What is the purpose of this document?

The purpose of this document is to provide to those who are party or may become party to a contract of insurance with Crispin Speers & Partners Ltd, information on how their data is processed.  We are committed to protecting our customers’ privacy and ensuring that any personal information provided to us, is collected and used in full compliance with the General Data Protection Regulations (GDPR) and/or Data Protection Act 2018.  In most instances we are a data controller which means we are responsible for deciding how we process your data and the below information provides further information in relation to how we will process our customers data relating to a contract of insurance:

Our contact details:
Crispin Speers & Partners Ltd,
St Clare House,
30-33 Minories,
EC3N 1PE. 

Telephone 0207 977 5700

Email dataprotection@cspinsurance.com

If you have any questions related to this privacy notice or how we handle your personal information, please contact Peter Meredith, Compliance Officer using the contact details above.

Data protection principles:

The GDPR set our requirements for the way that personal information is held and processed.  These are set out in the principles below.  Personal Data must be:

  • Processed lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited to those purposes.
  • Accurate and where necessary kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept securely.

What information we collect and how we collect it:

We collect personal information about our customers directly when arranging or administering a contract of insurance whether online, over the telephone or email.  We may also receive your data via third parties who introduce you to us.  

We will collect and use certain types of information about you such as your:

  • Name
  • Address
  • Email address
  • Date of Birth
  • Salary information

Processing sensitive information:

We may also collect “special categories of data” as defined under the GDPR, about you in relation to your medical history/health.

If you are a resident of the United Kingdom, we do not require your consent to process this data as we do so in order to carry out our legal obligations or exercise specific rights in the field of employment law.  In limited circumstances, we may request your consent to process particularly sensitive data.  If this is the case, you will be provided with information on what information we would like and the reason we need it.  You can then carefully consider whether you wish to give your consent.

The legal lawful basis for processing your data:

The lawful basis for processing your data is one or more of the following:

  • Necessary for the performance of a contract.
  • Necessary for the legitimate interest of the company.
  • Necessary for the compliance with a legal obligation
  • Consent
  • Legal claims
  • In the substantial public interest

Which basis is used for what purpose is available by downloading the London Market Core Uses Information Notice from https://www.londonmarketgroup.co.uk/gdpr

Information shared with third parties:

We will not transfer your data outside the EEA unless we are satisfied it will be processed in accordance with the GDPR.  However, your insurers and/or their agents may pass your data outside the EEA.

We shall not sell your data but for various legitimate reasons we may provide it to other parties.  These will vary depending on the circumstances but includes insurers, their agents such as claims handlers, regulators and law enforcement agencies.  Insurance can involve many parties and transfer of data between them.  Further details are available by downloading the London Market Core Uses Information Notice from https://www.londonmarketgroup.co.uk/gdpr

Data retention:

We will retain your information for a period of time which is necessary to ensure no further liability, such as any insurance claims, exists.  The period will normally be 7 years from expiry of the policy but may be extended for certain types of business or instances e.g. a claim is pending.

Your duty to inform us of changes:

It is important that you inform us of any changes to your personal information.  We need to ensure that all personal information is accurate and current.

Your rights:

Under certain circumstances, the law grants you specific rights in relation to your personal data. 

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right of erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

The right of access:

Should you request access to the personal information we hold on you, you will not be charged a fee.  We will provide you with the information within one month of receipt of the request.  Please note that should we not be able to provide the information within one month, we will inform you and provide the information within a further two months from receipt of the request. We may request specific information from you in order to confirm your identity.  We shall also advise you of any other parties to whom we have provided your data.

If you provide data to us about other people

You must provide this notice to any individuals covered under an insurance contract we arrange before you provide their data to us.  You may also provide us with personal information for third parties in the event of a claim; including any other party e.g. witnesses, experts, loss adjusters, lawyers and claim handlers.  If the data subject is not resident in the UK, you will need to obtain their consent before you provide health or criminal record data to us and advise us promptly if they withdraw consent. 

You must promptly notify us if they contact you about our use of their personal data and you should only provide us with the personal data we need to administer the insurance.


You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.  Details are at https://ico.org.uk/