1. What information do we process about you?
We will collect and process the following personal data from you, as a result of your interaction with us through our website: www.squaretrade.co.uk (“our site”) and/or our customer services by telephone and/or email or as otherwise described below.
Information you give us
We will collect and process your personal data when you carry out the following activities:
- Register your claim
- Log in to your account
- Express interest in, purchase and/or renew or upgrade our products or services
- Request information
- Send us comments or questions
- Use our website or our applications on third-party sites or platforms
The personal data that you may provide through carrying out the above activities, and which we may collect and process, includes your:
- Country of residence
- Date of birth
- Email address
- Account username and password
- Residential and billing addresses
- Telephone, including mobile telephone, number(s)
- Payment information
- IMEI of mobile phones
- Message contents, such as comments or questions
- Information about your identity such as a copy of your ID document and a photograph of you
Information we generate or collect about you
When you buy a product from us, make a claim (including interacting with customer services by telephone and/or email) and/or use our site we will collect and generate information about you including:
- your relationship with us and the products and services you have bought from us and their renewal status
- your claims history
- risk rating information
- sales and marketing information
- information that we use to identify and authenticate you and/or to prevent and detect fraud
- information we need to comply with our regulatory obligations
With regard to each of your visits to our site, we will collect the following information automatically:
- technical information, including the internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
- information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products or services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service numbers.
Information we get from external sources
We may obtain information from third parties such as fraud prevention agencies and ‘know your customer’ service providers to prevent and manage fraud and fulfil our legal duties. If a written joint or co-controller agreement is in place, we may obtain information from co or joint data controllers.
2. What cookies do we use?
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer. Every time you return to our site, the browser retrieves the cookie and sends it to the site’s server.
We use the following cookies on our site:
- Strictly necessary cookies - these are cookies that are required for the operation of our site. They include, for example, cookies that enable you to log into secure areas of our site.
- Analytical/performance cookies - these allow us to recognise and count the number of visitors and to see how visitors move around our site when they are using it. This helps us to improve the way the site works, for example, by ensuring that users are finding what they are looking for easily, or by seeing which versions of our site work best
- Functionality cookies - these are used to recognise you when you return to our site. This enables us to personalise our content for you and remember your preferences.
You can decline non-essential cookies by clicking ‘reject’ on our cookie consent banner.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
Except for strictly necessary and functional cookies, all cookies will expire after 30 days.
3. What are our legal bases for processing your personal data?
In respect of any of your personal data that we process in connection with any products or services we offer to you and/or fulfilling any obligation to you, we will process that personal data on the basis of performing a contract to which you are party, or in order to take steps at your request prior to entering into such a contract.
In respect of any other of your personal information that we process in connection with any interaction that you make with our site, we will process that personal data on the basis of carrying out our legitimate interests in making our services available to you through our site, and achieving our related business objectives including identity verification and fraud prevention.
We may also process your personal data to comply with our legal obligations.
4. How do we use your personal data?
We use your personal data that we hold about you in the following ways.
Information you give to us
We will use this information to:
- provide and deliver products and services
- send you relevant information including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages
- respond to your comments and questions and provide customer service
- take steps to address any concerns that you raise with us
- operate and improve our website
- verify your identity and prevent fraud
- comply with our legal obligations
- provide you with information about our other services
Information we generate or collect about you
We will use this information as set above, and:
- to fulfil our obligations to you
- to improve our site to ensure that content is presented in the most effective manner for you and the device from which you are viewing the content
- as part of our efforts to keep our site safe and secure
- to allow you to participate in any features of our service, when you choose to do so
- to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
- verify your identity and prevent fraud
- comply with our legal obligations
5. Who may we share your personal data with?
We may share your personal data with:
- our insurers, reinsurers, third party vendors, consultants, and other service providers who work for or on behalf of us and need access to your personal data to provide their services to us and perform certain functions on our behalf. These third parties will have access to your information only for purposes of performing these services or tasks on our behalf
- our parent company, subsidiaries, joint ventures, or other companies under common control with us (“Related Companies”) for the purposes of internal administration and management, delivering our services, internal analytics, data management and technical support. When we share information with our Related Companies we will require them to honour this privacy notice
- ‘Know your customer’ service providers that help us with identity verification or fraud checks
- third parties in connection with any merger, financing, acquisition or dissolution, transaction or proceeding involving the sale, transfer, divestiture, or disclosure of all or a portion of our business or assets to another company
- another party if we become insolvent or otherwise cease trading and such third party shall then process your personal data in accordance with their privacy notice
- insurers and/or reinsurers for the purpose of providing insurance and handling claims and repairs in certain circumstances
- other parties for legal reasons, such as public and government authorities to respond to any request they have, or other legal authorities, professionals or courts to comply with court orders and other legal processes, pursue available remedies, limit damages we may sustain, protect our operations or protect the rights, privacy, safety or property of ourselves, you and others
- our Related Companies and/or third party vendors in order to provide marketing to you, but only if you have consented to receiving such marketing from us
- a co, or joint, data controller in order to facilitate or improve the service provided to you. To protect your rights, such sharing will be subject to a written agreement between us and the co, or joint, data controller
6. Where do we transfer and store your personal data?
Personal data collected by SquareTrade may be stored or processed in the UK, European Economic Area (“EEA”), United States (“U.S.”) and/or in any other country where SquareTrade or its affiliates, subsidiaries, or third party service providers maintain facilities. SquareTrade executed standard contractual clauses in respect of transfers of your personal data to SquareTrade, Inc., in the United States, and to our EU Related Companies. Under the GDPR, SquareTrade, Inc., acts as a data processor in respect of such transfers and SquareTrade Limited acts as a data controller. Both we and SquareTrade, Inc. ensure that we use standard contractual clauses with any vendor that we engage in connection with the processing of any of your personal data outside of the UK, EEA and/or U.S.
7. What security measures do we put in place?
Confidentiality and security of your personal data are very important to us. We have implemented appropriate administrative, technical and physical security measures designed to protect your information from loss, unauthorised access, use, modification or disclosure, including the use of encryption and other technology safeguards to reduce security risks.
We ensure that we have data protection agreements in place with any service providers that we engage to fulfil your requests, in accordance with the GDPR.
We review our internal security policies and guidelines from time to time to take into account new technology and methods, the risk represented by the processing and the nature of the data being protected. We limit access to our databases containing personal data to authorised persons having a justified need to access such information and limit retention periods to retain data for no longer than is necessary.
All personal data you provide to us is stored on our secure servers. Unfortunately, the transmission of information via the internet is not completely secure. Although we will use all reasonable measures to protect your personal data, we cannot guarantee the security of your personal data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent any unauthorised access.
8. What rights do you have in relation to your personal data?
You may have the following rights in relation to your personal data to the extent permitted by the GDPR:
- to rectify any inaccurate personal data that we hold about you
- to have your personal data erased under certain circumstances
- to have the processing of your personal data restricted where you dispute its accuracy, if you think its processing is unlawful, if you otherwise object to its processing, or when we no longer need your personal data and you need it in relation to a legal claim
- to have access to your personal data, and the right to receive copies of your personal data in a structured, commonly used and machine-readable format and transfer those copies to another data controller, under certain circumstances
- to complain to your national data protection regulator if you feel that any of your personal information is not being processed in accordance with the GDPR
If you wish to contact SquareTrade in relation to any of the rights in relation to your personal data, please contact SquareTrade at: firstname.lastname@example.org. We will need to validate your identity before we will take action with respect to your exercise of any of your above referenced rights.
If you have consented to receiving marketing from us, you may also withdraw any consent that you give us to process your personal data by emailing: email@example.com. If you withdraw your consent, we will stop processing the relevant personal data except to the extent we have other grounds for processing it under applicable laws.
9. Are there risks if I access third party sites from the site?
Our site may, from time to time, contain links to and from other websites or platforms.
If you follow a link to, or share something on, any of these websites or platforms, please note that they have their own privacy policies, and that we do not accept any responsibility or liability for these other policies. Please check these policies before you submit any personal data.
10. For how long do we retain your personal data?
Personal data is retained by SquareTrade for no longer than is necessary to provide our services and/or execute our obligations under applicable contracts with customers and business partners.
11. Changes to our privacy notice
We may change our privacy notice from time to time and will denote the date of the notice by changing the "last updated" date below. We will provide additional notification if these changes are material.
Last updated October 2022