GDPR Compliance Statement

Date: January 3, 2024

Insurance Hero, located at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, UK, is committed to ensuring the security and protection of the personal information we process and providing a compliant and consistent approach to data protection.

Our robust and effective data protection program complies with existing law and follows data protection principles.

We have a consistent level of data protection and security across our organization. However, we are dedicated to strengthening and improving our data protection system and practices to ensure we are GDPR compliant.

Contact Information

For any questions or concerns regarding our GDPR Compliance Statement, please contact us at

Our Commitment

Insurance Hero (“we”, “us”, or “our”) is dedicated to safeguarding the personal information under our control and maintaining a system that meets our obligations under the regulations.

We acknowledge that the GDPR requires personal data to be processed in a manner that ensures its security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical or organizational measures.

Our GDPR Principles

We adhere to the principles relating to the processing of personal data set out in the GDPR, which require personal data to be:

  • Processed lawfully, fairly and in a transparent manner (Lawfulness, Fairness, and Transparency).
  • It is collected only for specified, explicit and legitimate purposes (Purpose Limitation).
  • Adequate, relevant and limited to what is necessary concerning the purposes for which it is processed (Data Minimisation).
  • Accurate and, where necessary, kept up to date (Accuracy).
  • Not kept in a form that permits data subject identification for longer than is necessary for the purposes for which the data is processed (Storage Limitation).
  • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (Integrity and Confidentiality).

We ensure the lawful processing of personal data by obtaining consent, by ensuring that we have a legitimate interest in processing the data, or by ensuring that the processing is necessary for the performance of a contract to which the data subject is party.

Your Rights

Under the GDPR, you have various rights in relation to your personal data. All of these rights can be exercised by contacting us at

  • Right to be informed: You have the right to be informed about the collection and use of your personal data.
  • Right of access: You have the right to access the personal data that we hold.
  • Right to rectification: You have the right to have inaccurate personal data rectified or completed if it is incomplete.
  • Right to erasure: You have the right to have personal data erased, also known as ‘the right to be forgotten’.
  • Right to restrict processing: You have the right to request the restriction or suppression of your personal data.
  • Right to data portability: You can obtain and reuse your data for your own purposes across different services.
  • Right to object: You have the right to object to the processing of your personal data in certain circumstances.
  • Rights related to automated decision making, including profiling: You have the right to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Related Policies and Procedures

Our GDPR compliance is supported by several internal policies, procedures, and documentation, including:

We regularly review and update our GDPR compliance program to ensure that it is effective and that we are in compliance with the current GDPR regulations.

External Links

For more information on GDPR and your rights, please visit the following external links:

This GDPR Compliance Statement is tailored to reflect the practices and policies of Insurance Hero, and it includes the required contact information, a commitment to GDPR compliance, an outline of GDPR principles, a description of individual rights under the GDPR, and links to related policies and external resources.

It is important to ensure that the organisation implements and follows all the practices mentioned in the statement.