About First Underwriting Limited

This Privacy Notice outlines how First Underwriting Limited “we” or “us” or “our” or “FUL” collects and process data in accordance with data protection laws such as the Data Protection Act 2018 which is the UK’s implementation of the General Data Protection Regulation (GDPR).

FUL is primarily involved in the provision of insurance, which enable the consideration of, access to, administration of, and making of claims on, insurance.  We are part of NSM UK Holdings.

So that FUL may provide insurance services, we will collect and use data about individuals. We are therefore known as a ‘data controller’ and are responsible for complying with various data protection laws.

FUL will receive personal information relating to potential or actual policy holders, as well as claimants and other parties that are involved in a claim.

References made in this Privacy Notice to “individuals” or “you” or “your” include any living individual whose personal information we receive in connection with the services we provide to our clients.

FUL have an appointed Data Protection Officer to oversee the handling of personal information we collect. If you have any questions about how we collect this data or how we store or use your personal information, you may contact our Data Protection Officer using information in the “Contacting Us” section.

Processing your personal information

Personal Data

What type of personal data might we collect?

  • Information such as your name, address, gender, identification information such as national insurance number, passport number or driving licence number and date of birth.
  • Contact information
  • Employment and employment history
  • Sanctions and credit screening information
  • Financial history and payment details
  • Marketing preferences

We use personal data for the following purposes:

  • To assess your request for insurance, provide a quotation and administer your policy;
  • To undertake the performance of a contract of insurance to which you are a party;
  • To administer your claims and third party claims;
  • To prevent fraud and financial crime;
  • Statistical analysis and management information;
  • Audits, system integrity checking and risk management;
  • To send marketing information about our products and services if we have received specific consent.

We may collect information about you from the following sources:-

  • You or your family members;
  • Your representatives;
  • Information you have made public (such as via social media);
  • Credit reference or fraud prevention agencies; this includes Call Credit, who’s privacy notice can be found at https://www.callcredit.co.uk/legal-information/bureau-privacy-notice
  • Emergency services, law enforcement agencies, medical and legal practices;
  • Insurance industry registers and databases used to detect and prevent insurance fraud, for example, the Motor Insurance Database – MID – the Motor Insurers Anti-Fraud and Theft Register – MIAFTR – and the Claims and Underwriting Exchange – CUE
  • In the event of a claim, insurance investigators, claims service providers, claimants or witnesses;
  • Other service providers or provider services for our products.

Special Category Data

What type of special categories of data might we collect?

  • Information relating to your health or genetic data
  • criminal convictions
  • sex life or sexual orientation
  • racial or ethnic origin
  • political opinions, religious or philosophical beliefs
  • trade union membership
  • claims history
  • information about offences, criminal or motoring convictions
  • medical conditions.

Why might we collect this data?

  • It is relevant to your insurance policy or claim
  • Information regarding criminal convictions may prevent or detect fraud.

When we hold data it will only be used in accordance with this privacy notice and this policy should be read in conjunction with the Terms of Business that relates to your insurance policy with FUL. There is no obligation to provide us with personal or special category information, but if you do not, we may not be able to provide products or services or administer claims.

Profiling and Automated Decision Making

We may use automated decision making, which includes profiling in our assessment of insurance risks and for the administration of policies. This is used to help us decide whether to offer insurance, determine prices and validate claims.

We may also use your personal data for profiling purposes. For example, we may analyse how many claims happen in a particular postcode or if some types of people are more likely to be involved in accidents than others. Using your data in this way assists Us in providing our customers with the lowest premiums possible.

Sharing of Personal Information

We may need to share your personal information with other recipients which could include:-

  • Approved service providers or suppliers or other group companies that provide support services;
  • Fraud prevention or credit reference agencies or other agencies that carry out work on our behalf such as the Motor Insurers Database – MID – or the Insurance Fraud Bureau – IFD;
  • Other insurers, reinsurers, underwriters, regulators, law enforcement, Ombudsman Services or the Claims and Underwriting Exchange – CUE;
  • Purchasers of the whole or part of our business.

We do not transfer data internationally.

How we protect your information

In order to protect your information we use various technical and organisational security measures.

At FUL we restrict access to your information as appropriate to those who need to know that information for the purposes defined in this policy.

NSM UK (FUL’s Holding Group) use firewalls to block unauthorised traffic to the servers and Group servers are located in a secure location which can only be accessed by authorised personnel. We have internal procedures which cover the storage, access and disclosure of your information.

Retention of Personal Information

If you decide to take a policy with us, we will normally retain your personal data for up to seven years from when your policy expires. We may also retain telephone call recordings for up to seven years.
Where we have obtained your personal data directly or via a third party – for example an insurance broker, introducer or a marketing firm and We have your agreement to contact you at your next renewal, we will retain data for up to two years from your next renewal date.
If your insurance is an employer’s liability policy, we will retain the details of this policy for at least 60 years. This is to ensure that the details are available to you should an employee lodge a claim against you far into the future, such as may be the case for an industrial disease where symptoms may not present themselves for many decades.

What legal basis do we use for processing your personal data?

First Underwriting will only use and store your personal data if we have a legal basis for doing so. It is your right as the subject of this data to be informed what the legal basis is for each type of processing that we undertake.

  • We will process your personal data for the purposes of providing an insurance quotation, managing and administering your insurance policy, assisting with or administering claims, responding to complaints, handling policy enquiries and arranging premium finance on the legal basis that this processing is necessary for the performance of a contract with you or in the course of entering into a contract with you. For the purposes above, personal data that is classed as “special data”, such as information relating to criminal or motoring convictions and medical conditions, will be processed in accordance with the law and on the legal basis that it is necessary for the performance of a contract necessary for reasons of substantial public interest. We will follow all appropriate safeguards to ensure the security of this personal data.
  • Vehicle data added to the MID is processed under the basis of a legal obligation – Road Traffic Act 1988.
  • We may use your personal data for marketing purposes where we have your consent to do so. You have the right to request that We do not contact you for marketing purposes at any time by contacting Us – see the Contact Us section below. If you withdraw consent then your interests will over-ride ours and We will be unable to use this legal basis to further process your data.
  • If your policy is cancelled or not renewed and we are contacted by your new insurer or broker to confirm details of any no claims bonus, claims history or the reason for cancellation, We may release this personal data under the basis of legitimate interest. If you do not wish Us to do this then you may object or request that We restrict the processing of your personal data.
  • For any processing of personal data for analytical purposes, our legal basis for processing is that it is necessary for the purposes of a legitimate interest.
  • If your personal data is being used for the purposes of debt recovery, our legal basis is that processing is necessary for the purposes of a legitimate interest.

Your Rights

You have the following rights in relation to the data we hold about you, however some of these rights may not apply in certain circumstances – details are noted below. We have strict internal processes in place that ensure your rights are upheld and that any requests you make in relation to these rights are responded to within 30 days of you making it. You are not required to pay any charge for exercising your rights.

The right to be informed

You have the right as a data subject to be informed in a clear and precise manner about the data we hold about you. Within this privacy notice we detail the nature of this data we hold, the reasons we hold it, how this data is used, who we will share this data with, how long we will retain your data and the rights you have in relation to your data. If you require any further information, you can contact us using the details below.

The right of access

In order to demonstrate the legitimacy of the personal data we hold on you, its accuracy and the lawfulness of the processing we undertake, you have the right to request a copy of all data we hold about you. You can request this information free of charge using the details below. We will provide a copy of all personal data we hold about you within 30 days of you making this request.

The right to rectification

You have the right to ensure that all data we hold on you is both accurate and complete. If you are concerned that the data we hold about you is inaccurate or incomplete when considering the purposes for which your data is being used, you can ask Us to rectify this. To do so, you should contact us using the details below.

The right to erasure – the right to be forgotten

You have the right to request that all of the data we hold on you be erased from our systems. We may only be able to comply with this request in specific circumstances. This request would also apply to any third party whom we had shared your data with, and we would notify them accordingly if your request was valid. We will not be able to erase your data in all circumstances. For example, we would not be able to erase data that is being processed for the purposes of administering a live or lapsed insurance policy unless policy has been lapsed for seven years or more – or longer in some circumstances. This is because we have a legal obligation to retain this data for the defence of legal claims should a third party make a claim against your policy. If you require any further information, or you wish to exercise your right of erasure, you should contact us using the details below.

The right to restrict processing

You have the right to restrict our processing of your data under the following circumstances:

  • If you contest the accuracy of the information We hold until such time that we are able to verify the accuracy of this data or correct any errors.
  • You believe that the processing of this data is unlawful.
  • We no longer need the data for any purpose other than for the defence of any future insurance claims made against your policy.
  • You are awaiting a decision following an objection you have raised regarding an automated decision-making process.

If you wish to exercise your right to restrict processing, you should contact us using the details below.

The right to data portability

Where we are processing data under the basis of contractual performance or consent you have the right to request that we provide your data in a machine-readable format that you can then share with other businesses or in any other way you see fit. You have the right to request that we transfer your data to third parties directly for them to use as you see fit. You are able to utilise your data in this way by contacting us using the details below.

The right to object

You have the right to object to your data being processed. The right to object for direct marketing purposes or profiling of your data for the purpose of direct marketing is absolute and we must cease the processing of your data for these purposes. However, for other processing the right to object is not absolute and there may be some compelling reason why we need to continue processing your data. Please contact us using the details below if you want to exercise this right.

The rights regarding automated decision making and profiling

You have the right to request human intervention into any process involving automated decision making where this results in a legal implication to you. This right would not apply to underwriting decisions or to applications for credit made on our website or internal system as this automated decision making is required for entering into a contract with Us. Currently, we do not use automated decision making for any other functions, but if you have concerns regarding this, please contact us using the details below.

The right to complain

You have the right to complain about the use of your personal data – in the first instance please contact us using the details below. Our complaint handling procedure is available upon request or can be accessed from the First Underwriting website. You are also entitled to complain to the Information Commissioner by writing to:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Alternatively, you can access their website here.

If you have any questions about how we use personal information, you can contact our Data Protection Officers as follows:
[email protected]

Last updated: April 2024 | Next update: January 2025