We note that our website may contain links to other third-party websites. If you follow these, please note that they have their own privacy policies and that we can’t accept any responsibility for what they do with your data.
We are registered with the UK’s Information Commissioner’s Office (ICO).
We’re committed to respecting and protecting your personal data.
Data we may collect about you
- Personal data that you provide; such as when you visit our website or interact with the support team including your name, age, email address, trip destination and details, and anything you say to Arma Karma within our customer support chat (provided by Tidio) including your conversation history with us and details we require to provide you with a policy.
- Website; such as details of visits to our websites and information collected through cookies and other tracking technologies including your domain name, browser version, operating systems, traffic data, location data, web logs and other communication data and the stuff that you access.
- Insurance policy details; when you buy a policy from us we will keep a record of the fact that we sold it to you, some of this is used to detect fraud.
- Claims information; when submitting a claim, detailed data about your trip and the conditions of your claim.
Sometimes you will agree to another company not mentioned above to provide us data about you, this may be through one of our partners, for example, you may share your name, date of birth or subscription details.
After any payment, we do not take or store any of your financial information such as credit card details. These are securely handled directly and independently by our payment providers who only provide a payment confirmation to us.
What we do with your data
When we ask you to provide certain data, rest assured it will only be used in accordance with this policy. We’re required by law to let you know what legal grounds we have to justify each use of your personal data and so these are also described below.
The types of things we use your data for are:
- To provide our services effectively: like selling you insurance, helping us manage your account or improving our services. Our legal ground for doing this is ‘legitimate interests’ as it enables us to perform our obligations and provide our services to you. Where we administer your policy our legal ground for doing this is your consent which we will ask for at the time we collect it.
- To carry out necessary compliance and fraud checks: Our legal grounds for doing this is our legitimate interests.
- To inform you of changes to our services: Our legal basis for this is our legitimate interests to conduct our business.
- To reorganise or make changes to our business: If we are subject to negotiations for the sale of our business or a part of it, we are sold to a third party or undergo a reorganisation we may need to transfer some or all of your personal information to the relevant third party or its advisors as part of the due diligence process. Our legal ground for doing this is our legitimate interest to make changes to our business.
- In connection with our legal or regulatory obligations: we may disclose your personal data to third parties, the court services and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by parties anywhere in the world. Where permitted, we will notify you before responding to requests. Our legal grounds for doing this is fulfilling our legal obligations, dealing with legal claims and our legitimate interests to cooperate with law enforcement and regulatory authorities.
How we secure your data
We use Azure SSE AES-256 encryption to protect your data where we store it (at-rest) and ensure it’s encrypted (HTTPS) while sending across the internet (in-transit).
How long we keep your data
We keep certain personal data on record for 7 years, if you bought an insurance policy, to meet the FCA’s requirements. We only keep other data as long as we reasonably need it for the purposes for which we received it and any linked purpose.
If you ask us to delete the data that we hold about you, we’ll always aim to do so within 2 working days, except that we’re not allowed to delete data which is required for fraud detection and regulatory reasons.
Sharing your data with others
We do not share your data with third parties other than as described in this policy or where you explicitly agree to. The third parties that we may pass your personal data to fall into the following categories:
Data controllers (who process your personal data independently and under their own policies):
- Insurance and claims handling: We may provide Watford Insurance Company Europe Limited and UK General Insurance Limited with your personal data for the purposes of underwriting the insurance provided and to support the handling of claims. In order to process your claim, we will also share your information with our claims handlers, see: Important Data Controllers for more information.
- Compliance: We may also pass your data to companies that perform fraud and crime checks. We are required by law to do this.
- Partners: We may share your data with any relevant parties who provided you with a promotional offer, so that you may benefit from the promotion offered to you. For example, if another company offers you cashback if you purchase an Arma Karma subscription, we may share your data with them in order for them to provide you with the cashback. Furthermore, we may share your data with anyone who you give us explicit permission to share with..
Data processors (who process your personal data on our behalf and under our instruction and subject to our privacy safeguards):
- Technology and marketing providers: We use various cloud, technology and marketing providers to offer our service (for example, hosting providers), they will only have access to your data with our consent. Usually, they only have access to anonymised or aggregated data.
International data sharing
We store all your data within the United Kingdom (“UK”), but it may be processed or viewed by staff or companies outside the UK who work for us or one of our partners. Regardless of location, we’ll always impose on our employees or contractors the same data protection safeguards that we use inside the UK. Where we are transferring your data to countries which are outside the UK and that have not been approved by the UK as providing essentially equivalent protections to within the UK, we will transfer it subject to UK approved contractual terms.
Your rights and contacting us
If you’re situated within the UK you may have the rights set out below. These rights can be made use of via email at email@example.com.
- Request access to your personal data
- Request an update to your personal data
- Request your account to be closed and personal data to be deleted, though for legal reasons we might not always be able to do it
- Object or request restriction to processing your data e.g. opt out of certain marketing
- Request the transfer of your data to you. We will provide this in a common format
- Withdraw consent at any time where we are relying on consent to process your data
- You have the right to lodge a complaint with us and if you’re not satisfied with the Information Commissioner’s Office at http://www.ico.org.uk/
browser, but so do some of our third parties e.g. Google, Facebook or our payment providers, this helps to track you across different websites.
You can turn off cookies in your browser or phone settings. For more information on cookies have a look at http://www.aboutcookies.org/.
Important Data Controllers
We are registered with the Information Commissioner’s Office under number ZA774430 and the Data Controller is Arma Karma Limited. Our address is Arma Karma, Innovation Centre, Boundary Road, Colchester, CO4 3ZQ.
Details of other important partners who also provide parts of our service are set out below. We don’t have control over how they use your data, but we wouldn’t be working with them if we didn’t trust them.
- Watford Insurance Company Europe Limited (Watford), PO Box 1338, First Floor, Grand Ocean Plaza, Ocean Village, Gibraltar
- Direct Validation Service, Unit 8 Caxton Road, Fulwood, Preston, PR2 9NZ
- UK General Insurance Limited (UKG), Building 3.1 Carrwood Park, Swillington Common Farm, Selby Road, Leeds LS15 4LG
- Innovative Risk Labs Ltd (IRL), 79 Straight Bit, Flackwell Heath, Bucks, England, HP10 9NE
Updating this policy
We may update this policy at any time by updating this page. The updated policy will be effective from the date it’s posted.
We will always aim to notify you of important changes to this policy and we encourage you to review the policy from time to time when you visit the website. If you don’t agree with these changes, you can let us know and we’ll close your account.
If you’re not satisfied with our use of your personal data you can also contact the Information Commissioner’s Office.
© Arma Karma Limited (v4.0. Last updated: 4th May 2022)
Arma Karma Limited is registered in England and Wales under company number 12002692.
Arma Karma Limited is an Appointed Representative of Innovative Risk Labs Ltd, which is authorised and regulated by the Financial Conduct Authority. Firm reference number 925873.