“Group”) which can be accessed via www.hiscoxactiongroup.org and the Services provided
through it. It describes how we collect, process, protect and use the information we receive from
Website visitors and how we plan to use that information. The data controllers for the Website are:
Pinnacle Challenge, Limited trading as the Pinnacle Climbing Centre
Unit 1 Minton Business Centre
Main Road, Far Cotton
Northampton, NN4 8ES
Media Zoo, Ltd.
8 The Boulevard, Imperial Wharf
London, SW6 2UB
From 25 May 2008 the EU General Data Protection Regulation (GDRP) replaces existing UK and
EU data protection regulations. It is designed to harmonise data privacy laws across Europe, to
protect and empower all citizens’ data privacy and to reshape the way organisations across the
region approach data privacy. For more information you can refer to the Information
Commissioner’s Office: ico.org.uk/for-organisations/guide-to-the-general-data-protectionregulation-
As someone who has engaged with our Group, and about whom we hold any personal data, you
are a Data Subject. The Group is a Data Controller, because we determine how and why personal
data is processed. We are also a Data Processor, in that we process personal data in oder to
administer a service and to disseminate information to our subscribers.
The Hiscox Action Group is committed to upholding the principles of the GDPR when processing
personal data. According to Article 5 of the GDPR, personal data shall be:
- processed lawfully, fairly and transparently
- collected for specified purposes, and not processed for other purposes
- “just the right amount” of data for the task at hand – not too much, but enough to do the task
- accurate and up-to-date
- kept no longer than necessary
- processed securely
The Group has security and confidentiality policies in place that all administrators adhere to, as
well as an internal Code of Conduct.
Information We Collect
We collect several kinds of information, depending on what you have submitted to us. We may
collect personal information in the submission form on our “Join Us Now” website.
We may ask you for personal information such as your name, email address, postal address,
postcode, company name, phone number, details of your insurance policy with Hiscox and other
information that relates to your membership of our Group.
If you wish to make a complaint about the Group, we will collect relevant information including
personal information in order to assist you. This information will also help us to monitor quality of
our engagement with you and to produce anonymised statistics. The information we collect in this
context may be passed on to other members of the Hiscox Action Group to assist with research
to prepare for our complaint against Hiscox Insurance.
If you wish to make either a Subject Access Request or Freedom of Information Request, we may
ask for additional personal information pertinent to the request – for instance the date of birth of
the person making the request. Full details relating to each of these processes, including what
information may be requested will be furnished upon request by emailing us directly.
You may, however, visit the website anonymously and without registering. If you choose not to
register you may not be able to access shared with members of our group.
Use of Personal Information
We use the personal information collected via the Website for the purposes of:
• providing, developing, improving and personalising our Services, our Website and information
needed to formulate a complaint and/or action against Hiscox Insurance.
• providing you with information about our services
• dealing with your inquiries and requests
• administering events such as conference, video and web chat calls.
• generating anonymous reports about the use of the Website, its features, and our Group
The Group may use the personal information collected via the Website to provide you with Group
emails for marketing purposes, to inform you of upcoming conference and/or video calls, or
changes to our Services. If you register on the Website we may use the personal information
collected to send you information about the Group’s calls and Services by email. You may opt out
of receiving information about our Group by notifying us in response to any email received.
Security and Confidentiality
The Hiscox Action Group safeguards the security of the personal information you provide to us
with physical, electronic and managerial procedures. We use industry-standard Secure Sockets
Layer (SSL) encryption on all pages where we collect personal information.
Any personal information you provide will be held securely and your personal information will not
be sold, traded or otherwise made available to third parties. In some circumstances we may need
to disclose your information (i) to a third party to include you in any formal group complaints
procedures, (ii) to fulfil a request for information, (iii) to comply with a legal requirement or request
from a competent court, regulator or other authority including but not limited to: Hiscox Insurance,
the Association of British Insurers (ABI), or the British Insurance Brokers’ Association; or (iv) if we
believe that there has been a violation of our rights or the rights of any third party. Any information
about you that we pass to a third party service provider will be held securely by that party and
used only to provide the services or information you have requested.
Cookies are small pieces of data sent to your computer when you visit the Website and which
enable us to collect information about you. They are stored in the cookie directory of your harddrive,
and do not necessarily expire at the end of your session although session cookies are
automatically deleted when you close your browser. The information we collect in this way may
include data about how you use the Website, information about your computer (including your IP
address, operating system and browser type), demographic data and, if you visited the Website
by clicking on a link from a different website, the URL of that website. We may also collect
information about your online activity, such as the pages you have viewed, downloads you have
made or any online forms submitted.
Although your browser may be set up to allow the receipt of cookies, you can specify that you
wish to be prompted before a website puts a cookie on your hard-drive, so that you can decide
whether to allow it or not. Alternatively, you can set your computer not to accept any cookies.
Please refer to your browser instructions or help screen for information about how to do this. If
you disable cookies, you may not have access to certain features that make your experience of
the Website more efficient and some of Our Services may not function properly. Visitors who
disable cookies may still submit information over the telephone and by email.
Access to Your Information and Contacting the Hiscox Action Group
You have the right to request a copy of the personal information the Group holds about you
(through a Data Protection Act/GDPR Subject Access Request), to have any inaccuracies
corrected and, where applicable, to have your information deleted. This request can be made via
email or by post to the following address (with a return email address where possible):
The Compliance Officer
The Hiscox Action Group
Unit 1 Minton Business Centre
Main Road, Far Cotton
Northampton, NN4 8ES
can contact us at firstname.lastname@example.org
Links to and from External Sites from the Website
The Website may contain links to other websites, mainly insurance and legal opinions, all of whom
responsible for the privacy practices within any of these other website environments. You should
be aware of this when you leave our Website and we encourage you to carefully read the privacy
statements of other websites.
Internet Based Transfers
Given that the Internet is a global environment, using the Internet to collect and process personal
information necessarily involves the transmission of data on an international basis. Territories
outside the European Economic Area (“EEA”) may not have laws which provide the same level of
protection for personal information as those inside the EEA. Currently the Group does not use
servers or employ third-party service providers based in such territories to process and store your
personal information. We will notify any changes of this position through amendments to this
do not agree with any resulting changes made by us, please do not continue to use the Website.
Regularly reviewing this webpage ensures you are always aware of what information we collect,
how we process and use it and under what circumstances, if any, we will share it with other
If you consider that your personal data has been misused or mishandles, you may make a
complaint to the Information Commissioner’s Office, who is an independent regulator. The
Information Commissioner may be contacted at:
Information Commissioner’s Office
Telephone: 0303 123 1113
Fax: 01625 524510