Privacy Policy

Hokodo Privacy PolicyLast updated: 18 September 2018Table of Contents1. Introduction 22. What Personally Identifiable Information does Hokodo hold and process? 2Insureds and Buyers 3Business partners 3Employees and Job Applicants 3Browser Data 33. Lawful basis for processing Personally Identifiable Information 34. Retention period 45. Third party transmission 46. How your Personal Data is protected 47. Your rights 58. Modification of this Privacy Policy 51. IntroductionThe aim of this document is to explain how Hokodo (henceforth referred to as “we” or “us”) willensure that Personally Identifiable Information (PII) is protected and processed in accordance withthe General Data Protection Regulation (GDPR).We provide business-to-business insurance solutions, which protect transactions between theInsureds (the firms who request or buy insurance from us, the ‘Sellers’) and their customers (their‘Buyers’). As such, the data we process is mostly that of companies, whereas GDPR applies primarilyto the data of individuals. Some notable exceptions are when we process information regarding: i)sole traders, who trade as an individual rather than as a company; ii) the primary contacts at ourInsureds; their Buyers and our distribution partners, for whom we may need to process contactinformation, and iii) individuals associated with these companies on public registers such asdirectors, officers and shareholders.12. What Personally Identifiable Information does Hokodo hold andprocess?The PII we process is differentiated by our relationship with that party.Insureds and BuyersWe process data on the Insureds and Buyers, which is required for providing them with insurancequotes or insurance policies, and which may include PII such as:● Contact details of the individuals with whom we interact to do business, including: address,telephone number, email address and contact history,● Invoicing history, including: invoice value, Buyer company identity, issue date, due date, paiddate etc.,● Claims history, including the status of any debt collection,● The names of individuals associated with the company, as obtained from publicly-availablesources, as well as any publicly-disclosed court rulings related to those individuals, and● A credit score, if we have performed a check on the companySubject to the consent of the Data Subject, contact details may also be used for our own marketingpurposes, for example to notify the Insureds of a new product that we think they might beinterested in.Business partnersWe hold and process the contact details of our business partners with whom we interact to dobusiness. We may also contact our business partners for our own marketing purposes.Employees and Job ApplicantsIn order to facilitate the day-to-day running of our business, we hold PII for all our employees, suchas: bank details, identification documents, contact details etc. As part of our recruitment process wereceive the CVs of job applicants, which include contact details as well as other personal data (eg.date of birth).Browser DataVisitors to our website do not have their PII collected. However, we do process some non-personallyidentifiable data, such as: IP Addresses, Country / City of origin, Browser (eg. Google Chrome orSafari), Internet Provider (eg. Virgin media), Device type - (eg. Mobile, Tablet, Desktop) andOperating System (eg. Mac OS 10.13.1).3. Lawful basis for processing Personally Identifiable InformationThe legal bases upon which we will process and hold PII are:● Performance of contract: in order to provide insurance or offer a quote, it is necessary for usto be in contact with the Insureds or prospective Insureds and to process data about them(to determine the risk of offering insurance; the premium and the extent of cover).2● Legitimate interest: we process PII of Buyers on this basis for example to: i) characterise therisk profile of the company, ii) conduct collections in cases of non-payment as well as iii)identify and prevent fraud.● Consent: when marketing to Insureds or business partners, we obtain the active consent ofthese parties and they are given the clear option to opt out at any time.● Legal obligation: we may occasionally be compelled to process the PII of parties with whomwe interact or share their data with regulatory authorities in order to comply with regulatoryor legal requirements, such as for the prevention of money laundering or combating taxfraud.4. Retention periodUnless otherwise instructed, we will retain PII for a reasonable and necessary time taking intoaccount the purposes of the processing and the legal and regulatory requirements. We will alwaysdestroy PII within ten years of the termination of a contract.5. Third party transmissionIn order to conduct our business, we need to share Personal Data with selected third parties, suchas:● The insurers who underwrite our insurance products, and associated insuranceintermediaries (eg. brokers, FSMA registered companies) and reinsurers,● Debt collection agencies,● Claims adjusters,● Legal or regulatory bodies -- where required -- in order to comply with diverse regulations(eg. Financial Conduct Authority regulations), and● Service providers, such as: IT platforms, payment processing providers, lawyers, otherspecialised consultants and marketing and communication firms.Your data may be transferred outside the EEA as part of interactions with these third parties. In suchcases, we have safeguards in place including contractual clauses to ensure third parties meet thestandards required by EU law.We strictly limit the disclosure of PII to third parties to that which is required for the fulfilment of theagreed purpose and nothing more.If you pass us PII regarding another party (for example a Buyer), it is your responsibility to ensurethat, where it is necessary to do so, i) you have told the individual who we are and what PII weprocess (as set out in this Privacy Policy); and ii) you have permission from this individual to pass ustheir PII (including any sensitive personal data).6. How your Personal Data is protectedAny data held by us is stored encrypted on our servers. Access to your data is only granted topersons for whom it is necessary for the performance of their tasks. These persons are contractuallybound to strict professional discretion. We pay particular attention to the protection of your privacy3and employ industry-standard technical and organisational measures against loss, destruction,access and alteration or distribution of PII by unauthorised persons. It should, however, be notedthat the processing and transmission of data is inherently subject to security risks.Our website may contain links to third party sites (eg. social media) whose terms of use do not fallwithin the scope of this Privacy Policy and should be consulted to find out how they respect yourprivacy.7. Your rightsIn accordance with GDPR, the following rights exist with respect to Personal Data:● Right to be informed (that PII is being held and what we do with it),● Right of access (to view your PII),● Right of rectification (to ask us to change the PII if you believe it is incorrect),● Right to erasure (to ask us to delete your PII if we no longer need it, if you believe we haveobtained the data unlawfully or if you have removed your consent for particular activities),● Right to restriction (to stop us from doing particular things with your PII),● Right to portability (to pass the PII on to another party),● Right to object (to ask for your data not to be used for direct marketing or for “legitimateinterests”), and● Rights related to automatic decision-making, including risk profiling (to have a human reviewany decision that has been made about you by our risk profiling and pricing algorithms).Please contact us via support@hokodo.co if you wish to discuss or begin the process of exercise ofany of the above rights.8. Modification of this Privacy PolicyWe may adapt this Privacy Policy at any time, and the changes will be applicable at the time ofpublication on our website. We therefore advise you to consult the most recent version of thisdocument.Hokodo Services Limited is an Appointed Representative of Innovative Risk Limited, a firm authorised and regulated bythe Financial Conduct Authority.4