Privacy Notice


Your privacy is very important to us. We want to assure you that any personal information we hold will be kept safe and properly managed. We will never sell your personal information to third parties.

This Privacy Notice explains how we collect and use your data. It applies to personal data provided by customers, brokers, coverholders, claimants, third party agents (TPAs), complainants and job applicants. Please read this Data Privacy Notice carefully to understand our practices regarding personal data.

This website is for United Kingdom residents only and complies with UK and EU legislation and regulation.

How to contact us

For any questions or concerns relating to this privacy notice or our data protection practices, or to make a Subject Access Request, please contact us by email to or by post at:

Data Protection Officer
Tapoly Ltd
Floor 24/25, The Shard
32 London Bridge Street

Tapoly's Data Protection Officer will handle any questions you may have on the use of your personal data and your rights as a data subject. This is covered in further detail under Your Data Subject Rights below.

Types of personal data we hold

We capture and process a variety of different types of data, including personal data depending on the nature of the services involved. This includes but is not limited to:

Type of data Example
Individual details Name, address, other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, national unique identifier e.g. social security or Public Service number, passport number, driving licence number, employer, job title and employment history, and family details, including their relationship to you.
Financial information Bank account or payment card details, income or other financial information.
Risk details Information about you which we need to collect in order to assess the risk to be insured and provide a quote. This may include data relating to the health, criminal convictions, or other special categories of personal data of the people to be covered.
Policy information Information about the quotes you receive and policies you take out.
Credit and anti-fraud data Credit history, credit score, sanctions and criminal offences, and information received from various anti-fraud databases relating to you or those seeking cover.
Previous and current claims Information about previous and current claims, (including other unrelated insurances), which may include data relating to your health, criminal convictions, or other special categories of personal data and in some cases surveillance reports.

Sometimes we may need to process special categories of personal data. These are certain types of personal data which require additional privacy protection. The special categories are:

  • Racial or ethnic origin;
  • Political opinions;
  • Religious or philosophical beliefs;
  • Trade union membership;
  • Genetic or biometric data;
  • Health data;
  • Sex life or sexual orientation.
  • Criminal convictions

Personal data including special category data may be required to allow us to provide a quote, underwrite your policy, consider your claim or provide other insurance services.

Why we use your personal data

We collect your personal data to help us with advising on, arranging, underwriting or administering an insurance contract or administering a claim under an insurance contract. Specifically:

a. Advising on, arranging and underwriting your policy, including:

  • Understanding your insurance requirements to offer you a product that matches your needs and circumstances
  • Gaining an understanding of the nature of the risk to be covered by the policy including risk modelling and statistical use
  • Providing competitive and appropriate pricing
  • Performing credit or money laundering checks or other checks required by law
  • Fraud prevention

b. Administering your policy, including:

  • Managing any changes to your policy
  • Providing and improving services under and associated with the insurance contract as appropriate
  • Maintaining contact with you, for issues relating to your policy and general customer contact

c. Administering your claims, including:

  • Registering your claims
  • Assessing your claims, including any liaison with third parties potentially involved in your claims, e.g. communications regarding health information
  • Running due diligence checks e.g. credit or money laundering
  • The investigation of fraudulent claims
  • The defence of or prosecution of valid and legal claims

d. Recruitment, current and former employees:

  • Purpose of processing an employment application
  • Assess your suitability for employment
  • Assessments, tests or occupational profiles
  • Providing or requesting employment references
  • To carry out background checks

e. Further reasons, including:

  • To ensure we comply with any legal or regulatory obligations
  • The testing of our systems and processes where imitation data is unavailable. Testing which uses personal data will only by carried out in limited circumstances and only when appropriate safeguards and controls have been put in place
  • To allow us to perform the essential practice and process of underwriting
  • Analysing our clients and the products they select
  • For reinsurances purposes
  • Processing the enrolment and management of the share scheme
  • To audit our business
  • Transferring books of business, company sales and reorganisations
  • For marketing purposes

Where we might collect your personal data from

We might collect your personal data from various sources including:

  • You;
  • Your family members, employer or representative;
  • Other insurance market participants such as, authorised agents, service providers, reinsurers, other insurers, legal advisers, loss adjusters and claims handlers;
  • Credit reference agencies;
  • Anti-fraud databases, sanctions lists, court judgements and other databases;
  • Government agencies
  • In the event of a claim, third parties including any other party to the claim (such as a claimant/defendant), witnesses, experts (including medical experts), loss adjustors, legal professionals, and third party claims handlers.

Which of the above sources apply will depend on your particular circumstances.

Our legal basis for processing your personal data

We process personal data where necessary in order to:

  • Engage with you when you or someone acting on your behalf asks us for a quote and are considering entering into a contract;
  • Satisfy our obligations under a contract with you;
  • Comply with a legal obligation, such as due diligence and reporting obligations, and responding to binding requests from regulators, law enforcement authorities or other government authorities;
  • Process data as may be required in the public interest, such as detecting and preventing fraud;
  • Pursue our legitimate interests in providing clients with insurance services, improving our services, to ensure we price our products appropriately, to manage risk, to manage our business efficiently, to perform audits, and to maintain accurate records.

We process special category data when you provide explicit consent or when this is necessary to:

  • Advise, arrange, underwrite or administer an insurance policy or administer a claim under an insurance policy;
  • Protect, investigate, and defend legal claims;
  • Exercise a right or comply with an obligation arising in connection with an insurance contract.

Who we share personal data with

To allow us to meet our obligations and effectively provide our services to you, it may be necessary to pass your personal data onto external parties. These external parties may include:

  • Insurance companies
  • Credit reference agencies
  • Anti-fraud databases
  • Claims handlers
  • Legal professionals
  • Loss adjustors
  • External parties involved in a claim
  • Private investigators
  • The police and law enforcement
  • External parties involved in the investigation, defence or prosecution of claims
  • Regulators and Supervisory Authorities
  • Our suppliers and sub-contractors for the performance of any contract we have with them

Your data will be shared securely, and only when absolutely necessary. It will never be sold on to external parties or organisations for marketing purposes.

Ongoing storage and use of your personal data

We will not keep personal data for longer than necessary for the purpose for which it is processed. It will be retained in accordance with our Records Management Policy. Laws or regulations may require us to keep records for specific periods of time. We may also need to keep records in order to administer the insurance relationship, to fulfil our contractual or statutory obligations or to resolve queries or disputes which may arise. We seek to comply with principles of "data minimisation". This means we try to ensure that we avoid collecting or processing data other than the types and volume of personal data required to achieve the purposes set out in this Data Privacy Notice.

Information Security

We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing.

Your data subject rights

Under the EU Data Protection Regulation (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016) you have the right to:

  • Obtain a copy of your personal data held by Tapoly
  • Have any incorrect personal data corrected
  • Request the erasure of any of your personal data
  • Restrict or object to the use of your personal data, including profiling and automated individual decision-making.
  • Request the personal data you provided to Tapoly to be moved to another organisation

If you wish to exercise any of these rights please write to the below address stating your request and contact details.

Data Protection Officer
Tapoly Ltd
Floor 24/25, The Shard
32 London Bridge Street

If you contact us regarding the exercise of these rights, we will seek to action your wishes. There may be some cases (particularly where the request relates to the restriction of use of personal data, the objecting to the use of personal data or the erasure of the data) where there are reasons why we are not able to fully comply with your request, particularly where we are required to keep and use that data to comply with contractual, legal or regulatory requirements.

Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent please contact us. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.


Tapoly is committed to providing high quality products and services. If you feel that we have not met your expectations, we'd like to know so we can put things right for you. You can submit a complaint by writing to the address below.

Tapoly Ltd
Floor 24/25, The Shard
32 London Bridge Street

We would expect that any complaint can best be dealt with by contacting us in the first instance, and we will take complaints made to us seriously. However, if you wish to complain about our use of your personal data, and do not wish to contact us first, you also have the right to complain directly to the supervisory authority. Full details on this can be found on the website of the Information Commissioner's Office

Insurance Industry and Data Processing

Further details of how the insurance industry uses and processes data can be found on the Lloyds website via the core uses information notice. Please note that this is a third party website and Tapoly is not responsible for the content.

Automated decision making

In some cases we use an automated decision making and profiling process to generate a quote to provide you with an insurance service; this process will only use the information which you have provided to us and will make an overall assessment of your application. This assessment will consider the level of risk involved and if applicable, generate a quote for the insurance service. The automated decision making process is regularly tested to ensure it remains fair, effective and unbiased. If you object to the use of automated decision making, please go elsewhere to get your insurance.

Use of cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the website.

We use cookies on our websites so that we can track how users navigate through our website, and in order to enable us to evaluate and improve our website. We use this information to compile statistical data on the use of our website, but the information obtained is used on an anonymous, aggregated basis and you cannot be identified from this. Cookies cannot look into your computer and obtain information about you or your family or read any material kept on your hard drive, and cookies cannot be used to identify who you are.

You are not obliged to accept a cookie that we send to you and you can in fact modify your browser so that it will not accept cookies. However, if you select this setting you may be unable to access certain parts of our website.

Changes to this privacy notice

If we change our data processing in any way, we will update the contents of this page. You are responsible for checking this privacy notice whenever you access our website.

Last updated 26 September 2019