Privacy Policy
Simple. Personal. Transparent. These values don’t just apply to our product and services; we keep these values in mind for everything we do. For you to be confident using our services we want you to know and trust that we’re committed to ensuring your privacy is protected.
We realise insurance can be complicated, and there’s a lot of information we need to provide to you, so we’ve provided a table of contents with links to the relevant sections and please do contact us customercare@wrisk.co with any questions.
Table of contents
- Who we are
- About this policy
- Providing personal data
- Legal basis
- How we collect your personal data
- Why we process your personal data
- Cookies
- Retention
- Security
- Third Party Services
- Your rights
- ‘Do Not Track’
- Contact Us
- Previous versions
We are Wrisk Limited (‘Wrisk’, ‘us’, ‘we’), incorporated in England (company # 09721622), registered office 45 Gresham Street, London, EC2V 7BG.
Please do read this Privacy Policy as, together with our Cookie Policy, it explains how we process your personal data when you visit wrisk.co.
We always seek to comply with the data protection laws applicable to our processing of personal data (‘DP Laws’).
For example, the EU General Data Protection Regulation 2016/679 (‘EU GDPR’) may apply and, as a UK company, the UK Data Protection Act 2018 (‘UK DPA’), the UK e-Privacy Regulations (‘PECR’), and the UK-adopted version of the EU GDPR (‘UK GDPR’) apply directly to all our processing. We’ll use ‘GDPR’ to refer to either the EU or UK version as they’re almost identical.
‘Personal data’ is a defined term in EU and UK law. We also use it here to cover ‘personally identifiable information’ as defined in US law, and other similar legal definitions. Essentially ‘personal data’ means any information relating to an identified or identifiable natural person, namely one who can be identified, directly or indirectly from that information alone or in conjunction with other information.
As data protection law and practice are constantly developing, we’ll need to update this policy from time to time, which we’ll do by posting a new policy on the website that takes effect from the date stated. It is your responsibility to return to the website from time to time and check for changes.
You clearly do not have to provide personal data to us. However, if you would like us, for example, to respond to a query, we may not be able to do so without personal data from you.
You’ll see we’ve identified the legal basis for our processing throughout this Policy. The legal bases we rely on are:
- ‘Legitimate Interests’ – where the processing is necessary for our legitimate interests in carrying out our business (for example to improve or market our services), provided those interests are not outweighed by your rights and interests, and
- ‘Consent’ – where you’ve given us your freely given, specific, informed and unambiguous consent to process your personal data. When we rely on consent, we will ask for your consent before any processing and provide you with relevant information to make the processing fair and transparent.
We collect or are provided your personal data in the normal course of our business, including:
- when you visit our website, we may collect information such as your IP address and the pages you visit,
- when you interact with us through phone, email, chat or otherwise to ask about our services and we may otherwise lawfully obtain contact details of potential customers for our services for our marketing purposes, for example from your business website,
- when you use our website, as to how you’ve used our website, including page view times, response times, machine to machine data and logging data, and
- you may provide us with your CV and other personal data when you apply for a position with us.
We will process your personal data for expected purposes related to the business of marketing. We have set out details of these purposes below, together with information on the data processed, the appropriate legal basis, whether it is shared and how long it is retained.
Improving our website and online services
We may collect statistics to help us improve the features and performance of our website and online services.
- We may collect information on web pages visited, browser type and settings, cookies, and similar tracking information, and wifi/cellular access.
- We collect this information through the use of cookies and similar technologies.
- As set out by the DP laws, in particular UK PECR, we will only drop essential cookies (such as for load balancing, security, and shopping trolley) without your consent. The legal basis there is Legitimate Interests (to collect and process those statistics) and some pay be Legal Obligation (to comply, and prove we complied with the law).
- Any ‘non-essential cookie’ (such as advertising cookies) will only be dropped after you have consented. The legal basis will therefore be Consent for these non-essential cookies.
- We will keep this data for as long as required by the legal obligation or the earlier of 12 months or your withdrawing your consent.
Our Website uses cookies and/or similar technologies. Please review our Cookie Policy for more information, including on how to refuse or selectively accept cookies and/or similar technologies and update your preferences.
If no retention period is specified above, our default position is to only retain personal data for any statutory retention period, then a reasonable period (if any) necessary for the above purposes. This is subject, for example, to any valid opt-out or withdrawal of consent where processing is based on consent, or other valid exercise of your data subject rights.
The security of data is very important to our business. In accordance with our legal obligations, we take appropriate technical and organisational measures to protect your personal data and keep those measures under review. However, we can only be responsible for systems that we control and we would note that the internet itself is not inherently a secure environment.
If you access the services of another provider through our website or services, for example through a link on the website, your use of those services is entirely at your risk and governed by the terms and privacy policy of that third party provider. If we resell a service delivered or provided by a third party (‘Third Party Service’), including any software that is delivered or owned by a third party (‘Third Party Software’), it is that third party’s separate privacy policy that will apply to your personal data and your use of the Third Party Service and Third Party Software. Your use of a Third Party Service is not covered by this Privacy Policy. Please therefore review the privacy policy for any Third Party Service and Third Party Software before using it.
Under the UK and EU GDPRs, you have the following rights (some of which may be subject to conditions set out in the relevant GDPR):
- to know if we process any personal data about you and, if we do, with certain limitations, to a copy of that personal data,
- to ask us to remove or correct any of that personal data that is inaccurate,
- to object to certain processing,
- to ask us to restrict processing certain of your personal data,
- to ask us to erase your personal data, and
- to ‘port’ certain of your personal data to you or another provider, provided in each case that we have such data and certain conditions are met.
You have the right, at any time, to object to the processing of your personal data for direct marketing.
Where processing is based on Consent, you may withdraw consent at any time.
You have the right to notify a complaint to any regulator such as the UK Information Commissioner. We always welcome the opportunity to discuss and resolve any complaint with you first.
The Website does not use technologies that respond to ‘Do-Not-Track’ signals communicated by your internet browser.
If you’ve any questions you can always contact us at the address above or by email to privacy@wrisk.co. You can also always contact our Data Protection Officer at dpo@wrisk.co.