Anorak Technologies Limited (Anorak, we, us or our) are committed to protecting and respecting your privacy and understand how important that is for you. We collect, use and share information about you in accordance with this Notice. This Notice is important, and you should read it carefully in conjunction with our Terms of Service
Your continued use of our services, whether through our website, our app or otherwise, indicates that you acknowledge the use of your personal data by us and other parties as set out below. We may make changes to this Notice from time to time and you should regularly review this page. If you do not agree with this Notice, then you should stop using the website and contact us to delete your account.
The data controller is Anorak Technologies Limited. We are a company registered in England and Wales (company number 10854345) and our registered address is 24 Old Queen Street, London, SW1H 9HP. You can write to us at Anorak Technologies, 60 Gray's Inn Road, London WC1X 8AQ or email us at firstname.lastname@example.org.
What data do we expect to hold about you?
In the normal course of our relationship we expect to collect the following information about you:
- Details about you: your name, date of birth, postcode, employment status and occupation, and when you plan to retire;
- Details about your household: your marital status, names and ages of other family members; your current and future plans for the education of the children you are responsible for;
- Details about your home: the area in which you live and whether you own or rent your home;
- Details about your family finances: financial transaction data, income and expenditure, savings and debts;
- Details about your financial safety nets: your existing insurance cover and workplace benefits;
- Details about your health: whether or not you are a smoker;
- Details from the services we provide to you: the profile we create about you, recordings of calls with our sales advisers, the advice that we give, and the insurance you may purchase from our partners.
Where do we get the data we hold about you?
From information you give to us
We receive and collect data from you when you fill in forms on the website or through our mobile site, such as when you register for an account or if you contact us through phone, email or otherwise. The information you give to us is necessary to enter into our contract. Without any information about you, we cannot provide you with a personalised insurance recommendation.
From information we collect about you
From information third parties give to us
We may get information about you from our partners and affiliate services or through other third parties such as advertising networks, search engine providers, analytics providers, and social networking sites.
If you have accessed Anorak through another service, that service may provide us with personal information to allow us to integrate our offering and your user journey.
We supplement the data that you may give to use from commercially available databases. These sources of information may relate to you individually (for example a search with a credit reference agency) or to specific types of data that may be attributable to you (such as property price records). We also use generally available statistical and demographic data from government and other sources to supplement the information you give us.
Financial transaction data
You may explicitly choose to securely share financial transaction data with us, in which case we will obtain this from your bank or card provider. To do this we use a regulated account information service provider.
Your financial transaction data is used to automatically fill-in certain details and to improve the accuracy of our advice, but you are not obliged to provide this data to us. You can withdraw your consent at any time.
How do we use your personal data in providing our services?
The grounds on which we process your data are:
- To allow us to perform the contract we have with you: to provide you with the advice, information, and services you request from us, customised to your preferences, we assess your insurance needs and requirements and enable you to purchase insurance from third parties
- To comply with our legal obligations: we are required to keep proper records about the advice that we give; we have duties to prevent financial crime, including money laundering and fraud.
- Your explicit consent: where you agree to share access to your financial transaction data. You can withdraw consent at any time. We use your financial transaction data to pre-populate profile information, to calculate and categorise your income and expenditure, and to assess your financial needs and requirements. We can also use financial transaction data to identify changes to your personal circumstances which may lead to a change in your needs and requirements.
- To pursue our legitimate interests: to identify you and administer your account(s) and for our internal purposes, examples of which are set out below.
The grounds on which we process any data relating to your health are slightly different. Health information is relevant to the availability of certain types of insurance, such as life insurance. We carefully review any requirement to collect health data and, where we do so, it is necessary for the performance of our contract and because there is a substantial public interest in processing health data for insurance purposes.
Information about the services you use
We will use some of your personal data to track the services you use through our website for the purpose of validating the data provided to us by our partners and for auditing commission that may become due to us on any policy you purchase.
We will use your information to keep you informed (subject to your expressed preferences) by post, telephone, SMS, email or other electronic means such as via social and digital media about current and new products, services, offers and promotions which may be of interest to you.
We may utilise a third-party software and storage solution to analyse the personal data that you have provided to us in order to ensure that the marketing that you receive is as relevant and beneficial to you as possible. We retain full ownership of your personal data and ensure that it is secure at all times.
If you are not happy for your personal data to be used in this way, you can manage your preferences through your account or unsubscribe at any time to remove your details from our contact list. If you have further queries with regards to your personal data, please feel free to contact us at email@example.com or Anorak Technologies, 60 Gray's Inn Road, London WC1X 8AQ.
The personal data we collect about you and process helps us to identify you and administer your account(s) and provide you with the advice, information and services you request from us customised to your preferences.
We also disclose your personal data to our partners to enable us to perform our services that you wish to use.
Market and statistical analysis
We use your personal data to carry out market research, statistical analysis and behavioural analysis, on a personalised or aggregated basis. This research and analysis may assist us in improving our website and the services offered to you or other individuals in the future. We may produce insights from aggregated information which does not identify you and is no longer classed as personal data which may have value to third parties, such as insurance companies.
Improvements to profiling
We use automated tagging of transactions and profiling to give our advice. We do not consider that our use of profiling gives rise to a legal or significant effect. To improve our profiling and the quality of the advice that we give to our customers, we may use de-identified financial data or profiles to train our algorithms.
Third party processing
We use third parties to process personal information on our behalf. Where third parties process your personal information, we will ensure that they have the necessary high standards of protection in place to ensure your data is secure and used only in accordance with this Notice.
Prevention of fraud and financial crime
We may carry out analysis and research using your personal data to prevent or detect fraud or other financial crime.
In the event of an interruption or cessation of our business, we need to ensure that we can implement our business continuity procedures (for example, we may need to rebuild our IT systems), or wind down planning to protect your interests. This may involve the processing of your personal data, including a transfer to an alternative service provider.
How do our partners use your personal data?
We work with some carefully selected partners who use your personal data to enable us to deliver our services to you, and to meet their own legal and regulatory requirements. In particular, we would draw your attention to the following:
- IRESS Portal Limited provides the platform infrastructure that enables Anorak to provide initial insurance quotations to you.
- We may undertake "soft" checks with a credit reference agency as a means of validating certain personal information about you.
- We may be asked to provide personal data to the Financial Conduct Authority, the Financial Services Compensation Scheme, the Financial Ombudsman Service , or the regulated firms we do or have worked with as part of our regulatory obligations or to process complaints effectively.
- If you purchase insurance through Anorak, we may supply the insurance provider with your name, address, and contact details as well as other information about your insurance requirements to help them provide you with the insurance you require.
- You may discover and access Anorak through a third-party site, marketplace or application, such as your bank, into which our service is integrated or supplied through. To improve your use and enjoyment of those other services, you may choose to allow us to share some of your data with that third-party.
Our partners may use the personal data you provide for purposes such as fraud prevention or for internal analysis (such as monitoring customer demographics, market trends or pricing analysis).
We are not responsible for the privacy policies or practices of our partners (or other websites you may click through to from our website). You should ensure you read and are fully aware of the terms and conditions and the privacy policies of third party websites.
We may also transfer your personal data to generic service providers who control or process personal data on our behalf to enable the efficient technical and logistical provision of our services. These service providers supply us with cloud data storage, data security services, customer relationship management software, and support ticketing services. We may substitute a technical or logistical service provider from time to time. Such parties are generally not permitted to use your personal data for any other purposes than for what your personal data was collected, and we require them to act consistently with applicable laws and this Notice as well as to use appropriate security measures to protect your personal data.
Do we pass personal data to third parties?
Except as set out in this Notice, we will not disclose any of your personal data to other parties without your explicit and freely given consent, unless we are legally required to do so by (for example, a court order, for the purposes of prevention of fraud or other crime, or by a competent regulator).
Transferring your personal data outside of the European Economic Area ("EEA")
We will not transfer your personal data outside of the European Economic Area and will always process transfers overseas in accordance with the data protection legislation.
Privacy and Confidentiality
We will treat all your personal data as private and confidential. We comply with and are registered under the data protection laws in the United Kingdom and take all reasonable care to prevent any unauthorised access to your personal data. Other than under the terms of this Notice, we will not disclose any personal data about you. Please be aware however that under certain circumstances we may be subject to a legal obligation to disclose personal data about you, or there may be a public duty to disclose that personal data.
Should you decide to complain about the service we have provided to you, we may be obliged to forward details about your complaint, including your personal data, to the relevant ombudsman. You can be assured that they are similarly obliged to adhere to data protection legislation and to keep your personal data strictly confidential.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO), contact details of which are:
- Serious breaches should be reported to the ICO using its security breach helpline on 0303 123 1113 (open Monday to Friday, 9am to 5pm). Select option 3 to speak to staff, who will record the breach and give you advice about what to do next.
- If you would like to report a breach in writing you can send it by post to the office address Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Under the terms of the data protection legislation you have a number of rights. You may:
- ask a copy of the information, or some of the information, that we hold about you (rights of access and portability);
- ask us to correct or remove any information about you that we hold (rights to rectification and erasure);
- ask us to stop processing or restrict the processing of information that we hold about you (rights to restrict and object to processing, including profiling).
If you cannot do any of these things through ‘My Account’, you may ask us to do so by writing to the Privacy Officer, by email (firstname.lastname@example.org) or to the correspondence address above, and we will do this free of charge. We will respond to your request within one month.
Changing your information and deleting your account
If you need to change any of your personal information you should log in to your account to make the necessary changes.
If you want to stop Anorak accessing your financial transaction data, you may revoke consent within ‘My Account’. You may also revoke authorisation directly with your account provider.
If you want to stop using Anorak, please email email@example.com using your registered email address and we will close your account within 30 days.
We have procedures in place to ensure that information is not kept for longer than is necessary but in summary:
- we will retain personal data about you for as long as your account is active;
- we only keep financial transaction data to complete your personal profile and, in any event, delete this data daily;
- after termination, we will retain only that information required for so long as it is necessary to comply with our legal or regulatory obligations, to resolve any dispute or to enforce our agreements. If we do need to retain information after termination, we will ensure that your data is archived in a way that access is restricted; and
- the maximum time that we envisage retaining any information is six years following termination.
Subject to our legal or regulatory obligations, if you ask us to delete any data, it is promptly deleted or otherwise rendered unusable from within our systems and we will no longer have any access to that data.
A cookie is a small piece of code, sent from a website to a user's internet browser, which allows that website to track the user's previous activity when they return to that website. This allows us to provide you with the experience that you expect from us and lets us continually improve our service.
A web beacon is an often-transparent graphic image that is placed on a website or in an email that is used to monitor the behaviour of the user visiting the website or receiving the email.
You can block cookies by changing the settings on your browser, but if you do you will not be able to access all or parts of our website.
The types of cookies and web beacons we use are:
Strictly necessary cookies
These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. Our website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. We use Google Analytics to help us understand website traffic and webpage usage. Google Analytics uses other information that Google may have about you to provide us with enhanced demographic information about the users of our website on an anonymised and aggregated basis.
These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
You can find more information about the cookies we use and the purposes for which we use them in the table below:
|_gac_property-id||Analytical/performance & Targeting||Used by Google to track page views and site performance and serve advertising|
|_ceir||Performance||Used by CrazyEgg to track returning users|
|mp_hexdigits_mixpanel||Analytical||Used by the Mixpanel marketing tool to track pageviews|
|_fbp||Targeting||Used by Facebook to track page views and serve advertising|
|__hssrc, __hstc||Analytical/performance & Targeting||Used by Hubspot to track page views and site performance and serve advertising|
|Targeting||Used by Linkedin to track page views and serve advertising|
If you want more information about how cookies operate, or how to manage them, please visit https://aboutcookies.org.
This Data & Privacy Notice is subject to the laws of England and Wales and the exclusive jurisdiction of their Courts.
This Data & Privacy Notice was last updated on 4 April 2022.