Contact Us
- NDML
- Romero House
- 8 Airport West
- Lancaster Way
- Leeds
- Yorkshire
- LS19 7ZA
We collect, control and process your personal information because this is necessary to provide you with information, answer any queries you may have and for the provision of our services to you. Contractual necessity is therefore the lawful basis for collecting, controlling and processing your personal details and those of your employees and service providers other than sensitive personal data for which we require individual consent. We do not normally request or process any sensitive personal data.
Sensitive personal data:
• Racial or ethnic origin
• Political opinions
• Religious or philosophical beliefs
• Trade union membership
• Genetic data
• Biometric data
• Data concerning health
• Data concerning sex life or sexual orientation
We would discuss with you the need for the provision of sensitive data before you provide this information. The subsequent provision of sensitive personal data will be taken as consent to this processing.
It is entirely up to you as to whether or not you choose to provide us with any personal information. If you choose not to, we simply may not be able to assist you.
We may use your personal data for marketing purposes within our group of companies but only where you have opted to receive this. We will not share your personal data with any other organisation for marketing.
If you contact us via the enquiry form on our website your data will be protected by a secure socket layer. This site is hosted at Hosting UK. For more information about how Hosting UK processes data, please see Hosting UK’s privacy policy (https://hostinguk.net/privacy-policy). If you enter details into our enquiry form these will be transmitted to us via email and temporarily stored on a Microsoft Hosted Exchange. Your email will also be processed on Office 365 in order for it to reach mobile devices.
Once we have responded to your enquiry your data will be transferred to our local encrypted server located in the UK. Where communications are ongoing we will store your contact details on internal content management systems.
We collect and use information about you, which will include personal data in order for us to advise you and make arrangements for you. In order to communicate with you about our services we will require your contact details including personal email addresses. Your name and email and information relating to the work we undertake for you will be processed and stored.
All telephone calls are recorded and monitored for training and quality control purposes.
In order to fulfill our obligations under any contract for services we will need to share your data with third party Data Controllers and Data Processors.
This will include
• Product & service providers in relation to insurances and consumer credit.
• Our compliance monitoring services.
• The Financial Conduct Authority.
• The Financial Ombudsman Service.
• Any other regulators where so required.
• Solicitors and Loss Adjusters in the event of insurance claim being made by or against you. These Data Controllers may be acting either on your behalf or by a third party making a claim against.
• Credit reference agencies. You should be aware that any Credit check we undertake may leave a footprint on your credit history.
We also use external Data Processors that will hold information for the following purposes:
• Secure file sharing
• Data backup
• Communications
• Claims Management
• Marketing
• Record keeping
• Regulatory compliance
• Credit broking
All external processors are only permitted to process your data in line with our instructions.
Below is a list of the processors used and the types of information processed. Please note that the Privacy & Security policies of the processors are aimed at the controllers who use them and may be updated.
Processor | Type of processing & data |
Google Analytics | We use google analytics to monitor the performance of our web site |
Mailchimp. | We use MailChimp in order to efficiently send email updates to you as part of our ongoing services. Your name and email address are stored to facilitate this. |
Back office system | We use ‘EPIC’ & CSR24 supplied by Applied Systems Ltd to manage your insurances |
Call recording system | RingCentral Call Recording software is used to record all calls. |
Consumer Credit | We use the ‘i-Prompt’ portal provided by Close Brothers Premium Finance or the portal operated by Premium Credit Ltd to manage any Consumer Credit we may have arranged in respect of your insurances. |
Off site Data Back-ups | We back-up the data on our In-house servers and also to a secure offsite location. This is to prevent the loss of data and to enable us to maintain continuity of service to our customers with minimal disruption. This contract is managed by JungleIT Ltd and Principle Networks on our behalf. |
Banking Arrangements | We use the ‘Bankline’portal provided by our Bankers National Westminster Bank Ltd to manage our electronic banking facilities. |
Sanctions List Checks | We are required to confirm that our customers are not on the Sanctions List maintained by HM Treasury and other overseas authorities. We use SanctionsSearch provided by Professional Office Ltd to undertake these checks both on initial appointment and on an ongoing basis whilst we act on your behalf. |
Secure e-mail | Mimecast and RPost We use these to communicate securely with you. |
SMS Messages | We use an internal SMS system to contact our clients on their mobile devices provided by Applied Systems Ltd. |
Call Pro | We use this to manage and monitor our marketing contacts with prospective clients. |
Romero Mobile Claims Application (InsureApp) | We use our own mobile claims application to provide client support and help in the event of a claim. This data is stored in Amazon Web Services (AWS) and passed to Romero for processing. |
All the data that we collect is stored on our encrypted server or encrypted back-up drives in the UK or with our listed processors under contract.
The information we collect about you is used solely for the purposes for which it was provided. Where we have collected information form you for marketing purposes we will inform you and specifically gain your consent.
Under data protection law you have the right to ask us for a copy of the information we hold about you (Subject Access Request), and to have any inaccuracies corrected or removed. You may also ask us to delete or cease processing all personal data held by us or any processor with which we have shared your data. We may not always be able to comply with a request for deletion, but you can ask us to cease processing your data.
In addition you have the right to be informed about the data we collect, where is located and with whom it is shared and the processing we undertake and to question any automated decision making processes
To do this, or if you require more information please either contact us in writing, by telephone or email.
We will not normally charge you a fee for handling a Subject Access Request.