Privacy Notice
1. Who we are
Gable Sure Ltd is a company registered in England and Wales with company number 12221247. In this notice, any reference to 'we', 'us', 'our' or 'Gable Sure' are references to Gable Sure Ltd.
Gable Sure is the "Data Controller" of any personal information you provide us, or we collect under this privacy notice. 'Personal information' meaning any information about a living individual who can be identified from that information, either by itself or when it is combined with other information.
We respect our customers' rights to privacy and to the protection of their personal information. This notice provides information regarding how we use your information, who we share it with, the circumstances under which we share it and what steps we take to protect it. If you have any questions about this privacy notice or how we use your information you can get in touch by email at dataprotection@gable.group or by writing to us at:
Data Champion: Soykan Suicmez, Gable Sure Ltd
Address: 39 Selwyn Road, New Malden, Surrey, United Kingdom, KT3 5AU
Your communication will be considered by our dedicated team. If the issue cannot be resolved at this initial stage, we will escalate it to our Data Protection Officer. Our Data Protection Officer role has been outsourced to:
DPO: Evalian Limited
Address: West Lodge, Leylands Business Park, Colden Common, Hampshire SO21 1TH
Email: dpo@evalian.co.uk
2. What personal data do we collect?
We only collect and process information that we need. So, if you don't give us the information we request, we won't be able to offer you our products and services.
- Personal Identification Data: your name, previous addresses, home address, date of birth and nationality.
- Contact Data: your mobile number and email address.
- Property Data: property details if required for the insurance product provided by us.
- Technical Data: information about how you access and use our website: your IP address, your location and the device and software you're using.
- Aggregate Data: information about our customers grouped together in a way that doesn't identify people specifically, cannot be used for re-identification and is anonymous. We use it for business reasons such as market analysis and research, demographic profiling, marketing and advertising, and to comply with regulations. If we connect any aggregate data with information that identifies you, we'll treat it as personal data and use it only in accordance with data protection laws.
3. How do we collect your personal data?
We may collect information directly from you or from others. We collect it when you call us, email us, write to us, complete our online forms, use our website or customer portal, or interact with us on social media.
We may also collect information when a party applies for our products. For example, for our lender's mortgage insurance product, the lender company will provide the borrower's personal data as per their own privacy policy.
Third party sources
By this we mean fraud prevention agencies, credit reference agencies, the Government and their agencies (e.g. HM Revenue & Customs, Financial Conduct Authority, Companies House).
Publicly available sources
This includes the electoral roll, telephone directory and other internet sources.
Marketing / analytical service providers
These are services that help us understand how people use our website and companies that do market research or behaviour analysis.
4. Why do we need your personal data and what do we use it for?
UK data protection law says that companies can't use your personal data without having a legal reason for using it. This reason is called a "lawful basis". Here are the lawful bases we rely on, and what they mean:
Contract performance: We need your information to provide you with our product and service.
Legal obligation: The law requires us to process your information. For example, we need proof of your identity to meet our fraud and anti-money laundering responsibilities.
Legitimate interest: The law allows us to use your information if it is in the legitimate interest of our business. We will always check that, on balance, the benefits to us or our partners are not outweighed by your interests, rights or freedoms. An example might be to try to improve our products and services.
Consent: You've explicitly confirmed that you are happy for us to use your personal data for a specific reason, e.g. to receive marketing. Where consent is the only reason we use the information, you have the right to change or withdraw your consent at any time. In some cases this might mean we cannot provide the service you requested.
Vital interests: We may need to process your personal data if we think it is necessary to protect someone's life.
We may process your personal data for more than one lawful ground depending on the specific purpose. Please contact us if you need details about the specific legal ground we are relying on.
| Purpose / Activity | Type of personal data | Lawful basis |
|---|---|---|
| To deliver and improve our products and services and to support our operations | Personal Identification Data; Contact Data; Property Data; Technical Data | (a) Performance of a contract with you; (b) Necessary for our legitimate interests |
| To use data analytics to improve our website, products and services, marketing, customer relationships and experiences | Technical Data | Necessary for our legitimate interests |
| To comply with any law or regulation, or prevent financial crime and the funding of terrorism | Personal Identification Data; Contact Data; Property Data; Technical Data | (a) Legal obligations; (b) Necessary for our legitimate interests; (c) Performance of a contract with you |
5. Who do we share your personal data with?
When using your information, we might share it with third parties. If we do, we make sure they undertake to keep it confidential, safe and secure just like we do. These third parties can't use your information for any reason; it has to be for a specific purpose and in the way we tell them to. We have written contracts in place with such third parties to make sure of this.
Our partners & service providers
We work with a number of third-party service providers to help run our business and provide you with our services and products. We will share the personal data we collect with our principal firm, as we are an Appointed Representative of an FCA-licensed principal company (details on the FCA register). It also includes third parties such as insurers, reinsurers, capacity providers, IT and system providers, cloud hosting companies, payment service providers, security partners, legal and accounting firms, insurance companies, financial auditors, and advertising and market research companies.
Fraud prevention agencies
We will share the personal data we collect with fraud prevention agencies. They will use it to verify your identity and prevent fraud and money-laundering. If fraud is detected, you could be refused certain services, finance or employment. If you provide false or inaccurate personal data and we suspect unlawful activity such as fraud or money laundering, this will be recorded and we may pass details to fraud prevention agencies.
Government agencies & regulatory bodies
We will use your information to comply with the law and to protect ourselves, our customers and others. Where required we will share information to respond to a court order or other lawful request from a public authority. This includes HMRC, the Financial Conduct Authority, the Financial Ombudsman Service and the Information Commissioner's Office.
Anyone who funds us, buys us or merges with us
We may have to share personal data with any person or legal entity who we sell or transfer (or discuss selling or transferring) all or part of our business to. This also includes transferring any of our rights or obligations under any agreement we have with you.
6. Do we transfer your personal data outside of the UK?
We are based in the UK but some of our service providers are located elsewhere, so we may transfer your personal data outside the UK. If your personal data is processed in the European Economic Area ("EEA") it is protected in the same way as in the UK. If we transfer your personal data outside the EEA we'll take all reasonable steps necessary to make sure it is protected to UK standards, including strict security checks and appropriate legal contracts. Please contact us for more information about the specific safeguards applied.
7. How do we keep your personal data safe?
While no transfer of data can be guaranteed to be secure, we do everything we can to protect your personal data. We make sure all our staff receive data protection training and that access is on a strictly need-to-know basis. We've put robust security systems and processes in place, layered security controls such as firewalls, to make sure your personal data isn't accidentally lost, used, accessed, changed or shared in an unauthorised way. For example, we always encrypt your personal data in line with industry best practice, both when we store and whenever we transfer it.
8. How long do we keep your personal data for?
We'll only keep your personal data for as long as we need it to do the things we collected it for (see section 4), or where laws and regulations tell us we need to keep it for a specific amount of time. You have the right to ask us to delete your personal data, but sometimes laws or regulations require us to wait a certain amount of time. If we have to wait, or if we can't delete it, we'll let you know why.
9. What are your legal rights?
When it comes to your personal data, you have various rights. Some only apply in certain circumstances or to certain information. To talk to us about your rights or make a request, get in touch by emailing or writing to us at:
Data Champion: Soykan Suicmez
Address: 39 Selwyn Road, New Malden, Surrey, United Kingdom, KT3 5AU
Email: dataprotection@gable.group
You are not required to pay any fee for exercising your rights (subject to certain exceptions) and we will always aim to respond within one month.
The right to be informed
You have the right to know what information we hold about you, why we have it, how we use and share it, and how long we keep it for, which is one of the main reasons we have this privacy notice.
The right to object
In certain circumstances, you can ask us to stop processing your personal data, for example if we're using it for marketing. There are situations where we're not able to stop, and we will always tell you why. You can opt out of marketing at any time via the unsubscribe link in any email or by emailing dataprotection@gable.group.
The right of access
You have the right to ask us to confirm whether we are processing your personal data and to receive a copy of it (along with certain other details). This is commonly known as a "subject access request".
The right to correct any errors
If any of the personal data we hold about you is incorrect or out of date, you can ask us to correct it. You can also ask us to complete information you think is incomplete.
The right to deletion
You can ask us to delete your personal data ("the right to be forgotten") if: we no longer need it for the original reason; we only hold it because you gave consent which you've now withdrawn; you object and we no longer have a legitimate interest; you change your mind about direct marketing; we collected or used it unlawfully; or we have a legal obligation to erase it. Sometimes we might not be able to delete it because of laws and regulations; if so, we'll tell you why.
The right to restrict processing
In some situations you can ask us to limit how we use your information: while we correct data you've challenged; if we've used it unlawfully but you don't want it deleted; if we no longer need it but you want us to keep it for legal claims; or while we deal with an objection you've raised.
The right to data portability
You have the right, in certain circumstances, to ask that we transfer information you gave us from one organisation to another, or give it to you.
10. How will we keep you up to date?
We last updated this privacy notice on 10 October 2024. We'll update it any time we make changes affecting how we use your information, and we'll let you know about any significant changes, usually by email or text message, highlighting the changes so you can clearly see them.
11. Third party links and services
This privacy notice does not apply to your interaction with any other third parties and applies solely to personal data processed by us through your use of our website, your receipt of our services and/or in connection with our business operations. When you follow a link from our website, or request a service from another third-party provider, this notice does not apply to that provider's processing of your personal data, which is subject to their own rules and policies.
12. What if you need to complain?
If you're unhappy about how we're using your information, please get in touch; we'll investigate and get back to you as soon as we can. You can make a complaint by emailing or writing to us at:
Data Champion: Soykan Suicmez
Address: 39 Selwyn Road, New Malden, Surrey, United Kingdom, KT3 5AU
Email: dataprotection@gable.group
If the issue cannot be resolved at this initial stage, we will escalate it to our Data Protection Officer (Evalian Limited, dpo@evalian.co.uk). We'd really like the chance to help you first, but you have the right to complain at any time to the Information Commissioner's Office ("ICO"), the UK data protection regulator: ico.org.uk/make-a-complaint.