We care about your personal data
AWP P&C (UK Branch) and AWP Assistance UK Ltd (“we, “us” “our”), part of the Allianz Group of companies are authorised and regulated by the Financial Conduct Authority in the United Kingdom to distribute insurance products and services. The insurance is provided by AWP P&C SA. This is a French company authorised in France acting through its UK Branch.
AWP Assistance UK Ltd also trades as Allianz Partners, Allianz Assistance and Allianz Global Assistance.
Protecting your privacy is a top priority for us. This notice explains how and what type of personal data will be collected, why it is collected and with whom it is shared. Please read this notice carefully.
1. Who is the data controller?
A data controller is the individual or legal person who controls the use of the data and is responsible for keeping it safe. The laws apply to personal data in both paper and electronic files. AWP Assistance UK Ltd is the data controller as defined by relevant data protection laws and regulations.
2. What personal data will be collected?
We will collect and process different types of personal data about you as follows:
• data relating to the identification of persons who are parties, interested or involved in the contract; and
• any other data necessary for the conclusion and/or performance of the contract.
In this context, we may collect and process "sensitive personal data" relating to you.
Note: By subscribing to this contract, you undertake to communicate the information contained in this privacy notice to any third party for whom any personal data could be transmitted to us (e.g. other policyholders, beneficiaries, third parties involved in the claim, people to be notified in the event of an emergency etc.) and you agree not to communicate this information for any other purpose.
We collect personal information direct from individuals, their representatives, business partners, digital applications (such as the Allianz Service Partner app and Allianz Provider app) or from information they have made public, for example, on social media. We also collect personal information from other persons or organisations, for example: emergency services, law enforcement agencies, medical and legal practices; fraud prevention agencies and industry registers and databases used to detect and prevent insurance fraud; other insurers or service providers who underwrite the insurance or provide the services for our products, other Allianz Group companies. We use technology on our website, apps and emails, such as the use of cookies or small text files on our website or pixels within emails.
Depending on the type of insurance product or service we provide to you, we will collect and process various types of personal data about you:
• Surname, first name
• Address
• Place of residence
• Date of birth
• Gender
• Telephone numbers
• Email address
• Credit/debit card and bank account details
• CCTV / video images (we may collect this if you visit one of our offices).
• Location / GPS information
• Flight and travel plans
• Call recordings
• Medical information
• Policyholders and anyone named on or covered by the policy
• Data relating to children in some circumstances, for example where the child is a beneficiary under a policy or is involved in a claim (sensitive data)
• Anyone who may benefit from or be directly involved in the policy or a claim, including claimants and witnesses
• Anyone seeking an insurance quote from us or whose details are provided during the quotation process
• Identification checks and details including previous claims information
• Tracking and location information if it is relevant to the insurance policy or claim
• Voice when you use the digital/virtual assistant tool (Voicebot or equivalent)
• Customer satisfaction Surveys on the services/products
• IP addresses and information about the technology you are using
• Where applicable, we’ll collect data relating to criminal offences, including previous criminal convictions, bankruptcies and other financial sanctions such as County Court Judgements
• Information collected from your devices relating to your use of our websites, including via the use of cookies
• In the event of a claim under our warranty and roadside assistance products where a hire car is provided, we will collect and process data relating to driving related convictions which may affect our ability to provide a hire car to you
• We may also collect and process special category data about you, such as medical information, where you have purchased a travel product from us or in case of 3rd party electric bicycle and electric scooter rental
• In the event of a claim we may need to obtain and share data with retailers and authorised repairers; where the device was purchased or repaired (for mobile device and retail product insurance)
• We may also need to collect and process special category data about you, such as medical information
3. How is your personal data collected and processed?
We will collect and process the personal data that you communicate to us and that we receive from third parties (as explained below) for a number of purposes and subject to your express consent, unless the latter is not required by applicable laws and regulations as shown below:
Purpose
Is your express consent required?
Quote and subscription to the insurance contract.
No, to the extent that the activities of processing are necessary to execute the insurance contract to which you are a party and to take the necessary steps to put the insurance in place prior to the conclusion of this contract.
Administration of the insurance contract (i.e. handling claims and complaints, investigating claims and seeking confirmations necessary to determine the existence of an insured event and the amount of compensation to be paid or the type of assistance to be provided etc. in relation thereto.
Yes, if necessary (i.e. for sensitive data). However, in cases where we need to process your personal data in the context of the processing of your claim and or complaint and/or need to monitor the treatment of vulnerable customers and those with protected characteristics, we will not request your express consent.
To conduct quality surveys on the services provided, in order to assess customer satisfaction and improve it.
No. We have a Legitimate Interest in contacting you after handling a request or after providing a service in order to ensure that we have executed our contractual obligations in a satisfactory manner. However, you have the right to object by contacting us as explained in section 10 below.
To comply with any legal obligations (for example, those arising from laws that apply to insurance contracts and insurance activities, compliance with tax obligations, accounting laws and administrative obligations.
No. In these circumstances, the processing activities are expressly and legally permitted without the requirement for express consent.
For verifications purposes, to comply with legal and/or contractual obligations or internal procedures.
No. We may process your personal data as required to comply with both internal or external audit requirements that are required by law or external/internal procedures. We will not request your express consent for these purposes if the reason for processing is justified under the regulations in force or under our Legitimate Interest. However, we will ensure that only personal data that is strictly necessary will be used for this purpose and that the data will be held in strict confidentiality.
To analyse the data for the purposes of carrying out statistical and qualitative analysis based on the rate of compensation claims.
No. In these circumstance, we will only be processing anonymized personal data. Anonymized data is not considered to fall into the category of personal data and your express consent is therefore not required.
For debt collection management (i.e. to request payment of the premium or claims from third parties, allocating compensation between different insurance companies covering the same risk).
No, if the processing of your data, even sensitive categories of personal data, is necessary for the purposes of the establishment, exercise or defence of legal proceedings, which are necessary for the purposes of our Legitimate Interest then we will not require your explicit consent.
For the purposes of detecting and preventing fraud, compliance with anti-money laundering requirements and compliance with applicable civil and/or criminal regulations, including, economic sanctions and where applicable, the comparison of your information to that appearing on previous requests/claims with us or other organisations.
No. It’s understood that processing data for the purposes of the detection and prevention of fraud, anti-money laundering and compliance with applicable regulations such as economic sanctions, constitutes a Legitimate Interest of the Data Controller.
To transfer risk via reinsurance and co-insurance.
We may process and share your personal data with other insurance or reinsurance companies with which we have signed, or will sign agreements of coinsurance or reinsurance. Coinsurance is where a risk is covered by several insurance companies by means of a single contract, each assuming each a percentage of the risk or in dividing the covers between them. Reinsurance is an insurance policy covering an insurer's exposure to a policy or class of policies that it has insured. However, this is an internal agreement between us and the reinsurer and you have no direct contractual link to it. These risk transfers occur under the Legitimate Interests of an insurance company which are generally authorised by law (including sharing personal data strictly necessary for this purpose).
From time to time we may wish to inform you, or permit Allianz Group companies and selected third parties to inform you about products and services that we feel may be of interest to you in accordance with your marketing preferences. However, we can only do this with your express written consent or on the basis of Legitimate Interests. You can change your mind about this at any time by contacting us as set out in section 10 below.
We will process personal data we receive about you fromthird parties such as brokers and business partners, other insurers and fraudprevention agencies.
We will process your personal data where it is necessary for us to comply with our legal and/or contractual obligations to you, or where we need to take pre-contractual steps at your request.
We will process your personal data where necessary for the purposes of our legitimate interests. “Legitimate interests” means the interests of our company in conducting and managing our business to enable us to give you the best service/products and the best and most secure experience. For example, we may process your information to invite you to complete a customer feedback survey, to renew your policy upon expiry or protect you against fraud when transacting on our website and to ensure that our websites and systems are secure. When we process your personal information for our legitimate interests, we make sure that we consider and balance any potential impact on you and your rights under data protection laws. Our legitimate business interests do not automatically override your interests. We will not use your personal data where our interests are overridden by the impact on you (unless we are required or permitted by law).
'Special category data' is personal data which is regarded as more sensitive and so needs greater protection, such as medical records. In the event of a medical emergency, claims under our travel products, or in the event of a personal accident claim under our 3rd Party insurance, we may need to share this information with selected third parties such as doctors and hospitals. In such circumstances, where necessary to protect your health, we will process and share such data either with your explicit consent or, where this is not possible, we will do so in order to protect your vital interests or on the basis that processing is in the substantial public interests. In some instances and where applicable, we may also process your data to ensure that we achieve with fair outcomes across the board for our customers.
We will need your personal data and use it for the purposes described above if you would like to buy our products and services. If you do not wish to provide this to us, we may not be able to provide the products and services to you. CCTV cameras are in operation at our offices for health and safety, prevention of crime and prevention of damage to our building and company assets. We may collect video recordings and still pictures which feature you, if you are in the field of vision of any of our CCTV system. These images are only held for a period of ninety days.
Voice recognition technology may be used to initially interact with you, when you call us, to answer any queries you may have or to re-direct your call to the relevant department. We may collect voice recordings of you and these recordings are held for a period of two years.
4. Who will have access to your personal data?
We will ensure that your personal data is processed in a manner that is compatible with the purposes indicated above.
For the reasons stated above, your personal data may be disclosed to the following parties who operate as third party data controllers depending on the type of policy you have bought from us:
• Other Allianz Group companies, industry governing bodies, regulators, fraud prevention agencies and claims databases, for underwriting and fraud prevention purposes;
• The manufacturer of your vehicle and their franchised dealers and authorised repairers, vehicle recovery operators;
• The manufacturer of your mobile device and their franchised dealers and authorised repairers;
• Retailers of insured products;
• Doctors and other health professionals concerning your medical conditions, in the event of a medical emergency, or personal accident;
• Other business partners such as banks and mobility companies linked to your product for reporting purposes and product performance analysis to help identify ways to improve the product and customer experience (where they are also a Data Controller and they carry out processing on the basis of their and our legitimate interest to improve our products and services). In some instances, this may also include the sharing of special category data to ensure that we arrive with fair outcomes for you;
• Any organisation where you have agreed for them to receive that data as part of the terms and conditions of your membership or affiliation; and
• Airline companies in the event of repatriation.
For the reasons stated above, we may also share your personal data with the following, who act as data processors under our instruction:
• Other Allianz Group companies; experts such as technical consultants, lawyers and loss adjustors; service companies to discharge operations (claims, IT, postal, document management); and
• Advertisers and advertising networks to send you marketing communications, as permitted under local law and in accordance with your communication preferences. We do not share your personal data with non-affiliated third parties for marketing purposes without your permission; and
• Providers of data services and data analysts who support us with developing our products and enhancing customer service and experience.
Finally, we may share your personal data in the following instances:
• In the event of any contemplated or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in any insolvency or similar proceedings); and
• To meet any contractual and/or legal obligation, including to the Financial Ombudsman Service if you make a complaint about the product or service we have provided to you.
5. Where will your personal data be processed?
Your personal data may be processed both inside andoutside of the United Kingdom (UK) and the European Economic Area (EEA) by the parties specified in section 4 above, subject always to contractual restrictions regarding confidentiality and security in line with applicable data protection laws and regulations. We will not disclose your personal data to parties who are not authorised to receive it.
Whenever we transfer your personal data for processing outside of the UK and the EEA to another Allianz Group company, we will do soon the basis of Allianz’s approved binding corporate rules known as the Allianz Privacy Standard (Allianz’s BCRs) which set out our commitment to maintain the same high level of protection for personal information regardless of where it is processed. The BCR’s are legally binding on all Allianz Group companies. Where Allianz’s BCRs do not apply, we will instead take steps to ensure that the transfer of your personal data outside of the UK and the EEA receives the same level of protection as it does in the UK and the EEA. If you would like more information on the BCRs, please see section 10 below.
6. What are your rights in respect of your personal data?
Where permitted by applicable law or regulation, you have the right to:
• Access the personal data held about you and to learn the origin of the data, the purposes and ends of the processing, the details of the data controller(s), the data processor(s) and the parties to whom the data may be disclosed;
• Withdraw your consent at any time where your personal data is processed with your consent;
• Update or correct your personal data so that it is always accurate;
• Delete your personal data from our records if it is no longer needed for the purposes indicated above;
• Restrict the processing of your personal data in certain circumstances, for example where you have contested the accuracy of your personal data, for the period enabling us to verify its accuracy;
• Obtain your personal data in an electronic format for you or for your new insurer;
• File a complaint with us and/or the Information Commissioner’s Office.
You may exercise these rights by contacting us as detailed in section 10 below.
7. How can you object to the processing of your personal data?
You have the right to object to us processing your personal data, or tell us to stop processing it (including for purposes of direct marketing). Once you have informed us of this request, we shall no longer process your personal data unless permitted by applicable laws and regulations.
You may exercise this right in the same manner as for your other rights indicated in section 6 above.
8. How long do we keep your personal data?
Except for voice recordings, which will be kept for two years, we will retain your personal data for a maximum of 10 years from the date the insurance relationship ends. If we are able to do so we will delete or anonymise certain areas of your personal data as soon as that information is no longer required for the purposes for which it was obtained.
9. Automated decision making, including profiling
We may use automated decision making, including profiling, to assess insurance risks, detect fraud, and administer your policy. This helps us to decide whether to offer the insurance and determine prices.
For example, when you buy a travel insurance product, we carry out automated decision making. We may accept or reject a potential policyholder for cover based on their age. We do not offer insurance for customers above a certain age in the UK. If accepted, the automated calculation of a person’s age may be used to calculate the premium payable.
In online medical screening, we ask customers to respond to a series of medical questions. This then determines whether the customer is accepted or rejected for cover and whether the customer needs to pay an additional premium to have their medical condition covered.
If you have any concerns regarding the decision reached, please let us know at the contact details set out in section 10 below and we will arrange for a person to check the accuracy of the result.
10. How can you contact us?
If you have any queries about how we use your personal data, you can contact us as follows:
By email: AzPUKDP@allianz.com
By post: Customer Service (Data Protection), AWP Assistance UK Ltd, 102 George Street, Croydon CR9 6HD
By telephone: 020 8603 9853
We will need details of your name, email address, policy number, and purpose of your request.
11. How often do we update this privacy notice?
We regularly review this privacy notice. This privacy notice was last updated in February 2024.