Our Privacy Notice

Personal data refers to any information relating to an individual who can be identified directly or indirectly. This includes details such as your name, address, date of birth, email address, telephone number, IP address, and policy or account numbers.

It can also include more sensitive types of data, known as special category data, such as health information or criminal conviction data, which we may process when necessary to provide certain insurance products or services.

For us to arrange and administer insurance for you we will collect and process the following personal data, depending on your relationship with us:

• Name, address, date of birth, contact details
• Employment, driving, and licensing history
• Details relating to vehicles, property, or business
• Payment and financial information
• IP address, browser and device data
• Communications and call recordings
• Claims history and incident details
• Special category data (e.g. criminal convictions, health) where relevant to insurance

Where you disclose the personal data of others, you must ensure that you are entitled to do so.

If you object to the collection, sharing and use of your personal data, we may be unable to provide you with our products and services.

Where you use our online portals, we collect information such as user login credentials, activity logs and any communications through the portal.

Where telematics devices are installed in your vehicle, or where you use a telematics-enabled mobile app, the following types of data may be collected:

Vehicle Location Data

• Real-time GPS location
• Journey start and end points
• Routes taken

Driving Behaviour

• Speed
• Acceleration and braking patterns
• Cornering and turning
• Instances of harsh driving

Usage Data

• Time and duration of journeys
• Frequency of vehicle use
• Mileage

Vehicle Diagnostics (depending on the device)

• Engine status
• Battery voltage
• Maintenance alerts

Crash Detection

• Sudden impact or collision detection
• Incident location and time

This data is used to assess driving behaviour, calculate risk more accurately, detect fraud, and may influence your insurance premium or eligibility for certain products.

We usually collect your personal data directly from you or someone acting on your behalf, such as through online forms, phone calls, written correspondence, or paper-based documents we complete with you. We may also verify your identity using third-party sources like credit reference agencies.

In these situations, we act as the data controller, determining how and why your information is processed. Where we engage third parties to handle your data strictly under our instruction, they act as data processors.

Where other parties, such as insurers or administrators, are involved in underwriting or managing your policy, we may act as joint data controllers, sharing responsibility for how your personal data is used.

We collect and use your personal data to provide you with insurance and financial services and to fulfil our contractual and legal obligations. The legal bases on which we rely to process your data typically include the performance of a contract, compliance with legal obligations, our legitimate business interests, and, where applicable, your explicit consent.

We may use your personal data for the following purposes:

• To provide insurance quotations, arrange insurance contracts, and administer your policy throughout its lifecycle, including processing mid-term adjustments, renewals, and claims.
• To verify your identity and carry out credit checks where required.
• To arrange premium finance where applicable and manage financial transactions associated with your insurance.
• To comply with legal and regulatory obligations, such as those imposed by the Financial Conduct Authority (FCA), HMRC, or the Information Commissioner’s Office (ICO).
• To investigate and prevent fraud, financial crime, or other illegal activities, including data sharing with appropriate authorities and third-party databases for fraud prevention purposes.
• To assess risk and pricing using automated decision-making tools, which may include profiling based on the information you provide. Where applicable, you have the right to request human review of such decisions.
• To record and monitor communications (including telephone calls, emails, and webchat) for training, quality assurance, and regulatory compliance.
• To develop and improve our products, services, and customer experience, including through statistical analysis and market research.
• To manage your account and respond to your queries or complaints effectively.
• To market similar products or services to you where we have a legitimate interest, unless you have opted out. Where consent is required for marketing or data sharing, this will be clearly requested and can be withdrawn at any time.

In addition, we may process special category data (such as health details or criminal convictions) where necessary for the purpose of arranging or administering your insurance policy. This is done under the legal condition of substantial public interest, as permitted by data protection legislation.

If your insurance includes telematics (such as a smartphone app or in-vehicle device), we may collect data such as location, speed, braking, and journey patterns. This data is used to assess driving behaviour, provide trip information, aid in accident support, and inform premium pricing.

In providing your personal data to us, you are forming a contract with One Sure Insurance Ltd or Freedom Retail Ltd. If you contact us for a quote or make an enquiry, we may also rely on legitimate interest to follow up with relevant information.

Where your data is shared with insurers, finance providers, service partners, or other organisations involved in administering your insurance, these parties may act as either processors or joint controllers of your data. We ensure that appropriate legal and technical safeguards are in place to protect your information at all times.

In order to deliver our services, administer your insurance policy, and comply with legal and regulatory obligations, we may need to share your personal data with third parties. We will only share the information necessary for the relevant purpose and always ensure that appropriate safeguards are in place to protect your data.

We may share your personal information with:

• Insurers, underwriters, intermediaries, and premium finance providers involved in quoting for, arranging, underwriting, or administering your insurance policy.
• Claims handling services, loss adjusters, accident management companies, and uninsured loss recovery agents where applicable.
• Third-party service providers we engage to perform services on our behalf, such as IT system providers, customer contact centres, document production services, compliance support, and payment processors.
• Credit reference agencies, identity verification providers and anti-fraud databases, including those used industry-wide to prevent and detect crime and fraud.
• Group companies within One Sure Group, where this may help to provide you with alternative cover options, renewals, or additional services.
• Regulators, statutory bodies, or law enforcement agencies where required to meet our legal obligations or in response to valid legal requests.
• Debt recovery agencies or solicitors acting on our behalf to recover outstanding payments.
• Service partners that provide ancillary benefits or support related to your insurance (such as MOT reminders or breakdown services) where relevant and necessary.
• Parties involved in a potential business restructure, merger, or sale of part or all of our business, where your policy would need to be maintained or transferred.

In the case of telematics or app-based insurance products, your data may be shared with third-party telematics providers for the purposes of device installation, monitoring, and driving behaviour analysis.

Where data is shared with third parties outside of the UK or European Economic Area (EEA), we ensure that appropriate safeguards (such as standard contractual clauses or adequacy decisions) are in place to protect your data and uphold your rights under UK data protection law.

In certain circumstances, the personal data we collect from you may be transferred to and processed in countries outside of the United Kingdom. This may occur where we or our third-party service providers operate internationally, including when using cloud-based platforms or telematics providers.

Where such transfers take place, we ensure that your personal data is protected by appropriate safeguards. These may include the use of standard contractual clauses approved by the UK Information Commissioner’s Office (ICO), International Data Transfer Agreements (IDTAs), or ensuring that the country has an adequacy decision from the UK Government.

We also conduct transfer risk assessments where required and ensure that any recipient of the data adheres to strict data protection standards and security measures. You can request more information about international data transfers and the safeguards we use by contacting our Data Privacy Representative. (Refer to the ‘How to Contact Us’ section at the end of this document).

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, regulatory, and contractual obligations, or for legitimate business interests such as statistical analysis, product development, and marketing.

If no insurance contract is entered into, we will typically retain your data for up to 3 years. Where a policy is in place, data may be retained for up to 3 years after you cease to be a customer of One Sure Insurance Ltd or Freedom Retail Ltd, particularly where required for claims handling or regulatory purposes.

In some cases, we may need to retain your data for longer—for example, if it is relevant to a legal claim, required by law, or where there is a reasonable expectation of a future claim arising.

We are committed to ensuring that your personal information is secure. We use a range of technical and organisational measures to protect your data from unauthorised access, unlawful processing, accidental loss, destruction or damage.

These measures include robust access controls, encryption, firewalls, regular system monitoring, secure storage facilities, staff training, and procedural safeguards to ensure data is handled in line with our internal policies and regulatory expectations.

Where we work with third-party service providers who process your data on our behalf, we ensure that appropriate contractual and security arrangements are in place. These third parties are only permitted to process your data under our strict instructions and not for their own purposes.

Any data transferred outside of the UK or the European Economic Area (EEA) will only be done where adequate levels of protection are in place, as required by applicable data protection laws. We will take all reasonable steps to ensure your data remains secure and protected wherever it is processed.

All employees and contractors are required to maintain the confidentiality of personal data, and we regularly review our data handling practices and security measures to ensure they remain effective.

If you suspect any misuse or unauthorised access to your data, please contact our Data Protection Representative immediately at datarequests@onesureinsurance.co.uk.

You have a number of legal rights concerning the personal information we hold about you. These rights allow you to understand and control how your data is used. You can exercise any of the rights listed below by contacting our Data Protection Representative at datarequests@onesureinsurance.co.uk.

Your rights include:

• Right of Access – You have the right to request a copy of the personal data we hold about you.
• Right to Rectification – If your information is incorrect or incomplete, you can request that it be updated or corrected.
• Right to Erasure – In certain circumstances, you may request that we delete your personal data, for example, where the data is no longer needed or you withdraw your consent.
• Right to Restriction of Processing – You have the right to request that we stop or limit processing your data in certain circumstances.
• Right to Data Portability – Where processing is based on your consent or a contract and is carried out by automated means, you may request to receive your personal data in a structured, commonly used and machine-readable format and have it transferred to another controller.
• Right to Object – You may object to processing based on our legitimate interests or for direct marketing purposes.
• Rights in relation to automated decision-making and profiling – You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects on you. You can request human intervention and challenge such decisions.

Where we rely on your consent to process your data (for example, for marketing purposes), you can withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Please note that some rights may be limited where we are required to retain data to comply with legal or regulatory obligations or where we are entitled to retain data under applicable law.

We will not charge a fee to process these requests, however, if your request is considered to be repetitive, manifestly unfounded and/or excessive, we are entitled to refuse to comply with the request or charge a reasonable administration fee. A response to your request will be provided to you within 30 days of us receiving a valid request. We do have the authority to extend these requests by up to 3 months; following ICO guidance. If we do need to do this, we will write to you to confirm this within 30 days of receiving your original request to explain our reasons why.

If you are dissatisfied with how we handle your personal data or your rights, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

You can raise a complaint or concern by contacting our Data Protection Representative:

Email: datarequests@onesureinsurance.co.uk
Post: Data Protection Representative, One Sure Insurance Ltd, Spitfire House, 142-154 Congleton Road, Talke, Stoke-on-Trent, Staffordshire, ST7 1LX

We will acknowledge your complaint promptly and aim to resolve it as efficiently as possible in line with our complaints handling procedures.

If you are dissatisfied with our response, or believe we are not processing your personal data in accordance with the law, you have the right to lodge a complaint with the UK’s independent authority for data protection:

Information Commissioner’s Office (ICO)
Website: www.ico.org.uk
Helpline: 0303 123 1113

If you have any questions about this privacy notice, the information we hold about you, or how we use your data, please get in touch with us using the contact details below.

Data Protection Representative
One Sure Insurance Ltd
Spitfire House
142-154 Congleton Road
Talke
Stoke-on-Trent
Staffordshire
ST7 1LX

Email: datarequests@onesureinsurance.co.uk
Phone: 01952 570039
Website: www.onesureinsurance.co.uk