Privacy Policy

Who we are

ProtectMy Ltd (also referred to in this Notice as "we", "us", or "our") is a company registered in England and Wales. We are licensed to process personal data by the Information Commissioner's Office (ICO) under Certificate Number ZB843293.

ProtectMy Ltd is an Appointed Representative of Innovative Risk Labs Ltd (FRN 1018860), which is authorised and regulated by the Financial Conduct Authority under FRN 609155.

How to contact us

For any questions or concerns relating to this Privacy Policy or our data protection practices, or to make a subject access or any other request regarding the information we hold, please contact us at:

Introduction

This Privacy Policy explains how ProtectMy Ltd uses the personal data we collect about all individuals that have dealings with us. This includes but is not limited to clients, customers, data subjects, all staff, contractors and consultants, agents and subsidiaries acting for or on behalf of the company.

We take the security of all personal data very seriously. We use a combination of technical, organisational and physical security measures to protect your personal data in line with our obligations under data protection law. Our employees receive training to help us comply with data protection law and safeguard your privacy.

Definition of personal data

When we use the term "personal data" we mean information relating to natural persons who:

• Can be identified or who are identifiable, directly from the information in question; or
• Who can be indirectly identified from that information in combination with other information.

Personal data may also include special categories of personal information or criminal conviction or offences data. These are considered to be more sensitive and we only process them in more limited circumstances.

Our role in relation to your data

Depending on what role we perform for you, ProtectMy Ltd will either be the Data Controller or Data Processor. Understanding our role in relation to the personal data we handle is crucial when ensuring compliance with data protection laws and the fair treatment of individuals.

Data collection and use

We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:

• Identity Data: includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
• Contact Data: includes billing address, delivery address, email address and telephone numbers.
• Usage Data: includes information about how you use our website, products and services.
• Marketing Data: includes marketing and communication preferences, information relating to promotions, customer experience and company statistics.

We use different methods to collect data:

• Direct interactions: data collected directly from you by email or by filling in online forms.
• Third parties: data may be exchanged via a third party in relation to your association with us. For example: insurers, brokers, claims handlers, assistance providers, legal advisers, experts and publicly available sources or the authorities. This list is not exhaustive.
• Automated technologies: when interacting with our website, we may automatically collect technical data about the equipment being used, browsing actions and patterns. We collect this data using cookies and other similar technologies.

How we use personal data

We will only use personal data when the law allows us to. Most commonly, we will use personal data in the following circumstances:

• Where we need to perform a contract, whether directly or indirectly.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal obligation.

We will only use personal data for the purposes for which it was collected. If wider use is desired, we would require new consent from the individual. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Use of cookies

A cookie is a small text file that is placed and stored on your computer, mobile or other devices by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information about visitor behaviours to the website owner.

Before cookies are placed on your device, you will be shown a prompt requesting your consent. You can opt out of tracking at any time. For full details of how we use cookies, please see our Cookie Policy.

Disclosure of personal data

We may share data with other companies in our group, affiliate businesses and with third party service providers (data processors), such as insurance providers, compliance, and other agents relevant to the business activity. Where any data is required for such a purpose, we will take reasonable steps to ensure that it will be handled safely, securely and in accordance with your rights and our obligations.

We have an obligation to disclose data in the following circumstances permitted by law:

• Where we are legally compelled to do so.
• Where there is a duty to the public to disclose.
• Where disclosure is required to protect our interest.
• Where disclosure is made at your request or with your consent.

In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets. We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

International transfers

Sometimes we, or third parties acting on our behalf, may need to transfer personal data between jurisdictions. ProtectMy Ltd will always take steps to ensure that any transfer of personal data outside of its home jurisdiction is carefully managed to protect your privacy rights and ensure that adequate safeguards are in place.

Data security

We have put in place appropriate security measures, policies and procedures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to personal data to those employees, agents, contractors and other third parties who have a business need to know. We have put in place procedures to deal with any suspected personal data breach and will notify you and the applicable regulator where we are legally required to do so.

Retention

ProtectMy Ltd will only retain personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the data, and the applicable legal, regulatory or other requirements.

Your data protection rights

You have certain legal rights under UK data protection law and regulations. These are summarised as follows:

• The right to be informedAbout our data processing activities, including through Privacy Notices such as this one.
• The right of accessYou may submit a Subject Access Request to obtain a copy of the personal data that we hold about you in a structured or portable manner. To request a copy of this information you must make a subject access request in writing to us.
• The right of rectificationYou may ask us to correct any inaccurate or incomplete personal data. We aim to respond within one month.
• The right to erasure and to restrict processingYou have the right to have your personal data erased and to prevent processing, except where we have a legal obligation to process your personal information. You should bear in mind that by exercising this right you may hinder or prevent our ability to provide products and services to you.
• The right to data portabilityOn your request, we will provide you with your personal data in a structured, machine-readable format where this right applies.
• The right to objectYou have particular rights in relation to automated decision-making and profiling to reduce the risk that a potentially damaging decision is taken without human intervention. You can object to your personal data being used for profiling, direct marketing or research purposes.
• The right to withdraw consentWhere we are relying on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

If you want to invoke any of these rights, please write to us at:

We aim to respond to all valid requests within one month. It may take longer if the request is particularly complicated or if several requests have been made. We will always let you know if we think a response will take longer than one month.

How to make a complaint

If you wish to make a complaint about how we hold or use your personal data, please contact us in the first instance:

If you are dissatisfied with how we deal with your complaint, you may contact the Information Commissioner's Office:

Updates to this policy

This Privacy Policy is updated from time to time to take account of changes in our business activities, legal requirements and to make sure it is as transparent as possible. Please check back here for the current version.

This Privacy Policy was last updated in April 2026.