Data Protection
Privacy Notice
We care about your privacy
Data Protection – Privacy Notice
Introduction
Rush Insurance Services Limited (“Rush Insurance”, “we”, “us”, or “our”) is committed to protecting and respecting your privacy.
We recognise our responsibility to handle your personal information fairly, securely and transparently, and to comply with all applicable data protection legislation, including:
- The UK General Data Protection Regulation (“UK GDPR”)
- The Data Protection Act 2018
- The EU General Data Protection Regulation (“EU GDPR”), where applicable
Throughout this notice, we refer to these collectively as the “legislation”.
As a firm regulated by the Financial Conduct Authority (“FCA”), we also comply with applicable regulatory requirements relating to the fair and lawful processing of personal information.
This Privacy Notice explains:
- How and why we collect and use your personal information
- The lawful basis we rely upon for processing your data
- Who we may share your information with
- How long we retain your information
- Your rights under data protection legislation
For the avoidance of doubt, personal data collected by us may include call recordings between you (or your representative) and Rush Insurance Services Limited.
Who We Are
Rush Insurance Services Limited acts as an insurance intermediary. We arrange and administer insurance products on behalf of insurers and partners.
We do not directly provide underwriting, claims settlement, emergency medical assistance or medical screening services. These services are carried out by insurers and authorised third-party providers.
Where necessary, your personal information may be shared with these providers for the purpose of arranging, administering and servicing your insurance policy.
Data Controller
Where we provide you with an insurance quotation and/or administer your insurance policy, Rush Insurance Services Limited acts as the “Data Controller”. This means we are responsible for determining how and why your personal data is processed.
As part of arranging and administering insurance products, we may share your personal information with insurers, underwriters, claims administrators, emergency medical assistance providers, medical screening providers and other authorised third parties where necessary to provide insurance services.
Depending on the service being provided, these organisations may also act as independent data controllers and may issue their own privacy notices where appropriate.
Personal Information We Collect
We may collect and process personal information including:
- Name and date of birth
- Postal address
- Email address and telephone number
- Details of your travel plans
- Information relating to medical conditions
- Payment information where required
- Records of communications with us
- Marketing preferences
- Information relevant to claims or complaints
Some personal information may be classified as “special category data” under the legislation, including information relating to health or criminal convictions.
We are permitted to process this information where necessary for insurance purposes, including arranging and administering insurance policies and enabling insurers and authorised third parties to provide insurance-related services.
Medical information may be shared with specialist medical screening providers, insurers and assistance providers for purposes including assessing eligibility for insurance cover and administering insurance services.
If you provide information about another individual, you confirm that you have their permission to do so and that they understand how their information will be used under this Privacy Notice.
How We Use Your Personal Information
We may use your personal information to:
- Provide insurance quotations
- Arrange and administer insurance policies
- Assist with the administration of claims and complaints
- Communicate with you regarding your policy
- Provide policy administration and customer support
- Share information with insurers and authorised service providers where necessary
- Meet legal and regulatory obligations
- Prevent and detect fraud, money laundering and financial crime
- Carry out statistical analysis and business reporting
- Improve our products, services and customer experience
- Maintain internal systems and records
- Conduct staff training and quality assurance
- Send marketing communications where permitted
Emergency medical assistance, claims handling and medical screening services may be provided by authorised third-party providers acting on behalf of the insurer.
Lawful Basis for Processing
Under data protection legislation, we must have a lawful basis for processing your personal information.
| Purpose of Processing | Lawful Basis |
|---|---|
| Providing quotations and arranging insurance policies | Performance of a contract |
| Policy administration and customer support | Performance of a contract |
| Assisting with claims and complaints administration | Performance of a contract |
| Marketing communications | Legitimate interests or consent |
| Service updates and regulatory communications | Legal obligation |
| Fraud prevention and financial crime checks | Legal obligation |
| Regulatory and legal compliance | Legal obligation |
| Statistical analysis and service improvement | Legitimate interests |
| Internal systems access and reporting | Performance of a contract |
| Staff training and quality monitoring | Legal obligation and legitimate interests |
Where we process special category data, we do so in accordance with the exemptions available under data protection legislation for insurance and regulatory purposes.
Marketing
We may contact you by email, telephone, SMS, post or other agreed communication methods regarding products and services that may be relevant to you.
Where required by law, we will obtain your consent before sending marketing communications.
In certain circumstances, legislation allows us to contact existing customers where we believe there is a legitimate interest in doing so.
You can opt out of marketing communications at any time by:
- Clicking the unsubscribe link in emails
- Contacting us directly
- Updating your communication preferences
In line with FCA conduct rules, we ensure that all marketing communications are clear, fair and not misleading.
Disclosure of Your Personal Information
As part of providing our services, we may share your personal information with trusted third parties where necessary.
These may include:
- Insurers and underwriters
- Claims administrators and handlers
- Emergency medical assistance providers
- Medical screening providers
- Insurance intermediaries
- Software and IT service providers
- Fraud prevention agencies
- Credit reference agencies
- Regulatory bodies
- Government authorities
- Law enforcement agencies
Information may be shared for purposes including policy administration, fraud prevention, regulatory compliance, claims administration and emergency assistance services.
We only share information where necessary and take steps to ensure appropriate confidentiality and security measures are in place.
Retention Period
We will not retain your personal information for longer than necessary and will manage it in accordance with our data retention policies.
In most cases, personal data relating to insurance policies will be retained for up to 7 years following the end of the insurance relationship, unless a longer retention period is required for legal, regulatory or business reasons.
Call recordings may be retained for up to 5 years for regulatory, training, quality assurance and dispute resolution purposes.
International Transfers of Data
We may transfer your personal information to countries outside the United Kingdom or European Economic Area (“EEA”).
Where this occurs, we will ensure that appropriate safeguards are in place to protect your information in accordance with applicable data protection legislation.
These safeguards may include:
- Adequacy decisions approved by the UK Government
- Standard Contractual Clauses (“SCCs”)
- Other lawful transfer mechanisms permitted under UK GDPR
Your Rights
Under data protection legislation, you have the following rights:
- The right to be informed about how your personal data is used
- The right to access the personal information we hold about you
- The right to have inaccurate or incomplete information corrected
- The right to request deletion of your personal information in certain circumstances
- The right to restrict processing in certain circumstances
- The right to data portability, subject to applicable conditions
- The right to object to certain processing, including direct marketing
- Rights relating to automated decision-making and profiling
To exercise any of your rights, please contact us using the details below.
Complaints and Contact Information
If you have any questions about this Privacy Notice or how we use your personal information, please contact:
Data Protection Officer
Rush Insurance Services Limited
1–13 Wellington Road North
Stockport
SK4 1AF
Email: compliance@rushinsurance.co.uk
Telephone: 0333 400 7780
If you are unhappy with how we process your personal information, you also have the right to complain to the Information Commissioner’s Office (“ICO”):
Information Commissioner’s Office (ICO)
Last updated: May 2026