Privacy Policy

Privacy Policy and Data Protection
Website – This section of Privacy Policy covers the Hiscox Action Group (“We”, “Us”, “Our”, or
“Group”) which can be accessed via www.hiscoxactiongroup.org and the Services provided
through it. It describes how we collect, process, protect and use the information we receive from
Website visitors and how we plan to use that information. The data controllers for the Website are:
Pinnacle Challenge, Limited trading as the Pinnacle Climbing Centre
Unit 1 Minton Business Centre
Main Road, Far Cotton
Northampton, NN4 8ES
and
Media Zoo, Ltd.
8 The Boulevard, Imperial Wharf
London, SW6 2UB
From 25 May 2008 the EU General Data Protection Regulation (GDRP) replaces existing UK and
EU data protection regulations. It is designed to harmonise data privacy laws across Europe, to
protect and empower all citizens’ data privacy and to reshape the way organisations across the
region approach data privacy. For more information you can refer to the Information
Commissioner’s Office: ico.org.uk/for-organisations/guide-to-the-general-data-protectionregulation-
gdpr/
As someone who has engaged with our Group, and about whom we hold any personal data, you
are a Data Subject. The Group is a Data Controller, because we determine how and why personal
data is processed. We are also a Data Processor, in that we process personal data in oder to
administer a service and to disseminate information to our subscribers.
The Hiscox Action Group is committed to upholding the principles of the GDPR when processing
personal data. According to Article 5 of the GDPR, personal data shall be:

  1. processed lawfully, fairly and transparently
  2. collected for specified purposes, and not processed for other purposes
  3. “just the right amount” of data for the task at hand – not too much, but enough to do the task
    accurately
  4. accurate and up-to-date
  5. kept no longer than necessary
  6. processed securely
    The Group has security and confidentiality policies in place that all administrators adhere to, as
    well as an internal Code of Conduct.
    Information We Collect
    We collect several kinds of information, depending on what you have submitted to us. We may
    collect personal information in the submission form on our “Join Us Now” website.
    We may ask you for personal information such as your name, email address, postal address,
    postcode, company name, phone number, details of your insurance policy with Hiscox and other
    information that relates to your membership of our Group.
    If you wish to make a complaint about the Group, we will collect relevant information including
    personal information in order to assist you. This information will also help us to monitor quality of
    our engagement with you and to produce anonymised statistics. The information we collect in this
    context may be passed on to other members of the Hiscox Action Group to assist with research
    to prepare for our complaint against Hiscox Insurance.
    If you wish to make either a Subject Access Request or Freedom of Information Request, we may
    ask for additional personal information pertinent to the request – for instance the date of birth of
    the person making the request. Full details relating to each of these processes, including what
    information may be requested will be furnished upon request by emailing us directly.
    You may, however, visit the website anonymously and without registering. If you choose not to
    register you may not be able to access shared with members of our group.
    Use of Personal Information
    We use the personal information collected via the Website for the purposes of:
    • providing, developing, improving and personalising our Services, our Website and information
    needed to formulate a complaint and/or action against Hiscox Insurance.
    • providing you with information about our services
    • dealing with your inquiries and requests
    • administering events such as conference, video and web chat calls.
    • generating anonymous reports about the use of the Website, its features, and our Group
    members
    The Group may use the personal information collected via the Website to provide you with Group
    emails for marketing purposes, to inform you of upcoming conference and/or video calls, or
    changes to our Services. If you register on the Website we may use the personal information
    collected to send you information about the Group’s calls and Services by email. You may opt out
    of receiving information about our Group by notifying us in response to any email received.
    Security and Confidentiality
    The Hiscox Action Group safeguards the security of the personal information you provide to us
    with physical, electronic and managerial procedures. We use industry-standard Secure Sockets
    Layer (SSL) encryption on all pages where we collect personal information.
    Any personal information you provide will be held securely and your personal information will not
    be sold, traded or otherwise made available to third parties. In some circumstances we may need
    to disclose your information (i) to a third party to include you in any formal group complaints
    procedures, (ii) to fulfil a request for information, (iii) to comply with a legal requirement or request
    from a competent court, regulator or other authority including but not limited to: Hiscox Insurance,
    the Association of British Insurers (ABI), or the British Insurance Brokers’ Association; or (iv) if we
    believe that there has been a violation of our rights or the rights of any third party. Any information
    about you that we pass to a third party service provider will be held securely by that party and
    used only to provide the services or information you have requested.
    Cookies
    Cookies are small pieces of data sent to your computer when you visit the Website and which
    enable us to collect information about you. They are stored in the cookie directory of your harddrive,
    and do not necessarily expire at the end of your session although session cookies are
    automatically deleted when you close your browser. The information we collect in this way may
    include data about how you use the Website, information about your computer (including your IP
    address, operating system and browser type), demographic data and, if you visited the Website
    by clicking on a link from a different website, the URL of that website. We may also collect
    information about your online activity, such as the pages you have viewed, downloads you have
    made or any online forms submitted.
    Although your browser may be set up to allow the receipt of cookies, you can specify that you
    wish to be prompted before a website puts a cookie on your hard-drive, so that you can decide
    whether to allow it or not. Alternatively, you can set your computer not to accept any cookies.
    Please refer to your browser instructions or help screen for information about how to do this. If
    you disable cookies, you may not have access to certain features that make your experience of
    the Website more efficient and some of Our Services may not function properly. Visitors who
    disable cookies may still submit information over the telephone and by email.
    Access to Your Information and Contacting the Hiscox Action Group
    You have the right to request a copy of the personal information the Group holds about you
    (through a Data Protection Act/GDPR Subject Access Request), to have any inaccuracies
    corrected and, where applicable, to have your information deleted. This request can be made via
    email or by post to the following address (with a return email address where possible):
    The Compliance Officer
    The Hiscox Action Group
    Unit 1 Minton Business Centre
    Main Road, Far Cotton
    Northampton, NN4 8ES
    Email: simon@hiscoxactiongroup.org
    If you have a query or complaint about this section of the Privacy Policy or about the website, you
    can contact us at simon@hiscoxactiongroup.org
    Links to and from External Sites from the Website
    The Website may contain links to other websites, mainly insurance and legal opinions, all of whom
    are third parties. These websites are not covered by this Privacy Policy and the Group is not
    responsible for the privacy practices within any of these other website environments. You should
    be aware of this when you leave our Website and we encourage you to carefully read the privacy
    statements of other websites.
    Internet Based Transfers
    Given that the Internet is a global environment, using the Internet to collect and process personal
    information necessarily involves the transmission of data on an international basis. Territories
    outside the European Economic Area (“EEA”) may not have laws which provide the same level of
    protection for personal information as those inside the EEA. Currently the Group does not use
    servers or employ third-party service providers based in such territories to process and store your
    personal information. We will notify any changes of this position through amendments to this
    Privacy Policy should this become necessary.
    Changes to This Privacy Policy
    If this Privacy Policy changes in any way, we will place an updated version on this webpage. If you
    do not agree with any resulting changes made by us, please do not continue to use the Website.
    Regularly reviewing this webpage ensures you are always aware of what information we collect,
    how we process and use it and under what circumstances, if any, we will share it with other
    parties.
    Complaints
    If you consider that your personal data has been misused or mishandles, you may make a
    complaint to the Information Commissioner’s Office, who is an independent regulator. The
    Information Commissioner may be contacted at:
    Information Commissioner’s Office
    Wycliffe House
    Wilmslow
    Cheshire
    SK9 5AF
    Telephone: 0303 123 1113
    Fax: 01625 524510
    website: ico.org.uk