Privacy Policy

We respect your right to privacy. This privacy policy will help you understand how we collect, use and store your data and the actions we take to protect it. You should show this notice to anyone else included on your policy. Please read this Privacy Policy carefully.

This Privacy Policy should be read alongside and in addition to the Cookies Policy and your Policy Wording (where applicable). If you have any feedback or questions on this policy then please email us at [email protected].

For your information we have included details of who we can speak to regarding your insurance policy. You should make sure you allocate an appropriate person as the Policyholder during your purchase:

Who can :
	Discuss the Policy	Make a change	Cancel the policy	Update the payment
Policyholder	Yes	Yes	Yes	Yes
Insured person listed on policy	Yes	No	No	No
Third Party Payer*	No	No	No	Yes
Authorised person**	Yes	Yes	Yes	Yes

All callers must pass Data Protection on the Policyholder before discussing the policy.

*Can only make changes related to their card

**Authorised person must be listed on the policy by the Policyholder

For information about how we intend to safeguard your data please see the information below.

About Us
What information we collect
When we collect your data
How we use your data
Who has access to your data
Legal basis for using your information
Retaining your information
Security of your information
Your legal rights
Related notices and terms
Changes to this policy

1. About Us

Netflights Travel Insurance is arranged and administered by ROCK Insurance Group. ROCK Insurance Group is a trading style of Rock Insurance Services Limited (ROCK) who is authorised and regulated by the Financial Conduct Authority (FCA No. 300317).

References to “our Website” or “the Website” are to https://www.netflightsinsurance.com/

ROCK acts as Data Controller, which means that we determine the way in which your data is used (as described in this privacy notice).

2. What information we collect

We collect personal data and special category data as part of providing services to you. We may also monitor or record calls, emails, SMS messages or other communications in accordance with UK law.

Types of Data we collect

Personal Data:

Name including first name and surnames of all persons named on the policy
Location information including address and telephone information
Identifiable numbers including credit/debit card details
Online identifiers including IP address, email and social media

Special Category/Sensitive Data:

Medical information such as medical condition, treatment, history
Information about children

We will also assign you a policy number and/or medical endorsement number which we will record alongside your other personal details.

If you provide us with details relating to other individuals, please ensure that you have those individuals’ consent to provide their personal data (including medical data). It is your responsibility to make them aware that we will use those details for the purposes of the relevant insurance policy or services. Please direct them to this privacy notice if they require more information.

Some information is necessary in order to provide you with the service you expect, if you do not provide us with the requested information, we may not be able to offer you the applicable insurance policy.

3. When we collect your data

We will collect your personal data when:

You ask for a quote
You make enquiries through a price comparison website
You purchase our products and services or those provided by our service partners
You make general enquiries
You register for information or other services
You respond to communications or surveys
You make a complaint
You need to make a claim or ask for assistance

If your data is not collected on a website that is part of ROCK insurance Group, it will be passed to us by the retailer or price comparison website so that we can administer your policy

4. How we use your data

To provide you with a quote

Completing your purchase including taking payment, providing payment confirmation and sending you your certificate of insurance
Carrying out any amendments to your policy at your request including cancelling, providing a refund (where permitted), referring to an underwriter, answering queries or handling a complaint
Verifying your identity when required including validating the policy for a claim or assistance
To offer a renewal of an annual policy
Assessing sales performance and providing sales and claims management information to Netflights and the Insurer
Making sure that we are safeguarding your interests through quality assessments, training and competency, customer surveys and staff feedback
Engaging with you in relation to your existing quote and/or policy, it’s expiry and requesting you to provide feedback on your experiences
Keeping you informed of the latest offers and products from ROCK Insurance Group and Staysure

5. Who has access to your data

ROCK uses a number or third parties to provide and administer your insurance. This includes:

The Insurer, Underwriter, Underwriting Agent, Claims and Assistance Handlers in order to administer your policy. See your policy wording for their details.
FireMelon Limited for the provision of some technology services.
Pay360 and Paysafe for payment services.
Trustpilot and Claims Rated for customer reviews.
Pure360 for sending emails.
If you selected the Free Travel Money offer from WeSwap, ROCK insurance will pass your personal data to WeSwap for them to fulfil this offer.
Google Analytics and AB Tasty for tracking website use.
Aptean Limited who provide the complaint handling system.
Mitel Networks Limited who provide the telephony and call recording.
Legal Authorities such as the Financial Conduct Authority, Financial Ombudsman Service, Information Commissioners Officer, Department of Social Security and HM Revenue and Customs on request.
Netflights

It is our aim to use only providers who will ensure your data is processed in the UK or European Union (EU) to provide a high standard of data protection. However we accept that we work in a global environment and cannot completely limit the transfer of data. Where data is transferred outside the UK or EU we require it to be protected according to the applicable laws.

6. Legal basis for use of your information

We must make sure that there is an appropriate lawful reason for us to process your data. These legal bases are set out in data protection law and we rely on a number of different conditions for the activities we carry out.

Necessary for the performance of contract:

Providing a quote

Completing a purchase and providing payment confirmation and a certificate of insurance

Taking payment (card or direct debit)
Amending your policy

Answering a query about a policy

Cancelling a policy and providing a refund if applicable

Handling complaints

Referring cover outside terms and conditions to the insurer

Validating a policy for a claim or assistance

Offering a renewal and advising your annual policy has ended

Processing sales obtained by an API

Sending policy information to insurer

Premium reconciliation

Contacting you if there is an issue with your policy

We have a legal obligation to:

Quality assessments including staff feedback

Managing training & competency of our staff including feedback

Assessing sales indicators

Including policy information in reports

Necessary in our legitimate interests or those of a third party:

Providing sales and claims management information to Netflights and the underwriter

Sending backing data for commission statements

Communicating about your policy
Conducting customer surveys through review sites

Where we process your data using your consent:

Consent Required	Activity
X	We will send you important information about your policy, including your Certificate of Insurance and a renewal notice if you have purchased an Annual policy.
X	We will send you additional information about your policy so that you have all of the information you need to be able to use and understand your policy. Contact us at [email protected] if you also want to opt out of this process.
✓	We will send you information about other products and services and other benefits related to your purchase if you choose to opt in to that activity during the purchase of a policy. You can always opt out later if you change your mind. Contact us at [email protected] if you also want to opt out of this process.
✓	If you require cover for your medical conditions we also must have explicit consent to process any data relating to medical information such as medical conditions, treatment and history – we will be unable to provide you with the relevant policy without explicit consent.
✓	If you require cover for your medical conditions we also need to make you aware that we determine whether or not we can offer cover for any pre-existing medical conditions, as set out above, by carrying our automated decision-making. We cannot undertake this process without your consent.
✓	We do not allow children to purchase our policies online. If you require an individual policy for a child under the age of 18 then we will require explicit consent from the parent or guardian and the insurance contract will be between us and that parent/guardian.

7. Retaining your information

Your personal data shall be retained as long as needed for the authorised purposes listed in section 4. This includes retention of some personal data following the end of our relationship with you, for example to resolve any potential disputes and for ongoing or prospective legal proceedings, to maintain records of our services, and otherwise to comply with our legal obligations and to defend our legal rights. We keep any data used to create a quote for 14 days. If you purchase a policy from us all policy data is kept for 7 years from its end/expiry or cancellation. All other correspondence and voice recordings will be retained for 8 years.

Please contact us at [email protected] if you need further information about our retention periods.

8. Security of your information

We regularly review the technical and organisational security measures we have in place on our information and communications systems in order to prevent the loss, misuse or unauthorised alteration of your personal information. We also use industry standard security to encrypt sensitive data in transit to our servers.

Communications sent through our website, email or social media, rely on the internet which is a publicly hosted network and is therefore not secure unless the site has been encrypted. ROCK cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.

ROCK has deployed an adequate procedure to identify and communicate any incident of data breach within a delay of 24 hours and to resolve it within a reasonable delay.

Further information about security measures we apply to communications sent by email or over our website is available on request.

9. Your Legal Rights

You have the following Individual Rights:

✓	The right to be informed about how we collect, use and store your data through this Privacy Policy
✓	The right of access to your data and to request a copy of the personal data we hold about you. Please contact us at [email protected] and we will acknowledge your email within 48 hours. We will not charge you for this request and we will make sure that you receive your information within 28 days.
✓	The right to request that we correct any inaccurate data. Please contact us at [email protected] and we will take action to correct the data and confirm to you once this has been done.
✓	The right to ask us to erase any data that we hold. Please contact us at [email protected]. Your request will then be considered and we will write to you by email to inform you of the outcome of our decision and any actions that we will take.
✓	The right to withdraw consent to your data being used to receive direct marketing communications. You can opt out by emailing [email protected].
✓	The right to ask us to transfer your data to a new provider. You can make this request by emailing [email protected].
✓	The right to complain about how your data is being collected, used or stored. You can complain by emailing [email protected]. Alternatively you can contact our Data Protection Officer as follows: Data Protection Officer Rock Insurance Services Limited Griffin House, 135 High Street, Crawley, West Sussex, RH10 1DQ Telephone: 0333 202 5670 Email: [email protected] If you are dissatisfied with the response then you have the right to appeal to the Information Commissioners Office. Please visit https://ico.org.uk/ for further information about how to do this.

10. Related notices and terms

Our Cookie Policy (https://netflightsinsurance.com/cookie-policy) provides information about the use of cookies on our website. We will ask you to consent to our use of cookies in accordance with the terms of the policy when you first visit our website. Terms relating to your insurance policy (where relevant) are provided separately by us and can be found in your Policy Wording.

11. Changes to this policy

This privacy policy was last updated on 10/09/2024 14:03:09. We reserve the right to make changes to this policy and you will be prompted of any changes when you next visit our website.

From time to time we may need to change the way we use your personal data. Where we believe you may not reasonably expect such a change we will write to you. When we do so, you will have 60 days to object to the change.