Privacy Policy

About us

In this privacy policy, references to “we” or “us” or “BIBA” are to the British Insurance Brokers’ Association, a limited company incorporated and registered in England and Wales (company no 1293232) whose registered office is at 8th Floor, John Stow House, 18 Bevis Marks, London EC3A 7JB.

Privacy policy

As a membership based association dedicated to serving the general insurance industry, we understand the importance of maintaining your privacy, keeping your personal information secure and complying with data protection laws.
We are the data controller of any personal information you provide to us. This means that we are responsible for complying with data protection laws. This privacy policy describes what personal information we may collect from you, why we use your personal information and more generally the practices we maintain and ways in which we use your personal information.

By providing your personal information to us, you acknowledge that we may use it in the ways set out in this privacy policy. We may provide you with further notices highlighting certain uses we wish to make of your personal information. We may also give you the ability to opt-in or opt-out of selected uses such as marketing when we collect your personal information.

If you are registering other people for one of our events or where you are a key contact at a BIBA member firm and are providing personal information about employees and/or alternative contacts such as individuals in compliance or training to us, you must ensure this privacy policy has been drawn to the attention of those individuals and that you have permission to share their information with us.
From time to time we may need to make changes to this privacy policy, for example, as the result of government regulation, new technologies, or other developments in data protection laws or privacy generally. You should check the BIBA website periodically to view the most up to date privacy policy.

Our Privacy Policy is divided into 16 sections to help you concentrate on the area that you are interested in.

1.     Who do we collect personal information about?
2.     When do we collect personal information?
3.     What personal information do we collect?
4.     How do we collect your personal information 
5.     Purposes for which we process your (non-sensitive) personal and sensitive personal  information
6.     Who do we share your personal information with?
7.     Marketing 
8.     How we protect your personal information 
9.     How long we keep your personal information for 
10.  International data transfers 
11.  Your rights 
12.  Your right to complain to the ICO 
13.  Other websites 
14.  Cookies 
15.  Pixel tags 
16.  How to contact us 

Section 1: Who do we collect personal information about?

  • present, past and prospective BIBA members who are sole traders;
  • present, past and prospective employees of BIBA member firms who benefit from and access the BIBA membership;
  • employees of insurers, partners, associates and other such members who access some of the benefits of BIBA membership;
  • individuals who attend BIBA events;
  • individuals who enquire into BIBA membership;
  • users of the BIBA website;
  • members of the public who have contact with BIBA;
  • journalists; and
  • MPs and civil servants.

Section 2: When do we collect personal information?

We might collect your personal information if you:

  • or your employee asks to be part of a mailing or marketing campaign;
  • apply (or someone on your behalf) applies for your organisation to be a BIBA member and throughout such membership;
  • register (or someone on your behalf registers you) to attend a BIBA event;
  • subscribe (or someone on your behalf subscribes for you) to receive marketing communications and/or industry updates from BIBA;
  • enquire into BIBA membership but do not sign up;
  • use the Find-A-Broker service or otherwise approach BIBA, as a member of the public, for insurance solutions;
  • are mentioned in a BIBA manifesto case study;
  • telephone us with a technical or compliance query; or
  • use our website (for more information please see section 14 on Cookies and section 15 on Pixel Tags).

Section 3: What personal information do we collect about you?

We may collect the following (non-sensitive) personal information: 

  • name;
  • email address;
  • business and/or personal phone number;
  • business address and/or personal address;
  • job title and company name;
  • date of birth;
  • IP address;
  • types of insurances you are interested in (where you enquire through BIBA);
  • financial information (for example credit card details for events or for expenses purposes);
  • financial income if available from public records (where you are a sole trader member);
  • BIBA membership number (where you have been given an individual number or where you are a sole trader member);
  • password to the BIBA website members’ section; and
  • your personal FCA number where you are a sole trader.

We may also collect the following sensitive personal information: 

  • information on your religious beliefs (for example where you have expressed specific dietary requirements which are indicative of such beliefs);
  • information on MP contacts you have which, by their nature, could be indicative of your political beliefs and opinions;
  • information about your physical or mental health; and
  • details of your criminal convictions.

Section 4: How do we collect your personal information?

We may collect your (non-sensitive) personal and sensitive personal information:

  • face-to-face (directly from you);
  • by telephone;
  • via call recordings on the Find-A-Broker service;
  • by email;
  • via our website (including through the use of cookies – please see section 14 on Cookies);
  • via membership forms (submitted directly by you and by your organisation);
  • via various events attendance lists;
  • via direct debit forms and expenses claim forms;
  • via surveys sent or commissioned by BIBA;
  • from survey data collected through third party surveys;
  • via our CRM systems, including our BIBA conference system;
  • via the key contact at your organisation (where you work for a member firm) who is responsible for registering all applicable employees as members;
  • from individuals or colleagues who have registered you for an event;
  • from event organisers, exhibitors and any other such third parties who are involved in organising or contributing to BIBA events and/or the BIBA conference;
  • from delegate lists obtained from third party events;
  • from people working on our behalf, whether as a paid consultant or on a voluntary basis on our boards and/or committees including but not limited to our regional committees;
  • from third parties to verify your identity and the accuracy of the information you have provided;
  • from publicly available sources including but not limited to internet search engines, public records and registers and social media (e.g. LinkedIn and Twitter);
  • from third parties including but not limited to PR agencies and industry media databases that maintain information on journalists;
  • from third parties including but not limited to government databases that maintain information on MPs, Peers and government officials; and
  • through cookies placed on our website (see section 14 on Cookies).

Section 5: Purposes for which we process your (non-sensitive) personal and sensitive personal information

We use your personal information for a number of different purposes.

Under data protection laws, for each purpose we must be able to rely on a legal ground to justify why we are using your (non-sensitive) personal information. The legal grounds that we may rely on are:

For processing (non-sensitive) personal information

Legal ground

Details

Performance of our contract with you Processing is necessary for the performance of a contract to which you are party to or in order to take steps at your request prior to entering into a contract
Compliance with a legal obligation Processing is necessary for compliance with a legal obligation to which we are subject
For our legitimate interests where these do not cause you undue harm Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal information.

Our main legitimate interests for using your personal information are:

(1)  to enable us to run a membership organisation which serves the insurance industry; and

(2)  to promote BIBA services and the value of the services that our members offer.

When we use your sensitive personal information (for example information about your religious beliefs, criminal convictions, political opinions or health) we must be able to rely on an additional legal ground. The additional legal grounds that we may rely on in these instances are:

For processing sensitive personal information

Your explicit consent You have given your explicit consent to the processing of your sensitive personal information for one or more specified purposes.

You may withdraw your consent at any time by contacting us.  If you do so, you may not be able to receive the benefit of some of our services where in order to provide them, we rely on your explicit consent to process your sensitive personal information.

For legal claims Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
You have made this information public You have made your sensitive personal information manifestly public.

For every use of your personal information, we have set out the relevant legal grounds that we will rely on and where relevant, the additional legal grounds that we rely on when we use your sensitive personal information.

Where you benefit from BIBA membership, the personal information that we collect about you may be used:

  1. To administer your BIBA membership where you are a sole trader or an employee of a BIBA member firm

As part of your membership, we need to carry out our obligations arising from the membership contract and general membership service activities such as invoicing and confirmation emails.

Legal grounds ?

  • performance of our contract with you
  • our legitimate interests
  1. To send you any guides, documentation, email alerts or other information relevant to BIBA membership

Legal grounds ?

  • performance of our contract with you
  • our legitimate interests
  1. To administer your expenses for meetings held at BIBA

Legal grounds ?

  • performance of our contract with you
  • our legitimate interests
  1. To list your details in the ‘Find-A-Broker’ area on our website and telephone service (where you are a sole trader)

 Legal grounds ? 

  • performance of our contract with you
  • our legitimate interests
  1. To track email readership to share your contact details with scheme providers 

Legal grounds ?

  •  our legitimate interests 
  1. To share your details with regional committees 

Legal grounds ? 

  • performance of our contract with you
  • our legitimate interests
  1. To personalise your experience on the BIBA website 

Legal grounds ? 

  • our legitimate interests 
  1. To track the use of the BIBA website 

Legal grounds ? 

  • our legitimate interests 
  1. To be featured in BIBA manifesto case studies 

Legal grounds ? 

  • our legitimate interests
  1. For marketing purposes

We or our partners (including insurers, regulators, scheme providers and companies that have been identified as providing products or services which may be of interest to you) may send you marketing emails where you have expressed an interest in receiving them. For more information about marketing communications please see section 7 on marketing.

Legal grounds ?

  • performance of our contract with you
  • our legitimate interests

Where you (as an employee of a BIBA member firm or non-member) register for and/or attend a BIBA event, the personal information that we collect about you may be used:  

  1. For event administration

Where you have registered for a BIBA event such as the BIBA conference, regional events and dinners, we will use your personal information to:

  • process bookings;
  • send you the relevant information pack and to confirm details;
  • include your name on the delegate list which is available to other delegates (unless you have indicated to us that you do not want your details to appear on such lists) and third parties such as scheme providers, event organisers, regional committees, exhibitors and speakers;
  • to produce name badges;
  • to make necessary security, catering and all other event related arrangements; and
  • for any other necessary purpose related to the running of our events.

Legal grounds ? 

  • performance of our contract with you
  • our legitimate interests

Additional legal grounds for sensitive personal information ?

  • explicit consnt
  1. For marketing purposes

We and/or our partners, including exhibiting companies at events, may send you marketing emails where you have expressed an interest in receiving them. For more information about marketing communications please see section 7 on marketing.

Legal grounds ? 

  • performance of our contract with you
  • our legitimate interests

Where you enquire into BIBA membership as a sole trader or on behalf of a firm but do not sign up or where you are an employee of a prospective BIBA member, the personal information that we collect about you may be used: 

  1. To provide information about BIBA membership 

Legal grounds ? 

  • our legitimate interests
  1. To provide information about BIBA events (including regional events) 

Legal grounds ? 

  • our legitimate interests

Where you are a member of the public, the personal information that we collect about you may be used:

  1. To be featured in BIBA manifesto case studies 

Legal grounds ? 

  • our legitimate interests

 Additional legal grounds for sensitive personal information ?

  • explicit consent 
  1. To provide insurance solutions, signpost and assist you on issues ranging from a claim to placement where you have been unable to find cover

Legal grounds ?

  • performance of our contract with you
  • our legitimate interests

Additional legal grounds for sensitive personal information ?

  • explicit consent

Where you are a journalist the personal information that we collect about you may be used:

  1. To provide you with information in connection with your occupation

We may send you press releases and other related emails where you have requested them or where they are relevant to your occupation. You can opt-out from receiving such press releases and other related emails at any time by contacting us.

Legal grounds ? 

  • our legitimate interests
  1. For event administration

We may use your personal information to invite you to events and for any related event administration including to:

  • process bookings;
  • send you the relevant information pack and to confirm details;
  • include your name on the delegate list which is available to other delegates and third parties such as scheme providers, event organisers, regional committees, exhibitors and speakers;
  • to produce name badges;
  • to make necessary security, catering and all other event related arrangements; and
  • for any other necessary purpose related to the running of our events.

Legal grounds ? 

  • performance of our contract with you
  • our legitimate interests

Additional legal grounds for sensitive personal information ?

  • explicit consent

Where you are an MP, the personal information that we collect about you may be used:

  1. To provide you with information in connection with your occupation

We may send you information that is relevant to your occupation. You can opt-out from receiving such information at any time by contacting us.

Legal grounds ? 

  • our legitimate interests
  1. For event administration

We may use your personal information to invite you to events and for any related event administration including to:

  • process bookings;
  • send you the relevant information pack and to confirm details;
  • include your name on the delegate list which is available to other delegates and third parties such as scheme providers, event organisers, regional committees, exhibitors and speakers;
  • to produce name badges;
  • to make necessary security, catering and all other event related arrangements; and
  • for any other necessary purpose related to the running of our events.

Legal grounds ? 

  • performance of our contract with you
  • our legitimate interests

Additional legal grounds for sensitive personal information ? 

  • explicit consent
  • you have made this information public

Section 6: Who do we share your personal information with?

We may disclose your personal information to the third parties listed below for the purposes described in this privacy policy. You can contact us for details of specific disclosures made in respect of your personal information. The third parties listed below will only use your personal information under our strict instruction and are under an obligation to ensure appropriate security measures are in place.

  • Insurers;
  • Reinsurers;
  • Professional advisors including auditors, solicitors, tax advisors and media sales agencies;
  • IT service providers;
  • Event organisers, event exhibitors and any other such third parties who are involved in organising or contributing to BIBA events and/or the BIBA conference;
  • Scheme providers;
  • Regional committees including chairmen and event organisers;
  • Telephone providers used as part of the Find-A-Broker service;
  • Survey facilitators;
  • Providers of accountancy software/system;
  • Members of the public including those who have come through the Find-A-Broker service;
  • Government departments;
  • The media;
  • MPs;
  • Regulators (including the Financial Conduct Authority); and
  • Other BIBA members.

We may also disclose your personal information to other third parties where:

  • the disclosure is required by law or by a regulator with authority over us or you, such as where there is a court order, statutory obligation or FCA request; and
  • we believe that such disclosure is necessary in order to assist in the prevention or detection of any criminal action (including fraud) or is otherwise in the overriding public interest.

Section 7: Marketing

We are committed to only sending you marketing communications that you have expressed an interest in receiving. More information about the marketing communications that we send to BIBA members can be found below.

Where you have registered for an event, whether you are a BIBA member or not, we and/or approved third parties may also send you marketing emails relating to the event that you have registered for, for example providing details of the exhibitors appearing. You can unsubscribe from such emails at the time of registering for the event or at any time subsequently by clicking the unsubscribe link at the bottom of any email or by contacting us.

Where you are a non-member but you attend the BIBA annual conference or BIBA annual Scottish conference, unless you tell us otherwise, you will receive annual emails relating to the next BIBA conference. You can opt-out of further emails relating to the current year’s conference or all future BIBA communications by following the link appearing at the bottom of any conference email.  Where you opt-out of conference emails, this opt-out will only apply to the current year’s conference only and in subsequent years you will receive emails regarding that subsequent year’s conference, to which a further opt-out will be available for that year.

Where you are a sole trader BIBA member or an employee of a BIBA member firm:

We are committed to sending you, as a BIBA member, marketing communications that you have expressed an interest in receiving by becoming a BIBA member including:

  • The Broker – the BIBA member magazine;
  • Other publications and guides;
  • Regulation and compliance rules updates;
  • Technical updates;
  • Details of regional events;
  • Weekly newsletter;
  • Monthly video and update;
  • General updates;
  • Training updates;
  • Professional indemnity updates;
  • Updates on events and products;
  • Membership and research surveys; and
  • Communications from BIBA approved third party scheme and facility providers. As well as sending you details of BIBA approved scheme providers we may also share your personal information with such providers so they can provide you with those details directly.

If you wish to unsubscribe from the communications sent by us to you as part of your BIBA membership, you may do so at any time by clicking on the “unsubscribe” link that appears at the bottom of all BIBA or partner marketing email communications. Otherwise, you can always contact us.

However please note that individuals who are key contacts at their BIBA member organisation will receive essential emails which will include at a minimum, conference and membership renewal emails.

As part of your BIBA membership you will also receive annual emails relating to the next annual BIBA conference.  You can opt-out of further emails relating to the current year’s conference by following the link appearing at the bottom of any conference email. This opt-out applies to the current year’s conference only and in subsequent years you will receive emails regarding that subsequent year’s conference, to which a further opt-out will be available for that year.

Section 8: How we protect your personal information

BIBA is committed to keeping your personal information secure. We keep your personal information in a secure server and have appropriate security measures in place in our physical facilities.

Whilst we strive to protect your personal information, due to the nature of the internet we cannot guarantee the security of any information you transmit to us. With this in mind, any transmission is at your own risk and we urge you to take every precaution to protect your personal information while you are online.

Section 9: How long we keep your personal information

We only keep your personal information for as long as is reasonably necessary to fulfil the relevant purposes described in this privacy policy or if required by law we may keep your information for longer.

Section 10: International data transfers

We (or third parties acting on our behalf) may store or process personal information that we collect about you in countries outside the European Economic Area (“EEA“), which may have lower standards of data protection.

We may also disclose your personal information to third parties in connection with the sale, transfer or disposal of our business, provided that they continue to use your personal information substantially in accordance with the terms of this privacy policy.

In the unlikely event that we transfer your personal information outside the EEA we will ensure that an adequate level of protection is in place to protect your personal information such as putting in place contractual protections which have the purpose of ensuring the security of any information passed and putting in place technical and organisational security measures to prevent the loss or unauthorised access of your personal information.

Section 11: Your rights

  1. The right to access your personal information

Subject to any relevant exemptions, you are entitled to see a copy of the personal information we hold about you and to request details of how we use your personal information including any disclosures made. To exercise your rights to access your personal information, please contact us. There will not usually be a charge for dealing with these requests.

Your personal information will usually be provided to you in writing, unless otherwise requested, or where you have made the request by electronic means, in which case your personal information will be provided to you by electronic means where possible.

  1. The right to rectification

We take reasonable steps to ensure that the personal information we hold about you is reliable and as accurate and complete as is necessary for its intended use but you are entitled to ask us to update or amend any inaccuracies in the personal information that we hold about you. To request us to update or amend any personal information we hold about you, please contact us.

  1. The right to object to marketing

As set out in section 7 on marketing, you are entitled to object to receiving marketing material from us at any time.  You can exercise this right by clicking ‘unsubscribe’ on any marketing email you receive from us or by contacting us.

  1. Other rights

Under certain conditions, you may also have the right to require us to:

  • delete any personal information that we no longer have a legal ground to rely on;
  • where processing is based on consent, to withdraw your consent so that we stop that particular processing;
  • object to any processing based on the legal ground of legitimate interests unless our reason for undertaking that processing outweighs any prejudice to your data protection rights;
  • provide you or another provider with a copy of your personal information that you provided us with; and
  • restrict how we use your personal information whilst a complaint is being investigated.

If you contact us to exercise any of these rights we will confirm your right to do so and respond in most cases within 30 days.

Section 12: Your right to complain to the Information Commissioner’s Office

If you are not satisfied with our use of your personal information, our response to any exercise of your rights set out in section 11 on your rights, or if you believe us to be in breach of our data protection obligations, you have the right to complain to the Information Commissioner’s Office here.

Section 13: Other Websites

BIBA’s websites may contain links to other third party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third party websites.

Section 14.Cookies

A cookie is a small data file that is sent to your computer from a website and is stored on your computer’s hard drive. A cookie file stores a limited amount of information about you (such as your username and password) and allows BIBA to offer services personalised to your interests and to track the number of people who visit different parts of our website. You can set your web browser to refuse cookies, however some of our website features may not function as a result.

The cookies we make use of on the BIBA websites are:

BIBA cookies

Cookie name Purpose  Lifetime
biba session This is used to set the user when they log in and to track when they are using find a broker tool Expires after 2 hours of not using session
XSRF-TOKEN We use this token to stop cross site scripting, this is used on all pages when there is user interaction such as login, find a broker, S&P and other forms Expires after 1 hour

 

Third party cookies

Third party Cookie name Purpose Lifetime More information (external links) 
Google Analytics  _ga Used to distinguish users whi access the BIBA website 2 years Google Analytics helps BIBA to measure how users interact with website content. As a user navigates between web pages, Google Analytics provides BIBA with JavaScript tags (libraries) to record information about the page a user has seen, for example the URL of the page. The Google Analytics JavaScript libraries also use HTTP Cookies to “remember” what a user has done on previous pages / interactions with the website.

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Google Analytics _gat Used to throttle request rate 10 minutes As above
Google Analytics __utma Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics 2 years from set/update As above
Google Analytics __utmt Used to throttle request rate. 10 minutes As above
Google Analytics __utmb Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics 30 mins from set/update As above
Google Analytics __utmc Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit End of browser session As above
Google Analytics __utmz Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics. 6 months from set/update As above
Google Analytics __utmv Used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics. 2 years from set/update As above
BT TS0194eee0 This is a session cookie which stores information such as previously entered form information and navigation menu choices to facilitate a visitors use of the website. Expires at end of session Stored temporarily, does not collect information from the user’s computer

 

For further information please visit www.allaboutcookies.org.

Section 15.Pixel tags

Pixel tags (also called clear gifs or web bugs) are used to track who is reading a web page or e-mail, when, and from what computer.

They provide us with information about your interaction with our email messages (if you receive messages in html format) and to record some of the pages you consequently visit on our Website.

We use this information so we can provide you with information tailored to your needs and interests, better plan our future campaigns and upgrading visitor information used in reporting statistics.

Pixel tag technology is used to analyse the reading habits of our membership in order to review and improve services to members and on occasion may use this for marketing purposes. Questions about this technology should be directed to the BIBA communications department 0344 77 00 266.

Section 16. How to contact us

Please contact us if you have any questions about our privacy policy or the information we hold about you.

You can contact us by email enquiries@biba.org.uk or by writing to us at Membership Department, BIBA, 8th Floor, John Stow House, 18 Bevis Marks, London EC3A 7JB.