Privacy Policy

Our Privacy Policy applies to all our customers, including those who visit our website and may change from time
to time. We reserve the right to update or modify this Policy at any time. Our services are strictly for persons
aged 18 years and over.
We are BIG Warranties Limited, authorised and regulated by the Financial Conduct Authority reference number
798998. Our address is BIG Warranties Limited, Richmond House, Richmond Hill, Bournemouth, Dorset, BH2
6EZ. Registered with the Information Commissioner’s Office No. Z210366X. and are both trading names of BIG Warranties Limited.
BIG Warranties Limited and provide insurance services.
The Service
BIG Warranties Limited and provide insurance services for individuals and other clients. In order to
carry out our services we require personal information from you, and without that information we cannot
provide our services to you. We will use your personal information to contact you about our services, and to
keep in communication with you about your Policy/s you have with us.
We operate under two lawful bases for processing your personal information and these are;
 in order to perform our obligations under our contract with you and;
 In accordance with our legitimate business interests in providing you with insurance related services and
from time to time, offer additional services which we think may be of use to you.
Where we rely on our legitimate business interests as the basis for processing your personal data, we will always
balance our use of that data against your rights as a customer. provide a registration service in relation to your warranty on your appliance/s. Prior to the
date of expiry of the manufacturers’ warranty and as part of the service to you, you will be contacted with the
option to extend the warranty or discuss alternative options available to you.
We place cookies or similar technologies on the machine you use to visit our site and/or you use to make an
application. This is primarily to make it easier for you to access and navigate the website. By continuing to use
our website, you are giving your consent to do this. More information about cookies is set out below.
1. Cookies
This information does not identify any individual. We may also obtain information about your general Internet
usage by using a cookie file that is stored on the hard drive of your computer, which again does not identify any
individual. This information is sent back to the server each time the browser requests a page from the server
that enables the web server to identify and track the web browser. For more information about cookies, please
visit Cookies enable us to improve our service to you, estimate our audience
size and usage patterns, store information about your preferences and recognise you when you return to our

You can set your web browser to refuse cookies (or just to refuse third party cookies), but if you do this you may
not be able to enjoy full use of the site. Please note that any third parties who may advertise on our site may
also use cookies, but we do not have access to, or control over them.
2. Security
We recognise the need for appropriate protection and management of the personal and financial information
you share with us and believe that our systems meet and exceed industry standards. We protect that
information using secure socket layer (SSL) encryption technology. We store data in encrypted form on
computers and control access via secure web pages. We use firewalls and other security packages to protect us
from external attack.
We also test our systems to make sure they meet these expected standards.
The need to ensure that data is kept securely means that precautions must be taken against physical loss or
damage, and that both access and disclosure must be restricted.
All of our staff are responsible for ensuring that:
 Any personal data which they hold is kept securely.
 Personal information is not disclosed either orally or in writing or otherwise to any unauthorised third
 All phone operators are required to hand their phones in at the start of each shift, and end of breaks.
 All staff are required to lock their computers whilst they’re away from their desks.
 Ensuring that customer records are updated correctly.
 Informing the Company of any changes to information which they have provided, e.g. changes
 of address.
 Ensuring that security is passed before disclosing personal information
3. Collecting Your Information
We collect information about you in two ways – directly from your online application – the personal information
you submit and also information provided if you telephone us or write in to us.
You will be fully aware of the information collected about you as you are required to complete the information.
You have the following rights in relation to the data we hold about you:
 The right to be informed about the processing of your personal data (Privacy Policy);
 The right to have your personal data corrected if it’s inaccurate or completed if we hold incomplete personal
 The right to object to the processing of your personal data;
 The right to restrict the processing of your personal data;
 The right to have your personal data erased;
 The right to request access to your personal data;
 The right to move, copy or transfer your personal data;
 Rights in relation to automated decision making.
In addition, we may collect information about your computer including, your IP address, operating system and
browser type – for system administration and to report information to our advertisers and selected partners.
4. Use of Your Information – What we Process and Share
The personal data you have provided, we have collected from you, or we have received from third parties may
include your:
 name
 date of birth
 residential address and address history
 contact details such as email address and telephone numbers

 product information
 employment details
 identifiers assigned to your computer or other internet connected device including your Internet Protocol
(IP) address
We may share the information you submit with third parties involved in the process of providing the services
you request, such as engineers, insurers or manufacturers. We may also need to share the information, if it
becomes necessary with our advisers or auditors . We have trusted relationships with these carefully selected
third parties who perform services on our behalf. All service providers are bound by contract to maintain the
security of your personal information.
Under the General Data Protection Regulation, we are classed as the data controller and may use data that
identifies you (“your personal data”) for: statistical analysis; to develop and improve our products; to update
your records; to identify which of our, or others’ products might interest you; to assess lending and insurance
risks; to identify, prevent, detect or tackle fraud, money laundering and other crime; to carry out regulatory
checks; keeping you informed about your loan and for market research.
We will keep your personal data confidential and only give it to others for the purposes explained. In particular
our agents and subcontractors, acting for us, to use for the purpose of providing a service.
Your personal data will not be transferred outside of the European Union unless the recipient of the data applies
security and processing standards compliant with EU data protection laws.
5. Data Retention
If you get a quote from us, we’ll keep your details for up to 3 years. If you purchase a policy or register an
appliance with us we’ll keep all personal information for a period of 7 years after the policy ends/or the
registration date to ensure we meet our statutory and regulatory obligations (eg as required by the FCA, HMRC),
and to enable us to manage claims, complaints and any regulatory queries put forward to us. We may keep your
information for longer if we have a legitimate interest or we are required to do so by law.
At the end of the retention period, your personal information will either be deleted completely or anonymised,
for example by aggregation with other data so that it can be used in a non-identifiable way for statistical
analysis, underwriting and business planning.
6. Data Accuracy
The personal data we hold should be accurate and kept up to date. You have the right to have your personal
 Amended;
 Corrected;
If you identify that any of your personal information is incorrect, you will need to contact us the Data Protection
Officer to let us know if you want to do this.
7. Contact from BIG Warranties and Third Parties
Our Communication Policy explains when we are likely to contact you. We will not sell or transfer your data to
any third party unless we are required to do so legally or for insurance purposes, however should you request a
claim, your name, address and contact number will be passed to our contractors, only for the purposes of
providing that service.
8. Third Parties and third Party Links
We may receive personal data about you from various third parties as set out below:

 Search Engines e.g. Google, Bing, Yahoo
 Marketing agencies;
 Manufacturers;
 Retailers; and
 Affiliates.
Our site may contain links to third party websites. If you follow a link to any of these websites, please note that
these websites have their own terms and privacy policies and that we do not accept any responsibility or liability
for them.
If you have any questions about other third parties who may send us your personal data please contact the Data
Protection Officer
9. Your Right to Complain
We are subject to UK data protection laws, which we comply with fully and to which we give the greatest
We are registered with the ICO and our reference number is Z210366X.
Should you feel we have mishandled your personal data, you have the right to complain to the ICO, the UK
supervising authority for data protection issues ( We would, however appreciate the chance to
deal with your concerns before you approach the ICO so please contact us in the first instance.
10. Fraud
 Before we provide services or goods to you, we undertake checks for the purposes of preventing fraud
and money laundering, and to verify your identity. These checks require us to process personal data
about you.
 The personal data you have provided, we have collected from you, or we have received from third
parties will be used to prevent fraud and money laundering, and to verify your identity.
 Details of the personal information that will be processed, for example: name, address, date of birth,
contact details, financial information, employment details, device identifiers including IP address and
sometimes vehicle details.
 We and fraud prevention agencies may also enable law enforcement agencies to access and use your
personal data to detect, investigate and prevent crime.
 We process your personal data on the basis that we have a legitimate interest in preventing fraud and
money laundering, and to verify identity, in order to protect our business and to comply with laws that
apply to us. Such processing is also a contractual requirement of the services or financing you have
 Fraud prevention agencies can hold your data for different periods of time, and if you are considered
tom pose a fraud or money laundering risk, your data can be held for up to six years.
 If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may
refuse to provide the services or goods you have requested, or to employ you, or we may stop providing
existing services to you.
 A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and
may result in others refusing to provide services, financing or employment to you. If you have any
questions about this, please contact us on the details provided.
 Whenever fraud prevention agencies transfer your personal data outside of the European Economic
Area, they impose contractual obligations on the recipients of that data to protect your personal data to
the standard required in the European Economic Area. They may also require the recipient to subscribe
to ‘international frameworks’ intended to enable secure data sharing.

11. Automated decisions
As part of the processing of your personal data, decisions may be made by automated means. This means we
may automatically decide that you pose a fraud or money laundering risk or if our processing reveals your
behaviour to be consistent with that of known fraudsters or money launderers; or is inconsistent with your
previous submissions; or you appear to have deliberately hidden your true identity. You have rights in relation
to automated decision making: if you want to know more please contact us using the details provided.
12. Data Protection Principles
The Company fully endorses and adheres to the principles of data protection. These principles specify the legal
conditions that must be satisfied in relation to obtaining, handling, processing, transportation and storage of
personal data. Employees and any others who obtain, handle, process, transport and store personal data for the
Company must adhere to these principles.
Rights to Access Information – Subject Access Request (SAR)
Consumers, customers, employees and other subjects of personal data held by the Company have the right to
access any personal data that is being kept about them. Any person who wishes to exercise this right should
make the request in writing to the Company’s Data Protection Officer at [ ]. We will then respond to your
request within one month of receiving it. If your request is complex in nature we may extend this period to two
months in which case we will inform you.
The Company aims to comply with requests for access to personal information as quickly as possible.
Electronic Communications
Communication with clients via electronic methods must still pass data protection, by confirming at least two
pieces of personal information via a registered contact method e.g. email address recorded on client policy.
All electronic documentation is to be accessed by clients via an online portal called to which they will have been
supplied a username and password during application or throughout their policy.
13. Law Relating to this Policy
This notice is not intended to form a contract or to create any legal obligations not already contained in current
It has been prepared in line with the following legislation:
 General Data protection regulation 2016 (2016/679 EU)
 Data Protection Bill/Act 2018
14. Changes to this Document
We may change this notice and policy from time to time by porting the changed version on our website or
sending it to clients and other third parties who we deal with.
15. Effective Date

This policy will apply on and from 1st October 2018