Marketing & Management Services Ltd, trading as MMS

1. Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2018 (the “GDPR”).

2. Who are we?

MMS is the data controller and is committed to protecting the rights of individuals in line with the GDPR. This means MMS decides how your personal data is processed and for what purposes.

3. How do we process your personal data?

MMS complies with its obligations under the general data protection rules by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

4. The data we may collect about you (your personal data).

In order for us to administer insurance policies and / or deal with any claims or complaints, we need to collect and process personal data about you. The types of personal data that are processed may include:

Types of Personal Data Details
Individual details Name, address (including proof of address), other contact details (e.g. email and telephone numbers), title, date of birth, NI number, employer, job title and employment history.
Identification details Passport, birth certificate, driving licence and other proof of address.
Financial information Bank account or payment card details, income or other financial information.
Risk details Information about you we may need to collect in order to assess a claim including details about your health.
Policy information Information about the quotes you receive and policies you take out.
Credit and anti-fraud data Sanctions and information received from various anti-fraud databases relating to you.
Previous and current claims Information about previous and current claims, (including other unrelated insurances), which may include data relating to your health and in some cases surveillance reports.
Special categories of personal data Certain categories of personal data which have additional protection under GDPR, this includes health.

5. Where might we collect your personal data from?

We might collect your personal data from various sources, including:

Your family members, employer or representative;
Other insurance market participants;
Anti-fraud databases, sanctions lists and other databases;
Government agencies such as the Jobcentre Plus;
In the event of a claim, third parties including medical experts, expert investigators and claims handlers.

Which of the above sources apply will depend on your particular circumstances.

6. How will your information be used?

We may use your personal information in the following ways:

(a) To decide whether to enter into any proposed transaction with you in order to arrange and administer insurance products where you are the beneficiary or a person involved in any claim, including in certain circumstances, disclosing such information to third party anti-fraud and money laundering agencies for the purposes of detecting and preventing fraud and crime (as further set out in section 8 below);

(b) To identify you and to carry out any identity checks as may be required by applicable law and regulation and best practice at any given time;

(c) To recover any payments due to us and where necessary to enforce such recovery through the engagement of debt collection agencies or taking other legal action (including the commencement and carrying out of legal and court proceedings);

(d) To analyse it in order to understand the service we provide and in order to improve our business;

(e) To monitor calls and transactions to ensure service quality, compliance with procedures and to combat fraud.

7. What is our legal basis for processing your personal data?

The legal basis for processing your personal data is through contract; processing is necessary for the performance of a contract.

8. Disclosure to third parties.

We may also permit selected third parties and agents to access your personal information, for the purposes set out in part 6 above. Specific examples of this are set out below. All such exchanges will be made in accordance with applicable laws.

If false or inaccurate information is provided and/or fraud is identified or suspected, details may be passed to fraud prevention and anti-money laundering agencies, law enforcement agencies or other insurers and may be recorded by us or by them.

We and other organisations may also access and use this information to prevent fraud and other crime, for example when:

(a) Reviewing applications for products (as outlined in part 6 above);

(b) Deciding whether to make a payment to you under an insurance policy;

(c) Taking steps to recover payments due.

We can provide the names and addresses of the agencies we may use to counter fraud or money laundering upon request.

We may disclose your personal information to third parties, the courts and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties or in order to enable MMS to comply with its regulatory requirements or dialogue with its regulators as applicable.

In the event that MMS is (i) subject to negotiations for the sale of its business or (ii) is sold to a third party or undergoes a re-organisation, you agree that any of your personal information which it holds may be disclosed to such party (or its advisors) as part of any due diligence process or transferred to that re-organised entity or third party and used for the same purposes or for the purpose of analysing any proposed sale or re-organisation.

9. Transmission, storage and security of your personal information.

No data transmission over the Internet or website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal information in accordance with applicable data protection legislative requirements.

All information within our control is stored on our secure servers and internal systems (or secure hard copies) and accessed and used subject to our security policies and standards.

Your personal information may be accessed by staff or authorised third parties.

10. How long will your information be held?

We will keep your personal data only for so long as is necessary and for the purpose for which it was originally collected. In particular, for so long as there is any possibility that either you or we may wish to bring a legal claim under this Insurance, or where we are required to keep your personal data due to legal or regulatory reasons.

11. Your rights & contacting us.

Applicable data protection laws may give you the right to access certain personal information held about you. We will comply with our obligations to provide you with access to your personal information and to rectify any inaccuracies we are informed of in accordance with applicable data protection laws.

We will use reasonable endeavours to ensure that your personal information is accurate. In order to assist us with this, you should notify us or your agent of any changes to the personal information that you have provided to us by updating your details by contacting us at the address listed below.

We can be contacted in relation to your rights or any questions you may have in respect of this Privacy Policy or our processing of your personal information by the following means:


Post: Data Protection Officer
   Melbourne House
   Melbourne Street
   LS28 5BT

Your right to complain to the Information Commissioner’s Office (ICO).

If you are unhappy with the way in which your personal data has been processed you may in the first instance write to us using the contact details above. If you remain dissatisfied then you have the right to apply directly to the ICO. The ICO can be contacted at:

Information Commissioner’s Office
Wycliffe House
Water Lane

12. Changes to our Privacy Policy.

Any changes to our privacy policy in the future will be posted to our website and, where appropriate, through e-mail notification. We encourage you to review it from time to time to stay informed of how we are using personal information.