At ROCK, we respect your right to privacy. This privacy policy will help you understand how ROCK collects, uses and stores your data and the actions we take to protect it. You should show this notice to anyone else included on your policy. Please read this Privacy Policy carefully.

This Privacy Policy should be read alongside and in addition to the Cookies Policy and your Policy Wording (where applicable). If you have any feedback or questions on this policy then please contact us here.

For information about how we intend to safeguard your data please see the information below.

1. About Us
2. What data we collect
3. When we collect your data
4. How we use your data
5. Who has access to you your data
6. Legal basis for using your information
7. Retaining your information
8. Security of your information
9. Your legal rights
10. Related notices and terms
11. Changes to this policy

1. About Us

ROCK Insurance Group is a trading style of ROCK Insurance Services Limited (ROCK) who is authorised and regulated by the Financial Conduct Authority (FCA number 300317).

References to “our Website” or “the Website” are to

ROCK acts as Data Controller, which means that we determine the way in which your data is used (as described in this privacy notice).


2. What information we collect

We collect personal data as part of your employment. We may also monitor or record calls, emails, SMS messages or other communications in accordance with UK law.

Types of Data we collect
Personal Data:
– Name including first name and surnames or yourself and your next of kin
– Location information including address and telephone information
– Online identifiers including IP address, email and social media such as LinkedIn
– Personal Identifiers including bank account information, national insurance number, pension policy number
Special Category/Sensitive Data:
– Medical information including pre-existing medical conditions
– Criminal record information to assess propriety of Approved Persons

Some information is necessary in order to employ you and look after you during your employment.


3. When we collect your data

We will collect your personal data during recruitment and, if successful, during your employment with ROCK.


4. How we use your data

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
• Where we need to perform the contract we have entered into with you.
• Where we need to comply with a legal obligation.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We may also use your personal information in the following situations, which are likely to be rare:
• Where we need to protect your interests (or someone else’s interests).
• Where it is needed in the public interest [or for official purposes].


5. Who has access to your data

ROCK uses a number or third parties to provide and administer your relationship. This includes:

6. Legal basis for use of your information

We must make sure that there is an appropriate lawful reason for us to process your data. These legal bases are set out in data protection law and we rely on a number of different conditions for the activities we carry out.

As part of managing our contract with you:
Determining the terms on which you work for us.
Conducting performance reviews, managing performance and determining performance requirements.
Making decisions about salary reviews and compensation.
Assessing qualifications for a particular job or task, including decisions about promotions.

We have a legal obligation to:
Check you are legally entitled to work in the UK.
Pay you and, if you are an employee, deducting tax and National Insurance contributions.
Provide pension benefits to you
Liaise with your pension provider.
Administer the contract we have entered into with you.
Comply with health and safety obligations.
Deal with legal disputes involving you, or other employees, workers and contractors, including accidents at work.
Ascertain your fitness to work.
Manage sickness absence.
Prevent fraud.
To monitor your use of our information and communication systems to ensure compliance with our IT policies.
To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
Equal opportunities monitoring.
Monitoring your training and competency to fulfil your role.
Gathering evidence for possible grievance or disciplinary hearings.
Making decisions about your continued employment or engagement.
Making arrangements for the termination of our working relationship.

We have a legitimate interest in:
Making a decision about your recruitment or appointment.
Business management and planning, including accounting and auditing.
Education, training and development requirements.
To conduct data analytics studies to review and better understand employee retention and attrition rates.


7. Retaining your information

Your personal data shall be retained as long as needed for the authorised purposes listed in section 4. This includes retention of some personal data following the end of our relationship with you, for example to resolve any potential disputes and for ongoing or prospective legal proceedings, to maintain records of our services, and otherwise to comply with our legal obligations and to defend our legal rights. We keep all data of a period of 7 years for these purposes.

Please contact us if you need further information about our retention periods.


8. Security of your information

We regularly review the technical and organisational security measures we have in place on our information and communications systems in order to prevent the loss, misuse or unauthorised alteration of your personal information. We also use industry standard security to encrypt sensitive data in transit to our servers.

Communications sent through our website, email or social media, rely on the internet which is a publicly hosted network and is therefore not secure unless the site has been encrypted. ROCK cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.

ROCK has deployed an adequate procedure to identify and communicate any incident of data breach within a delay of 24 hours and to resolve it within a reasonable delay.

Further information about security measures we apply to communications sent by email or over our website is available on request.


9. Your Legal Rights


10. Related notices and terms

Our Cookie Policy provides information about the use of cookies on our website. We will ask you to consent to our use of cookies in accordance with the terms of the policy when you first visit our website.

Terms relating to your insurance policy (where relevant) are provided separately by us and can be found in your Policy Wording.


11. Changes to this policy

This privacy policy was last updated on 24/05/2018. We reserve the right to make changes to this policy and you will be prompted of any changes when you next visit our website.

From time to time we may need to change the way we use your personal data. Where we believe you may not reasonably expect such a change we will write to you. When we do so, you will have 60 days to object to the change.