Get In Touch
Indicative Quote
Get Instant Individual Life Cover

Privacy Notice

Updated: 1st May 2026

At a glance

This notice explains how Unisure Limited uses personal data when you visit our website, use our online portal, or engage with us in connection with our insurance services. It is designed to be clear and easy to understand.

Key points:

  • Controller: Unisure Limited.
  • Website & portal: we use data to run the website/portal, manage accounts, keep audit logs and maintain security.
  • Insurance services: we use data to provide and administer insurance services (including policy administration and claims related support), respond to enquiries and manage broker relationships.
  • Special category (health) data: processed where necessary for insurance services (particularly claims related activities) with additional safeguards.
  • Criminal offence data: not routinely processed; may be processed where required for Anti-Money Laundering (“AML”)/Know Your Customer (“KYC”), sanctions or fraud screening and usually received from third party compliance providers.
  • We do not sell personal data to third parties for their own direct marketing.
  • Complaints: you can complain to us about how we use your personal data (including concerns following a data breach).
  1. Who we are

Unisure Limited (“Unisure”, “we”, “us”, “our”) is a limited company registered in England and Wales (company number 09111373) and authorised and regulated by the Financial Conduct Authority (FRN 719400). We own and operate this website and the associated online portal and act as an insurance solutions provider in the health and life insurance market.

  1. Group structure and applicable data protection laws

Unisure Limited is part of a wider corporate group (the “Group”), which includes regulated and unregulated entities operating in multiple jurisdictions. Most client‑facing business is contracted and administered through Unisure Limited in the UK. In some circumstances, services may be provided by or in conjunction with another Group entity.

Controller clarification: Unisure Limited is the controller for personal data collected via this website and the online portal, and for most insurance services provided to clients. In some cases, a different Group entity may act as the controller (for example, where that entity is the contracting party or provides regulated services locally). Where this applies, the relevant controller will be identified in your contract, product documentation or a local privacy notice/addendum.

We apply the UK General Data Protection Regulation, the Data Protection Act 2018, Data (Use & Access) Act 2025, and Privacy & Electronic Communications Regulations as our baseline standard. Where local data protection laws apply and impose stricter requirements, we will comply with those stricter requirements to the extent they apply.

  1. What this notice covers

This notice applies when you:

  • visit or interact with our website;
  • access or use our online portal (including as an individual user or broker/intermediary user);
  • engage with us in connection with our insurance services, including enquiries, policy administration, claims‑related activities, complaints and ongoing servicing; or
  • interact with us as a broker, intermediary, supplier or other business contact.

Our website may link to third‑party websites. Their privacy notices apply to any personal data they collect.

  1. Personal data we collect

4.1Website and portal data

We may collect:

  • account and login details (e.g. username; passwords are stored in hashed form);
  • portal usage and security logs (e.g. login timestamps, IP address, device identifiers, audit trails);
  • enquiries and communications (e.g. emails, webform submissions, call notes);
  • technical and usage data (e.g. browser type, operating system, page interactions, cookie identifiers – see Cookie Policy).

4.2Insurance services data

We may collect:

  • identity and contact details (e.g. name, address, email, phone number; date of birth where relevant);
  • policy and servicing information (e.g. quotation and policy details, risk information, instructions, complaints records);
  • claims‑related information (e.g. claim details, supporting evidence, communications and payments where applicable);
  • broker/intermediary and business contact information (e.g. firm and contact details, servicing records);
  • financial information where relevant (e.g. bank details for claim payments or refunds).

Depending on the product/service, we may also process additional information relevant to underwriting, administration and claims (for example, information about travel, occupation, beneficiaries and supporting evidence).

4.3Special category data (health)

We routinely process health and other special category data where necessary for insurance services, particularly for claims‑related activities. We apply additional safeguards such as access controls, secure transmission and confidentiality controls.

4.4Criminal offence data (limited)

We do not routinely process criminal offence data. Where processed, this is typically in connection with AML/KYC, sanctions or fraud screening and is usually obtained from a third‑party compliance or screening provider following a relevant alert/flag.

  1. Where we get personal data from

We obtain personal data from:

  • you directly (website forms, portal use, email/phone, documents you provide);
  • brokers/intermediaries or representatives acting on your behalf;
  • insurers, reinsurers and other insurance market participants (e.g. claims handlers, loss adjusters, assistance providers);
  • IT and security providers that support the website/portal;
  • identity verification, sanctions/Politically Exposed Person (“PEP”) and fraud/AML screening providers; and
  • public or official sources where permitted (e.g. company registers).
  1. How we use your data and our lawful bases

We use your personal data for the purposes below. We must also have a lawful basis under UK data protection law. The main lawful bases we rely on are contract, legal obligation, legitimate interests and (where required) consent.

Below is a summary of key processing activities and lawful bases:

Processing activity

Typical purpose

Primary lawful basis

Website & portal access

Operate and secure the website/portal, manage accounts and audit logs

Legitimate interests; Contract

Insurance services

Policy administration, claims‑related support, customer and broker servicing

Contract; Legitimate interests

Regulatory & compliance checks

AML/KYC, fraud prevention, sanctions screening, Financial Conduct Authority (“FCA”) and other legal obligations

Legal obligation; Legitimate interests

Customer communications

Service updates, complaints handling and important notices

Contract; Legal obligation; Legitimate interests

Marketing (where permitted)

Share updates and insights about our services

Legitimate interests or Consent (where required)

Analytics & cookies

Improve website functionality and performance

Consent (non‑essential cookies); Legitimate interests (strictly necessary)

Processing activity

Website & portal access

Typical purpose

Operate and secure the website/portal, manage accounts and audit logs

Primary lawful basis

Legitimate interests; Contract

Processing activity

Insurance services

Typical purpose

Policy administration, claims‑related support, customer and broker servicing

Primary lawful basis

Contract; Legitimate interests

Processing activity

Regulatory & compliance checks

Typical purpose

AML/KYC, fraud prevention, sanctions screening, Financial Conduct Authority (“FCA”) and other legal obligations

Primary lawful basis

Legal obligation; Legitimate interests

Processing activity

Customer communications

Typical purpose

Service updates, complaints handling and important notices

Primary lawful basis

Contract; Legal obligation; Legitimate interests

Processing activity

Marketing (where permitted)

Typical purpose

Share updates and insights about our services

Primary lawful basis

Legitimate interests or Consent (where required)

Processing activity

Analytics & cookies

Typical purpose

Improve website functionality and performance

Primary lawful basis

Consent (non‑essential cookies); Legitimate interests (strictly necessary)

6.1Website and portal operation

We use personal data to:

  • operate and secure the website and portal (including authentication, audit logs and fraud/abuse prevention);
  • manage accounts and provide portal features; and
  • respond to enquiries and provide support.

Lawful bases: legitimate interests and, where applicable, contract.

6.2Insurance services

We use personal data to:

  • provide and administer insurance services (including policy administration and claims‑related support);
  • manage customer and broker relationships and communications; and
  • handle complaints and disputes.

Lawful bases: contract and/or legitimate interests depending on your relationship with us.

6.3Legal and regulatory compliance (including financial crime)

We use personal data to:

  • comply with legal and regulatory obligations (including FCA expectations);
  • carry out financial crime controls such as AML/KYC checks, sanctions/PEP screening and fraud prevention; and
  • support audit, governance and record‑keeping.

Lawful bases: legal obligation and/or legitimate interests.

6.4Marketing

  • Service and regulatory messages: we may send you important service messages (for example, about your policy, claims, changes to terms or regulatory information). These are not marketing.
  • Direct marketing: where we send direct marketing, we will do so in line with applicable law. You can opt out at any time, and you have an absolute right to object to direct marketing.
  • Preference services: if UK-based, you may also register with the Telephone Preference Service (TPS), Corporate TPS (CTPS) and/or the Mailing Preference Service (MPS) to reduce unsolicited marketing.

6.5Special category data

Where we process special category data such as health information, we do so only where necessary for insurance purposes and where an appropriate legal condition applies, together with suitable safeguards.

  1. Who we share your personal data with

We may share personal data with the following categories of recipients, where necessary:

  • Group companies (for permitted operational, compliance, governance and IT/security purposes);
  • Insurers/underwriters and reinsurers;
  • brokers, intermediaries, agents and distribution partners;
  • claims handlers, Third-Party Administrators, loss adjusters, investigators and assistance providers;
  • medical practitioners or experts where relevant (subject to appropriate safeguards);
  • fraud prevention, identity verification and compliance screening providers;
  • professional advisers (legal, audit, tax) and other service providers (IT hosting, security, communications, payment service providers);
  • regulators, law enforcement, courts and competent authorities where required or permitted.
  • Third parties we use to help deliver our quotes, products and/or services to you, e.g. payment service providers, assistance firms;
  • Certain third parties in order to provide certain functionality on our website, e.g., website hosts and website analytics providers.

We do this in a responsible, fair and proportionate way, and we use appropriate contractual and security safeguards.

  1. Retention of your personal data

We will keep your personal data for only as long as is necessary and for the purpose for which it was originally collected, including to meet legal and regulatory requirements and to establish, exercise or defend legal claims.

Typical retention periods (may vary):

  • Quotations: 1 year from the date of quotation (then anonymised where appropriate);
  • Active policies: 7 years after expiry or cancellation;

Portal accounts: If you stop using your account, we delete or anonymise account data after 7 years (unless we need it for legal/regulatory purposes);

  1. International Transfers

Our primary technical infrastructure and hosting are located in the UK and European Economic Area (EEA). If we transfer personal data outside the UK, we will ensure appropriate safeguards are in place (for example, UK adequacy regulations or approved contractual safeguards) together with appropriate security measures.

  1. Your rights

Under the UK Data Protection Legislation, you have the following rights, which we will always work to uphold:

  • The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in section 15.
  • The right to access the personal data we hold about you. section 10.1 below will tell you how to do this.
  • The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in section 15 to find out more.
  • The right to be forgotten, i.e., the right to ask us to delete or otherwise dispose of any of your personal data that we hold. Please contact us using the details in section 15 to find out more.
  • The right to restrict (i.e., prevent) the processing of your personal data.
  • The right to object to us using your personal data for a particular purpose or purposes.
  • The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
  • The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
  • Rights relating to automated decision-making and profiling. We may use automated tools to support activities such as fraud detection, sanctions screening and risk assessment. Where we make decisions solely by automated means that have legal or similarly significant effects on you (if applicable), we will provide appropriate information and safeguards, including how to request human review, in line with applicable law.

10.1How to make a subject access request (SAR)

You can make a SAR verbally or in writing, including by email. To help us respond quickly and securely, please email our Data Protection Officer at dpo@unisuregroup.com. We normally respond without undue delay and within one month. For complex requests, we may extend this by up to a further two months and will keep you informed.

There is not usually a fee. However, if a request is manifestly unfounded or excessive (for example, repetitive), we may charge a reasonable fee or refuse to act on the request as permitted by law.

  1. Do you have to provide personal data?

You can browse parts of our website without providing personal data. However, if you use the portal or request/receive services, we may need certain information to provide those services and to meet legal and regulatory requirements. If you do not provide required information, we may be unable to provide portal access, provide a quotation, arrange cover, administer a policy, or support a claim. 

  1. Cookies and similar technologies

We use cookies and similar technologies on our website. Some are strictly necessary for the site and portal to function; others (such as analytics or marketing cookies) require your consent. For details and how to manage your preferences, please see our Cookie Policy.

  1. Security and personal data breaches

We use appropriate technical and organisational security measures designed to protect personal data. If a personal data breach occurs, we assess it promptly and, where required, we will notify the UK Information Commissioner’s Office and affected individuals in line with applicable legal requirements.

If you believe your personal data has been affected by a security incident or data breach involving us, please contact us as soon as possible using the details below.

  1. How to complain

You have the right to complain directly to us if you have concerns about how we use your personal data (including concerns following a personal data breach). We operate an internal data protection complaints process. You can submit a complaint by email, post or phone using the contact details in section 15.

What we will do:

  • acknowledge receipt of your complaint within 30 days;
  • investigate and respond without undue delay, making appropriate enquiries and keeping you informed of progress; and
  • explain the outcome to you without undue delay and tell you what options you have if you remain unhappy.

You also have the right to complain to the Information Commissioner’s Office in the UK: https://ico.org.uk/make-a-complaint or telephone 0303 123 1113.

  1. How to contact us

For questions, rights requests or complaints relating to your personal data, contact:

  • Data Protection Officerdpo@unisuregroup.com
  • Address: Unisure Limited, 40 Gracechurch Street, London, EC3V 0BT, UK
  • Phone: +44 207 118 1455
  1. Changes to this Privacy Notice

We may update this Privacy Notice from time to time. The current version will always be available on our website, with the effective date shown at the top. We will give you reasonable notice of any material change. We encourage you to visit frequently to stay informed about how we use your personal information.

Home

Get an Indicative Quote
Get Instant Individual Life Cover
Intermediary Zone
Retrieve My Quote
Get In Touch
Envelope Viber Facebook Instagram Linkedin X-twitter
Close

Please enter a valid email address — the MEF brochure will be sent directly to your inbox.

Close
Drag & Drop Files, Choose Files to Upload You can upload up to 3 files.