The Collinson Group is committed to processing personal data in compliance with applicable data protection law. This Privacy Notice explains how Collinson Group entities and any other affiliated entity you engage with (“Collinson”) process your personal data in connection with the provision of insurance products and related services.
This Privacy Notice informs individuals who are policyholders, dependents, children, spouses or partners, claimants, witnesses, business contacts and other third parties, policyholders’ agents and representatives, users of this website and digital services. References to “you” or “your” mean the individuals listed above.
For most insurance activities, the data controller of your personal data is the underwriter of your insurance policy. The name and contact details of the underwriter are set out in your policy documentation. In respect of your insurance product, Collinson may act as:
- An independent or joint controller for certain processing activities (e.g., operating websites, customer service, compliance, fraud prevention); and
- A processor on behalf of the underwriter for other activities.
Depending on the product and your location, one or more of the following Collinson entities may be the data controller for specific processing activities:
- Collinson Insurance Europe Limited
- Collinson Insurance Services Limited
- Collinson Insurance Services Europe Limited
- Astrenska Insurance Limited
- Columbus Insurance Services Limited
The contact details for our Data Protection Team of the entities listed above and information on your rights are set out in the “Your rights” section below.
The following table outlines the personal data categories we may process about you. This includes but it is not limited to:
| Type of Personal Data | Examples of data |
|---|---|
| Additional Support Needs Data (Special Category) | Physical or mental health conditions, cognitive impairments, disabilities, medication or treatment details, financial resilience information to assess support needs, power of attorney declarations, distress or confusion indicators, requests for third-party support or representation, additional support needs |
| Appearance and Behavioural Data | Height, weight, gender identity, lifestyle data, descriptive characteristics, demographic segment, behavioural profiling, purchase/claim patterns, website pager view |
| Authentication Data | Passwords, security questions, memorable information |
| Background Check Data | Disclosure and Barring Check data or similar background checks information |
| Claim and Complaint Data | Claim reference number, type of claim (e.g. theft, injury, travel delay), incident date, location, description of loss, alternative insurance coverage |
| Communication Data | Call recordings, emails, letters, complaint records, instant messaging, social media |
| Consent and Preference Data | Claim form consents, third-party data sharing authorizations, marketing consent data, cookie consent |
| Contact Details | Home address, correspondence address, email address, phone number |
| Credit Assessment Data | Credit score, reports from credit reference agencies, bankruptcy filings, County Court Judgments (CCJs), debt repayment history, financial history |
| Criminal Offence Data (Special Category) | Criminal convictions or allegations |
| Demographic Data | Marital status, country of residence/citizenship, nationality, number of dependents, language preference, title (Mr/Ms), age |
| Device/Technical Data | Device type, browser type, operating systems, geolocation data, referring websites, IP address, login data (for online claim portals), API failures, usage data, analytics customer ID, metadata |
| Employment and Occupation Data | Job title, employer details, income, employment status (relevant for income protection or liability claims), employment history, professional qualifications, accreditations and certifications, job description, reasonable adjustments, accidents at work, sickness and unemployment |
| Financial Data | Bank account details, credit card numbers, premium/payment history, compensation amounts |
| Fraud & Sanctions Data | Fraud alerts and notifications, sanctions list screening, politically exposed person status (Special Category), publicly available records, sanctions checks |
| Health Data (Special Category) | Medical conditions and diagnosis, medical reports (e.g., GP or specialist records), hospital records, medical history, disability details, mental health conditions, medication and treatment details, vaccination status, evidence of temporary or long-term illness |
| Identification Data | Full name, date of birth, gender, national insurance number, identity information (e.g., passport or driving license) |
| Marketing & Engagement Data | Survey responses, promotional entries, feedback, communication preferences, marketing preferences, trust pilot invitations, newsletter |
| Photographs and Video Evidence | Images of damage, items you travelled with, images to prove ownership, CCTV footage, dashcam footage, images submitted to support claims |
| Policy Data | Policy number, policy type, start/end dates, coverage details |
| Special Categories of Personal Data | Racial or ethnic origin, religious beliefs, sexual orientation if relevant |
| Third-Party, Associated Person or Dependent Data | Spouse or partner’s name, date of birth, contact details, medical information related to Third Parties (if relevant), travel details, children’s names or ages, next of kin, beneficiaries, travel companions, emergency contact information, grant of probate and executor of the estate data |
| Travel Data | Departure and return dates, duration of travel, destinations, fight number and booking references, accommodation details, transport arrangements, planned activities, purposes of travel, visa copies, flight tracking data, lounge visits data |
| Trade Union Membership (Special Category) | Trade Union Membership, Name of the Trade Union |
| Usage & Interaction Data | Website and mobile app activity logs, session metadata, clickstream data, chatbot interaction records, cookie data, frequency of access, web accessibility customisation data (e.g., for vulnerable customers), traffic source data |
| Vehicle or Property Data | Vehicle registration, damage reports, repair invoices, property ownership or damage assessments, licenses |
| Witness Data | Names, contact info, statements from witnesses, details of other parties involved in the claim |
For the purposes of arranging, managing, and administering your insurance policy and any related claims, Collinson collects personal data from the following sources:
- Directly from you, including forms, communications, device data, and from other insured individuals or beneficiaries on your policy.
- Insurance intermediaries and partners, such as brokers, agents, third-party administrators, comparison websites, and other business partners.
- Claims and service providers, including third-party administrators, medical and travel assistance providers, loss adjusters, legal advisors, and others involved in managing claims or providing services as part of your insurance policy.
- Third parties involved in your claim, such as witnesses, other insurers, and relevant individuals named on your policy.
- Collinson companies, which may share with each other information about your policies or claims.
- Government agencies and regulators, including law enforcement, tax authorities, and financial regulators.
- Credit reference and fraud detection, investigation and prevention agencies.
- Third-party service providers supporting contact verification, payment processing, and eligibility assessments.
- Publicly available sources, including online databases, social media, and government records.
- Marketing and analytics service providers.
The following table outlines the ways in which Collinson processes your personal data, the purposes of processing, what type of data and the corresponding legal bases. Where applicable under applicable law, Collinson has identified its Legitimate Interest in processing personal data. The types of personal data processed includes:
| Processing activity | Purpose | Personal Data Categories | Legal Basis |
|---|---|---|---|
| Policy Application and Underwriting | To assess eligibility, determine premiums, and issue policies. | Additional Support Needs Data, Contact Details, Demographic Data, Employment and Occupational Data, Financial Data, Health Data, Identification Data, Policy Data, Trade Union Membership Data, Travel Data, Usage and Interaction Data, Vehicle or Property Data | Performance of Contract, Legitimate Interest, Consent |
| Claims Processing and Management | To investigate, evaluate, and settle insurance claims. To assess third-party liability. To provide regular or emergency medical assistance. | Additional Support Needs Data, Claim and Complaint Data, Communication Data, Consent and Preference Data, Contact Details, Demographic Data, Device Technical Data, Employment and Occupational Data, Financial Data, Fraud and Sanctions Data, Health Data, Identification Data, Marketing and Engagement Data, Photographs and video evidence, Policy Data, Third Party, Associated Person or Dependent Data, Trade Union Membership Data, Travel Data, Usage and Interaction Data, Vehicle or Property Data, Witness Data | Performance of Contract, Legal Obligation, Legitimate Interest, Vital Interest |
| Provision of Travel Disruption Products and Services | To provide insurance coverage for flight disruption. To track flight to assess eligibility for travel disruption service. |
Contact details, Identification Data, Travel Data | Performance of Contract |
| Provision of Medical Assistance | To provide regular or emergency medical assistance. To facilitate identification of available doctors. |
Additional Support Needs Data, Claim and Complaint Data, Communication Data, Consent and Preference Data, Contact Details, Demographic Data, Device Technical Data, Employment and Occupational Data, Financial Data, Fraud and Sanctions Data, Health Data, Identification Data, Marketing and Engagement Data, Photographs and video evidence, Policy Data, Third Party, Associated Person or Dependent Data, Trade Union Membership Data, Travel Data, Usage and Interaction Data, Vehicle or Property Data, Witness Data | Performance of Contract, Legal Obligation, Legitimate Interest, Vital Interest |
| Automated decision-making | To assess eligibility and process claims automatically. | Additional Support Needs Data, Claim and Complaint Data, Communication Data, Consent and Preference Data, Contact Details, Demographic Data, Financial Data, Health Data, Identification Data, Marketing and Engagement Data, Photographs and Video Evidence, Policy Data, Third-Party, Associated Person or Dependent Data, Travel Data, Usage and Interaction Data, Vehicle or Property Data, Witness Data | Consent |
| Fraud Detection and Prevention | To detect, investigate and prevent fraudulent claims or activities. | Background Checks Data, Claim and Complaint Data, Communication Data, Credit Assessment Data, Criminal Offence Data, Device and Technical Data, Fraud & Sanctions Data, Identification Data | Legal Obligation, Legitimate Interest |
| Customer Service and Communication | To respond to enquiries, provide assistance, and manage communications. | Communication Data, Contact Details, Identification Data | Performance of Contract, Legitimate Interest |
| Product Marketing and Promotion | To send marketing communications, offers, and gather feedback. | Consent and Preference Data, Contact Details, Marketing & Engagement Data | Consent, Legitimate Interest |
| Regulatory Compliance and Reporting | To comply with legal and regulatory requirements including filing of regulatory reports. | Additional Support Needs Data, Claim and Complaint Data, Contact Details, Criminal Offence Data, Financial Data, Fraud & Sanctions Data, Identification Data, Policy Data | Legal Obligation, Legitimate Interest |
| Risk Assessment and Pricing | To assess risk factors and set pricing for insurance products. | Additional Support Needs Data, Appearance and Behavioural Data, Claim & Complaint Data, Demographic Data, Employment and Occupational Data, Health Data, Policy Data, Trade Union Membership Data, Travel Data | Legitimate Interest, Performance of Contract |
| Customer Account and Online Portal Management | To provide secure access to customer accounts and manage authentication. | Appearance and Behavioural Data, Authentication Data, Device/Technical Data, Identification Data, Usage and Interaction Data | Performance of Contract, Legitimate Interest |
| Provision of assistance for individuals with additional support needs | To identify and provide additional support for vulnerable customers. | Additional Support Needs Data, Contact Details, Health Data, Identification Data | Legitimate Interest, Consent, Legal Obligation |
| Data Security and System Monitoring | To secure systems, detect cyber threats, and monitor usage. | Authentication Data, Device/Technical Data, Usage & Interaction Data | Legitimate Interest, Legal Obligation |
| Authorised Representative Submissions & Evidence Handling | To process data related to third parties supporting the claims process for policyholders. | Contact Details, Health Data, Third-Party, Associated Person or Dependent Data, Travel Data | Performance of Contract, Legitimate Interest |
| Product and Pricing Model Development | To enhance or create insurance products and refine pricing through behavioural and risk data modelling. | Additional Support Needs Data, Appearance and Behavioural Data, Claims and Complaint Data, Demographic Data, Employment and Occupational Data, Health Data, Identification Data, Policy Data, Trade Union Membership Data, Travel Data | Legitimate Interest |
| Internal Training and Quality Monitoring | To monitor and improve the quality of services, particularly through review of recorded calls and interactions. | Communication Data, Device/Technical Data, Usage & Interaction Data | Legitimate Interest |
| Legal Claims and Dispute Management | To handle disputes, legal claims, and enforcement. | Claim and Complaint Data, Communication Data, Criminal Offence Data, Financial Data, Fraud & Sanctions Data, Identification Data, Policy Data | Legal Obligation, Legitimate Interest |
| Research, Analytics and Claims Process Evaluation | To assess customer satisfaction with claims processing. To improve products, services, and customer experience. |
Aggregated or pseudonymised data derived from any of the above categories, Contact Details, Device and Technical Data, Identification Data, Marketing and Engagement Data, Policy Data | Legitimate Interest, Consent |
We may use automated processes to support claims handling. Automated processes may be used to assess straightforward claims against predefined policy criteria, allowing us to process these claims more quickly and consistently. These checks help us assess claims efficiently, comply with our legal and regulatory obligations, and protect our customers and business. You can always request human review and further information about how a decision was reached on claims handling.
We use cookies and similar technologies to make our website work, keep it secure, remember your preferences, and, if you agree, help us understand how the site is used so we can improve it. Strictly necessary cookies are used on the basis of our legitimate interests or to perform a contract. All other cookies, including analytics, are used only with your consent.
With your consent, we use Google Analytics 4 and Hotjar to measure and improve site performance and user experience. These tools may process online identifiers such as cookie IDs, device and browser details, usage events such as pages visited and clicks, approximate location, and timestamps. Google and Hotjar may act as independent controllers for some processing and may transfer data outside the UK and EEA with appropriate safeguards. For details, please see Google’s and Hotjar’s privacy notices. Please find below the cookie categories used by Collinson and the respective legal basis relied on for their use:
| Cookie Category | Explanation | Legal basis |
|---|---|---|
| Strictly necessary | Enables core site functions such as navigation, security, and session management. | Legitimate Interest |
| Functionality | Remembers choices such as language and accessibility settings to provide enhanced features. | Consent, Legitimate Interest |
| Analytics and performance | Measures usage and helps improve the site by understanding interactions with pages and features. | Consent |
| Advertising | Tailors content or measures the effectiveness of marketing. | Consent |
You can manage or withdraw your consent at any time via our cookie banner or the settings link in the website footer. You can also block or delete cookies in your browser, although this may affect site functionality. We retain analytics data only for as long as needed for reporting and improvement, in line with our data retention policy. If our use of cookies or analytics tools changes, we will update this section and, where required, ask for your consent again.
To provide and manage your insurance policy and process any related claims, Collinson may share your personal data with third-party recipients including, but not limited to, insurance intermediaries, authorised agents and third-party administrators, claims handlers, medical and travel assistance providers, loss adjusters, legal advisers, fraud prevention agencies, credit reference agencies, regulators, government and law enforcement authorities, other insurers involved in your policy or claim, marketing and analytics service providers, customer relations management partners, and any third-party service provider for claim validation purposes.
Some of these recipients may be located outside the European Economic Area (EEA) in countries such as the United States, Canada, India, Australia, South Africa, and Switzerland. Where personal data is transferred to countries outside the EEA that do not currently have an adequacy decision from the European Commission or the UK Secretary of State, Collinson ensures that appropriate or suitable safeguards are implemented. These safeguards may include the use of Standard Contractual Clauses approved by the European Commission or other legally recognised transfer mechanisms to ensure your personal data remains protected in accordance with the applicable data protection laws.
Collinson retains your personal data only for as long as necessary to fulfil the purposes for which it was collected, including providing and administering your insurance policy, processing claims, complying with legal and regulatory obligations, and resolving any disputes. The applicable retention periods are determined based on several criteria:
- (1) The duration of your insurance policy and any related claim periods;
- (2) Legal or regulatory requirements that mandate minimum or maximum retention times, such as those related to financial record-keeping or anti-fraud measures;
- (3) Where the retention period is not mandated by law, the necessary time period to meet legal or regulatory requirements;
- (4) The necessity to establish, exercise, or defend legal claims;
- (5) The type and sensitivity of the personal data involved;
- (6) Whether you have withdrawn consent or requested erasure, subject to any applicable legal exceptions.
Once personal data is no longer required, Collinson will securely delete or anonymise it in accordance with applicable data protection laws.
Under applicable data protection law, you have certain rights regarding the personal data Collinson processes about you. These include:
- The right to access the personal data we hold about you;
- The right to request correction of any inaccuracies in your data;
- The right to request erasure of your personal data where applicable;
- The right to restrict or object to certain processing activities, including direct marketing;
- The right to request the portability of your personal data to another organisation;
- The right to withdraw consent at any time, where processing is based on your consent, without affecting the lawfulness of processing carried out before withdrawal;
- The right to object to automated decision making and profiling;
- The right to know about the appropriate or suitable measures implemented by us in the context of data transfers.
Please note that some of these rights are subject to limitations and exceptions under applicable law. To exercise any of your rights or to raise questions about your personal data, you may contact Collinson’s Data Protection Team by email at dataaccess@collinsongroup.com or by post at 3 More London, London, SE1 2AQ, United Kingdom.
You also have the right to lodge a complaint with a supervisory authority, if you believe your rights have not been respected. The competent supervisory authority for the processing of your personal data is the data protection authority in your place of habitual residence. In light of the insurance products provided, the most frequently competent authorities would be:
- Information Commissioner’s Office (United Kingdom)
- Website: www.ico.org.uk
- Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
- Office of the Information and Data Protection Commissioner (Malta) – Leading Supervisory Authority
- Website: www.idpc.org.mt
- Address: Floor 2, Airways House, Triq Il-Kbira (High Street), Tas-Sliema SLM 1549, Malta.
- Garante per la Protezione dei Dati Personali (Italy)
- Website: www.garanteprivacy.it/home
- Address: Piazza Venezia 11, 00187, Roma, Italy
- Data Protection Commission (Ireland)
- Website: www.dataprotection.ie
- Address: 6 Pembroke Row, Dublin 2, D02 X963, Ireland.