top of page

Privacy Policy Overview

1. Introduction

At Smith Bilbrough & Co. Ltd (“SBI”), we are committed to protecting your personal data and handling it in a transparent, lawful and responsible manner. This summary explains how we collect, use, store and share personal data in line with applicable Data Protection Laws, including the UK GDPR and the Data Protection Act 2018.

​

2. Who We Are

SBI acts primarily as a Data Controller, meaning we determine how and why your personal data is processed.
In certain circumstances, we may also act as a Data Processor.
For any data protection enquiries, you may contact our responsible officer at:
paolo.santamaria@sbi.uk.com

​

3. Data Protection Principles

We follow the core principles of the UK GDPR, ensuring that personal data is:

  • processed lawfully, fairly and transparently;

  • collected for clear and legitimate purposes;

  • limited to what is necessary;

  • accurate and kept up to date;

  • stored only as long as required;

  • secured against unauthorised use or loss;

  • supported by accountability and demonstrable compliance.

These principles guide every aspect of how SBI manages personal data.

​

4. Why We Process Personal Data

We process personal data for several reasons depending on our relationship with you:

As an Insurance Intermediary

We use personal data to:

  • handle enquiries and requests

  • prepare and provide insurance quotations

  • arrange and administer insurance contracts

  • manage and collect claims

  • engage with insurers, Lloyd’s Managing Agents, and other market participants

  • maintain proper records and regulatory compliance

As a Business

We use personal data to:

  • comply with regulatory and statutory requirements

  • interact with professional advisers and service providers

  • engage with market bodies such as Lloyd’s

  • enter into commercial agreements

  • ensure effective corporate governance

As an Employer

We use personal data to:

  • assess candidates and perform background checks

  • enter into and manage employment contracts

  • administer payroll, benefits and training

  • obtain regulatory approvals where required

​

5. Lawful Basis for Processing

We only process personal data where a lawful basis exists under the UK GDPR. This may include:

  • Consent (for example, special category data)

  • Contractual necessity (to arrange or administer insurance)

  • Legal obligation (compliance with regulatory requirements)

  • Vital interests

  • Public interest (where applicable)

​

6. What Personal Data We Collect

The personal data we collect varies depending on the service provided and may include:

  • name, address and contact information

  • date of birth

  • identification numbers (e.g. National Insurance, passport)

  • information required for insurance placement

  • special category data, where relevant and with consent

As an employer, we may collect additional data needed for HR, regulatory or administrative purposes.

​

7. How We Obtain Personal Data

We may collect personal data directly from you or from third parties involved in an insurance contract you ask us to arrange.
If you provide data on behalf of someone else, you must ensure they have been informed of our Privacy Notice and that any necessary consent has been obtained.

​

8. Who We Share Your Data With

Depending on our role, recipients of personal data may include:

  • insurers and Lloyd’s Managing Agents

  • claims professionals, assessors and surveyors

  • regulatory authorities

  • lawyers, accountants, auditors and professional advisers

  • service providers supporting our business

  • payroll and employment‑related providers

We only share data where necessary and appropriate.

​

9. International Transfers

Although SBI is based in the UK, certain insurance activities may require us to transfer personal data outside the UK.
When this occurs, we always implement appropriate safeguards to ensure an equivalent level of protection.

​

10. Data Retention

We retain personal data only for as long as necessary to meet legal, regulatory, contractual or operational requirements. Retention periods may vary depending on whether we process the data:

  • as an insurance intermediary

  • as a business

  • as an employer

In some cases, insurance market rules (such as Lloyd’s requirements) may require extended retention.

​

11. Your Rights

Under the UK GDPR, you have several rights regarding your personal data, including:

  • the right to access your data

  • the right to rectification or erasure

  • the right to restrict or object to processing

  • the right to data portability

You may exercise these rights by contacting us using the details provided above.

​

12. Complaints

If you have concerns about how we use your data, you may contact us directly.
If you are not satisfied with our response, you may lodge a complaint with the UK supervisory authority:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113
Website: https://ico.org.uk/make-a-complaint/data-protection-complaints/

bottom of page