Privacy Notice for Consumers

This privacy notice is issued by (collectively referred to as “we”; “us” and “our”) and relates to our use of any personal data, concerning you, (referred to as “data”) collected by us; where you are a policy holder.

We respect your privacy rights and your rights as a data subject. We will manage and protect your data accordingly, whilst it is in our hands, in accordance with all applicable data protection legislation and in accordance with this notice.

Who is the Data Controller?

We are registered with the Information Commissioner’s Office, as a data controller, under the
registration number of Z5939772. We can be contacted at the following address:

CPA Consumer Guard Ltd/ / The Consumer Protection Association,

CPA House, 11 North Bridge Street, Shefford, SG17 5DQ

Tel: 01462 850062


Who is the Data Protection Officer?

We have appointed a Data Protection Officer, who is the point of contact for enquiries relating to how your data is processed. The Data Protection Officer can be contacted at the following address:

The Data Protection Officer

CPA Consumer Guard Ltd / The Consumer Protection Association,

CPA House, 11 North Bridge Street, Shefford, SG17 5DQ


What is the Purpose of Data Processing?

We require to process your data in order to arrange and administer a contract of insurance between you and the insurer. The purpose of the insurance is to provide protection to home improvement works.

The legal basis for processing your data are as follows:

  • Processing your data is necessary for the arrangement of the insurance contract between you and the insurer; and the insurer’s performance of the insurance contract which you will be party to.
  • If your insurance contract provides protection against breaches of the Building Regulations; processing your data is necessary in order to protect the vital interests of building occupants and users.
  • Processing your data is necessary in pursuit of our and the insurer’s legitimate interests in arranging your insurance contract; and in the legitimate interests of your contractor -and any competent person scheme in which your contractor is a member- in arranging appropriate financial protection for you.

How Will We Use Your Data?

We will use your data in the normal course of business to:

  • Administer your insurance policy.
  • Underwrite your insurance policy (including aggregating your data with other similar data for actuarial purposes).
  • Handle claims on your insurance policy (including effecting and instructing repairers). • Deal with any complaints that you may have.
  • Verify your identity.
  • Confirm with third parties that you have received insurance cover.
  • Where we have a legal basis to do so; help us to identify and market products that may be of interest to you.

We may use your data, in the course of our business, for the prevention and detection of fraud. Where we suspect fraud, this may entail:

  • Sharing your data with public bodies including the Police.
  • Undertaking fraud searches.
  • Checking your data against fraud prevention databases.

Your data will not be used by us for the purposes of any automated decision-making or profiling.

How Did We Receive Your Data?

Your data was submitted to us, in order to arrange your insurance cover, by the contractor/installer named in writing on your policy of insurance. Your data was not sourced, by us, from a publicly accessible source.

What Types of Data Do We Process?

The data we hold is limited to your name; address; contact details; information about your insured installation; and information we receive as part of a claim or complaint made by you.

In respect of your data: We do not hold or process special categories of data (those relating to your racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; sex life or orientation; genetic data; biometric data; or data relating to any criminal convictions or offences).

Will Third Parties Receive Your Data? What Are Their Interests?

Your data shall be passed to the insurer in order for them to perform the contract of insurance.

We have a data sharing agreement with FENSA Limited (referred to as “FENSA”), Certass Limited
(“Certass”) and Assure Certification Limited ("Assure").

FENSA, Certass and Assure may have a legitimate interest in receiving your data because; as authorised
competent person scheme operators named in Schedule 3 of the Building Regulations 2010, they are
bound by specific legal obligations to ensure that works carried out by their member contractors receive
appropriate financial protection. We may share this information with FENSA, Certass or Assure in order for them
to verify and confirm that appropriate financial protection is in place.
We shall not transfer data to any third party without the explicit request of the consumer.

How Long Will We Keep Your Data?

Your data will be retained only for as long as is necessary for us to effectively administer your policy of insurance. This means that your data will be retained until claims under your policy are barred; or as long as is necessary to defend against legal claims; whichever period is the longest.

What Are Your Rights to the Data?

Right of Subject Access 

You can request details of all data we hold about you by submitting a subject access request to the Data Protection Officer, at the address provided above.

We aim to comply with such a request from you within one month of the request being made. Where we cannot provide you with this information within one month; we shall inform you of this and provide the reasons why this cannot be achieved; at which point, we shall have a total of 3 months to comply with this request.

In the normal course of business, we shall not charge a fee for a subject access request. However, in the event that you make a subject access request that is of a manifestly unfounded, repetitive or excessive nature, we reserve the right to charge a fee of £10 per request.

Right of Rectification 

In the event that your data is incorrect; you have the right to have this rectified by us. In the event that any of your data is incorrect, please contact the Data Protection Officer at the address provided above. We shall not charge a fee for your data to be rectified.

Right of Objection 

You have the right to object to our processing of your data. Please note, that where we require to continue to process your data for reasons such as the defence of claims, we shall not be required to cease processing your data. In the event that you wish to object to us processing your data, please contact the Data Protection Officer at the address provided above.

Right of Erasure 

You have the right to request that we delete your data provided that; we no longer require your data; or there is no legitimate legal basis for us to process your data; or we have unlawfully processed your data; or the data must be erased in order to comply with the law.

If you have grounds to request that we delete your data -and you wish to do so- please contact the Data Protection Officer at the address provided above. We shall not charge a fee for your data to be deleted from our databases.

Can a Complaint Be Made?

If you have any complaints about how we process your data; please contact the Data Protection Officer, at the address provided above.

In the event that we are unable to resolve your complaint: You have the right to make a complaint to the Information Commissioner’s Office if you believe that your information has been mishandled by us. The Information Commissioner’s Office can be contacted as follows:

Information Commissioner’s Office
Wycliffe House
Water Lane
Tel: 0303 123 1113