Data protection law requires us to have a valid lawful basis before processing your personal information. We rely on the following:
Performance of a contract. We process your personal information where it is necessary to arrange your insurance policy. Uinsure acts as the intermediary arranging the contract of insurance between you and the insurer. Processing is necessary to obtain quotes, place cover, administer your policy, and handle claims.
Legal obligation. We process your personal information where required by law, including FCA record-keeping requirements, anti-money laundering regulations, sanctions screening, and tax reporting obligations.
Legitimate interests. We process your personal information where it is in our legitimate interests to do so and where those interests are not overridden by your rights. Our legitimate interests include:
-
Fraud prevention and detection.
-
System and network security.
-
Service improvement and business analytics.
-
Staff training and quality monitoring.
-
Direct marketing to existing customers (subject to your right to opt out at any time).
Where we rely on legitimate interests, we carry out an assessment to ensure the processing is proportionate and your rights are protected.
Recognised legitimate interests. Where applicable and where the statutory conditions are met, we may rely on recognised legitimate interests under the Data (Use and Access) Act 2025, for example in relation to information security or the prevention and detection of crime (including insurance fraud). We will apply this basis only where the statutory conditions are met and will keep our approach under review in line with ICO guidance.
Consent. Where no other lawful basis applies, we may ask for your consent. You may withdraw consent at any time by contacting us. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Special category data and criminal conviction data. Insurance may involve the processing of health information and, in some cases, criminal conviction data. We rely on the following legal grounds:
-
Health data in claims and complaints – Article 9(2)(f) UK GDPR (establishment, exercise, or defence of legal claims). For example, where a claim involves personal injury or where health information is relevant to a complaint or dispute.
-
Criminal conviction data – Article 10 UK GDPR. Where you apply for a non-standard insurance product, you may be asked to disclose unspent criminal convictions that are relevant to the cover sought. We may also process criminal conviction data where required for FCA regulatory compliance. This data is processed only to the extent necessary, and only where an appropriate condition under Schedule 1 of the DPA 2018 is met.
-
Explicit consent (Article 9(2)(a) UK GDPR) – where no other condition applies, we will ask for your explicit consent before processing special category data.