1 Exchange Street, Attleborough, NR17 2AB  –  info@activateinsurance.co.uk    01953 711564

Data Protection Policy

1. Purpose of this Policy
This policy sets out how Activate Ins Limited, a UK-based commercial insurance
brokerage, collects, uses, stores, shares, and protects personal data in compliance
with the UK General Data Protection Regulation (UK GDPR) and the Data Protection
Act 2018.

We are committed to protecting the privacy and rights of our clients, prospects,
employees, and business partners.

2. Scope
This policy applies to:

  • All employees, contractors, and third-party service providers acting on our behalf
  • All personal data processed by us, whether electronic or paper-based
  • All activities relating to client acquisition, quotation, policy administration, claims
    handling, and general business operations.

3. Our Role as Data Controller
Activate Ins Limited is a Data Controller under the UK GDPR, meaning we determine
the purpose and means of processing personal data. In certain scenarios, we may
also act as a Data Processor on behalf of insurers.

4. Legal Basis for Processing Personal Data
We process personal data on one or more of the following lawful grounds:

  • Contractual necessity – to provide insurance services or obtain quotations
  • Legal obligation – for regulatory or tax compliance
  • Legitimate interests – for client service, fraud prevention, and business improvement
  • Consent – where legally required for marketing or sensitive data (e.g. health-related)

5. Types of Data We Collect
We collect personal and sometimes sensitive (special category) data, including:

  • Names, addresses, email addresses, telephone numbers
  • Business details and financial information
  • Claims history and underwriting data
  • Identification documents (e.g. driving licence, passport)
  • Medical or criminal conviction information where relevant to cover
    We may collect data directly from you or via insurers, credit agencies, introducers, or
    other third parties.

6. How We Use Personal Data
We process personal data to:

  • Provide quotes, administer insurance policies, and handle renewals and claims
  • Respond to client enquiries and provide customer support
  • Meet regulatory, legal, and financial obligations
  • Prevent fraud and manage risk
  • Improve our services and maintain business records
  • Send relevant marketing communications (where permitted)

7. Data Sharing
We only share personal data where necessary and appropriate, including with:

  • Insurers, underwriters, and reinsurers
  • Finance providers (e.g. premium finance companies)
  • Regulatory bodies (e.g. FCA, ICO)
  • IT service providers and secure cloud storage platforms
  • Professional advisers (e.g. accountants, legal representatives)
  • Law enforcement or statutory authorities (where required)
  • All third parties are vetted and required to process data in accordance with the law.

8. Data Security
We implement appropriate technical and organisational measures to protect
personal data, including:

  • Encryption, firewalls, and secure servers
  • Access controls and user authentication
  • Regular data backups and security monitoring
  • Staff training on data handling and confidentiality
  • Secure disposal of confidential records

9. Data Retention
We retain personal data only for as long as necessary to fulfil the purpose it was
collected for, including legal, accounting, or reporting requirements.
Typical retention periods are:

  • Client records: 7 years after policy termination
  • Claims data: 7–15 years depending on case type
  • Marketing consent: until withdrawn
  • Employee data: 6 years post-employment
    We review retention periods regularly and securely dispose of data when no longer
    needed.

10. Your Rights
Under UK GDPR, individuals have the right to:

  • Access their personal data
  • Correct inaccurate or incomplete data
  • Request erasure (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability (where applicable)
  • Withdraw consent at any time (for marketing or where consent is the legal basis)
    Requests can be made by emailing info@activateinsurance.co.uk We aim to
    respond within one month.

11. Data Breaches
We take any suspected or confirmed data breach seriously. If a breach occurs that
risks individual rights or freedoms, we will:

  • Report it to the ICO within 72 hours, if required
  • Notify affected individuals where there is a high risk
  • Investigate the breach and take corrective action

12. Staff Responsibilities
All staff and contractors handling personal data must:

  • Follow this policy and any related procedures
  • Only access data necessary for their role
  • Report data breaches or concerns immediately to the Data Protection Officer or
    nominated contact
    Training is provided regularly, and failure to comply may result in disciplinary action.

13. Policy Review
This policy is reviewed at least annually or following significant changes to our
business or applicable law.

Contact Details
For data protection queries or requests, please contact us.

Effective Date: 1 st August 2025