Privacy Policy

We treat your privacy and security of your information very seriously. Please read the paragraphs below about how we protect and use your data and using cookies on this site. It also explains your rights under data protections law.

Please read this Privacy Notice to understand how we use and protect the information that you provide to Tapoly Ltd.

1. The Law and Our Undertaking
2. When and How We Obtain Your Data
3. How We Use Your Information
4. Security of Your Personal Information
5. Your Legal Rights
6. Third-party Websites
7. Registration & Complaints
8. Changes to this Privacy Notice

Tapoly Ltd

Tapoly Ltd is an insurance intermediary registered with the FCA to distribute and sell insurance and associated products. We are registered with the Information Commissioner’s Office for the products and services we offer. You can contact our Data Protection Officer at privacy@tapoly.com if you have any questions on the policy set out below.

The Law and Our Undertaking

The Data Protection Act 2018 (DPA) and the General Data Protection Regulations (GDPR) 2018 require us to manage all personal information in accordance with the Data Protection Principles. In particular, we are required to process your personal information fairly and lawfully. This means that you are entitled to know when and how we collect and use the information you provide.

All our employees are responsible for maintaining customer confidentiality. We provide training and education to all employees about data handling and security and remind them about these important obligations. In addition, our policies and procedures will be regularly audited and reviewed.

When and How We Obtain Your Data

To allow us to provide products and services you request, we will collect personal information which will include your name, the business name, addresses, email addresses, occupations/trades, dates of birth and any additional information like financial information to assess your insurance risks and offer the best solutions to your needs. Your banking details will also be required for payments if you accept a product we offer. Some of these details may also be required from other individuals to be included on your policy.

We only collect your personal information which is necessary for the delivery of the product or service that you request and without which they cannot be delivered. We process your information on the legal basis that it is critical to the delivering a contract of insurance or to provide you risk assessment support.

Your personal information will be held securely so that we (either now or in the future), can manage your relationship with us. This will include the information you provide when you register and any additional information provided by you or others in various ways, including:

• In applications, emails and letters, during telephone calls, when registering for services, in customer surveys, and through our website (through “cookies”);
• Information we receive from our business partners in delivery of this service.

Before you disclose to us any personal information of another person, you must have their consent to both the disclosure and the processing of that personal information in accordance with this policy.

How We Use Your Information

We promise not to retain your personal information for longer than is necessary for the maintenance of your account, or for legal or regulatory requirements. You have the right to delete your personal information if you so wish and all operations will cease forthwith – this is “your right to be forgotten”.

While you have the right to request deletion of your personal information under your rights, we are required to retain certain records for legal, regulatory, or contractual reasons, including but not limited to fraud prevention, claims validation, and financial reporting.

How and Why We Retain Your Information

We will retain the personal information we hold about you for the purposes set out below

Purpose	Legal Basis	Typical Retention Period
Providing you with products and services and notifying you about either important changes or developments to the features and operation of those products and services.	Process associated with defining and implementing a contract.	7 years from the end of the contracted period unless there are enduring liabilities or future claims risks.
Financial and payments management.	Processing in connection with a contract.	7 years from the end of the contracted period unless there are enduring liabilities or future claims risks.
Managing your relationship with us, undertaking engagement analysis, modelling, statistical and trend analysis with the aim of developing and improving our services.	Processing in connection with a contract.	7 years from the end of the contracted period unless there are enduring liabilities or future claims risks.
Updating, consolidating, and improving the accuracy of our records.	Legitimate interests	3 years after the last date of contract.
Responding to your enquiries, complaints or divestments.	FCA Regulations	6 years after the closure of the complaint.

Please Note:

Your data may also be used for other purposes for which you have given your specific permission, or, in very limited circumstances, when required by law or where permitted under the terms of the Data Protection Act and the GDPR. For example, we will have to disclose your personal information:

• to the extent that we are required to do so by law;
• in connection with any ongoing or prospective legal proceedings;
• in order to establish, exercise or defend our legal responsibilities including fraud prevention, money laundering and other regulatory requirements.

We will only share your information with our business partners where it is necessary for the completion or management of a contract. From time to time we may use your contact information to provide marketing or promotional updates related to products or services related to your business. You may opt out of this service.

Security of Your Personal Information

We will take all reasonable precautions to prevent the loss, misuse or alteration of your personal information;

• We will store all the personal information you provide on a secure technology platform;
• All electronic financial transactions entered through our website will be protected by leading encryption technology;
• You agree to maintain your information up-to-date or inform us of any changes.
• We may require you to use two-factor identification systems to access your account or update your details.

You accept that the transmission of information over the internet is inherently insecure, so we cannot guarantee the security of data sent over the internet and you are responsible for taking all reasonable care to keeping the password you use for accessing our website and services confidential.

Your information will be stored on our databases within the European Economic Area and processed under relevant data protection legislation.

Your Legal Rights

The GDPR sets out your rights, the principles required of us by the Information Commissioner and how we will respond to each:

• A Right of Subject Access. We will confirm the personal data held about you at your request. Under GDPR we will erase your personal data on request, except data we lawfully retain;
• A Right of Correction. We will correct any mistakes in the data held about you as soon as we are aware of an error;
• A Right to Prevent Distress. We will not use your data for any third-party activities without your prior specific permission;
• A Right to Prevent Direct Marketing. We will only use your data in marketing services which you have requested us to provide;
• A Right to Prevent Automatic Decisions. Your data will only be used to make “automated” decisions about you where it is relevant to support the service;
• A Right of Complaint to the Information Commissioner. You may ask for the use of their personal data to be reviewed under the DPA;
• A Right to Compensation. If we negligently lose your data, you may be eligible for compensation for damage caused (“damages”) if personal data about them is inaccurate, lost, or disclosed.

Full details can be found at the Information Commissioner’s Website.

Third-party Websites

Our website may include hyperlinks to, and details of, third party websites. Once you have linked to a Third-party we obviously have no control over, and are not responsible for, the privacy policies and practices of third parties.

Registration & Complaints

Tapoly Ltd is registered with the Information Commissioner’s Office (ICO) under registration number: ZA232843.

Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

You can make a complaint to the ICO if you have concerns about the use of your personal data by Tapoly but we suggest that you contact us to discuss your concerns first.

Changes to this Privacy Notice

We keep our Privacy Notice under regular review, and we will reflect any updates within this notice. This Privacy Notice was issued in March 2025.