Print this page >

Privacy Policy

Who are we.

Trafalgar Risk Management act as data controller and our contact details are Audit House, 260 Field End Road, Eastcote, Middlesex, HA4 9LT. Our e-mail address is trmadmin@trafalgar.uk.com.

Main purpose, legal reason and categories of data.

Our main purpose is to obtain an insurance quote, arrange an insurance policy for you and service that insurance policy as required. Some of that work may be undertaken by us as coverholder of the insurer (where we would still act as a Data controller).

Our main legal reason will be one of the following.
  • We are arranging a contract to which you (or the legal entity you work for) will be a party.
  • We are providing you (or the legal entity you work for) a service as an insurance broker or at some point in the future a credit broker and that may be under a contract (written or otherwise) we have with you (or the legal entity you work for).
  • We may be following our legitimate business interests of acting as an insurance broker or at some point in the future a credit broker.

The main information you supply up with, will be provided by you to us on our web site or in an exchange of e-mails or a telephone call or by post. We provide insurance policies to commercial clients but within the information provided to us, there may also be some Personal Data.

You may also wish to contact us during the period of the insurance cover or after it has expired and we do not limit the Data Types or categories you provide us with.

Other lawful reasons we have for processing your personal data.

Our own legitimate business reasons and the following are examples only and not intended as a complete list: staff training and monitoring, task management, financials, transaction reporting, sanction checking and countering criminal activities, antiterrorism, money laundering and bribery, seeking professional advice, running of a business, record keeping, maintaining and developing IT systems, data management and backup.

We also have to abide by certain laws and this can involve us in dealing regulators such as the Financial Conduct Authority and The Information Commissioners Office, or the Financial Ombudsmen service as regards any complainants using their services and if required the Financial Services Compensation Scheme. This can involve us in sharing details with these and other organisations.

For premium payment or premium funding then we may hold payment details on a temporary basis and that would be for legitimate business reasons and in order to arrange for you (or the legal entity you work for) to enter into a contract at your or their request. It is then the payment system provider (Sagepay) or the premium payment funder who store the details to provide their service.

Sharing your data with others.

In order to obtain a quote or arrange or service an insurance policy then we need to share the data and information you give us with Insurers or others acting on their behalf. All act as their own data controllers or than Normandie Administration Services Limited who act as our Processor.

These are the insurance organisations involved with links to their privacy policies.

Ironshore Europe DAC: 8 Fenchurch Street, London EC3M 4AJ - Privacy Policy

Trafalgar Insurance Company Limited - Normandie House, Rue a Chiens, St Sampson’s
, Guernsey, GY2 4AE - privacy policy link

Abbey / Brit - 20 Fenchurch Street, London, EC3M 3AZ - Privacy Policy

CFC - 85 Gracechurch Street, London, EC3V 0AA - Privacy Policy

We provide unique offerings through benefit schemes run and managed by Parliament Hill Limited, 127 Cheapside, London, England, EC2V 6BT Privacy Policy and we both have a legitimate business reason to share data for the management and delivery of our benefit offering and for the development and monitoring of that insurance benefit offering.

Some insurance offerings are specific to certain associations and members of those associations. Access to those schemes is limited to association members and in some cases a certain category of membership. For legitimate business reasons we may need to share data with the association in order to validate membership, report on the performance of the scheme or to confirm whether or not cover has been purchased.

We use Normandie Administration Services Limited an organisation situated in Guernsey who provided us with backroom administration services, record keeping, some insurance intermediary communications and other services. They provide those services to us as our processor. See ‘sending data outside the EEA’ below.

Sharing data with insurers where we act as their coverholder. This is a legitimate business reason we need to comply with.

Automated decision making.

We may provide you with log in facilities so that you can access your policy documents or contact us. These systems may use an automated check of log in details. That is required for us to perform our service to you.

Our web sites provide a ‘quick quote’ system and behind that system is a formula used to calculate that ‘quick quote’. That is not an insurer quote but us using a formula to assess what we believe a standard premium would be based against the short data form you have provided us with. That is required for us to perform our service to you.

When you (or the legal entity you work for) apply for insurance then our system may assess whether some of the answers you have given will result in the insurer requiring further information or require the application to be referred to the insurer as a specific event. When that occurs, it is necessary for you (or the legal entity you work for) to enter into a contract.

Insurers might use automated processing and if they do that will be necessary for entering into a contract.

Sending data outside the EEA.

If you were to have a claim then insurers may need to investigate that claim or take action to deal with that claim. Each claim is different. It may be in dealing with a claim some data may need to be sent outside the EEA.

We use a Processor who is situated in Guernsey but generally that Processor accesses and processes data held on our servers in the United Kingdom. There are occasions where some personal data may be transferred to Guernsey. Examples are where we require that Processor to deal with post, handle insurer payments. That Processor may also make or receive telephone calls on our behalf. We rely on authorizations made by the supervisory authority the Information Commissioners Office but if Guernsey was not to be accepted by the Information Commissioners Office then we would rely on your having given (or obtained) consent at the time you passed us that data, please see ‘The giving of Consent’ below.

Period we store your data for.

We hold personal data for up to six years after the insurance placement has expired or if later, for up to six years after our services in connection with that insurance placement has expired. These periods can be extended where required for legal reasons, regulatory requirements or in order to protect our legitimate business interests.

Use of personal data for Marketing.

We do not sell your data but we may use your data to advise you of other products or services that we provide or that can be provided through us. We will use your contact details that you have given us. Those contact details may relate to your corporate entity or you may have provided a personal e-mail address. Even a corporate e-mail address may contact the name of an individual or data form which an individual could be identified.

Using existing data we hold about you are which may be available to.

If you are or have been an existing client then we may hold some data already about your organisation. That data may include personal data. We may have been obligated to run certain checks that may have returned data to us. In dealing with insurers or their representatives, certain data may have been exchanged either for setting up a contract, servicing a contract, for legal or regulatory reasons or for legitimate business interests.

Exchange of personal data and your responsibilities.

In this section when refer to ‘you’ we are referring to ‘you’ as the commercial client seeking or using our services.

If you are the entity or person requesting the insurance, insurance quote or are asking us to take action on your behalf then we will have these expectations and requirements. We deal with commercial clients. We would expect you as a commercial client to act as a data controller in your own right. We advise you of how we deal with the data (including personal data) you supply to us. We expect and require you to obtain all necessary permissions and authority for us to handle and process personal data (if you send us any personal data) as described in this privacy policy, including all handling by insurers and others we use to provide the service.

The giving of consent.

We do not limit the type of data you can send to us. To use some types of personal data consent is required. We also pass data to Insurers and others we use in the performance of our service to you. We also send some data outside of the EEA, please see ‘Sending Data Outside the EEA’ above.

Below are the data subject rights in respect of this data.

General rights. Where the law does allow us to charge a fee then we reserve the right to do so.

  • You have the right to request why we are holding your data, the categories of data we hold, the purpose of the processing, the categories of the recipients of such data, how long we may hold that data, if automated processing is involved, and the possible source of the data if we did not collect the data direct from you.
  • You can ask if any of your personal data is transferred outside of the EEA by us or a processor acting for us.
  • You can ask for copies of personal data undergoing processing, where that does not affect the rights and freedoms of others. If you require further copies we can charge you a reasonable fee.
  • You can ask us to rectify inaccurate information or change and update any data that we hold about you.
  • You have the right to lodge a complaint regarding our processing of your personal data. You can complain to us at our contact address above. You can lodge a complaint with the Information Commissioners Office (ICO) if you feel that we are infringing GDPR rules when handling your personal data. You can find out details about how to raise issues with the ICO from their web site www.ico.org.uk or via their help line 0303 123 1113.
  • You have the right to the rectification of any inaccurate personal data we hold about you or to have’ incomplete data’ made ‘complete’ provided the processing requires such completeness.
  • In certain cases, listed below you have the right to request the erasure of personal data we hold about you, but such a request would not override our compliance with any legal obligation we have;
    • it is no longer necessary for us to hold such personal data in relation to the purpose for which it was collected,
    • you gave consent and now wish to withdraw that consent and there is no legal grounds for us to continue processing,
    • on the grounds that we do not have a legitimate interest in processing your personal data and that was the legal basis we were using, and can verify that is the case,
    • where we are using your personal data for marketing purposes,
    • the personal data was unlawfully processed, but you can ask us to continue storage of such data if you wish rather than select erasure.
  • You have the right to restrict processing, but not continued storage, where the accuracy of the data is contested whilst we verify the accuracy.
  • There may be cases where you can request that we transfer some personal data to another controller.
  • You have the right to object to a decision based solely on automated decision making or profiling where this is not necessary for entering into or the performance of a contract between us and you or you have already given us your explicit consent and the process has already taken place, but we will where reasonable and appropriate, review any decision made and consider any point of view you make regarding that decision.

Were we have given the legal reason for processing as your having given us ‘consent’ to that processing, then you can withdraw that consent and after that withdrawal no further processing will take place, but this does not affect processing which is based on other legal grounds.