Skip to content

Privacy & Fair Processing Policy

Sutton Winson Limited is an Independent Insurance Broker, Registered in England No. 546706.

We are authorised and regulated by the Financial Conduct Authority (FCA). Our permitted business is arranging general insurance contracts. Our FCA Register number is 310883. We are also licensed to arrange credit under reference number 039132 These details can be checked on the FCA’s Register by visiting the FCA’s website – or by contacting the FCA on 0845 606 1234.

We offer clients the benefit of our insurance knowledge, experience and expertise across a wide range of policy classes through our Commercial, Private Clients, Employee Benefits, Healthcare and Risk Management teams. We endeavour to ensure the privacy and the confidentiality of Personal Data. We may receive Personal Data about individuals relating to potential or actual policyholders, beneficiaries under a policy, their family members, claimants and other parties involved in a claim during the insurance lifecycle. Therefore references to “you/your/their” includes individuals or third parties. This notice sets out our use of this Personal Data and the disclosures we make to other insurance market participants and other third parties. In order for us to provide these services we, and other participants in the Insurance industry use and share Personal Data.


This Privacy Notice governs our use of your Personal Data and is not designed to replace any insurance policy or contract that you may hold with us.

1. Our commitment to privacy

  • As an Independent Broker, we are committed to observing your privacy rights under the General Data Protection Regulation (GDPR) and UK Data Protection laws.  We recognise the importance of the Personal Data that you entrust to us in order to conduct our business with you.
  • We understand that it is our duty to tell you how we will hold and use your Personal Data.
  • We believe in the importance of being fully transparent in our dealings with you.
  • We will only collect, hold and process your Personal Data with your consent for specific processing purposes. We understand that it is important to allow you to withdraw your consent at any given stage of the processing or after conclusion of a contract. Please bear in mind that if you withdraw consent this may affect our ability to provide services to you.
  • Our physical and technological security measures are designed to protect your Personal and Sensitive Data and demonstrate our continuing commitment to the GDPR and UK Data Protection laws.
  • We firmly believe that you should be able to make privacy choices that are right for you. We understand that it is our duty to make sure your Personal Data is accurate and kept up to date.
  • We are dedicated to the investment in continuously training and educating our employees in their privacy obligations under the GDPR and UK Data Protection laws.

2. Where do we collect your Personal Data from?

  • We only collect Personal Data by lawful and fair means. We only ask for Personal Data needed to perform our professional duties and obligations. Our aim is to always be open and transparent in our dealings with you.
  • The following is a list of whom we can potentially collect your Personal Data from:
    • you; directly when you apply for a policy or submit a claim
    • employer
    • family member
    • third party who may be applying for a policy for which you are a beneficiary or a named individual
    • other insurance market participants
    • credit reference agencies
    • anti-fraud databases
    • sanctions lists
    • court judgements
    • government agencies
    • open electoral register
    • Third parties, including those related to the administration or processing of claims
  • We do not buy or sell Personal Data.

3. What Personal Data do we collect?

The type of Personal Data that we collect depends on the nature of our interaction and relationship with you (for example you may be the client or a third-party administrator such as loss adjuster, a claims expert or a lawyer). However, in general terms the following are examples of the Personal Data we collect, but this list is not exhaustive:

  • General identification and contact Data
    Your name, address, e-mail address, telephone details, date and place of birth, gender, marital status, nationality, employer, job title and employment history, benefit coverage and family details, including their relationship to you.
  • Identification issued by government bodies and agencies
    Passport number, national insurance number, tax identification number and driving license number.
  • Financial Data
    Bank account or payment card details, income or other financial Data
  • Credit and Anti-Fraud Data
    Credit history, credit score, sanctions, and Data received from various anti-fraud databases relating to you.
  • Sensitive Data
    Health status; injury or disability Data, prescription Data; medical history, criminal convictions, racial or ethnic origin, religious beliefs, genetic Data and sexual orientation.

4. Why do we collect this Personal Data and what do we do with it?

We collect, use and store your Personal Data to:

  • Manage our relationship with you as a client or policyholder or prospective client or a policyholder
  • Manage the lifecycle of a risk including adjustments, renewals and claim processes
  • Investigate potential crime, including fraud and money laundering and to analyse other commercial risks within the sector
  • Manage and resolve complaints and to handle requests for Data access, rectification and withdrawal of consent

5. International Transfers of Personal Data

  • Due to the global nature of our business, there may be a need for us to send your Personal Data to parties located outside of the European Economic Area (EEA). We will take the necessary steps to inform you if this is the case.
  • We will always make sure that appropriate steps are taken to safeguard the international transfer of your Personal Data. Any transfers to third parties outside of the EEA will be protected by contractual commitments and an assurance by all parties to abide by the stringent requirements of the GDPR.
  • We are committed to explaining what safeguards we have in place for international transfers of Personal Data; should you require.

6. How long do we keep hold of your Personal Data?

  • We are committed to making sure that the Personal Data we process is reliable and accurate. We will store your Personal Data for only as long as is legally necessary, solely for the purpose that that it was originally collected for, and for the purposes for which you have consented to.
  • We abide by our internal Data Retention Policy which is applied to all Personal Data in our care.
  • We are committed to ensuring Personal Data which is no longer required by our business will be destroyed or put beyond use.

7. Legitimate Interests

We process Personal Data for certain legitimate interests, which may include the following:

  • to enable us to determine what insurance products and services that we may arrange for you and the terms of those services
  • to identify and prevent fraud.

When we process your Personal Data for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests.

8. What are your rights?

  • You have the right to access your Personal Data that we hold about you. We will give you a copy of your Data and we will disclose how your Data is being processed. We are committed to being transparent and will provide you with a description as to what Personal Data we collected, how we used it, who we disclosed it to, how we protect it and how long it will be/has been stored.
  • You have the right to correct any Personal Data held by us which you believe could be inaccurate or incomplete. We may seek to check the accuracy of the Personal Data in question. If your Personal Data has been passed onto a Third Party we will inform them of the rectification where possible and disclose the details of that Third Party to you.
  • You have the right to object to our processing of your Personal Data. We are committed to ensuring your interests, fundamental rights and freedoms are properly balanced against our legitimate interests. This will not apply in the following instances:
    • Where we can provide compelling legitimate grounds for the processing to continue and override the interests, rights and freedoms of the individual;
    • Where processing is necessary for legal claims.
    • You have the right for your Personal Data to be destroyed or put beyond use. This will only apply where the Personal Data is no longer valid for the original purpose that it was collected for, where you have withdrawn consent, where you have objected to the Personal Data being processed.
    • You have the right to restrict the processing of Personal Data. This will apply only in the following instances:
      • Where the accuracy of the Personal Data is challenged and needs to checked.
      • Where we have considered the processing of your Personal Data to be unlawful.
      • Where we may not require the Personal Data any longer but you wish to pursue or defend a legal claim.
    • You have the right to ask for Data portability. We will investigate your request and if appropriate we will seek to provide the Personal Data to you in a commonly used and machine readable form.

9. Cookies we use

  • Cookies may be used by the Website to allow us to recognise you and your preferred settings e.g. to store your ID and password for future sessions. This saves you from re-entering information on return visits to the Website. You have the option not to use this feature, in which event no cookies will be retained on your computer.
  • If the site has a secure log-in for our registered users, it may use a temporary ’session cookie’ in order to perform the secure login to our website. This cookie contains no personal information, just a long random number, and is deleted from your web browser when you exit the Website.
  • Temporary cookies are used in the transactional part of the Website to authenticate you as an authorised user after you have logged in.
  • Your browser may be capable of being programmed to reject cookies, or to warn you before downloading cookies, and information regarding this may be found in your browser’s ‘help’ facility.

For an explanation of cookies see the All About Cookies website.
If you have any questions regarding the use of cookies please contact us.
Below is a table of all cookies on this website – their name, type and purpose:

Cookie Type Cookie Name  Cookie Purpose
Session & TYPO3 Content Management Cookie session & fe_typo_user We use session cookies to record an individual users preferences that the user has specified, so that each time the user returns their preferences remain. Commonly this would be language settings, shopping carts, anything where you have indicated a preference. Where forms are used on the site, we hold the information in a session cookie so that we can improve the user experience on the site. Should a user, for example, forget to fill in parts of a form when submitting a form, we can auto-fill the values for those fields that have been filled in, thereby reducing the amount of fields a user needs to amend. This information is stored only in your browser and is destroyed once your browser is closed.
Google Analytics __utmz __utmc
__utmb __utma
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site for you. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

We use third party companies as suppliers for some of our functions. Their use of the Data is controlled by our contract with them and they are only allowed to use the Data strictly for the purpose we have stated e.g. the Data is not used in connection with Data from other companies and we are not tracking user behavior outside our own sites.

10. Other Websites

This privacy policy only applies to this Website. Any other websites which may be linked to this Website will be subject to their own privacy policy, which may differ from ours and we are not responsible for the content provided on any third party Websites

11. Who to contact or complain to about your Personal Data that we hold

If you have any questions about our use of your Personal Data or you wish to access any of the Personal Data that we hold about you, you can contact us at:

Andy Jonas
Data Protection Officer
Sutton Winson Limited
First Floor, Green Acre Court, Station Road
Burgess Hill
West Sussex
RH15 9DS

Tel: 0330 008 5555

Should you wish to make a complaint about how we use your Personal Data, we would welcome your contact so that we have the opportunity to resolve the issue to your satisfaction.

You also have the right to refer any complaint to the Information Commissioner’s Office (ICO).

The ICO can be contacted on their helpline number: 0303 123 1113 (local rate). Website:

Scroll to top