Privacy Policy

Our GDPR Statement of Compliance

At Rush House, we understand the importance of you having confidence in us, to do the right thing. Giving you peace of mind that we do everything with the utmost professionalism, discretion and integrity is part of our values.

With this in mind and in line with the new EU General Data Protection Regulation (GDPR), we would like to share our Privacy Policy with you, which includes details about how we look after the personal data that you provide us in the course of your relationship with us and what we do with it. It tells you how we process this, who we share it with and how we dispose of it. It also informs you of your rights and how to exercise these and also refers you to our other relevant data protection policies in how we keep your data secure and safeguard your privacy.

HOW WE OBTAIN YOUR PERSONAL DATA

Information provided by you

You provide us with personal data via online queries through our website, over the telephone, face to face, by email or by paper documents that you complete. This includes, but isn’t limited to, name, address, date of birth, email address and personal telephone numbers. We use this information respond directly to queries, record interest in our projects and services, in order to collect contact details and in order to collect donations. Our legal basis for collecting and processing this data is therefore for the performance of a contract.

We may also keep information in any correspondence you may have with us by post or via email.

Information we obtain from other sources

We may obtain information from third parties if this is permitted by law, or use legal public sources to obtain information about you, for example, to verify your identity. This includes, but isn’t limited to, companies such as Creditsafe.

This information shall only be obtained from companies that we are satisfied meet the requirements of GDPR.

HOW WE USE YOUR PERSONAL DATA

We use your personal data to manage and administer the contract in place with our clients. We undertake at all times to protect your personal data, including any health and financial details, in a manner which is consistent and in line with GDPR concerning data protection. We also take reasonable security measures to protect your personal data in storage. The company has an internal Information Security Policy which outlines the organisational and system measures in place to protect all data stored by the Company.

Do we use your personal data for marketing purposes?

We may use your personal data to share email updates about our services. You have the right to opt out at any point. At no point will we share or sell your data to third party marketing companies.

DISCLOSURE OF YOUR PERSONAL INFORMATION

We will keep information about you confidential and from time to time we will share your personal data to satisfy compliance or audit requirements. This may include allowing regulatory companies, such as the ISO, temporary access to personal data. We will ensure that any access is limited and under strict supervision.

We will not share your information without obtaining your express consent except with the following third parties where we need to share this in our role as intermediary and to satisfy our contract with you:

  • Insurance companies, loss adjustors, loss assessors, regulatory authorities and other fraud prevention agencies
  • Any contractor and/or adviser that provide a service for us or act as our agents on the understanding that they collect and process data in line with company standards and who we are satisfied with all requirements of the GDPR
  • Anyone to whom we transfer our rights and duties under any agreement we have with you
  • Any legal or crime prevention agencies and/or to satisfy any regulatory request (including recognised practitioner bodies) if we have a duty to do so or if the law allows us to do so.

All our employees have received training on protecting personal data and are duty bound as part of their contract of employment to confidentiality and data protection. A summary of our rules and procedures in respect of IT use and the protection of personal data are contained in our Acceptable Use Policy.

Transfer of your personal data outside of the European Economic Area

We do not transfer your personal data outside of the EEA, however we may transfer your data to insurance companies and their counterparts who may transfer your data outside of the EEA in order to manage your insurance policies. If they transfer your personal data outside of the EEA, we will ensure that the receiver agrees to provide the same or similar protection as we do and that they only use your personal data in accordance with our restrictions.

How long do we keep this information about you?

Our data retention periods are in line with the amount of time we need to keep your personal information in order to manage and administer your services provided by us, and to handle any insurance claims. We will also retain your personal data to comply with any legal, statutory and regulatory obligations. In all cases our need to keep your personal data will be reassessed on a regular basis and information which is no longer required will be disposed of permanently and confidentially.

Where your data is kept

Your personal data is kept on our Company IT systems, the security of which is governed by our Information Security Policy.

DATA SUBJECT RIGHTS

Subject access requests

You have the right to access personal data that we hold about you. This is referred to as a subject access request. In order to make a subject access request please write to the Data Protection Lead.

Our response to a formal request shall include details of the personal data we hold about you, including the following:

  • Sources from which we acquired the information
  • The purposes for processing the information
  • Persons or entities with whom we are sharing the information

Right to rectification

You have the right, without undue delay, to have any personal information about you which is not accurate, corrected. You also have the right to any incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure

You have a right to request for us to erase personal data concerning you, without delay. This refers only to data that we are not legally required or entitled to keep for a specified length of time in order to comply with any legal, statutory and regulatory obligations.

Right to the restriction of processing

Subject to exemptions, you have the right to restrict the processing of your personal data when:

  1. You are contesting the accuracy of the data, and restrict the processing until the accuracy of the data has been verified
  2. The processing is unlawful and you oppose the erasure of the personal data but instead request the restriction in its use.
  3. We no longer need the personal data for processing, but it is required by you for the establishment, exercise or defence of claims
  4. You object to processing of your personal data pending the verification of whether there are legitimate grounds for us to override these objections.

We shall communicate any rectification or erasure of personal data as described above to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall provide you with information about those recipients if you request it.

Right to data portability

You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine readable format, and have the right to transmit this data to another controller without hindrance from us.

Right to object

You have the right to object on grounds relating to your particular situation, at any time to the processing of personal data concerning you, including any personal profiling; unless this relates to necessary processing for the performance of a task carried out in public interest or an exercise of official authority vested in us. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of you, or in the establishment, exercise and defence of legal claims.

Right to not be subject to decisions based solely on automated processing

We do not carry out any automated processing, which may lead to an automated decision based on your personal data.

Invoking your rights

If you would like to invoke any of the above data subject rights with us please write to the Data Protection Lead at Rush House Ltd, 18-19 Lindum Terrace, Doncaster Road, Rotherham, S65 1NJ

Accuracy of information

In order to provide the highest level of customer service we need to keep accurate personal data about you. We take reasonable steps to ensure accuracy of personal data or sensitive information we obtain. We ensure that the source of any personal or sensitive data is clear. We will consider when it is necessary to update the information, such as names and/or addresses and you can help us by informing us when these changes occur.

IMPORTANT INFORMATION

Queries

If you have any queries which are not answered by this Privacy Policy, or have any concerns about how we use the personal data we hold, please write to the Data Protection Lead at Rush House Ltd, 18-19 Lindum Terrace, Doncaster Road, Rotherham, S65 1NJ

Policy changes

We will review this policy regularly to make sure we meet the highest standards and the protect your information. We reserve the right to update this policy at any time. We will not significantly change how we use data given by you to us, without your prior agreement.

Complaints

If you have a complaint please write to the Data Protection Lead at Rush House Ltd, 18-19 Lindum Terrace, Doncaster Road, Rotherham, S65 1NJ If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them on 0303 123 1113. You also have the right to judicial remedy against a legally binding decision of the ICO where you consider that your rights under this regulation have been infringed as a result of the processing of your personal data. You have the right to appoint a third party to lodge the complaint on your behalf and exercise your right to seek compensation.