This Policy sets out the obligations of AVN Capital Limited T/A AVN Group, a company registered in England under number 12174852 incorporated on 27 August 2019, whose registered office is at 100 Ardrossan Gardens Worcester Park KT4 7AY (“the Company”) regarding data protection and the rights of Customers, Investors, Contractors, Vendors and Employees (“data subjects”) in respect of their personal data under EU Regulation 2016/679 General Data Protection Regulation (“GDPR”).
The GDPR defines “personal data” as any information relating to an identified or identifiable natural person (a “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
This Policy sets the Company’s obligations regarding the collection, processing, transfer, storage, and disposal of personal data. The procedures and principles set out herein must be followed at all times by the Company, its employees, agents, contractors, or other parties working on behalf of the Company.
The Company is committed not only to the letter of the law, but also to the spirit of the law and places high importance on the correct, lawful, and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals with whom it deals.
This Policy aims to ensure compliance with the GDPR. The GDPR sets out the following principles with which any party handling personal data must comply. All personal data must be:
The GDPR sets out the following rights applicable to data subjects (please refer to the parts of this policy indicated for further details):
The Company will only collect and process personal data for and to the extent necessary for the specific purpose or purposes of which data subjects have been informed (or will be informed) as under Part 5, above, and as set out in Part 21, below.
The Company shall ensure that all personal data collected, held, and processed is kept secure and protected against unauthorised or unlawful processing and against accidental loss, destruction, or damage. Further details of the technical and organisational measures which shall be taken are provided in Parts 22 to 27 of this Policy.
The following personal data is collected, held, and processed by the Company (for details of data retention, please refer to the Company’s Data Retention Policy):
Type of Data
Purpose of Data
Name, surname, date of birth, contact details including address, email address, telephone/mobile numbers
Personal account details
Insurers, Insurance intermediaries, Insurance broking platform providers
Name, surname, date of birth, sex, medical history, employment history, employment and income details, bank details, claims history, contact details including address, email address, telephone/mobile numbers,
To source quotes and arrange insurance cover
Premium Finance Providers
Name, surname, date of birth, contact details including address, email address, telephone/mobile numbers, policy details
To arrange premium finance
Loss adjusters, claim handlers, Lawyers, third parties handling the claim
Name, surname, date of birth, contact details including address, email address, telephone/mobile numbers, policy details, claim details
For the performance of insurance policy
Compliance providers, FOS, Our PII Insurer and broker
Name, surname, address, policy details, risk details complain details
To fulfil our regulatory and legal obligations, complain procedure
Name, surname, date of birth, address, risk details
To fulfil our legal requirement to check anti-money laundering and sanctions
Name, surname, account name, Bank account details
Processing payments and refunds
Auditor, accounting software
Name, surname, address, policy details,
To fulfil our regulatory and legal obligations
The Company shall ensure that the following measures are taken with respect to all communications and other transfers involving personal data:
Personal data contained in the body of an email, whether sent or received, should be copied from the body of that email and stored securely. The email itself should be deleted. All temporary files associated therewith should also be deleted.
The Company shall ensure that the following measures are taken with respect to the storage of personal data:
When any personal data is to be erased or otherwise disposed of for any reason (including where copies have been made and are no longer needed), it should be securely deleted and disposed of. For further information on the deletion and disposal of personal data, please refer to the Company’s Data Retention Policy.
The Company shall ensure that the following measures are taken with respect to the use of personal data:
The Company shall ensure that the following measures are taken with respect to IT and information security:
The Company shall ensure that the following measures are taken with respect to the collection, holding, and processing of personal data:
This Policy shall be deemed effective as of 04th May 2020. No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.
This policy was last updated on 05/05/2020.
Registered Address: 100 Ardrossan Gardens, Worcester Park, KT4 7AY. Registered in England and Wales. Registered Number: 12174852” All rights reserved. © Copyright AVN Group
“AVN Group is the trading name of AVN Capital Ltd which is authorised and regulated by the Financial Conduct Authority, Our FCA number is 913054. Details of our permissions and scope of activities can be found on the FCA website www.fca.org.uk.”