This privacy notice is to let you know how we look after your personal information. This includes what you tell us about yourself and what we learn about having you as a customer or supplier. This notice explains how we do this and tells you about your privacy rights and how the law protects you.


Our Privacy Promise

We promise to

  • Keep your data safe and private
  • Not to sell your data
  • To give you ways to manage and review your marketing choices at any time


Who We Are

Darwin Clayton UK Limited (DCUK) is an independent insurance broker. You can find out more about us on our website at Our Head Office address is Darwin House, 20 Mount Ephraim Road, Tunbridge Wells, Kent. TN1 1ED. Telephone number 01892 511144.

We are authorised and regulated by the Financial Conduct Authority, this can be verified on the Financial Services Register,, using reference number 303990.

DCUK will be what is known as the “Controller” of the personal data you provide to us.


Data Protection Principles

Under the GDPR, there are six data protection principles that we must comply with. These provide that the personal information we hold about you must be:

  1. Processed lawfully, fairly and in a transparent manner.
  2. Collected only for legitimate purposes that have been clearly explained to you and not further processed in a way that is incompatible with those purposes.
  3. Adequate, relevant and limited to what is necessary in relation to those purposes.
  4. Accurate and, where necessary, kept up to date.
  5. Kept in a form which permits your identification for no longer than is necessary for those purposes.
  6. Processed in a way that ensures appropriate security of the data.

We are responsible for, and must be able to demonstrate compliance with, these principles.


Data We May Collect About You (Personal Data)

In order for us to provide insurance quotations, insurance policies, and/or deal with any claims or complaints, we need to collect and process personal data about you. Unless otherwise agreed with you, we will only collect basic personal data about you. As a personal or business customer this may include:

Individual details: Name, address, other contact details including email and telephone numbers, job title, gender, employment history and nationality.

Identification data: Numbers issued by government bodies or agencies, your national insurance number, tax identification number and driving licence number.

Financial data: Bank account, or payment card details, income or other financial information. Payment card details are stored on our system in an encrypted format.

Risk details: Information about you that we need to collect in order to assess the risk to be insured and provide a quotation. This may include data relating to your health, criminal convictions or other special categories of data.

Policy information: Information about the quotations you receive and policies you take out.

Credit & anti fraud data: Credit history, credit score, sanctions and criminal offences, and information received from anti-fraud databases relating to you.

Previous and current claims: Information about previous and current claims which may include data relating to you, or your employee’s health, criminal convictions or other special categories of data.

Special Categories of Data: Certain categories of personal data which have additional protection under GDPR. The categories are health, criminal convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data. Biometric, or data concerning sex life or sexual orientation.


Why We Need Your Data

We need to know basic personal data in order to provide you with the insurance services you have engaged us to arrange or offer quotations on, and to assert our right to be recompensed in return for these services as per the terms of business supplied to you.

If you do not provide this information then we will not be able to provide the services you have requested. We will not collect any personal data from you that we do not need to provide and oversee the services we have agreed to provide you with.



Quotation/Inception:  Setting you up as a client, including possible fraud, sanctions, credit and anti-money laundering checks. Evaluating the risks to be covered and matching to appropriate policy/premium.

Policy Administration: Client care, including communicating with you and sending you updates. Payments to and from individuals.

Claims Processing: Managing insurance and reinsurance claims. Defending or prosecuting legal claims. Investigating or prosecuting fraud.

Renewals: Contacting you &/or your representative to renew the insurance policy. Evaluating the risks to be covered and matching to appropriate policy/premium. Payment of premium where the insured &/or policyholder is an individual.

Other Purposes: Complying with our legal or regulatory obligations. General risk modelling Transferring books of business, company sales and reorganisations.


Where We Might Collect Your Personal Data From

We might collect your personal data from various sources including

  • You
  • Your family members, employer or representative
  • Other insurance market participants
  • Credit reference agencies
  • Anti-fraud databases, sanctions lists, court judgements and other databases
  • Government agencies such as the DVLA and HMRC
  • Open electrical register
  • From areas open to the general public such as your website
  • In the event of a claim, third parties including the other party to the claim (claimant/defendant), witnesses, experts (including medical experts), loss adjusters, solicitors, claims assessors and claims handlers

Which of the above sources apply will depend on your particular circumstances


Using Your Personal Data: The Legal Basis and Purposes.

We will process your personal data:

As necessary to perform our contract with you for the relevant policy, or service:

  • To take steps at your request before entering into it.
  • To decide whether to enter into it.
  • To manage and perform that contract including processing claims.
  • To update our records; and
  • To trace your whereabouts to contact you about your insurance and obtain any payments due to us.

As necessary for our own legitimate interests or those of other persons and organisations.

  • For good governance, accounting, and managing and auditing our business operations.
  • To search credit reference agencies at your home and business address if you are over 18 and apply for credit.
  • To monitor emails, calls other communications and activities on your account.
  • For market research, analysis and developing statistics, and
  • To send you marketing communications and details of covers that we feel may be of benefit to you and/your business.

As necessary to comply with a legal obligation eg:

  • When you exercise your rights under data protection laws and make requests.
  • For compliance with legal and regulatory requirements and related disclosures.
  • For establishment and defence of legal rights.
  • For activities relation to the prevention, detection and investigation of crime.
  • To verify your identity, make credit checks, fraud prevention and anti-money laundering checks.
  • To monitor emails, calls other communications and activities on your account.

If the legal basis for processing is not one of the basis above, then we may need to have your express consent in order for us to collect, process and store your data, or to disclose your personal data to other people or organisations.



We may use your personal data to send you marketing communications. You are free at any time to opt out of marketing, although the consequence of this is that we may not be able to do certain things for you or provide you with important information on important risk management or on additional insurance covers.

This could leave you &/or your business exposed to unnecessary risk.


What We Do With Your Data

Subject to applicable data protection law we may share your personal data with:

  • Insurance Companies, Managing Agents or other Insurance Brokers.
  • Organisations who assist in the processing, negotiating and settling of claims, such as Loss Adjusters, Claims Assessors, Solicitors, and other Legal Companies.
  • Legal and other professional advisers including our auditors.
  • Fraud prevention agencies, credit reference agencies, and debt collection agencies.
  • Government bodies and agencies in UK including regulatory bodies and tax authorities (HMRC, Financial Conduct Authority and Information Commissioner’s Office).
  • Courts, to comply with legal requirements and the administration of justice.
  • Banks, insurance providers.
  • Payment systems, to process transactions, resolve disputes.
  • Anyone else where we have your consent or where it is required by law.

All the personal data we hold about you will be processed by our employees in the United Kingdom and will only be passed to third parties in order to fulfil the contract you require or the services you have engaged us to carry out.

Your data will not usually be passed outside the European Union, however should this be necessary then we will ensure that the recipient country has adequate protection measures for individuals.


How Long We Keep Your Data

  • We will keep your personal data all the time you utilise our services or we arrange policies on your behalf.
  • We will retain your personal data after your account, policy or service has been closed or has otherwise come to an end based on our legal and regulatory requirements.
  • We will retain your personal data for as long as you might legally make claims under your insurance policies.
  • We will retain your personal data for as long as you might legally bring claims against us.


What Are Your Rights

Your rights are as follows

  • The right to be informed about our processing of your personal data.
  • The right to have your personal data corrected if it is inaccurate, and to have incomplete personal data completed.
  • The right to object to the processing of your personal data.
  • The right to restrict processing of your personal data.
  • The right to have your personal data erased.
  • The right to request access to your personal data and information about how we process it.
  • The right to move, copy or transfer your personal data.
  • Rights in relation to automated decision making including profiling.

In certain circumstances we may need to restrict the above rights in order to safeguard the public interest (eg. The prevention and detection of crime) and our interests (eg. maintenance of legal privilege).


How Can You Raise A Complaint

If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights as detailed above, or if you think we have breached the GDPR, then you have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law.

Their website is

For more details please contact our Data Compliance Manager at Darwin House, 20 Mount Ephraim Road, Tunbridge Wells, Kent. TN1 1 ED Email: