Our Privacy Notice – CIA Insurance Services Limited

Who we are

CIA Insurance is a trading style of CIA Insurance Services Limited.

CIA Insurance Services Limited are authorised and regulated by the Financial Conduct Authority. We are a registered company in England and Wales No. 309407.

Our office address is:

  • Boughton Leigh House
  • Brownsover Road
  • Rugby
  • CV21 1AW

The contact details for our office are as follows:

This policy sets out the basis on which we, in our capacity as a data controller, may collect and process your personal data.

The purpose of processing your data

When you visit our website or contact us you will be expecting us to provide you with a quotation for an insurance product that you have selected.

We do not require your consent in order to process the information you provide to obtain quotations on your behalf, as the processing of the information is necessary for the performance of the contract with you, or in order to enable us to take steps to enter into a contract with you.

Therefore, by completing our online forms or requesting a quotation over the telephone, we have a legal basis for processing your personal data to fulfil your needs.

We collect, use and store your personal information in order to fulfil requests for quotes and products. It may also be used to verify your identity and to enable us to carry out anti-money laundering and other financial crime checks where required. If you pay by instalments your information may also be used to arrange credit with a third party finance company.

We may monitor calls, emails, text messages and other communications with you.

We may process your data for certain legitimate interests including to help us assess your ongoing needs, to inform you about products and services that meet those needs, to communicate with you, to administer your account with us and to carry out internal data analysis.

If you no longer wish to receive information from us other than in relation to the insurance product you have purchased or enquired about then you can contact us and GDPR@cia-insurance.co.uk with your reference number or name and correspondence postcode to enable us to locate your details on our database.

Please show this notice to anyone else whose personal information you will be providing to us.

Transfer of Your Personal Data to Third Parties

It is not our company’s policy to sell or pass on your information to third parties for external marketing purposes.

If you do take out an insurance policy through us, in order to ensure the performance of the contract you have entered into, it will be necessary to pass your personal data on to the relevant insurance company, its representatives and business partners.

Types of Data

Data will only be used in connection with the insurance product you have purchased from us or for certain legitimate interests as advised earlier in this Privacy Notice. If this is not the case then we will ask for your specific permission for the information to be used differently, for which you must consent in order for us to do so.

We collect personal data such as name, contact details, date of birth, gender, marital status, financial details, general employment details and other personal details depending on the nature of the insurance and other services we offer.

You understand that we may also collect, use and store sensitive personal information such as criminal convictions and medical conditions as necessary in relation to insurances such as motor, home, travel and commercial insurance. Where this is required, you consent to this processing to enable us to provide you with the relevant services. You may withdraw your consent at any time. However, we will not request or store certain sensitive personal data such as your ethnicity, sexual orientation etc.

If you provide personal data about other individuals (such as employees, named drivers, family members etc.), you must obtain their consent prior to disclosing it to us.

You understand and give your explicit consent that we may disclose your information to relevant other parties for the purposes described in this Notice.

Data Transfer to Countries Outside the UK

We do not transfer your data outside of the United Kingdom and will undertake appropriate due diligence when dealing with cloud providers as required by the FCA.

Retention Periods

It is our policy to only keep records of your personal data for as long as required by the Financial Conduct Authority, The Companies Act or other legislation, whichever requirement is longer. Our retention records are currently as follows:

Customer, Claims & Complaints files & records – 7 years after expiry of annual or short period contract, claim settlement or complaint. Prospective customer data – 2 years.

Your Rights

The General Data Protection Regulation provides the following rights for you as individuals.

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling

The Right to be Informed (In brief)

The right to be informed encompasses our obligation to provide fair processing, typically through a Privacy Notice such as this. It emphasises the need for transparency over how we use your personal data.

The right of access (In brief)

Under the GDPR you have the right as an individual to obtain:

  • Confirmation that your data is being processed
  • Access to Your Personal Data
  • Other supplementary information – this largely corresponds to the information that is provided in a Privacy Notice such as this

The Right to Rectification (In brief)

You as an individual are entitled to have personal data rectified if it is inaccurate or incomplete. If we have disclosed your personal data which has to be rectified to third parties we must inform them of the rectification where possible.

The Right to Erasure (In brief)

The right to erasure is also known as the right to be forgotten. The broad principle underpinning this right is to enable you as an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.

The Right to Restrict Processing (In brief)

Under the previous Data Protection Act individuals have the right to block or suppress the processing of personal data. The restriction of processing under the GDPR is similar.

When processing is restricted we are permitted to store your personal data but we cannot further process it. We can and will retain just enough information about you as an individual to ensure the restriction is respected in the future.

The Right to Data Portability (in brief)

The right to data portability allows you as an individual to obtain and re-use your personal data for your own purposes across different services. It allows you to move, copy or transfer your data easily from one IT environment to another, in a safe and secure way without hindrance to user ability.

However, we can only offer data portability where we are able to – at the moment this would include providing you with proof of your claims history, policy history etc. and this would be provided only to you to pass onto a third party. We may be unable to exchange other data we hold due to system restrictions.

The Right to Object (In brief)

You as an individual have the right to object to:

  • Processing based on legitimate interests or the performance of a task in the public interest / exercise of official authority (including profiling)
  • Direct marketing (including profiling)
  • Processing for the purposes of scientific/historical research and statistics

Rights in Relation to Automated Decision Making and Profiling (In brief)

The GDPR provides safeguards for you as an individual against the risks that can potentially damage a decision taken without any human intervention. These rights work in a similar way to your existing rights under the previous Data Protection Act.

You have a right not to have decisions made about you solely through automated processing.

I no Longer Wish to Receive Information From You Other Than in Relation to The Insurance Product I Have Purchased

Where you have opted in to receive information about the other products we offer or other such information where we have previously received your consent, you may withdraw this at any time by using the contact details below:

I Wish to be Forgotten

You have a right under the GDPR to be removed from our records. However, we can only remove your information from our systems once our regulatory requirements have been fulfilled. You may request deletion of your data by contacting us using the details and methods below.

If we are unable to remove your records due to data retention periods, this will be disclosed to you at the time of your request, or you can refer to the information provided above.

I Wish to Make a Complaint

If you wish to make a complaint about the way we hold your personal data, in the first instance please write to Data Protection Officer, CIA Insurance Services Ltd, Boughton Leigh House, Brownsover Road, Rugby, CV21 1AW.

In the event that we are unable to satisfy your complaint, you are able to refer to the Information Commissioners Office:

  • Wycliffe House
  • Water Lane
  • Wilmslow
  • Cheshire
  • SK9 5AF


We use Cookies to store session information so that we can identify you for quotation purposes and for retrieval by you of your previous quotation data. This information is also used for online payment purposes.

Below is a table of information which lists all cookies deployed and used on our website.

Cookie Category Cookie Name Cookie Description
Cookie Consent compliance Cookie This cookie is set by our website once you have seen and acknowledged our Cookie banner. This cookie will expire and automatically delete itself after 1 month.
Google Analytics (Universal) _ga
The single default cookie for Google Universal Analytics. This sole cookie used by Goole Analytics stores a unique client identifier (Client ID) which is set randomly. This cookie is set to expire after 24 months (2 years) and is refreshed each time you visit our website.

External Site Links

Our website may link to other websites on the internet. The content and Privacy Notices of other websites are the responsibility of their respective owners and it will be made clear to you when you are leaving our website and when you are being redirected to another.


We do not have any third party advertising on any of our websites.

IP Addresses & Login

We log information about visitors including your IP address, date and time visited, referring website, length of stay etc. This information is purely used for visitor analytics only and we do not store personal data alongside this information.

Credit Card Transactions

It is our policy not to store full details of your credit card. We use Verifone, one of the world’s leading online payment providers and they offer secure e-payments that process your payment on our behalf. We send them very limited information including the amount of the transaction to be created, your session key and name. All other information is undertaken by Verifone’s own website and is not stored or sent back to us.

Questions and Concerns

If you have any questions or concerns about our Privacy Policy or the General Data Protection Regulation, please do not hesitate to contact us.