This privacy notice will help you understand how Caspian Insurance uses and protects your personal data.

We are Caspian Assured Ltd trading as Caspian Insurance, directly authorised and regulated by the Financial Conduct Authority under firm reference number 788964. Our registered office is: Tower 12, 2nd Floor, 18-22 Bridge Street, Manchester, M3 BZ.

Caspian Assured Ltd is a data controller and is registered with the Data Commissioner’s Office (ZA192229).

If you have any queries about this Privacy Notice or you would like to exercise your rights, please contact us at [email protected]

We never forget it’s your right to total transparency and control on how we use your data. As such we give you these promises:

● We will only collect data about you that is relevant and necessary;

● Your data will only be held on systems that meet compliance standards;

● Your data will only be accessed by those who need it and we will minimise the amount of data that is processed, wherever possible;

● We won’t share except for the marketing of our own services to you, where we are required to share it by law, if we need to inform a regulatory body or we need to fulfil our service commitments to you through a third party that meets our own privacy standards;

● We will always remember that it is your personal data, not ours. As such we will ensure complete transparency and openness with you wherever possible.  

● We respect your rights as outlined in the next section and will respond to all requests promptly

You have certain rights under the Data Protection Law;

● The right to request access to the personal data that we hold about you and details of how we process it.

● To have personal data we hold about you rectified or restricted.

● You may have the right to have personal data we hold about you deleted.

● You have the right to receive or ask for your personal data to be transferred to a third party.

● You have the right to object to how we process your personal data in certain circumstances e.g. you can ask us not to process your personal data for marketing purposes.

● You may have the right to request not to be subject to any automated decision-making processes we operate,

● You may have the right to withdraw consent for processing of your personal data.

You can read more about your rights here.

If you would like to uphold your rights, then please contact our Data Protection Officer at [email protected]

If you are dissatisfied with our response, you also have the right to lodge a complaint with the Data Protection Authority. This can be done at https://ico.org.uk/concerns/

We collect data from you when you register for quotes and/or policies, telephone our office, sign up for our newsletter, respond to a survey or marketing communication, visit our website and/or use certain other site features.

In some cases, we may need personal data about others including your partner, family member or beneficiary. In these cases, you agree and accept liability that you have sought and obtained suitable consent before providing this information.

When handling your personal and health data, we may record and store it on audio files, paper files on our computer systems (websites, email, hard-drives and cloud facilities). For example, calls to us are recorded and in some cases transcribed before being added to our customer database.

When you accept messages via WhatsApp we store WhatsApp messages on our CRM system. We do not collect your image or status when we do so.

If you visit our offices, your image will also be capture by our CCTV systems.

We may also collect information about you from third parties that we work closely with for the purposes of delivering to you the Services that you request from us (perhaps via third parties). 

For example, you may be referred to us by a broker, advisor or other intermediate.

We will always be clear to explain when and why we need this data and the purposes for which we will use it and will obtain your explicit consent to do so. We try and minimise the data held and the exact data elements we hold will be dependent on your journey with us.

We may collect and process the following data regarding you and other policy beneficiaries:

● Name, date of birth, gender, marital status and contact details for example address, phone number and email address and optional WhatsApp integration to our CRM.

● Details of spouse or partner, a joint applicant, next of kin, dependents, designated beneficiaries, or trustees.

● Financial data including income, expenditure, bank details, loans and credit agreements and any existing insurance arrangements.

● Details of your professional advisers including financial adviser(s), solicitors and estate agents.

● Employment details, including length of service, salary, place(s) of work, type of work undertaken, sick pay and salary/bonus entitlements.

● Health data that is relevant to applying for a policy. This includes underwriters obtaining you and other beneficiaries medical records.

● Criminal convictions relevant to insurance related activities such as underwriting, claims and fraud management.

● CCTV images if you visit our offices.

 

In some cases, we may need personal data about others including your partner, family member or beneficiary. In these cases, you agree and accept liability that you have sought and obtained suitable consent before providing this information.

When visiting our website, we may collect data such as your email and IP address as well as other online identifiers. Our Cookie Statement can be found on our website.

We may use your data:

● To provide you with our services e.g. to provide a quote, advice and a recommendation.

● To apply for a policy.

● To respond to your enquiries about such products.

● To administer your plan, for arrears purposes and our wider relationship with you.

● To validate your identity.

● To help us improve the quality of our service and develop new ones.

● To provide you with data about products and/or services, unless you tell us not to and for marketing and business development in connection with our customers.

● We may anonymise your data for research (including market research) and analysis (including statistical analysis and customer profiling);

● To comply with our legal and regulatory obligations.

Data is processed/stored on encrypted systems on-premises and on hosted cloud services.

As such, some data will either be in UK and EU data centres or on US based servers. We may also process your data in countries outside the UK or European Union from time to time in other aspects of our business.

We use the following safeguards with respect to data transferred outside the UK and European Union where an “adequacy decision” is not in place:

● The processing is within the same corporate group as our business or organisation and is obligated to uphold the same standards of Data Protection and Security as our UK entity.

● Further to Section 119A of the Data Protection Act 2018 and noting Case C-311/18 in the European Court of Justice, if your data is transferred or processed outside of the UK or EEA we ensure the safeguards of International Data Transfer Agreements (IDTAs) or Addendums are enforced. Where this is not possible, we ensure that European Standard Contractual Clauses are entered.

Our third-party processors include Google, Microsoft and other leading software providers.

We also use Large Language Model (LLM) software, typically referred to as AI, to improve the quality of our telephone services and ensure:

● You receive a better service by identifying ways to improve communication. 

● Ensure fairness and clarity in every interaction.

● Support and train our teams to meet the highest customer service standards.

We regularly review suppliers for data security compliance to ensure your data is safe and track where your data is held. Where required we carry out Data Protection Impact Assessments to understand risk and how we can improve.

All our processes are subject to various internal policies to ensure that your data privacy and security is upheld. If you would like to know who we process data with, please contact us.

Data to Third Parties

We share information where others are involved in the delivery of your service. These include:

● Consultants, administrators, service providers, health assessors, insurers and reinsurers for the day-to-day provision of our financial products and/or services through secure insurer portals

● Guarantors, government and industry bodies; for example, HMRC, ABI, regulatory authorities, fraud and crime prevention organisations and law enforcement agencies.

● Other Caspian Assured Ltd trading styles for the purpose set out in this statement or if we transfer our assets to another entity.

● Third parties who operate services to allow you to review, evaluate and obtain financial products and/or services and who allow us to search for policies and assets.

● Any trustees of your policy.

● Any third party you instruct to act on your behalf.

● Where we have a legal obligation to

In some cases, these Third Parties will become Independent Data Controllers when we pass your data to them and Caspain Insurance / IGotCover do not warrant the use of your data by them.

Please email [email protected] to obtain the full list of companies we may have shared your data with or if you have any concerns.

Our website and other materials sent to you may contain links to other third-party websites. We may also offer buttons to social media that link to third party services. We’re not responsible for the availability, content or data privacy these sites provide through their tools or sites.

Dependant on the data you provide us and for what purpose it is provided we may need to retain your data.

We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it. For example;

We will hold the data linked to applications and/or quotes made or requested through our website for a minimum of six years.

We store CCTV footage for 60 days unless an incident occurs to our knowledge that may be required for evidence at a later stage.

We remove data from LLM transcription services within 30 days.

We may also need to retain your data for compliance with our legal and regulatory obligations for a longer period of time.

If you wish to find out more about your specific data retention, please contact us.

We always ask for consent when providing you a quotation. You accept that you have obtained consent for us to process data for any other named party in your application with us.  

Where we use your information for our legitimate interests, we make sure that we consider any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation).

Every marketing email sent from Us allows you to opt out of receiving emails from us, except for the purposes of fulfilling any contractual arrangements.

You can also contact us at the email address above and request to opt out, view, export or delete your data. If you request for your data to be deleted, your name and email address will be added to an exceptions list and all other data removed to the extent possible.

We seek to uphold our legal obligations as covered by the Data Protection Act 2018, General Data Protection Regulation 2016 and the Privacy and Electronic Communications Regulations. Our Data Protection Authority is designated as the Information Commissioners Office (UK) (Registration ZA192229).

We only warrant compliance with our legal obligations under the jurisdiction of the UK Courts.

This Privacy Policy is reviewed on a regular basis and was last reviewed in February 2025. We will post the most current version on our website.