Privacy Policy

Your privacy matters to us.

Last updated: January 2025

1. Introduction

EZPZ Insurance Services ("EZPZ," "we," "us," or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with our AI-powered insurance assistant.

We operate in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws. As an FCA-regulated service, we maintain the highest standards of data protection and security.

2. Information We Collect

2.1 Personal Information You Provide

We collect information you voluntarily provide when using our services, including:

  • Identity Information: Name, date of birth, gender, nationality
  • Contact Information: Email address, phone number, mailing address
  • Financial Information: Income details, payment information
  • Health Information: Medical history, lifestyle factors relevant to underwriting
  • Biometric Data: Face-iT scan data for underwriting purposes
  • Location Information: Country of residence, citizenship, travel history
  • Beneficiary Information: Details of policy beneficiaries

2.2 Automatically Collected Information

When you visit our website, we automatically collect certain information:

  • IP address and device identifiers
  • Browser type and operating system
  • Pages visited and time spent on each page
  • Referring website and exit pages
  • Date and time of your visit

2.3 AI Chat Conversations

When you interact with our AI insurance assistant, we collect and store the contents of your conversation to provide personalized quotes, improve our services, and maintain records as required by insurance regulations.

3. How We Use Your Information

We use your personal information for the following purposes:

  • Insurance Services: Processing applications, underwriting, issuing policies, and managing claims
  • Quote Generation: Providing personalized insurance quotes based on your information
  • Communication: Sending policy documents, updates, and responding to inquiries
  • Legal Compliance: Meeting regulatory requirements, fraud prevention, and AML obligations
  • Service Improvement: Analyzing usage patterns to improve our website and services
  • Marketing: Sending promotional materials (with your consent)

4. Legal Basis for Processing

We process your personal information under the following legal bases:

  • Contract Performance: Processing necessary to fulfill our insurance services
  • Legal Obligation: Compliance with FCA regulations and other legal requirements
  • Legitimate Interests: Fraud prevention, service improvement, and business operations
  • Consent: Marketing communications and optional data processing
  • Vital Interests: Protection of life in emergency situations

5. Special Category Data

Insurance underwriting requires processing health-related data, which is considered "special category" data under GDPR. We process this data based on your explicit consent and the substantial public interest condition for insurance purposes, as permitted under Schedule 1 of the Data Protection Act 2018.

6. Data Sharing and Disclosure

We may share your information with:

  • Insurance Partners: Underwriters and reinsurers (including Gen Re) for policy administration
  • Service Providers: Technology providers, payment processors, and administrative services
  • Regulatory Bodies: FCA, ICO, and other authorities as required by law
  • Professional Advisors: Legal, accounting, and compliance professionals
  • Face-iT Partners: Biometric verification service providers

We do not sell your personal information to third parties. All service providers are contractually bound to protect your data and use it only for specified purposes.

7. International Data Transfers

As we serve globally mobile customers, your data may be transferred to countries outside the UK and EEA. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the UK ICO
  • Adequacy decisions for countries with equivalent protection
  • Binding Corporate Rules for intra-group transfers

8. Data Retention

We retain your personal information for the following periods:

  • Policy Records: Duration of policy plus 7 years (regulatory requirement)
  • Quote Data: 3 years from quote generation if no policy issued
  • Chat Transcripts: 3 years from last interaction
  • Marketing Data: Until consent is withdrawn
  • Website Analytics: 26 months

9. Your Rights

Under UK GDPR, you have the following rights:

  • Right of Access: Obtain a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (subject to legal obligations)
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests or marketing
  • Rights Related to Automated Decision-Making: Request human review of automated decisions

To exercise your rights, please contact us at [email protected]. We will respond to your request within 30 days.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Remember your preferences and settings
  • Maintain your session when using our services
  • Analyze website traffic and usage patterns
  • Deliver relevant advertising (with consent)

You can manage cookie preferences through your browser settings or our cookie consent tool. Essential cookies required for website functionality cannot be disabled.

11. Security Measures

We implement robust security measures to protect your personal information, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication requirements
  • Regular security assessments and penetration testing
  • Employee training on data protection
  • Incident response procedures

12. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. The "Last updated" date at the top indicates when the policy was last revised.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact:

Data Protection Officer
EZPZ Insurance Services
Email: [email protected]
Subject: Privacy Inquiry

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated. Visit ico.org.uk for more information.

Have questions about how we handle your data?

Chat With Us