UWI Limited Privacy Notice

Data privacy for customers

This page contains all the information you need to find out what data we may collect from you and how and why we use it.

Last updated: March 2023

About our Privacy Notice

UWI Limited ("Utility Warehouse Insurance", “UWI”, "us", or "we") is the data controller and responsible for your personal data  . We respect your right to privacy. At UWI, we look after any information which could identify you (“personal information”) carefully and strictly in compliance with all  Gibraltar data protection laws.

This Privacy Notice applies to our customers, users of our products and services, to our prospective customers who have shown an interest in our products and services and to anyone that interacts with us, such as by browsing our website (“you”).

This Privacy Notice tells you who we are, how we collect, share and use your personal information, and how you can exercise your privacy rights. It applies to personal information that we use to provide you with our products and services (including when you show an interest in these) and personal information which we collect through our website or other communications with you. If we change the way we handle your personal information, we'll update this Privacy Notice. You'll be able to see the changes but we will notify you in the event of any material changes.

Please take a moment to read this Privacy Notice so that you understand how we use your personal information. Use the links on the left to navigate to a particular section.

If you have any questions or concerns about our use of your personal information, then please contact us at privacy@uwi.gi.

You can also write to us at:

UWI Limited

5/5 Crutchett’s Ramp, Gibraltar, GX11 1AA

The data controller of your personal information is UWI Limited.  

Who we are and what we do

We are a non life insurer that provides personal lines products such as home, boiler and emergency breakdown covers. We underwrite various Utility Warehouse insurance products, helping UW customers get the simplicity, savings and great service, all under one roof.

The type of information we collect

We may collect and process the following Personal Data:

  • Individual details: name, address (and proof of address), other contact details (e.g., email and telephone details), gender, marital status, family details, date and place of birth, employer, job title and employment history, relationship to the policyholder, insured, beneficiary or claimant;

  • Identification details: identification numbers issued by government bodies or agencies (e.g., depending on the country you are in, social security or national insurance number, passport number, ID number, tax identification number, driver’s licence number);

  • Financial information: payment card number, bank account number and account details, income and other financial information;

  • Insured risk: Information about the insured risk, which contains Personal Data and may include, only to the extent relevant to the risk being insured;

  • Health data: current or former physical or mental medical conditions, health status, injury or disability information, medical procedures performed, relevant personal habits (e.g., smoking or consumption of alcohol), prescription information, medical history;

  • Criminal records data: criminal convictions, including driving offences; 

  • Other Special Categories of Personal Data: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning an individual’s sex life or sexual orientation;

  • Policy information: information about the quotes individuals receive and the policies they obtain;

  • Credit and anti-fraud data: credit history and credit score, information about fraud convictions, allegations of crimes and sanctions details received from various anti-fraud and sanctions databases, or regulators or law enforcement agencies;

  • Previous claims: information about previous claims, which may include health data, criminal records data, and other Special Categories of Personal Data  (as described in the Insured Risk definition above);

  • Current claims:information about current claims, which may include health data, criminal records data, and other Special Categories of Personal Data (as described in the Insured Risk definition above); and

  • Marketing data: whether or not the individual has consented to receive marketing from us and from third parties.

Please note that where your data is necessary to enter to fulfil the contract between us and you choose not to provide it, we may not be able to offer or perform our services. For example, we may need to know your date or birth in order to offer you insurance.  

We collect Personal Data from various sources, including (depending on the country you are in):

  • Individuals and their family members, online or by telephone, or in written correspondence;

  • Individuals’ employers;

  • In the event of a claim, third parties including the other party to the claim (claimant/ defendant), witnesses, experts (including medical experts), loss adjustors, lawyers and claims handlers;

  • Other insurance market participants, such as Insurers, Reinsurers and other Intermediaries;

  • Credit reference agencies (to the extent UWI is taking any credit risk);

  • Anti-fraud databases and other third party databases, including sanctions lists;

  • Government agencies, such as vehicle registration authorities and tax authorities; and

  • Claim forms.

Why does UWI process this personal information?

Most commonly, we process your personal information for one of the following reasons:

  • To fulfil the contract between us: We need to process your personal information to perform our contract with you. For example, to provide you with the products or services you purchased, manage your account, accurately bill you for services, and take payment from you. Without your personal information, we would be unable to provide you with the products or services you order from us.

  • For legitimate business interests: Sometimes, we need to process your personal information for a legitimate business interest. For example, to run our business, manage debt, promote our products and services, make improvements to how our business is run and to provide the best possible service to you.

  • To comply with our legal and regulatory obligations.

Where we collect and process Sensitive Personal Data, we rely on:

  • Substantial public interest: UWI relies on the substantial public interest of Insurance to process the sensitive personal data that is necessary to enter and fulfil the contract between us.  For example, we may need details about your health to quote for adequate health insurance; or

  • You have provided your consent: In specific situations, we’ll ask for your consent before we collect and process your information. For example, if you have informed us that you’re in a vulnerable situation, we’ll ask for your explicit consent before we add your details to our Priority Services Register. When we ask for consent to process your information, we'll let you know why we need your information, what we will do with it and how you can withdraw consent.

Who we share your personal information with

In connection with the purposes set out above, we will sometimes share Personal Information with group companies and third parties, including:

  • Insurance brokers, financial advisers and business partners, who help us arrange, manage and underwrite our products and who provide insurance services;

  • Other insurers;

  • Our insurers or reinsurers (either directly or through insurance brokers), who provide reinsurance services to us and each other in respect of risks underwritten by UWI, or insurers who cover UWI under our group insurance policies. We can supply on request further details of the insurers and reinsurers we provide your Personal Information to and how this may be used. If you require further details contact details, contact us;

  • Third parties who provide you with services, relating to your product, e.g. home emergency cover;

  • Third parties who provide us, or a third party insurer relevant to your product or claim, with services, e.g. loss adjusters, claims handlers, assistance providers, third-party case managers, handling your care or treatment pathway, experts and, in limited circumstances, private investigators;

  • Legal advisers, accountants, auditors, financial institutions and professional service firms who act on our or your behalf, or who represent a third-party claimant;

  • Data analysts and providers of data services who support us with developing our products and prices and measuring the effectiveness of marketing;

  • Third parties that help us maintain the accuracy of our data, e.g. by identifying individuals who are deceased, updating contact details for individuals who have moved and payment card providers who provide us with updated payment card details;

  • Financial crime detection agencies, sanctions checking providers and third parties who maintain fraud detection databases or provide assistance with investigation in cases of suspected fraud;

  • Regulators who regulate how we operate, including the GFSC, FCA, PRA, Financial Ombudsman, HMRC, ICO and the Advertising Standards Authority;

  • Government agencies and regulatory bodies including the police, courts and the DWP;

  • Debt advisors, including where breathing space is requested on outstanding debts;

  • Insurance industry bodies, including the Association of British Insurers and MIB;

  • Credit reference agencies;

  • Service providers, including those who help operate our IT and back office systems, underwriting and claims processes and our information security controls, and card payment processors;

  • Medical professionals, if we need to access health records or assessments for the purposes of arranging and underwriting certain products or facilitating and handling claims;

  • Research agencies and providers of market research services, including customer feedback surveys;

  • Providers of marketing and advertising services, including delivering and administering marketing, ensuring you receive marketing content that’s relevant to you and in accordance with your preferences and analysing marketing campaigns. These may include media agencies, fulfilment partners, social media and other online platforms and advertising technology companies. You can find further information about this in the section on Marketing;

  • Third parties in connection with any sale, transfer or disposal of our business.

How we keep your information secure

We use technical and organisational measures to protect your personal information. These measures provide a level of security appropriate to the risk of processing your personal information. In line with our security procedures, we check your identity when you get in touch with us and apply suitable technical measures to protect your information, such as:

  • Encryption;

  • Implementing secure design principles within our information technology infrastructure;

  • Adopting security safeguards against attacks; and

  • Adhering to security policies and training staff to enforce controls and procedures in line with data protection law and other industry-specific compliance requirements.

How long we keep your personal information for

We keep your personal information for as long as necessary for the reason we collected it. In most cases, this means we will keep your personal information while you are one of our customers, and for seven years afterwards. Sometimes we may retain it for longer if we are required to by law.

At the end of this period, your data will be deleted, destroyed or anonymised. We may aggregate anonymised data for statistical analysis and business planning.

Profiling and automated decision-making

Occasionally, our use of your personal information may result in profiling, including automated decision-making. This may affect you legally or otherwise.

Automated decisions are made by computer determination, such as software algorithms, without human review. For example, we may use automated decisions to analyse your creditworthiness and verify your identity when we process your application for certain products and services.

When we make an automated decision about you, you have the right to express your point of view, contest the decision, and request a human review of the decision. You can exercise this right by contacting us using the details at the top of this Privacy Notice.

Your privacy rights

You have various privacy rights in relation to your personal information:

  • Accessing your personal information: You can request a copy of your personal information at any time;

  • Correcting your personal information: You can ask us to correct the personal information we hold on you if it is incorrect;

  • Erasing your personal information: You can ask us to delete your personal information in certain circumstances;

  • Objecting to or restricting processing of your personal information: You can object to our processing of your personal information in certain circumstances;

  • Transferring your personal information: You can ask us to transfer your personal information to you or a third party, including a new supplier should you choose to move your services away; 

  • Withdrawing your consent to processing: You can withdraw your consent to our processing of your personal information, however this will not affect the lawfulness of any processing conducted prior to your withdrawal;

  • Opting-out of marketing communications: You can ask us to cease marketing communications at any time by contacting us using the details at the top of this Privacy Notice, by clicking the unsubscribe or opt-out link in our emails, or by texting STOP to the number given in our text messages; and

  • Complaining to the regulator: You can complain about our collection and use of your personal information by contacting the Gibraltar Regulatory Authority.

We respond to all requests from individuals wishing to exercise their data protection rights in accordance with data protection law. We will try to respond to your request within one month; however, if it is complex or you make several requests, we may extend our time to respond. If we do, we will inform you.

You are able to exercise your rights free of charge, however if you make unfounded, repetitive or excessive requests, we may charge a fee or refuse to carry out your requests.

Updates to our Privacy Notice

From time to time, we may update our Privacy Notice in response to legal, technical or business developments. We will take appropriate measures to inform you of any updates, in line with the significance of any changes. 

You can see when this Privacy Notice was last updated by checking the last updated date, displayed at the top of this page.