Skip to content
Skip to menu
Skip to search
Skip to footer

Popular Searches

Group Privacy Policy

NFU Mutual understands that the information you trust us with is important to you, and we are committed to protecting and respecting your privacy.

This Policy explains how, when and why we collect your personal information during the course of providing services to you, under what circumstances we may disclose your personal information within our Group of Companies and to others, and how we keep it secure.

Summary:

  • We only collect personal information about you where it is completely necessary or you have consented, and we ensure that we only collect information that we need
  • We may send you marketing material, but you can opt-out at any time
  • We will not sell your personal information to third parties
  • We use third-party suppliers to help us provide an excellent service to you. Where we share personal information with those suppliers, we have the appropriate contracts or controls in place, which will assess the security of their processing arrangements, at initiation and throughout the contract life.
  • We will protect your personal information with an appropriate combination of technical and organisational measures
  • We record and monitor our communications with you to protect you and us for the reasons listed in Section 3
  • You have rights to your information. These are detailed in Section 11
  • We will endeavour to keep your personal information only for as long as we have to
  • If you have a complaint, please see how to contact us in Section 13
  • If you have any questions about how we process your information, please see how to contact us in Section 15

Policy Contents

1. What information do we collect about you?
2. Why we use the information about you
3. How will we use the information about you?
4. Information that we share
5. Information shared with the Motor Insurers' Bureau (MIB)
6. How we use credit reference agencies
7. Marketing
8. Information Security
9. Transferring your information outside of the European Economic Area (EEA)
10. Information we collect through your use of our websites
11. Your individual rights
12. Retaining your data
13. Complaints
14. Changes to our Privacy Policy
15. Who to contact in relation to processing of personal information at NFU Mutual

1. What information do we collect about you?

We need information about you to create your policy, service your policy and to offer our range of services. We need to collect information from you to do this and to offer you the right product for your circumstances.

This can include personal information about you and other people you may want included on a policy, information that we collect automatically, and personal information we collect from other sources. The information we collect will include:

  • Name(s)
  • Contact details (postal address, email address, telephone numbers)
  • Date of birth
  • Banking, credit/debit card details

Where necessary, we may also collect the following information:

  • Country of birth/citizenship/nationality/country of residence
  • Gender
  • Marital status
  • Information about family/household/dependants
  • Criminal convictions
  • Health information
  • Medical history
  • Claims history 
  • Vehicle ownership
  • Asset ownership
  • Employment status
  • Financial status including CCJs and declarations of bankruptcy
  • Previous claims
  • Video/Dash Cam Footage/Voice Recordings 
  • Additional needs data (information about significant life and health events) 
  • Log in details for the self-service areas of our online customer accounts and preferences for how you would like to receive your policy documentation (paper or paperless) 

In addition to the above, we may also collect information specifically for the following insurance products and services:

  • Motor – A Motor policy requires us to collect the personal information listed and further information about you and anyone to be covered by the policy or authorised to act on your behalf. This includes the type of licence you hold and for how long you have held it, any penalty points or motoring offences, any medical conditions which must be declared to the DVLA (or equivalent body, e.g. DVLNI), and previous claims. We need this information to effectively price your premiums. 
  • Personal – A Personal policy requires us to collect the personal information listed and additional information about you and any other people to be covered by the policy, such as information about your lifestyles and employment status, your home and any assets to be insured.
  • Commercial – A Commercial policy requires us to collect some of the personal information listed and additional information about the company’s directors and employees, as well as business contact details. If your business is under your name and located at your home address, naturally the information we collect will be personal to you.
  • Life – A Life product requires us to collect the personal information listed and additional information about you and any other people to be covered by the product. This may include information about your family, your financial preferences, salary, tax, pension details.
  • Risk Management Services – Our health and safety consultancy and loss control surveys require us to collect some of the personal information listed as well as information about the property or business being assessed.

2. Why we use the information about you

We collect your personal information for a number of reasons: To provide you with a quote, administer your policies, handle claims, protect us and you from fraud, improve the products and services we offer, and inform you of other products you may be interested in. We must have a legal justification, known as a legal basis, in order to use your personal information. Below is a list of the legal bases we may rely upon:

  • Performance of a contract: The use of your information is necessary to perform the contract that you, or a person covered on the policy, has with us.
  • Legitimate interests: We may use your information for our legitimate interests. Where we do rely on this legal basis, we complete a balancing test to ensure that our interests do not override the rights and freedoms that you have as an individual. 
  • Consent: We may rely on your consent to use your personal information. You may withdraw your consent at any time by speaking to your NFU Mutual Agent, managing your preferences in the online customer account or by contacting us at the address provided at the end of this Policy.
  • Legal Obligation: It may be necessary for us to process your data to comply with certain laws.

The table below summarises examples of how we might use your data, for each of the legal basis we rely upon:

Legal Basis Examples
Performance of a contract

To provide our products and services such as processing your quote, administering your policy, managing your policy renewal, and handling claims

To process payments when you purchase a product or require a refund

To adjust our services, based on any additional needs you may have
Legitimate Interests

For fraud detection and prevention to keep both you and us safe

To improve our products and services through using market research 

To enhance our pricing models and improve our products through data analysis

To train our staff to ensure we can provide the best service possible to our customers

To send you direct marketing about our products and services, unless you have opted out of marketing, that have been tailored to what we feel you would be interested in

If we lose touch, we may source information such as contact details so we can get in contact about your product
Consent

To send you direct marketing about our products and services or present you with personalised content on our online portal

On occasion we may send you direct marketing on behalf of carefully selected third parties, where we think it is relevant to you
Legal Obligation

Sharing motor insurance data with Law Enforcement Agencies when required

To communicate with you, including when handling complaints
Vital Interests If we deem there to be a risk to the life of yourself or others, we may disclose data to law enforcement agencies to ensure the safety of you and others.

How we use Special Category Data about you:

Where we process sensitive data (E.g., Health Information, Convictions, Ethnicity/Race), we need to have an additional legal basis. The below list are the additional lawful bases we rely on to process your sensitive data:

  • Substantial public interest: This includes where we process sensitive data for insurance purposes, preventing fraud and providing support for individuals with additional needs. 
  • Vital Interests: We may need to process or disclose data in order to protect you and your safety

The table below shows the additional legal basis we are relying upon with examples:

Legal Basis Examples
Substantial public interest 

To administer your policy, including claims handling and providing you with a quote for our services

For fraud detection and prevention to keep both you and us safe

To adjust our services, based on any additional needs you may have
Vital Interests If we deem there to be a risk to the life of yourself or others, we may disclose data to law enforcement agencies to ensure the safety of you and others.

3. How will we use the information about you?

We use the personal information we collect for a number of reasons. These include:

To give an appropriate assessment of the risk you’re hoping to have insured. We evaluate the risk and exposures of potential customers and then use the personal information collected to set up your policy and decide how much cover you should need or receive

To give you advice or guidance

To identify your additional needs (e.g. a change in health, disability adjustments or certain significant life events) which allow us to adapt our services to your needs 

To service your policy and any claims you make

Where necessary, we’ll use your information to verify your identity or those transacting on the policy

To personalise the information we provide to you through online customer accounts

For fraud and financial crime prevention and detection, and for legal purposes where we may need to use your information to investigate or respond to legal disputes, regulatory investigations or for compliance purposes. If we suspect fraud, we may use Automated Number Plate Recognition (ANPR) databases to understand if your vehicle has been used while it should have been off the road.

We may also use your personal information to ensure we comply with legal and regulatory requirements. This includes internal audits, monitoring and assurance activities to examine and evaluate the systems and controls within NFU Mutual

We record calls for quality control and training purposes. How long we keep recordings depends on our retention policy (see Section 12), unless NFU Mutual has a legitimate interest to keep recordings longer (as reasonably necessary), including for fraud detection and financial crime investigation purposes. Additionally, we record calls to:

  • Ensure that we have correctly followed your instructions
  • Resolve any queries, issues or disputes Help us understand how we could improve customer service
  • Respond to regulatory queries
  • Help our Fraud Prevention team with detection or prevention of fraud or other crimes
  • Assist with staff training and improve our customer experience

We also use your information to help us improve our products and services, our prices and our customer experience through analytics, reporting and testing 

We may use your information to contact you, if we need to tell you there is an error or change in your policy

We use credit reference agencies, to help us decide whether to offer insurance policies or services to potential customers. For more details, see Section 6.

For general communications such as our AGM or product performance and industry insights and news

Your data will be combined with publicly available information and third-party market research to enable us to understand your lifestyle segmentation, demographics and purchasing habits

We sometimes ask our customers to take part in market research

We may use machine learning and/or Artificial Intelligence to help us to provide you with or enhance our services. We will take steps to ensure that this is done in a responsible, fair and secure manner

We may make decisions on your quote, where provided online, with no human involvement. You have the right for this decision to be reviewed. For more details, see Section 11.

If you give us permission, we will collect information from you about your experience with NFU Mutual to use as a case study. You will be provided with a copy of this article and will have the right to confirm you are happy with any wording before it is published. This information may be circulated in one of our publications or shared with the press. It may include:

  • Names and titles
  • Photographs
  • Videos
  • Details about your claim

Life products and services - In addition to the above, we may also use your information to share your data with third-party tracing service providers, where appropriate, if we are unable to contact you, or to check if you have passed away.

Risk Management Services - In addition to the above, we may also use your information to provide you with risk management advice and technical assistance.

Corporate Business – In addition to the above, we may use your information for the purpose of statistical analysis and management information to enable you to understand the volume and types of claims made against your insurance policies. 

4. Information that we share

We may have to share your information with other companies in the Group, Farmers Unions, or to categories of third-party service providers, including insurance partners and brokers, in certain circumstances:

  • Where we need to share the risk with other insurers or reinsurers, we will share the necessary data you have given us with our carefully selected partners
  • To enable our corporate customers to understand the volumes and types of claims made against their insurance policies, we may share information relating to your claims against such a policy with these organisations, or brokers acting on their behalf
  • We may also share your personal data with Farming Unions for the purpose of direct marketing.
  • Where a policy is taken out, we may share your data with third parties to verify your identity.
  • Where we need to service your policy and handle a claim or query, we will use third-party lawyers, loss adjusters, and subject matter experts and repairers where appropriate (including when you have instructed us to liaise with your preferred provider, for example a specific builder, veterinarian or solicitor of your choice). 
  • We may share your data with fraud agencies and databases. Where fraud is detected, we may refuse our services, and this may affect your ability to obtain other products, services or employment. Fraud prevention agencies may retain your records, allow other organisations (including law enforcement) to use this information to prevent fraud and where necessary, may share outside of the United Kingdom in line with data protection laws. For more information, please contact us using the information in section 15.
  • Where required by law, we will share your information with third parties such as law enforcement agencies and regulatory or Government bodies. Failing to do so could result in fines or sanctions for NFU Mutual
  • We use other insurance companies to insure NFU Mutual as a business. Where required, we will share the necessary personal information with these insurers
  • There are some instances where we need to share your information with third parties to help us detect and prevent criminal or fraudulent activities. Fraud prevention agencies may also allow other organisations, including law enforcement, to access and use your personal data to detect, investigate and prevent crime.
  • Where fulfilling our contractual obligations to you requires it, we will share your information with third parties. For example, to follow up on engineering inspections or survey findings 
  • We may share your information with third parties where they provide parts of your policy cover to ensure your policy can be serviced and honoured. For example, where you have opted for breakdown cover, we will share your information with our breakdown partners
  • We will share your information with third-party IT providers who will support us in hosting, transferring, processing, testing and problem resolving. This enables us to provide the services and products you need. We may also share information with third-party audit companies providing expertise and assurance over our processes and controls
  • We may also share your information with third parties in relation to other activities, such as training that we carry out
  • In order to deliver you policy documentation and marketing campaigns, we will share your information with third-party printers, distributers (including digital content distributers), and courier services
  • If you enter one of our social media competitions, or contact NFU Mutual through social media, your information will be shared with our social media management platform providers
  • We may also share your information with third-party organisations who help us to research and analyse our product and service offerings, so that we can continue to provide you with the best possible service. You may opt out of this by contacting us using the details provided at the end of this Policy. 
  • If you enter one of our social media competitions, or contact NFU Mutual through social media, your information will be shared with our social media management platform providers.

Motor – In addition to those listed above, a Motor Policy may require the following categories of suppliers for handling a claim:

  • Loss Adjusters
  • Lawyers and legal cost negotiators
  • Special Investigators
  • Breakdown and recovery companies
  • Hire car providers
  • Vehicle repairers
  • Engineers
  • Windscreen repair companies 
  • Salvage companies
  • Rehabilitation specialists and medical professionals
  • Out of hours and overseas emergency claims helplines

Personal – In addition to those listed above, a Personal policy may require the following categories of suppliers for handling a claim:

  • Loss Adjusters
  • Lawyers and legal cost negotiators
  • Special investigators
  • Buildings repair contractors
  • Contents replacement companies
  • Home emergency companies and out of hours and overseas emergency claims helplines
  • Disaster restoration experts
  • Vets and appropriate specialists
  • Rehabilitation specialists and medical professionals.

Commercial – In addition to those listed above, a Commercial policy may require the following categories of suppliers for handling a claim:

  • Loss Adjusters
  • Lawyers and legal cost negotiators
  • Special investigators
  • Out of hours and overseas emergency claims helplines
  • Breakdown and recovery companies
  • Hire car providers
  • Engineers
  • Windscreen repair companies
  • Salvage companies
  • Disaster restoration experts
  • Rehabilitation specialists and medical professionals

Life – In addition to those listed above, a Life policy may require the following categories of suppliers for handling a claim:

  • Lawyers
  • Reinsurers
  • Medical Professionals
  • Banks

5. Information shared with the Motor Insurers' Bureau (MIB)

We work in partnership with the Motor Insurers’ Bureau (MIB) and associated not-for-profit companies who provide several services on behalf of the insurance industry. At every stage of your insurance journey, the MIB will be processing your personal information and more details about this can be found via their website: mib.org.uk. Set out below are brief details of the sorts of activity the MIB undertake: 

Checking your driving licence number against the DVLA driver database to obtain driving licence data (including driving conviction data) to help calculate your insurance quote and prevent fraud

Checking your ‘No Claims Bonus’ entitlement and claims history

Prevent, detect and investigate fraud and other crime, including, by carrying out fraud checks

Maintaining databases of:

  • Insured vehicles (Motor Insurance Policy Database or Motor Insurance Database/MID) 
  • Vehicles which are stolen or not legally permitted on the road (Vehicle Salvage & Theft Data or MIAFTR) 
  • Motor, personal injury and home claims (CUE) 
  • Employers’ Liability Insurance Policies (Employers’ Liability Database) 
  • Managing insurance claims relating to untraced and uninsured drivers in the UK and abroad
  • Working with Law Enforcement to prevent uninsured vehicles being used on the roads
  • Supporting insurance claims processes

6. How we use credit reference agencies

A credit reference agency (CRA) is an independent organisation that assists insurance companies in deciding whether to offer insurance policies to potential customers, based on information gathered about them from public sources and from major lending companies. One of the CRAs NFU Mutual works with is TransUnion, who’s own privacy policy can be found here: https://www.transunion.co.uk/legal-information/bureau-privacy-notice

NFU Mutual provides information to credit reference agencies and works with them to make decisions before we provide and during the provision our services, for example, when:

  • Checking details on applications for credit and credit-related or other facilities 
  • Managing credit and credit-related accounts or facilities 
  • Recovering debt
  • Checking details on proposals and claims for all types of insurance
  • Helping to detect and prevent crime, fraud and money laundering
  • Checking your credit history
  • Verifying your identity if you, or someone financially linked with you, applies for services. Credit checks may remain on your record
  • Validating your contact details
  • Undertaking research, statistical analysis and systems testing

7. Marketing

We would like to send you information about our products and services and other companies in our Group, as well as those provided by carefully selected third parties which may be of interest to you. A list of our current partners can be provided upon request. We will collect your information for marketing purposes, if you agree, when you obtain a quote, take out a policy with us, enter into a competition or provide your personal information through the NFU Mutual website. We may use data from publicly available sources to obtain your data for marketing. We may also purchase your data from third-party providers. This data includes your name, address, insurance renewal dates and predictions on your lifestyle. 

To ensure that we keep our marketing communications relevant and useful to you, we will share your data with carefully selected third-party marketing analytics organisations for customer profiling which will predict aspects of your lifestyle such as your interests, educational and financial status. This information may be used to select you for specific campaigns that we feel you would be most interested in, and present personalised information to you in our online customer account if you have consented for us to do so.

If you enter one of our competitions, we will collect your information in order to randomly select a winner and send out their prize. 

To stop us contacting you for marketing, write to Marketing Department (Do Not Contact Me), NFU Mutual, Tiddington Road, Stratford-Upon Avon, CV37 7BJ, or talk to your local agency.

8. Information security

We work hard to keep your data safe. We use an appropriate combination of technical and organisational measures to ensure, as far as reasonably possible, the confidentiality, integrity and availability of your information at all times. Where we take card payments from you, we will adhere to the principles set out in the Payment Card Industry Data Security Standard (PCI DSS) framework, ensuring secure transactions at every step. If you have a security-related concern, please contact us using the details provided at the end of this Policy. 

9. Transferring your information outside of the European Economic Area (EEA)

In order to provide our services, the information you give us may be transferred to countries outside the European Economic Area (EEA). These countries may not have similar data protection laws to the UK and therefore we need to ensure that any party with access to your information has implemented the necessary security and privacy measures to ensure that your personal data is kept secure and confidential as outlined in this Policy. To do this, we will implement appropriate safeguards into the contracts we hold with our suppliers. One of the main safeguarding tools we use is the UK’s International Data Transfer Agreement (IDTA) which is implemented after a risk assessment has been completed.

10. Information we collect through your use of our websites

We collect information through the use of cookies and similar technologies, to enable us to remember when you visit our websites and to improve your online experience. 

Cookies help us understand how you use our websites, view our products and respond to our advertising, so we can tailor direct marketing and enhance our overall product and service offering to you. When you visit one of our websites, we may record your device information including IP address, hardware and software used, general location, and when and how you interact with our websites.

This information is retained and used to note your interest in our products and to improve customer experience. 

When you receive direct marketing from us by email, we may use technology or links to determine how you use our direct marketing, and your interest in it. 

To find out more about our use of cookies and related technologies, please read our Cookie Policy.

11. Your individual rights

You have a number of rights with regards to the personal information that we hold about you, which you will have provided as part of taking up a quote or service with us. 

Right of Access: You have the right to request a copy of the information that we hold about you. We will provide you with this information within one month of receiving your request and verifying your identity. If the request is complex, we may extend the response time. We will inform you if this is the case and explain why. 

Right to Rectification: We want to make sure that your personal information is accurate and up to date. You may ask us to correct, update or remove information you think is inaccurate or incomplete, and we ask that you inform us promptly of any changes to your circumstances. 

Right to Erasure: You may also ask us to erase your personal information from our systems, in certain circumstances. There are some specific circumstances where the right to erasure does not apply, and we are permitted to hold your data. We will explain the reason for this at the time, should this occur. 

Right to Data Portability: You may also ask us to move, or ‘port’, your personal information to another organisation electronically. We will only port personal information you have provided to us, that we have processed based on your consent or performance of a contract, or that has been processed automatically. We will port your personal information without charge and within one month, where technically feasible. 

Right to Restricting Processing: You have a right to request that we restrict the processing of your personal data in certain circumstances. We will inform our third parties to whom we have disclosed your personal data that they must also restrict processing. We will inform you when the restriction on processing your personal data ends. 

Right to Object: Where are relying on legitimate interests, you have the Right to Object to the processing of your personal data.

Rights regarding Automated Decision Making, including Profiling: You have a right not to be subject to a significant decision based solely on automated processing, including profiling, and can request a human review of the decision.

If you would like to exercise these rights, please write to us, using the details provided at the end of this Policy outlining your specific request.

12. Retaining your data

NFU Mutual, and the information we collect about you, is subject to various regulatory and legislative requirements. In addition, we will endeavour not to keep your personal information for longer than we have to for us to fulfil our obligations to you. Where it is not possible for us to delete your data, we will ensure the appropriate security and organisational measures are put in place to protect the use of your information.

13. Complaints

We work hard to ensure that your personal information is treated safely and securely. However, if you have a complaint, write to us using the details provided at the end of this Policy. You also have the right to complain to the Information Commissioner’s Office. 

14. Changes to our privacy policy

We review our privacy policy regularly and will place any updates on our website and in relevant policy communications.

15. Who to contact in relation to processing of personal information at NFU Mutual

National Farmers Union Mutual Insurance Society Limited controls the processing of personal data on its systems. If you would like to discuss anything in relation to this Policy or how we handle your personal information, you can reach the Data Protection Officer for NFU Mutual by writing to: Data Protection Officer, NFU Mutual, Tiddington Road, Stratford-Upon-Avon, CV37 7BJ. 

You can also talk to a member of the team.

If you’d like this document in large print, braille or audio, just contact us at the address above.

Group Privacy Policy

pdf: 505kb

Properties Privacy Policy

pdf: 120kb