Privacy Policy

Privacy Policy

At bpw Insurance we take the protection of our customer’s data seriously.

Our Privacy Policy explains who we are, why we hold and use your data.
It also sets out your rights in relation to this.

Who are we?

bpw Insurance Services Ltd is registered in England and Wales under Company Registration No: 06471650. Our registered address is: Cathedral Chambers, 107 Stow Hill, Newport, NP20 4ED.

As a Data Controller, we are registered with the Information Commissioner’s Office (ICO) under registration number: Z1426921

This privacy policy aims to give you information on how we collect and process your personal data including through your use of our website or any of our products or services.  We are committed to protecting and respecting your privacy and personal data, and to complying with our legal obligations.

When we refer to our “website” or the “Site” we mean https://www.bpw-insurance.co.uk including the any of its sub-domains or pages.

References to “we”, “our” or “us” is to bpw Insurance Services Ltd and our affiliates, operating under the name of bpw Insurance Services, and “you” or “your” (or similar) is to users of the Site or our services.

The data we collect and process

As an insurance broker/intermediary, we need to collect personal data in order to perform our services for you.

We will need to collect and process information about you (which includes details of your financial history and any criminal convictions); your business (including any other partners/directors/shareholders); assets (which may include personal assets); as well as any previous claims and potential liabilities to accurately assess your requirements.

This data is required for us to obtain, place and service any insurance policies for you.

In the event of a claim, we may be required to obtain further personal information, including data about any third parties involved.

The data collect and process the includes (but is not limited to) the following Personal Data:

Individual details – name, address (and proof of address), other contact details (e.g. email and telephone details), gender, marital status, family details, date and place of birth, employer, job title and employment history, relationship to the policyholder, insured, beneficiary or claimant;

Identification details – identification numbers issued by government bodies or agencies (e.g. depending on the country you are in, social security or national insurance number, passport number, ID number, tax identification number, driver’s licence number).

Financial information – payment card number, bank account number and account details, income and other financial information.

Insured risk – information about the insured risk, which contains Personal Data and may include, only to the extent relevant to the risk being insured:

  • Health data – current or former physical or mental medical conditions, health status, injury or disability information, medical procedures performed, relevant personal habits (e.g. smoking or consumption of alcohol), prescription information, medical history
  • Criminal records data – criminal convictions, including driving offences
  • Other special categories of Personal Data – racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning an individual’s sex life or sexual orientation
  • Policy information – information about the quotes individuals receive and the policies they obtain.

Credit and anti-fraud data – credit history and credit score, information about fraud convictions, allegations of crimes and sanctions details received from various anti-fraud and sanctions databases, or regulators or law enforcement agencies.

Previous claims – information about previous claims, which may include health data, criminal records data and other special categories of Personal Data (as described in the Insured Risk definition above).

Current claims – information about current claims, which may include health data, criminal records data and other special categories of Personal Data (as described in the Insured Risk definition above).

Marketing data – whether or not the individual has consented to receive marketing from us and/or from third parties.

Website and communication usage – details of your visits to our websites and information collected through cookies and other tracking technologies, including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.

Where we collect such information directly from individuals, we will inform them of whether the information is required and the consequences of not providing it on the relevant form.

Sources of Personal Data

We collect and receive Personal Data from various sources, including (depending on the service provided and country you are in):

  • Individuals and their family members, online or by telephone, or in written correspondence.
  • Individuals’ employers or trade or professional associations of which they are a member.
  • In the event of a claim, third parties including the other party to the claim (claimant/defendant), witnesses, experts (including medical experts), loss adjusters, lawyers and claims handlers.
  • Other insurance market participants, such as insurers, reinsurers, MGAs and other intermediaries.
  • Credit reference agencies (to the extent bpw Insurance is taking any credit risk).
  • Anti-fraud databases and other third-party databases, including sanctions lists.
  • Government agencies, such as vehicle registration authorities and tax authorities.
  • Claim forms.
  • Open electoral registers and other publicly available information.
  • Business information and research tools.
  • Third parties who introduce business to us.
  • Forms on our website and your interactions with our website.

How we use and disclose Personal Data

In this section, we set out the purposes for which we use Personal Data, explain how we share the information, and identify the “legal grounds” on which we rely to process the information.

These “legal grounds” are set out in the General Data Protection Regulation (the GDPR), which allows companies to process Personal Data only when the processing is permitted by the specific “legal grounds” set out in the GDPR (the full description of each of the grounds can be found in the table at the end of this page.

Please note that in addition to the disclosures we have identified in the table below, we will disclose Personal Data for the purposes we explain in this notice to service providers, contractors, advisers, and agents that perform activities on our behalf.

To provide our services, we (and other insurance market participants) need to collect and use information about individuals such as their name and contact details, as well as special categories of personal data (e.g. about their health information) [and information about criminal convictions and offences].  The purposes for which we use personal data may include arranging insurance cover, handling claims, for crime prevention.

Providing the services may involve the disclosure of personal data to third parties such as insurers, reinsurers, loss adjusters, premium finance providers, sub-contractors, our affiliates and to certain regulatory bodies who may require your information themselves for the same purposes as described in this Privacy Policy.

Where you are providing us with information about a person other than yourself, you agree to notify them of our use of their personal data and, if requested by us, obtain their consent to our use of any special categories of personal data such as health information and information relating to criminal convictions and offences (e.g. by requiring the individual to sign a consent form).

Special Categories of Personal Data and Criminal Data

When we collect, use or disclose to third parties (such as insurers, intermediaries and reinsurers) Special Categories of Personal Data and Criminal Records Data for the reasons set out in the table above and for profiling as set out in the next section, we typically do so for reasons of substantial public interests, namely because it is necessary for the wide range of insurance-related activities that we undertake or because it is necessary for fraud prevention purposes.

Before you provide us with Special Categories of Personal Data and Criminal Records Data about a person other than yourself, you agree to notify such person of our use of their Personal Data and, if requested by us, to obtain their consent to our use of their Special Categories of Personal Data and Criminal Records Data (for example, by requiring the individual to sign a consent form).

Profiling and Automated Decision Making

Insurance premiums are calculated by insurance market participants benchmarking clients’ and beneficiaries’ attributes as against other clients’ and beneficiaries’ attributes and propensities for insured events to occur. This benchmarking requires bpw Insurance Services Ltd and other insurance market participants to analyse and compile information received from all insureds, beneficiaries, or claimants to model such propensities.

Accordingly, we may use Personal Data to both match against the information in the models and to create the models that determine the premium pricing in general and for other insureds. bpw Insurance Services Ltd and other insurance market participants may use special categories of Personal Data and criminal records data for such modelling to the extent it is relevant, such as medical history for life insurance or past motor vehicle convictions for motor insurance.

bpw Insurance Services Ltd and other insurance market participants may use similar predictive techniques to assess information that clients and individuals provide to understand fraud patterns, the probability of future losses actually occurring in claims scenarios, and as set out below.

We use these models only for the purposes listed in this Privacy Notice. In most cases, our staff make decisions based on the models.

Automated broking platform (e-Trade)

Where clients use the automated broking platform, insurance quotations are offered entirely by matching whether the attributes that the client has provided meet the criteria set by the insurers, which determines (a) whether a quotation will be made; (b) on what terms; and (c) at what price. Each insurer will use different algorithms to determine their pricing, and clients must consult each insurer’s privacy policy for further details.

Our platform merely queries whether attributes of potential insureds satisfy insurers’ models and then returns the results. If the potential insured’s attributes do not satisfy insurers’ models, the quotation request is referred for review by a team with underwriting authority. We also apply fraud prediction algorithms to the information clients provide to assist us in detecting and preventing fraud. We regularly review all profiling and associated algorithms against inaccuracies and bias.

These partially automated processes may result in a client not being offered insurance or affect the price or terms of the insurance.

Clients may request that we provide information about the decision-making methodology and ask us to verify that the automated decision has been made correctly. We may reject the request, as permitted by applicable law, including when providing the information would result in a disclosure of a trade secret or would interfere with the prevention or detection of fraud or other crime. However, generally in these circumstances we will verify that the algorithm and source data are functioning as anticipated without error or bias.


We have in place physical, electronic, and procedural safeguards appropriate to the sensitivity of the information we maintain. These safeguards will vary depending on the sensitivity, format, location, amount, distribution and storage of the Personal Data, and include measures designed to keep Personal Data protected from unauthorised access.

If appropriate, the safeguards include the encryption of communications via Secure Sockets Layer, encryption of information during storage, firewalls, access controls, separation of duties, and similar security protocols. We restrict access to Personal Data to personnel and third parties that require access to such information for legitimate, relevant business purposes.

Limiting Collection and Retention of Personal Data

We collect, use, disclose and otherwise process Personal Data that is necessary for the purposes identified in this Privacy Notice or as permitted by law. If we require Personal Data for a purpose inconsistent with the purposes we identified in this Privacy Notice, we will notify clients of the new purpose and, where required, seek individuals’ consent (or ask other parties to do so on bpw Insurance’s behalf) to process Personal Data for the new purposes.

Our retention periods for Personal Data are based on business needs and legal requirements. We retain Personal Data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, we retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data. When Personal Data is no longer needed, we either irreversibly anonymise the data (obfuscate) in which case we may further retain and use the anonymised information or securely destroy the data.

Accuracy of Personal Data and Your Rights

We strive to maintain Personal Data that is accurate, complete, and current. If you become aware that any data we hold about you is inaccurate or out of date, please let us know as soon as possible.

Questions regarding our privacy practices should be directed to the Data Protection Officer on info@bpw-insurance.co.uk

Under certain conditions, individuals have the right to request that we:

  • Provide further details on how we use and process their Personal Data
  • Provide a copy of the Personal Data we maintain about the individual
  • Update any inaccuracies in the Personal Data we hold
  • Delete Personal Data that we no longer have a legal ground to process
  • Restrict how we process the Personal Data while we consider the individual’s enquiry

In addition, under certain conditions, individuals have the right to:

  • Where processing is based on consent, withdraw the consent
  • Object to any processing of Personal Data that we have justified on the “legitimate interests” legal grounds, unless our reasons for undertaking that processing outweigh any prejudice to the individual’s privacy rights
  • Object to direct marketing (including any profiling for such purposes) at any time

These rights are subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). We will respond to most requests within 30 days.

If we are unable to resolve an enquiry or a complaint, individuals have the right to contact the UK data protection regulator, the Information Commissioner’s Office.

Links to Third-party websites

Our website(s) may contain links to other third-party websites. If you follow a link to any of those third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third-party websites.

Changes to this Privacy Policy

This Privacy Notice is subject to change at any time and there may notice given. If we make changes to this Privacy Policy, we will publish the revised version on our website.

Policy not due just yet?

Just complete this short form and we’ll be in touch with when when you’re ready.

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    Policy not due just yet?

    Just complete this short form and we’ll be in touch with when when you’re ready.

      This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.