Introduction & Who We Are
Aserto Insurance Brokers Limited ("we", "us", "our", or "Aserto") is an independent insurance broker regulated by the Financial Conduct Authority (FCA). This privacy notice sets out how we collect, use, and process your personal data when you interact with us, whether through our website, when requesting quotes, purchasing policies, filing claims, or any other engagement with our services.
We are committed to processing your personal data fairly, transparently, and in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws. We take your privacy seriously and have implemented appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction.
What Personal Data We Collect
We collect personal data to enable us to provide insurance brokerage services effectively. The categories of personal data we collect include:
Personal Identifiers & Contact Details
- Name, address, email address, telephone number, date of birth
- Company name, business address, business contact details
Policy & Claims Information
- Insurance type and coverage requirements, policy details, claims history
- Details of assets, property, vehicles, business operations, and risk exposures
- Claim details, incident information, and correspondence regarding claims
Financial Details
- Payment information, banking details, premium payment records
- Financial information relevant to underwriting and claims assessment
Health & Criminal Data
- Health or medical information when necessary for underwriting life or income protection insurance
- Criminal conviction information where relevant for certain insurance underwriting or claims assessment purposes
Website & Technology Data
- IP address, browser type, pages visited, time spent on website, cookies and device identifiers
- Analytics data to understand how our website is used and improve your experience
Communication Data
- Records of communications with you including emails, phone call notes, and messages
- Preferences regarding communications and marketing communications received
When We Collect Data
We collect personal data at various points in our relationship with you:
- When you request a quote: We collect information about you and your insurance needs to provide an accurate quotation
- When you purchase a policy: We collect detailed information required to arrange your insurance
- When you contact us: We record information from your enquiries, telephone calls, and correspondence
- When you file a claim: We collect comprehensive information about the incident and loss claimed
- When you visit our website: We automatically collect data through cookies and analytics tools
- When you subscribe to communications: We collect preferences and manage your marketing communications
How We Use Your Data & Lawful Bases
We process your personal data for the following purposes, based on the lawful grounds indicated:
Primary Purposes
- Arranging and underwriting insurance: To assess risk, provide quotes, arrange policies, and manage your coverage. Lawful basis: Performance of contract and legitimate interests.
- Managing policies and claims: To administer your policy, process claims, conduct investigations, and manage settlements. Lawful basis: Performance of contract and legal obligation.
- Fulfilling legal and regulatory obligations: To comply with FCA regulations, insurance legislation, tax requirements, and other legal obligations. Lawful basis: Legal obligation and legitimate interests.
- Preventing fraud: To detect, investigate, and prevent fraudulent claims and activities. Lawful basis: Legitimate interests and legal obligation.
- Internal administration: To manage our business operations, maintain records, send invoices, and process payments. Lawful basis: Performance of contract and legitimate interests.
- Marketing and communications: To send you information about our services, product updates, and promotional materials (only where you have consented). Lawful basis: Consent and legitimate interests.
Sensitive Personal Data
Under UK GDPR, health data, criminal conviction information, and other "special category data" receive additional protection. We may collect such data only when:
- It is necessary for underwriting purposes, claims assessment, or risk management
- You have given explicit consent for such processing
- Processing is required to establish, exercise, or defend legal claims
- Processing is carried out by insurers and brokers in the course of legitimate insurance business
When we process sensitive personal data, we apply strict safeguards and limit access to authorised personnel only. We will never sell or share such data beyond what is necessary for insurance purposes.
International Transfers
Your personal data may be transferred to and processed in countries outside the UK and EEA, including to insurers and service providers located internationally. Where such transfers occur, we ensure appropriate safeguards are in place to protect your data:
- Standard Contractual Clauses: Where appropriate, we use standard contractual clauses approved by the UK and EU authorities to govern data transfers
- Adequacy decisions: Where the UK government has deemed a country to have adequate data protection
- Your explicit consent: Where we transfer data with your knowledge and explicit consent to do so
By using our services, you consent to such transfers as necessary to provide insurance brokerage services.
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which we collected it or as required by law. Retention periods are determined by:
- Active policy period: While you hold an insurance policy with us, we retain your data to manage the policy
- Legal and regulatory requirements: We are required to retain certain insurance records for at least 6 years after policy termination for regulatory compliance and potential claims
- Statute of limitations: We retain data for the duration of any potential legal claim period
- Business purposes: Longer retention may be necessary for fraud prevention and risk management
After the applicable retention period expires, we securely delete or anonymise your personal data so it cannot be identified as belonging to you.
Your Rights
Under UK GDPR and the Data Protection Act, you have the following rights regarding your personal data:
- Right of access: You can request a copy of the personal data we hold about you at any time
- Right to rectification: You can request correction of inaccurate or incomplete data held about you
- Right to erasure ("right to be forgotten"): You can request deletion of your data in certain circumstances, subject to our legal obligations to retain it
- Right to restrict processing: You can ask us to limit how we use your data in certain circumstances
- Right to object to processing: You can object to our processing of your data, including direct marketing, subject to legal grounds
- Right to data portability: You can request your data in a structured, commonly-used format and have it transferred to another provider
- Right to withdraw consent: Where processing is based on your consent, you can withdraw that consent at any time
- Right to lodge a complaint: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have breached your data protection rights
To exercise any of these rights, please contact our Data Protection Officer using the contact details at the end of this notice.
Marketing & Preferences
We will only send you marketing communications, newsletters, or promotional material if you have opted in to receive them. You can manage your marketing preferences at any time:
- Opt out of marketing emails: Every email we send includes an unsubscribe link allowing you to opt out
- Update your preferences: Contact us directly to update your communication preferences
- Manage preferences online: You can update your communication preferences through our website or by contacting us
Please note that even if you opt out of marketing communications, we will continue to send you essential policy and claims-related information.
Changes to This Notice
We may update this privacy notice from time to time to reflect changes in our data processing practices, legal obligations, or other operational reasons. We will post any significant changes on our website and, where appropriate, notify you directly. Your continued use of our services after such changes constitute your acceptance of the updated privacy notice. We encourage you to review this notice periodically to stay informed about how we protect your personal data.
Contact Information
If you have questions about this privacy notice, wish to exercise your data rights, or have concerns about our handling of your personal data, please contact us:
Aserto Insurance Brokers
Office Address:
Aserto Insurance Brokers
123 Business Street
London, United Kingdom
Telephone: +44 (0)203 0111806 (London) or +44 (0)121 2710806 (Birmingham)
Data Protection Officer: For privacy queries and data rights requests, please contact our Data Protection Officer through our contact form or by telephone.
Regulatory Authority: If you wish to lodge a complaint about our data handling practices, you can contact the Information Commissioner's Office (ICO) at www.ico.org.uk or by telephone on +44 (0)303 123 1113.
We will respond to privacy-related enquiries and data rights requests within 30 days in accordance with UK GDPR requirements.