Legal Information
      Back to home
      1. Fleet Insurance FAQ
      2. Legal Information

      Privacy Policy

      1. Introduction


      Your privacy and trust are of the utmost importance to us and this Privacy Policy (“Policy”) provides important information about how Flock Limited (“Flock”, “Company” “we”, “us”, “our”) handles personal data.

      We are the controller and are responsible for your personal data. This Policy applies to personal data which we process in the course of doing business with you, including when you purchase a product or service from us (collectively, our “Services”) or when you act as a supplier of products and services to us. We will also collect personal data provided by you through the Company’s websites or apps, even if you are not a customer or supplier, for example Technical Data submitted by your browser.

      Please read this Policy carefully and contact us if you have any questions about our privacy practices or your personal data choices.

      This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit. We do not endorse or otherwise accept any responsibility or liability for the content of such third-party websites or apps or third party terms and conditions or policies. 

      2. Who We Are and What We Do


      Flock Limited is an Insurance Business that distributes commercial insurance products; we are the controller of personal data that we process. Flock is a trading style of Flock Limited, registered address, Second Floor, Wilson’s Corner, 23 - 25 Wilson Street, London, United Kingdom, EC2M 2TE (ICO Data Protection Registration Number ZA263304).

      3. The Data We Collect About You


      Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

      • Contact Data includes billing address, email address and telephone numbers.
      • Criminal Offence Data includes details of unspent convictions as they apply to the Services.
      • Financial Data includes bank account and payment card details and information about payments to and from you and other details of Services you have purchased from us or that we have purchased from you.
      • Health Data includes details of relevant medical conditions as they apply to the Services.
      • Identity Data includes name, marital status, title, date of birth, age and gender.
      • Location Data includes areas travelled in insured vehicles and speeds of those vehicles.
      • Marketing and Communications Data includes your communication  and content preferences in receiving marketing from us and our third parties.
      • Profile Data includes your username and password, your interests, preferences, feedback and survey responses.
      • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites and apps.
      • Usage Data includes information about how you use our websites and apps, products and services.

      When someone visits our websites and apps we use third party services such as Google Analytics or Pendo to collect Usage Data and Technical Data and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of our websites and apps. Some of this data is personal data but some is Aggregated Data which is derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.

      For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website or app feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

      If You Fail to Provide Personal Data

      Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with Services). In this case, we may have to cancel a Service you have with us but we will notify you if this is the case at the time.

      4. How is Your Personal Data Collected?


      We use different methods to collect data from and about you including through:

      • Direct interactions. You may give us your Identity, Contact, Financial Data, and Marketing and Communications Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
        • apply for our Services;
        • create an account on our websites or apps;
        • subscribe to our Services or publications;
        • request marketing to be sent to you;
        • enter a competition, promotion or survey;
        • give us some feedback;
        • or engage in the supply of your services to us.
      • Automated technologies or interactions. As you interact with our websites, apps, and Services, we may automatically collect Technical Data, Usage Data, and Profile Data about your equipment, browsing actions and patterns, and your use of our Services and systems.
      • During the setup of our Services. We may collect Criminal Offence Data, Identity Data, and Contact Data in relation to the Services provided to you, where applicable. This data may be provided to us by you or the insured party.
      • During provision of our Services. We may collect Location Data in relation to the Services provided to you, where applicable, by automated means from equipment installed into insured vehicles.
      • Third parties or publicly available sources. In addition to collection of Technical Data, we may receive personal data about you from various third parties including public records and social media as set out below:
        • Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
        • Identity Data, Contact Data, and Criminal Offence Data from publicly available sources or official bodies such as Companies House and the DVLA
        • Identity and Contact Data from business partners who provide allied services to you such as delivering webinars or other products of interest.
        • Identity Data, Contact Data  from third parties such as advertising networks, analytics and search information providers, software providers and hardware manufacturers.

      5. How We Use Your Personal Data


      We will only use your personal data when the law allows us to.

      Most commonly, we will use your personal data in the following circumstances:

      • Where we need to perform the contract we are about to enter into or have entered into with you.
      • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
      • Where we need to comply with a legal or regulatory obligation.
      • Where you have given us your explicit consent to do so.

      Please note that we may process your personal data without your knowledge or consent, in compliance with data protection rules, where this is required or permitted by law.

      We do not undertake any automated decision-making

      Further details on the circumstances in which we use your personal data are set out below.

      Customers

      We, or third parties acting on our behalf, will collect, use and store your personal data listed for the following reasons:

      1. To process your registrations and allow you to access and use our websites, apps, and Services.
      2. To verify your identity for security purposes.
      3. To provide you with the information and Services that you request from us, including accessing real-time risk analytics and geo-located data.
      4. To process your insurance transactions (including claims) and policy requests to enable us to quote insurance for you.
      5. To price insurance and identify different pricing models that are tailored to your profile and vehicle usage.
      6. To ensure the security of our Services, websites, and apps.
      7. To send you information about related Services that may be of interest to you.
      8. To contact you regarding administrative matters or notices or to deal with any enquiries made by you, to resolve disputes and to troubleshoot problems.
      9. To provide guidance on how to use our website, apps, and Services.
      10. To inform you of new features within our website, apps, and Services
      11. To improve our risk models and algorithms.
      12. To track and improve our ability to serve our existing customers and acquire new customers.
      13. To improve the websites, apps, and other Services we provide.

      Suppliers

      We will collect and store personal data including contact details of our suppliers and those employees of the supplier who are involved in the delivery of the Services to our customers or when you act as a supplier of products and services to us, so that we can receive your goods or services in accordance with our contract with you.

      We may also contact you about new business opportunities for us to work together with you and to keep you informed of our activities. We will only do this if it is necessary for our legitimate interests and your interests do not override our interests.

      Third Parties

      We will collect and store personal data including contact details of third parties with whom we are in contact during the delivery of Services to our customers or discussions relating to prospective customers. We process that information because it is in our legitimate interests to do so in order for us to be able to perform our contracts for our customers or to acquire business from prospective customers. We believe that you would reasonably expect us to process your personal data in this way and that your interests do not override our interests.

      Prospective Customers or Prospective Suppliers

      We will collect and store personal data including contact details of people who we might do business with as a supplier or a customer. We may collect this information from you when you contact us (including through this website). We will only collect contact information from your website or another third party website if we have identified you specifically as someone who may be interested in receiving Services from us or delivering goods or services to us.

      For personal data which is collected on prospective customers or prospective suppliers, we may contact you about new business opportunities for us to work together with you and to keep you informed of our activities. We will only do this if it is necessary for our legitimate interests and your interests do not override our interests.

      Summary

      We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the lawful bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

      Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific lawful basis we are relying on to process your personal data where more than one basis has been set out in the table below.

      Opting out

      You can ask us to stop sending you marketing messages at any time by following the unsubscribe instructions included in such communications or by contacting us by email at support@flockcover.com.

      Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a Service purchase or other transaction.

      Cookies

      We (and our third party providers) set and use cookies and similar technologies to store and manage user preferences, deliver targeted advertising, enable content, and gather analytic and usage data. You can set your browser to refuse all or some browser cookies, or to alert you when websites or apps set or access cookies. If you disable or refuse cookies, please note that some parts of our websites and apps may become inaccessible or not function properly. For further information, please see our Cookie Policy.

      6. Disclosures of Your Personal Data


      We share or disclose personal data when necessary to provide Services or conduct our business operations as described below. When we share personal data, we do so in accordance with data privacy and security requirements.

      We may share your data with the following categories of third parties, including:

      • Your broker (where applicable), service providers, sub-contractors and agents to administer your account and the Services provided to you by us now or in the future, including but not limited to, our payment processors.
      • Analytics providers that assist us in the improvement and optimisation of our websites and apps.
      • Our distribution partners, which includes software developers, hardware developers and any other company that distributes, advertises or recommends insurance policies on our behalf.
      • Flock's professional advisors such as legal representation, debt recovery, and accountants that may require access to this data for legal and business purposes.
      • Service providers. Personal data will be made available to these parties only when necessary to fulfil the goods or services they provide including (without limitation) software, system, and platform support; direct marketing services; cloud hosting services; advertising; data analytics; and order fulfilment and delivery. Our third-party service providers are not permitted to share or use personal data we make available to them for any other purpose than to provide services to us.

      If you obtain a quote or purchase an insurance Service, your personal data may be shared with Insurers including where they use your data if you make a claim.

      Except for insurers and our Principal (for more information on how these companies are regulated, please look at our FAQ here), any third parties with whom we share your data are limited (by law and by contract) in their ability to use your data for any purpose other than to provide services for us. We will always ensure that any third parties with whom we share your data are subject to privacy and security obligations consistent with this Privacy Policy and applicable laws.

      We may also disclose your data to third parties:

      • If we sell or buy any business or assets, we may disclose your data to the prospective seller or buyer of such business or assets.
      • If we, or substantially all of our assets, are acquired by a third party, your data held by us may be one of the transferred assets.
      • If we are under a duty to disclose or share your data in order to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity.
      • If we are contacted by the police, a regulatory authority or any government body, we may disclose whether you are an insured driver/policy holder and provide details of any specific trip you or an employee have made in a connected vehicle.
      • In order to enforce or apply our Terms of Use or any other agreement or to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity.
      • To protect the rights, property, or safety of us, our customers or other persons. This may include exchanging information with other organisations for the purposes of fraud protection and credit risk reduction.

      Except as detailed above, we will never share, sell or rent any of your data to any third party without notifying you and/or obtaining your consent.

      We work in partnership with the Motor Insurers’ Bureau (MIB) and associated not-for-profit companies who provide several services on behalf of the insurance industry. At every stage of your insurance journey, the MIB will be processing your personal data and more details about  this can be found via their website: mib.org.uk. Set out below are brief details of the sorts of activity the MIB undertake:

      1. Checking your driving licence number against the DVLA driver database to obtain driving licence data (including driving conviction data) to help calculate your insurance quote and prevent fraud
      2. Checking your ‘No Claims Bonus’ entitlement and claims history
      3. Prevent, detect and investigate fraud and other crime, including, by carrying out fraud checks
      4. Maintaining databases of:
        1. Insured vehicles (Motor Insurance & Policy Data or Motor Insurance Database)
        2. Vehicles which are stolen or not legally permitted on the road (Vehicle Salvage & Theft Data or MIAFTR)
        3. Motor, personal injury and home claims (CUE)
        4. Employers’ Liability Insurance Policies (Employers’ Liability Database)
      5. Managing insurance claims relating to untraced and uninsured drivers in the UK and  abroad
      6. Working with law enforcement to prevent uninsured vehicles being used on the roads
      7. Supporting insurance claims processes

      7. International Transfers


      Whenever we transfer your personal data outside of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

      • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data. The UK has adequacy regulations that include:
        • The European Economic Area (EEA) countries
        • EU or EEA institutions, bodies, offices or agencies
        • Gibraltar
        • The Republic of Korea
        • Countries, territories and sectors covered by the European Commission’s adequacy decisions (in force at 31st December 2020), which include a full finding of adequacy about the following countries and territories:
          • Andorra, Argentina, Faroe Islands, Guernsey, Isle of Man, Israel, Jersey, New Zealand, Switzerland and Uruguay.
        • There are partial findings of adequacy about:
          • Canada - only covers Personal Data that is subject to Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
          • Japan - only covers Personal Data transferred to private sector organisations subject to Japan’s Act on the Protection of Personal Information; this does not include transfers of the types listed in the EU’s adequacy decision for Japan
          • The USA - only covers Personal Data which is transferred under the UK Extension to the EU-US Data Privacy Framework
      • Appropriate safeguards in accordance with Article 46 of the GDPR (UK DPA 2018 Section 75) and transfer risk assessments.

      Please contact us (see the contact details at the end of this privacy notice) if you want further information on the specific mechanism used by us when transferring your personal data outside of the UK, and see the information here.

      8. Data Security


      We take appropriate steps to ensure that personal data is processed, secured, and transferred according to applicable law.

      We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.

      These methods include but are not limited to:

      • Encrypting applicable data in storage and in transit via industry standard algorithms
      • Controls to address malware at the endpoint and gateways
      • Implementing 'need to know' access permissions and a duty of confidentiality
      • Network and data segregation to enforce the principle of least privilege
      • Multi-factor authentication to sensitive information and services
      • Regular backups combined with verification and restoration procedures

      We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

      Although we make every effort to protect your data, the transmission of data over the internet is not completely secure. As such, you acknowledge and accept that we cannot guarantee the security of your transmitted data, and that any such transmission is at your own risk.

      9. Data Retention


      We retain personal data for as long as we reasonably require it for legal or business purposes. In determining data retention periods, the Company takes into consideration local laws, contractual obligations, and the expectations and requirements of our customers and suppliers.

      When we no longer need personal data or when you request us to delete your information, where this is legal, we will securely delete or destroy it. The length of time that we keep customer and supplier files will depend on the nature of the goods and services provided or received.

      We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your personal data are available upon request by contacting us via the methods stated at the end of this privacy notice.

      10. Your Legal Rights


      We respect your right to access and control your information, and we will respond to requests for information and, where applicable, will correct, amend, or delete your personal data

      In all cases we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data. We will respond to your request without undue delay and in any event within one month. In some cases, we may be permitted to extend that time limit for a further two months, taking into account the complexity and number of requests received from you.

      • Access to personal data: If you request access to your personal data, we will gladly comply, subject to any relevant legal requirements and exemptions, including identity verification procedures.
      • Correction and deletion: You have the right to correct or amend your personal data if it is inaccurate or requires updating. You may also have the right to request deletion or transfer of your personal data; however, this is not always possible due to legal requirements and other obligations and factors. You can contact us about our use of your personal data via the methods stated at the end of this privacy notice.
      • Object to processing of your personal data: where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
      • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
      • Withdrawal of consent: If we are processing your personal data on the basis that you have given your consent to us processing that personal data, you have a right to withdraw your consent at any time via the methods stated at the end of this privacy notice.
      • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
      • Filing a complaint: If you are not satisfied with how the Company manages your personal data, you have the right to make a complaint to the Information Commissioner’s Office (https://ico.org.uk), although we would appreciate the opportunity to address any concerns directly by contacting us first using the details below.

      11. Children’s Privacy


      Our services are not directed at children under 13. If you learn that a child under 13 has provided us with personal data without consent, please contact us.

      12. Changes to this Privacy Policy


      We reserve the right to change this Privacy Policy from time to time. We will notify our users whenever changes are made and all changes will be posted on this page so that we can keep you informed of our information collection practices. However, we encourage users to be responsible about their privacy and recommend that you consult this page frequently so that you are aware of our latest policy and can update your preferences if necessary. Your continued use of this website shall constitute that you have read and understood the revised Privacy Policy.

      13. How to Contact Us


      Please contact us with any requests related to your personal data or if you have any comments or questions about this Privacy Policy. Please feel free to contact us in one of the following ways:

      Email: to support@flockcover.com

      Support line: See the contact us page