Privacy

Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.

When we use personal data we are regulated by the Information Commissioner under the Retained Regulation EU 2016/679 (“UK GDPR”) and the UK Data Protection Act 2018 (together, “Data Protection Legislation”). We are accountable as Controller of that personal data for the purposes of Data Protection legislation.

Key terms

It would be helpful to start by explaining some key terms used in this policy:

We, McCosh, Yokahu, us, our McCosh Holdings Limited, trading as Yokahu, incorporated and registered in England and Wales with company number 12061729, whose registered office is at 2 City Limits, Danehill, Reading, Berkshire, England, RG6 4UP.

Personal data

  • Any information relating to an identified or identifiable natural person
  • Special category personal data

Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership

  • Genetic and biometric data
  • Data concerning health, sex life or sexual orientation

Personal data we collect

In the course of your interaction with us and our provision to you of insurance against loss occasioned by certain categories of natural disaster or extreme weather events, using parametric underwriting technologies, we will collect from you the following personal data:

  • Your full name
  • Your residential address and/or your location
  • Certain details relating to the property by which you might be identified, such as Plot Registration number, plans, photographs and GPS location data)
  • Mobile number
  • Your email address and associated internet protocol address
  • Your credit or debit card details
  • Other bank account information for debit payments and for payment of claims
  • Other ID verification documents as may be required by local law or regulation such as Passport details or ID card information

This personal data is required to enable us to provide our insurance services. If we are not provided with the personal data we ask for, it may delay or prevent us from providing the services which you are requesting.

How personal data is collected

We collect your personal data directly when you enter your details online via a web portal which may also include the branding of an insurance broker local to you in your Caribbean Territory. Your personal data is entered by you directly onto a platform which is controlled by us.

How and why we use personal data

Under Data Protection legislation, we can only use personal data if we have a legal basis for doing so. Our legal bases for collecting your personal data are for the performance of our contract with you or to take steps before entering into a contract with you, and to comply with our legal and regulatory obligations.

This does not apply to special category personal data, which we do not anticipate that we will process. Should this situation change, we will update this Privacy Notice.

Promotional communications

We will always treat personal data with the utmost respect and never sell it to other organisations for marketing purposes.

Who we share personal data with

We share personal data with our retained external third party service providers. These include Amazon Web Services for data storage; Stripe and Vitesse PSP Ltd. for premium collection and payments; Shufti Pro for mandatory ID verification and a weather data provider for claim assessments.

We only allow our retained external third parties to handle personal data if we are satisfied they take all appropriate measures to protect all personal data and only on our written instructions.

In addition, we may share some personal data with our insurance partners , so that risk may be placed with them and eventual claims paid to you. We may also share certain personal data with financial regulators as part of their supervision and oversight of the insurance market.

Where personal data is held

Personal data is securely stored on encrypted databases in Amazon Web Services. Our datacenters are located in Dublin EU and London.

Keeping personal data secure

The privacy and the security of personal data is our utmost priority, and we recognise our obligation to keep it secure and private. We have put in place industry-leading security practices to prevent personal data from being accidentally lost or used or accessed unlawfully. All data is encrypted in transit between You and Us as well as when stored in our databases. All servers are SSL enabled. Decryption keys are managed securely and information is retained within a secure Virtual Private Cloud. We use SHA256 and TLS 1.3 for encryption.

How long personal data will be kept

We will retain credit card and bank information of insured data subjects for the duration of our contractual relationship with those insured and for a period of six [6] years following termination of that contract as required by our legal and regulatory obligations.

When it is no longer necessary to retain personal data, we will delete it.

Rights

All data subjects have the following rights, which can be exercised free of charge:

  • Access - The right to be provided with a copy of personal data held on a data subject
  • Rectification - The right to require us to correct any mistakes in a data subject's personal data
  • To be forgotten - The right to require us to delete personal data - in certain situations
  • Restriction of processing - The right to require us to restrict processing of certain personal data - in certain circumstances, e.g. if the accuracy of the data is contested
  • Data portability - The right to receive the personal data provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
  • To object - The right to object:
    — at any time to personal data being processed for direct marketing (including profiling);
    — in certain other situations to our continued processing of personal data, e.g. processing carried out for the purpose of our legitimate interests
  • Not to be subject to automated individual decision-making - The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning a data subject
  • To withdraw consent - The right to withdraw consent as a legal basis for processing, at any time

For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner's Office (ICO) on individuals' rights under Data Protection Legislation.

To exercise any of those rights, please contact us —see below: 'How to contact us'.

How to complain

We hope that we can resolve any query or concern raised about our use of personal information.

We can be contacted by post or email. Our mailing address is at the top of this Privacy Notice.

Our email address is: info@yokahu.co

For all data subject rights, please contact: dataprotectionofficer@yokahu.co

Data Protection Legislation also gives the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.

Changes to this privacy policy

We may change this privacy policy from time to time, when we do we will inform data subjects by the most appropriate means.

How to contact us

https://yokahu.co/contact