PRIVACY POLICY
Date last revised: Febuary 2024
Thank you for taking the time to read our privacy policy.
We at Diesta Limited (“Diesta”, “we”, “our” or “us”) respect your privacy and are strongly committed to keeping secure any information we obtain from you or about you.
We process personal data in accordance with the Data Protection Act 2018 (Act), the EU General Data Protection Regulation (2016/679) (GDPR) and/or the UK GDPR, as applicable, as well as with the Information Commissioner’s Office (ICO) guidance or best practice, and in accordance with the requirements of our contracts agreed with our customers (brokers, insurers, MGAs or other insurance intermediaries). All terms used within our privacy policy have the meaning(s) given to them under the GDPR.
This privacy policy specifies how we collect, use, and share information about you when you access or use Diesta’s websites, our products and services (collectively, “Services”) or otherwise interact with us, for example, when you attend a Diesta event or interact with us on any of our social media platforms.
1. Personal Information We Collect
All personal data we collect is reasonable and necessary to enable us to perform our Services and operate our website.
We may collect personal data about you either directly or indirectly, and always within the legal frameworks of the DPA and GDPR.
Personal Information You Provide Us Directly:
Diesta collects personal information that you provide to us directly, for example, when you make use of our services, book a demo, or request customer support. The types of information we collect include:
- Identifiers (like full name, email address, phone number).
- Professional information (including a company name and title).
- Any other personal information you choose to provide.
Personal Information We Receive Automatically:
When you visit, use, or interact with our website or Services, we receive the following information about your visit, use, or interactions:
- Logs of your use of the Diesta Portal.
- We automatically collect technical information about the device you use to visit our website and/or portal, including your IP address, browser type / version and related settings.
- We also collect personal data from website users through cookies and Google Analytics, a web analytics service provided by Google, Inc. (Google). Cookies are small data files stored by your web browser either on your hard drive or in device memory that determine usage of our Services, which in turn, helps us improve our services. Cookies also assist in monitoring for and detecting potential harmful conduct. Further details can be found in our Cookie Policy.
Personal Information Collected from other Sources:
We may collect information about you from other third-party sources. This could include:
- Other business partners or other people within your organisation, that have an existing relationship with you.
- Other business partners or other people within your organisation, that have an existing relationship with you.
- Personal data provided to us by government agencies.
2. How we use personal information
Lawful Bases for Processing in the EEA and UK
Diesta only processes your personal information when we have a valid legal basis to do so. This will depend on what information we collected and the context for processing it. Generally, we only collect and process information where:
- We need to fulfil our responsibilities and obligations in any contract or agreement with you and/or our customers.
- To comply with our legal obligations under applicable law.
- Where the processing is necessary for our legitimate interests and is not overridden by your data protection interests or fundamental rights and freedoms (for example, to provide or update our services).
- Where you have given your consent to do so.
We use the information we collect for:
Business Purposes
- To verify your identity for access to our Services.
- To operate, improve, and develop our Services.
- To monitor and analyse trends, use, and activities in connection with our Services.
- To comply with legal obligations, legal processes and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.
- To prevent fraud, criminal activity, or misuses of our Services, and to protect the security of our IT systems, architecture, and networks.
To communicate with you
- To respond to your comments, questions, and business enquiries.
- To communicate with you about products, services, and events.
3. Who we share Personal Information with
Sometimes we may need to share your personal data with third parties. This will usually be because you have asked us to, or:
- Sometimes we may need to share your personal data with third parties. This will usually be because you have asked us to, or:
- to protect the safety, security, and integrity of our products, employees, or users, or the public.
- if we determine, in our sole discretion, that there is a violation of our terms, policies, or the law.
We also collect, use, and share information that has been aggregated, and de-identified in a way so it cannot be used to identify you, for any purpose permitted under applicable law.
When we share personal data with third parties which are providing us with services, or providing services to you on our behalf, we always have an agreement in place to ensure protection of your personal data i.e. that it is only used for agreed purposes and in accordance with applicable laws such as the GDPR.
4. How long we Retain personal data
We retain personal data for no longer than necessary to achieve the purposes for which it was collected unless a longer retention period is required under applicable law. Thereafter the information is disposed of responsibly and securely.
5. Your Data Protection Rights
Data subjects can contact us directly at any time to ask us to clarify what personal data (if any) we hold about them, how it was obtained and why we use it.
Where data subjects exercise their rights in respect of the data held by our customers (data controllers), we will make every effort to support them in fulfilling their obligations. Any support we do provide is as agreed with our customers in our customer agreements or other relevant contracts.
If you are based within the UK, the GDPR provides you with the following data protection rights:
- The right to be informed about the processing of your personal data.
- The right to obtain access to your personal data.
- The right to have your personal data rectified or erased, or to place restrictions on processing your personal data.
- The right to object to the processing of your personal data.
- The right to have any personal data you provided to us electronically returned to you in a structured, commonly used and machine-readable format, or sent directly to another company, where technically feasible (this is known as ‘data portability’).
- Where the processing of your personal data is based on your consent, the right to withdraw that consent subject to legal or contractual restrictions.
- The right to object to any decisions based solely on the automated processing of your personal data, including profiling.
- The right to lodge a complaint with the data protection supervisory authority responsible for data protection matters in your location. For the UK, this is the Information Commissioner’s Office (ICO).
If you think we hold any personal data about you which is incorrect or if there are any changes to your personal data, please let us know so that we can keep our records accurate and up to date. If you wish to exercise your data protection rights as an individual, please access the Individual Rights Request Form and contact us at DPO@diesta.co.uk
Please note:
- We will require you to verify your identity to us before we can provide any personal data to you, and we reserve the right to ask you to specify the types of personal data you want to see.
- If you do not want us to use your personal data for purposes set out in our privacy notice, we may not be able to provide you with access to all or parts of our website or Services.
6. Do you wish to contact us?
We hope that this privacy policy provides you with the information you are looking for, but if you need any further details, or wish to exercise any of your data protection rights, please do reach out to us via email at DPO@diesta.co.uk
Diesta’s registered office is located at 29 Gildredge Road, Eastbourne, East Sussex BN21 4RU.
7. About This Privacy Policy
Please note:
- This policy is not intended to be a contractual document unless expressly stated in any relevant contract we enter.
- We may update this privacy notice from time to time and will publish revised versions on our Website.