Our Privacy Policy

Columbus Direct ("we") are committed to protecting and respecting your privacy.  This Privacy Policy, together with our Terms of Business, explains how we treat any personal data we collect and process when you use our website, services or products.

1. Collection and processing of your personal data

We only collect and process your personal data if:    

  • It is necessary in order for us to be able to provide our service or product, which you have either requested a quotation or contracted for; or
  • You have agreed to it; or
  • It is necessary for compliance with our legal and/or regulatory obligations as providers of insurance; or
  • Under specific circumstances, if it is necessary to protect your life and vital interests; or
  • We have legitimate reason or where there is reasons of substantial public interest to do so, such as for fraud prevention, debt collection and anti-money laundering checks; or 
  • The data is already publicly available.

2. What types of personal data we handle

We collect and process the personal data that you provide about yourself and others to be covered by the policy when interacting with us, either online or via email, phone or post. We may also collect data about you from any health services providers involved in delivering our services to you.

Such personal data may include, but is not limited to the following:

  • First name and surname;
  • Postal and/or email address;
  • Gender, date of birth;
  • Country of residence and/or nationality;
  • Unique identifier information (e.g. your customer username or number and password);
  • Financial information (e.g. payment card or bank account information);
  • Health information, where it is relevant to the service we provide;
  • Other details relevant to your particular insurance requirements;
  • Some details provided by your device such as IP address, device ID, device type, and location data.

3. How we use your personal data

We may use the personal data we collect and process about you in order to:

  • Provide you with access to our website;
  • Provide and administer your insurance quotation and policy, and to process claims;
  • Process any payments required for the products and services you have requested;
  • Provide you with information including without limitation, quotations, service documentation, brochures, newsletters and responses to applications;
  • Respond to any enquiries from you regarding our products and services;
  • Where you have agreed, provide you with information about certain other goods and services which we believe may be of interest to you;
  • Offer customer surveys to help us improve our service;
  • To help us improve our services and products;
  • Meet our legal and regulatory obligations;
  • Detect and prevent fraud or other illegal activities.

Some of the personal information we process may be sensitive information, such as details about your health or medical records. Where appropriate, we will rely on a specific legal exemption to process your sensitive personal data for insurance purposes, where it is an essential as part of your insurance cover. Otherwise we will ask for your consent, before collecting and processing your sensitive information. Please note that we may not be able to sell you an insurance policy or deal with a claim if we are unable to process relevant sensitive information.

We may use your personal data, including your health data, to automatically determine, based on a risk assessment of both the likelihood and cost of you making a claim, whether to offer insurance cover, what insurance products to offer, whether to offer to renewal cover, and to arrive at the price of that insurance cover.  You have the right to request a personal review by us of such decisions so that you may express your point of view and ask us to reconsider such decisions.

When you ask for a quotation or buy a policy, we will send your details to, and also use information from your insurer and from fraud prevention agencies, such as CIFAS. We will make use of such data to combat fraud.

When you make a claim, we may use automated processes, to assist in determination of whether to accept a claim.  You have the right to request a personal review by us of such decisions so that you may express your point of view and ask us to reconsider such decisions.

If you wish to opt-out of any automated decision-making, please let us know, however, in some circumstances we may not be able to offer or provide you with a quote for a policy as some automated decisions are required to provide your insurance policy.

The name and other details about your insurer and how they process your information can be found in your policy wording.

If you provide information about anyone else, you confirm that they (or their legal guardian) have agreed that you may give us their information, including sensitive information, for the reasons described in this document.

4. Personal data sharing and transferring

We will not share your personal data with anyone else unless you agree to this, or such sharing is necessary to fulfil our contract with you, or we are legally allowed or required to do so. Moreover, your personal data will only be shared with selected organisations which comply with our security procedures and policies.

Organisations we may share your personal data with include:

  • Another member of our group of companies where they help provide our services to you;
  • Our service providers and subcontractors, where they us help provide our services to you;
  • To a regulating body or other authority where we need to comply with a regulatory or legal obligation;
  • Crime prevention or debt collection organisations;
  • When required to protect our legitimate interests.

Some of those organisations may be based in a country outside the European Economic Area or where different data privacy laws apply. We will only transfer your personal data to that country if they ensure an adequate level of protection of your rights and freedoms, the transfer is necessary for the performance of your contract, or you have given us your consent, or that organisation is contractually bound to meet European Economic Area data protection law.

We will not sell your personal data to anyone.

5. Personal data protection and storage

Personal data collected and processed in accordance with this Privacy Policy is stored on secure servers located in the United Kingdom or Republic of Ireland.

We handle your personal data in accordance with adequate and reasonable procedures and technologies in order to maintain and protect its security, availability, confidentiality and integrity, and prevent its unlawful or unauthorised processing, accidental loss or damage, from its collection until its destruction.

Where personal data is transmitted across the internet, it will be encrypted.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of your personal data, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. 

6. Personal data disposal and retention

We will only keep your personal data for as long as it is needed for the purposes for which it was collected and we will remove from our systems all personal data which is no longer required. 

We will only retain your personal data after this time where we are required to do so, in order to meet a regulatory or legal obligation.

7. Use of cookies

We use cookies on our website in order to improve your user experience by enabling our website to 'remember' you, either for the duration of your visit (using a 'session cookie') or for repeat visits (using a 'persistent cookie').  We may also use cookies to enable us to target our services or products based, for example, on your location and/or browsing habits.

8. Your rights

You have the right at any time and, normally, free of charge to:

  • Request a copy of the personal data we hold about you and certain details as to how we use it. We may charge a reasonable fee to provide further copies, and can refuse to give you this information if your requests are clearly unjustified or excessive;
  • Have your personal data corrected if it is inaccurate or incomplete;
  • In certain circumstances, request the deletion of your personal data for example, where it is no longer necessary for us to keep it for the purpose for which it was originally collected or processed, unless we have a legal or regulatory obligation to retain the personal data;
  • Ask for further processing of your personal data to be restricted. Where you have previously entered into a contracted service or product with us, this may imply cancelling the contracted service or product;
  • In certain circumstances, to request that we transfer your personal information to another third party, where technically feasible;
  • Request that you are not subject to automatic individual decision-making;
  • Withdraw your agreement to direct marketing.

Where we have requested your consent, you have the right to withdraw this.  However, in some circumstances we may no longer be able to process your insurance policy.

9. How to contact us

For the purposes of data protection legislation, Columbus Insurance Services Ltd is the data controller. 

Columbus Insurance Services Ltd is part of the Collinson group of companies.

To exercise any of your rights, or if you have any questions about our Privacy Policy, or if you wish to make a complaint about the use of your personal data, or you want to report a security issue, please contact our Data Protection Officer, the details of which are below:

Data Protection Officer data.protection@columbusdirect.com

Columbus Insurance Services Ltd,
Sussex House,
Perrymount Road,
Haywards Heath,
West Sussex,
United Kingdom, RH16 1DN

If you are unsatisfied with our response, you can contact the Information Commissioner’s Office (ICO).  Further information can be found at https://ico.org.uk/.  Additionally you have the right at any time to lodge a complaint with the ICO in relation to how we use your data.

10. Other websites

Our website may contain links to other websites. This Privacy Policy only applies to our website, services and products so when you link to other websites, you should read their own privacy policies.

11. Changes to our policy

We keep our Privacy Policy under regular review and we will make any new versions available on our website, you should check our website regularly to view the most up to date privacy policy.  This Privacy Policy was last updated on 25 May, 2018.