Call Us 0330 124 9590
Get a quote

Privacy Policy

About Kingsbridge Risk Solutions Limited (trading as Kingsbridge Recruitment Insurance).

This Privacy Notice outlines how Kingsbridge Risk Solutions Limited “we” or “us” or “our” or “KRS” collects and process data.

KRS is primarily involved in the provision of insurance, which enables the consideration of, access to, administration of, and making of claims on, insurance. We are part of NSM UK Holdings Ltd.

So that KRS may provide insurance services, we will collect and use data about individuals. We are therefore known as a ‘data controller’ and are responsible for complying with various data protection laws.

KRS will receive personal information relating to potential or actual policy holders, as well as claimants and other parties that are involved in a claim.

References made in this Privacy Notice to “data subjects”, “individuals” or “you” or “your” include any living individual whose personal information we receive in connection with the services we provide to our clients.

KRS has a Data Privacy Officer to oversee the handling of personal information we collect. If you have any questions about how we collect this data or how we store or use your personal information, you may contact our Data Privacy Officer using information in the “How To Contact Kingsbridge” section below.

Processing your personal information

Personal Data

What type of personal data might we collect?

  • Information such as your name, address, gender, indemnification, date of birth
  • Contact information
  • Employment and employment history
  • Sanctions and credit screening information
  • Financial history and payment details
  • Marketing preferences

We use personal data for the following purposes:

  • To assess your request for insurance, provide a quotation and administer your policy
  • To undertake the performance of a contract of insurance to which you are a party
  • To administer your claims and third party claims
  • To prevent fraud and financial crime
  • Statistical analysis and management information
  • Audits, system integrity checking and risk management
  • To send marketing information about our products and services if we have received specific consent

We may collect information about you from the following sources:-

  • You
  • Your representatives
  • Credit reference or fraud prevention agencies
  • Emergency services, law enforcement agencies, medical and legal practices
  • Insurance industry registers and databases used to detect and prevent insurance fraud
  • In the event of a claim, insurance investigators, claims service providers, claimants or witnesses
  • Other service providers or provider services for our products

Special Category Data

What type of special categories of data might we collect?

  • Information relating to your health or genetic data
  • Criminal convictions
  • Trade union membership
  • Claims history
  • Information about offences, criminal or motoring convictions
  • Medical conditions

Why might we collect this data?

  • It is relevant to your insurance policy or claim
  • Information regarding criminal convictions may prevent or detect fraud

When we hold data it will only be used in accordance with this privacy notice and this policy should be read in conjunction with the Terms of Business that relates to your insurance policy with KRS.

There is no obligation to provide us with personal or special category information, but if you do not, we may not be able to provide products or services or administer claims.

Profiling and Automated Decision Making

We may use automated decision making, which includes profiling in our assessment of insurance risks and for the administration of policies. This is used to help us decide whether to offer insurance, determine prices and validate claims.

We may also use your personal data for profiling purposes. For example, we may analyse how many claims happen in a particular postcode or if some types of people are more likely to be involved in accidents than others. Using your data in this way assists Us in providing our customers with the lowest premiums possible.

Sharing of Personal Information

We may need to share your personal information with other recipients which could include:

  • Approved service providers or suppliers or other group companies that provide support services
  • Fraud prevention or credit reference agencies or other agencies that carry out work on our behalf
  • Other insurers, reinsurers, underwriters, regulators, law enforcement, Ombudsman Services or the Claims and Underwriting Exchange – CUE
  • Purchasers of the whole or part of our business
  • Other companies within the NSM UK Holdings Ltd group. In such circumstances we will ensure that all necessary protections are put in place as required by applicable law

Retention of Personal Information

We will only retain Data Subjects’ personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of the personal data, the purposes for which we processes the personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for personal data are available from us on request using the contact details in the “How To Contact Kingsbridge” section below.

We may anonymise Data Subjects’ personal data so that it can no longer be associated with you and is no longer classed as personal data. In such circumstances we may use such information without further notice to the Data Subject.

What legal basis do We use for processing your personal data?

KRS will only use and store your personal data if we have a legal basis for doing so. It is your right as the subject of this data to be informed what the legal basis is for each type of processing that we undertake.

  • We will process your personal data for the purposes of providing an insurance quotation, managing and administering your insurance policy, assisting with or administering claims, responding to complaints, handling policy enquiries and arranging premium finance on the legal basis that this processing is necessary for the performance of a contract with you or in the course of entering into a contract with you. For the purposes above, personal data that is classed as “special data”, such as information relating to criminal or motoring convictions and medical conditions, will be processed in accordance with the law and on the legal basis that it is necessary for the performance of a contract necessary for reasons of substantial public interest. We will follow all appropriate safeguards to ensure the security of this personal data.
  • Vehicle data added to the MID is processed under the basis of a legal obligation Road Traffic Act 1988.
  • You may receive marketing communications from Kingsbridge where permitted by applicable law. You have the right to request that we do not contact you for marketing purposes at any time by contacting us – refer to the “How To Contact Kingsbridge” section below.
  • If your policy is cancelled or not renewed and we are contacted by your new insurer or broker to confirm details of any no claims bonus, claims history or the reason for cancellation, We may release this personal data under the basis of legitimate interest. If you do not wish us to do this then you may object or request that we restrict the processing of your personal data.
  • For any processing of personal data for analytical purposes, our legal basis for processing is that it is necessary for the purposes of a legitimate interest.
  • If your personal data is being used for the purposes of debt recovery, our legal basis is that processing is necessary for the purposes of a legitimate interest.

International Transfers

Data Subjects’ personal data collected by Kingsbridge in the UK or the EEA may be transferred outside of the UK or the EEA (as applicable) to third parties specified in Sharing of Personal Data section above; however, in such circumstances, to the extent Kingsbridge is required to do so under applicable law, Kingsbridge will ensure contractual or other measures that have been adopted or approved by the UK Government or the European Commission (as applicable) are taken (such as ensuring applicable standard contractual clauses are in place).

You can obtain more information about the countries to which their personal data is transferred and copies of the additional measures put in place by contacting Kingsbridge using the contact details in the How to Contact Kingsbridge section below.

Security of Personal Data

Kingsbridge maintains appropriate physical, technical, administrative, and organisational security measures to protect personal data from loss, misuse, and unauthorised access, disclosure, alteration, and destruction, including (where appropriate):

  • The pseudonymisation and encryption of personal data;
  • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

All of Kingsbridge’s employees, contractors and data processors who have access to, and are associated with, the processing of personal data are obligated to keep the personal data confidential and not use it for any other purpose than to carry out the services they are performing for Kingsbridge.

While Kingsbridge will use all reasonable efforts to safeguard Data Subjects’ personal data, the use of the internet is not entirely secure and for this reason Kingsbridge cannot guarantee the security or integrity of any personal data that is transferred from Data Subjects or to Data Subjects via the internet.

Your Rights

You have the following rights in relation to the data we hold about you, however some of these rights may not apply in certain circumstances – details are noted below. KRS has strict internal processes in place that ensure your rights are upheld and that any requests you make in relation to these rights are responded to within 30 days. To request any further information and/or to exercise your rights, you can contact us using the details in the “How To Contact Kingsbridge” section below.

The right to be informed

You have the right as a data subject to be informed in a clear and precise manner about the data we hold about you. Within this privacy notice we detail the nature of this data we hold, the reasons we hold it, how this data is used, who we will share this data with, how long we will retain your data and the rights you have in relation to your data.

The right of access

In order to demonstrate the legitimacy of the personal data we hold on you, its accuracy and the lawfulness of the processing we undertake, you have the right to request a copy of all data we hold about you. You can request this information free of charge.

The right to rectification

You have the right to ensure that all data we hold on you is both accurate and complete. If you are concerned that the data we hold about you is inaccurate or incomplete when considering the purposes for which your data is being used, you can ask Us to rectify this.

The right to erasure – the right to be forgotten

You have the right to request that all of the data we hold on you be erased from our systems. We may only be able to comply with this request in specific circumstances. This request would also apply to any third party whom we had shared your data with, and we would notify them accordingly if your request was valid. We will not be able to erase your data in all circumstances. For example, we would not be able to erase data that is being processed for the purposes of administering a live or lapsed insurance policy unless the policy has been lapsed for seven years or more – or longer in some circumstances. This is because we have a legal obligation to retain this data for the defence of legal claims should a third party make a claim against your policy.

The right to restrict processing

You have the right to restrict our processing of your data under the following circumstances:

  • If you contest the accuracy of the information we hold until such time that we are able to verify the accuracy of this data or correct any errors.
  • You believe that the processing of this data is Unlawful.
  • We no longer need the data for any purpose other than for the defence of any future insurance claims made against your policy.
  • You are awaiting a decision following an objection you have raised regarding an automated decision making process.

The right to data portability

Where we are processing data under the basis of contractual performance or consent you have the right to request that we provide your data in a machine readable format that you can then share with other businesses or in any other way you see fit. You have the right to request that we transfer your data to third parties directly for them to use as you see fit.

The right to object

You have the right to object to your data being processed. The right to object for direct marketing purposes or profiling of your data for the purpose of direct marketing is absolute and we must cease the processing of your data for these purposes. However for other processing the right to object is not absolute and there may be some compelling reason why we need to continue processing your data.

The rights regarding automated decision making and profiling

You have the right to request human intervention into any process involving automated decision making where this results in a legal implication to you. This right would not apply to underwriting decisions or to applications for credit made on our website or internal system as this automated decision making is required for entering into a contract with Us.

The right to complain

You have the right to complain about the use of your personal data – in the first instance please contact us using the details in the “How To Contact Kingsbridge” section below. Our complaint handling procedure is available upon request or can be accessed from the KRS website. You are also entitled to complain to the Information Commissioner by writing to:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Alternatively, you can access their website here.

Financial Conduct Authority

Kingsbridge Risk Solutions Limited is authorised and regulated by the Financial Conduct Authority. FCA firm reference number: 309149.

How to Contact Kingsbridge

To ask any questions regarding this Notice or to exercise any rights, please contact the Kingsbridge Data Privacy Officer using the following contact details:

Address: Kingsbridge Risk Solutions Limited, 9 Miller Court, Tewkesbury, Gloucestershire, GL20 8DN

Telephone: 0330 1249590

Email: [email protected]