Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
When we use personal data we are regulated by the Information Commissioner under the Retained Regulation EU 2016/679 (“UK GDPR”) and the UK Data Protection Act 2018 (together, “Data Protection Legislation”). We are accountable as Controller of that personal data for the purposes of Data Protection legislation.
It would be helpful to start by explaining some key terms used in this policy:
| We, McCosh, Yokahu, us, our | McCosh Holdings Limited, trading as Yokahu, incorporated and registered in England and Wales with company number 12061729, whose registered office is at 2 City Limits, Danehill, Reading, Berkshire, England, RG6 4UP. |
| Personal data | Any information relating to an identified or identifiable natural person |
| Special category personal data | Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership Genetic and biometric data Data concerning health, sex life or sexual orientation |
In the course of your interaction with us and our provision to you of insurance against damage to your home occasioned by certain categories of hurricane in Caribbean Territories, using parametric underwriting technologies, we will collect from you the following personal data:
This personal data is required to enable us to provide our insurance services. If we are not provided with the personal data we ask for, it may delay or prevent us from providing the services which you are requesting.
We collect your personal data directly when you enter your details on line via a web portal which may also include the branding of an insurance broker local to you in your Caribbean Territory. Your personal data is entered by you directly onto a platform which is controlled by us.
Under Data Protection legislation, we can only use personal data if we have a legal basis for doing so. Our legal bases for collecting your personal data are for the performance of our contract with you or to take steps before entering into a contract with you, and to comply with our legal and regulatory obligations.
This does not apply to special category personal data, which we do not anticipate that we will process. Should this situation change, we will update this Privacy Notice.
We will always treat personal data with the utmost respect and never sell it to other organisations for marketing purposes.
We share personal data with our retained external third party service providers such as Amazon Web Services for data storage; Stripe and Vitesse PSP Ltd. for premium collection and payments; Shufti Pro for mandatory ID verification and a weather data provider for claim assessments.
We only allow our retained external third parties to handle personal data if we are satisfied they take all appropriate measures to protect all personal data and only on our written instructions.
In addition, we may share some personal data with one or more insurance syndicates at Lloyds of London, so that risk may be placed with them and eventual claims paid to you and with certain insurers and insurance brokers local to you. We may also share certain personal data with the Corporation of Lloyds as part of their supervision and oversight of the insurance market.
We may very occasionally disclose and exchange information with regulatory bodies to comply with our legal and regulatory obligations.
Personal data is kept securely on encrypted servers in Amazon Web Services Dublin EU, managed by McCosh Holdings Limited staff.
The privacy and the security of personal data is our utmost priority, and we recognise our obligation to keep it secure and private. We have put in place industry-leading security practices to prevent personal data from being accidentally lost or used or accessed unlawfully. All data is encrypted in transit between You and Us as well as when stored in our databases. All servers are SSL enabled. Decryption keys are managed securely and information is retained within a single, secure Virtual Private Cloud. We use SHA256 and TLS 1.3 for encryption.
We will retain credit card and bank information of insured data subjects for the duration of our contractual relationship with those insured and for a period of six [6] years following termination of that contract as required by our legal and regulatory obligations.
When it is no longer necessary to retain personal data, we will delete it.
All data subjects have the following rights, which can be exercised free of charge:
| Access | The right to be provided with a copy of personal data held on a data subject |
| Rectification | The right to require us to correct any mistakes in a data subject’s personal data |
| To be forgotten | The right to require us to delete personal data—in certain situations |
| Restriction of processing | The right to require us to restrict processing of certain personal data—in certain circumstances, e.g. if the accuracy of the data is contested |
| Data portability | The right to receive the personal data provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations |
| To object | The right to object: —at any time to personal data being processed for direct marketing (including profiling); —in certain other situations to our continued processing of personal data, e.g. processing carried out for the purpose of our legitimate interests |
| Not to be subject to automated individual decision-making | The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning a data subject |
| To withdraw consent | The right to withdraw consent as a legal basis for processing, at any time |
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under Data Protection Legislation.
To exercise any of those rights, please contact us —see below: ‘How to contact us’.
A cookie is a text file containing a small amount of data which is downloaded to your computer when you first visit our website. Some cookies are essential to enable you to move around our website and use its features. They also help us arrange the content and layout of our website and recognise those computers that have been to our website before. These are known as Analytical or Functionality cookies. They do not “push” advertising to your computer.
You may choose to remove or to block cookies at any time by adjusting your browser settings. To learn more about cookies including how to manage or delete them, visit www.allaboutcookies.org
We hope that we can resolve any query or concern raised about our use of personal information.
Data Protection Legislation also gives the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.
We may change this privacy policy from time to time, when we do we will inform data subjects by the most appropriate means.
We can be contacted by post or email. Our mailing address is at the top of this Privacy Notice.
Our email address is: info@yokahu.co
For all data subject rights, please contact: dataprotectionofficer@yokahu.co
Last updated: October 2021