Your personal data – what is it? Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controllers’ possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the ‘GDPR’). Who are we? Cover-4-Less is a trading name of Maintenance Direct Insurance Services Ltd (MDIS). MDIS is authorised and regulated by the UK Financial Conduct Authority (FRN 707133) and is the data controller. This means that we decide how your personal data is processed, and for what purposes. Our registered offices are located at Citibase Suite 538, The Atrium, 1 Harefield Road, Uxbridge, UB8 1PH. MDIS is registered in England No. 03152770. How do we process your personal data? MDIS complies with its obligations under the GDPR by keeping personal data up to date, by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. We may use your personal data for the following purposes: • To generate and administer your insurance policy;         • To market relevant offers and promotions to you. What is the legal basis for processing your personal data? Under Article 6 (1b) of the GDPR, the legal basis that MDIS employs for processing your personal data is that processing of your personal data is necessary for the performance of a contract of insurance to which you, the ‘data subject’ is party, or in order to take steps at your request prior to entering into a contract of insurance. Sharing your personal data In order for us to enter into a contract of insurance with you, your information is used for business purposes such as fraud prevention and detection, and financial management. This may involve sharing your information with third parties such as insurers, reinsurers, other brokers, claims handlers, loss adjusters, credit reference agencies, service providers, professional advisors, our regulators, police and government agencies or fraud prevention agencies. All the personal data that we hold about you will be processed by our staff in the United Kingdom, and no third parties will have access to your personal data without your consent, or unless there is a legal obligation for us to provide them with this information. Please be aware however that your personal data may be stored on a cloud-based system whose servers are located within the European Union. How long do we keep your personal data for? We will keep your personal data securely for a maximum of 10 years, after which time it will be destroyed securely if it is no longer needed for the lawful purposes for which it was obtained. In some limited cases, it may be necessary to retain your personal data for longer if we need to hold it for liability claim purposes. If you consent to receiving marketing from us, any information we use for this purpose will be held by us until such time as you notify us that you no longer wish to receive marketing information from us. Your rights and your personal data Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: • to request a copy of your personal data which MDIS holds about you;         • to request that MDIS corrects any of your personal data if it is found to be inaccurate or out of date;         • to request your personal data to be erased where it is no longer necessary for MDIS to retain such data;         • to withdraw your consent to the processing of your personal data at any time;         • to request that MDIS provides you with your personal data, and where possible, to transmit the data directly to another data controller (known as the right to data portability);         • where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;         • to object to the processing of your personal data with regards to Direct Marketing;         • to lodge a complaint with the Information Commissioner’s Office (ICO). Access to your information and correction You have the right to request a copy of the information that we hold about you. If you would like a copy of all or some of your personal information, please email or write to us at the addresses provided in the “Contact Details” section of this Data Privacy Notice. In some cases, we may make a small charge for this service. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate. Marketing We would like to send you information about products and services of ours and other companies within our group which may be of interest to you. If you have consented to receive marketing, you may opt out at a later date. You have a right at any time to stop us from contacting you for marketing purposes or giving your information to other entities within our group. If you no longer wish to be contacted for marketing purposes, please email or write to us at the addresses provided in the ‘Contact Details’ section of this Data Privacy Notice. Further processing If we wish to use your personal data for a new purpose, not defined by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to the commencement of the new processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing. Cookies Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information please visit www.aboutcookies.org or www.allaboutcookies.org. Other websites Our website contains links to other websites. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policy. Contact Details To exercise all relevant rights, or to raise queries or complaints, please in the first instance contact the Data Protection Officer: By email: admin@cover-4-less.com By post: The Data Protection Officer, Unit 3 Chapel Court,, 126 Church Road, Hayes, B3 2LW You can contact the Information Commissioner’s Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or by post at The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5A