This Privacy Policy (“Policy”) applies to all information that we hold about you. In this Policy references to “we” “us” “our” “group” mean the One Broking Group which consists of One Broker Limited, One Broker (Cambridge) Ltd; One Broker (GDIS) Ltd and One Broker (Norwich) Ltd. We are committed to protecting your privacy and complying with the provisions of the Data Protection Act 1998, the General Data Protection Regulation and any subsequent data protection laws applicable within the jurisdiction of the United Kingdom of Great Britain and Northern Ireland (“Data Protection Legislation”). We ask that you read this Policy before providing us with any Personal Information.

We are Controllers of your personal information as defined within the Data Protection Legislation.

This Policy describes how we handle your personal information collected from providing our services to you as well as services via our websites. We are registered with the Information Commissioners Office (“ICO”) and can be found on the Data Protection Public Register via

This Policy should be brought to the attention of other parties who have an interest in the insurance policy who have given their consent to you to act on their behalf.

Policy amendments

From time to time, it may be necessary for us to change this Policy, so we suggest that you check here periodically.

If, at some time in the future, we wish to use your personal data in ways other than those set out in this Policy, then we will notify you about this and if required by law, we will seek your permission to do so.

IP addresses and cookies

This website uses cookies. We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. You consent to our cookies if you continue to use our website.

Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

You can at any time change or withdraw your consent from the Cookie Declaration on our website.

How we collect your Personal Information

We will collect your personal information in a number of ways, mainly from what you tell us yourself but also from other organisations and people who share your information with us. This will include written information from forms you have completed, notes from conversations via telephone calls, emails, details provided via our websites or social media and information from credit agencies or finance providers.

How we use your Personal Information

The personal information we collect will depend on the service we are providing you. Our main aim in gathering your personal information is to provide you with a customised service.

The type of personal information that will collect about you may include your:

contact details such as your name, postal address, email address and contact telephone numbers; date of birth;
national insurance number; occupation, passport; driving licence details if required; vehicle registration number; travel plans; details of previous claims; and financial information such as bank and credit card details.

We will also collect personal information about the persons to be covered under an insurance policy and their relationship with you as the policyholder.

To provide you with products and services we will also need to collect sensitive personal information (now known as ‘special category data’). This may include:

health information; gender; details of previous or alleged criminal offences or proceedings and convictions or County Court Judgements and bankruptcies
We may collect the following via our websites:

Name, postal address, phone number, occupation, IP address, other contact information, online identifier, interest you have in relation to our services or our practice areas, any information that you may volunteer by completing and submitting forms on our websites and details of your visits to and usage of our website.
We may use your personal information:

to provide your insurance-related services to you in response to your requests for quotations and renewal of insurance contracts where data will be shared with Insurers, providers and agents; to provide you with a claims service where data will be shared to facilitate this service with insurers, surveyors, loss adjustors, claims administrative support services; to help us develop new products and services to meet our customers' needs; to communicate with you and bring new products and services to your attention; for security purposes and to establish your identity; where we have a legitimate interest in doing so, such as the protection of our business, direct marketing, or for the detection and prevention of fraud and financial crime; to provide you with premium payment options to enable finance companies to provide you with a greater choice in making premium payments; and to deal with complaints made by you relating to our services or websites
We will rely on the following legal bases for processing your personal and special category information:

Legitimate Interest:
"Legitimate Interests" mean our interests in conducting and managing our business. We will rely on our legitimate interest in collecting and using your personal information for the reasons set out below:

to correspond with you, notify you of events or changes to our service or otherwise to fulfil your requests and respond to your queries and requests for information which may include marketing to you; for our business purposes such as data analysis, audits, to help us better understand our customers and improve our customer engagement in developing new products, enhancing, improving or modifying our websites, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities or for staff training purposes; where we have Introducers for the purposes of accounting for commission payments to them; in the context of claims we are handling on your behalf, for the purposes of establishing and exercising the defence of a legal claim; and for the prevention and detection of fraud and financial crime.

Legal Reasons:
To meet any applicable legal or regulatory obligations. To meet compliance requirements with our regulators (e.g. Financial Conduct Authority). To comply with law enforcement agencies.

Substantial Public Interest:
We may need to use personal information to carry out fraud, anti-money laundering checks & Financial Sanction checks; In addition, we will rely on the insurance derogation contained within schedule 1 part 2 of the Data Protection Act 2018 to process your special category data.

For direct marketing activities which do not fall under the legitimate interest basis.Where you have given your consent for a particular purpose and this has been recorded. Without your consent, we may not be able to provide you with the services requested or you may not be able to benefit from some of our services. Where a third party is involved we will need you to confirm that they have provided their consent for you to act on their behalf.

The information we collect about you is used solely for the purposes outlined above. We will only use it for additional purposes if we have received your prior consent to do so.

Reverse IP Lookup

We also use the IP address of website visitors to identify how our website visitors interact with our website.  We do this for two purposes:

1. To build an understanding of how our website content is performing, so that we can identify areas that could provide a better experience for website visitors. 

2. To identify the names of businesses visiting our website, so that we have the option to reach out to those who didn’t make contact with us. This information identifies only the business name related to an IP address. It does not identify any individuals within the business and no personally identifiable data is captured.

Sharing of personal information

We will keep your information confidential at all times and only process it in accordance with this Policy, the Data Protection Legislation and other applicable UK legislation. However, in certain circumstances we will share your information with:

other members of our group of companies, and those companies which may join the group from time to time;our employees for the purpose of providing our service to you and for exercising our legitimate interests;insurers, their associated companies and agents for the purpose of insurance and claims administration which could include loss adjusters, suppliers and providers of goods and services associated with your insurances;finance companies where you have requested this payment option;companies who provide a service to you as a direct result of our relationship;
companies which whom we may provide services jointly, and whose logo appears on our products and literature;our service suppliers, agents, and subcontractors;companies that assist us with our marketing activities;anyone to whom we transfer our right, assets, liabilities and debts;relatives or guardians (on your behalf where you are incapacitated or unable) or other people or organisations associated with you such as your legal representative. Also, where you have named an alternative contact to deal with your insurances on your behalf;if required, we will also share your information with the Financial Ombudsman service and regulatory authorities such as the Financial Conduct Authority and the Information Commissioner’s office;credit reference agencies;fraud prevention agencies. These agencies will assist us in our regulatory obligation to prevent fraud and financial crime. If fraud is detected on your part, it may affect your ability to obtain;credit;Insurance;other financial services; andobtain employment.

Credit Searches

To ensure the Insurer has the necessary facts to assess your insurance risk, verify your identity, help prevent fraud and provide you with our best premium and payment options, the Insurer may need to obtain information relating to you at quotation, renewal and in certain circumstances where policy amendments are requested. The Insurer or their agents may:

Undertake checks against publicly available information (such as electoral roll, county court judgments, bankruptcy orders or repossession(s). Similar checks may be made when assessing claims,Carry out a quotation search from a credit reference agency (CRA) which will appear on your credit report and be visible to other credit providers. It will be clear that this is a quotation search rather than a credit application.
Where you agree to pay monthly under an Insurers credit agreement, the status of your quotation search from the Insurer’s credit reference agency (CRA) will be updated to reflect your credit application and this will be visible to other credit providers. CRA’s may keep a record of this search.

In order to assess your application, the Insurer will supply your personal information to their CRA and they will give Insurers information about you, such as about your financial history. They do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. They will also continue to exchange information about you with CRA’s on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRA’s will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates.

The identity of their CRA and the ways in which they use and share personal information, are explained in more detail at

The information we collect about you is used solely for the purposes outlined above. We will only use it for additional purposes if we have received your prior consent to do so.

Transfer of data outside of the European Economic Area
We do not currently transfer personal information about you outside of the European Economic Area but may wish to do so in the future. The data protection and other laws of those countries may not be as comprehensive as those in the UK and the European Economic Area, but we will take steps to ensure that your privacy rights are respected and that your data is treated securely and in accordance with this Policy.

Technical safeguards

We will have in place safeguards through organisational and technical measures to ensure that your personal information is protected from unauthorised use or disclosure. We ensure that where your data is shared there are procedures and contractual arrangements in place to keep your data confidential.

Security of your personal data via the internet
The Internet is not a secure medium of communication and we cannot guarantee the security of any information transmitted via the Internet. However, once received we will take reasonable technical and organisational precautions to prevent the loss, misuse, alteration of, or unauthorised access to your personal data.


Please note that if you communicate with us electronically, including by e-mail, telephone or fax, this communication may be randomly monitored or recorded to protect the interests of our business and our customers. This includes maintaining high quality standards, crime detection and/or prevention and to ensure that our employees comply with legal obligations and our policies and procedures (including customer relations practices).

Data Retention

Data is retained for the period necessary in order to fulfil the purposes outlined in this Policy unless a longer retention period is required or permitted by law. This is usually between three and ten years and it will depend on the nature of the personal information and what we do with it.

In the absence of a specific business case supporting a longer period the Group will retain client data, accounts data and complaints data from the date of the complaint, for seven years, quotation data for 3 years and subsidence claims records for 10 years. Liability insurance products will often be kept for extended periods.

Your rights

Whenever we process data using your explicit consent, you have the right to withdraw your consent.

Whenever we process data for our legitimate interests we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data Protection Legislation. Our legitimate interests do not automatically override your interests and we will not use your information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

You have the right to object to this processing, and if you wish to do so please contact us using the details below, however, please bear in mind that if you object this may affect our ability to deal with your legal claim.

You also have the following rights under the Data Protection Legislation:

to request a copy of the personal information that we hold on you;to request that we correct any information if it is found to be incorrect or out of date;to request that your information is deleted if it is found to be inaccurate or out of date;to lodge a complaint with the Information Commissioners Office,
Exercising any of the above rights may mean we cannot continue to deal with your insurances and may result in policy cancellations. You will therefore lose the right to bring any claim or receive any benefit under the policy and you may also lose benefits under the policy for an event prior to you exercising your rights as well, if the ability to deal with the claim has been prejudiced.


We will only contact you if you have agreed that we can to tell you about products and services that we feel you will benefit from or may interest you. These may be from any company in the group or under their respective trading styles. A list of all the trading names of the group can be found here.

You may unsubscribe to receiving emails or marketing communications at any time by contacting us to update your preferences. In such circumstances we will continue to send you service related communications which are non-marketing where necessary.

However, we may run specific marketing campaigns through social media and digital marketing where an individual’s personal data is not used for the campaign and in such situations you will need to adjust your social media and cookie browser settings to adjust your preferences.

When submitting your personal information via any of the group’s websites you are given the option to opt-in to the use of your personal information for marketing purposes. However, you may instruct us not to process your personal information for marketing purposes at any time using the contact details stated below.

Contacting us

If you have any questions, wish to exercise any of your rights detailed in this Policy or update your marketing preferences please contact the Group Compliance Manager:

By phone: 01603 760511
By Post: Discovery House, 4 Norwich Business Park, Whiting Road, Norwich, NR4 6DJ.

Or via our contact us page on our websites

If you have a complaint or concern about how we use your personal information, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have the right to lodge a complaint with the Information Commissioners Office at any time.