Using our service means that you’ve read and agreed to what’s written here, so please take a moment to go over it.
We will never, ever, not in a million years, sell your data to others, or use it for purposes other than our main business.
Keeping your personal information secure is incredibly important to us, and we invest a lot of effort in protecting it.
We only collect information in accordance with the applicable data protection law that we’ll need to conduct our business, improve our products, provide adequate pricing, help us with marketing, and prevent fraud.
For that, we collect data such as general location, network information, and other indicators.
And now, for the legal version...
Last updated: June, 2022
You’re now using the Lemonade UK website ("Website"), where we offer personalised services as well as information about our company and services. Lemonade also offers a mobile application which you may download to a mobile device ("App"), for which this Privacy Policy also applies. Transparency and integrity during the processing of your personal data is very important to us. We comply with the data protection regulations, including the UK General Data Protection Regulation ("UK GDPR"), as well as those in the UK’s Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”). “DPA”).
In this Privacy Policy, we describe the types of information and personal data used during your visit to our above-mentioned Website or App (“Internet Service”), and the rights you have in respect to your personal data. Please note, some parts of this Privacy Policy only apply to processing either the Website and/or the App due to technical differences between the two.
Responsibility for the personal data processing falls on
Lemonade Insurance N.V.
Spuistraat 112A, 1012 VA, Amsterdam, The Netherlands
Manager: Jonathan Jaffe
Email: [email protected]
Where this data protection declaration speaks of “we” or “us”, this relates in each case to the aforementioned company.
Our Data Protection Officer can be contacted via the email set out above.
“Personal data” is any data that relates to an identified or identifiable natural person. We only process your personal data in compliance with the data protection regulations, where a statutory provision allows us to do so, or where you have granted consent. This also applies during the processing of personal data for marketing and advertising purposes.
In the scope of our Internet Services, we collect “personal data” in the form of (1) information that may directly identify you, or (2) information that may indirectly identify you (for example, when combined with other data). We also collect aggregated and anonymised information that does not directly or indirectly identify you.
You may access certain public parts of our Internet Service without providing us with your personal details (such as your name, postal address, or your email address). In this case, we need to collect and store certain information to enable your access to our Internet Service. On our Website and in our App, we use certain analysis tools and have integrated functionalities via third party providers. Further, we offer certain functionalities on our Internet Service for which we need to collect personal data.
When downloading the App, information is transmitted to the App Store. We are unable to influence this kind of collection of data and are not responsible for it. We will only process this data to the extent required for the downloading of the App onto your mobile device.
We collect and process personal data on our Internet Service to the following extent:
Logfiles: If you visit our Website, our web server will automatically store data and information relating to the device and browser you use. This could include technical information such as browser, system type, and IP-address. We process this technical information in the logfiles of our systems. We process the technical information to enable your access to our Internet Service, to secure the functionality of our Internet Service and the security of our IT systems, and to optimise our Internet Service. The legal basis for this data processing is Art. 6 para. 1 lit. f UK GDPR. (legitimate interest in making our Website operate efficiently). In some cases, we store data and information relating to the device and browser you use to optimise our Internet Service. In these instances, the legal basis for processing data is Art. 6 para. 1 lit. a UK GDPR (consent).
Registration and quote: Within the scope of our Internet Service, we offer you the option to register. This is necessary to obtain a cost calculation for the desired insurance coverage and an offer to execute an insurance contract (“quote”). For this, we request your name, email address, and further details about you and in connection with the risk to be insured. This is necessary to establish insurability or, as applicable, the level of potential insurance premium for you. The processing of this data is necessary in each case to prevent fraud, make the desired quote available to you for cost calculation and to be able to send you an appropriate offer by email, if necessary, with the provision of further information on the execution of an insurance contract. The processing therefore serves as preparation for entering into a possible insurance contract between us. Thus, the legal basis for the data collection and processing is Art. 6 para. 1 lit. b UK GDPR (contract performance). If you apply for an insurance contract via an intermediary party, we may also receive relevant personal data from such intermediary party in connection to your application.
Application process: If you wish to accept the quote, you have the option to execute the insurance contract with us directly online as further explained during the application procedure. In this context, you might, upon receipt of our legal offer, also transmit your payment details for the purpose of paying the insurance premiums due and accept our offer online and may ask for your phone number to contact you if needed in relation to your insurance policy. Following the execution of your insurance contract, you will be able to access further information on your account at any time – in particular, in connection to the insurance taken out – and potentially include further information or, as applicable, ask to book add-ons to your insurance contract. We will subsequently send you the insurance policy by email. Thus, the legal basis for the data collection and processing is Art. 6 para. 1 lit. b UK GDPR and Art. 6 para 1 lit f UK GDPR (contract performance and legitimate interest in servicing your insurance policy).
Insurance contract including claims management: We may request you enter data already given during the registration and/or application procedure once again in order to allow you to access your account, and for our administration of your insurance contract (in particular for the purposes of identifying you). We may also ask for additional personal information and supporting evidence of any claim you file with us in order to prevent fraudulent claims. You may be asked to submit claim details through the app or by contacting us. The legal basis for processing personal data relating to claims and administration of your account is our legitimate interest, Art. 6 para. 1 lit. f UK GDPR. The legal basis of conducting the insurance contract between you and us is Art. 6 para. 1 lit. b UK GDPR (contract performance).
Policy management: During the period in which your insurance policy is active with us, we might need to process policy changes, and for that, additional personal information might need to be collected. Thus, the legal basis for the data collection and processing is Art. 6 para. 1 lit. b UK GDPR (contract performance).
Contact after the registration process started: If you have already started to enter the details required for your quote, including your email address, but have not completed it, we may contact you to remind you to complete your application, provided you have consented to getting product updates and offers from us. The legal basis for this is either Art. 6 para. 1 lit. f (legitimate interest in assisting you with completing your application) or your consent according to Art. 6 para. 1 lit. a UK GDPR. You can always request to unsubscribe from further non-essential emails from us by following the instructions for unsubscribing contained in the email communication that you receive or contacting us below.
Contact support: You can also contact us through the contact form on the website or by calling us. We collect all the data you provide and store it as required to process and respond to your request. Calls may be recorded for quality and training purposes. If necessary, data will be stored after completion of processing to preserve evidence. The legal basis is Art. 6 para. 1 lit. a, b, f UK GDPR (consent, contract performance and legitimate interest in responding to your inquiries and training our staff).
Fraud Prevention: In certain cases, we will store and process the personal data collected from interested parties even if no insurance contract is executed. This is to detect and prevent fraud, attempted fraud, and/or other harmful and/or illegal activities. This serves to maintain our legitimate interests in the prevention of fraud, and illegal and harmful behaviour. The legal basis is Art. 6 para. 1 lit. f UK GDPR.
Blocking: If we experience serious inappropriate behaviour towards our personnel (for example repeated harassment or abusive or aggressive language) we may withdraw your access to certain means of communication with us in accordance with our Terms of Service and we or our service providers may need to process personal data you have already provided us with in order to do so. If we do this we will process your data in this way in our legitimate interest, in particular for the purpose of protecting our employees working in the support services teams. The legal basis is Art. 6 para. 1 lit. f GDPR. You may object to the processing of your data for this purpose. Your data may be retained for blocking purposes for a period not exceeding two years.
Advertising information by email: If you have agreed to receive product updates and offers from us, we will process your email address, and potentially, information included in your account, based on your corresponding consent, in order to be able to send you information with regard to our services, offers, and activities in the areas of Contents insurance. You can always request to unsubscribe from further non-essential emails from us. Further, we might assess data collected during the delivery and retrieval of our emails for analytics purposes and to improve our communications. Your personal data in connection with an email subscription will not be disclosed to third parties for any purpose other than to allow us to send out communications and analyse the results of our communications through our technical providers. We will process your data exclusively for the selection of individualised content and for sending out product updates and offers within the scope of your consent. The legal basis is Art. 6 para. 1 lit. a UK GDPR.
Statistical evaluations: Where necessary, we assess your personal data to evaluate your preferences to enable interest-orientated marketing, individual addressing, and a continuous optimisation of our business. We do this to get a better understanding of what our customers expect from us. Further, these evaluations help us in the detection of fraud, and the revision and maintenance of security. We conduct this data processing in order to maintain our legitimate interests; the legal basis is Art. 6 para. 1 lit. f UK GDPR.
Social Plug-ins: On our Website, we use plug-ins of social network sites that allow you to interact with content on our Internet Service (also "Social Plug-Ins"). If you are registered in the respective social network and logged in to it, you may communicate directly with the social network. You may prevent the loading of Social Plug-Ins with add-ons for your browser e.g., with the script blocker "NoScript". The legal basis for the provision of social plug-ins on our Internet Service is your consent Art. 6 para. 1 lit. a UK GDPR.
Facebook Social Plug-In: A Facebook plug-in might be integrated on our Website. Facebook is operated by Facebook, Inc. (1601 South California Avenue, Palo Alto, CA 94304, USA – "Facebook"). The Facebook plug-in can be recognised from the Facebook logo or the “like” or share button. We, as the operator of this Internet Service, do not have any knowledge of the further usage of the (personal) data by Facebook. Further information on the use of data by Facebook can be found in Facebook’s privacy policy.
Twitter Social Plug-In: A Twitter plug-in might be integrated on our Website. Twitter is operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. The Twitter Plug-in can be recognised through terms like "Twitter" or "Follow" in connection with a stylised blue bird on this Website. These Social Plug-Ins allow comments to be shared to our Website and allow you to follow us on Twitter. If you open a web page on our Website that contains such a button, your browser will automatically establish a direct connection to Twitter's servers. Twitter will directly transmit the contents of the Twitter plug-in to your browser, and this might allow Twitter to assign your visit to our web pages to your Twitter account. Please note that we do not have any knowledge of Twitter's further usage of the (personal) data. Further information on the use of data by Twitter can be found in Twitter's privacy policy.
LinkedIn Social Plug-In: A LinkedIn plug-in might be integrated on this Website. LinkedIn is operated by the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA ("LinkedIn"). LinkedIn plugins can be recognised on our website through the LinkedIn logo or the "Recommend" button. These Social Plug-Ins allow recommendations to be shared to our Website and allow you to follow us on LinkedIn. This might allow LinkedIn to assign your visit to our web pages to your user account. If you visit a web page on our online presence that contains such a button, your browser will automatically establish a direct connection to LinkedIn's servers. LinkedIn will directly transmit the contents of its Social Plug-In to your browser. Please note that we do not have any knowledge of LinkedIn’s further usage of the (personal) data. For further details on the collection of data (purpose, scope, further processing, use) and your rights and settings options, please see LinkedIn's privacy policy.
Facebook Log-in: Further, we might offer you the possibility to register for our Internet Service via the "Facebook Log-in" functionality by Facebook to shorten the registration or log-in procedure for you. In order to log in, you are forwarded to the Facebook site, where you may log in to your existing Facebook account with your user data, if you wish to do so. If you use the Facebook Log-In, your Facebook profile and our portal will be linked. We receive the following information from Facebook: Facebook ID, name, email address. We use this data to identify you and provide you with the contracted services. If you use the Facebook log-in, Facebook will receive information on you, in particular the fact that you have visited our portal. Further information on Facebook-Connect and the privacy settings can be found in the Facebook privacy policy. The legal basis is your consent in the scope of the use of the Facebook log-ins (Art. 6 para. 1 lit. a UK GDPR) or, as applicable, our legitimate interests regarding the provision of this functionality in order to simplify the registration or log-in procedure (Art. 6 para. 1 lit. f UK GDPR).
Facebook Page: In addition to our Internet Service, we maintain a presence on Facebook (“Corporate Site”) and our Internet Service contains links to this Corporate Site. If you access our Corporate Site, Facebook may process your personal data and may do so even when you are not logged into Facebook while opening the Corporate Site. We receive statistics from Facebook based on aggregated information regarding the use of our Corporate Site. These statistics provide us with insight into the number of views and/or visitors the Corporate Site receives and how visitors engage with the content on the Corporate Site. Please note that the statistics provided to us by Facebook are anonymised, and we do not receive information about the identity of the individuals visiting the Corporate Site. However, the identity of a visitor may be made public if the visitor comments on the content on the Corporate Site, as is commonly the case on Facebook. Further information on the use of data by Facebook is provided by Facebook in its privacy policy.
Referral programme: We might offer you the possibility to join a refer-a-friend programme. You will receive a personal link which you send to your contacts. We will register the contacts that successfully use your link to connect with us, as well as any information required to perform the refer-a-friend programme. The legal basis for this is therefore the performance of our agreement regarding the refer-a-friend programme.
Further legitimate interests: Where required, we may process your data beyond the purposes mentioned above, to maintain our legitimate interests or for the interests of third parties; this is based on Art. 6 para. 1 lit. f UK GDPR. Some of our legitimate interests are
the assertion of legal claims and defence of legal disputes;
the prevention and the solving of crimes;
the steering and the further development of our business activities including risk management;
the prevention of fraud;
the ability to identify and resolve technical bugs in the system;
the ability to provide customer support (which is also based on the customer's consent pursuant to Art. 6 para. 1 lit. a UK GDPR); and the possible sharing of information as part of a corporate transaction or merger;
Analytics and range measurement, (re-)marketing: If you visit or interact with our Internet Service, we or our authorised service-providers use cookies, pixels or other similar technologies to offer you a better, faster, and more secure user experience, or in order to show you advertising as explained below.
Advertising Networks: We may use third party providers such as advertising networks and advertising exchange programs which enable us to include advertising for you on the sites of third parties. If you consent, the operators of these external advertising networks and advertising exchange programs may use third party cookies, pixels or similar technologies in order to collect data (Art. 6 para. 1 lit. a UK GDPR). In some cases, we will place cookies or a pixel on our own site in order to identify cases where a user gets to our Website through advertising placed on another website and completes certain activities (e.g., registration, or application for a quote or execution of a contract), for the purpose of remuneration of the advertising partner, in which we have a legitimate interest (Art. 6 para. 1 lit. f UK GDPR).
Google Analytics: We make use of the Google Analytics web analysis services from the company “Google Inc.”, 1600 Amphitheatre Parkway, Mountain View, 94043 CA, USA, (“Google”). Google Analytics stores information on your use of these Websites (incl. your IP address) in cookies. The information stored in cookies by Google Analytics will be transmitted to a Google server in the US, stored there, and evaluated. Please note that Google Analytics anonymises captured IP addresses (IP-masking) The IP-addresses will normally be shortened/abbreviated prior to storage or, as applicable, the transmittal into the US on servers of Google in member states of the European Union or treaty countries of the European Economic Area. A transmittal of the unshortened/full IP-address onto servers of Google in the US will be effected only in exceptional cases.
On our instruction, Google uses the transmitted data to evaluate your use of our internet presence, compile a report on the activities on the Website, and render further services for us regarding the use of our Websites. There is a commissioned data processing agreement in place between us and Google. The use of Google Analytics serves the purpose of continuously improving our internet presence and to optimise your user experience. Further, by clicking a button on our cookie banner on our Internet Service, you expressly agree to the processing of the collected data by Google in the manner, and for the purposes as described above (Art. 6 para. 1 lit. a UK GDPR).
If you wish to deactivate or change Google Analytics only in respect of the presentation of content tailored to your interests, including advertising, this can be adjusted under “Google adverts on the web” in the settings for Google Adverts.
Further information regarding the purpose and scope of the data collection as well as regarding the further processing and use by Google, including information on your rights or, as applicable, options for configuration for the protection of your personal data can be found under the following link: http://www.google.com/analytics/terms/gb.html as well as under https://policies.google.com/privacy?hl=en-GB.
Google Tag Manager: We also use Google Tag Manager. With this service, website tags can be administered via an interface. Google Tag Manager solely implements tags. This means that Google Tag Manager does not place any cookies and no personal data is collected. Google Tag Manager triggers other tags that potentially collect data, but Google Tag Manager does not access this data. If, at domain or browser level, a deactivation of certain websites is affected (see details on the deactivation of cookies given above), this remains in place for all tracking tags to the extent that these are implemented with Google Tag Manager.
Google AdWords / conversion tracking: With your consent, (Art. 6 para. 1 lit. a UK GDPR) the online advertising programme "Google AdWords,” and within the scope of this, its conversion tracking. Through the conversion tracking features, Google AdWords inserts a cookie or a pixel on your computer or, as applicable, on the storage of your mobile device, if you were directed to our Internet Service via a Google advert. These cookies are not effective after 30 days. They do not allow for personal identification. If the user visits certain pages of our Internet Service and the cookie is still active, both we as well as Google are able to see that you clicked on the advert and were forwarded to our site. All clients of Google AdWords receive unique cookies. The cookies affected by our Google adverts can therefore not be followed beyond our Internet Service.
The information obtained from the conversion tracking serves to compile statistics on the conversion for us. With this, we learn about the total number of users who clicked on an advert and were forwarded to a site provided with a conversion tracking tag. However, we do not receive any information that would allow your potential identification.
If you do not wish to take part in conversion tracking, you may deactivate the conversion cookie in the settings of your browser. More information on this can be obtained from the Google Data Protection Statement.
You may also adjust your settings for Google Advertising in the Google settings for advertising.
FinanceAds: With your consent, (Art. 6 para. 1 lit. a UK GDPR) we also use the conversion tracking program of financeAds International GmbH (“financeAds”). financeAds inserts a cookie on your computer or your mobile device if you were directed to our website via a financeAds advertising network partner (website or mobile app). These cookies are not effective after 30 days and do not allow for personal identification. The conversion tracking feature compiles statistics relating to whether you have been referred to our site by a financeAds partner and whether you have actually executed an insurance agreement with us. This serves to enable us to pay advertising network partners of financeAds a lead or sale commission upon successful registrations and executions. For further details, please see financeAds’ privacy policy. The option to opt out of conversion tracking by financeAds can be found here.
Awin: We work with Awin, which helps us to carry out these affiliate marketing campaigns. You can find the Awin privacy policy at https://www.awin.com/gb/privacy, which includes information on your rights in respect of their data processing. In some instances, Awin may maintain a limited profile which relates to you, but which does not reveal your identity, online behaviour or other personal characteristics. This profile is only used to understand whether a referral is commenced on one device and completed on another device. In some cases, Awin and the referrers of potential customers may receive and process your personal data for the purposes of carrying out affiliate marketing campaigns with us. We also receive personal data from Awin and the referrers of potential customers, which can be categorised as: cookie data, data relating to the website, app or other technology from which a potential customer was referred and technical information relating to your device or an ID individually assigned to your transaction, which Awin can assign to the aforementioned data in its system. This cookie is deployed with your consent (Art. 6 para 1 lit a UK GDPR).
Facebook Pixel: With your consent (Art. 6 para 1 lit a UK GDPR), our Website utilises a remarketing pixel from Facebook. This pixel allows a direct connection between our Website and the servers of Facebook. Through this, your visit to our Website is transmitted to Facebook and Facebook will assign this information to your personal Facebook user account.
Further information on the collection and use of the data by Facebook as well as your corresponding rights and options to protect your privacy can be found in the privacy policy of Facebook. Alternatively, you may deactivate or adjust these functionalities here. The legal basis for this data processing is in each case Art. 6 para. 1 lit. f UK GDPR.
Mixpanel: We also use the web analytics service Mixpanel, in order to obtain data on the use of our Website for internal purposes. Mixpanel is operated by Mixpanel, Inc., 405 Howard St, Floor 2, San Francisco, CA 94105, USA ("Mixpanel"). Mixpanel is obliged to maintain appropriate data protection levels. With your consent (Art. 6 para. 1 lit. a UK GDPR), Mixpanel will insert a cookie on your device which also logs your user behaviour on the Website (retrieval of pages and activities on pages). This data is then analysed by Mixpanel and forwarded to us.
If you want to prevent this, you may do so via the "Do Not Track" function on their website by setting an opt-out-cookie. Please note, that by setting this cookie, only the currently-used browser is affected. The collection and use of your data in other browsers remains possible, until you have deactivated Mixpanel on these as well. Further, your data may be collected if you later delete the opt-out-cookie. Further information on the use of data by Mixpanel can be found in the privacy policy of Mixpanel.
Bing: Our Website implements Bing Ads pixels. Through these pixels, data is collected and stored from which anonymous usage profiles are created. Bing Ads is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This service enables us to track the activities of users on our Website when they arrive at our Website through ads from Bing Ads. If you enter our website via such an ad, a pixel is placed on your computer and a Bing UET tag (Universal Event Tracking tag) is integrated into our website. This is a code that is used in conjunction with the pixel to store some non-personal information about your use of the site.
These pixels are stored on the basis of with your consent (Art. 6 para. 1 lit. a UK GDPR). In addition, Microsoft may use so-called cross-device tracking to track your usage patterns across several of your electronic devices and is thus able to display personalised advertising on or in Microsoft websites and apps. Microsoft is obliged to maintain appropriate data protection levels.
You may, at any time, opt out of Bing's analysis of your usage patterns and the display of interest-based recommendations here. Furthermore, you can adjust your Microsoft ad settings here. For more information about the processing of your personal data through Microsoft, please see Microsoft's privacy policy.
Twitter: On the Website, we use a marketing tool from Twitter in case of your consent (legal basis Art. 6 para. 1 lit. a)UK GDPR) to present you with interest-related advertisements ("Twitter Ads") as part of your visit to the social network Twitter. For this purpose, a Twitter pixel was implemented on the Website. This pixel establishes a direct connection to the Twitter servers when you visit the Website. The Twitter server is informed that you have visited our Website and Twitter assigns this information to your personal Twitter user account. In order to protect your privacy, we do not use the so-called "tailor-made target group" function, in which this information could be enriched with further personal data (e.g. email address). More information about Twitter Pixel can be found here. For the collection and use of data by Twitter as well as your related rights and options for protecting your privacy, please refer to Twitter's privacy policy. Alternatively, you can deactivate this in the settings of your Twitter account. To do this, you must be logged in to Twitter.
Yahoo: With your consent (legal basis Art. 6 para. 1 lit. a UK GDPR), we use a marketing tool provided by Oath and operated by Yahoo, 701 First Avenue, Sunnyvale, CA 94089, USA ("Yahoo") to present you with interest-related advertisements. Our website implements a related pixel. This pixel establishes a direct connection to Yahoo servers when you visit the Website. More information about the Yahoo pixel can be found here: For the collection and use of data by Yahoo as well as your related rights and options for protecting your privacy, please refer to Yahoo's privacy policy. Furthermore, you might adjust your Yahoo ad settings here.
Hotjar: We also use the analytics service Hotjar for internal purposes in order to provide a better experience to our customers and assist in diagnosing technical problems. The service is operated by Hotjar Ltd, St Julians Business Centre,3, Elia Zammit Street. St Julians STJ 1000, Malta, Europe.
Hotjar is a technology service that helps us better understand our users' experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices (in particular devices IP address, captured and stored only in anonymised form, device screen size, device type, unique device identifiers, browser information, geographic location (country only) and preferred language used to display our website). Hotjar stores this information in a pseudonymised user profile. Neither we nor Hotjar will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link.
This cookie is deployed with your consent (Art. 6 para 1 lit. a UK GDPR). You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.
AppsFlyer SDK: We will also analyse your session and interaction data during the use of our App through a service by AppsFlyer Inc. (111 New Montgomery Street, San Francisco, California 94105, USA). AppsFlyer is obliged to maintain appropriate data protection levels. The session and interaction data is never processed in person-related form, but pseudonymised. Further information on the data processing by AppsFlyer can be found in the privacy policy of the service provider here.
This cookie is deployed with your consent (Art. 6 para 1 lit. a UK GDPR).You may object to the use of AppsFlyer at any time and also with future effect by clicking here.
Alternatively, you may close the app and use our website instead. In any case you can always contact our customer service through the website as an alternative to performing in app features.
TikTok Pixel: After gaining your consent, our Website has a remarketing pixel from TikTok. Via this pixel, a direct connection to the servers of TikTok is provided during your visit to our Website. Through this, it is transmitted to the TikTok server that you have visited this Website and TikTok will assign this information to your personal user account.
Further information on the collection and use of the data by TikTok as well as your corresponding rights and options to protect your privacy can be found in the privacy policy of TikTok. Alternatively, you may deactivate or adjust these functionalities here. The legal basis for this data processing is in each case Art. 6 para. 1 lit. a GDPR
Certain pieces of data are required to establish an online account with us, to register to receive information by email, or to execute an insurance contract with us. Details regarding the specific pieces of data that we require to perform these tasks can be found in the respective areas of the Internet Service (e.g., in an online registration form) and are marked as mandatory information. If you do not provide this mandatory information, we will be unable to perform the requested action.
Depending on the type of personal data that is processed by our company, only certain departments / organisational units have access to your personal data. Within our company, access to your personal data is limited to departments and employees that are required to perform the respective purpose of processing.
As is permitted by law, we may also transfer your personal data to third parties outside of our company. These external recipients may include, in particular
affiliated companies (in particular, Lemonade, Inc. in the USA and Lemonade Agency B.V. in the Netherlands), to which we transfer personal data for internal administrative purposes, management and servicing of our insurance product, data analytics, marketing, back-office support, the provision of hosting services and IT services required for the operation of this Website and Lemonade Agency B.V. for which we utilise the marketing and customer support services for the processing and execution of insurance contracts;
service providers instructed by us (including the sub-contractors of these service providers instructed with our consent), such as, e.g., in the areas of marketing, customer support, claims handling and repairs and replacements, IT (in particular data hosting or disaster recovery), property history and address verification, and payment administration if they provide services to us on a specific contractual basis, which require the processing of personal data. Specifically, we utilise the payment services of the Hyperwallet group for outgoing payments and payment services of the Stripe group for incoming payments. The Hyperwallet group and the Stripe group have establishments outside the EU / EEA, in particular in the USA. You can find more information in regard to the processing of your personal data under Hyperwallet Privacy Policy and Stripe Privacy Policy.
Reinsurance companies ("Reinsurers") that reinsure us and underwriting partners that assist us with underwriting certain products. It may be necessary to provide them with information relating to your insurance contract and your claims;
Companies that we partner with to conduct investigations and damages estimations during the claims process;
Organisations that help prevent and detect fraud and other related crimes, including law enforcement, policy and claims checking systems (for example, the Motor Insurance Anti-Fraud and Theft Register, Claims and Underwriting Exchange (CUE), No Claims Discount (NCD) database, and all DVLA databases), the Insurance Fraud Register, and fraud prevention agencies and databases including databases that make their data publicly available (for example, on County Court Judgments, bankruptcy information and electoral roll data);
The Ministry of Justice (MOJ) claims portal, an online hub where all parties to the claim enter the required information;
Price comparison partners, if you elect to receive an insurance quote through a price comparison website;
In order to process your application, we will perform credit and identity checks with one or more Credit Reference Agencies (CRAs). We may also carry out further periodic searches with CRAs to allow us to manage your account with us. To do this, we will supply your personal information to CRAs. This will include your name, date of birth, and residential address. It may also include additional information such as your salary, previous residential addresses, and other information you provide as part of your credit application. The CRAs will match this information against the records they hold about you, and provide in return, both public information (including the electoral register) and shared credit information in relation to your financial situation and financial history. CRAs will supply us with both public (including the electoral register) and shared credit, financial situation, financial history information, and fraud prevention information.
We will use this information to:
Assess your creditworthiness and whether you can afford to pay for the product;
Verify the accuracy of the data you have provided to us;
Prevent criminal activity, e.g fraud and money laundering;
Manage your account(s);
Trace and recover any debts; and
Ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full or on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs. When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders. If you make a joint application, or tell us that you have a spouse or a financial associate, we will link your records together, so ensure you discuss this with them, and share this information before lodging the application. CRAs will also link your records together and these links will remain on yours and their files until such time as your partner successfully files for a disassociation with the CRAs to break the link. The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at Equifax and;
Other parties with your consent.
We will transfer your data to external recipients only insofar as this processing is necessary for purposes as permitted by law.
We utilise automated decision-making in connection with the provision of our Internet Service. Automated decision-making, as defined in Article 22 of UK GDPR, may include profiling, which is any kind of automated processing that utilises personal data to evaluate certain aspects of a natural person. The automated decision-making is based, in addition to other factors, on the information you provide during the quote process. We will use automated decision-making to evaluate the information you provide to us to calculate your individual risk profile in order to determine whether we can extend insurance coverage to you, and if so, what your insurance coverage limits and premiums will be, or to process claims you submit.
Under certain applicable laws, you may have the right to certain safeguards as they relate to automated decision-making. Specifically, you may be able to request that the result of the automated decision-making process is recalculated by a human, to express your views related to or contest the result of the automated decision-making process, and receive notification of the outcome. To exercise these rights, or for more information about automated decision-making, please contact us at the information provided below. By applying for insurance, you acknowledge that you understand that automated decision-making or profiling may be used as described in this policy and you consent to Lemonade’s use of those methods.
In certain cases, there may be a transmission of information to recipients in so-called “Third Countries.” Third Countries are countries outside of the UK, and it cannot automatically be assumed that their data protection levels are in line with those in the UK. Where possible, Lemonade takes steps to treat personal information using the same privacy principles that apply pursuant to the law of the UK. By submitting your personal information to us, you agree to the transfer, storage, and processing of your information in a country other than your country of residence, including, but not necessarily limited to, the United States. If you would like more information concerning our attempts to apply principles applicable in one jurisdiction to data when it goes to another jurisdiction, you can contact us using the contact information below. You may also request a copy of the Standard Contractual Clauses we use for transfer of your data outside the UK, which includes the categories of information transferred.
In general, we will store your personal data only as long as we have a legitimate interest in this storage, and your interests in discontinuation do not overtake the legitimate interest.
Additionally, without any legitimate interest, we may continue to store your data where we are statutorily obliged to do so (e.g., to fulfil archiving requirements). We will delete your personal data without any action from your side, as soon as access to the data is no longer necessary to fulfil the purpose of processing, or the storage is otherwise illegal.
The personal data we need to store to comply with retention duties will be stored until the end of the corresponding retention period. Where we store personal data exclusively to fulfil archiving duties, it is normally blocked so that access is only possible where this is required with regard to the purpose of the retention duty.
No method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from unauthorised access, use, or disclosure, we cannot guarantee the security of your personal information. If we are required by law to inform you of a breach to your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
Right to object according to Article 21 UK GDPR:
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, based on Article 6 para. 1 lit. e or f UK GDPR, including profiling according to Art. 22 UK GDPR based on those provisions. In the event of your objection, we will no longer process the personal data unless we have another permissible purpose for processing. Where we process your personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the concerned personal data shall no longer be processed for such purposes.
You have the option, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.
Withdrawal of consents: Where you have granted consent to us (e.g. in connection to receiving information by email or text message), you may withdraw such consent at any time with effect for the future. Our email information normally contains a corresponding link in each of our non-essential communications. You are also able to contact us by other means, e.g. by post, or email via one of the contact means specified on the first page of this Privacy Policy.
Further rights of affected persons: Based on the following provisions, you as a data subject have the right:
to obtain access and information on your personal data which is processed, Art. 15 UK GDPR;
to have incorrect or incomplete personal data corrected, Art. 16 UK GDPR;
to request deletion of your personal data, Art 17 UK GDPR;
to request a restriction of the processing of your personal data, Art 18 UK GDPR; and
to data portability (this means that you have the right to receive your personal data which you have provided to us, in a structured, commonly used and machine-readable format and you may transmit your data to another controller), Art. 20 UK GDPR.
These rights are subject to the conditions appearing in this Privacy Policy and any regulatory instructions in the context of specific processing and data retention.
To assert these rights you may, at any times, e.g. via one of the contact means specified at the beginning of this Privacy Policy, contact us.
Further, you are entitled at any time to file a complaint with the responsible supervisory authority for data protection, Art. 77 UK GDPR. In the United Kingdom, the supervisory authority is the Information Commissioner’s Office.
Our services are not aimed at persons under the age of 16 years and their use is not intended for use by such persons. We do not collect personal data from people we know to be under the age of 16.
We may change this Privacy Policy at any time by posting the revised Privacy Policy on this Website and indicating the effective date of the revised Privacy Policy.