
- Where it is necessary to update our policy records.
Under the terms & conditions of your policy, you must tell us or, if detailed in your policy, your Product Provider, about any incident (such as an accident, fire or theft) which might cause a claim. When you tell us or our Product
Providers about an incident, we, or our Product Providers, will pass this information to the above registers and any other relevant registers.
Fraud prevention agencies
The personal data you've given us, we've collected from you or we've received from third parties will be used to confirm your identity and to identify and prevent fraud and money laundering.
The type of information that will be processed could be your:
- Date of birth
- Contact details
- Financial information
- Employment details
- Device identifiers including IP address
- Vehicle details.
We, and fraud prevention agencies, may also allow law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
We process your personal data on the basis that we have a
in preventing fraud and money laundering and to confirm your identity. This is so we can protect our business and comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have
Fraud prevention agencies can hold your personal data for different periods of time and if you're considered to pose a fraud or money laundering risk, your data can be held for up to seven years.
If we, or a fraud prevention agency, determine you're a fraud or money laundering risk, we may refuse to provide the services and financing you've asked for, or to employ you, or we may stop providing any existing services.
A record of any fraud or money laundering risk will be kept by the fraud prevention agencies and may result in others refusing to provide services, financing or employment to you. If you've any questions about this, or for more
information on the fraud prevention agencies we share data with or to exercise your data protection rights, you can contact us as explained in Section 8.
Where you tell us your driving licence number (DLN), you're giving permission for us to pass it to the DVLA, so a search can be carried out to confirm your (or any named driver's) licence status, entitlement and relevant restriction
information and endorsement/conviction data. The data provided by the DVLA may be used alongside other information you have provided:
- To calculate your motor insurance Quote
- To manage your policy
- For anti-fraud purposes.
Your DLN won't be used for any other reason or be made available to anyone else. Only the motor insurance industry can use this information. If you apply for a Quote with us and decide not to take out the insurance, the data returned from
DVLA database will be made anonymous or deleted within 30 days after it was received.
Under our User Agreement with the Motor Insurance Bureau, individual customer representatives don't have access to the data returned by a DLN search and won't be able to discuss issues relating to your DLN with you. In
these instances, we suggest checking the information associated with your DLN is correct at www.gov.uk/view-driving-licence
For more details about MyLicence visit www.mylicence.org.uk
The nature of insurance is to provide a price for a potential risk (including its potential claim value) based on the probability of it arising. So we can give you the best possible price at a speed expected when getting Quotes on the
Internet, we use automated decision-making.
Automated decision-making includes:
- The creation of pricing models and risk acceptance criteria
- The profiling of you, based on the data we collect and hold about you to validate and supplement the data we hold about you and to maintain its accuracy
- The application of the pricing and risk models using data we hold about you, to accept or decline your request for insurance and to calculate the price of your policy
- Assessing your ability to pay the insurance premiums and/or credit
- Assessing the risk of fraud being committed on your policy.
From these checks, your premium, policy terms and credit terms will be determined, or we may not be able to give you insurance or credit.
As described in Section 8, you have the right to express your point of view and to object to an automated decision, and to get human intervention to review it.
To identify and prevent fraud
To protect the interests of our customers, us and our Product Providers, the data you give us when requesting a Quote and if a claim is made on your policy may be validated. To identify and prevent crime and fraud we, your Product
Provider and our respective agents may at any time check and/or file your details with fraud prevention agencies and databases (see Section 5). If you give us, or our Product Providers, false or inaccurate
information and fraud is suspected, we, or our Product Provider, will record this.
5. How we share your data
This section explains how your data will be shared by us.
Who we share your personal data with
We may share your personal data, including Quote information we hold about you (whether you buy a policy from us or not) with the following third parties for the reasons explained in the table in Section 4:
- a) Product Providers who provide you with an insurance Quote through us as a broker and/or price comparison website;
- b) Third party organisations with whom we get and also share your data, as described in Section 2 and Section 4
- c) Our third party suppliers who specialise in online customer journey optimisation
- d) The Product Providers named on your insurance policy
- e) With suppliers acting on our, your Insurer's and additional Product Provider's behalf – for example, our claims suppliers such as loss adjustors, solicitors, private investigators, vehicle repairers or car hire providers
- f) Government organisations such as our regulators, the Financial Ombudsman Service (FOS); the Police, Trading Standards
- g) Fraud prevention organisations and agencies such as, Insurance Fraud Register; CUE and the Motor Insurance Anti-Fraud and Theft Register
- If we find you've given us false or inaccurate information we may pass your details to fraud prevention agencies. To prevent fraud and money laundering, we and other organisations, including law enforcement agencies may also access
and use information recorded by fraud prevention agencies, for example, when:
- Checking details on applications for credit, credit related or other facilities
- Managing credit and credit related accounts or facilities and recovering debt
- Checking details on proposals and claims for all types of insurance
- Completing credit and fraud searches, such as a driving licence checks
- Checking any fraud detected through your job applications and employment.
- h) Insurance industry organisations such as the Motor Insurance Database, in order to meet our obligations under the Road Traffic Act
- i) Finance institutions to allow us to carry out a financial transaction in respect of your policy
- j) Professional auditing bodies for auditing purposes
- k) Third party debt collection agencies.
We may also share your personal data if the structure and make-up of Hastings or our Product Providers changes in the future. We may choose to sell, transfer or merge parts of our business or assets. We may also seek to acquire other
merge with them. During this process, we may share your data with other parties. We'll only do this if they agree to keep your data safe and private. If a change to Hastings or our Product Providers happens, then other parties may use your
the same way as set out in this privacy notice.
Sending data outside the EEA
We may transfer personal data to, and process personal data in a country outside of the European Economic Area (EEA). If we do transfer your data outside of the EEA, we will make sure that it is protected in the same way as if it was
being used in
the EEA. In most cases, this will be by using approved
EU Standard Contractual Clauses
. We may also process your data in countries which have reached Adequacy Decisions with the European Commission, or are part of the Privacy Shield in the US.
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they too will impose contractual obligations on the recipients of that data to protect your personal data to the standard required in
They also require the recipient to subscribe to 'international frameworks' intended to allow secure data sharing.
6. How long will we store your information?
This section sets out how long we will store your data for. Your Product Providers may store your data for different periods of time and we recommend that you refer to your Product Providers' privacy notice available on their website.
If you ask for an insurance Quote, either directly or through a price comparison website, we will keep your personal data (whether you buy the policy or not) for three years from the date of Quote. After your Quote has been provided we will
process this data for developing our acceptance risk criteria, pricing models and to prevent and detect fraud.
Where you buy an insurance policy from us, we will keep your personal data for the duration of your policy and for up to seven years afterwards for the following reasons:
- To respond to any questions or complaints
- To deal with claims against your policy.
We might keep your data for longer than seven years after you stop being a customer in the following circumstances:
- Where a claim has been settled after you stop being a customer
- Where minors are involved in a claim
- Where there is a claim on your policy over a set amount – we use such personal data to inform our pricing models after the claim is finally determined.
7. Your rights and how to contact us
You have the right to:
- A copy of the personal data we hold for you (please see Section 8)
- Have your data corrected if it's wrong or incomplete
- Have your data deleted or removed if it's no longer needed
- Restrict the processing of your personal data
- Withdraw any permission you've given in respect of your personal data (including marketing). You can unsubscribe through MyAccount or by contacting us.
- Data portability – to keep and re-use your data in an electronic form for your own purposes or to ask we pass the information to another organisation
- Get human intervention on the part of the controller, where you are subject to a decision based solely on automated processing, including profiling, which has a significant effect on you, to express your point of view and/or to contest the
decision – see section 4 for more details on the automated decision making
- Object where we're processing your information on the grounds of it being in our
to do so.
We will uphold your rights to the best of our abilities; however, data protection laws allow us to continue to process your personal data if we have a legitimate reason to do so. For example, if data is needed for fraud prevention or legal
Our data protection team is responsible for overseeing questions in relation to this privacy notice. You can contact them at:
Data Protection Team
Post: Hastings Insurance Services Limited, Conquest House, Collington Avenue, Bexhill-on-Sea TN39 3LW
Please make sure to include your full name, policy and/or Quote number if applicable, address and date of birth.
Hastings Direct SmartMiles
Our Hastings Direct SmartMiles policy has a separate privacy notice.
You can contact the data protection office for our SmartMiles policy at:
Data Protection Officer
Post: Hastings Direct SmartMiles, iGO4 House, Staniland Way, Peterborough PE4 6JT
8. Subject Access Request
You have the right to obtain:
- Have confirmation your data is being processed
- Access to your personal data
- Other supplementary information, which is referred in this privacy notice.
You can access your personal information we hold by filling in this form or by
writing to us at this address:
Data Protection Team
East Sussex, TN39 3LW
or by email: email@example.com
If you're not happy with the way your personal data is held or processed, please tell us using the contact details above.
You can complain to the Information Commissioners Office (ICO), the UK supervisory authority for data protection issues.
10. Policy updates
We may update or amend this privacy notice from time to time to comply with the law or meet changing business requirements. Any changes to this policy will be posted on this page.
This version was last updated on 25th May 2018. Historic versions are archived and you can get these by contacting us.
'Data Protection Laws'
means the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK.
For the purposes of this privacy notice shall include your Insurer, reinsurers, any Underwriter, Administrator (each as defined in you Policy) and/or provider of your ancillary or additional products which either form part of your Policy or
are purchased with it. Here is a list of our Product Providers.
Is the term for an Internet Protocol address which is a numerical code that each device connected to the Internet has in order to identify that device. The code contains an element that supports location identification (to varying levels of
means any information (including sensitive information) that we have obtained from you or third parties in connection with a service or product provided to you that is held now or at any time in the future by us.
'Terms & conditions'
The terms & conditions set out in the policy and or policy booklet(s) issued to you.
For the purpose of this privacy notice shall include any Quote for a new policy, renewal of your existing policy or when you make a mid-term change to your existing policy.