JIAL (‘we’, ‘us’, ‘the company’) is an organisation under the trading name of Just Insurance Agents Limited ('JIAL'), authorised and regulated by the Financial Conduct Authority (FCA) under registration number 610022. We are registered as a company in England and Wales under registration number 05399196 and headquartered at: Victoria House, Toward Road, Sunderland, SR1 2QF.
We have insured over one million passengers and thus, we understand the relevance and the impact of providing adequate safeguards to our clients. Therefore, regardless of your country of origin, we want to take care of the privacy of anyone that shares personal data with us because we respect your rights and values and we are committed to protecting your personal data.
JIAL has enforced this Policy in order to cover all the protective regulations that Data Subjects benefit from. We do safeguard the interests of Data Subjects regardless of their residence country – be it UK, US, EU or others.
This Policy shall be considered up to date and applied until further notice regarding any amendments is given.
This Policy serves as a foundation for respecting your privacy and data protection rights. However, for additional safeguards, we enforced several documents which might interest you. The following documents are to be considered as supplementary, among others:
- The Data Retention Policy and Schedule
- Subject Access Request Procedure
Within the Policy, the following definitions are to be applied:
Data Subject means the natural living person to whom the personal information relates and that can be directly or indirectly identified. Data Subjects can be identified or identifiable.
- Personal data is defined as any information relating to the Data Subject.
- Sensitive data encompass data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
- Data Controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by law, the controller or the specific criteria for its nomination may be provided for by law.
- Data Processor is a party that processes personal data on behalf and under the authority of the Data Controller. It can be a third party too.
- Data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
- Supervisory Authority refers to the independent public authority established in each country for ensuring the correct application of the data protection legislation. A specific Supervisory Authority will be concerned by the data processing of JIAL if:
(a) The controller or processor is established on the territory of the supervisory authority;
(b) Data subjects residing in the territory of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or
(c) A complaint has been lodged with that supervisory authority.
- Data Protection Officer (DPO) is the person appointed by JIAL to safeguard the rights of the Data Subjects, to ensure and secured data processing and sharing, and to respond to any inquiry regarding the personal data processed
Any reference to the Data Protection Laws shall be considered made to the following regulations:
- The Privacy and Electronic Communications Regulations 2003
- The Data Protection Act 2018 (DPA 2018) and the UK GDPR
- The General Data Protection Regulation 2016/679 (GDPR)
- Other relevant and applicable law, based on our activity or data subjects we engage with (this list is not exhaustive).
Our activity is permanently carried out under the aegis of the following data protection principles:
- Lawfulness, fairness and transparency – These are the main attributes of our data processing
- Purpose limitation – The purposes for processing data are lawful and explicitly specified
- Data minimisation - We process relevant personal data in an adequate manner, limited to the underlying purposes
- Accuracy - The personal data that we store must be up to date. Additionally, we appreciate your involvement in ensuring an error-free data base.
- Storage limitation - We keep your personal data in a form which permits identification of Data Subjects and we strictly respect the retention schedules you were informed about within the Data Retention Policy.
- Integrity and confidentiality – The processing of personal data is carried out under strong guarantees of security in order to minimise the occurrence of data breaches.
Additionally, we take all the technical and organisational measures to ensure a safe environment for your personal data.
In order to legally collect the above information, we rely on the following legal grounds:
- In order to enter into a contract with you or meet the existing obligations of a contract concluded with you;
- In order to fulfil our legal obligations;
- For our legitimate interests;
- Your consent.
When using consent as the lawful basis of processing personal data, consent has to be explicit, free and informed.
The purposes for processing personal data from you and their legal grounds can be verified below:
- Legal Obligation
- Keep our records up to date
- Compliance with requests from law enforcement authorities
Compliance with our statutory obligations as a registered company
Insurance administration by JIAL or our agents
- Keeping you informed about relevant travel and travel insurance news via e-mail
- Investigation/prevention of crimes
- Research or statistical purposes
- Offering you renewal of cover (when you have taken out an annual multi trip policy that can be renewed)
- Obtain feedback from you
Assist with you using our services and help you complete the purchase via phone
Understand your preferences and needs by analysing data from you (such as how you use our website)
- Forecasting clients' preferences and possible improvement for the business
If you do not wish to be sent our newsletter e-mails or called for being helped with your purchase, please email email@example.com. For the first case mentioned, you can also click the unsubscribe link within the e-newsletter you receive.
JIAL processes the following categories of personal data:
- Contact information – including name, address, electronic address, phone number
- Health data
- Financial data – meaning credit / debit card information and other information we need in order to process payments for you
- Communication data – meaning records of contact with you (e.g. as system notes, emails and letters.).
After a quote obtained by you, we are legally allowed to contact you under the lawful basis of Legitimate Interest via email, text and/or telephone to discuss your online experience, ensure you have all the relevant information you need to be informed and assist you to complete your purchase. Please let us know if such communications are of no interest to you.
We are very happy to assist you with more information required for clarifications on our processing activities. Please send such requests to our Data Protection Officer, according to section 15 - contact.
In connection with your application for travel insurance, we and the insurers on our panel use an automated medical screening system to screen against pre-existing medical conditions. The system will use information you provide relating to the medical history, health and lifestyle of you and any other people insured under the policy to determine whether we are able to offer you an insurance policy from any of the insurers on our panel and on what terms.
You have the right not to be subject to a decision which is based solely on automated processing, as stated under 'Your Rights', bullet point 6.
You do not have to take part in this screening process, but in this case, we would not be able to provide you with a travel insurance policy. In this case, please DO NOT provide your medical, health and lifestyle information to us on our website.
To the extent that you have provided (or will provide) personal information to us about any other individual, you agree that you have provided information to the individual about the content of this policy and you have their permission or are otherwise legally authorised to share their personal information with us and the insurers as detailed in the policy. We may ask for evidence related to your authorisation, as it is part of our legal obligation to process personal data in a lawful and fair way.
Details about the way any of the insurers on our panel use your personal information can be found in their separate privacy notices which are available on their websites.
Whenever we require your consent for processing personal data, we do so in line with the General Data Protection Regulation - consent has to be freely given, specific, informed and unambiguous.
We will only accept voluntary consent. Otherwise, the given consent is void. In the situations where consent is necessary, that represents the legal ground for personal data processing. You can withdraw your consent at any time. We make sure the withdrawal of consent is as easy as giving consent.
You, as a Data Subject, have the following rights:
- To request access to your personal data (commonly known as a "data subject access request"), without paying any fee
- To request correction of the personal data that we hold about you
- To request erasure of your personal data.
- To object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
- To request restriction of processing of your personal data.
- To not be subject to automated decision-making, unless the data is processed for the conclusion or performance of a contract with the Data Controller, falls under legal authorisation or explicit consent. Whenever such processing relies upon consent or contractual obligations, you can further exercise your rights to express your point of view, to request human intervention and contest the automated decision.
- To request the transfer of your personal data to you or to a third party. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- To withdraw consent at any time where we are relying on consent to process your personal data. If you withdraw your consent, we may not be able to provide certain products or services to you.
If your request is considered excessive and/or manifestly unfounded (for example because repetitive requests having been made), JIAL is legally permitted to decline it. In this case, JIAL can charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested. In some cases, additional exemptions may apply, under the law. For example, Schedules 2-4 of the Data Protection Act 2018 states the cases in which we may not disclose information to you. Other sector specific rules may apply. In case of having questions regarding how to exercise your rights, please contact our Data Protection Officer.
The security of your information is very important to us. We protect your information by maintaining physical, electronic, and procedural safeguards in relation to the collection, storage and disclosure of personal data to prevent unauthorised access, accidental loss, disclosure or destruction. No data transmission over the internet can be entirely secure, and therefore we cannot guarantee the security of your personal information and\/or use of our sites. However, we use our reasonable endeavours to protect the security of your personal information from unauthorised access.
In the event of a data breach occurring, JIAL shall notify the competent supervisory authority within 72 hours under the condition the breach is likely to result in a risk to the rights and freedoms of natural persons. The data subjects will also be informed about this if high risks to their rights and freedoms are identified. If JIAL is a Data Processor, it shall notify the Data Controller about the incident referred above. without undue delay.
We retain your personal data only when necessary and according to the law. The approved retention schedule can be consulted in our Data Retention Policy. The Data Retention Policy and Schedule contain the purposes of retaining your data and the period we are allowed to do so. Copies of these are available on request.
JIAL will disclose personal data to third parties only for identified purposes, in compliance with the law. The legal grounds allowing us to transfer personal data to another entity are the following: contractual or legal obligation, our legitimate interest or your explicit consent, and following the procedure described in section 8 - consent.
If, at any point, the Company will disclose information about a Data Subject, they will be notified.
Any data sharing will be grounded on strong security measures, adequate and consistent with this Policy and the related Privacy Policies. High security and encryption measures are in place when sharing any data.
JIAL will take remedial action in response to misuse of personal information by a third party to whom JIAL has transferred such information.
Business associates might have access to personal data processed by JIAL for performing their job. From time to time, we may send information to, receive information from, or exchange your personal information with:
- any company within our group of companies by means of a centralised database
Partners or agents who support us to deliver our products and services to you, or that we refer you to, or that refer you to us
- companies who perform essential services for us
- third-party organisations that conduct research, analysis and marketing activities on our behalf
- regulators, courts or other public authorities
- emergency services in the case of accident or emergency
- Facebook for audience matching purposes. Your data is only used by Facebook to understand your likes and interests so they can direct marketing to others with similar likes and interests. Once they have matched the information, they delete your data.
Where we have relationships with other organisations that process your information on our behalf, we take care to ensure they have high data security standards. Such safeguards are included in the Data Processing Agreement concluded with them. We will not allow these organisations to use your personal information for unauthorised purposes. If the business is reorganised or sold to another organisation, we shall transfer any personal information we hold to that organisation. The full list of third parties that personal data is sent to is available on request.
International transfers of data
We will not transfer your information to other countries outside the EEA unless it is unavoidable to allow us to deliver our products and services. If we do, we take care to ensure the same level of privacy and security as the UK. In such situations, JIAL will decide on a case- by- case analysis, if a Transfer Risk Assessment is required. This assessment will point out the levels of risks the potential transfer exposes data subjects to and how they can be mitigated. The documentation international data transfers rely on might be requested by data subjects at: firstname.lastname@example.org. For more details, please read the following section.
In order to achieve the best compliance framework aimed to protect your personal data accordingly, JIAL has implemented a robust procedural system. We use this for ensuring the processing of data is transparent, lawful and fair. Therefore:
- Whenever we implement a new system that might threaten the rights of data subjects or innovative solutions that rely on new technologies, we will carry out Data Protection Impact Assessments.
- Whenever we need to transfer personal data in third countries that do not benefit from adequacy arrangements, decisions or regulations, we will carry out a Transfer Risk Assessment.
- Whenever we need to evaluate the weaknesses in our business, we will conduct a Gap Analysis.
In addition to the above-mentioned assessments, we might have various reports created for specific reasons or ad hoc, based on situations we encounter on a daily basis. As part of fulfilling our transparency obligations, data subjects can request the underlying documentation at any moment, at: email@example.com. However, we might not disclose all the information the documents contain, in order to protect other data subjects or for commercial reasons. In case we need to do so, we will ensure the content of the documentation can still be read and understood, without affecting the substantial information.
In case you are not pleased with the way we fulfil our obligations regarding data protection, we kindly ask you to inform us in the first instance. We are committed to having your personal data secured, so we will take all the measures to solve this.
If you are not satisfied with the way that we handled the situation, you can lodge a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, which can be contacted at:
Postal address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://ico.org.uk/make-a-complaint/
Although we may not always be perfect, we would appreciate it if you contacted us first and allow us to prove our commitment towards adequate implementation of the data protection rules.
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy notice.
If you have any questions about this Policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below:
Phone: 07740 171986
Updates to the policy
We regularly review this policy. Whenever we make changes that substantially affect the content and might have an impact on your rights, freedoms and legitimate interests, we will notify you (i.e., not including situations when we correct possible grammar mistakes or restructure the document herein).
You may view the most recent version here at: https://quote.justtravelcover.com/privacy. We also note at the beginning of the policy when the last update was. You can view the full policy and download a copy for your records here.
What are cookies?
A cookie is a small text file, typically of letters and numbers, downloaded to your computer when you access websites. Typically, they contain the following information:
- a site name and unique user ID,
- the duration of the cookie's abilities and effects,
- and a random number.
The role of cookies is beneficial, making your interaction with frequently-visited sites smoother with no extra effort on your part. Without cookies, online shopping would be much harder and some websites will become less interactive with the cookie option turned off.
Most common cookies
These cookies expire when you close your web browser (Internet Explorer, Firefox, Safari, Google Chrome). These cookies are used for various reasons, for example, remembering what you have put in your shopping basket as you browse a website. They can also be used for security to access your Internet banking or email.
These cookies are still stored on your computer after you have closed your web browser which allows your preferences on websites to be remembered. These cookies are used for a variety of purposes, for example, remembering your preferences on a website (your language choice or your user name on a particular website).
First and Third-Party cookies
This refers to the website placing the cookie. First party cookies are cookies set by the website you are visiting. Third party cookies are set by another website; the website you are visiting may have advertising on the page and this other website will be able to set a cookie on your computer. Third party cookies on the main web browsers allow third party cookies by default. Changing the settings on your browsers can prevent this. We will only record or share third party cookies where we have your consent to do so. For more information about how we manage your personal data, see our privacy notice.
There are some exemptions to the above where it is essential for a website to store information on your computer, for example, to provide a service to you that you have requested.
Data Protection laws demand that you, as a website user, are given the opportunity to understand how cookies are used on our websites and consent to cookies being stored on your computer (laptop/mobile/tablet).
Monitor the use of our website
We put a session cookie on your computer for the duration of your visit to our site. It stores data about the browser you are using and information you have entered for our website to function correctly and to deliver you the best service. This cookie is deleted when you leave our website. We track what you do on our website to improve your experience and for functionality purposes.
Collect trend data
Track our marketing
To work with other selected organisations
Use Google Analytics
We use Google Analytics on our website. How Google uses the data when you use our website may be found here. You may disable the Google Analytics function by means of a browser add- on to ensure the prevention of the sending of any analytical information to Google.
How to change your cookie settings
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout
How to delete cookies from your device
To remove cookies from your computer, follow the steps in this section.
If you are using Netscape 6.0+:
Go to 'Edit' in the menu bar Click on 'Preferences' Click on 'Advanced' > Select the 'Cookies' Field > Tick either 'Warn Me Before Accepting a Cookie' or 'Disable Cookies' > Click on 'OK' > Go to your 'Start' button Click on 'Find' > Click on 'Files and Folders' > Type "cookies.txt" into the search box that appears Click 'Find Now' > When the search results appear drag all files listed into the 'Recycle Bin' > Now shut down and restart Netscape. > Depending on your earlier choice you will either be prompted by new cookies or no cookies will be set or received.
Netscape Communicator 8.0
On your task bar, click: from the Tools menu, select Options, and then open the Site Controls panel > on the Sites List tab, select the Master Setting (trust level) want to change > in the Web Features section, the default setting is Allow cookies, but you can change this.
If you are using Firefox 2.0+ / 3.0+ / 4.0+/ to disable cookies: Go to 'Tools' in the menu bar > Click on 'Options' Click on 'Privacy Tab' > Disable the box that says 'Accept Cookies From sites' > To clear existing cookies: Go to 'Tools' in the menu bar Click on 'Options' > Click on 'Privacy Tab' Click on "Clear Now" Select "Cookies" >Click on "Clear Private Data Now" >This procedure will stop sites from installing cookies on your firefox browser.
Safari 5.0 (Apple Macintosh)
From the menu choose Safari then Preferences > Click the Security icon and then Show Cookies > Select a cookie from the list and click Remove > To delete all cookies click Remove All
Managing Cookies from the Latest Firefox 8.0 Browser
You can specify your cookie options under Firefox 8.0 by selecting Tools -> Options -> Privacy. On the Privacy box, you can disallows websites from tracking you by checking on the "Tell web site I do not want to be tracked" under Tracking. But even if you are tracked, you can go to the linked "remove individual cooker" which opens up a new dialog box containing the websites and their respective cookie files saved by the browser. You can individually delete the cookies, search for specific cookie or just delete all of the with one click.
If you are using Internet Explorer (IE) 7.0+:
Go to 'Tools' in the menu bar Click on 'Options' > Click on 'Privacy' Tab on top Click on 'Advanced" button > Select "Prompt" for both "First party cookies" and "Third Party Cookies"
To delete existing cookies: Go to 'Tools' in the menu bar Click on 'Options' > Click on 'General' Tab on top > In "Browsing History" section, click on "Delete" Click on "Delete Cookies" > Your Internet Explorer 7.0 should now be cookie free!
If you are using Internet Explorer (IE) 8.0+:
Go to 'Tools' in the menu bar which should drop down then click on 'Internet Options' > Click on 'Privacy' Tab on top > Click on 'Sites' a new window should open called 'Per Site Privacy Actions' > Type in the URL of the site you wish to allow or block cookie in the 'Address of website' box.
To delete existing cookies: Go to 'Tools' in the menu bar which should drop down then click on 'Internet Options' > Click on 'Privacy' Tab on top > Click on 'Sites' a new window should open called 'Per Site Privacy Actions' > Under the "Managed websites' box should be a list of all the websites you have visited. To remove all cookies simply click on the "Remove all" button. Your Internet Explorer 8.0 should now be cookie free!
If you are using Internet Explorer (IE) 9.0+:
Go to 'Tools' in the menu bar which should drop down then click on 'Internet Options' > Click on 'Privacy' Tab on top > Move the slider up to the 'Block all Cookies' button Important Notice: Blocking all cookies may prevent you from entering a lot of sites. The next two Internet Explorer privacy levels, High and Medium High, may be more suitable.
To delete existing cookies: Go to 'Tools' in the menu bar which should drop down then click on 'Internet Options' > Click on 'General' tab which should be under 'Browsing History' and click 'Delete' > Your Internet Explorer 9.0 should now be cookie free!
If you are using Google Chrome to disable cookies:
Go to 'Tools Menu' Click on 'Options' > Click on 'Under the Hood' > 'Cookie Setting' should be selected. Once done select 'Block all Cookies' > Now all cookies should be blocked on your Google Chrome .
To clear existing cookies: Go to 'Tools Menu' Click on 'Options' > Click on 'Under the Hood' > Under 'Privacy' section select "Show Cookies' > A new window should open called 'Cookies' In here you can see all the cookies within your Google Chrome Browser. > Click on "Remove All" to remove all traces of cookies > If you wish to only remove a certain cookie, simply highlight and click "Remove"
Safari 5.0 (PC Windows)
From the menu choose Edit Then Preferences > Click the Security icon and then Show Cookies > Select a cookie from the list and click the Remove button To delete all cookies click Remove All.
If you are not using any of the above browsers, then you should select 'cookies' in the 'Help' function for information on where to find your cookie folder.