Privacy & Data Policy

Collecting Information

This website requests and collects personally identifiable information, such as name, address, email address and phone numbers. This is done through various means, including site registration, games, questions, surveys, comments and communications to the site, and postings to chat/bulletin areas (if any).


“Cookies” are pieces of information which are placed on an individual’s computer hard drive to enable the individual to easily communicate and interact with the site. We may use cookies to customize your browsing experience on this site. We may use cookies to record how often a user has visited our site, and what pages the user has viewed/accessed. You may, however, choose to disallow receiving cookies at any time through your internet browser on your computer. If is not our intention to utilise cookies to retrieve information that are unrelated to our site, or your interaction with the site.

IP Address

Your Internet Protocol (IP) address may be collected to help us diagnose problem with our server and to administer our site. An IP address is a number assigned to your computer when you use the internet. Such information does not contain personally identifiable information about you. Your IP address may also be used to help identify you during your browsing session, and to gather demographic data.

General Data Protection Regulation (GDPR)

The Board of has considered and adopted the following procedure. The responsibility of updating the Board on developments within GDPR rests solely with the risk committee and/or Data Protection Officer. (NB – this procedure replaces any previous versions).

Officers and staff of will treat all information received from clients and third parties in accordance with the GDPR regulations.

Data Processing Definition

Processing means any operation (or set of operations) performed with personal data (or sets thereof), whether or not by automated means (such as collection, organization, structuring, recording, storage, alteration or adaptation, retrieval, use, disclosure by transmission, consultation, dissemination or otherwise by making available, alignment or combination, restriction, erasure or destruction). “Data Controller” is the trading name for which the data is being collected (for example, by all companies).

The Purpose for Collecting Data

The prime purpose for collection of data by is its use exclusively in the application, provision and management of financial product and service lines.  The company consider that the processing is necessary for the performance of a contract with you (the data subject), or to take steps to enter into such contract with you.  Data is collected to ensure our understanding of your needs, and enable us to provide a quality service to you, particularly but not limited to the following reasons: 

  • To establish internal records for the provision of our business services and operations
  • To maintain records so that both Legal and Regulatory responsibilities can be met without delay
  • To ensure that data is only disclosed to the appropriate parties
  • To ensure that appropriate information is processed and retained in accordance with practices, as defined by the Information Commissioner
  • To safeguard the rights of individuals with regards personal information which may be held, stored or processed about them

Periodically, we may send promotional emails regarding new services, special offers or other information which we believe you may find relevant, by using the email address provided by you.


Your consent must be given freely, specifically, informed, unambiguous and must be verifiable. This means that some form of record must be kept as to how and when your consent was given. All individuals have the right to withdraw their consent at any time. will ensure that consent is provided by the following means:

Online Applications: The applicant will be directed to our “terms and conditions” information, which includes a copy of the company’s GDPR procedure. You will then be asked to confirm your permission to continue, based upon those conditions set out in the document, by your completion of a tick box. On acceptance of the terms and conditions, the data will then be forwarded from your internet browser, and processed in accordance with the type of application in question. Should you be unwilling to share your data at this point, the application will not be forwarded from your internet browser and you will be free to discard the application without further interaction with

Controlling Your Personal Information

You may wish to restrict the use or collection of your personal information. This can be done in the following ways:

Your information will only be collected on our website contact form when you have agreed to our terms and conditions of business. will occasionally use email and SMS marketing and credit control tools for the purpose of client communication. Where used, we will include information regarding unsubscribing your email address from any ongoing marketing communications.

If you should believe hold personal information about you, you are welcome to send us a written “Subject Access Request” to request details of such data. We will require you to provide comprehensive proof of your identity before releasing such data.

Should you require this personal information to be anonymized, archived, deleted, updated or altered in any other way, you should include this in your written request to us. will be happy to comply where our statutory, regulatory and commercial rights and responsibilities will not be compromised. are only able to respond to “Subject Access Requests” when received in writing, and sent to our postal address on our contact page. We will not distribute your personal information to any third parties unless we are explicitly required to do so under IT hosting arrangements, for accounting or regulatory purposes, or by law.

Data Types Held

Data collected and retained comes under the following categories:

  • Personal data
  • Banking data
  • Financial history
  • Credit history
  • Insurable risk data
  • Insurance claims history
  • Underwriting notes
  • Insurance notes
  • Credit control notes
  • Conversations between clients and personnel
  • Public data

Each of these data categories are considered to be a requirement to fulfill the contractual obligations of both the company and the client.

Data Recipients

  • The client
  • Group Companies
  • IT Hosting Platforms
  • Credit Reference Agencies
  • Payment Gateway Providers
  • Regulatory Authorities (including Police, Customs, FIS)
  • Ombudsman
  • Auditors
  • Suppliers of services
  • Financial Organisations
  • Debt Collecting, Tracing and Private Investigators
  • An organisation processing data on behalf of the company

Data Retention Periods

Your personal information will be kept in a format which allows identification of data subjects for no longer than is necessary for the purposes for which the information is processed.  It should be noted that records linked to financial transactions are subject to retention rules.  These rules are published periodically by regulatory authorities and under accounting standards rules.  Currently, the minimum retention period under these requirements is six years.

Application records are required to be retained in order to ensure AML/CFT (Anti-Money Laundering / Combatting the Funding of Terrorism) reporting can be maintained. 

The retention period is measured from the date of the application (where there is no corresponding business written), or where business is written, from the date of the completion of the product:

Customer Information:  6 years after the completion of the last product provided

Loan Application Data:  6 years after the completion of the agreement

Insurance Application Data:  6 years after the completion of the policy

Life/Mortgage Application Data:  6 years after the completion of the related mortgage

Investment Business data:  10 years after the completion of the product (Jersey rule)

Application not leading to the sale of a product:  6 year

HR Data:  6 years after the leave date of the employee

Payroll Data:  6 years after the leave date of the employee.

Job application Data (unsuccessful candidate):  3 months following the fulfilment of the position

Employers Liability Insurance policy data must be retained for a minimum period of 10 years, consequently for these policy types, all data will be retained accordingly.  At the completion of the retention period, all data will be purged.

Sensitive Personal Data

Personal information consisting of the following information is deemed to be of a sensitive nature, and will not enquire nor retain information relating to these:

(a) the racial or ethnic origin of the data subject;
(b) his/her political opinions;
(c) his/her religious beliefs or other beliefs of a similar nature;
(d) whether he/she is a member of a trade union;
e) his/her sexual life;

Please note, it is necessary in some cases to record medical history in relation to travel and medical insurance plans. Where this is the case, records will be retained in accordance with the retention policies detailed above.

Data Relating to Children

It may sometimes be necessary to collect data relating to children (ie family travel insurance policies). In these circumstances, information must be provided by the parent or guardian. Under no circumstances may a member of staff enter into direct dialogue with a child or minor. The maximum age for consideration as a child is 16 years.

Security are committed to ensuring the security of your personal data. All information transferred between your internet browser and our website or third party applications are encrypted using HTTPS protocol, using Digital Certificates with secure TLS Cyphers. This can be verified by the appearance of the secure padlock symbol in the browser address bar.

In order to prevent any unauthorised access/disclosure, we have put in place further electronic, physical and managerial procedures to secure and safeguard the information collected. These procedures and policies are company confidential. This is to avoid exposure of data security, and so can only be made available to relevant parties, legally bound by a non-disclosure agreement.


The Board of Directors of the company have the responsibility to ensure that registration is maintained with the Data Protection/Information Commissioner, and that purposes for which the information is held and/or processed is declared, and to whom it will be disclosed and the security to be applied. It is the responsibility of all staff to ensure that any use of personal data during the course of their work is treated in accordance with the Data Protection Principles.

Consent to Processing

By providing your personal information to this site, you are fully understanding and unambiguously giving consent to the transfer of such personal data, and to the collection and processing of such personal data, in the United Kingdom and other countries or territories.


This site may contain reference or links to other web sites outside of our control. Please be aware that we have no control over these sites, and as such our privacy policy does not apply to these sites.


If you would like to review and/or up-date the information that you have provided to this site, please write to us at to requesting the change.


At any time, you may choose to have your name removed from’s e-mail marketing list by sending an email to with the subject line “unsubscribe” or by following instructions provided in any e-mail message from

Your Acceptance of This Policy

By the use of this site, you signify your acceptance and agreement of our Privacy and Data Policy. If you do not agree to this policy, please do not use this site. reserves the right, at our discretion, to change, modify, add or remove portions from this policy at any time. As such, visitors are encouraged to review this policy periodically. Your continued use of our site following the publication of such changes to these terms means that you accept these changes.