Privacy Policy

References to “we” or “us” or “BIBA” are to the British Insurance Brokers’ Association, a limited company incorporated and registered in England and Wales (company no 1293232) whose registered office is at 8th Floor, John Stow House, 18 Bevis Marks, London EC3A 7JB.
About this privacy policy

As a membership based association dedicated to serving the general insurance industry, we understand the importance of maintaining your privacy, keeping your personal information (personal data) secure and complying with data protection laws.

We are the data controller of any personal information you provide to us. This means that we are responsible for complying with data protection laws. This privacy policy describes what personal information we may collect from you, why we use your personal information and more generally the practices we maintain and ways in which we use your personal information.

By providing your personal information to us, you acknowledge that we may use it in the ways set out in this privacy policy. We may provide you with further notices highlighting certain uses we wish to make of your personal information. We may also give you the ability to opt-in or opt-out of selected uses such as marketing when we collect your personal information.

If you are registering other people for one of our events or where you are a key contact at a BIBA member firm and are providing personal information about employees and/or alternative contacts such as individuals in compliance or training to us, you must ensure this privacy policy has been drawn to the attention of those individuals and that you have permission to share their personal information with us.

 

1.   About whom do we collect personal data?
2.   When do we collect personal information?
3.   What personal information do we collect about you?
4.   How do we collect your personal information?
5.  Purposes for which we process your personal and special category data
6.  With whom do we share your personal information?
7.   Marketing
8.  How we protect your personal information
9. For how long do we keep your personal information?
10.  International data transfers
11.    Your rights
12.   Your right to complain to the ICO
13.   Oher websites
14. Cookies
15.     Pixel tags
16.     How to contact us

  • present, past and prospective employees of BIBA member firms who benefit from and access the benefits of BIBA membership;
  • employees of insurers, partners, associates and other such members who access some of the benefits of BIBA membership;
  • individuals who register for BIBA events;
  • individuals who enquire into BIBA membership
  • users of the BIBA website;
  • members of the public who have contact with BIBA;
  • journalists; and
  • MPs and civil servants.

We might collect your personal information if you:

  • or your employee asks to be part of a mailing or marketing campaign;
  • apply (or someone on your behalf) applies for your organisation to be a BIBA member and throughout such memberships
  • register (or someone on your behalf registers you) to attend a BIBA event;
  • subscribe (or someone on your behalf subscribes for you) to receive marketing communications and/or industry updates from BIBA;
  • enquire into BIBA membership but do not sign up;
  • use the Find-A-Broker service or otherwise approach BIBA, as a member of the public, for insurance solutions;
  •  are mentioned in a BIBA manifesto case study or a press release;
  • Contact us with a technical or compliance query; or
  • use our website (for more information please see section 14 on Cookies and section 15 on Pixel Tags).

We may collect the following personal information:

  • name;
  • email address;
  • business and/or personal telephone number;
  • business address and/or personal address;
  • job title and company name;
  • date of birth
  • Internet Protocol (IP) address
  • types of insurances you are interested in (where you enquire through BIBA);
  • financial information (for example credit card details for events or for expenses purposes);
  • financial income if available from public records (where you are a sole trader member);
  • BIBA membership number (where you have been given an individual number or where you are a sole trader member);
  • password to the BIBA website members’ section; and
  • your Financial Conduct Authority (FCA) firm reference number (FRN) where you are a sole trader; and
  •  Your FCA individual reference number (IRN) where you are an Approved Person.

We may also collect the following special category data:

  • information about your religious beliefs (for example where you have expressed specific dietary requirements which are indicative of such beliefs);
  • information about members of parliament (MP) contacts you have which, by their nature, could be indicative of your political beliefs and opinions
  • information about your physical or mental health; and
  • details of your criminal convictions.

We may collect your personal and special category data:

  • face-to-face (directly from you);
  • by telephone;
  • via call recordings on the Find-A-Broker (FAB) service;
  •  by email;
  • via our website (including through the use of cookies – please see section 14 on Cookies);
  • via membership forms (submitted directly by you and by your organisation);
  • via various events attendance lists;
  • via direct debit forms and expenses claim forms;
  • via surveys sent or commissioned by BIBA;
  • from survey data collected through third party surveys;
  • via our customer relationship management (CRM) systems, including our BIBA conference system;
  • via the key contact at your organisation (where you work for a member firm) who is responsible for registering all applicable employees as members;
  • from individuals or colleagues who have registered you for an event;
  • from event organisers, exhibitors and any other such third parties who are involved in organising or contributing to BIBA events and/or the BIBA conference;
  • from delegate lists obtained from third party events;
  • from people working on our behalf, whether as a paid consultant or on a voluntary basis on our boards and/or committees including but not limited to our regional committees;
  • from third parties to verify your identity and the accuracy of the information you have provided;
  • from publicly available sources including but not limited to internet search engines, public records and registers and social media (e.g. LinkedIn and Twitter);
  • from third parties including but not limited to public relations (PR) agencies and industry media databases that maintain information on journalists; government databases that maintain information on MPs, peers and government officials;

We use your personal information for a number of different purposes.

Under data protection laws, for each purpose we must be able to rely on a legal ground to justify why we are using your personal information. The legal grounds that we may rely on are:

For processing personal information

Legal ground Details
Performance of our contract with you Processing is necessary for the performance of a contract to which you are party to or in order to take steps at your request prior to entering into a contract.
Compliance with a legal obligation Processing is necessary for compliance with a legal obligation to which we are subject.
For our legitimate interests where these do not cause you undue harm Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal information.

Our main legitimate interests for using your personal information are:

(1)  to enable us to run a membership organisation which serves the insurance industry; and

(2)  to promote BIBA services and the value of the services that our members offer.

 

When we use your special category data (for example information about your religious beliefs, criminal convictions, political opinions or health) we must be able to rely on an additional legal ground. The additional legal grounds that we may rely on in these instances are:

For processing special category personal information

Your explicit consent You have given your explicit consent to the processing of your special category data for one or more specified purposes.

You may withdraw your consent at any time by contacting us.  If you do so, you may not be able to receive the benefit of some of our services where in order to provide them, we rely on your explicit consent to process your special category data.

For legal claims Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
You have made this information public You have made your special category information manifestly public.

 

For every use of your personal information, we have set out the relevant legal grounds that we will rely on and where relevant, the additional legal grounds that we rely on when we use your special category data.

Where you benefit from BIBA membership, the personal information that we collect about you may be used:

  • To administer your BIBA membership where you are a sole trader or an employee of a BIBA member firm

As part of your membership, we need to carry out our obligations arising from the membership contract and general membership service activities such as invoicing and confirmation emails.

Legal grounds:

  • performance of our contract with you
  • our legitimate interests
  • to send you any guides, documentation, email alerts or other information relevant to BIBA membership

Legal grounds:

  • performance of our contract with you
  • our legitimate interests

To administer your expenses for meetings held at BIBA

Legal grounds:

  • performance of our contract with you
  • our legitimate interests

To list your details in the ‘Find-A-Broker’ area on our website and telephone service (where you are a sole trader)

Legal grounds:

  • performance of our contract with you
  • our legitimate interests

To track email readership to share your contact details with scheme provider

Legal grounds:

  • our legitimate interests

To share your details with regional committees

Legal grounds:

  • performance of our contract with you
  • our legitimate interests

To personalise your experience on the BIBA website

Legal grounds:

  • our legitimate interests

To track the use of the BIBA website

Legal grounds:

  • our legitimate interests

To be featured in BIBA manifesto case studies

Legal grounds:

  • our legitimate interests

For marketing purposes

We or our partners (including insurers, regulators, scheme providers and companies that have been identified as providing products or services which may be of interest to you) may send you marketing emails where you have expressed an interest in receiving them. For more information about marketing communications please see section 7 on marketing.

Legal grounds:

  • performance of our contract with you
  • our legitimate interests

Where you (as an employee of a BIBA member firm or non-member) register for and/or attend a BIBA event, the personal information that we collect about you may be used: 

  • For event administration

Where you have registered for a BIBA event such as the BIBA conference, regional events and dinners, we will use your personal information to:

  • process bookings;
  • send you the relevant information pack and to confirm details;
  • include your name on the delegate list which is available to other delegates (unless you have indicated to us that you do not want your details to appear on such lists) and third parties such as scheme providers, event organisers, regional committees, exhibitors and speakers;
  • to produce name badges;
  • to make necessary security, catering and all other event related arrangements; and
  • for any other necessary purpose related to the running of our events.

Legal grounds:

  • performance of our contract with you
  • our legitimate interests

Additional legal grounds for special category personal information:

  • For marketing purposes

We and/or our partners, including exhibiting companies at events, may send you marketing emails where you have expressed an interest in receiving them. For more information about marketing communications please see section 7 on marketing.

Legal grounds:

  • performance of our contract with you
  • our legitimate interests

Where you enquire into BIBA membership as a sole trader or on behalf of a firm but do not sign up or where you are an employee of a prospective BIBA member, the personal information that we collect about you may be used: 

  • To provide information about BIBA membership

Legal grounds:

  • our legitimate interests

To provide information about BIBA events (including regional events)

Legal grounds:

  • our legitimate interests

Where you are a member of the public, the personal information that we collect about you may be used:

  • To be featured in BIBA manifesto case studies or a press releases

Legal grounds:

  • our legitimate interests

Additional legal grounds for sensitive personal information:

  • explicit consent

To provide insurance solutions, signpost and assist you on issues ranging from a claim to placement where you have been unable to find cover

Legal grounds:

  • performance of our contract with you
  • our legitimate interests

Additional legal grounds for sensitive personal information:

  • explicit consent

Where you are a journalist the personal information that we collect about you may be used:

  • To provide you with information in connection with your occupation

We may send you press releases and other related emails where you have requested them or where they are relevant to your occupation. You can opt-out from receiving such press releases and other related emails at any time by contacting us.

Legal grounds:

  • our legitimate interests

For event administration

We may use your personal information to invite you to events and for any related event administration including to:

  • process bookings;
  • send you the relevant information pack and to confirm details;
  • include your name on the delegate list which is available to other delegates and third parties such as scheme providers, event organisers, regional committees, exhibitors and speakers;
  • to produce name badges;
  • to make necessary security, catering and all other event related arrangements; and
  • for any other necessary purpose related to the running of our events.

Legal grounds:

  • performance of our contract with you
  • our legitimate interests

Additional legal grounds for special category data:

Where you are an MP, the personal information that we collect about you may be used:

  • To provide you with information in connection with your occupation

We may send you information that is relevant to your occupation. You can opt-out from receiving such information at any time by contacting us.

Legal grounds:

  • our legitimate interests

For event administration

We may use your personal information to invite you to events and for any related event administration including to:

  • process bookings;
  • send you the relevant information pack and to confirm details;
  • include your name on the delegate list which is available to other delegates and third parties such as scheme providers, event organisers, regional committees, exhibitors and speakers;
  • to produce name badges;
  • to make necessary security, catering and all other event related arrangements; and
  • for any other necessary purpose related to the running of our events.

Legal grounds:

  • performance of our contract with you
  • our legitimate interests

Additional legal grounds for special category information:

  • explicit consent
  • you have made this information public

We may disclose your personal information to the third parties listed below for the purposes described in this privacy policy. You can contact us for details of specific disclosures made in respect of your personal information. The third parties listed below will only use your personal information under our strict instruction and are under an obligation to ensure appropriate security measures are in place.

  • Insurers;
  • Reinsurers;
  • Professional advisers including auditors, solicitors, tax advisers and media sales agencies;
  • IT service providers;
  • Event organisers, event exhibitors and any other such third parties which are involved in organising or contributing to BIBA events and/or the BIBA conference;
  • Scheme providers. You can click here to find a full listing of BIBA’s scheme providers
  • Advisory Boards, Regional committees including their Chairs and event organisers;
  • Telephone providers used as part of the Find-A-Broker service
  • Survey facilitators;
  • Providers of accountancy software/system;
  • Members of the public including those who have come through the Find-A-Broker service (where you are operating as a sole trader under your own name?);
  • Government departments;
  • The media;
  • MPs;
  • Regulators (including the FCA and Information Commissioner’s Office (ICO)) and law enforcement and prosecuting authorities; and
  • Other BIBA members.

We may also disclose your personal information to other third parties where:

  • the disclosure is required by law or by a regulator with authority over us or you, such as where there is a court order, statutory obligation or FCA request; and
  • we believe that such disclosure is necessary in order to assist in the prevention or detection of any criminal action (including fraud) or is otherwise in the overriding public interest.

We are committed to only sending you marketing communications that you have expressed an interest in receiving. More information about the marketing communications that we send to BIBA members can be found below.

Where you have registered for an event, whether you are a BIBA member or not, we and/or approved third parties may also send you marketing emails relating to the event that you have registered for, for example providing details of the exhibitors appearing. You can unsubscribe from such emails at the time of registering for the event or at any time subsequently by clicking the unsubscribe link at the bottom of any email or by contacting us.

Where you are a non-member but you attend the BIBA annual conference or BIBA annual Scottish conference, unless you tell us otherwise, you will receive annual emails relating to the next BIBA conference. You can opt-out of further emails relating to the current year’s conference or all future BIBA communications by following the link appearing at the bottom of any conference email.  Where you opt-out of conference emails, this opt-out will only apply to the current year’s conference only and in subsequent years you will receive emails regarding that subsequent year’s conference, to which a further opt-out will be available for that year.

Where you are a sole trader BIBA member or an employee of a BIBA member firm:

We are committed to sending you, as a BIBA member, marketing communications we believe you will have an interest in, by becoming a BIBA member including:

  • The Broker – the BIBA member magazine;
  • Other publications and guides;
  • Regulation and compliance updates including Compliance Rules;
  • Technical updates;
  • Details of regional events;
  • Weekly newsletter;
  • Monthly video and update;
  • General updates;
  • Training updates;
  • Professional indemnity updates;
  • Updates on events and products;
  • Membership and research surveys; and
  • Communications from BIBA approved third party scheme and facility providers. As well as sending you details of BIBA approved scheme providers we may also share your personal information with such providers so they can provide you with those details directly.

If you wish to unsubscribe from the communications sent by us to you as part of your BIBA membership, you may do so at any time by clicking on the “unsubscribe” link that appears at the bottom of all BIBA or partner marketing email communications. Otherwise, you can always contact us.

However please note that individuals who are key contacts at their BIBA member organisation will receive essential emails which will include at a minimum, conference and membership renewal emails.

As part of your BIBA membership you will also receive annual emails relating to the next annual BIBA conference.  You can opt-out of further emails relating to the current year’s conference by following the link appearing at the bottom of any conference email. This opt-out applies to the current year’s conference only and in subsequent years you will receive emails regarding that subsequent year’s conference, to which a further opt-out will be available for that year.

Careful thought needs to be giving to opting out of essential membership emails as this may limits our ability to provide the full range of membership services to you.

BIBA is committed to keeping your personal information secure. We keep your personal information in a secure server and have appropriate security measures in place in physical facilities.

While we strive to protect your personal information, due to the nature of the internet we cannot guarantee the security of any information you transmit to us. With this in mind, any transmission is at your own risk and we urge you to take every precaution to protect your personal information while you are online.

By providing you with services we create records that contain your personal data.  These records can be held on a variety of media (physical or electronic) and formats.

Retention periods for records are determined based upon the type of record, the nature of the activity and the service that we are providing to you and to comply with legal and regulatory requirements.

Records help us to demonstrate that we are meeting our responsibilities and to keep as evidence of our activities. We manage our records to help us serve our members and customers well (for example for operational reasons, such as dealing effectively with any queries relating to your membership of BIBA) and to comply with legal and regulatory requirements.

BIBA will retain your personal information for the duration of your membership with BIBA, plus another seven years upon leaving membership.

For those members of the public contacting us for the Find-A-Broker service we will hold your personal data for two years.

We may on exception retain your information for longer periods particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or our regulators. This is intended to make sure that we will be able to produce records as evidence, if they are needed.

Retention periods may be changed from time-to-time based on business or legal and regulatory requirements.

If you would like more information about how long we keep your information, please contact us at: [email protected]

We (or third parties acting on our behalf) may store or process personal information that we collect about you in countries outside the European Economic Area (EEA), which may have lower standards of data protection.

We may also disclose your personal information to third parties in connection with the sale, transfer or disposal of our business or business liabilities, provided that they continue to use your personal information substantially in accordance with the terms of this privacy policy.

In the unlikely event that we transfer your personal information outside the EEA we will ensure that an adequate level of protection is in place to protect your personal information such as putting in place contractual protections which have the purpose of ensuring the security of any information passed and putting in place technical and organisational security measures to prevent the loss or unauthorised access of your personal information.

  1. The right to access your personal information

Subject to any relevant exemptions, you are entitled to see a copy of the personal information we hold about you and to request details of how we use your personal information including any disclosures made. To exercise your rights to access your personal information, please contact us. There will not usually be a charge for dealing with these requests.

Your personal information will usually be provided to you in writing, unless otherwise requested, or where you have made the request by electronic means, in which case your personal information will be provided to you by electronic means where possible.

  1. The right to rectification

We take reasonable steps to ensure that the personal information we hold about you is reliable and as accurate and complete as is necessary for its intended use but you are entitled to ask us to update or amend any inaccuracies in the personal information that we hold about you. To request us to update or amend any personal information we hold about you, please contact us.

  1. The right to object to marketing

As set out in section 7 on marketing, you are entitled to object to receiving marketing material from us at any time.  You can exercise this right by clicking ‘unsubscribe’ on any marketing email you receive from us or by contacting us.  Sole traders are encouraged to reread section 7 to ensure they make an informed decision.

  1. Other rights

Under certain conditions, you may also have the right to require us to:

  • delete any personal information, subject to us having no longer have a legal ground to rely on to retain it;
  • where processing is based on consent, to withdraw your
  • consent so that we stop that particular processing;
  • object to any processing based on the legal ground of legitimate interests unless our reason for undertaking that processing outweighs any prejudice to your data protection rights;
  • provide you or another provider with a copy of your personal information that you provided us with; and
  • restrict how we use your personal information whilst a complaint is being investigated.

If you contact us to exercise any of these rights we will confirm your right to do so and respond in most cases within 30 days. Where we believe it may take longer than 30 days to respond to a request, we will inform you. We are permitted a further two months to respond in cases are particularly complex.

If you are not satisfied with our use of your personal information, our response to any exercise of your rights set out in section 11, or if you believe us to be in breach of our data protection obligations, you have the right to complain to the Information Commissioner’s Office here.

BIBA’s websites may contain links to other third party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. We would suggest that you check these policies before you submit any personal information to such third party websites.

A cookie is a small data file that is sent to your computer from a website and is stored on your computer’s hard drive. A cookie file stores a limited amount of information about you (such as your username and password) and allows BIBA to offer services personalised to your interests and to track the number of people who visit different parts of our website. You can set your web browser to refuse cookies, however some of our website features may not function as a result.

The cookies we make use of on the BIBA websites are:

BIBA cookies

Cookie name Purpose  Lifetime
_ga
_gid
_gat
Google analytics tag specific to the website to track visitor to the website 2 years
24 hours
24 hours
biba_session Associated with the creation of a unique token for the user session 1 day
wp-settings-9
wp-settings-time-9
Used to customise your view of admin interface, and possibly also the main site interface. 1 year
1 year
PHPSESSID To store a simple message when a form is submitted that can be displayed on a different page. Session
viewed_cookie_policy To check if a visitor to our website has been shown the EU Cookie Popup. 1 year
wfwaf-authcookie- WordPress security plugin “Wordfence”. It is used to authenticate user’s login request. 1 day
wordpress_logged_in_
wordpress_sec_
wordpress_test_cookie
WordPress cookie for a logged in user
WordPress cookie for a logged in user
WordPress sets this cookie when you navigate to the login page. The cookie is used to check whether your web browser is set to allow, or reject cookies
Session
Session
Session

 

Third party cookies

Third party Cookie name Purpose Lifetime
Facebook Sb
Fr
datr
locale
reg_fb_gate
reg_fb_ref
wd
Allows control over the “Follow us on Facebook” and “Like” buttons
Allows control over the “Follow us on Facebook” and “Like” buttons
It helps Facebook identify suspicious login activity
To keeps track of the language
Contains the first Facebook page that the web browser visited.
Contains the last Facebook page that the web browser visited.
Contains the browser window dimensions
2 years
3 months
2 years
2 days
Session
Session
2 days
Google HSID
1P_JAR
APISID
SAPISID
SID
SSID
SIDCC
NID/td>
To block different types of attack
To gather website statistics, and track conversion rates.
To store user preferences and information of Google maps
To store user preferences and information of Google maps
To block different types of attack
To remain connected to your Google account when you visit its service again
To block different types of attack
To remember your preferences and other information
2 years
1 month
2 years
2 years
2 years
2 years
3 months
6 months
Cloudflare __cfduid To identify individual clients behind a shared IP address and apply security settings on a per-client basis. 1 year
ShareThis __stid Unique identifiers given to each computer to allow traffic analysis to ShareThis. 1 year

 

For further information about cookies please visit www.allaboutcookies.org.

Pixel tags (also called clear gifs or web bugs) are used to track who is reading a web page or e-mail, when, and from what computer.

They provide us with information about your interaction with our email messages (if you receive messages in html format) and to record some of the pages you consequently visit on our website.

We use this information so we can provide you with information tailored to your needs and interests and so that we can better plan our future campaigns and upgrade visitor information used in reporting statistics.

Pixel tag technology is used to analyse the reading habits of our membership in order to review and improve services to members and on occasion we may use this for marketing purposes. Questions about this technology should be directed to the BIBA communications department at 0344 77 00 266.

Please contact us if you have any questions about this privacy policy or the personal information we hold about you. You can contact us by email [email protected] or by writing to us at Membership Department, BIBA, 8th Floor, John Stow House, 18 Bevis Marks, London EC3A 7JB.