Skip
Prima

Privacy policy

Last modified: 14/05/2026

We, Prima Subsidiary Ltd, trading as Prima, with company number 12728615 and registered office address of Alto Building, 30 Stamford Street, London, SE1 9LS, take your privacy seriously. This privacy policy describes how we collect, process and store personal data about you alongside how we use and protect your personal data, and your rights.

The personal data of our website users, prospective customers, customers and any additional or named drivers listed on a policy (collectively known as “Users”) is processed under the UK General Data Protection Regulation (“UK GDPR”) and Data Protection Act 2018 (“DPA’18”). For the purposes of this Privacy Policy, Prima is the "controller" of your personal data. This means that Prima determines the purposes for which – and the manner in which – your personal data is processed.

This privacy policy should be read alongside our Terms and Conditions (https://www.helloprima.co.uk/terms-and-conditions) and Cookie Policy (https://www.helloprima.co.uk/cookie-policy).

Scope of this privacy policy

This privacy policy applies to our use of any and all personal data about you collected by us – or provided by you – including in relation to:

Ways we collect data

We collect personal data in the following ways:

  • Through our online forms;

  • When you contact us either through our website, telephone, post, email or other means;

  • When you enquire about any of our products or services;

  • When you take out any of our insurance policies, or engage in any of our other products or services;

  • Through our third party affiliates and credit reference agencies, such as Experian and TransUnion;

  • When you complete our surveys or provide us with feedback on our services;

  • When you register with us to receive our products or services;

  • When you make payments to us using our website or otherwise;

  • When you choose to receive marketing communications from us; and

  • When you otherwise use our services.

The personal data of our Users is processed under UK GDPR and DPA’18 under the following legal bases:

  1. All information provided by a User when obtaining a quote or taking out an insurance policy is processed under the legal basis of contract.

  2. All other personal data, including personal data that is collected directly from Users during the course of using our website, filling in surveys or forms or otherwise contacting Prima, which has not been listed above, is processed under legitimate business interest for the purposes of providing information to Users on our products and services or otherwise effectively delivering our services.

Prima relies on soft opt in to send occasional marketing emails to our current policyholders. You can unsubscribe from these emails when you buy your policy. You can also unsubscribe at any time after that by:

  • Clicking "unsubscribe" at the bottom of any marketing email from us; or

  • Emailing [email protected].

Types of data we collect

We may collect the following personal data about Prima Users:

  • Full name;

  • Date of birth;

  • Address;

  • Gender;

  • Job title;

  • Profession;

  • Marital status and relationships to other people (e.g., family members or named drivers on the same insurance policy);

  • Contact information (e.g., email addresses and telephone numbers);

  • Demographic information (e.g., preferences and interests);

  • Data about the area that you live in (e.g., crime, demographic, socio-economic, housing, forecasts of livelihoods and activities);

  • Information about health, life events, resilience and capability that help us identify if you’re a vulnerable customer and whether we need to change our approach to suit you;

  • Unique identification data (e.g., driving licence number);

  • Information about your previous motor insurance quotes, policies, claims and any other data relevant to your motor insurance product;

  • Driving information (e.g., your driving licence provision, restrictions or endorsements and driving convictions);

  • Financial crime and sanctions-related data (e.g., information obtained from lists of fraud, money laundering and sanctions);

  • Vehicle information (e.g., registration number, vehicle specification details, MOT and finance history);

  • Payment information (e.g., payment card number, bank account details and other payment information);

  • Credit assessment data and credit account information received from credit reference agencies, such as Experian and TransUnion (e.g., credit scores, credit product repayment history, bankruptcy, voluntary arrangements, county court judgments and more general credit history data);

  • IP address;

  • Web browser type and version;

  • Operating system;

  • How you use our website, including the date, times and frequency with which you access our website and the way you use and interact with its content;

  • Telephone recordings and online chat transcripts from your interactions with our customer support teams;

  • Marketing communication preferences and customer feedback; and

  • Email tracking data, so we can check you have received and opened vital service emails.

Some of the categories of personal data that we may collect are special categories of personal data (also known as sensitive personal data). In particular, we may process data about your health and criminal convictions where this is required to offer you an insurance quote. Please see the below section for more information about special category data.

We may be required by law to collect certain personal data about you, or as a consequence of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfilment of these obligations.

It’s important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during the period that we hold it.

Special Category Data

During the course of using our website, Prima and our third party affiliates may process special category personal data from Users including, but not limited to, gender, racial and ethnic origin, religious or philosophical beliefs, health and sexual orientation.

Where special category personal data is processed, we will ensure that the necessary additional safeguards are in place to protect such data, acknowledging that by definition special category data should be treated with additional care due to the sensitive nature of the data collected.

Our use of your personal data

The personal data provided to us may be used in the following ways:

  • To provide you with products and services;

  • To personalise services;

  • To deal with your enquiries and requests;

  • For internal record-keeping;

  • To improve and develop products and services through the use of data modelling and analytics;

  • To contact you with marketing and offers relating to products and services offered by us and/or other members of the Prima group (unless you have opted out of marketing, or we are otherwise prevented by law from doing so);

  • To contact you for market research purposes or feedback;

  • To comply with legal obligations to which we are subject and cooperate with regulators and law enforcement bodies;

  • To exercise or defend our rights and interests, or the rights and interests of third parties;

  • In order to facilitate the sale of all or part of our business; and

  • To complete credit and wider checks, including in relation to potential customers, policy holders and named drivers.

Third party sources

Prima may receive personal data about you from the following third parties:

  • Comparison websites and other similar platforms that you’ve used to obtain quotes for motor insurance;

  • Third parties who provide you with additional services to your motor insurance (e.g., motor legal cover or breakdown cover);

  • Third parties who supply us with services related to your motor insurance cover (e.g., a third-party insurer, legal advisers and other experts);

  • Third parties involved in your claim (e.g., claims handler, other insurer, claimants, defendants, witnesses and lawyers);

  • Credit reference agencies (e.g., Experian and TransUnion);

  • Providers of insurance information, including no claims history, fraud, crime and sanctions data (e.g., Motor Insurers' Bureau (MIB), Claims Underwriting Exchange (CUE), LexisNexis, MyLicence, TransUnion and CIFAS);

  • Government agencies and regulatory bodies (e.g., Driver and Vehicle Licensing Agency (DVLA), Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA), Information Commissioner's Office (ICO) and Financial Ombudsman Service (FOS));

  • Insurance industry bodies (e.g., Association of British Insurers);

  • Third parties who provide us with information about people who’ve expressed an interest in hearing about insurance products;

  • Third parties who provide us with other services (e.g., actuaries, auditors, legal advisers and other professional advisers);

  • Providers of marketing and advertising services;

  • HM Land Registry;

  • The Office for National Statistics;

  • Open Government Licence;

  • Internet searches;

  • News articles; and

  • Social media sites (e.g., LinkedIn, X (formerly known as Twitter) and GitHub).

How we use credit reference agencies

As a part of our application process and ongoing relationship with you, we work with credit reference agencies to perform credit and identity checks. These agencies include Experian (https://www.experian.co.uk/consumer/privacy.html) and TransUnion. These checks give us information on Users, such as financial history and where appropriate data relating to a spouse, any joint applicants or financial associates. We have an obligation to carry out these checks. For example, to:

  • Assess creditworthiness and product suitability;

  • Check your identity; and

  • Prevent criminal activity.

For more information on Experian and how they operate as a credit reference agency, please refer to their individual Credit Reference Agency Information Notice (“CRAIN”) (https://www.experian.co.uk/legal/crain/).

How we use AI Voice Assistant

We are trialling Voice Assistant, a new artificial intelligence (AI) feature provided by Vapi.

When you call our customer service team, the Voice Assistant can collect some information from you before you are transferred to a human agent. This allows our human agent to help you faster. The feature does not involve any automated decision making. And Vapi does not store any of your personal data after it is collected and transferred to us.

For more information on how Vapi process your personal data, see their privacy policy.

Links to other websites

Our website may, from time to time, provide links to other websites. We have no control over the websites we link to and we’re not responsible for their content. This privacy policy does not extend to your use of any websites we link to. We recommend you read the privacy policy of other websites before using them.

How we keep your data secure

We use technical and organisational measures to safeguard your personal data. For example:

  • Access to your account is controlled by a password and a username that’s unique to you

  • We store your data on secure cloud servers

Technical and organisational measures include ways of dealing with any suspected personal data breach. If you suspect any misuse, loss or unauthorised access to your data, please let us know immediately by emailing us at [email protected].

For more details about how to protect your personal data, computers and devices against fraud, identity theft, viruses and many other online problems, please visit https://www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

Who we share data with

We may share your personal data in the following circumstances:

  • Service providers and business partners. We may share your personal data with our service providers and business partners that perform marketing services and other business operations for us. For example, we may partner with other companies to process secure payments, fulfil orders, optimise our services, send newsletters and marketing emails, support email and messaging services and analyse information.

  • Third party data providers (as listed above) We may share your personal data with third party data providers in order to enable them to provide us with information about you, as described in the ‘Third party sources’ section of this privacy policy.

  • Insurers or reinsurers. We may share your personal data with insurers or reinsurers that we work with in order to enable us to properly underwrite your insurance policy.

  • Industry bodies, law enforcement agencies, courts, regulators, government authorities, credit reference agencies or other third parties. We may share your personal data with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.

  • Asset purchasers. We may share your personal data with any third party that purchases, or to which we transfer, all or substantially all of our assets and business, or in the course of negotiations for any such transaction. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal data uses it in a manner that is consistent with this Privacy Policy.

  • Our parent company Prima Assicurazioni SpA and our other group companies, for any of the reasons in this Privacy Policy.

  • Fraud prevention agencies who will use it to prevent fraud and money laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information will be used by us and some fraud prevention agencies, and your data protection rights, can be found at www.cifas.org.uk/fpn.

  • The finance lenders, Fintern Limited (trading as 'Abound') and Close Brothers Limited, who provide your premium finance if you apply to pay your premium in monthly instalments. Finance lenders will use your personal data to assess your application and, if approved, to set up your credit agreement with them.

The recipients referred to above may be located outside the UK. See the section on "International Data Transfer" below for more information.

International data transfers

Prima may, from time to time, transfer data between different Prima entities, including its parent company Prima Assicurazioni SpA. Where applicable such transfers are made under an Intra Group Agreement and Data Processing Agreement that is in place between Prima Subsidiary UK and Prima Assicurazioni SpA. Alongside this, any transfer between Prima entities is limited to within the European Economic Area (“EEA”).

In order to provide services to you, Prima may transfer your personally identifiable information to third parties, affiliates, and service providers, some of which may process and/or store your personally identifiable information outside of the EEA. However, in such an instance all reasonable steps will be taken to ensure that your personal data is treated securely and in accordance with this Privacy Policy (where possible). Any data transfers that take place outside of the EEA will be covered by the necessary Data Transfer Agreement (“DTA”) and Standard Contractual Clauses (“SCCs”).

Data retention

We will keep your personal data for as long as we have a relationship with you. Once our relationship with you has come to an end, we operate a data retention period of 7 years from the date of our last interaction with a User. 7 years after the date of our last interaction with a User all of the data provided by the User during all of their interactions with us will be reviewed and securely deleted/ destroyed, subject to our legal and regulatory obligations.

We will delete your personal data when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.

Automated decisions about you

The way we analyse personal data for the purposes of risk assessment and fraud prevention may involve employing solely automated means to make decisions about you.

We may make the following automated decisions about you:

  • Where such decisions are necessary for entering into a contract. For example, we may decide not to offer our products to you, or we may decide on the types of products that are suitable for you, or how much to charge you for our products

  • Where such decisions are required or authorised by law, for example for fraud prevention purposes

  • Where you give your explicit consent to us carrying out automated decision-making.

You can contact us at [email protected] to request further information about automated decision-making, object to our use of automated decision-making, or request an automated decision to be reviewed by a human being.

We also make automated decisions about you based on your personal data which may include, but is not limited to, selecting personalised offers, discounts or recommendations to send you.

These types of decisions will not have a significant impact upon you, but you can still contact us for further information.

Profiling

We may use your personal data to carry out profiling. This means analysing information about you to evaluate or predict your preferences, interests or behaviour.

The data that we use for profiling may include demographic information and other technical data (for example, device identifiers or IP address).

When we process your personal data for profiling, we make sure that this does not have legal or similarly significant effects on you.

Processing the personal data of those below the age of 13

Our website is not intended for use by anyone under the age of 13 nor does Prima knowingly collect or solicit personally identifiable information from anyone under the age of 13. If you are under the age of 13, you may not attempt to send any information about yourself to us, including your name, address, telephone number, or email address.

During the course of using our relationship with a User, we may unintentionally process the personal data of children under the age of 13. This may occur where a responsible adult User has made an insurance claim, where a child is a claimant. Where this is the case, we acknowledge that the necessary parent or legal guardian has consented to Prima processing this information. Whilst we do not encourage the disclosure of such data, we recognise that the processing of such data may occur as part of making an insurance claim.

In the event that we confirm that we have collected personally identifiable information from someone under the age of 13 without verification of parental consent, we will delete/destroy that information promptly. If you are a parent or legal guardian of a child under the age of 13 and believe that we might have any information from or about such a child, please contact us at the email or mailing address provided at the end of this Privacy Policy.

Your rights

You may have the following rights in relation to your personal data, to exercise any of the below rights please email us at [email protected].

  • Right to access – You have the right under DPA’18 to access the information that we hold about you. This will be provided to you within one calendar month of the request date.

  • Right to rectification – You have the right under DPA’18 to request the amendment or updating of all the personal data that we hold about you.

  • Right to erase – This includes the right to request that we delete or remove your personal data from our systems. Should you make such a request, your personal data will be deleted in line with our statutory and legal responsibilities.

  • Right to restrict our use of your personal data – In line with Article 18 (1) (a) to (d) of UK GDPR you have the right under DPA’18 to obtain from the controller a restriction of processing.

  • Right to data portability – You may have the right under DPA’18 to receive personal data we hold on you in a structured, commonly used and machine readable format. This right will only apply where the lawful basis of processing is consent or the performance of a contract and the processing is by automated means.

  • Right to object – This includes the right to object to our use of your personal data.

  • Right to complain to us or the relevant data protection authority (see ‘contact us’ below).

We encourage you to contact us to update or correct your personal data if it changes or if the personal data, we hold about you is inaccurate.

We will contact you if we need additional information from you in order to honour your requests.

Enforcement

We cooperate with the appropriate regulatory authorities, including local data protection authorities (the UK Information Commissioner’s Office (“ICO”)), to resolve any complaints regarding the collection, processing and disclosure of personally identifiable information that cannot be resolved between Prima and the individual.

If you have a concern about your privacy or would like to know more about how your personally identifiable information is collected or used, please contact us. We ask that when you contact us with a complaint, please include contact information and clearly describe your complaint. For any complaint regarding privacy please use [email protected].

We will respond to your request or complaint within a reasonable time and will let you know the next steps in resolving your complaint. If you are not satisfied with our response, you may also contact your local and federal data protection authorities to lodge a complaint.

Should you not be satisfied with the process, conduct or response to a request you may have made you have the right to complain to the ICO (https://ico.org.uk/make-a-complaint/).

Changes to this privacy policy

We reserve the right to change this privacy policy as we may deem necessary from time to time.

Where changes to this privacy policy will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights (e.g., to object to the processing).

Contact us

Prima Subsidiary Ltd is the controller responsible for the personal data we collect and process.

To make enquiries, exercise any of your rights set out above, or withdraw your consent to the processing of your personal data (where consent is our legal basis for processing your data), please contact us by emailing [email protected].

Our Data Protection Officer can be contacted at: DigitalLawUK Ltd, Digital Media Centre, County Way, Barnsley, South Yorkshire, S70 2JW or [email protected]