Privacy Policy

Contents Overview

Navigate to page

1. Introduction

At Tilt Services Limited which trades as Tilt and FairCover ("Tilt”, “we", "us", "our") we need to collect and process personal data from or about individuals (“you”, “your”) in order to broker insurance and provide our associated services. This Privacy Notice applies to you in the event that we have collected personal data from or about you in our role as a data controller. It explains when, why and how we collect and process your personal data, the third parties with which we may share your personal data, what your rights are in the event we hold your personal data, and how you can enforce these rights.

We may amend this Privacy Notice from time to time in order to reflect any changes in how we process personal data, or to satisfy any new requirements under applicable data protection laws. If we make any significant changes, we will let you know directly.

2. Definitions

To be clear on what we mean in this Privacy Notice:

  • “personal data” is any information that can be used to identify a living individual;
  • “sensitive personal data” is personal data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic data, health data, sex life or sexual orientation;
  • “data controller” means an organisation that decides how and why to collect personal data;
  • “the Howden Group” is Howden Group Holdings Limited and any company or organisation in which Howden Group Holdings Limited holds significant share capital. We are part of the Howden Group, and you can find out more information about other companies in the Howden Group by visiting www.howdengroupholdings.com; and
  • “third-party” is someone who isn’t you, us, or a company in the Howden Group.

3. Who does this Privacy Notice relate to?

This Privacy Notice relates to the following types of individuals, where we hold your personal data:

  • Individuals who are prospective, current or former clients, including their representatives, for example those with power of attorney;
  • Other individuals named on policies, joint policy holders or beneficiaries;
  • Employees of our corporate clients who we liaise with, or who are named on a policy;
  • Individuals who we liaise with at insurers, managing general agents and other market participants;
  • Members of a trade or professional association;
  • Individuals who contact us with a query, concern or complaint;
  • Individuals whose personal data we may have obtained from publicly available sources, for example in connection with us undertaking background checks on our potential clients; and
  • Individuals who solicit us for a quote, or who we solicit for marketing purposes.

There are types of individuals who this Privacy Notice does not relate to, for example our employees and sub-contractors (including prospective and former employees and sub-contractors). If you are one of these individuals and would like further information, please contact us using the details set out under Section 15.

4. Who are we?

We are an insurance broker that is part of the Howden Group, and which is regulated in the UK by the Financial Conduct Authority (FCA) under reference number 578639. We are also registered with the Information Commissioner’s Office (ICO) under registration Z3293952 and we can be contacted using the contact details set out under Section 15.

5. When and how we collect this personal data

We may collect personal data from, or about, you at different times and through different channels depending on our relationship with you, for example if:

  • You request a quotation from us, either directly or via a price comparison site or other intermediary;
  • You purchase, change or cancel a policy through us;
  • You are covered under, or named on, a policy that has been taken out by your employer;
  • We receive notification of a claim that is made against you, or that you bring against one of our policyholders;
  • You are a client of a business that we acquire;
  • You contact us in writing or speak to us on the phone;
  • You visit one of our stands at a show or trade fair;
  • You give permission to other companies to share your information with us;
  • Your information is publicly available and we have a legitimate reasons to use it; and
  • We are provided with your personal data by third parties such as anti-fraud and crime-prevention agencies, credit reference and vetting agencies, and other data providers.

If you provide us with personal data about another person, please make them aware of this fact and ensure they have access to this Privacy Notice so they can understand how their data may be processed.

6. What personal data do we collect?

Depending on your relationship with us, we may hold the following types of personal data about you:

  • Identity and contact data: for example, your name, gender, date of birth, postal address, job title, telephone number and e-mail address;
  • Policy and claims information: for example, your policy number, details of your cover, premiums due, relationship to the policyholder (if applicable) and previous claims history;
  • Payment and account data: for example, your bank account details and credit/debit card details where you are the payer of a premium;
  • Location data: for example, your residential, work or IP address, the location of an insured item or property, and in the event of a claim, where the incident occurred;
  • Correspondence data: for example, copies of letters and e-mails we send you or you send to us, and notes or call recordings of any telephone conversations.
  • Information we obtain from other sources: including credit agencies, antifraud and other financial crime prevention agencies;
  • Complaint data: for example, what the complaint was, how we investigated it and how we resolved it, including any contact with third-party adjudicator services;
  • Internet data for example, information such as your IP address that may be collected by cookies and other online technologies when you visit our website; and
  • Sensitive personal data: for example health-related data or ethnicity data, but only in restricted circumstances as explained under Section 8.

7. The lawful ways we use personal data

We collect and process personal data for the following lawful reasons:

  • To enter into or perform a contract with you: for example, where you are an individual policyholder and we need to process your personal data in order to provide you with a quotation (should you request one), or to arrange your insurance, manage any claims which arise with your policy, answer any queries you may have, action your requests and manage your renewal(s);
  • To comply with a legal obligation: for example the rules set by our regulator the Financial Conduct Authority (FCA), to fulfil your data rights under data privacy laws, handle complaints about our services, and to comply with other legal requirements such as preventing money laundering and other financial crimes;
  • For our legitimate business interests: for example, to arrange and administer a policy where your employer is our client, to respond to third party claimants, to maintain accurate records in our systems, to monitor and improve our products and services through the use of analytics, to demonstrate compliance with applicable regulations, to undertake some marketing activities, and to facilitate internal management reporting activities across our businesses. Where we rely on this lawful reason, we assess our business needs to ensure they are proportionate and do not affect your rights. In some instances, you also have the right to object to us relying on this lawful reason (if applicable) to process your personal data. Further information on this right is provided under Section 14;
  • With your consent: for example, if you consent to us contacting you for marketing purposes. You can withdraw your consent at any time (to the extent we are relying on it) by using the contact details set out under Section 15; and
  • To protect vital interests: in extreme or unusual circumstances, we may need to use your information to protect your life or the lives of others.

8. The lawful ways we use sensitive personal data

We only collect sensitive personal data from or about you where:

  • This is necessary for us to arrange or administer an insurance policy or claim arising from one;
  • This is necessary for us establish, exercise or defend a legal claim;
  • This is necessary for us to safeguard vulnerable individuals;
  • We have obtained your explicit consent; or
  • You have manifestly made this type of data public.

9. Who we share personal data with

Below are the categories of third parties that we may share your personal data with, but only where we have a legitimate reason to do so:

  • Insurers, intermediaries (including, but not limited to, price comparison website providers, other insurance brokers and managing general agencies), risk management assessors, loss adjusters, loss recovery agencies and third party administrators who work with us to help manage and administer our policies;
  • External sources and agencies to pre-populate and check risk data for example the client’s own website, Companies House, HM Land Registry;
  • Our premium finance provider, if you are paying by instalments;
  • Credit reference and credit scoring agencies. We, the insurer or the premium finance provider may pass to credit reference agencies information we hold about you and your payment record. Credit reference agencies share information with other organisations, enabling applications for financial products to be assessed or to assist the tracing of debtors, or to prevent fraud. Information about the ways in which the credit reference agencies use and share personal information are explained in more detail on the Credit Reference Agency Information Notice;
  • Fraud prevention agencies. In order to prevent and detect crime and fraud we, your insurer and our respective agents may at any time:
    • share information about you and cooperate with other organisations and public bodies including the Police;
    • record your details on the Insurance Fraud Register (IFR)
    • pass information to the Claims and Underwriting Exchange Register, run by Motor Insurer’s Bureau, the Motor Insurance Anti-Fraud and Theft Register, run by the Association of British Insurers (ABI), and other industry databases;
    • check and/or file your details with fraud prevention agencies and databases, and if you give us false or inaccurate information and we suspect fraud, we will record this.
  • In the event of a claim the information you supply together with any other information relating to the claim, will be put on the register and made available to participants. If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies and may be used by law enforcement agencies;
  • Debt collection agencies;
  • For motor and commercial vehicle policies, information relating to your insurance policy will be added to the Navigate database (formerly MID) managed by the Motor Insurers’ Bureau (MIB). If you are involved in a road traffic accident, insurers, the MIB and claimants may search Navigate to obtain relevant information. Please note that Navigate will be updated if your policy is cancelled;
  • Data Verification and Information: For motor and commercial vehicle policies, we share your claims history and some personal information which you have provided, to Lexis Nexis Risk Solutions (part of the RELX Group of companies) to verify your No Claim Discount, assist in the prediction of risk and to access information about your previous motor and commercial vehicle insurance policies. Lexis Nexis uses information from other insurers to confirm your No Claim Discount, where available. We also provide regular updates into the Lexis Nexis database. More information can be found at https://risk.lexisnexis.com/group/processing-notices/insurance services ;
  • Law enforcement, government bodies, courts, tax authorities and our regulators;
  • Service providers who help us manage our IT and back office systems, or who provide us with tools or platforms that we either make available to you, or which we use to undertake activities mentioned earlier in this Privacy Notice;
  • Marketing fulfilment, webinar and customer satisfaction service providers, acting on our behalf in facilitating online events, providing marketing communications and capturing feedback from our customers on our service levels;
  • Any third party where disclosure is required to comply with legal or regulatory requirements;
  • Other Howden Group companies; and
  • Potential purchasers of our businesses.

10. Use of Artificial Intelligence

We use Artificial Intelligence (AI) to streamline risk capture and underwriting, simplify the quote process, and enhance customer service by delivering faster, tailored solutions. For example, we may use conversational AI tools to collect your quote data and, where available, pre-populate information from trusted third-party sources. We also use Optical Character Recognition (OCR) tools to extract key information from existing insurance documents, helping to streamline onboarding and improve data accuracy.

Additionally, the tools and platforms described in Section 9 may incorporate AI technologies. For instance, to reduce the time required to produce summaries of meetings or phone calls, we may use Generative AI services to analyse transcripts and create summaries. These summaries are always reviewed by a human for accuracy before being stored in customer records. We may also use advanced AI models to help us efficiently search and retrieve information from our internal records.

If we use AI or similar technologies to make decisions that could affect you—such as underwriting decisions—we will notify you separately and explain your rights, including how to request human intervention or challenge such decisions.

11. Sharing data within the Howden Group

As stated in Section 9, we may share personal data with other companies within the wider Howden Group for the following purposes:

  • To receive administrative support from those companies, such as the receipt of IT, HR, Finance and Compliance services;
  • So that these companies can provide market insight to insurers on a confidential basis, but only where personal data has been aggregated or anonymised; and
  • So that we can offer you services that may be available from another company in the Howden Group, but only if permitted under electronic marketing laws.

We will only share the minimum amount of personal data required to achieve these purposes, ensuring that we have a lawful basis to share personal data and that any processing undertaken on our behalf is governed by a data processing agreement.

12. International data transfers

In order to fulfil the purposes described in this Privacy Notice, we may need to transfer your personal data outside of the UK and/or outside of the country or region in which you are located. For example:

  • We may need to transfer your personal data overseas in order to arrange insurance for you, with the destination being dependent on the location of the market participants involved in the insurance chain (for example the underwriter may be based in the United States);
  • We may need to make your personal data available to our Howden Group companies established in the European Union or Switzerland (for example) if they are better placed to support you; or
  • We may need to transfer your personal data to an overseas supplier if (for example) they provide us with an online software service that we in turn have made available to you.

If the overseas destination is not considered to provide an adequate level of protection under the data protection law that applies to the processing of your personal data, then we shall generally ensure that a formal and enforceable set of standard contractual clauses is, or has been, entered into between us and the overseas recipient. You can ask us for more information on this by using the contact details set out under Section 15.

13. Retaining and destroying personal data

We retain personal data about you in order to provide any services that you may request from us, to meet a number of legal and regulatory record-keeping requirements, as well as to support our own legitimate business interests. In most cases we will retain your personal data for 7 years following the end of our relationship with you in order to ensure we can sufficiently handle any disputes, claims or complaints that may arise in connection with the relationship. In some cases we may need to retain your personal data for longer than this period, for example if a relevant insurance policy allows for a longer claim notification window, and in some cases we shall only retain your personal data for a shorter period, for example if you ask us to provide you with a quote but then choose not to proceed. You can request further information on these retention periods by using the contact details set out under Section 15.

14. Your data rights

Data protection laws give you rights relating to your personal data. Should you wish to enforce a right (generally at no cost to you), or make a data protection complaint, please use the contact details set out under Section 15. We aim to provide a final response within one month of receiving a request, unless the request is particularly complex in which case we will let you know when we expect to complete it by:

Access You have a right to request a copy of the personal data that we hold on you, along with meaningful information on how it is used and who we share it with, however there are some instances where we may not be able to provide you with some or all of the information we hold. Where this is the case we will explain to you why when we respond to your request, unless the relevant laws or regulations prevent us from doing so.
Rectification You have a right to ask us to correct inaccurate or incomplete personal data that we hold about you. We will either confirm to you that this has been done, or if there is a valid reason that this cannot be done, we will let you know why.
Erasure You can request that we delete your personal data in certain circumstances, for example if we no longer need the personal data for the purpose(s) for which we collected it. We will either confirm to you that this has been done, or if we are unable to delete it due to a compelling overriding reason we will let you know why.
Object to our legitimate interests Where we process your personal data to achieve a legitimate business interest of ours, for example those described under Section 7, you have the right to challenge this. If you do so, we will either confirm to you that the processing has stopped, or explain why we believe our interest in the relevant activity outweighs your interest.
Object to automated decision-making If you are an insured person undertaking a credit check through a premium finance lender, we may use Automated Decision Making to determine what action to take based on the resulting credit score. You have the right to object to decisions made about you using your personal data and undertaken by purely automated means. If you do so, we will arrange for someone to assess the automated decision and confirm the outcome of this assessment to you.
Restrict processing You can ask us to restrict the processing of your personal data in certain circumstances. If you do so, we will either confirm that this has been done, or if we are unable to do so, we will let you know why.
Data portability In certain circumstances you have the right to request that your personal data be transferred to yourself or a nominated third party in a common, machine readable format. If you request this, we will either act upon your instruction and confirm to you that we have done so, or if there is a valid reason that this cannot be done, we will tell you why.
Object to direct marketing You can object to receive direct marketing from us, and this right is absolute. You can do this by simply clicking on the unsubscribe link in any email you receive from us or alternatively getting in touch with us.

Should you submit a request or complaint to us and remain unhappy with our response, you may raise a complaint directly with the UK supervisory authority whose contact details can be found at www.ico.org.uk.

15. Our contact details

The primary point of contact for all issues arising from this Privacy Notice, including requests to exercise your rights, are as follows:

16. Communications

Depending on our relationship with you, and any marketing permissions or preferences you have provided to us, we may contact you via e-mail, phone and/or SMS/text message for the following reasons:

  • “Servicing” messages and calls

These are messages that we must reasonably send you to provide you with services that you have requested from us, for example:

  • To provide you with quotations, including renewal quotations;
  • To provide you with your insurance documentation;
  • To notify you of changes to any relevant terms and conditions;
  • To perform debt recovery;
  • To provide you with updated information regarding the services you receive from us, for example if we update our privacy notice, change our opening hours or office location, or if there is a change in the laws or regulations that apply to the services we offer and;
  • Responding to any queries, complaints or concerns you raise with us.

Because these messages are reasonably necessary, and sometimes may be required by law, regulation, or contract, they may be sent regardless of your marketing preferences.

  • "Market research" messages and calls and Newsletters

These are messages that we send you to gain your feedback on our services, or to provide useful information related to your insurance needs. Any information you give us is then used to help us understand where we can improve our products and services. Because these messages aren’t intended to promote or sell anything to you, they may be sent to you regardless of your existing marketing preferences. However, we appreciate that some people may not wish to receive such messages. If you would like to opt out of future market research or newsletters, use the “unsubscribe” options in any market research or newsletter e-mails, SMS/text messages or post you receive, or by asking to be unsubscribed via telephone.

  • "Marketing" messages and calls

These are messages which we send to you to promote our products and services, as well as those of our business partners and other companies within the Howden Group.

If we contact you by e-mail or SMS/text to market our own products and services, then we will either do so because you specifically agreed to receive these messages (also known as “consent” under current laws), or because you told us you did not object to receiving these messages when you gave us your information (also known as “soft opt-in”).

The laws for telephone marketing are different, so if we use this method to market our own products and services to you, or those of another company, then we may do so either because you have specifically agreed to receiving these, or alternatively because your telephone number is not registered with, as applicable, the Telephone Preference Service (TPS) or the Corporate Telephone Preference Service (CTPS) and you have not previously told us that you do not want to receive calls from us. More information about these services is provided further on in this section.

  • "Solicited" marketing calls and messages

Solicited marketing communications are any calls or messages you have specifically requested. This type of contact commonly arises when you specifically ask us to arrange for one of our business partners to contact you about their own products or services, for example if you request this via a call-back form or similar function on one of our websites. It also occurs where you ask us to contact you closer to your existing renewal date to provide you with a quotation.

Because you have specifically requested the contact, it may be made regardless of any broader marketing permissions we or our business partners may hold about you.

We and our business partners will only make this kind of contact with you to provide you with the information you have requested. If the initial attempt to contact you is unsuccessful, we or our business partners may try again, so long as the total number and frequency of the attempts does not become excessive.

  • Opting out of marketing messages

You always have the right to opt out of future marketing messages or change how you receive them, and you can do so in the following ways:

  • By using the “unsubscribe” links present in any marketing e-mails or SMS/text messages that we send you;
  • By telling our agent that you wish to change your marketing preferences when you speak to them;
  • By using the details shown in the “how you can contact us” section of this notice, and telling us to update your marketing preferences, or;
  • For telephone calls and post only, by registering with the relevant Marketing Preference Services.
  • Marketing on social media

You may see adverts for our products and services if you use social media platforms such as Facebook or Instagram. This normally occurs where we have asked the social media platform to advertise us to audiences who are likely to have a need for particular services.

Exactly how and when you see our adverts is determined by your own privacy settings on the specific social media platform concerned. Normally, you will be seeing the advert because you have consented to receive targeted advertising via your social media settings.

You can find out more about how you can control the adverts you see, and exert control over how and when you are targeted by advertising on social media, by visiting the “Privacy Centre” or “Privacy Settings” section of the platform’s website or mobile phone app.

Last updated 1st July 2025

Quick links

Home

About

Support

What we cover

Public liability

Employers liability

Tool cover

Van insurance

Landlord insurance

Who we cover

Builders

Electricians

Plumbers

Cleaners

Decorators

Landscapers

Plasterers

© 2025 Tilt Services Limited. All rights reserved.
Tilt is a trading name of Tilt Services Limited, which is authorised and regulated by the Financial Conduct Authority registration number 578639. Registered Office: One, Creechurch Place, London EC3A 5AF. Registered in England and Wales under Companies House registration number 07980064.