At ROCK, we respect your right to privacy. This privacy policy will help you understand how ROCK collects, uses and stores your data and the actions we take to protect it. You should show this notice to anyone else included on your policy. Please read this Privacy Policy carefully.

This Privacy Policy should be read alongside and in addition to the Cookies Policy and your Policy Wording (where applicable). If you have any feedback or questions on this policy then please contact us here.

For information about how we intend to safeguard your data please see the information below.

1. About Us
2. What data we collect
3. When we collect your data
4. How we use your data
5. Who has access to you your data
6. Legal basis for using your information
7. Retaining your information
8. Security of your information
9. Your legal rights
10. Related notices and terms
11. Changes to this policy


1. About Us

ROCK Insurance Group is a trading style of ROCK Insurance Services Limited (ROCK) who is authorised and regulated by the Financial Conduct Authority (FCA number 300317).

References to “our Website” or “the Website” are to

ROCK acts as Data Controller, which means that we determine the way in which your data is used (as described in this privacy notice). Your data relates to your staff that take part in your relationship with ROCK and your Approved Persons.


2. What information we collect

We collect personal data as part of providing services to you. We may also monitor or record calls, emails, SMS messages or other communications in accordance with UK law.

Types of Data we collect
Personal Data:

Some information is necessary in order to provide you with the service you expect, if you do not provide us with the requested information, we may not be able to provide you with the relevant service.


3. When we collect your data

We will collect your staff personal data during the relationship with your business. We collect the Approved Persons’ personal and special category data if you choose to become an Appointed Representative of ROCK.


4. How we use your data


5. Who has access to your data

ROCK uses a number or third parties to provide and administer your relationship. This includes:

• The Insurer, Underwriter, Underwriting Agent, Claims and Assistance Handlers in order to administer your insurance scheme. See the policy wording for their details.
• FireMelon Limited for the provision of some technology services.
• Pure360 for sending emails.
• Legal Authorities such as the Financial Conduct Authority, Financial Ombudsman Service, Information Commissioners Officer, Department of Social Security and HM Revenue and Customs on request.


6. Legal basis for use of your information

We must make sure that there is an appropriate lawful reason for us to process your data. These legal bases are set out in data protection law and we rely on a number of different conditions for the activities we carry out.

We have a legal obligation to:
Assessing the fitness and propriety of the Approved Person
Quality assessing sales
Manage training and competency of Appointed Representative staff
Assessing sales KPIs (key performance indicators)
Giving feedback to your staff

Necessary in our legitimate interests or those of a third party:
Engaging with you in relation to our Partnership


7. Retaining your information

Your personal data shall be retained as long as needed for the authorised purposes listed in section 4. This includes retention of some personal data following the end of our relationship with you, for example to resolve any potential disputes and for ongoing or prospective legal proceedings, to maintain records of our services, and otherwise to comply with our legal obligations and to defend our legal rights. We keep all data of a period of 7 years for these purposes.

Please contact us if you need further information about our retention periods.


8. Security of your information

We regularly review the technical and organisational security measures we have in place on our information and communications systems in order to prevent the loss, misuse or unauthorised alteration of your personal information. We also use industry standard security to encrypt sensitive data in transit to our servers.

Communications sent through our website, email or social media, rely on the internet which is a publicly hosted network and is therefore not secure unless the site has been encrypted. ROCK cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.

ROCK has deployed an adequate procedure to identify and communicate any incident of data breach within a delay of 24 hours and to resolve it within a reasonable delay.

Further information about security measures we apply to communications sent by email or over our website is available on request.


9. Your Legal Rights

You have the following Individual Rights:

If you are dissatisfied with the response then you have the right to appeal to the Information Commissioners Office.


10. Related notices and terms

Our Cookie Policy provides information about the use of cookies on our website. We will ask you to consent to our use of cookies in accordance with the terms of the policy when you first visit our website.

Terms relating to your insurance policy (where relevant) are provided separately by us and can be found in your Policy Wording.


11. Changes to this policy

This privacy policy was last updated on 24/05/2018. We reserve the right to make changes to this policy and you will be prompted of any changes when you next visit our website.

From time to time we may need to change the way we use your personal data. Where we believe you may not reasonably expect such a change we will write to you. When we do so, you will have 60 days to object to the change.