WeCovr

PRIVACY NOTICE

Updated May 2026

At WeCovr (“we”, “us”, or “our”), we are committed to protecting your personal information and your right to privacy. This privacy notice explains in clear, plain language what personal data we collect, how we use it, and what rights you have.

This notice applies to all personal data collected through our websites, mobile applications, APIs, telephone consultations, and related insurance mediation services (collectively, our “Services”).

If you have any questions or wish to exercise your data rights, please contact our compliance team at compliance@wecovr.com.

What information do we collect and how?

We collect personal data to help you find and manage the right insurance protection. This includes:

  • Personal Details: Your name, title, gender, date of birth, and relationship to other applicants.
  • Contact Details: Your email address, postal address, postcode, and telephone numbers.
  • Financial Details: Bank account details, payment card information, and direct debit details.
  • Policy Data: Quote references, coverage details, and your transaction and correspondence history.
  • Digital Data: Your IP address, cookies, and website usage statistics.

Information We Collect From Other Sources

In some cases, we may receive your details from third parties. For example:

  • Family Members, Partners, or Associated Adults: If a primary applicant or enquirer contacts us to arrange a policy, they may provide us with your details or the details of a minor in your care to facilitate a quote, group discount, or necessary administrative linkage. If you provide us with personal data regarding a third party, you must ensure you have the appropriate authority or consent to do so under applicable data protection or insurance law, and we may ask you to confirm this, if required.
  • Insurers and Intermediaries: To administer your quotes, manage active policies, or process cancellations.

Sensitive (Special Category) Data

To arrange certain types of cover (such as private medical insurance), we may need to process sensitive personal data relating to your health, such as medical diagnoses, treatments, or injury histories.

We may collect IP addresses via a web analytics package, use cookies or similar technologies to collect website usage information. Cookies are small text files that are placed on your computer by websites you visit. They are used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit http://www.aboutcookies.org or http://www.allaboutcookies.org. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

How we use your data and our legal grounds

We must have a valid legal reason (known as a “lawful basis”) to process your personal data. We process your information for the following main purposes:

  • To Provide Our Services & Manage Enquiries: We process your data to compare quotes, set up your policies with insurance providers, and manage your ongoing administrative needs. (Lawful basis: Performance of a contract or taking steps prior to entering into a contract.)
  • To Prevent Fraud and Meet Regulatory Standards: We process data to verify identities, protect against financial crime, and meet our regulatory duties. (Lawful basis: Compliance with a legal obligation.)
  • To Run and Improve Our Business: We analyse how our services are utilised to develop new products and maintain secure, accurate business records. (Lawful basis: Legitimate interests, supported by safeguards to ensure your privacy rights are not overridden.)

Marketing and Communications

We may use your contact details to send you direct marketing communications or updates regarding our services. You have the absolute Right to Object to Marketing: you can object to or unsubscribe from marketing messages at any time by clicking the “unsubscribe” link in our emails or contacting us directly, and we will not send you further direct marketing without your consent where required.

For more technical detail on how we map our legal bases (including how we process health data), please see the Appendix: Detailed Compliance Information section at the bottom of this notice.

Information sharing

We do not sell your personal data. We only share your information with trusted partners to deliver our services, including:

  • Approved Insurers - We share your details with our selected panel of licensed insurance underwriters to secure and administer your coverage.
  • Strategic Partners - We may work with specialised partners, such as Ascend Broking Group Ltd, to assist in policy placement and advice. You may be referred to these approved providers if we feel this is appropriate for your situation. We may be paid a referral fee or a commission for introducing you to one of our approved providers.
  • Service providers and business partners - We may share your personal data with our service providers and business partners that perform marketing services and other business operations for us.
  • Regulators, Law Enforcement and Other Third Parties - We may share your personal data with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party. This includes sharing details with the Financial Conduct Authority (“FCA”), the Information Commissioner’s Office ( “ICO”), the Financial Ombudsman Service (“FOS”), or the National Crime Agency ( “NCA”) to comply with our statutory obligations.
  • Asset purchasers - We may share your personal data with any third party that purchases, or to which we transfer, all or substantially all of our assets and business. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal data uses it in a manner that is consistent with this privacy notice.

Security of personal information

WeCovr will take all reasonable steps to ensure that any personal information that you provide via the Sites and Apps is kept secure. Although we endeavour to protect your personal information, because of the nature of the Internet, we cannot guarantee the security of your data transmitted to the Sites and Apps.

How long we keep your data

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, and in any event only for as long as required by law, regulation, or regulatory guidance. Regardless of standard typical retention timelines, WeCovr reserves the right to retain core administrative data for extended periods where strictly necessary to satisfy statutory audit requirements, regulatory investigations, or for the establishment, exercise, or defence of legal claims.

  • Inquiry & Quote Records: Where an enquiry does not result in an active policy, records are typically retained for up to 2 years to assist with future enquiries.
  • Active Policy & Advice Records: We typically retain policy and advice records for up to 6 years from the end of our relationship with you, in line with FCA guidance and relevant statutory limitation periods under UK law. For other types of data, we retain them only for as long as necessary for the specific purpose.

Third-party links

The Websites may contain links to other websites which are outside our control and are not covered by this privacy notice. If you access other websites using the links provided, the operators of these websites may collect information from you which will be used by them in accordance with their privacy policy, which may differ from ours.

Children’s information

A minor under the age of 18 cannot legally enter into an insurance contract in the UK. Where an application is made for a child's cover, a parent, legal guardian, or designated primary caregiver must be named as the policyholder or contract owner.

We do not knowingly collect or process personal data from children under the age of 16 without the direct involvement and authorisation of their parent or legal guardian.

Your rights over personal information

Under UK data protection law, you have key rights regarding your personal data. These include the following rights to:

  • access your personal information. Please note that we may redact or withhold third-party personal data where required to protect the privacy rights of other individuals.
  • rectify inaccurate or incomplete information we hold about you.
  • erase your personal information, subject to certain exceptions where we have an overriding regulatory or legal obligation to retain it.
  • restrict our use of your personal information under certain conditions.
  • object to our use of your personal information under certain conditions.
  • receive your personal data in a structured, commonly used, machine-readable format and have it transmitted to another controller where technically feasible (data portability).
  • lodge a complaint with your local data protection authority.

We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate. We will contact you if we need additional information from you in order to honour your requests. If you would like to discuss or exercise such rights, please contact us at compliance@wecovr.com.

Do we make updates to this policy?

Yes, we will update this policy as necessary to stay compliant with relevant laws. We may update this privacy notice from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

How can you contact us about this policy?

Political And Credit Risks trading as WeCovr is the controller responsible for the personal information we collect and process.

If you have any further questions or comments about us, our policies, or wish to make an escalation, please contact our compliance team at compliance@wecovr.com.

If you are not satisfied with our response to a complaint or believe we are processing your personal information incorrectly, you can complain to the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF (Tel: 0303 123 1113).

APPENDIX: DETAILED COMPLIANCE INFORMATION

This section provides additional technical and legal details for regulators, legal professionals, and deep-dive compliance enquiries.

A. Processing Special Category (Health) Data

When WeCovr processes sensitive health data for the purposes of arranging or administering private medical insurance, we do so under the following statutory grounds:

  • UK GDPR Article 9(2)(g) (Substantial Public Interest): The processing is necessary for reasons of substantial public interest.
  • Data Protection Act 2018, Schedule 1, Part 2, Paragraph 8 (Insurance Purposes): The processing is necessary for an “insurance purpose”, which includes advising on, arranging, underwriting, administering, or administering claims under an insurance contract.

WeCovr maintains an Appropriate Policy Document (APD) and logs as required under the DPA 2018 to safeguard these activities.

B. Minors and Caregiver Linkage

A minor under the age of 18 cannot legally enter into a regulated insurance contract in the UK. Where an enquiry or application is progressed for a child's cover, a parent, legal guardian, or primary caregiver must be named as the policyholder or contract administrator.

When establishing these files, we process the parent or caregiver's details to facilitate the administration of the policy. In such circumstances, where the caregiver does not have active cover for themselves, their personal premium on the quotation system is set to £0.00, and their data is processed strictly to facilitate the administration of the child's active contract.

C. International Data Transfers

Where we transfer personal data outside the UK or the European Economic Area (EEA), we do so only to countries recognised as providing adequate protection, or where robust legal safeguards are active. These safeguards include the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses (SCCs), or the UK-US Data Bridge.

D. Security Measures

WeCovr implements appropriate technical and organisational measures (including encryption, access controls, and secure server environments) to protect personal data. Because of the nature of the internet, we cannot guarantee the absolute security of data transmitted to us electronically, and users do so at their own risk.

E. Corporate & Regulatory Registrations

  • Data Controller: Political And Credit Risks Ltd (trading as WeCovr).
  • FCA Registration: Firm Reference Number (FRN) 735613.
  • ICO Registration: Data Protection Register Number ZA207579.