New European Union-wide data protection regulations are enforced from the 25th May 2018.

For the purposes set out in this notice, the Information Commissioner Office (ICO) requires us to advise you that, information including personal information detailed below relating to you or anyone else to be covered by an insurance policy will be collected and processed by Aquilla Insurance Brokers Ltd and or on its behalf by its third-party service providers.

Our privacy policy outlines how we collect, retain and process your personal data which includes where necessary sensitive personal data together with the security standards that apply to protect this.

The controller of this Personal Data is Aquilla Insurance Brokers Ltd (“we” and “us”), and we will process Personal Data in accordance with this Privacy Policy which is also available on our website. Our website may collect data for analytical purposes only. It will not collect details of your IP address or any detail from which you will be able to be identified.

What Information We Collect and Where This Comes From

We may collect personal data about you which may extend to include sensitive data from information provided by you when contacting us to request insurance quotations, claim notifications and the services provided by us in support of this. This data will be provided by you or any other person you may appoint to provide us with information. You may be completing application forms or answering questions we ask to provide us with the required information. We may also obtain information from other sources that is readily available in the public domain such as the Internet, Press etc.

The information we obtain from you may be passed onto your insurers, sub brokers (where applicable) claims adjusters, surveyors, government agencies and where required to do so we may be required to verity your identity and the accuracy of the information that has been provided.

Personal Data

This information will directly or indirectly identify you as an individual and may also provide information about your cultural or social identity. This type of data must be processed strictly in accordance with our Legal Basis of Processing Data stated below and may include but will not be limited to:

Your name, title, gender, race, civil status, contact details, postal or risk address, age, date of birth, medical & health information, employment & income information current or previous, criminal convictions or offences, bank details & credit searches, registration number, next of kin information.

Sensitive Data

This information might reveal personal information about you as an individual and may include but will not be limited to:

Your title, gender, race, ethnic origin, political opinions, religious beliefs, physical or medical health conditions, driving licence origin, UK residency period, children. Data for criminal convictions and offences will only be collected as permitted by UK law.

How and Why We Process Your Personal Data

We obtain, collect and process your Personal and Sensitive Data which will include us sharing this data with others to enable us to quote for your insurance needs, place you on cover, make any

payment arrangements requested, make any alterations to your policy that you may request during the policy term, and in the unfortunate event that a claim occurs we will need to share this data to help you to make a claim. We may also have regulatory and/or legal obligations for sharing data with others, but we will only share it for the purposes stated, or in a way you would reasonably expect us to, unless we inform you otherwise. If you do not provide the data requested, it may not be possible to obtain quotes or provide you with a policy.

Our Legal Basis of Processing Data

Processing is necessary in order for us to take steps, at your request to enter into a contract of insurance when placing cover on your behalf and to maintain the performance of the contract should you need to make any changes to the policy or if you need to make a claim. Where we believe a customer is vulnerable, processing might be necessary to protect the interests of that person or other persons covered by the policy.

It may also be necessary for us to process data to comply with any legal or regulatory obligations.

Who We Share Data With & The Reason For Processing

Where we are the Data Controller and in order for us to process your requests, we may be sharing your data with one or more other Data Controllers. The Controllers we may share Data with and our reasons for sharing that information are listed but not limited to the following:

Insurers, Sub Brokers Underwriting Agencies, Debt Agency & Staff Obtaining quotations, placing cover, policy maintenance, claims administration including recoveries, auditing & policy payment
Loss Adjusters, Loss Assessors, Claims

Management Companies, Third Party Insurers,

Third Party Assessors

To manage the claims process
Surveyors Risk surveyor to analyse and report to insurers or after a loss to undertake a post loss survey
Credit Reference Agency To obtain quotations from some insurers and premium instalment plans
Interested Parties where noted on the policy

and Employers Liability Tracing Office

Proof of cover
Claims Exchange Underwriting Sharing of previous claims information between insurers
Solicitors Handling claims against you or us or recovering third party claim recoveries. Contracts and Lenders agreements with your consent
Possible Suppliers Involved in repairs or replacement following a claim
Financial Conduct Authority Regulatory Obligations
Financial Ombudsman Services Referral of unresolved complaint
Financial Services & Compensation Scheme Compensation in the event of insurer failure (if eligible)
Insurance Fraud Bureau & National Crime Agency Potential policy fraud or suspected criminal or fraudulent activity
HM Treasury Sanctions Checking clients are not on the banned list
Police Legal obligations and Fraud Protection Agencies
Mylicence (UK), DVLA, Motor Insurance

Bureau, Motor Insurance Database

To meet legislative requirements
IT Providers – Software Holds all collective management information, system testing when errors occur
IT Providers – Hardware, Cloud & Systems Management To detect issues, secure the system and systems


Aquilla’s Own Insurers Where we are required to provide information about you

Retention Period

We will retain your Personal Data for as long as your policy is valid with us and for up to 10 years thereafter.


We have stated the reasons we are collecting your data but, in the event that you do not wish to provide us with this for all or any of the above reasons this may limit the insurers who will quote and agree to provide cover.

Some products may carry out automated decision making including profiling to process your personal data in order for insurers to underwrite and price your quotation online and or process your claim. We will take care to ensure that this is fair, transparent and limited in purpose.

If at any point in the future we need to amend this policy, every effort will be made to make you aware and our website will always have the latest version.

Where we hold Your Data

At all times we will endeavour to hold your Data on servers within the UK, or within the European Economic Area (EEA). Where we share your information with other Data Controllers they must also agree to hold your Data within the EEA. However, in the unlikely event your data is to be held in any other geographical area we ensure that:

  • Data Controllers do not do so without our prior consent
  • An appropriate transfer agreement is put in place to protect your personal data

Your Acknowledgment of this Notice & Your Rights

Under the General Data Protection Regulation, you have rights, and these are listed below:

Right To Be Informed The General Data Protection Regulation sets out the information we must provide to you about your Data.   All of the information we are required to give you is contained within this Privacy Policy. If you do not understand any part of this, you should contact us immediately and we will be happy to explain it to you.
Right Of Access You have the right to access and obtain a copy of the Personal Data and any supplementary information that we hold about you to enable you to verify the lawfulness of the processing carried out. This will be provided free of charge unless your request is unfounded, excessive or repetitive and the information will be sent to you within one month of your request being received. If we refuse your request, you have the right to complain to the ICO.
Right To Rectification You have the right to request that we correct any inaccuracies in the Personal Data we hold about you.   This will be corrected within one month. If we are unable to correct the inaccuracy you have the right to complain to the ICO.
Right To Erasure You have the right to request that we erase your Personal Data. For example, you may exercise this right in the following circumstances:

  • Your Personal Data is no longer necessary in relation to the purposes for which they were collected or otherwise processed by us;
  • You withdraw consent and no other legal ground permits the processing;
  • You object to the processing and there is no overriding legitimate interests for the processing;
  • Your Personal Data was unlawfully processed; or
  • Your Personal Data must be erased for compliance or legal obligation;

We will refuse the right to delete your information when it falls within our data retention period stated above, as this data may be required to exercise or defend litigation in the event of a claim whether covered or not by the insurance policy. If you do not agree with this, you have the right to complain to the ICO.

Right To Restrict Processing You have the right to restrict our processing of your Personal Data where any of the following circumstances apply, although we will still be allowed to store it:

  • Where you feel that the Personal Data which we hold about you are not accurate. Processing will be restricted until you verify the accuracy of the information;
  • Where the processing is unlawful, and you do not want your Personal Data to be erased and request the restriction of its use instead;
  • Where we no longer need to process your Personal Data but the Data pending the verification of whether or not our legitimate business interests override your interests, right and freedoms.

Where you exercise your right to restrict our processing of your Personal Data, we will only continue to process it in accordance with the requirements of this policy or our legal obligations.

Right To Portability You have a right to receive and transfer the Personal Data that we hold about you. This only applies to:

  • Personal Data you have provided to us;
  • Where the data was processed by you giving us your individual consent or for the performance of a contract;
  • And where processing was carried out by automated means;

Where you make such a request, this will be provided in a structured, commonly used, machine readable format. This will be completed within one month of us receiving your request.

Right To Object To Processing In certain circumstances, you have the right to object to our processing of your Personal Data:

  • Where we have processed it as a legitimate interest (including profiling);
  • Direct Marketing (including profiling);
  • Processing for scientific/historical research and statistics;

We will still be able to process your Personal Data where

  • We can demonstrate compelling legitimate grounds for us to process your Personal Data which override your interests, rights and freedoms;
  • The processing is for establishment, exercise and defence of legal claims.
Right To Object To Automated Decision Making including Profiling You have a right not to be subjected to decisions being made solely by automated means without any human involvement. This might be the case where quotations are obtained online. We will still be able to carry out this type of decision-making where:

  • It is necessary to enter into or for the performance of a contract (such as a contract of insurance) which is the main reason we would use this type of decision-making; or
  • You have given your explicit consent for us to do so;

We will only process data in the way you would expect it to be used and you will be entitled to have a person from our firm to review the decision so that you can query it and set out your point of view and circumstances to us.

Right To Withdraw Consent Where the legal basis of consent has been used (and in our business we only use this for parental consent when collecting children’s data in connection with travel insurance), you have the right to withdraw that consent at any time. Where you exercise your right to withdraw parental consent of the processing of any children’s data any data processed prior the withdrawal of consent will remain valid.


If you would like to exercise any rights detailed above, please contact us.

You may raise any concerns about Aquilla Insurance Brokers Ltd processing of your Personal data with the ICO on

Changes To This Notice

We may amend this notice on occasion, in whole or part at our sole discretion. Any changes to this notice will be effective immediately upon sending the revised notice to you by email or post. If at any time we decide to use your Personal Data in a manner significantly different from that stated in this notice, or otherwise disclosed to you at the time it was collected we will notify you by email or post and you will have a choice as to whether or not we use your information in the new manner. If you have questions or concerns about this notice, please contact us.

Information About Or Provided By Another Person

Where your information for your policy has been provided to us by another person, we will send you a copy of this privacy notice directly to you, where we have your address, within one month of your policy being taken out. If we do not have your address, we will send a copy of this to the person arranging the insurance with instructions to pass this to you within one month.

Where you have taken out a policy and provided us with information about another person e.g. an additional driver to your motor policy or an additional person to your travel insurance particularly where health conditions have been disclosed, it is unlikely we will have their address, and therefore you must provide them with a copy of this Privacy Policy so that they will know how their data is being used. Additional copies can be supplied upon request.