FAQ Category: Intermediary Privacy

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, to comply with our legal and regulatory obligations, and to establish, exercise, or defend legal claims.

As a general guide, we retain policy and claims records for up to 7 years after the policy expires or the final claim is settled. This period is driven primarily by the Limitation Act 1980 (which sets a 6-year limitation period for contractual and tortious claims), FCA recordkeeping requirements, and HMRC obligations. Other categories of data may be retained for shorter or longer periods depending on the applicable legal basis – for example, quotation data where no policy was purchased is retained for a shorter period.

• The criteria we use to determine retention periods are:
• The nature of the personal data and the purpose for which it was collected.
• Our legal and regulatory obligations (including FCA, HMRC, and anti-money laundering requirements).
• The limitation period for potential legal claims.

Contractual requirements with insurers and other parties. Our full Data Retention Policy and Schedule, which sets out retention periods by data category, is available on request by contacting us at dataprotection@uinsure.co.uk.

When your personal information reaches the end of its retention period, it is securely destroyed in accordance with our information disposal procedures.

1 Insurer panel members and ancillary product providers (independent data controllers)

When you request a quote, we submit your personal information to one or more insurers on our panel so that they can assess the risk and provide a quotation. Your policy may also include ancillary products (such as legal expenses insurance or home emergency cover) provided by specialist insurers on our panel. Each insurer and ancillary product provider is an independent data controller and is independently responsible for its own processing activities.

When a policy is placed, your contract of insurance is between you and the insurer – not between you and Uinsure. The insurer will process your personal information for the purposes described in the insurer’s own privacy notice.

A full list of our insurer panel members and ancillary product providers, including their regulatory details and links to their privacy notices, is available on our Insurer Panel page. We recommend that you review your insurer’s privacy notice to understand how they use your personal information.

Requesting printed copies of third-party privacy notices. If you receive your documents by post, or would otherwise prefer a printed copy, you may request a printed copy of any insurer, ancillary product provider, or premium finance provider privacy notice referenced in this notice. Please contact us using the details in Section 14 and we will send a printed copy to you free of charge.

2 Your financial adviser, broker, or introducer

Where your policy was arranged through a financial adviser, mortgage broker, bank, building society, or affinity partner, we share relevant policy information with them to enable them to service your account and manage their customer relationship with you. This may include information about the status of your policy. Each introducer is an independent data controller for the information they hold about you.

3 Processors (organisations that process data on our behalf)

We engage third-party service providers who process your personal information on our behalf, under our instructions and subject to written Data Processing Agreements compliant with Article 28 UK GDPR. Categories of processors include:

• Policy administration platform provider – hosts and operates the system used to manage your quotes and policies.

• Communication service providers – send transactional messages to you on our behalf (such as policy confirmations, renewal reminders, and claims updates) by email, SMS, or post.

• Payment processors – process premium payments securely.

• IT infrastructure and security providers – host our systems, provide endpoint security, and monitor for cyber threats.

• Customer feedback providers – administer customer satisfaction surveys on our behalf.

• Call monitoring and quality assurance providers – analyse recordings of telephone calls to assess service quality and regulatory compliance, including through automated transcription and AI-assisted scoring.

We do not permit our processors to use your personal information for their own purposes. They may only process it for the specific purposes set out in our Data Processing Agreement.

4 Credit reference and fraud prevention agencies

We may share your personal information with credit reference agencies to verify your identity and assess your financial standing. Quotation-stage checks are soft searches visible only to you. If you proceed with premium finance, your finance provider may conduct a full credit search.

We share information with fraud prevention agencies and industry databases (including the Claims and Underwriting Exchange, the Motor Insurance Anti-Fraud and Theft Register, and other databases maintained by Insurance Database Services Limited) to detect and prevent fraud. If fraud is identified, you could be refused certain services, finance, or employment.

5 Premium finance providers

If you choose to pay your premium by monthly instalments, your details will be shared with a premium finance provider. The finance provider is an independent data controller and will conduct its own credit checks, which will be visible to other organisations and may affect your credit file. The finance provider will report the payment history of your account to credit reference agencies.

6 Regulatory, legal, and statutory bodies

We may share your information with organisations that have a role established by law, including the FCA, the Financial Ombudsman Service, the Information Commissioner’s Office, law enforcement agencies, and HMRC. We will disclose personal information where we are required to do so by law, regulation, or court order, or where we have a duty to cooperate with regulatory or criminal investigations.

7 Other sharing

We may also share your personal information with:

• Your relatives, guardians, or authorised representatives (where you are unable to act on your own behalf or have given us permission).

• Your solicitor or other professional advisers acting on your behalf.

• Another company in the event that Uinsure’s business or part of it is sold or transferred, to ensure continuity of your insurance arrangements.

• Other companies within the Uinsure group, where we are unable to provide you with a suitable product and wish to check whether another group company can assist. This would only occur where the purpose is to find you appropriate insurance cover, and we would inform you before sharing your details for this purpose.

We will not sell your personal information to third parties for marketing purposes.

Several stages of the insurance process involve automated (computer-based) processing. It is important to understand the difference between automation that assists a process and solely automated decisions that have a significant effect on you, because your rights differ in each case.

1 Automation used to assist processing

Uinsure uses automated systems to support certain activities. These involve automated processing but are not solely automated decisions that produce legal or similarly significant effects on you without human involvement.

Quote comparison and presentation. Our systems submit your information to insurers on our panel and present the resulting quotes to you or your introducer. The selection and ordering of quotes may involve automated logic, but the choice of whether to proceed with any quote is yours.

Quality assurance and call monitoring. We use automated tools, including AI-assisted transcription and scoring, to analyse recordings of telephone calls between our staff and customers. This is used to assess service quality and regulatory compliance. These tools assist our quality assurance team but do not make decisions about you. No action is taken in relation to your policy or claim based solely on automated call analysis.

2 Automated pricing decisions

Both Uinsure and insurers on our panel use automated systems to calculate premiums, assess risk, and determine the price of your insurance. These systems apply rules and algorithms to the information described in Section 1 (including property details, claims history, location data, and where available introducer-supplied data) to assess the likelihood of a claim and calculate a premium. Where these decisions are based solely on automated processing and produce legal or similarly significant effects on you, the safeguards described in Section 5.4 apply. For pricing decisions made by insurers, each insurer is an independent data controller and is responsible for providing its own safeguards – see Section 6.1.

3 Other automated decisions made by insurers and finance providers

Insurers, finance providers, and their appointed agents may make other decisions about you using their own automated systems. Each acts as an independent data controller for these decisions.

Claims handling and triage. Claims are handled by the insurer (or their appointed claims handler) as an independent data controller. Insurers may use automated processing to triage claims, assess them against policy terms, and determine settlement. Where these decisions are based solely on automated processing and produce legal or similarly significant effects on you, the insurer is responsible for providing the applicable safeguards.

Credit referencing. Where you choose to pay by monthly instalments, your premium finance provider may use automated credit scoring to assess your eligibility. The finance provider is an independent data controller – see Section 6.5.

4 Your rights regarding solely automated significant decisions

Where a decision is made about you that is based solely on automated processing and produces legal or similarly significant effects, safeguards apply under UK data protection law. These include the right to:

• Be informed that such a decision has been made.

• Make representations about the decision.

• Obtain human intervention.

• Contest the outcome.

Where a solely automated significant decision involves special category data (such as health information), additional legal restrictions apply. We will only carry out such processing where a lawful condition is met and appropriate safeguards are in place.

These rights apply in relation to the organisation that makes the decision. For any solely automated significant decisions made by Uinsure, please contact us using the details at the end of this notice. For decisions made by insurers or finance providers, please contact them directly using the details in their privacy notice or your policy documentation.

Data protection law requires us to have a valid lawful basis before processing your personal information. We rely on the following:

Performance of a contract. We process your personal information where it is necessary to arrange your insurance policy. Uinsure acts as the intermediary arranging the contract of insurance between you and the insurer. Processing is necessary to obtain quotes, place cover, administer your policy, and handle claims.

Legal obligation. We process your personal information where required by law, including FCA record-keeping requirements, anti-money laundering regulations, sanctions screening, and tax reporting obligations.

Legitimate interests. We process your personal information where it is in our legitimate interests to do so and where those interests are not overridden by your rights. Our legitimate interests include:

• Fraud prevention and detection.

• System and network security.

• Service improvement and business analytics.

• Staff training and quality monitoring.

• Direct marketing to existing customers (subject to your right to opt out at any time).

Where we rely on legitimate interests, we carry out an assessment to ensure the processing is proportionate and your rights are protected.

Recognised legitimate interests. Where applicable and where the statutory conditions are met, we may rely on recognised legitimate interests under the Data (Use and Access) Act 2025, for example in relation to information security or the prevention and detection of crime (including insurance fraud). We will apply this basis only where the statutory conditions are met and will keep our approach under review in line with ICO guidance.

Consent. Where no other lawful basis applies, we may ask for your consent. You may withdraw consent at any time by contacting us. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Special category data and criminal conviction data. Insurance may involve the processing of health information and, in some cases, criminal conviction data. We rely on the following legal grounds:

• Health data in claims and complaints – Article 9(2)(f) UK GDPR (establishment, exercise, or defence of legal claims). For example, where a claim involves personal injury or where health information is relevant to a complaint or dispute.

• Criminal conviction data – Article 10 UK GDPR. Where you apply for a non-standard insurance product, you may be asked to disclose unspent criminal convictions that are relevant to the cover sought. We may also process criminal conviction data where required for FCA regulatory compliance. This data is processed only to the extent necessary, and only where an appropriate condition under Schedule 1 of the DPA 2018 is met.

• Explicit consent (Article 9(2)(a) UK GDPR) – where no other condition applies, we will ask for your explicit consent before processing special category data.

We use your personal information to:

• Assess your application or renewal for an insurance quote.

• Use information provided by your financial adviser, broker, or introducing partner – including any supplementary data or customer score they supply – as a factor in assessing risk and determining the price of your insurance, alongside the information you provide directly.

• Submit your details to our panel of insurers to enable them to provide you with a quote and, if you proceed, to issue and administer a policy.

• Verify the information you provide and confirm your identity.

• Administer and maintain your insurance policy, including processing renewals, mid-term adjustments, and cancellations.

• Handle claims and enquiries on your behalf.

• Assess your financial standing through credit reference checks.

• Prevent, detect, and investigate fraud.

• Comply with our legal and regulatory obligations, including FCA requirements and anti-money laundering regulations.

• Resolve complaints in accordance with FCA dispute resolution rules.

• Improve our products, services, staff training, and security.

• Maintain insurance records in accordance with our retention schedule.

• Facilitate quality assurance and compliance monitoring, including the recording of telephone calls and AI-assisted analysis of customer interactions.

• Communicate with you about your policy, and where you have consented or we have a legitimate basis, send you marketing communications.