Simple. Personal. Transparent. These values don’t just apply to our product and services; we keep these values in mind for everything we do. For you to be confident using our services we want you to know and trust that we’re committed to ensuring your privacy is protected.
We realise insurance can be complicated, and there’s a lot of information we need to provide to you, so we’ve provided a table of contents with links to the relevant sections and please do contact us customercare@wrisk.co with any questions.
We are Wrisk Transfer Limited (‘WTL’), authorised and regulated by the Financial Conduct Authority (reference # 788062), incorporated in England (company # 10657213), registered office 45 Gresham Street, London EC2V 7BG.
Please do read this Privacy Policy as, together with our Cookie Policy, it explains how we process your personal data, for example when you visit wrisk.co or any other website (‘Website’) owned or provided by us, or when you use or buy our insurance services and other products (‘Services’).
We always seek to comply with the data protection laws applicable to our processing of personal data (‘DP Laws’).
For example, the EU General Data Protection Regulation 2016/679 (‘EU GDPR’) may apply and, as a UK company, the UK Data Protection Act 2018 (‘UK DPA’), the UK e-Privacy Regulations (‘PECR’), and the UK-adopted version of the EU GDPR (‘UK GDPR’) apply directly to all our processing. We’ll use ‘GDPR’ to refer to either the EU or UK version as they’re almost identical.
‘Personal data’ is a defined term in EU and UK law. We also use it here to cover ‘personally identifiable information’ as defined in US law, and other similar legal definitions. Essentially ‘personal data’ means any information relating to an identified or identifiable natural person, namely one who can be identified, directly or indirectly from that information alone or in conjunction with other information.
As data protection law and practice are constantly developing, we’ll need to update this policy from time to time, which we’ll do by posting a new policy on the Website that takes effect from the date stated. It is your responsibility to return to the Website from time to time and check for changes.
You clearly do not have to provide personal data to us. However, if you would like us, for example, to respond to a query, provide a quotation, issue an insurance policy or manage a claim, we may not be able to do so without personal data from you and failing to provide certain personal data, for example for a quotation, may invalidate any resulting policy.
You’ll see we’ve identified the legal basis for our processing throughout this Policy. The legal bases we rely on are:
‘Special categories of personal data’ is defined by GDPR to include personal data revealing racial or ethnic origin, religious or philosophical beliefs or trade union membership, genetic data or data concerning health. We may need to ask for some special categories of personal data, in particular health data.
We may also need to ask for personal data relating to criminal convictions and offences, for the same reasons.
Without this information we may not be able to provide Services to you. For example, we may not be able to give you a quote or issue an insurance policy and it may affect the outcome of any claims you make.
The legal basis for any processing by us of special categories of personal data or personal data relating to criminal convictions and offences is the Insurance basis in paragraphs 20 and/or 36 and 37 of Part 2 of Schedule 1 to the UK DPA.
We collect or are provided your personal data in the normal course of our business, including:
We will process your personal data for expected purposes related to the business of marketing, administering and managing insurance. We have set out details of these purposes below, together with information on the data processed, the appropriate legal basis, whether it is shared and how long it is retained.
We will collect and process your personal data to provide you with a quotation, before you become a customer and for anniversary.
In this process, we will also perform industry-standard checks and share the results with insurers and other necessary parties as set out below.
As part of the quotation process, and ongoing administration of any insurance policy, we will perform certain checks to inform the risk of providing you with insurance.
Once we’ve provided you with a quotation and the risk checks are passed, you may decide to take out your insurance policy with us (that may be through a partner-branded offering but the insurance contract will still be with us). We will have collected most of the information in the quotation process, but we will ask you to confirm it.
In this process, we will also perform industry-standard checks as follows in Purpose 2 and share it with insurers and other necessary parties as set out in Purpose 3.
You may contact us with queries from time to time and we will always respond as quickly and helpfully as possible.
Should you have a claim under your policy with us, we will need to process personal data necessary to administer that claim. We will have some of that data from the quotation and contracting processes.
From time to time, we will send you service messages, which are generally transactional in nature and related to the Services you have with us. These messages may be a reminder of the expiry of a quotation, the timing of your renewal, invoices and payments, and about any changes to your policy.
From time to time, we would like to send you marketing messages, which are related to the Services you have with us. These messages may be about relevant news, updates and promotions related to Wrisk. This section applies to customers of Wrisk branded products only.
We may collect statistics to help us improve the features and performance of our Website and online Services.
We may record telephone calls between you and Wrisk for the purposes of training our staff and ensuring a high quality of customer service.
We may need to record telephone calls between you and Wrisk to comply with a legal obligation, such as compliance monitoring or fraud detection and prevention. This is a separate purpose to recording for training and quality assurance purposes.
Under the laws relevant to insurance, including the FCA Rules relevant to us, we have to share certain of your personal data with:
You will appreciate that, because we are authorised by the FCA, we are subject to FCA rules on retention of certain personal data, for the period(s) set out in the FCA rules. We may also be subject to other legal obligations as an administrator and manager of insurance, which may require us to retain personal data for a set period.
We need to ensure that our Services, and the underlying network, infrastructure and systems we use to provide those Services, are secure, resilient and free from fraudulent and other illegal activity.
We may anonymise your personal data, and may aggregate it with other anonymised data, so that we can analyse it, for example to improve our question sets and pricing models for the benefit of all our customers.
We use automated decision-making, including profiling, to prepare your quotation and for quoting for in-policy changes and any anniversary.
As you’ve already seen, we may share personal data in the limited circumstances necessary for operating our business and issuing quotations and insurance policies both under our name and partner brands. Here is more detail on those third parties, who may be separate controllers given their own regulatory obligations.
As above, under applicable insurance regulations, we have to share certain personal data with our regulator, the FCA, and the UK Motor Insurance Bureau.
Given the nature of insurance and the typical context of claims, we may receive requests or legal orders from the Police and other UK authorities to disclose your personal data to them (‘Legal Request’). If we receive a Legal Request, we will review it to ensure that it complies with the applicable law: if it does not, we will inform the issuing party and we will not comply with it; if it does, we will disclose your personal data only to the extent necessary to comply with the Legal Request, and the legal basis for our compliance will be Legal Obligation. Unless the Legal Request and applicable law prevents us doing so, we will notify you about any such disclosure.
Wrisk partners with BMW in the UK to power the BMW Flex, BMW DriveAway, MINI Flex and MINI DriveAway insurance products. Wrisk and BMW are separate controllers. You may direct your questions and exercise your rights directly with the relevant party. Our contact details are privacy@wrisk.co and BMW’s are in their Privacy Policy.
Wrisk partners with Crédit Agricole in the UK to provide Crédit Agricole customers access to the Wrisk Driveaway Insurance and Wrisk Car Insurance products. Wrisk and Crédit Agricole are separate controllers. You may direct your questions and exercise your rights directly with the relevant party. Our contact details are privacy@wrisk.co and CA Auto Finance’s in their Privacy Policy.
Wrisk partners with JLR in the UK to power the Land Rover Insurance and Jaguar Insurance products. Wrisk and JLR are separate controllers. You may direct your questions and exercise your rights directly with the relevant party. Our contact details are privacy@wrisk.co and Jaguar Land Rover’s are in their Privacy Policy.
Wrisk partners with Mercedes-Benz in the UK to power the Mercedes-Benz Motor Insurance and Mercedes-Benz First Cover insurance products. Wrisk and Mercedes-Benz are separate controllers. You may direct your questions and exercise your rights directly with the relevant party. Our contact details are privacy@wrisk.co and Mercedes-Benz’s are in their Privacy Policy.
Wrisk partners with heycar in the UK to power the heycar motor insurance product. Wrisk and heycar are separate controllers. You may direct your questions and exercise your rights directly with the relevant party. Our contact details are privacy@wrisk.co and heycar’s are in their Privacy Policy.
Wrisk partners with RAC in the UK to power the RAC Pay by Mile insurance product. Wrisk and RAC are separate controllers. You may direct your questions and exercise your rights directly with the relevant party. Our contact details are privacy@wrisk.co and RAC’s are in their Privacy Policy.
Wrisk partners with Volvo in the UK to power the Volvo Car Insurance and Volvo Free Driveaway Insurance products. Wrisk and Volvo are separate controllers. You may direct your questions and exercise your rights directly with the relevant party. Our contact details are privacy@wrisk.co and Volvo’s are in their Privacy Policy.
We do not collect or process any bank or debit or credit card data ourselves. Any such data is collected and processed by our payment processors, to process the relevant payments. Our payment processors generally act as independent controllers, given their own regulatory requirements, although they may act as our processors in terms of when payments are taken and reporting information to us. We will at all times comply, and choose payment providers who comply, with the applicable industry codes and laws regarding security and retention of such data, for example the Payment Card Industry Data Security Standard.
Our payment processors are:
Highway Insurance Company Limited, trading as Allianz, act as insurer for the BMW DriveAway, BMW Flex, heycar motor insurance, Jaguar Insurance, Mercedes-Benz Motor Insurance, Mercedes-Benz First Cover, MINI DriveAway, MINI Flex, RAC Pay by Mile, Volvo Car Insurance, Volvo Free Driveaway Insurance and Wrisk Car Insurance policies that we issue to our customers. Allianz are one of the panel insurers for the Land Rover Insurance product, acting as insurer on policies that we issue to our customers, where they are shown as the insurer in the issued policy wording.
This insurance is underwritten by Highway Insurance Company Limited.
Allianz is a trading name of Highway Insurance Company Limited which is part of the Allianz Group, registered in England and Wales number 3730662. Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority, register number 202972. Registered address for Highway Insurance Company Limited trading as Allianz is 57 Ladymead, Guildford, Surrey, GU1 1DB and their Privacy Policy can be viewed here.
ERS (Syndicate 218 at Lloyd’s) are one of the panel insurers for the Land Rover Insurance product, acting as insurer on policies that we issue to our customers, where they are shown as the insurer in the issued policy wording.
ERS (Syndicate 218 at Lloyd’s) is managed by IQUW Syndicate Management Limited, which is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority, register number 204851.
IQUW Syndicate Management Limited is registered in England and Wales number 426475. The registered office is: 30 Fenchurch Street, London EC3M 3BDT. The latest version of the ERS Privacy Policy is available via their website here.
KGM act as insurer for the Wrisk Driveaway Insurance policies that we issue to our customers.
Insurance from KGM is underwritten by Zurich Insurance Company Ltd. Zurich Insurance Company Ltd, a public limited company incorporated in Switzerland. Registered in the Canton of Zurich, No. CHE-105.833.114, registered offices at Mythenquai 2, 8002 Zurich. UK Branch registered in England and Wales no BR000105. UK Branch Head Office: The Zurich Centre, 3000 Parkway, Whiteley, Fareham, Hampshire, PO15 7JZ. Zurich Insurance Company Ltd is authorised and regulated in Switzerland by the Swiss Financial Market Supervisory Authority FINMA. Authorised by the Prudential Regulation Authority. Subject to regulation by the Financial Conduct Authority and limited regulation by the Prudential Regulation Authority. Details about the extent of regulation by the Prudential Regulation Authority are available on request. FCA Firm Reference Number 959113.
The registered address for KGM is 2nd Floor, St James House, 27-43 Eastern Road, Romford, Essex, RM1 3NH and their Privacy Policy can be viewed here.
If you are a BMW Flex, heycar motor insurance, Jaguar Insurance, Land Rover Insurance, Mercedes-Benz Motor Insurance, MINI Flex, Volvo Car Insurance or Wrisk Car Insurance customer and you have selected Legal Expenses insurance, that will be provided by Arc, and we will share your personal data with them as necessary for that purpose. Their registered address is; The Gatehouse, Lodge Park, Lodge Lane, Colchester, CO4 5NE. They are a separate controller and their Privacy Policy, including their contact details, is available here.
If you are a Mercedes-Benz Motor Insurance customer and you have selected Excess Protect insurance, that will be provided by SISL, and we will share your personal data with them as necessary for that purpose. Their registered address is; 35 Ballards Lane, London, N3 1XW and their Privacy Policy can be viewed here.
If you are an RAC Pay by Mile customer and you have selected Legal Expenses insurance, that will be provided by RAC, and we will share your personal data with them as necessary for that purpose. Their registered address is; RAC House, Brockhurst Crescent, Walsall, West Midlands WS5 4AW. They are a separate controller and their Privacy Policy, including their contact details, is available here.
Wrisk partners with Proficient in the UK to offer First Notification of Loss (FNOL) for insurance products and claims services for all our insurance offerings. Their registered address is Mill Way, Egerton, Bolton, BL7 9RW. They act as a separate controller, and their Privacy Policy, including contact information, can be found here.
Wrisk partners with Axitech in the UK to offer Accident Management Services along with Electronic Notification of Loss (ENOL) for insurance products and claims services for some of our insurance offerings. Their registered address is 1 Park Row, Leeds, LS1 5AB. They act as a separate data controller, and their Privacy Policy, including their contact details, can be found here.
We will share your information with other insurance companies and intermediaries in the distribution chain to enable us to arrange and administer a policy for you and to enable their Services.
For example, if you are introduced to us by a placing broker, your personal information (e.g. policy details, contact details, claims and any other data you share with us) will be shared between us and them as part of your relationship with us.
We share and obtain data from TransUnion who are a credit reference agency, for the purposes set out above. They are a separate controller and their Privacy Policy, including their contact details, is available here.
We share and obtain data from Synetics Solutions for the purposes set out above. They are a separate controller and their Privacy Policy, including their contact details, is available here.
For provision of the Services, and for our own disaster recovery and business continuity purposes, we may store or transmit personal data to or through third party providers, such as with our contractors and advisors to help us operate, secure and analyse our business. The lawful basis will be Legitimate Interests or Contract.
We may be obliged to disclose your personal data to comply with a law, order or request of a court, government authority, other competent legal or regulatory authority or any applicable code of practice or guideline. The lawful basis will be Legal Obligation.
If we enter negotiations with a third party for the sale or purchase of all or part of our business, we will only disclose personal data to that third party to the extent it relates to that business and only under conditions of confidentiality requiring the third party to be bound by the privacy policy that applies to that data. The lawful basis will be Legitimate Interests.
In each case, we share the minimum personal data necessary and we have written contracts in place incorporating relevant wording to safeguard that personal data and comply with applicable laws, and we will only share such data as is necessary for the purpose in question.
Our starting position is always to keep personal data within the UK or European Economic Area (‘EEA’) where the UK GDPR or EU GDPR applies respectively. However, in order to carry out the above purposes, we may use third parties and their facilities outside the EEA. In all such cases we will ensure that appropriate security measures are in place to protect your personal data and a valid legal basis for the transfer applies.
Our Website uses cookies and/or similar technologies. Please review our Cookie Policy for more information, including on how to refuse or selectively accept cookies and/or similar technologies and update your preferences.
If no retention period is specified above, our default position is to only retain personal data for any statutory retention period, then a reasonable period (if any) necessary for the above purposes. This is subject, for example, to any valid opt-out or withdrawal of consent where processing is based on consent, or other valid exercise of your data subject rights.
The security of data is very important to our business. In accordance with our legal obligations, we take appropriate technical and organisational measures to protect your personal data and keep those measures under review. However, we can only be responsible for systems that we control and we would note that the internet itself is not inherently a secure environment.
If you access the services of another provider through our websites or services, for example through a link on the Website, your use of those services is entirely at your risk and governed by the terms and privacy policy of that third party provider. If we resell a service delivered or provided by a third party (‘Third Party Service’), including any software that is delivered or owned by a third party (‘Third Party Software’), it is that third party’s separate privacy policy that will apply to your personal data and your use of the Third Party Service and Third Party Software. Your use of a Third Party Service is not covered by this Privacy Policy. Please therefore review the privacy policy for any Third Party Service and Third Party Software before using it.
Under the UK and EU GDPRs, you have the following rights (some of which may be subject to conditions set out in the relevant GDPR):
You have the right, at any time, to object to the processing of your personal data for direct marketing.
Where processing is based on Consent, you may withdraw consent at any time.
You have the right to notify a complaint to any regulator such as the UK Information Commissioner. We always welcome the opportunity to discuss and resolve any complaint with you first.
The Website does not use technologies that respond to ‘Do-Not-Track’ signals communicated by your internet browser.
If you’ve any question you can always contact us at the address above or by email to privacy@wrisk.co. You can also always contact our Data Protection Officer at dpo@wrisk.co.