We're here to help
0345 561 0320
Mon-Fri, 9am-5pm, local rate & mobile friendly

Privacy notice

PolicyBee is committed to protecting your privacy. We're providing this privacy notice to tell you how we collect and process your personal data.

To read our Cookies Notice, click here

To read our Applicant Privacy Notice, click here

About us

PolicyBee Ltd is registered with company number 07421216. We're an online insurance broker, specialising in arranging insurance for freelancers, independent consultants, small consultancies and small businesses.

For us to provide you with a quote and then insurance, and deal with any claims or complaints that might arise, we need to collect and process data about you. This deems us a 'data controller'. We are also a data controller for the information we process about visitors to our website.

As data controller, we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

Throughout this document we refer to Data Protection Legislation which means the Data Protection Act 2018 (DPA2018), United Kingdom General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the aforementioned legislation. Where data is processed by a controller or processor established in the European Union or comprises the data of people in the European Union, it also includes the EU General Data Protection Regulation (EU GDPR). This includes any replacement legislation coming into effect from time to time.

We may use your information on the following lawful grounds and for the following purposes:

The legal basis we mainly rely on for processing personal data is Article 6(1)(b) of the UK General Data Protection Regulation (UK GDPR) which relates to processing necessary to allow us to perform our contract with you or to take steps at your request, before entering a contract. The purposes for which we will process your personal data on the basis of contract are listed below.

  • to evaluate your insurance application or renewal and provide you with a quote;
  • to arrange insurance on your behalf or to enable you to purchase your insurance policy online;
  • to administer your insurance contract including taking payments and making changes where requested or necessary;
  • to communicate with you about your policy. For example, notifying you if your policy lapses or a payment has been missed;
  • to assist with insurance claims.

In some cases, we may use personal data to pursue our legitimate interests (Article 6(1)(f) of the UK GDPR), provided your interests and fundamental rights do not override those interests. The purposes for which we will process your personal data on the basis of legitimate interest are listed below.

  • to improve our website (we continually strive to optimise the performance of our website to provide you with a better experience);
  • to assist with the security of our infrastructure;
  • to respond appropriately to any customer queries or complaints you may have;
  • to improve customer service (your information helps us effectively respond to your needs);
  • to run our customer referral scheme;
  • to contact existing customers about products, services and content that we feel will be relevant to you, where you have not opted out;
  • to provide you with 'risk tips';
  • to maintain our working relationship and contractual arrangements with our suppliers. This may include monitoring of the service and levels of service provided to us.

In a small number of circumstances, we will seek your consent (Article 6(1)(a) of the UK GDPR) to process your personal data for the following purposes:

  • to send you digital marketing (emails) if you are a prospective customer but not actively taking steps towards entering into a contract with us;
  • to use marketing and analytics cookies on our website.

Where we rely on your consent to process your personal data, you can withdraw your consent at any time by pressing the ‘unsubscribe’ button at the bottom of our marketing emails, or updating your cookie preferences on our website.

Finally, we rely on legal obligation (Article 6(1)(c) of the UK GDPR) to process your personal data. We process your personal data for the following purposes:

  • to fulfil any data subject rights requests that you may submit. More information about your rights in relation to your personal data that we process can be found below.
  • to comply with our legal and regulatory obligations. This includes obligations set by the Financial Conduct Authority (FCA), such as ensuring the fair treatment of vulnerable customers and customers experiencing financial difficulty. If we identify you as a vulnerable individual based on criteria including health, capability, or life events, we may record and use this information to ensure appropriate care is taken and to provide you with tailored support and fair outcomes.

What personal information do we collect and use?

Normally we'll simply be collecting basic information - your name, address, and contact details plus, if relevant, information about your work role including job title, and possibly employment history, education history and professional accreditations.

In certain circumstances, we will require further information such as:

  • your date of birth;
  • information which is relevant to your insurance policy including details of previous insurance policies and claims history;
  • information relevant to any claim or complaint you may make. This will depend on the type of claim or complaint you make;
  • financial information such as your bank details or credit details. We do not keep this information once the payment has been processed;
  • your marketing preferences.

When companies provide goods or services or are being considered as a potential supplier, we will only use the personal data they supply, which may include names, contact details and role job title of their representatives.

On occasion, we may also collect and store the following ‘special category’ personal data. Where we process this data, alongside a lawful basis, we have identified a special category condition for processing the data in accordance with Article 9 of the UK GDPR and the Data Protection Act 2018:

  • in the event of a claim that leads to an individual being injured, we may collect health data which is necessary for the establishment, exercise or defence of legal claims (Article 9(2)(f));
  • our pre-policy questionnaire asks prospective customers about their criminal convictions for the purposes of providing insurance (Schedule 1 Part 2 Para 20 of the Data Protection Act 2018);
  • where we identify a customer as vulnerable, we may process relevant special category data under Schedule 1, Paragraph 18 of the DPA 2018, which allows processing for reasons of substantial public interest, specifically for the safeguarding of individuals' economic well-being where they are at risk due to illness, disability, or other forms of vulnerability.

How we collect your information

We may collect your information when you:

  • visit our website;
  • use our social media (Twitter, Facebook etc.);
  • use our online chat;
  • take part in our surveys;
  • email, call or text us;
  • ask for an insurance quote, or buy an insurance policy from us.

We may collect information from your employer where you are a representative of one of our suppliers.

Sharing your information

We may share the data you provide us with the following types of organisations:

  • selected insurance providers in order to service your insurance requirements;
  • Feefo, a customer feedback company to get feedback from you about our service;
  • other third-party processors who provide elements of services for us;
  • our associated company located in the UK, which provides internal software and technical support services to us. This sharing is strictly for internal purposes, such as system management, service improvement, and maintaining the security and accuracy of our records.

These businesses will not use your personal information except to provide the agreed services on our behalf. We ensure that we have the required data protection agreements in place to safeguard your personal data and all third parties are required to maintain the confidentiality of your information.

Where we share your personal data with third parties located in third countries that are not covered by an adequacy decision, we rely on standard contractual clauses with the UK Addendum as our mechanism.

Service Specific Information

Participation in “Refer a Friend” and Affiliate schemes:

  • We encourage individuals to participate in our “Refer a Friend” scheme to help us acquire new customers. In addition, organisations have the possibility to participate in our Affiliate scheme through a sign-up process.
  • As part of the “Refer a Friend” scheme, customers who successfully introduce new customers who take out a policy with us will be awarded accordingly.
  • To facilitate participation in both the “Refer a Friend” and Affiliate schemes, we will process the following personal data: First Name, Last Name, Referee, Phone Number, Email Address
  • Certain fields may require input from the data subject, and the personal data collected will be used solely for the purposes of managing and administering the schemes, including verifying eligibility, tracking referrals, and providing awards.
  • We process this personal data based on our legitimate interest in managing and promoting our schemes, which aim to acquire new customers through referrals.

Keeping your information

Your personal information will be retained in accordance with our retention policy which categorises the information held by PolicyBee and specifies the appropriate retention period for each category of data. Those periods are based on the purpose for which the information is collected and used, considering legal and regulatory requirements to retain the information for a minimum period, limitation periods, good practice and PolicyBee's business purposes.

Generally, we keep quote information for 3 years, and policy and claims records for 7 years from the end of our relationship with you. If there is a dispute or a legal action, we may need to keep this personal information longer.

Protecting your personal information

All information collected from you during your usage of our website is transmitted to us using Transport Layer Security (TLS) encryption. Payment cardholder information is in addition relayed instantly to our payment gateway provider. We do not store any payment cardholder information.

Inbound and outbound email is transmitted using Transport Layer Security (TLS) encryption when supported by the endpoint.

We secure all personal information you have provided us on computer servers in a controlled, secure environment, and protect that information from unauthorised access, use or disclosure.

Non-digital personal data received is scanned to our network and the originals are confidentially destroyed.

We'll only disclose your personal information, without notice, if we must by law or in the good faith belief that such action is necessary to:

  • conform to the edicts of the law or comply with legal process served on us;
  • protect and defend our rights or property;
  • protect the personal safety of our users or the public.

Your rights

You have the right to:

  • ask for access to your personal information via a 'subject access request'
  • ask for personal information we hold about you to be corrected
  • ask for your personal information to be deleted. This enables you to ask us to delete or remove your personal information where there is no good reason for us continuing to process it
  • object to the processing of your personal information where we are relying on a legitimate interest, and there is something about your particular situation which makes you want to object to processing it
  • ask for the processing of your personal information to be restricted. This enables you to ask us to suspend the processing of personal information about you
  • ask for your personal information to be transferred to another company

You can find out if we hold any personal information on you and request that information by making a 'subject access request'. If we do hold information about you we will:

  • provide you with a description of it
  • tell you why we are holding it and how long for
  • tell you who it could be disclosed to
  • where possible let you have a copy of the information in an intelligible form

Where we rely on consent to process your personal data, you have a right to withdraw your consent at any time by contacting us via telephone on 0345 561 0320 or emailing us at contactus@policybee.co.uk or by clicking the unsubscribe link in any of our marketing messages.

No fee usually required: you will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

Changing and removing your information

If you find the information we hold about you is wrong, you can ask for it to be corrected. You can also ask us to delete the information. To do so please call us on 0345 561 0320 or email us at contactus@policybee.co.uk. For record-keeping and compliance purposes, we'll retain certain information collected from you in connection with commercial transactions.

External websites

Our website may contain links to third party websites. This privacy notice doesn't cover how organisations that own the external websites process your personal data. We encourage you to read the privacy notices on the other websites you visit.

Contacting us

Address: PolicyBee, 14 Brightwell Barns, Waldringfield Road, Ipswich, IP10 0BJ
Phone: 0345 222 5360
Email: contactus@policybee.co.uk

We are registered with the Information Commissioner's Office (the ICO) with registration number Z259095X.

Our Data Protection Officer is:
The DPO Centre Ltd.
50 Liverpool Street
London
EC2M 7PY

Phone: 0203 797 1289
Website: www.dpocentre.com

Making a complaint

You have the right to submit a complaint about our processing of your personal data. Our supervisory authority is the Information Commissioner's Office and submitting a concern can be made using its website: https://ico.org.uk/concerns/handling/

Changes to this privacy notice

We keep this policy under regular review. We may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices.

Last updated: April 2025