Privacy policy

Last updated 14th December 2023

DEFINITIONS

Organisation means Pro MGA Solutions Limited t/a Yurtle.

Client means an organisation that has purchased the products and/or services offered by Pro MGA Solutions Limited t/a Yurtle.

User means an individual who has access to the products and/or services offered by Pro MGA Solutions Limited t/a Yurtle.

INTRODUCTION

This Privacy Policy explains how the Organisation uses the personal data we collect about all individuals that have dealings with the Organisation. This includes but is not limited to Clients, Users, data subjects, all staff, contractors and consultants, agents and subsidiaries acting for or on behalf of the Organisation.

We take the security of all personal data very seriously. We use a combination of technical, organisational and physical security measures to protect your personal data in line with our obligations under data protection law. Our employees receive training to help us comply with data protection law and safeguard your privacy.

This policy is issued on behalf of the Organisation and when we mention ‘Yurtle’, ‘Pro’, ‘us’, ‘we’, ‘our’ we mean Pro MGA Solutions Limited t/a Yurtle.

DEFINITION

When we use the term ‘personal data’ we mean information relating to natural persons who:

Can be identified or who are identifiable, directly from the information in question: or

Who can be indirectly identified from that information in combination with other information.

Personal data may also include special categories of personal information or criminal conviction or offenses data. These are considered to be more sensitive and we only process them in more limited circumstances.
Understanding our role in relation to the personal data we handle is crucial when ensuring compliance with data protection laws and the fair treatment of individuals.

Depending on what role we perform for you, the Organisation will either be the:

Data Controller
Data Processor

DATA COLLECTION AND USE

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

Identity Data: includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender;
Contact Data: includes billing address, delivery address, email address and telephone numbers;
Special Categories of Personal Data: includes race or ethnicity, religious or philosophical beliefs; sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data;
Financial Data: includes credit and payment card numbers, bank account details and payment information;
Usage Data: includes information about how you use our website, products and services;
Marketing Data: includes marketing and communication preferences, information relating to promotions, customer experience and company statistics.

We use different methods to collect data:

Direct interactions: data collected directly from an individual by phone, post, email, filling in forms or otherwise.
Third parties: data may be exchanged via a third party in relation to your association with us. For example: insurers, brokers, claims handlers, assistance providers, legal advisers, experts and publicly available sources or the authorities (this list is not exhaustive).
Automated technologies: when interacting with our website, we will automatically collect technical data about the equipment being used, browsing actions and patterns. We collect this data using cookies and other similar technologies. Please see the ‘Use of Cookies’ below for further details.

In cases where the Organisation processes Special Category Personal Data, we will do this under the condition of Explicit Consent as outlined in Article 9.2(a) of the UK GDPR. The Organisation will be sure to identify and distinguish this data and will ensure it handles special category personal data with the necessary care and procedures in line with the DPA.

Due to the nature of the business operations undertaken by the company, the Organisation may also provide space for users to input data related to third-party individuals in their network. This data will be treated in accordance with the terms set out in this Privacy Policy, along with any supporting documents maintained by the Organisation (namely, it’s Terms of Use and Data Security Policy). In these instances, explicit consent will be collected by the Organisation confirming the authorisation of users to provide and disclose the required information, and, where applicable, authorising the Organisation to transfer this data to third parties in order to adequately perform its business operations.

USE OF COOKIES

A cookie is a small text file that is placed and stored on your computer, mobile or other devices by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information about visitor behaviours to the website owner.

We also use other forms of technology (such as local storage, pixels, and web beacons) to serve similar purposes to the use of cookies. We use these in connection with cookies to help operate our website and collect information about online activity. When we talk about cookies, this term includes these similar technologies.

These cookies can be either session-based or persistent. Session-based cookies are only created, stored and used for the duration of your visit to our website, and your browser will automatically remove them from your computer when you leave our website by closing your browser or the browser tab. Persistent cookies are stored on your computer for a finite period of time, or indefinitely, in order to enable functionality such as not having to login every time you visit our website.

Cookies can also be first-party or third-party. First-party cookies are set by us, and typically will be strictly necessary cookies to enable core functionality of our website. Third-party cookies are set by third-party organisations and typically will be performance cookies used to collect information about how you use our website.

There are two types of cookies that we use on our website:

Strictly necessary cookies

These are cookies required for you to use our website. These cookies are used to enable functionality such as signing into your account, or saving choices you make when completing forms.

Performance cookies

With your consent, we use these cookies to collect information about how you use our website to help us improve the way our website works. These cookies also enable us to see anonymised aggregate data such as how many visitors we have had to our website, where they have come from and the pages they visited.

Before any cookies that are not strictly necessary are placed on your computer or device, you will be shown a banner requesting your consent to set those cookies. By giving your consent here you are enabling us to provide the best possible experience and service to you.

The table below lists all the cookies used by our website along with other relevant information.

Cookie name	Purpose	Session or persistent	First or third-party	Lifecycle	Type
Yurtle_Auth_Token	To store your authentication credentials once logged in for further interaction with our server.	Persistent	First-party	Created when logging in and persists until logout	Strictly necessary
Yurtle_Refresh_Token	To refresh your authentication credentials periodically.	Persistent	First-party	Created when logging in and persists until logout	Strictly necessary
Yurtle_Curam_Token	To store your authentication credentials once logged in for further interaction with our partner Curam.	Persistent	First-party	Created when logging in and persists until logout	Strictly necessary
Yurtle_User_Profile	Contains information about the logged in user to support website functionality	Persistent	First-party	Created when logging in and persists until logout	Strictly necessary
whoCareFor, isHelpType, isCarerExperience, isCarerInterests, isSecondLanguage, gender, driverLicense, petFriendly, nonSmoker, workChildren, time, otherTime, overnight, liveIn, weekdays, careDuration	To store your care preferences for sending to our partner Curam when requesting professional backup care	Session	First-party	Created when interacting with the care hub and removed when the user session ends	Strictly necessary
debug	To enable the debugging of sessions on Wix. Wix cookie.	Persistent	Third-party	Created when first interacting with the website	Strictly necessary
fedops.logged.sessionId	To enable the debugging of sessions on Wix. Wix cookie.	Persistent	Third-party	Created when first interacting with the website	Strictly necessary
firebase:host:wix-engage-visitors-prod-XX.firebaseio.com (where XX is a two digit number)	To enable the debugging of sessions on Wix. Wix cookie.	Persistent	Third-party	Created when first interacting with the website	Strictly necessary
ssr-caching	To enable higher performance of the website. Wix cookie.	Persistent	Third-party	Created when first interacting with the website and expires after one year	Strictly necessary
XSRF-TOKEN	To prevent cross site request forgery attacks. Wix cookie.	Session	Third-party	Created when first visiting the website and removed when the session ends	Strictly necessary
svSession	This Identifies unique visitors and tracks a visitor’s session on a site. Wix cookie.	Persistent	Third-party	Created when first interacting with the website and expires after 400 days	Performance
consent-policy	To store your cookie consent banner preferences. Wix cookie.	Persistent	Third-party	Created when accepting or declining to the user of cookies and expires after one year	Strictly necessary
hs	Used for security. Wix cookie.	Session	Third-party	Created when first visiting the website and removed when the session ends	Strictly necessary
bSession	This Identifies Wix logged in visitors and tracks a visitor’s session on a site. Wix cookie.	Persistent	Third-party	Created when first interacting with the website and expires after one year	Performance

HOW DO WE USE PERSONAL DATA?

We will only use personal data when the law allows us to. Most commonly, we will use personal data in the following circumstances:

Where we need to perform a contract, whether that is directly or indirectly
Where it is necessary for our legitimate interests (or those of a third party) and an individual’s interests and fundamental rights do not override those interests
Where we need to comply with a legal obligation

Change of Purpose: We will only use the personal data for the purposes for which it was collected, if wider use is desired, we would require new consent from the individual.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

DISCLOSURE OF PERSONAL DATA

We may share data with other companies in our group, affiliate businesses and with third party service providers (data processors), such as insurance providers, compliance, and other agents relevant to the business activity. Where any of the data is required for such a purpose, we will take reasonable steps to ensure that the data will be handled safely, securely and in accordance with individuals' rights, our obligations and the obligations of the third party under the applicable law.

We have an obligation to disclose data in the following four examples permitted by law, and the other situations set out below. These are:

Where we are legally compelled to do so;
Where there is a duty to the public to disclose;
Where disclosure is required to protect our interest; and
Where disclosure is made at your request or with your consent.

Also, it may be necessary to share your details in the following circumstances:

In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets
If all the company’s assets are acquired by a third-party, personal data held by us about our customers will be one of the transferred assets

We require all third parties to respect the security of your personal data and to treat it in accordance with the law of the jurisdiction it is handled in. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to use it in accordance with our agreement with them and this policy.

INTERNATIONAL TRANSFERS

Sometimes we, or third parties acting on our behalf, may need to transfer personal data between jurisdictions. The Organisation will always take steps to ensure that any transfer of personal data outside of its home jurisdiction is carefully managed to protect privacy rights and ensure that adequate safeguards are in place. This might include transfers to countries that are considered to provide adequate levels of data protection for all personal data (such as countries in the European Union) or putting contractual obligations in place with the party we are sending information to. Transfers within the group will be covered by an agreement entered into by members of the group (an intra-group agreement) which contractually obliges each group company to ensure that personal data receives an adequate and consistent level of protection wherever it is transferred within the group.

DATA SECURITY

We have put in place appropriate security measures, policies and procedures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach. We will notify you and the applicable regulator or authority of the breach where we are legally required to do so.

RETENTION

The Organisation will only retain personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process the data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

DATA RIGHTS
To support us in managing how long we hold data and our record management, we maintain a data retention policy which includes clear guidelines on data retention and deletion.

Under certain circumstances, individuals have rights under data protection laws in relation to personal data:

Request access

Data subjects may submit a Subject Access Request to obtain a copy of the personal data that we hold about them in a structured or portable manner.

To make a Subject Access Request please write to:

Gordon Burrows
The Data Protection Officer
Pro MGA Solutions Limited t/a Yurtle
One America Square
17 Crosswall
London
EC3N 2LB
United Kingdom

Or email: support@yurtle.co.uk

You will need to provide the following documentation for verification purposes:

Your full name, address and any reference number related to our work with you
Identification documents showing name, address and signature;
– A copy of your driving license (shows all 3) or
– A copy of your passport and a recent utility bill or bank statement.

We aim to respond to all valid requests within one month. It may take longer if the request is particularly complicated or if several requests have been made. We’ll always let you know if we think a response will take longer than one month. We may also ask you to provide more detail about what you want to receive or are concerned about.

Request Correction

We do our best to ensure that your personal information is accurate and kept up to date. If you believe your information is inaccurate or incomplete, then please contact us to request that we amend or update it.

Request erasure (right to be forgotten)

You may ask us to erase your personal data, but this right only applies in certain circumstances, e.g., where:

It is no longer necessary for us to use your personal data for the original purpose;
Our lawful basis for using your personal data is consent and you withdraw your consent; or
Our lawful basis is legitimate interests and there is no overriding legitimate interest to continue using your personal data if you object.

This isn’t an absolute right and we have to balance your request against other factors such as legal or regulatory requirements, which may mean we cannot erase your Personal Information.

Restrict processing

You may ask us to stop using your personal data in certain circumstances such as:

Where you have contacted us about the accuracy of your personal data and we are checking the accuracy;
If you have objected to your personal information being used based on legitimate interests.

This isn’t an absolute right and we may not be able to comply with your request.

Data portability

In some cases, you can ask us to transfer the personal data that you have provided to us to another third party of your choice. This right only applies where:

We have justified our use of your personal data based on your consent or the performance of a contract with you; and
Our use of your personal data is by electronic means.

Withdraw consent

Where we are relying on your consent to process your personal data, you have the right to withdraw this consent. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Make a complaint

If you have any cause for complaint about our use of your personal data, please contact us using support@yurtle.co.uk and we will do our best to solve the problem for you.

HOW TO CONTACT US

If you have any questions about this Privacy Policy or our privacy practices, please contact our Data Protection Officer in the following ways:

Write to us:

Gordon Burrows
The Data Protection Officer
Pro MGA Solutions Limited t/a Yurtle
One America Square
17 Crosswall
London
EC3N 2LB
United Kingdom

Or email us on: support@yurtle.co.uk

YOUR LOCAL COMMISION

Whilst Pro MGA Solutions Limited t/a Yurtle covers many jurisdictions, the Organisation predominantly practices the rules under the UK General Data Protection Regulation (UK GDPR).

If you have any concerns about the way in which we handle your data, please refer to your local supervisory authority.

UPDATES

This Privacy Policy is updated from time to time to take account of changes in our business activities, legal requirements and to make sure it’s as transparent as possible, so please check back here for the current version.

Yurtle is a trading name of Pro MGA Solutions Ltd. Pro MGA Solutions Ltd is a company incorporated and registered in England and Wales, whose registered office is One America Square, 17 Crosswall, London EC3N 2LB (Reg No. 10575665). Pro MGA Solutions Ltd is authorised and regulated in the UK by the Financial Conduct Authority (FRN: 770419). Yurtle insurance is underwritten by Starr International (Europe), Limited (registered company number 09654797). Starr is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority (FRN 676783).