Understanding your rights to privacy and how Wapp protects them.
Who we are
- Wapp travel insurance is arranged by Wapp Limited which is registered in Gibraltar company number 111526. Registered office: First Floor, Grand Ocean Plaza, Ocean Village, Gibraltar.
- Wapp Limited is authorised and regulated by the Gibraltar Financial Services Commission and trades into the United Kingdom on a freedom of services basis. Financial Conduct Authority FRN 974092.
- Policies are administered by Howserv Limited in the United Kingdom.
- Howserv is our outsourced service provider, which is registered in England and Wales, Company number 03882026.
- Howserv Limited is authorised and regulated for the administration of insurance policies by the Financial Conduct Authority, FRN 599282. The registered address of Howserv Limited is Britannia House, 3-5 Rushmills Business Park, Bedford Road, Northampton, NN4 7YB.
- We are committed to data protection and data privacy. This policy describes how we (Wapp Limited) take care of your data when you use our website, web app, mobile app (iOS or Android) or purchase travel insurance from us.
- If you’ve got any questions about your data or what we do with it, you can get in touch with our Data Protection Officer at [email protected].
- Buying insurance from us.
- Giving us your email address.
- Speaking with our customer services team.
- Downloading and using our mobile app.
- Accessing our web app.
- The Gibraltar Regulatory Authority are the supervisory authority for Wapp’s activities and this policy is governed in line with the Gibraltar Regulatory Authority guidance.
Data we collect and how it’s collected
- Personal information; that is provided when you visit our websites or mobile apps or interact with the support team this includes your name, age, email address and other details you give to us.
- Location information; if you’re using our location based app, we will collect information about where you are. This is in order to provide the service(s) you’ve bought from us. Location-related information will be based on precise device location (if you’ve enabled the location services for the app), and IP address.
- Device information; we will collect device IDs from any mobile device(s) you have installed our ‘location based’ app on. This is in order to provide the service(s) you’ve bought from us.
- Insurance policy details; when you buy a policy from us, we retain a copy in line with regulatory requirements and to prevent/detect fraud.
- Website and Web App Usage; including visits to our websites, logging into the Wapp web app and information collected through cookies and other tracking technologies. This includes your domain name, browser version, operating systems, traffic data, location data, weblogs and other communication data. As well as any other data that you access from our website.
- Claims information; detailed data about your trip and the conditions of your claim. This may include medical data, such as an injury or illness, when submitting a claim.
- We don’t store any of your financial information such as credit card details.
- These are securely handled, directly and independently by our payment gateway provider, in line with Payment Card Industry Data Security Standards (PCI DSS).
What We Use Your Data For
- As the data controller, we collect and process information about you when you complete a quote through our app or on our website, telephone our contact centre or update your records via our app, so that we can provide you with the products and services you have requested. This will be your name, age, address, health information, travel dates, destination, and other information which is necessary for us to:
- meet our contractual obligations to you
- issue and administer this insurance policy including payments and other transactions
- service your policy
- detect, investigate and prevent activities which may be illegal, or could result in your policy being cancelled, or voided
- The above data is processed for the ‘Performance of Contract’, or ‘Legitimate Interest’.
- The medical and/or health information you give us is processed as special category data, unless you’ve given your explicit consent or where the processing is necessary for reasons of public interest, i.e. in areas of great medical need.
Special Categories for Data
- Some of the more ‘sensitive in nature’ data is treated as a Special Category of personal data.
- This could be information relating to your health or criminal convictions.
- The collection of this information is conditional for us to be able to provide insurance or manage a claim. We’ll only use it for the purposes set out in this policy.
- By giving us information about another person, you’re confirming that they have given you consent to give us their information.
We may use your information to:
- Keep you up-to-date with relevant information by post, email or other means,
- Important notifications.
- Offers & customer rewards.
- Suitable products & services.
- We may carry out market research or data analysis to help us improve the services we provide or to design new services for the future.
- You have the right to request that we stop processing your personal information for marketing purposes at any time, you can do this by:
- Emailing us at [email protected].
- Writing to Wapp Customer Services at Howserv Limited, Britannia House, 3-5 Rushmills Business Park, Bedford Road, Northampton, Northamptonshire, United Kingdom, NN4 7YB.
- Please be aware that because we prepare some campaigns well in advance, whilst we will deal with your request straight away, it can take up to three months to stop selected marketing communications being sent to you.
- We may also collect information when you:
- Voluntarily complete customer surveys.
- Provide feedback and participate in competitions.
How Data is stored
- We securely store your information on servers located either in the United Kingdom or European Union.
- We keep and process this information to:
- Meet our contractual and regulatory obligations.
- Deal with requests from other authorities.
- You have the right to request a copy of the information that we hold about you and correct the information that we hold about you.
If you would like a copy of the information we hold about you please contact us by:
Emailing our Data Protection Officer at [email protected].
Writing to Data Protection Officer, Wapp, Britannia House, 3-5 Rushmills Business Park, Bedford Road, Northampton, NN4 7YB.
How long Data is Stored For
- We will only retain your data for as long as we require it.
- It will be stored for no longer than 7 years after your policy ends.
Links to other third-party websites
- Other websites will have their own privacy policies.
- If you click on a link that takes you to another website, we won’t accept any responsibility for what they do with the data you give them.
Sharing Your Data
We may process your personal information for our legitimate business interests. ‘Legitimate Interests’ means the interests of Wapp in conducting and managing our business to enable us to give you the best service/products and the best and most secure experience.
It can and does also apply to processing which is in your interests too. Processing for our legitimate interests may include processing for the purposes of:
Fraud prevention and compliance.
Certain direct marketing and promotional activities.
The provision and operation of referral marketing programmes.
Network and information systems security.
Enhancing, modifying or improving our service.
Identifying usage trends; or determining the effectiveness of promotional campaigns or advertising.
In connection with the above activities, we may share your personal information with trusted suppliers who assist us in our data processing activities.
When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law).
You have the right to object to this processing if you wish and if you wish to do so please contact us by;
- Emailing our Data Protection Officer at firstname.lastname@example.org.
- Writing to Data Protection Officer, WAPP, Britannia House, 3-5 Rushmills Business Park, Bedford Road, Northampton, NN4 7YB.
We will only share your information with:
Howserv, so they can administer your policy.
The appropriate Underwriter (dependent on the product purchased) so that, if you ever need to make a claim, it can be dealt with.
Mention-Me Ltd for the purposes of operating our refer a friend programme.
We won’t share your information with anyone else unless we are required by our regulators, or other authorities.
We won’t pass your personal data to any party outside of The Staysure Group for the purposes of marketing products or services to you.
Cookies identify your computer to a server that then enables information to be stored on the hard drive of your computer. Cookies allow a computer to be identified as corresponding to one that has accessed another website or visited a website previously. Cookies are commonly used on the Internet and do not harm your computer system. Cookies collect standard internet log information and visitor behaviour information. This information is used to track visitor use of our website and to compile statistical analysis reports of website activity. Information collected in this way can be used to identify you and to ensure your web journey is as easy and as targeted as possible.
What is the Legal Basis for processing your Personal Data?
We process the above data for the ‘performance of contract’, or ‘legitimate interest’, and we process information about medical conditions, or health on the basis of ‘substantial public interest’.
Who we share your information with
We will share your information with our outsourced service provider (Howserv) in order to administer your policy and the appropriate Underwriter (dependant on the product purchased) in order to deal with any claims. Howserv will pass certain information to their outsourced service providers to allow them to fulfil the completion of your policy. We will not share your information with anyone else unless we are required by our regulators, or other authorities, such as the Police.
We will not pass on your personal data to any party outside of Wapp Limited for the purposes of marketing products or services to you.
Under the Data Protection Act 2018, all data subjects have the following rights:
- To obtain a copy of your data that we hold, via a Data Subject Access Request
- To have the data corrected if it is inaccurate or incomplete
- To have the data deleted, although this may not always be possible, if we still need to process it, i.e. for a claim or complaint
- To ask us to stop processing your data in certain circumstances
- To receive a copy of your personal information in a portable format which can be shared by you.
How long we keep your data
We will only retain your data for as long as we require it, which will be no longer than 7 years after your policy completion, in line with financial, legal and regulatory requirements.
How we store and protect information
Information collected by us is securely stored on servers located either in the United Kingdom or European Union. We keep and process this information to meet our contractual and regulatory obligations or to deal with requests from other authorities. You have the right to request a copy of or correct the information that we hold about you. If you would like a copy of the information we hold about you please contact us by email or letter as shown below:
Enquiries in relation to data held by Wapp should be directed to:
Data Protection Officer
3-5 Rushmills Business Park
Email: [email protected]