WE ARE COMMITTED TO PROTECTING

AND RESPECTING YOUR PRIVACY

Client Privacy Notice

Client Privacy Notice

Client Privacy Notice

This Notice explains when and why we collect personal information about you (Your Personal Data), how we use it, the conditions under which we may disclose it to others, how we keep it safe and secure and your rights in relation to your personal information.

This Notice explains when and why we collect personal information about you (Your Personal Data), how we use it, the conditions under which we may disclose it to others, how we keep it safe and secure and your rights in relation to your personal information.

This Notice explains when and why we collect personal information about you (Your Personal Data), how we use it, the conditions under which we may disclose it to others, how we keep it safe and secure and your rights in relation to your personal information.

privacy policy header image
genistar privacy policy header image

WHO WE ARE

WHO WE ARE

Genistar  is the organisation responsible for deciding how your personal data is used.  This means we are the data controller of your personal data.


We will process your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA), the Data Use and Access Act 2025 (DUA Act) and other associated legislation.


The Genistar companies covered by this Privacy Notice are:
Genistar Limited, company number 6315485, authorised and regulated by the Financial Conduct Authority (FCA), registration number 472050.


Genistar Mortgages Limited, company number 08430007.


Genistar Affiliates Limited, company number 08212045.


The registered address for each company is:  Victoria House, Harestone Valley Road, Caterham, Surrey, CR3 6HY


Data Protection Officer (DPO): We have appointed Data Guard as our Data Protection Officer. 


Contact: DataCo International UK Limited


Registered Address: Suite 1, 7th Floor | 50 Broadway | London SW1H 0BL


Email: privacy@dataguard.co.uk


Tel: 020 3318 17 18


We need to think about the three companies you mentioned.  I recommend that we make this one Notice applicable to all,  We should therefore call out the group in this intro.

WHAT DO WE MEAN BY
“YOUR PERSONAL DATA”?

WHAT DO WE MEAN BY
“YOUR PERSONAL DATA”?

WHAT DO WE MEAN BY
“YOUR PERSONAL DATA”?

Your Personal Data means any information that describes or relates to your personal circumstances. Your Personal Data may identify you directly, for example your name, address, date of birth, national insurance number. Your Personal Data may also identify you indirectly, for example, your employment situation, your physical and mental health history, or any other information that could be associated with your cultural or social identity.


In the context of providing you with assistance in relation to your insurance, Your Personal Data may include:


  • Title, name, date of birth, gender, nationality, civil/marital status, contact details, addresses and documents that are necessary to verify your identity


  • Employment and remuneration information, (including salary/ bonus schemes/overtime/sick pay/other benefits), employment history


  • Bank account details, tax information, loans and credit commitments, personal credit history, sources of income and expenditure, family circumstances and details of dependents


  • Health status and history, details of treatment and prognosis, medical reports (further details are provided below specifically with regard to the processing we may undertake in relation to this type of information)


  • Any pre-existing insurance products and the terms and conditions relating to these.

Your Personal Data means any information that describes or relates to your personal circumstances. Your Personal Data may identify you directly, for example your name, address, date of birth, national insurance number. Your Personal Data may also identify you indirectly, for example, your employment situation, your physical and mental health history, or any other information that could be associated with your cultural or social identity.


In the context of providing you with assistance in relation to your insurance, Your Personal Data may include:


  • Title, name, date of birth, gender, nationality, civil/marital status, contact details, addresses and documents that are necessary to verify your identity


  • Employment and remuneration information, (including salary/ bonus schemes/overtime/sick pay/other benefits), employment history


  • Bank account details, tax information, loans and credit commitments, personal credit history, sources of income and expenditure, family circumstances and details of dependents


  • Health status and history, details of treatment and prognosis, medical reports (further details are provided below specifically with regard to the processing we may undertake in relation to this type of information)


  • Any pre-existing insurance products and the terms and conditions relating to these.

Your Personal Data means any information that describes or relates to your personal circumstances. Your Personal Data may identify you directly, for example your name, address, date of birth, national insurance number. Your Personal Data may also identify you indirectly, for example, your employment situation, your physical and mental health history, or any other information that could be associated with your cultural or social identity.


In the context of providing you with assistance in relation to your insurance, Your Personal Data may include:


  • Title, name, date of birth, gender, nationality, civil/marital status, contact details, addresses and documents that are necessary to verify your identity


  • Employment and remuneration information, (including salary/ bonus schemes/overtime/sick pay/other benefits), employment history


  • Bank account details, tax information, loans and credit commitments, personal credit history, sources of income and expenditure, family circumstances and details of dependents


  • Health status and history, details of treatment and prognosis, medical reports (further details are provided below specifically with regard to the processing we may undertake in relation to this type of information)


  • Any pre-existing insurance products and the terms and conditions relating to these.

THE BASIS UPON WHICH OUR FIRM
WILL DEAL WITH YOUR PERSONAL DATA

THE BASIS UPON WHICH OUR FIRM
WILL DEAL WITH YOUR PERSONAL DATA

We only use your personal data where we have a lawful basis under data protection law. This means we process your personal data for one or more of the following reasons:


Contract

We process your personal data to take steps at your request before entering into an insurance contract and, once agreed, to perform that contract. For example, we need to use your personal data to provide advice, prepare recommendations, and arrange the insurance products you ask us for.


Legal and regulatory obligations

We process your personal data where it is necessary to meet our legal or regulatory duties. This may include our responsibilities to the Financial Conduct Authority (FCA), compliance with anti-money laundering requirements, or responding to requests from regulators and authorities.


Legitimate interests

We may process your personal data where it is necessary for our legitimate business interests and your rights and freedoms are not overridden. Examples include:

• responding to requests from insurers, mortgage lenders, or our Compliance Service Provider about services we have provided;

• contacting you to request feedback on the service you received;

• training, monitoring, and improving the quality of our services.


CONSENT

CONSENT

We will ask for your consent before using your personal data for certain purposes, such as sending you marketing communications. You can withdraw your consent at any time.


Special category data

Where we process special category data (such as health information), we only do so where it is necessary and permitted by law — for example, where processing is necessary for insurance purposes in line with Article 9(2)(g) UK GDPR and Schedule 1 of the Data Protection Act 2018.


HOW WE COLLECT PERSONAL DATA

HOW WE COLLECT PERSONAL DATA

HOW WE COLLECT PERSONAL DATA

We collect personal data about you in the following ways:


• Directly from you – when you meet with us, speak to us on the phone, complete forms, send us emails or letters, or otherwise provide information in connection with the advice we give you and services we provide.

• From third parties – such as insurers, mortgage lenders, credit reference agencies, regulators, or official publicly available sources (such as the Electoral Register or Companies House) where this is needed to provide our services or meet our legal and regulatory duties.

• From our website and digital services – for example, when you complete online forms or interact with our website. If cookies or similar technologies are used, you will find more information in our Cookie Notice.


Where the personal data relates to dependents or family members (including children), we will only collect and use this information where it is necessary for the insurance products or services you request and in line with data protection law.


WHAT HAPPENS TO YOUR PERSONAL DATA WHEN YOU SHARE IT WITH US?

WHAT HAPPENS TO YOUR PERSONAL DATA WHEN YOU SHARE IT WITH US?

When you share personal data with us, or when we receive it from third parties on your behalf, we record it in our systems and use it in line with the lawful bases explained in this Privacy Notice.


Your personal data will only be used for the purposes for which it was collected, such as providing advice, arranging insurance products, and meeting our legal and regulatory obligations. Access is restricted to authorised staff and service providers who need it to carry out these purposes.


We do not use your personal data for unrelated purposes unless the law allows us to do so. If we need to use your personal data for a new purpose, we will explain this to you, explain the lawful basis and if required we will ask for your consent.


SHARING YOUR PERSONAL DATA

SHARING YOUR PERSONAL DATA

We share your personal data with third parties only where this is necessary and lawful. These may include:


  • Insurance providers and mortgage lenders – to arrange the products and services you request.

  • Compliance service providers and regulators (including the Financial Conduct Authority) – to meet our regulatory and legal obligations.

  • Professional advisers – such as auditors, lawyers, or accountants, where needed to support our business and compliance.

  • IT and support service providers – who help us operate our systems and services securely.


These organisations may act as independent data controllers (for example, insurers) or as our data processors (for example, IT service providers acting on our instructions).


If we need to transfer your personal data outside the UK, we will make sure it is protected.  This may include:

·      Transferring to countries that the UK has recognised as providing an adequate level of data protection, or

·      Using appropriate safeguards such as approved standard contractual clauses with a UK addendum or other legal mechanisms.


Referral Leads
If you agree, our representatives may collect your details so that we can introduce you to Utility Warehouse. With your consent, we will share your name and contact details with Utility Warehouse so that they can contact you directly about their products and services.


When we share your details with UW, they act as an independent data controller. This means Utility Warehouse is responsible for how it uses your personal data once it has received it, and you should refer to the Utility Warehouse Privacy Notice  for information about how they process your data and your rights.

SECURITY AND RETENTION OF YOUR PERSONAL DATA

SECURITY AND RETENTION OF YOUR PERSONAL DATA

We take the security of your personal data seriously. We protect it using appropriate technical and organisational measures, including secure systems, restricted access, staff training, and physical safeguards. Only authorised staff and service providers who need access for legitimate purposes are allowed to handle your data.


We are responsible for protecting your personal data once we receive it. To help keep your information safe during transfer, we recommend that you take reasonable precautions, for example, avoiding the use of unprotected email for sensitive documents, password-protecting or encrypting attachments where possible, and using secure methods of postage if you need to send us original documents.


We normally keep your personal data for six years after our relationship with you ends, in line with our legal and regulatory obligations. In some cases, we may need to keep it longer, for example, to comply with financial regulations, resolve complaints, or meet other legal duties. Once this period has passed, your personal data will be securely deleted or anonymised.


Where personal data relates to children or to special category data (such as health information), we review retention periods to ensure this information is not kept for longer than necessary.

YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA

YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA

You have a number of rights under data protection law in relation to the personal data we hold about you. These include the right to:

  • Access: to request a copy of your personal data and an explanation of how we use it.

  • Rectification: to ask us to correct inaccurate or incomplete personal data.

  • Erasure: to ask us to delete your personal data, where we have no lawful reason to keep it.

  • Restriction:  to ask us to stop using your personal data in certain circumstances.

  • Portability: to request that we provide your personal data to you, or to another service provider, in a commonly used electronic format.

  • Objection: to object to the use of your personal data where we rely on legitimate interests as our lawful basis.

  • Withdraw consent: where we rely on your consent, you can withdraw it at any time.

Please note that not all of these rights are absolute rights.  For example, we may not be able to delete information that we are required to keep for legal or regulatory reasons.

We will respond to any rights request without undue delay and in any case within one month of receiving it. If we are unable to act on your request, we will explain the reasons why.

If you would like to exercise any of these rights, please contact us using the details in the “How to contact us” section.

You also have the right to raise a concern with the Information Commissioner’s Office (ICO), the UK regulator for data protection, via https://ico.org.uk/

HOW TO MAKE CONTACT WITH OUR FIRM IN RELATION TO THE USE OF YOUR PERSONAL DATA

HOW TO MAKE CONTACT WITH OUR FIRM IN RELATION TO THE USE OF YOUR PERSONAL DATA

If you have any questions about this Privacy Notice, or if you would like to exercise any of your data protection rights, you can contact us at:

Data.Protection@genistar.net
Genistar Limited Victoria House, Harestone Valley Road
Caterham, CR3 6HY


You should also make contact with us as soon as possible on you becoming aware of any unauthorised disclosure of Your Personal Data, so that we may investigate and fulfil our own regulatory obligations.


If you have any concerns or complaints as to how we have handled Your Personal Data, you may lodge a complaint with the UK’s data protection regulator, the Information Commissioners Office (ICO), who can be contacted through their website at https://ico.org.uk/make-a-complaint/ or by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

genistar footer logo


Genistar Ltd is authorised and regulated by the Financial Conduct Authority (472050)


VAT No. 326779856


Genistar Limited is incorporated in England and Wales, with registered

number 6315485. Its registered office is at Victoria House,
Harestone Valley Road, Caterham CR3 6HY.

The information provided on this website is for educational or informational purposes only. Please refer to our
legal disclaimer for further information.


Financial Services Compensation Scheme Protection

The FSCS is the UK’s compensation fund of last resort for customers of authorised Financial Services firms. With the standard Financial Services Compensation Scheme (FSCS) you are covered under the General Insurance Arranging claim category whereby the cover is 90% of the claim with no upper limits if we cannot meet our obligations.


Further information about compensation scheme arrangements is available from the FSCS.

© Genistar 2024 all right reserved.

genistar footer logo


Genistar Ltd is authorised and regulated by the Financial Conduct Authority (472050)


VAT No. 326779856


Genistar Limited is incorporated in England and Wales, with registered

number 6315485. Its registered office is at Victoria House,
Harestone Valley Road, Caterham CR3 6HY.

The information provided on this website is for educational or informational purposes only. Please refer to our
legal disclaimer for further information.


Financial Services Compensation Scheme Protection

The FSCS is the UK’s compensation fund of last resort for customers of authorised Financial Services firms. With the standard Financial Services Compensation Scheme (FSCS) you are covered under the General Insurance Arranging claim category whereby the cover is 90% of the claim with no upper limits if we cannot meet our obligations.


Further information about compensation scheme arrangements is available from the FSCS.

© Genistar 2024 all right reserved.

genistar footer logo


Genistar Ltd is authorised and regulated by the Financial Conduct Authority (472050)


VAT No. 326779856


Genistar Limited is incorporated in England and Wales, with registered

number 6315485. Its registered office is at Victoria House,
Harestone Valley Road, Caterham CR3 6HY.

The information provided on this website is for educational or informational purposes only. Please refer to our
legal disclaimer for further information.


Financial Services Compensation Scheme Protection

The FSCS is the UK’s compensation fund of last resort for customers of authorised Financial Services firms. With the standard Financial Services Compensation Scheme (FSCS) you are covered under the General Insurance Arranging claim category whereby the cover is 90% of the claim with no upper limits if we cannot meet our obligations.


Further information about compensation scheme arrangements is available from the FSCS.

© Genistar 2024 all right reserved.