Back to home

Privacy Policy

Last updated Jun 2025 v2.0

TCA Group Limited (we, us, our) take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal information. It also explains your rights in relation to your personal information and how to contact us or supervisory authorities in the event you have a complaint.

We collect, use and are responsible for certain personal information about you. When we do so we are subject to the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018, and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

Personal information is any information relating to an identified or identifiable individual.

Special category personal information is any personal information revealing racial/ ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic / biometric data and data concerning health, sex life or sexual orientation.

Clients that we provide services to are insurance companies including through their representatives and agents. In some cases this extends to insolvent insurers through their liquidators and applicable statutory compensation schemes as well as other professional insurance entities. We do not offer or undertake any services for insurance customers.

Personal information we collect about you


We may collect and use the following personal information and special category personal information about you:

▪ Name and contact information including email address, telephone number and company details
▪ Information to enable us to check and verify identity, eg date of birth
▪ Gender information
▪ Details of salary and benefits, bank / building society, national insurance and tax information, age
▪ Details of spouse / partner and any dependants
▪ Details of pension arrangements
▪ Health and wellbeing
▪ Location data
▪ Personal or professional interests
▪ Professional online presence, eg LinkedIn profile
▪ Information to enable us to undertake credit or other financial checks
▪ Information about how our website, IT, communication and other systems are used
▪ Details of insurance policies and claims for customers of our clients relating to services we provide to our clients

How your personal information is collected

We may collect information about you in the following ways:

▪ Publicly accessible sources
▪ From you directly and/or a third party with your consent
▪ Directly from a third party including our clients, sanctions screening provider, credit reference agency or insurer
▪ From cookies on our website although currently we do not do so

How and why we use your personal information

Under data protection law, we can only use your personal information if we have a proper reason for doing so:

▪ to comply with our legal and regulatory obligations
▪ for the performance of our contract with you or to take steps at your request before entering into a contract with you
▪ for our legitimate interests or those of a third party
▪ where you have given consent

A legitimate interest is when we have a business or commercial reason to use your information provided this is not overridden by your own rights and interests. We explain below what we use (process) your personal information for and our reasons for doing so:

Providing services to our clients for performance of a contract with our client or to take steps at their request before they enter into a contract

To prevent and detect fraud against you or our clients for our legitimate interests or those of a third party, in order to minimise fraud that could be damaging for us, our client and for you

Conducting checks and verification of our clients’ and individuals’ identity together with other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, eg sanctions screening regulations or rules issued by professional trade associations to comply with our legal and regulatory obligations

Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies or professional trade associations to comply with our legal and regulatory obligations

Operational reasons, such as improving efficiency, training and quality control for our legitimate interests or those of a third party in order to be as efficient as we can so we can deliver best service and cost

Ensuring the confidentiality of commercially sensitive information for our legitimate interests or those of a third party in order to protect trade secrets and other commercially valuable information as well as to comply with our legal and regulatory obligations

Statistical analysis to help us manage our business in relation to our financial performance, client base, product range or other efficiency measures for our legitimate interests or those of a third party in order to be as efficient as we can so we can deliver best service and cost

Updating and enhancing our records for the performance of a contract with our client / you or to take steps at our client’s / your request before entering into a contract, to comply with our legal and regulatory obligations, and for our legitimate interests or those of a third party such as making sure we can keep in touch with our clients about existing contracts and new products.

Statutory returns to comply with our legal and regulatory obligations

Marketing our services to existing and former clients as well as prospective clients that have previously expressed an interest in our services and other third parties with which we have had no previous dealings for our legitimate interests or those of a third party in order to promote our business to existing, former and prospective clients

External audits and quality checks such as the audit of our company accounts and to maintain industry accreditation to comply with our legal and regulatory obligations and for our legitimate interests or those of a third party in order to maintain our accreditations so we can demonstrate we operate to a high standard

Who we share your personal information with

We share personal information with our:

▪ clients on a regular basis
▪ service providers including accountants, bankers, design agency, insurers, IT support, legal advisors, premises and telecommunications suppliers as necessary to operate our business
▪ consultants / contractors where retained as required to provide services to our clients

We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We impose contractual obligations on service providers to ensure they can only use your personal information to provide services to us and where applicable consultants / contractors completing services for our clients.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

Also we may need to share some personal information with other third parties, such as potential buyers of some or all of our business or during a company restructure. Usually personal information will be redacted however this may not always be possible. The recipient of the information will always be bound by confidentiality obligations.

Where your personal information is held

Information may be held at our offices and those of our third party clients and service providers as described above under Who we share your personal information with.

Some of our third parties may have offices located outside of the United Kingdom (UK) and the European Economic Area (EEA) where similar data protection regulation applies. For more information, including how we safeguard your personal information when this occurs see below under Transferring your personal information out of the UK and EEA.

How long your personal information will be kept


We will keep your personal information for as long as is necessary to:

▪ respond to any questions, complaints or claims made by you or on your behalf
▪ show that we treated you fairly
▪ keep records required by law or by our clients

We will not retain your personal information for any longer than is necessary for the purposes set out in this policy. Specific retention periods apply for different types of personal information.

Transferring your personal information out of the UK and EEA

We will not transfer your data outside of the UK and EEA and will make checks to confirm our third parties that receive personal information from us likewise do not transfer your data outside of the UK and EEA.

Your rights

You have the right to access personal data we may process about you, to correct any inaccuracies in your data, and to require us to erase personal data we may process about you. If you wish to exercise this right, you should:

▪ put your request in writing
▪ include proof of your identity and address eg copy driving licence or passport and recent utility or credit card bill
▪ specify the personal data and what your request includes

Keeping your personal information secure

We have appropriate security measures to prevent personal information from being accidentally lost, or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

Also we have established procedures to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How to complain

We hope that we can resolve any query or concern you may raise about our use of your information. Also GDPR gives you the right to lodge a complaint with an appropriate supervisory authority. The supervisory authority in the UK is the Information Commissioner and may be contacted at ico.org.uk/concerns or on telephone number 0303 123 1113.

Changes to this privacy policy

We may change this privacy policy from time to time and will indicate when changes have been made by revising the last updated date and version as shown at the top of this document.

How to contact us

Please contact us by post, email or telephone if you have any questions about this privacy policy or the information we hold about you.

Our contact details are as follows:

TCA Group Limited
New London House
6 London Street
London EC3R 7AD

T +44 ( 0 ) 20 3741 9597 +44 ( 0 ) 20 3741 9597
E info@tcagroup.co.uk