Privacy Policy

Who are we

goshorty is a trading style of Complex to Clear Group Limited, (referred to as “GoShorty” “us” or “we”) is an insurance broker authorised and regulated by the FCA No. 751221. GoShorty arranges and administers insurance policies in conjunction with our panel of insurance companies, product and service providers.

Complex to Clear Group Limited T/A GoShorty is a registered company, company number 05044963 registered in England and Wales. Address- First Floor, West Wing, London House, First Avenue, Poynton Cheshire SK12 1YP.

In order to quote, arrange and administer your policy and/or claims, information including your personal data, needs to be shared between different providers including, but not restricted to, insurers, price comparison websites, other brokers and those involved in claims management. GoShorty and its chosen product and service providers are committed to safeguarding your personal data.

This notice is designed to help you understand how we and service providers process your personal data through the insurance journey, from the point of obtaining a quote from us directly or from a price comparison website, through to taking out a policy, making a claim under your policy, to renewing your policy.

In relation to the personal data we collect from and use, we are the ‘data controller.’ This means we decide the purpose and manner in which your personal data is used and processed. Our service and product suppliers may also be data controllers of your personal data, and this is explained more fully below. 

Sharing your personal data                                                                            

GoShorty may share your personal data in a number of ways:

  1. Your personal data may be used by GoShorty as the data controller
  2. GoShorty will also share personal data with insurance companies and other product and service providers who may be data controllers in their own right. 
  3. We may also share your personal data with law enforcement bodies, reinsurers and regulators such as the Financial Conduct Authority, as is necessary and permitted by law. In addition, in the event of a merger, acquisition, or any form of sale of some or all of our assets to a third party, we may also disclose your personal data to the third parties concerned or their professional advisors as is necessary.
  4. To assist us in providing insurance broking services to you, it is necessary for us to use third party suppliers. In using these third-party suppliers, we often have to share and allow access to personal data to enable those third party suppliers to carry out the relevant services. If third party suppliers are using personal data to provide services on our behalf, they are known as ‘data processors’. Examples of important areas where we use third party suppliers (and therefore data processors) include for the purposes of:

We will ensure that any data processor we use has entered into a contract with us which fully sets out the data processor’s duties, including in relation to protecting the processing of your personal data. 

The data we may collect about you

The following is a list of the types of personal data we may collect and hold about you:

Types of personal data

Details

Individual details

Name, address (including proof of address), other contact details (e.g. email and telephone numbers, gender, marital status, date and place of birth, nationality, employer, job title and employment history, and family details, including their relationship to you, vehicle and property details.)

Identification details

Identification numbers issued by government bodies or agencies, including your national insurance number, passport number, tax identification number and driving license number.

Financial information

Bank account or payment card details, income or other financial information.

Risk details

Information about you which we need to collect in order to assess the risk to be insured and provide a quote. This may include data relating to your health, criminal convictions, motoring convictions or offecnes or other special categories of personal data.


Policy information

Information about the quotes you receive and policies you take out.

Credit and anti-fraud data

Credit history, credit score, sanctions and criminal offences, and information received from various anti-fraud databases relating to you.

Previous and current claims

Information about previous and current claims, (including other unrelated insurances), which may include data relating to your health, criminal convictions, motoring convictions or offences or other special categories of personal data and in some cases, surveillance reports.

Some of the personal data you share with us may be ‘special category’ personal data. Certain categories of personal data have additional protection under data protection regulation due to its sensitivity. Special category data includes data relating to health, criminal convictions, racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic, biometric or data concerning sex life or sexual orientation. For the purposes of this notice, we should only process special category relating to health or criminal convictions.

Where we may collect personal data about you

We may receive your personal data through various channels; over the phone, through our website, face to face and directly through secure transfer from other providers

We might collect your personal data from various sources, including:

The particular sources which apply in each case will depend on the context and your particular circumstances.                                                                                                                 

Disclosing other people’s information to us

You should show this notice to anyone whose personal data you provide to GoShorty. You must ensure that any such personal data you supply relating to anyone else is accurate and that you have obtained their consent to the use of their personal data for the purposes set out above. Where you authorise a third party on the policy, it is our standard practice to speak to either you or the third party regarding the policy, after completing relevant identity checks.

Telephone call recording

Telephone calls with us will be recorded for training, quality and complaint handling purposes. We engage third parties to carry out compliance monitoring on our behalf, and personal data including call recordings, is made available to such parties for this purpose.

Identities of data controllers

We are an insurance broker, which means that we will present quotes and incept policies from our panel of insurers. We may source quotes from other insurance brokers who will provide quotes to us from their own panel of insurers.

In order for us to provide our insurance broking services, your personal data is shared between insurance providers some of which you will not have direct contact with. Whilst GoShorty is the data controller of any data it collects or uses, during the insurance journey, other Insurance Participants may also be a data controller. The initial data controller depends on how you have taken out your policy:

Our insurance panel members

Who we share your personal data with, will depend upon whether you request a quote for a non-business policy, such as a personal motor policy or home policy, or whether you are a business customer. Further details are available on request.

The purpose and legal grounds we use for processing your personal data

GoShorty will use and process your personal data in a variety of ways or ‘purposes’ A list of the purposes we use is detailed in Schedule A below.  For us to provide services to you as an insurance broker. We must have a legal ground to process that personal data for the activity we are undertaking.

A summary of the legal grounds we use to personal data, are set out as follows:

Failure to provide the requested personal data may mean we are unable to obtain a quote or incept a policy for you.

Direct Marketing

GoShorty may contact you by post and telephone for our legitimate marketing purposes in order to let you know about offers and other products and services. With your consent we may from time to time contact you by SMS or email with details of our other products and services.

We may collect personal data about you which, when combined with the personal data you have given us, helps us to target and tailor communications which we believe may be more relevant to you. 

If you would like to opt out of receiving marketing correspondence of any kind, you can let us know at any time by writing to us, by calling us on 01625 800 146 or email info@goshorty.co.uk

We do not sell or pass on your details to any third parties for the purposes of marketing their own products or services. 

Profiling and automated processing of personal data

When calculating insurance premiums we and our providers may compare your personal data against industry averages. Your personal data may also be used to create the industry averages going forward. This is known as profiling and is used to ensure premiums reflect risk.

Profiling may also be used by insurance providers to assess personal data you provide to understand fraud patterns.

Where special categories of personal data are relevant, such as medical history or past motoring convictions for motor insurance, your special categories of data may also be used for profiling.

Insurance providers might make some decisions based on profiling and without human intervention (known as automatic decision making).

The legal ground GoShorty uses to carry out automated processing is that it is necessary for the purposes of entering into, or performance, of your insurance policy. GoShorty uses automated processing for the following purposes:-

In order to prevent or detect fraud we will check your details with various fraud prevention agencies and anti-fraud databases, who may record a search. These checks include processing conducted automatically by computers.

Insurers pass information to the Claims Underwriting Exchange database, run by the Motor Insurers’ Bureau (MIB). The aim is to help us check information provided and also to prevent fraudulent claims. We may at any time search the database including when we deal with your request for insurance.

If fraud is suspected, information will be shared with insurers and fraud prevention agencies. GoShorty use Experian, LexisNexis & TM as an interface to compare customer personal data with data held by these fraud prevention agencies. We search these databases when we deal with your request for insurance, at renewal, if changes are made to the policy or, in the event of an incident or claim. Other users of the fraud prevention databases, such as law enforcement agencies, may use this information in their own decision-making processes. Under the conditions of your policy, you must tell us about any incident (such as an accident or theft) which may or may not give rise to a claim. When you tell us about an incident we will pass information relating to it, to our claims management business partners. All telephone calls relating to applications and claims may be monitored and recorded and the recordings used for fraud prevention and detection, training and quality control purposes.

We may also share your information with law enforcement agencies, other organisations and public bodies where we reasonably believe it is necessary for the prevention and detection of fraud, crime or where required to do so under a court order.

 (ii) Credit reference checks

Soft Search

We will conduct credit reference checks at one or more of the UK’s credit reference agency in certain circumstances. In all cases these checks will be carried out to confirm identity, help prevent fraud and calculate premiums. This is a soft search which means it is only visible to you (if you request a copy of your credit file at the credit reference agencies) and is not visible to other organisations. This type of credit reference check will not affect your credit file.

The search will be visible on your credit report but it won't affect your credit rating as it's not an application for credit. The credit reference agencies may add the details of our searches and personal data that we hold about you to their records relating to you.

Linked records

When credit reference agencies receive a search from us they will link together your records and records about your spouse or financial associate. Links will remain on your credit file and theirs until such time as you or they successfully files for a disassociation with the credit reference agency. If your circumstances change and you believe you are no longer financially linked with another person you should contact the agencies about this.

Contacting Credit Reference Agencies

You can contact the CRAs currently operating in the UK (CallCredit, Equifax and Experian) to find out what information they hold about you. The information they hold may not be the same so you may wish to contact more than one. Their details are below. They are entitled charge you a small statutory fee.

 (iii) Risk analytics and insurance premium pricing

We will process your personal data to determine premium pricing, and assess a number of risk rating factors relating to your insurance policy.

(iv) Marketing

We will process your personal data to enable us to develop, review and improve the services which we offer and to enable us to provide you with relevant information through our marketing programme.

We may use your information to make decisions about you using technology to track or profile your, online journey, such as how you arrive on our website and for assessing which products might be most suitable for you.

IP Addresses and Cookies

We may collect information about your computer including where available your IP address. Operating system and browser type.  In addition, we use Cookies, a cookie is a small text file that can be stored on your computer/device and is a standard feature on most modern websites in order to support your browser whilst navigating, to keep your website preferences and help to tailor your online experience.

If you would like to read about them in more detail, please see our cookie policy on our website.  

Retention of your personal data

GoShorty will delete personal data in line with its retention policies. Personal data will be retained for the minimum amount of time necessary for each type of activity that we conduct.

For the purposes of supporting our complaint handling, quality management, regulatory requirements and to defend against legal claims, personal data associated with the provision of quotes, inceptions and management of policies will be retained for a maximum of 7 years from the conclusion of your relationship with us.

Personal data will be retained for 11 years for the purpose of analysing and assessing risk in relation to insurance claims.

Personal data relating to quotes requested and subsequently not taken up by you will only be processed for marketing purposes for 2 years. Should you wish to stop receiving any form of marketing contact please let us know.

Call recordings will be retained for 3 years. Certain call recordings may be held for longer in the event that they are required to support specific regulatory investigations, complaints handling or the prevention and detection of crime.

GoShorty work with Insurance panel providers in order to provide you with a quote and incept insurance. Insurers will retain and delete personal data according to their own retention policies and

you should ensure you read the insurers privacy policy, in respect of your personal data processed and retained by them

Where we store and process your personal data

As we have set out above, third parties may be used by us to ensure we can provide all or part of the service to you. In these instances, while the personal data you provide will be disclosed to them, it will only be used for services for which we have engaged that third party.

When we engage a third party to process any personal data, we conduct appropriate data protection and information security due diligence. We use audits, evidence certifications, penetration and vulnerability tests and conduct on site reviews where appropriate. All transfers of personal data between GoShorty and our suppliers are sent using a secure method.

From time to time we may need to process some of your information using third parties located in countries outside of the European Economic Area (“EEA”). If your information is processed outside the EEA, we will take all necessary steps to ensure it is adequately protected. This includes ensuring there is a contractual agreement in place with the third parties which provides the same level of protection as required by the data protection regulation in the UK and EEA.

Your rights

As we control how your personal data is used, we are the data controller and you are the ‘data subject.’ Under data protection regulations you have rights as a data subject. You may have the right as a data subject to require us to:

Access to information

You have the right to access information we hold about you.  Your right of access can be exercised in accordance with the Act. Any request maybe subject to a fee of £25 to meet our costs in providing you with details of the information we hold about you,

In certain circumstances we may need to restrict the above rights in order to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). We will explain this to you as necessary.

If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights in this section, or if you think that we have breached data protection regulation, then you have the right to complain to the Information Commissioner’s Office (“ICO”).

Contact details of the ICO

Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Tel: 0303 123 1113 (local rate) or visit www.ico.org.uk

If you would like to speak to us about how we use your information you can contact us on 01625 800 146

Schedule A- Legal grounds for processing your personal data

Legal Ground

For processing personal data and special categories of personal data

Performance of our contract with you

Processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract.

Compliance with a legal obligation

Processing is necessary for compliance with a legal obligation to which we are subject. 

Protection of vital interests of you or another person

Processing is necessary in order to protect the vital interests of you or another natural person.

In the public interest

Processing is necessary for the performance of a task carried out in the public interest.

For our legitimate business interests

Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where you are a child. These legitimate interests are set out next to each purpose.

For processing special categories of personal data

Your explicit consent (optional)

You have given your explicit consent to the processing of those personal data for one or more specified purposes. You are free to withdraw your consent , by contacting our Data Protection contact.

Your explicit consent (necessary)

You have given your explicit consent to the processing of those personal data for one or more specified purposes, where we are unable to procure, provide or administer insurance cover without this consent. You are free to withdraw your consent by contacting our Data Protection Contact. However, withdrawal of this consent will impact our ability to provide insurance or pay claims. For more details see section 5.

Protection of vital interests of you or another person, where you are unable to consent

Processing is necessary to protect the vital interests of you or of another natural person where you are physically or legally incapable of giving consent.

For legal claims

Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.

In the substantial public interest

Processing is necessary for reasons of substantial public interest, on the basis of EU or UK law.

For health services

Processing is necessary for the purposes of preventative or occupational medicine, for medical diagnosis, the provision of health or social care or treatment on the basis of EU or UK law or pursuant to contract with a health professional who I sunder legal or professional obligations of secrecy.