This privacy notice will help
you understand how Caspian Insurance, Busy Bee and IGotCover
uses and protects your personal data.
We are Caspian Assured Ltd trading as Caspian Insurance, Busy Bee and
IGotCover, directly authorised and regulated by the Financial Conduct Authority
under firm reference number 788964. Our registered office is: Tower 12, 2nd
Floor, 18-22 Bridge Street, Manchester, M3 BZ.
Caspian Assured
Ltd is a data controller and is registered with the Data Commissioner’s Office
(ZA192229).
If you have any queries about this Privacy Notice or
you would like to exercise your rights, please contact us at [email protected]
We never forget it’s your right to total transparency and control on how
we use your data. As such we give you these promises:
●
We will only collect data about you
that is relevant and necessary;
●
Your data will only be held on
systems that meet compliance standards;
●
Your data will only be accessed by
those who need it, and we will minimise the amount of data that is processed,
wherever possible;
●
We won’t share except for the
marketing of our own services to you, where we are required to share it by law,
if we need to inform a regulatory body or need to fulfil our service
commitments to you through a third party that meets our own privacy standards;
●
We will always remember that it is
your personal data, not ours. As such we will ensure complete transparency and
openness with you wherever possible.
●
We respect your rights as outlined
in the next section and will respond to all requests promptly
You have certain
rights under the Data Protection Law;
o
Your right of access - You have the right to ask us for copies of
your personal information.
o
Your right to rectification - You have the right to ask us to rectify
personal information you think is inaccurate. You also have the right to ask us
to complete information you think is incomplete.
o
Your right to erasure - You have the right to ask us to erase your
personal information in certain circumstances.
o
Your right to restriction of
processing - You have the
right to ask us to restrict the processing of your personal information in
certain circumstances.
o
Your right to object to
processing - You have the
right to object to the processing of your personal information in certain
circumstances.
o
Your right to data portability - You have the right to ask that we transfer
the personal information you gave us to another organisation, or to you, in
certain circumstances.
You can read more about your rights here.
If you would like to uphold
your rights, then please contact our Data Protection Officer at [email protected]
If you are dissatisfied with
our response, you also have the right to lodge a complaint with the Data
Protection Authority. This can be done at https://ico.org.uk/concerns/
We collect data
from you when you register for quotes and/or policies,
telephone our office, sign up for our newsletter, respond to a survey or
marketing communication, visit our website and/or use certain other site
features.
In some cases,
we may need personal data about others including your partner, family member or
beneficiary. In these cases, you agree and accept liability that you have
sought and obtained suitable consent before providing this information.
When handling
your personal and health data, we may record and store it on audio files, paper
files on our computer systems (websites, email, hard-drives and cloud
facilities). For example, calls to us are recorded
and in some cases transcribed before being added to our customer database.
When you accept
messages via WhatsApp we store WhatsApp messages on our CRM system. We do not
collect your image or status when we do so.
If you visit our
offices, your image will also be capture by our CCTV systems.
Data from Third Parties
We may also
collect information about you from third parties that we work closely with for
the purposes of delivering to you the Services that you request from us
(perhaps via third parties).
For example, you
may be referred to us by a broker, advisor or other intermediate.
We will always
be clear to explain when and why we need this data and the purposes for which
we will use it and will obtain your explicit consent to do so. We try and minimise the data
held and the exact data elements we hold will be dependent on your journey with
us.
We may collect
and process the following data regarding you and other policy beneficiaries
dependant on the product or service you are enquiring about:
•
Name, date of
birth, gender, marital status and contact details for example address, phone
number and email address and optional WhatsApp integration to our CRM.
•
Identification
Data such as passport, utility bills or other forms of government approved
documents.
•
Details of spouse or partner,
a joint applicant, next of kin, dependents, designated beneficiaries, or
trustees.
•
Financial data including
income, expenditure, bank details, loans and credit agreements and any existing
insurance arrangements.
•
Details of your professional
advisers including financial adviser(s), solicitors and estate agents.
•
Employment details, including
length of service, salary, place(s) of work, type of work undertaken, sick pay
and salary/bonus entitlements.
•
Health data that is relevant
to applying for a policy. This includes underwriters obtaining you and other
beneficiaries medical records.
•
Criminal convictions relevant
to insurance related activities such as underwriting, claims and fraud
management.
•
CCTV images if you visit our
offices.
In some cases,
we may need personal data about others including your partner, family member or
beneficiary. In these cases, you agree and accept liability that you have
sought and obtained suitable consent before providing this information.
When visiting
our website, we may collect data such as your email and IP address as well as
other online identifiers. Our Cookie Statement can be found on our website.
We may use your data:
• To provide you with our services e.g. to provide a quote, advice and a
recommendation.
• To apply for a policy.
• To respond to your enquiries about such products.
• To administer your plan, for arrears purposes and our wider relationship
with you.
• To validate your identity.
• To help us improve the quality of our service and develop new ones.
• To provide you with data about products and/or services, unless you tell
us not to and for marketing and business development in connection with our
customers.
• We may anonymise your data for research (including
market research) and analysis (including statistical analysis and customer
profiling);
• To comply with our legal and regulatory obligations, for example o carry
out anti money laundering checks
Your data is only processed based on a
defined legal basis. These are:
o
Contractual
Obligation – We may process your personal data to fulfil a contract with you or
your agents.
o
Consent –
We may require your consent for marketing activity or holding certain data.
o
Legitimate
Interest –We may hold other personal data based on our Legitimate Interests.
o
Legal
Obligation – We may need to process some of your data for legal obligations.
Data is processed/stored on encrypted systems
on-premises and on hosted cloud services.
As such, some data will either be in UK and EU data
centres or on US based servers. We may also process your data in countries
outside the UK or European Union from time to time in other aspects of our
business.
We use the following
safeguards with respect to data transferred outside the UK and European Union
where an “adequacy decision” is not in place:
Our third-party processors include Google, Microsoft
and other leading software providers.
We also use Large Language Model (LLM) software,
typically referred to as AI, to improve the quality of our telephone services
and ensure:
·
You receive a better service by identifying
ways to improve communication.
·
Ensure fairness and clarity in every
interaction.
·
Support and train our teams to meet the highest
customer service standards.
We regularly review suppliers for data security
compliance to ensure your data is safe and track where your data is held. Where
required we carry out Data Protection Impact Assessments to understand risk and
how we can improve. These services all have strong data security at the heart
of their systems including ISO27001 and SOC2 certification.
We ensure that access to these services is strictly
controlled and include strong authentication processes like Multi Factor
Authentication.
All our processes are subject to various internal
policies to ensure that your data privacy and security is upheld. If you would
like to know who we process data with, please contact us.
We share information where others are involved in the
delivery of your service. These include:
●
Consultants, administrators,
service providers, health assessors, insurers and reinsurers for the day-to-day
provision of our financial products and/or services through secure insurer
portals
● Guarantors, government and industry bodies; for
example, HMRC, ABI, regulatory authorities, fraud and crime prevention
organisations and law enforcement agencies.
●
Other Caspian Assured Ltd trading
styles for the purpose set out in this statement or if we transfer our assets
to another entity.
● Third parties who operate services to allow you to
review, evaluate and obtain financial products and/or services and who allow us
to search for policies and assets.
● Any trustees of your policy.
● Any third party you instruct to act on your behalf.
●
Where we have a legal obligation to
In some cases, we may conduct a secure electronic identity check using a
trusted third-party provider (such as Smart Search) to help confirm your
identity and comply with anti-money laundering regulations. This process may
leave a soft search on your credit file, which does not affect your credit
score and is only visible to you.
We use a Third-Party
Data Protection consultant for compliance purposes. Should you have a data
protection query or complaint your details may be passed to him to assist us.
In all other cases our consultant does not have access to your data.
In some cases,
these Third Parties will become Independent Data Controllers when we pass your
data to them and Caspian Insurance / IGotCover do not warrant the use of your
data by them.
Please email [email protected] to obtain the
full list of companies we may have shared your data with or if you have any
concerns.
Our website and other materials sent to you may
contain links to other third-party websites. We may also offer buttons to
social media that link to third party services. We’re not responsible for the
availability, content or data privacy these sites provide through their tools
or sites.
If Caspian or
its other trading identities is involved in a merger, acquisition or asset
sale, personal data may be transferred between parties, but we will provide
notice before personal data is transferred and becomes subject to a different
privacy notice.
Dependant on the data you provide us and
for what purpose it is provided we may need to retain your data.
We operate a data retention policy and
look to find ways to reduce the amount of information we hold about you and the
length of time that we need to keep it. For example;
We will hold the
data linked to applications and/or quotes made or requested through our
website for a minimum of six years.
We store CCTV footage for 60 days unless
an incident occurs to our knowledge that may be required for evidence at a
later stage.
We remove data from LLM transcription
services within 30 days.
We may also need
to retain your data for compliance with our legal and regulatory obligations
for a longer period.
If you wish to find out more about your
specific data retention, please contact us.
We always ask for consent when
providing you a quotation or carrying out a soft search. You accept that you
have obtained consent for us to process data for any other named party in your
application with us.
Where we use your
information for our legitimate interests, we make sure that we consider any
potential impact that such use may have on you. Our legitimate interests don’t
automatically override yours and we won’t use your information if we believe
your interests should override ours unless we have other grounds to do so (such
as your consent or a legal obligation).
Every marketing email sent
from Us allows you to opt out of receiving emails from us, except for the
purposes of fulfilling any contractual arrangements.
You can also contact us at the
email address above and request to opt out, view, export or delete your data.
If you request for your data to be deleted, your name and email address will be
added to an exceptions list and all other data removed to the extent possible.
We seek to uphold our legal obligations as
covered by the Data Protection Act 2018, Data Use and Access Act 2025 and the
General Data Protection Regulation 2016. Our Data Protection Authority is
designated as the Information Commission (IC) formally the Information
Commissioners Office (ICO). (Registration ZA192229).
We
retain the right to update this notice at any time. We will always document any
changes and will publish the latest version on the company’s website.
We only warrant compliance with our legal
obligations under the jurisdiction of the UK Courts.
This Privacy Policy is reviewed on a
regular basis and was last reviewed in August 2025. We will post the most
current version on our website.