Factual. Independent. Not an insurer.|
Updated monthly with primary data|
Trusted by thousands of UK consumers
InsuranceDico
Legal & policies

Privacy & Cookies Policy

This policy explains what personal data InsuranceDico collects, why we collect it, how long we keep it, the lawful bases we rely on, your rights as a data subject under UK GDPR, EU GDPR and California CCPA / CPRA, and the cookies we set on this website.

Effective: 23 May 2026Last reviewed: 23 May 2026Document: v4.0Governing law: England & Wales
United Kingdom · UK GDPREuropean Economic Area · EU GDPRCalifornia · CCPA / CPRA
On this page
  1. 01Who we are
  2. 02Scope and definitions
  3. 03Personal data we collect
  4. 04How we use your data and the lawful basis
  5. 05Retention periods
  6. 06Sharing and sub-processors
  7. 07International transfers
  8. 08Security measures
  9. 09Your rights under UK and EU GDPR
  10. 10Notice to residents of the European Economic Area
  11. 11Notice to California residents (CCPA / CPRA)
  12. 12Children
  13. 13Cookies and similar technologies
  14. 14Automated decision-making and profiling
  15. 15Supervisory authorities and complaints
  16. 16Changes to this policy

01.Who we are

InsuranceDico (“we”, “us”, “our”) is the data controller for personal data processed through this website. You can reach our editorial and data-protection team at editorial@insurancedico.co.uk or via our contact form.

We are an independent editorial publisher based in England & Wales. We are not authorised by the Financial Conduct Authority and we do not sell, place or arrange insurance. At present we do not have an established place of business in the European Economic Area; EEA residents may contact us via the email address above and we will appoint an EU representative under Art. 27 EU GDPR if our processing of EEA personal data later requires one.

02.Scope and definitions

This policy applies to all personal data we process through insurancedico.co.uk and related sub-domains. In this policy:

  • Personal data means information relating to an identified or identifiable individual.
  • Controller means the entity that determines the purposes and means of processing, InsuranceDico.
  • Processor means a third party that processes personal data on our written instructions.
  • Special category data (UK / EU GDPR Art. 9) includes data revealing health, ethnicity, religion, sexuality and biometric or genetic data. We do not seek to collect it.
  • Sensitive personal information (Cal. Civ. Code §1798.140(ae)) includes precise geolocation, government ID numbers, account credentials and health data. We do not collect it.
  • “Sale” and “share” (CCPA / CPRA) mean disclosing personal information to a third party for monetary or other valuable consideration, including cross-context behavioural advertising. We do not sell or share personal information.

03.Personal data we collect

  • Newsletter sign-ups: email address, date subscribed, consent record.
  • Contact & complaints forms: name, email, the message you send and anything you choose to include.
  • Analytics: a pseudonymous identifier, pages viewed, referrer, approximate country/region (derived from IP and then truncated), device type, browser, operating system. Set only after you accept analytics cookies.
  • Server & security logs: IP address, timestamp, request URL, kept briefly to detect abuse.

04.How we use your data and the lawful basis

The table below shows our processing purposes and the lawful basis we rely on under UK GDPR Art. 6. EU GDPR Art. 6 is materially identical and applies on a parity basis to EEA visitors.

PurposeLawful basis
Sending you the newsletter you signed up forConsent, Art. 6(1)(a)
Responding to messages sent via the contact or complaints formLegitimate interests, Art. 6(1)(f) (handling correspondence)
Measuring how visitors use the site to improve our guidesConsent, Art. 6(1)(a) (via the cookie banner)
Detecting abuse, debugging errors, protecting the siteLegitimate interests, Art. 6(1)(f) (security of the service)
Complying with legal obligations (e.g. ICO requests)Legal obligation, Art. 6(1)(c)

05.Retention periods

  • Newsletter: until you unsubscribe, then deleted within 30 days.
  • Contact / complaints correspondence: up to 24 months after the matter is closed.
  • Analytics: aggregated event data up to 14 months; individual pseudonymous identifiers expire after 13 months at most.
  • Server / security logs: up to 30 days, then deleted or anonymised.

06.Sharing and sub-processors

We share personal data only with the categories of processor needed to operate the site:

  • Hosting and CDN provider (site delivery, DDoS protection).
  • Email delivery provider (newsletter only).
  • Privacy-respecting analytics provider (only after analytics consent).

Each processor is bound by a written data-processing agreement and processes data only on our documented instructions. We do not sell, rent or share personal data, and we do not disclose personal information for cross-context behavioural advertising. We do not share personal data with insurers, brokers or advertising networks.

07.International transfers

Some processors operate outside the UK and EEA. Where personal data is transferred outside the UK we rely on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses (SCCs). For transfers from the EEA we rely on the 2021 EU SCCs, on European Commission adequacy decisions where they apply, and on supplementary technical safeguards including encryption in transit (TLS 1.2+) and at rest.

08.Security measures

All traffic to InsuranceDico is encrypted with TLS. Administrative access requires strong authentication, is limited to the editorial team, and is logged. Access permissions are reviewed periodically. We follow the security principles of ISO 27001 and the UK NCSC Cyber Essentials framework, though we are not currently certified to either.

09.Your rights under UK and EU GDPR

You have the right to:

  • access the personal data we hold about you (Art. 15);
  • have inaccurate data corrected (Art. 16);
  • have data erased where there is no overriding reason to keep it (Art. 17);
  • restrict or object to processing based on legitimate interests (Arts. 18 and 21);
  • receive your data in a portable format where processing is based on consent (Art. 20);
  • withdraw consent at any time, without affecting prior lawful processing (Art. 7(3));
  • not be subject to a decision based solely on automated processing (Art. 22), we do not perform such processing.

To exercise any of these rights, email editorial@insurancedico.co.uk. We respond within one month, as required by Art. 12(3).

10.Notice to residents of the European Economic Area

EEA residents have all of the rights listed in the previous section under the EU GDPR (Regulation 2016/679). You also have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work or place of the alleged infringement. A directory is published by the European Data Protection Board at edpb.europa.eu. If our processing of EEA personal data requires it, we will appoint and name an EU representative under Art. 27 on this page.

11.Notice to California residents (CCPA / CPRA)

This section applies to California residents and is provided under the California Consumer Privacy Act 2018, as amended by the California Privacy Rights Act 2020 (together “CCPA”).

Categories of personal information collected in the last 12 months

  • Identifiers, email address (newsletter, contact form), online identifier (analytics cookie), IP address (truncated in analytics, full in security logs).
  • Internet or other electronic network activity, pages viewed, referring URL, device, browser.
  • Geolocation data, approximate country/region only; we do not collect precise geolocation.
  • Inferences, none drawn for profiling.

Sources: directly from you (forms, sign-ups) and automatically from your interactions with the site. Business purposes: delivering the service you requested, measuring site usage, protecting the site, complying with law. Categories disclosed for a business purpose: identifiers and electronic network activity, to our hosting, email and analytics processors only.

We do not sell or share personal information. We have not sold or shared personal information of any consumer, including consumers under 16, in the preceding 12 months. We do not use or disclose sensitive personal information for any purpose other than those permitted by Cal. Code Regs. tit. 11 §7027.

Your California rights

  • Right to know what personal information we have collected, used and disclosed.
  • Right to delete personal information we have collected from you.
  • Right to correct inaccurate personal information.
  • Right to opt out of the sale or sharing of personal information (not applicable, we do not sell or share).
  • Right to limit use and disclosure of sensitive personal information (not applicable, we do not use sensitive PI for non-permitted purposes).
  • Right to non-discrimination for exercising any of the above rights.

To exercise a right, email editorial@insurancedico.co.uk with the subject line “California privacy request”. We will verify your request by matching the identifier you provide with information we already hold and will respond within 45 days. An authorised agent may submit a request on your behalf with written permission. We honour Global Privacy Control (GPC) signals as a valid opt-out where applicable.

12.Children

InsuranceDico is written for an adult audience. We do not knowingly collect data from anyone under 13 (UK / US) or under 16 (EEA, where local law sets the higher age of digital consent). If you believe a child has provided us with personal data, please contact us so we can delete it.

13.Cookies and similar technologies

A cookie is a small text file stored on your device. We use the minimum set of cookies needed to run the site and, only with your consent, a single analytics cookie.

CookieCategoryPurposeDuration
id_consentStrictly necessaryStores your cookie-banner choices12 months
id_sessionStrictly necessaryMaintains site security and basic preferencesSession
_id_analyticsAnalytics (optional)Pseudonymous measurement of site usage13 months

Strictly necessary cookies are set under the PECR exemption for cookies essential to deliver a service you have requested. Analytics cookies are set only after you give consent via the banner; you can withdraw consent at any time by reopening the banner from the link in the footer, and Global Privacy Control signals are honoured.

14.Automated decision-making and profiling

We do not carry out any decision-making based solely on automated processing that produces legal effects concerning you or similarly significantly affects you (UK / EU GDPR Art. 22). We do not engage in profiling.

15.Supervisory authorities and complaints

  • United Kingdom, Information Commissioner’s Office: ico.org.uk, helpline 0303 123 1113.
  • EEA, your local supervisory authority: directory at edpb.europa.eu.
  • California, Attorney General: oag.ca.gov/privacy, and the California Privacy Protection Agency at cppa.ca.gov.

16.Changes to this policy

We review this policy at least annually and whenever our processing changes. Material changes are highlighted on this page and recorded in the Version history below.

Editorial & data-protection team

Email editorial@insurancedico.co.uk or use our contact form. We respond within 5 working days.

Version history

  • v4.0 · 23 May 2026Full rewrite to global-standard structure. Added EU GDPR parity notice and California CCPA / CPRA section. Consolidated Cookie Policy into this document.
  • v3.2 · May 2026Minor wording updates and refreshed cookie table.