This Customer Privacy Policy will help you understand what data we collect from you, why we collect it and what we do with it. This policy explains how we store and use your personal information when you interact with our website, or where we otherwise obtain or collect your personal information.

Please note in this Privacy Policy, "our", "we" and "us" refer to QMetric Group Limited, trading as Policy Expert.

This Privacy Policy applies to all products and services offered by us except where otherwise stated.

Please note: If you give us personal information about other people such as joint policy holders on home insurance or additional drivers for motor insurance you must make sure they are aware of this privacy policy.

We reserve the right to change our Customer Privacy Policy from time to time and without notice and encourage you to check regularly for any changes that may have taken place. If we decide to change our Customer Privacy Policy, we will update the Customer Privacy Policy page content and last modified date on our website.

This Customer Privacy Policy was last modified on 13th June 2024.

We are committed to keeping your personal data safe and to ensuring the integrity and security of any personal data we may process.

You should read this privacy notice carefully as it contains important information on the way in which we will process your personal data, in particular:

We are Policy Expert and we are the controller of our customers and prospective customers personal data for the purposes of data protection legislation. We are committed to protecting your privacy and adhere to the relevant data protection legislation.

Our Data Protection Officer contact details are:

Mrs Audrey McDade, 110 Bishopsgate, London, EC2N 4AY.

If you have any queries or requests concerning your personal information or how we process it, please contact us via the Data Protection Officer using the details in section 12.

We collect personal data relating to you and your use of our services from a variety of sources. These are detailed below along with descriptions of what we do with this information.

We collect personal data directly from you such as your name, occupation, date of birth, address, telephone number, email address, and insurance history via:

We may also obtain your personal data, which is gained indirectly or passively in the following ways:

If you visit the Policy Expert website, we will collect information about your online activity in a "cookie". A cookie is a small text file that is downloaded onto 'terminal equipment' (e.g. a computer or smartphone). It allows us to recognise the device you are using and store some information about your preferences or past actions.

The cookies we use are non-privacy intrusive, which means they do not contain personal information that is unique to you as user of our website.

There are cookies we use that are strictly necessary and essential for the use of our website, without these you will not be able to complete online quotes or purchases. We also use cookies for our legitimate business interests to improve the website experience and to analyse the number of visitors to our website.

We also use cookies for our legitimate business interests to improve the website experience and to analyse the number of visitors to our website.

To see full details of all the cookies we use please visit www.policyexpert.co.uk/cookie-policy.

Our website contains links to other websites which are outside our control and are not covered by this Privacy Policy. If you access other sites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their Privacy Policy.

We will only process your data where we have a legal basis for doing so.

We use your data to communicate with you and to offer you our services and products. We will also use your data to improve or maintain the services we offer to you. We will never use your data for any other purpose unless we firstly gain your consent to do so.

We rely on several legal bases for collecting and further processing your personal data. These are:

6.1 Contract

We collect personal information about you when you apply for products or services. We will ask you to provide some information about yourself for security, identification, and verification purposes.

We may also monitor and record communications with you (such as telephone calls and emails) for quality assurance, training, fraud prevention and regulatory compliance purposes.

We will also collect personal data for the purposes of the performance of a contract with you, such as:

'Automated decision-making' is where a decision is made without human involvement, such as providing an instant insurance quotation on demand without the need of human intervention. It forms a necessary part of our quote process because it is the only practical way to process your data quickly enough to give you an immediate quote. It is your choice as to whether to accept the quote, meaning it does not create a contract at point of quote and a quote itself carries no detriment to you. Automated decisions do not form part of our claims or complaints processes.

6.2 Legal Obligation

We may also process your personal information to allow us to comply with certain legal obligations we are subject to. We are required to adhere to several regulatory frameworks, including that imposed by the regulatory authority, the Financial Conduct Authority (FCA), with whom we work openly and co-operatively. We will also work co-operatively with the national data protection authority, the Information Commissioner's Office (ICO), in relation to any data protection matters that may arise. We may also be required to share your information with law enforcement agencies.

6.3 Legitimate Interest

We may use your personal data for our legitimate business interests, whilst carefully considering and balancing any potential impact on you and your rights as a data subject under the relevant data protection legislation.

This may include processing your personal data to allow us to provide the best services and customer experience and to ensure products are relevant and tailored to your needs.

We will always ensure that our legitimate interests will never override your rights and freedoms under data protection legislation. As an example, we may process your personal data for the following purposes:

In addition, we may perform statistical and other analysis on the personal data we collect, to help us understand and improve on how people use our products or services. Furthermore, we may use data to test our system to ensure functionality.

Please note, you have the right to object to or restrict the processing for which we rely on legitimate interest as the legal basis. To do so, please use the contact details for our DPO which can be found in section 12.

Where we rely on legitimate interest as the legal basis for sending you direct marketing you have the right to object to this processing. You can opt-out or update your marketing preferences. Please see section 11.5 for more information.

6.4 Special Category Data and Criminal Offences Data

We may ask you for information about medical conditions you have (considered special category data) or criminal convictions you have received. This is lawfully processed as it is required for the performance of a contract or to take steps to enter into a contract. However, due to the sensitive nature of this type of data there are additional conditions required for processing this type of data. This data is processed as it is 'necessary for reasons of substantial public interest' as set out in the Data Protection Act (2018).

We do not sell, trade, or otherwise transfer your personal information to outside parties other than necessary sharing. Necessary sharing includes governmental bodies or trusted third parties who assist us in operating our website, conducting our business, servicing you and for fraud prevention, so long as those parties agree to keep this information confidential.

We share your data with third parties to help provide you with our products and services in the following ways:

The full list of 3rd Parties we use is available on our website.

Some of the third-party suppliers we use may be located in countries outside of the EEA.

For example, we use third party software suppliers to process data such as your email address and other contact details to help manage our customer service.

When data is transferred outside of the EEA, it will be kept securely and only used for the purposes set out in this Privacy Policy. We will ensure the data has the equivalent protection as it would be if it were processed in the UK.

This is done by the third party obtaining our prior written consent. We will only provide consent where that third party's country or organisation provides adequate safeguards, as recognised by the UK's Information Commissioner's Office (ICO). Where the third party is located in the United States, they must participate in and adhere to the UK-US Data Bridge and be listed on the Data Protection Framework List (DPF). If they are not listed, an alternative appropriate safeguard must be used to transfer data with equivalent protection as it would be if it were processed in the UK.

Our insurance partners are the data controllers in respect of the processing they carry out, and such processing will be subject to their own Privacy Policies. We do not have any control over whether they process your personal data outside the EEA. You should refer to their Privacy Policy for this information.

GPDR nor the Data Protection Act dictate how long personal data can be held for. Instead, it is down to the controller's discretion on how long to hold personal data for. This discretion must involve careful consideration and strike a balance in being proportionate to the purpose the personal data has been collected and not being an overly onerous period.

Anonymised data does not have the same requirements.

The retention periods for Policy Expert have been considered carefully and will be reviewed at least annually. Below are Policy Expert's data retention periods for customer's data:

If the personal data is no longer necessary, or where we no longer have a legal basis for processing your data, we will delete or fully anonymise the data we hold on to. However, non-personally identifiable data elements will be perpetually retained by us for statistical and analytical purposes.

Policy Expert do not sell, trade or otherwise transfer your personal information to outside parties other than those detailed in this Privacy Policy. Necessary sharing includes trusted third parties who assist us in operating our website, conducting our business or servicing you, and governmental bodies for fraud prevention, so long as those parties have adequate data protection measures in place that align with the requirements of the relevant data protection legislation.

We ensure that we have appropriate technical and organisational controls in place to protect our business and our customers from unauthorised access or alteration to, disclosure or destruction of information we hold. In particular:

• We always require verification and identification from you (or your authorised third parties) prior to allowing access to your account or before discussing any personal and account details.
• We have appropriate security measures in place relating to the collection, storage and processing of your personal data, including physical security measures, to guard against unauthorised access to systems.
• We restrict access to personal information to employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

As a data subject, for whom Policy Expert processes personal data, you can exercise certain rights in relation to the processing of your personal data, under data protection legislation, as detailed below:

11.1 Your Right of Access and Right to Data Portability

You have the 'right of access' to the personal data we hold on you. This will include information on any data we may have sourced indirectly, for example from the Claims and Underwriting Exchange (CUE) database. We can also provide your personal data in a structured format (as a csv file) if required. This is referred to as your 'right to data portability' under the Data Protection legislation.

If you would like to receive a copy of the data we hold on you please contact us using the details in section 12.

We will respond to your request as soon as possible, and at the latest within one month of receiving your request.

11.2 Your Right to Rectification

We aim to keep your data up to date and accurate. If you find we have incorrect information about you, please let us know by contacting using the details in section 12.

This is referred to as your 'right to rectification' in data protection legislation.

11.3 Your Right to Erasure

We cannot delete the data we hold about you until the relevant data retention period has expired, at which point your data will automatically be deleted or anonymised (see section 9 above). However, if you wish to stop receiving communications from us you can do so, see section 11.5 below.

11.4 Your Right to Restriction of Processing

You have the right to request us to stop processing your data in certain circumstances, referred to as 'right to restriction of processing' in data protection legislation. These circumstances are:

To make this request, please contact us using the details in section 12.

11.5 Changing Your Marketing Preferences

We may communicate with you from time to time if we deem there to be a case for legitimate interest such as communicating with you in relation to the products and services for which you received a quotation, in relation to products and services that are compatible with the original purpose for which we gained your information, or to communicate important updates about our products or services which we think may be of interest to you. If you want to opt out of your personal information being processed for marketing communication purposes, you can do so at any point. There are four ways in which you can do this.

Our contact details can be found in section 12

Please note that due to the advance preparation required for some types of communication, it may take up to 30 days for the communications to cease.

11.6 Your Right to Object to Processing

You may out-out of your personal information being processed by contacting us using our details found in section 12.

This is referred to as your 'right to object' under data protection legislation.

For data protection enquiries related to our product, please choose one of the following product specific contact methods to get in touch.

Home Insurance

Motor Insurance

Pet Insurance

Policy Expert will be more than happy to help you should you have any complaints about the processing of your personal data. Under data protection legislation, you have the right to lodge a complaint with the supervisory authority, the Information Commissioner's Office (ICO), who are the national authority responsible for the protection of personal data.

A complaint can be made to the ICO via their website: www.ico.org.uk or through their helpline: 0303 123 1113.