Data Protection & Security Policy

It is our policy to treat customers (and other stakeholders in the business) fairly when handling their data in line with regulatory requirements for proper systems and controls and taking due care.

Data Protection

We comply with the Data Protection Act 1998.  For a copy of our registration under the Act, click here.

Our registration number is Z4908414. Our registration is renewable every year in September. In addition we are required to ensure that our registration details remain up to date and any change is notified to the Information Commissioner’s Office within 28 days of any change occurring.

Our firm will provide the Financial Conduct Authority (FCA) with any personal data it may require for any permitted purpose and according to law.

Our firm undertakes to obtain all necessary consents from employees, appointed agents or customers prior to providing the FCA with personal data.

Our firm will treat all customer information as private and confidential, even when customer’s policies have lapsed or are cancelled; we will not release information to anyone else except where:

• The customer gives us permission, for instance, by acceptance of our Terms of Business Agreement
• Required under our authorisation by the FCA
• We have to by law

Our firm maintains archive records for lapsed and cancelled policies, settled claims and accounts.

Data is only retained where necessary, and data will not be kept longer than is strictly required.

Data Security

We accept that it is senior management’s responsibility to assess the risks of financial crime associated with customer data.

It is our policy to take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements and standards under the regulatory system and for countering the risk that the firm might be used to further financial crime.

Areas which we monitor and address are:

• Physical security
• Governance
• Staff recruitment and vetting
• Staff training and awareness
• Systems and controls
• Disposal of data
• Third parties
• Compliance and monitoring 

Appropriate controls are in place should there be a need for files and records to be temporarily removed from the office.

All data is kept in a secure environment whether on computer or in manual records.

Peter Cutler, Finance Director & Data Controller is responsible for maintaining adequate controls in respect of passwords, log-in codes, tapes, discs, keys to cabinets and back-up tapes.

The approved person responsible for compliance is also responsible for monitoring the accuracy and security of data. All staff are advised of their data protection responsibilities.

This policy and the procedures arising from it are reviewed at least annually. Peter Cutler, Finance Director & Data Controller, is responsible for this policy.

Trans-border data transfers

We do not currently transfer any data collected on our website out of the European Economic Area.  However, the Internet is made up of a large variety of international connections and if you are visiting this website from outside the European Economic Area the various connections will necessarily result in the transfer of information across international boundaries.  By visiting the website and communicating electronically with us you consent to these transfers.


This policy forms part of our website Terms of Use and as such shall be governed by and construed in accordance with the laws of England and Wales. You agree to submit any dispute arising out of your use of this website to the exclusive jurisdiction of the courts of England and Wales.


Company Profile  |  Feedback  |  Press  |  Terms of Business  |  Privacy Policy  |  Site Map   © Chris Knott Insurance 2008 : Site design by Nick Day