Privacy Policy

This Privacy Policy explains how we collect, use, share and protect your personal data when you use our websites and services. We comply with the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR), in each case as amended and updated, including by the Data (Use and Access) Act 2025. We also follow guidance from the Information Commission (formerly the ICO).

This policy applies to services provided via: insurance4insulinpumps.co.uk, insurance4insulinpumps.com

Who we are

Specialty Risks Ltd (trading as “Insurance 4 Insulin Pumps”) is the data controller for the purposes of this policy (“we”, “us”, “our”). You can contact us at admin@specialty-risks.com.

What data we collect

Depending on how you use our services, we may collect:

  • Contact details (e.g., name, email, phone) and enquiry content when you submit forms.
  • Policy/quote information you provide to obtain a quotation or manage a policy.
  • Technical data such as IP address, device and browser information, and basic telemetry needed to keep our services secure and reliable.
  • Cookie/identifier data where you have consented to non-essential cookies (see “Cookies & tracking”).

Why we use your data (lawful bases)

  • Contract – to provide quotes, set up and administer insurance, respond to your requests, and deliver customer support.
  • Legal obligation – to meet regulatory, financial and tax requirements (e.g., record-keeping, compliance reporting).
  • Legitimate interests – to keep our sites and services secure (including fraud prevention and abuse protection), operate and improve our services, and perform limited, cookieless measurement that does not store or access information on your device.
  • Consent – for non-essential cookies/technologies (e.g., analytics cookies, advertising/remarketing) and for direct marketing by email/SMS unless the “soft opt-in” applies. You can withdraw consent at any time.

Cookies & tracking (PECR)

We use strictly necessary cookies and similar technologies to deliver security and core site functionality. These run without consent. We do not set analytics or advertising cookies unless you provide consent via our cookie banner. When consent is denied, we may use aggregated, cookieless measurement that does not read or write information on your device and does not identify you. Our approach follows PECR as amended by the Data (Use and Access) Act 2025 and the Information Commission’s guidance (formerly the ICO) on “storage and access technologies”.

For full details, including cookie names, purposes and durations, please see our Cookie Policy. You can update your choices at any time via the cookie controls on our site.

Forms and online applications (reCAPTCHA)

We use Google reCAPTCHA v2 (Invisible) on forms to prevent spam and abuse. This is a strictly necessary security measure used only to provide the requested service (form submission). When executed, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) and may process device and usage data solely for fraud prevention. See “Third-party services” below and Google’s documentation for more information.

Analytics and advertising

  • Analytics – We only set analytics cookies (e.g., Google Analytics) with your consent. If you do not consent, we may collect limited, aggregated, cookieless signals to understand basic site usage, which do not identify you.
  • Advertising – Advertising/remarketing tags (e.g., Google Ads) run only if you consent to marketing cookies.

You can change your preferences at any time through the cookie banner links on our site.

Sharing your data & international transfers

We share personal data with service providers who act on our instructions, including:

  • Microsoft Azure – UK/EU hosting and platform services.
  • Google – reCAPTCHA (security), Analytics and Ads (if consented). Data may be processed outside the UK.
  • Twilio SendGrid – to send transactional emails when you submit forms; data may be processed outside the UK.

Where we transfer personal data outside the UK (for example, to the United States), we use appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) and/or the UK Addendum to the EU Standard Contractual Clauses.

How we keep your data secure

We apply technical and organisational measures appropriate to the risk, including access controls, encryption in transit, monitoring and staff training. We only allow access to personal data where necessary and subject to confidentiality obligations.

How long we keep your data

We keep personal data only as long as necessary for the purposes described above and to meet legal, accounting and reporting requirements. For insurance-related records this is typically seven (7) years after a policy ends, or longer where required by law or to establish, exercise or defend legal claims.

Your rights

You have the right to request access to your data, rectification, erasure, restriction, and portability; and to object to processing based on legitimate interests or to direct marketing. Where processing is based on consent, you may withdraw consent at any time. To exercise your rights, contact us at admin@specialty-risks.com. You also have the right to lodge a complaint with the UK data protection regulator, the Information Commission (formerly the ICO), via ico.org.uk.

Changes to this policy

We may update this notice from time to time. Any significant changes will be highlighted on this page. Please check back regularly.

Version: 2.0

Effective date: 10 September 2025