Privacy Policy

Your privacy is important to us. We want you to understand what we do with your data

Jump to the relevant section

1.0 Who we are

2.0 Information we collect

3.0 How we collect your information

4.0 How we use your personal data (lawful basis for processing)

5.0 Your Rights

6.0 Sharing and Disclosing Your Personal Information

7.0 Safeguarding Measures

8.0 International Data Transfers

9.0 Consequences of Not Providing Your Personal Data

10.0 Legitimate Interests

11.0 Marketing

12.0 How long we keep your data

13.0 Special Category Data

14.0 Lodging A Complaint

1.0 Who we are

QMetric Group Limited, trading as Policy Expert, is a company registered in England and Wales under company number 07151701. We provide home, car, and pet insurance services through the Policy Expert brand, ensuring our customers receive high-quality coverage tailored to their needs.

As part of the QMetric Group, we work in conjunction with Trinity Claims Limited (company number 07553749), our dedicated subsidiary responsible for handling all insurance claims. Their Privacy Notice provides further information about how claims related personal data is processed. While it reflects our joint working practices, it offers greater depth regarding Trinity's specific processing activities as a separate legal entity.

Together, Policy Expert and Trinity Claims work seamlessly to deliver excellent service, from the moment you purchase your policy to managing claims efficiently when you need us most.

We are committed to protecting your privacy and ensuring your personal information is handled responsibly across all interactions, whether through our digital platforms, in-person communications, or other channels.

2.0 Information we collect

We process your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.

The personal data that we collect is: -

Contact details, including your name, postal address, email address and phone number.

Personal identifiers, such as date of birth, gender, marital status, employment status, income, and proof of residency.

Government issued identifiers, including driving license, passport, and National Insurance Number.

Credit and financial data, including credit history, credit scores, claims history and payment history, obtained from credit reference and fraud prevention agencies.

Driving and motor data, such as driving history (e.g. past claims, motoring convictions, penalty points), vehicle details (e.g. make, model, registration, engine size), telematics data (from black box devices or mobile apps), and DVLA records (where applicable).

Home and property information, including security features (e.g. alarms, CCTV), occupancy status, property type and rebuild value, address-based risk factors (e.g. flood or subsidence risk), and ownership details.

Information relating to criminal offences, sanctions screening, or Politically Exposed Persons (PEP) status, where required by law or strictly necessary for fraud prevention and risk assessment. This may include fraud or risk flags from internal and external databases.

Vulnerability-related data, including details about your financial situation, health related data, or other indicators of additional support needs, to ensure we can provide services appropriately and fairly.

Audio, photographic, and video recordings, including surveillance or telematics imagery and call recordings, where relevant to policy management or claims assessment.

Social media or publicly available data, where relevant to fraud investigation and only within legal limits.

Job Applicants – If you apply for a role with us, we collect and process personal data as part of our recruitment and hiring process. This may include your job title, employment history, qualifications, education, professional memberships, background check results, skills, references, right to work status, and any other details you provide during the recruitment process.

We only collect and process special category or criminal offence data where we have a lawful basis to do so, in accordance with the UK General Data Protection Regulation and the Data Protection Act 2018.

3.0 How we collect your information

We collect personal information through a variety of channels, including:

3.1 Directly from you

We collect the information you provide when you request a quote or apply for a policy (online or by phone), make a claim or update your policy details, and register for an online account.

3.2 Through third parties or external sources.

We may also receive information from third-party partners and trusted data sources to help us assess risk, verify identity, prevent fraud, and manage your policy or claim. These may include: -

Price Comparison Websites (PCWs) – Where you use a comparison site, we receive the details you entered to generate quotes and create your policy.

Identify and Verification and risk assessment providers – Used to confirm your identity, assess credit risk, and enhance data accuracy through licenced public and proprietary databases.

Credit reference agencies – provide information on credit scores, credit history, and financial behaviour.

Vehicle and driver data services – Supply official vehicle and driver records for validation and compliance with relevant regulations.

Industry-wide fraud prevention and intelligence networks – support the detection, investigation, and prevention of fraudulent activity through data sharing across the insurance section.

Claims and Policy databases – Used to check details of previous claims and insurance history, supporting accurate underwriting and fraud prevention.

Motor Insurance databases – Used to confirm policy details, coverage, and history to support regulatory compliance and underwriting accuracy.

Automatically through your interactions with our website, using cookies, analytics tools, and similar technologies that capture IP addresses, device identifiers, and usage behaviour.

Recruitment Partners – We may receive job applicant data from recruitment agencies, job boards, or publicly available sources such as LinkedIn. we may also receive information from referees or background check providers.

3.3 From your interactions with us

We may also use information from your previous or ongoing interactions with us, including past quotes, claims, policy history, or communications (such as recorded phone calls or submitted documents).

Please note: If you give us personal information about other people such as joint policy holders on home insurance or additional named drivers on your motor policy, you must make sure they are aware of this privacy policy. You must also get their agreement before sharing any of their personal information.

4.0 How we use your personal data (lawful basis for processing)

The examples below outline the main purposes for which we use your personal data and the legal basis we rely on. Please note, this is not an exhaustive list.

Purpose	Lawful Basis (UK GDPR)	Processing Activity
To provide and manage your insurance policy	Contractual necessity Legitimate Interest	Setting up, renewing or cancelling your policy. Sending policy documents and updates Handling premium payments Claims management
To verify your identity and assess risks	Legitimate Interest Legal Obligation	Identity checks Assessing eligibility and risk during quote process
To detect and prevent fraud or other unlawful activity	Legitimate Interest Legal Obligation Substantial public interest (for criminal offence data)	Cross-checking data with fraud prevention agencies Investigating suspicious policies and claims Internal security measures
To comply with legal and regulatory obligations	Legal Obligation	Meeting FCA requirements Complying with data deletion rules Responding to Court orders or lawful requests
To provide customer service support	Contractual necessity Legitimate Interest	Responding to enquiries and complaints Updating your contact or policy details Handling claims-related questions
To improve our services and operations	Legitimate Interest	Analysing customer feedback Reviewing call recordings for training Conducting internal performance reviews
To support vulnerable customers	Consent (for special category data) Substantial public interest (e.g. safeguarding)	Noting relevant health or accessibility needs Referring customers to specialist teams Ensuring tailored service
To carry out automated decision-making and profiling	Legitimate Interests Contractual necessity Legal obligations (where required)	Automatically assessing pricing and eligibility Risk profiling for underwriting To detect potential fraud patterns.
Debt Collection	Contractual necessity Legitimate Interests	Recover outstanding payments due to us. This may include instructing third-party debt-collection agencies or legal advisers where necessary.
Recruitment and hiring process	Legitimate Interests Legal obligations Consent Contractual necessity	Assessing suitability for role Verifying identity and right to work Conducting background checks Maintain records of hiring process Improving the fairness and effectiveness of our recruitment process, including monitoring for diversity and inclusion

5.0 Your Rights

Under the UK GDPR, you have the following rights regarding the personal data we process about you:

Right to be Informed:

You have the right to be informed about how we collect and use your personal data. We provide this information at the time we collect your data, or within one month if we obtain it from another source — unless providing it would involve disproportionate effort, or you already have the information.

Right of Access:

You can request access to any information that we hold about you and receive details about:

What data we hold

The purposes for the processing

The categories of data

Who we share it with

How long plan to retain it.

Where the data came from, if not collected directly from you.

Right to Rectification:

If any personal data we hold about you is inaccurate or incomplete, you can ask us to correct it. We'll do so as quickly as possible unless there's a lawful reason not to, in which case we'll explain why.

Right to Erasure (Right to be Forgotten)

You can request the deletion of your personal data where there's no compelling reason for us to keep it. This is not an absolute right — for example, we may need to retain certain information to comply with legal obligations or defend legal claims.

Right to Restriction of Processing:

In certain circumstances, you can request that we restrict the use of your data. This means we will store the data but not process it further unless you give consent, or it's legally required.

Right to Data Portability:

You have the right to receive personal data you've provided to us in a structured, commonly used and machine-readable format, and to transmit it to another controller, where processing is based on consent or contract and carried out by automated means.

Right to Object:

You can object to processing where it is based on legitimate interests or for statistical purposes. We will assess your request and stop processing unless we have compelling legitimate grounds. You have an absolute rights to object to your data being used for direct marketing.

Rights Related to Automated Decision-Making and Profiling:

You have the right to be informed if we use automated processes to make decisions about you (such as underwriting or pricing). If such decisions have a legal or significant impact on you, you can request human review and contest the decision.

7.0 Safeguarding Measures

At QMetric, we take your privacy and the security of your personal information very seriously. We implement robust technical and organisational measures to protect your data against unauthorised access, misuse, alteration, or loss. These measures are regularly reviewed and updated to reflect current best practices and emerging threats.

Security controls we use include:

Encryption technologies, including SSL/TLS, to protect data in transit

Role-based access controls and multi-factor authentication to restrict access to data

Firewall and intrusion detection systems to monitor and protect our network

Regular vulnerability scanning and patch management to address security weaknesses

Staff training and awareness programmes to ensure data protection principles are followed

Secure backup systems and disaster recovery procedures to maintain data availability

These measures help ensure that your personal data is handled securely at every stage of its lifecycle.

8.0 International Data Transfers

Some of our third-party service providers may process your personal data outside of the United Kingdom. For example, we may use cloud-based software suppliers based in countries such as the United States to manage contact details, including your email address, to support our customer service.

Where personal data is transferred outside the UK, we take steps to ensure it receives an adequate level of protection as required by the UK General Data Protection Regulation (UK GDPR). This includes:

Only transferring data to countries deemed by the UK Government to provide an adequate level of data protection; or

Ensuring appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the ICO or reliance on the UK Extension to the EU-U.S. Data Privacy Framework (also known as the UK-U.S. Data Bridge), where applicable.

We carefully vet all third-party service providers and ensure they process personal data only under our instruction, in accordance with this Privacy Policy, and with suitable confidentiality and security measures.

Our insurance partners are the data controllers in respect of the processing they carry out, and such processing will be subject to their own Privacy Policies. We do not have any control over whether they process your personal data outside the EEA. You should refer to their Privacy Policy for this information.

9.0 Consequences of Not Providing Your Personal Data

You are not legally required to provide your personal data to us. However, we need certain information to offer you insurance products and services, assess your application, manage your policy, and handle claims.

If you do not provide the required information, we may be unable to:

Provide you with a quote

Offer or renew a policy

Administer your insurance cover

Process a claim

Comply with legal and regulatory obligations

In some cases, this may result in your application being declined, your policy being cancelled, or a claim not being processed.

10.0 Legitimate Interests

As noted in the 'How We Use Your Personal Data' section of this notice, we may process your personal information under the legitimate interest's legal basis. Before doing so, we have carried out a Legitimate Interests Assessment (LIA) to ensure our business needs are balanced against your rights and freedoms.

We only rely on this basis where the processing is necessary, proportionate, and poses minimal privacy risk.

Examples where we rely on legitimate interests include but not limited to:

Recording calls for training, quality assurance, complaint handling, and service improvements.

Sending service-related communications (e.g., renewal reminders or policy updates)

Preventing fraud or financial crime, and ensuring the security of our systems and operations

Maintaining business operations, including internal reporting, audits, and risk management

Analysing customer behaviour to improve our product and services

Handling legal claims or disputes relating to your policy

We do not use legitimate interest as a legal basis where your interests, rights, or freedoms override ours. You have the right to object to this type of processing at any time—please see the 'Your Rights' section of this notice for details.

11.0 Marketing

We may use your contact details to send you information by email about similar products and services we offer, such as home insurance, motor insurance, and pet insurance. We do this where you have purchased from us or requested a quote, and you were given the opportunity to opt out at the time your data was collected. This is known as a “soft-opt-in” exception for marketing under the Privacy and Electronic Communication Regulations (PECR).

You can opt out of these emails at any time by clicking the unsubscribe link, updating your preferences in your online account, or contacting us directly.

You have the right to object to any processing of your data for marketing purposes at any time. For more information, see the 'Your Rights' section of this notice.

12.0 How long we keep your data

We only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including to fulfil our contractual obligations, meet legal, regulatory, and business requirements, in line with UK tax laws, the Statute of Limitation Act 1980 and the Financial Conduct Authority (FCA) record-keeping obligations.

In some cases, we may retain certain information for longer, for example:

Where there is an unresolved claim or ongoing legal issue

For our legitimate business interests, such as defending legal claims, maintaining accurate business and financial records, and detecting or preventing fraud

Once we no longer need your personal data, it will either be securely deleted or anonymised so that it can no longer be used to identify you.

13.0 Special Category Data

As part of providing insurance services and in line with the Financial Conduct Authority (FCA) guidance on supporting vulnerable customers, we may occasionally need to collect and process special category personal data. This may include information about your health, disability, or other factors that could affect how we communicate with you, assess your application, manage your policy, or handle a claim.

We will only request and process the minimum data necessary for these purposes and always ensure there is a valid legal basis for doing so — such as your explicit consent or where the processing is necessary for reasons of substantial public interest, including safeguarding or ensuring equitable access to our services.

This data is handled with heightened care and subject to additional security and confidentiality measures.

14.0 Lodging A Complaint

If you're unhappy with the way we've handled your data and wish to make a complaint or you would like to make enquiries about how your personal data is processed, you can contact us at:

Home Insurance: home-dpo@policyexpert.co.uk or 0330 0600 600

Motor Insurance: motor-dpo@policyexpert.co.uk or 0330 0600 602

Pet Insurance: pet-dpo@policyexpert.co.uk or 0330 0600 603

If you remain unsatisfied with how your complaint has been managed, you have the right to lodge a complaint with the UK regulator for data protection and information rights law:

The Information Commissioner's Office

Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Telephone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)

Email: enquiries@ico.org.uk