Privacy Notice

Introduction

The Collinson Group is committed to processing personal data in compliance with applicable data protection law. This Privacy Notice explains how Collinson Group entities and any other affiliated entity you engage with (“Collinson”) process your personal data in connection with the provision of insurance products and related services.

Individuals covered by this Privacy Notice

This Privacy Notice informs individuals who are policyholders, dependents, children, spouses or partners, claimants, witnesses, business contacts and other third parties, policyholders’ agents and representatives, users of this website and digital services. References to “you” or “your” mean the individuals listed above.

Who is responsible for your personal data?

For most insurance activities, the data controller of your personal data is the underwriter of your insurance policy. The name and contact details of the underwriter are set out in your policy documentation. In respect of your insurance product, Collinson may act as:

An independent or joint controller for certain processing activities (e.g., operating websites, customer service, compliance, fraud prevention); and
A processor on behalf of the underwriter for other activities.

Collinson entities that may act as a data controller

Depending on the product and your location, one or more of the following Collinson entities may be the data controller for specific processing activities:

Collinson Insurance Europe Limited
Collinson Insurance Services Limited
Collinson Insurance Services Europe Limited
Astrenska Insurance Limited
Columbus Insurance Services Limited

The contact details for our Data Protection Team of the entities listed above and information on your rights are set out in the “Your rights” section below.

Personal Data categories Collinson may process about you

The following table outlines the personal data categories we may process about you. This includes but it is not limited to:

Type of Personal Data	Examples of data
Additional Support Needs Data (Special Category)	Physical or mental health conditions, cognitive impairments, disabilities, medication or treatment details, financial resilience information to assess support needs, power of attorney declarations, distress or confusion indicators, requests for third-party support or representation, additional support needs
Appearance and Behavioural Data	Height, weight, gender identity, lifestyle data, descriptive characteristics, demographic segment, behavioural profiling, purchase/claim patterns, website pager view
Authentication Data	Passwords, security questions, memorable information
Background Check Data	Disclosure and Barring Check data or similar background checks information
Claim and Complaint Data	Claim reference number, type of claim (e.g. theft, injury, travel delay), incident date, location, description of loss, alternative insurance coverage
Communication Data	Call recordings, emails, letters, complaint records, instant messaging, social media
Consent and Preference Data	Claim form consents, third-party data sharing authorizations, marketing consent data, cookie consent
Contact Details	Home address, correspondence address, email address, phone number
Credit Assessment Data	Credit score, reports from credit reference agencies, bankruptcy filings, County Court Judgments (CCJs), debt repayment history, financial history
Criminal Offence Data (Special Category)	Criminal convictions or allegations
Demographic Data	Marital status, country of residence/citizenship, nationality, number of dependents, language preference, title (Mr/Ms), age
Device/Technical Data	Device type, browser type, operating systems, geolocation data, referring websites, IP address, login data (for online claim portals), API failures, usage data, analytics customer ID, metadata
Employment and Occupation Data	Job title, employer details, income, employment status (relevant for income protection or liability claims), employment history, professional qualifications, accreditations and certifications, job description, reasonable adjustments, accidents at work, sickness and unemployment
Financial Data	Bank account details, credit card numbers, premium/payment history, compensation amounts
Fraud & Sanctions Data	Fraud alerts and notifications, sanctions list screening, politically exposed person status (Special Category), publicly available records, sanctions checks
Health Data (Special Category)	Medical conditions and diagnosis, medical reports (e.g., GP or specialist records), hospital records, medical history, disability details, mental health conditions, medication and treatment details, vaccination status, evidence of temporary or long-term illness
Identification Data	Full name, date of birth, gender, national insurance number, identity information (e.g., passport or driving license)
Marketing & Engagement Data	Survey responses, promotional entries, feedback, communication preferences, marketing preferences, trust pilot invitations, newsletter
Photographs and Video Evidence	Images of damage, items you travelled with, images to prove ownership, CCTV footage, dashcam footage, images submitted to support claims
Policy Data	Policy number, policy type, start/end dates, coverage details
Special Categories of Personal Data	Racial or ethnic origin, religious beliefs, sexual orientation if relevant
Third-Party, Associated Person or Dependent Data	Spouse or partner’s name, date of birth, contact details, medical information related to Third Parties (if relevant), travel details, children’s names or ages, next of kin, beneficiaries, travel companions, emergency contact information, grant of probate and executor of the estate data
Travel Data	Departure and return dates, duration of travel, destinations, fight number and booking references, accommodation details, transport arrangements, planned activities, purposes of travel, visa copies, flight tracking data, lounge visits data
Trade Union Membership (Special Category)	Trade Union Membership, Name of the Trade Union
Usage & Interaction Data	Website and mobile app activity logs, session metadata, clickstream data, chatbot interaction records, cookie data, frequency of access, web accessibility customisation data (e.g., for vulnerable customers), traffic source data
Vehicle or Property Data	Vehicle registration, damage reports, repair invoices, property ownership or damage assessments, licenses
Witness Data	Names, contact info, statements from witnesses, details of other parties involved in the claim

Sources of Personal Data

For the purposes of arranging, managing, and administering your insurance policy and any related claims, Collinson collects personal data from the following sources:

Directly from you, including forms, communications, device data, and from other insured individuals or beneficiaries on your policy.
Insurance intermediaries and partners, such as brokers, agents, third-party administrators, comparison websites, and other business partners.
Claims and service providers, including third-party administrators, medical and travel assistance providers, loss adjusters, legal advisors, and others involved in managing claims or providing services as part of your insurance policy.
Third parties involved in your claim, such as witnesses, other insurers, and relevant individuals named on your policy.
Collinson companies, which may share with each other information about your policies or claims.
Government agencies and regulators, including law enforcement, tax authorities, and financial regulators.
Credit reference and fraud detection, investigation and prevention agencies.
Third-party service providers supporting contact verification, payment processing, and eligibility assessments.
Publicly available sources, including online databases, social media, and government records.
Marketing and analytics service providers.

Purposes, Personal Data Categories and Legal Bases

The following table outlines the ways in which Collinson processes your personal data, the purposes of processing, what type of data and the corresponding legal bases. Where applicable under applicable law, Collinson has identified its Legitimate Interest in processing personal data. The types of personal data processed includes:

Processing activity	Purpose	Personal Data Categories	Legal Basis
Policy Application and Underwriting	To assess eligibility, determine premiums, and issue policies	Additional Support Needs Data, Contact Details, Demographic Data, Employment and Occupational Data, Financial Data, Health Data, Identification Data, Policy Data, Trade Union Membership Data, Travel Data, Usage and Interaction Data, Vehicle or Property Data	Performance of Contract, Legitimate Interest, Consent
Claims Processing and Management	To investigate, evaluate, and settle insurance claims To assess third-party liability To provide regular or emergency medical assistance	Additional Support Needs Data, Claim and Complaint Data, Communication Data, Consent and Preference Data, Contact Details, Demographic Data, Device Technical Data, Employment and Occupational Data, Financial Data, Fraud and Sanctions Data, Health Data, Identification Data, Marketing and Engagement Data, Photographs and video evidence, Policy Data, Third Party, Associated Person or Dependent Data, Trade Union Membership Data, Travel Data, Usage and Interaction Data, Vehicle or Property Data, Witness Data	Performance of Contract, Legal Obligation, Legitimate Interest, Vital Interest
Provision of Travel Disruption Products and Services	To provide insurance coverage for flight disruption To track flight to assess eligibility for travel disruption service	Contact details, Identification Data, Travel Data	Performance of Contract
Provision of Medical Assistance	To provide regular or emergency medical assistance To facilitate identification of available doctors	Additional Support Needs Data, Claim and Complaint Data, Communication Data, Consent and Preference Data, Contact Details, Demographic Data, Device Technical Data, Employment and Occupational Data, Financial Data, Fraud and Sanctions Data, Health Data, Identification Data, Marketing and Engagement Data, Photographs and video evidence, Policy Data, Third Party, Associated Person or Dependent Data, Trade Union Membership Data, Travel Data, Usage and Interaction Data, Vehicle or Property Data, Witness Data	Performance of Contract, Legal Obligation, Legitimate Interest, Vital Interest
Automated decision-making	To assess eligibility and process claims automatically	Additional Support Needs Data, Claim and Complaint Data, Communication Data, Consent and Preference Data, Contact Details, Demographic Data, Financial Data, Health Data, Identification Data, Marketing and Engagement Data, Photographs and Video Evidence, Policy Data, Third-Party, Associated Person or Dependent Data, Travel Data, Usage and Interaction Data, Vehicle or Property Data, Witness Data	Consent
Fraud Detection and Prevention	To detect, investigate and prevent fraudulent claims or activities	Background Checks Data, Claim and Complaint Data, Communication Data, Credit Assessment Data, Criminal Offence Data, Device and Technical Data, Fraud & Sanctions Data, Identification Data	Legal Obligation, Legitimate Interest
Customer Service and Communication	To respond to enquiries, provide assistance, and manage communications	Communication Data, Contact Details, Identification Data	Performance of Contract, Legitimate Interest
Product Marketing and Promotion	To send marketing communications, offers, and gather feedback	Consent and Preference Data, Contact Details, Marketing & Engagement Data	Consent, Legitimate Interest
Regulatory Compliance and Reporting	To comply with legal and regulatory requirements including filing of regulatory reports	Additional Support Needs Data, Claim and Complaint Data, Contact Details, Criminal Offence Data, Financial Data, Fraud & Sanctions Data, Identification Data, Policy Data	Legal Obligation, Legitimate Interest
Risk Assessment and Pricing	To assess risk factors and set pricing for insurance products	Additional Support Needs Data, Appearance and Behavioural Data, Claim & Complaint Data, Demographic Data, Employment and Occupational Data, Health Data, Policy Data, Trade Union Membership Data, Travel Data	Legitimate Interest, Performance of Contract
Customer Account and Online Portal Management	To provide secure access to customer accounts and manage authentication	Appearance and Behavioural Data, Authentication Data, Device/Technical Data, Identification Data, Usage and Interaction Data	Performance of Contract, Legitimate Interest
Provision of assistance for individuals with additional support needs	To identify and provide additional support for vulnerable customers	Additional Support Needs Data, Contact Details, Health Data, Identification Data	Legitimate Interest, Consent, Legal Obligation
Data Security and System Monitoring	To secure systems, detect cyber threats, and monitor usage	Authentication Data, Device/Technical Data, Usage & Interaction Data	Legitimate Interest, Legal Obligation
Authorised Representative Submissions & Evidence Handling	To process data related to third parties supporting the claims process for policyholders	Contact Details, Health Data, Third-Party, Associated Person or Dependent Data, Travel Data	Performance of Contract, Legitimate Interest
Product and Pricing Model Development	To enhance or create insurance products and refine pricing through behavioural and risk data modelling	Additional Support Needs Data, Appearance and Behavioural Data, Claims and Complaint Data, Demographic Data, Employment and Occupational Data, Health Data, Identification Data, Policy Data, Trade Union Membership Data, Travel Data	Legitimate Interest
Internal Training and Quality Monitoring	To monitor and improve the quality of services, particularly through review of recorded calls and interactions	Communication Data, Device/Technical Data, Usage & Interaction Data	Legitimate Interest
Legal Claims and Dispute Management	To handle disputes, legal claims, and enforcement	Claim and Complaint Data, Communication Data, Criminal Offence Data, Financial Data, Fraud & Sanctions Data, Identification Data, Policy Data	Legal Obligation, Legitimate Interest
Research, Analytics and Claims Process Evaluation	To assess customer satisfaction with claims processing To improve products, services, and customer experience	Aggregated or pseudonymised data derived from any of the above categories, Contact Details, Device and Technical Data, Identification Data, Marketing and Engagement Data, Policy Data	Legitimate Interest, Consent

Automated decision-making

We may use automated processes to support claims handling. Automated processes may be used to assess straightforward claims against predefined policy criteria, allowing us to process these claims more quickly and consistently. These checks help us assess claims efficiently, comply with our legal and regulatory obligations, and protect our customers and business. You can always request human review and further information about how a decision was reached on claims handling.

Cookies and similar technologies

We use cookies and similar technologies to make our website work, keep it secure, remember your preferences, and, if you agree, help us understand how the site is used so we can improve it. Strictly necessary cookies are used on the basis of our legitimate interests or to perform a contract. All other cookies, including analytics, are used only with your consent.

With your consent, we use Google Analytics 4 and Hotjar to measure and improve site performance and user experience. These tools may process online identifiers such as cookie IDs, device and browser details, usage events such as pages visited and clicks, approximate location, and timestamps. Google and Hotjar may act as independent controllers for some processing and may transfer data outside the UK and EEA with appropriate safeguards. For details, please see Google’s and Hotjar’s privacy notices. Please find below the cookie categories used by Collinson and the respective legal basis relied on for their use:

Cookie Category	Explanation	Legal basis
Strictly necessary	Enables core site functions such as navigation, security, and session management.	Legitimate Interest
Functionality	Remembers choices such as language and accessibility settings to provide enhanced features.	Consent, Legitimate Interest
Analytics and performance	Measures usage and helps improve the site by understanding interactions with pages and features.	Consent
Advertising	Tailors content or measures the effectiveness of marketing.	Consent

You can manage or withdraw your consent at any time via our cookie banner or the settings link in the website footer. You can also block or delete cookies in your browser, although this may affect site functionality. We retain analytics data only for as long as needed for reporting and improvement, in line with our data retention policy. If our use of cookies or analytics tools changes, we will update this section and, where required, ask for your consent again.

Data Sharing and Transfers

To provide and manage your insurance policy and process any related claims, Collinson may share your personal data with third-party recipients including, but not limited to, insurance intermediaries, authorised agents and third-party administrators, claims handlers, medical and travel assistance providers, loss adjusters, legal advisers, fraud prevention agencies, credit reference agencies, regulators, government and law enforcement authorities, other insurers involved in your policy or claim, marketing and analytics service providers, customer relations management partners, and any third-party service provider for claim validation purposes.

Some of these recipients may be located outside the European Economic Area (EEA) in countries such as the United States, Canada, India, Australia, South Africa, and Switzerland. Where personal data is transferred to countries outside the EEA that do not currently have an adequacy decision from the European Commission or the UK Secretary of State, Collinson ensures that appropriate or suitable safeguards are implemented. These safeguards may include the use of Standard Contractual Clauses approved by the European Commission or other legally recognised transfer mechanisms to ensure your personal data remains protected in accordance with the applicable data protection laws.

Data Retention Periods

Collinson retains your personal data only for as long as necessary to fulfil the purposes for which it was collected, including providing and administering your insurance policy, processing claims, complying with legal and regulatory obligations, and resolving any disputes. The applicable retention periods are determined based on several criteria:

The duration of your insurance policy and any related claim periods;
Legal or regulatory requirements that mandate minimum or maximum retention times, such as those related to financial record-keeping or anti-fraud measures;
Where the retention period is not mandated by law, the necessary time period to meet legal or regulatory requirements;
The necessity to establish, exercise, or defend legal claims;
The type and sensitivity of the personal data involved; and
Whether you have withdrawn consent or requested erasure, subject to any applicable legal exceptions.

Once personal data is no longer required, Collinson will securely delete or anonymise it in accordance with applicable data protection laws.

Your Rights

Under applicable data protection law, you have certain rights regarding the personal data Collinson processes about you. These include:

The right to access the personal data we hold about you;
The right to request correction of any inaccuracies in your data;
The right to request erasure of your personal data where applicable;
The right to restrict or object to certain processing activities, including direct marketing;
The right to request the portability of your personal data to another organisation;
The right to withdraw consent at any time, where processing is based on your consent, without affecting the lawfulness of processing carried out before withdrawal;
The right to object to automated decision making and profiling;
The right to know about the appropriate or suitable measures implemented by us in the context of data transfers.

Please note that some of these rights are subject to limitations and exceptions under applicable law. To exercise any of your rights or to raise questions about your personal data, you may contact Collinson’s Data Protection Team by email at dataaccess@collinsongroup.com or by post at 3 More London, London, SE12AQ, United Kingdom.

You also have the right to lodge a complaint with a supervisory authority, if you believe your rights have not been respected. The competent supervisory authority for the processing of your personal data is the data protection authority in your place of habitual residence. In light of the insurance products provided, the most frequently competent authorities would be:

Information Commissioner’s Office (United Kingdom)
1. Website: www.ico.org.uk
2. Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
Office of the Information and Data Protection Commissioner (Malta) – Leading Supervisory Authority
1. Website: www.idpc.org.mt
2. Address: Floor 2, Airways House, Triq Il-Kbira (High Street), Tas-Sliema SLM 1549, Malta.
Garante per la Protezione dei Dati Personali (Italy)
1. Website: www.garanteprivacy.it/home
2. Address: Piazza Venezia 11, 00187, Roma, Italy
Data Protection Commission (Ireland)
1. Website: www.dataprotection.ie
2. Address: 6 Pembroke Row, Dublin 2, D02 X963, Ireland.

Privacy Notice

Would you like help navigating this website?