Data Protection Policy

1. Introduction

Directfinanceuk ("we," "our," or "us") is committed to protecting the personal data of individuals in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Data Protection Policy outlines how we collect, process, store, and protect personal data in the course of our business activities.

As an insurance intermediary, we handle various types of personal data from website visitors, potential customers, and business contacts. This policy applies to all personal data processing activities undertaken by our organization.

2. Data Controller

Directfinanceuk acts as a data controller for personal data processed in connection with our business activities. Our registered details are:

3. Types of Personal Data We Process

We may collect and process the following categories of personal data:

3.1 Contact Data

• Contact information (name, email, phone, address)
• Company information (company name, size, industry)
• Communication records
• Enquiry details and preferences

3.2 Website User Data

• IP addresses and device information
• Browser type and usage patterns
• Cookies and tracking data (see Cookies Policy)
• Form submissions

3.3 Affiliate Tracking Data

• Referral source information
• Affiliate link click data
• Conversion tracking information

4. Legal Basis for Processing

We process personal data only where we have a lawful basis to do so. Our legal bases for processing include:

4.1 Consent

Where processing is based on consent, we ensure it is freely given, specific, informed, and unambiguous. Data subjects may withdraw consent at any time.

4.2 Legitimate Interests

Processing necessary for our legitimate interests, provided these are not overridden by the individual's rights, including:

• Business development and marketing
• Network and information security
• Internal administrative purposes
• Analytics and service improvement

4.3 Contract Performance

Processing necessary for the performance of a contract to which the data subject is party.

5. Data Processing Principles

We adhere to the following data protection principles, as required by UK GDPR:

5.1 Lawfulness, Fairness, and Transparency

We process personal data lawfully, fairly, and in a transparent manner. We provide clear information about our data processing activities through this policy and supplementary notices.

5.2 Purpose Limitation

We collect personal data for specified, explicit, and legitimate purposes and do not process it further in a manner incompatible with those purposes.

5.3 Data Minimisation

We ensure personal data is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

5.4 Accuracy

We keep personal data accurate and, where necessary, up to date.

5.5 Storage Limitation

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected.

5.6 Integrity and Confidentiality

We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing.

6. Data Subject Rights

Under UK GDPR, data subjects have the following rights:

6.1 Right of Access

Individuals have the right to obtain confirmation as to whether we hold personal data about them and to access that data.

6.2 Right to Rectification

Individuals have the right to have inaccurate personal data rectified.

6.3 Right to Erasure

Individuals may request deletion of personal data where there is no compelling reason for its continued processing.

6.4 Right to Restrict Processing

Individuals may request restriction of processing in certain circumstances.

6.5 Right to Data Portability

Individuals have the right to receive their personal data in a structured, commonly used format.

6.6 Right to Object

Individuals have the right to object to processing based on legitimate interests.

To exercise any of these rights, please contact us. We will respond to requests within one month.

7. Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of sensitive data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments
• Employee training on data protection and security
• Secure disposal of data and equipment

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, subject to legal and regulatory requirements.

9. Third-Party Processors

We engage third-party service providers to process personal data on our behalf. All processors are carefully selected and required to implement appropriate security measures and maintain confidentiality.

Our processors include providers of:

• Website hosting and analytics
• Email and communication services
• Customer relationship management

10. Changes to This Policy

We may update this Data Protection Policy from time to time to reflect changes in our practices or legal requirements.

11. Contact Us

If you have questions about this Data Protection Policy or wish to exercise your data subject rights, please contact us:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your personal data in accordance with applicable data protection laws.

ICO Contact Details:

Telephone: 0303 123 1113

Website: www.ico.org.uk