Who we are
SPB UK & Ireland Ltd is the group name of Citymain Administrators Ltd, Citymain Ltd, Burnett &
Associates Ltd, Burnetts Computer Services Ltd and Phone Service Centre Ltd. All of these
companies are responsible for looking after your personal data and are governed by this Privacy
At SPB UK & Ireland we collect and use personal information for insurance policy, claims and card
loss administration services. We are aware of our responsibilities to handle your personal data with
care, to keep it secure and comply with applicable privacy and data protection laws.
We will ensure that transfers of personal data to a third country or an international organisation are
subject to appropriate safeguards as described in Article 46 of the GDPR and that such transfers and
safeguards are documented according to Article 30(2) of the GDPR.
The purpose of this policy is to provide a clear explanation of when, why and how we collect and use
information which may relate to your “personal data” and explains your statutory rights.
1. What information we collect and how:
We will collect data from you when you contact us directly for a policy quotation or visit one of our
websites. * If you purchase a policy from one of our business partners your personal data will be
provided to enable us to provide policy, claims and card loss administration services.
We may also collect information about you from other sources to help fraud detection and financial
crime prevention. These other sources include registers held by reputable organisations.
The data collected may include:
- Any personal details you provide when requesting a quotation or when you purchase
insurance such as name, address, email address, telephone number, bank sort code and
account number if your policy is paid by monthly direct debit.
Any personal details forwarded to us by a third party on whose behalf we are providing a
policy, claim or card loss administration service on behalf of the third party.
- Your IP address (this is your computer’s individual identification number) which is
automatically logged by our web server. This is used to note your interest in our website.
- Your preferences and use of email updates (if you select to receive email updates on products
- Session information stored in cookies, these do not include any personal information and are
used to ensure the correct data is extracted from the database when using our interactive
- Our websites may use Google Analytics, a web analytics service provided by Google, Inc.
(“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to
selecting the appropriate settings on your browser, however please note that if you do this
you may not be able to use the full functionality of the/our website. By using the/our website,
you consent to the processing of data about you by Google in the manner and for the
purposes set out above.
- Any additional information you submit to make a claim for example date of birth, name and
address of the device user and vehicle registration number if item stolen from a car and other
information you provide when making a claim. Further we may hold police crime reports.
- Any additional information you submit while using any of our websites
*Please note that some elements of our websites are managed and operated by our Group Head office at
71 Quai Colbert 76095 Le Havre Cedex France, and therefore will be subject to the following:
In accordance with French data protection legislation of January 6, 1978 as amended by the Act of August
6, 2004 (articles 38-43 of Act no. 78-17 of January 6, 1978 concerning “Information Technology, Files and
Freedom of Information”) you have the right to access, change, correct or delete information that refers
to you by name. To exercise this right, you should write to the Group Communication Department, SPB,
40-44, Rue Washington 75008 Paris – FRANCE.
For information on France’s data protection legislation, please visit the website of the French Commission
Nationale de l’Informatique et des Libertés at www.cnil.fr.
2. What we use your information for:
Any personal data we collect from any website or by other means will be used in accordance with
the Data Protection Act 1998 and General Data Protection Regulation. The details we collect will be
used as follows:
- If you are a prospective insured person we will use your personal data to consider an
application to provide a quotation for an insurance policy, assess and evaluate risk, and,
subject to applicable terms and conditions, provide you with a policy on the behalf of the
- To provide any related services such as policy administration in connection with any product
you have purchased. In respect of claims handling services, the data will be used to assess
the claim made and to evaluate the risk of fraud. We will also use personal data related to a
claim to inform the renewal process and potentially future policy applications.
- To invite renewal of your policy, where applicable
- To contact you for marketing purposes but only where we have appropriate permissions to
- To analyse information in our various systems and databases to help improve the way we run
our business and to provide a better service. To do this, we will use third party organisations
for monitoring how customers use any website and issuing our e-mails for us. Please note
where appropriate anonymised data fields will be used (particularly in relation to policy and
claim information). In respect of Google analytics, the information generated by the cookie
about your use of the website (including your IP address) will be transmitted to and stored
by Google on servers in the United States. Google will use this information for evaluating your
use of the website, compiling reports on website activity for us and providing other services
relating to website activity and internet usage. Google may also transfer this information to
third parties where required to do so by law, or where such third parties process the
information on Google’s behalf. Google will not associate your IP address with any other data
held by Google.
3. Protecting your privacy
Your personal data will only be used for the purposes detailed under section 2: Where you have
provided your consent to the data being used in that way or the use of your personal data is to
provide a service or provide a quotation in relation to an insurance policy or the use of your personal
data is necessary to comply with any relevant legal or regulatory obligation.
Our use of your personal data is necessary to support ‘legitimate interests’ that we have as a
business (for example, to improve our products, or to carry out analytics across our datasets),
provided it is conducted always in a way that is proportionate, and that respects your privacy rights.
4. Who do we share your personal data with?
We work with third parties to help manage our business and deliver services. These third parties
may, from time to time, need to have access to your personal data. In addition, access may also be
required as follows:
- the Insurer of the policy and regulator and organisations working to prevent fraud in
financial services may require access to your personal data. We require all of our service
providers to respect the confidentiality and security of personal data.
- When providing a service in relation to a claim; loss adjusters and service providers for the
repair and replacement of an item and third parties who help manage our IT and back office
- We may be under legal or regulatory obligations to share your personal data with courts,
regulators, law enforcement or in certain cases other insurers.
5. Direct marketing
Where prior consent has been obtained from you we may use your personal data to send you direct
marketing communications about insurance products or related services. This may be in the form of
email, post, SMS, telephone or targeted online advertisements. Any marketing will be reasonable
and proportionate. You have a right to prevent direct marketing of any form at any time. This right
can be exercised by following the opt-out links in electronic communications, or by contacting us
6. How long do we retain your information?
Your personal information will not be retained for longer than is necessary and will be managed in
accordance with our data retention policy. In most cases the retention period will be for a period of
seven years following the policy record expiry date or the date of claim notification.
7. Your rights:
You can ask us to amend or remove your personal data held by us. However, please note that we
may need to keep some personal data for legal and regulatory purposes. You also have the right to
request a copy of any personal information we hold about you. Please contact our Data Protection
Officer below for any of these requests.
Data Protection Officer
SPB UK & Ireland
3000 Lakeside, North Harbour
Telephone: 02392 836839
Where we have received your request for a copy of your personal information, we will respond
within thirty days of receipt. We will not ask for a fee unless your request for access to information is
excessive. In this instance the fee will be reasonable, and we will advise you of the fee due before
completing your request. You can ask us to provide your personal data to you in a structured,
commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another
Data processor but in each case only where you have provided consent.
You can object to any processing of your personal data which has our ‘legitimate interests’ as its
legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
Once you have objected, we have an opportunity to demonstrate that we have compelling
legitimate interests which override your rights and freedoms.
You have the right to lodge a complaint with the Information Commissioner’s Office about our
processing of your personal data. We ask that you please attempt to resolve any issues with us first,
by contacting the Data Protection Officer at firstname.lastname@example.org