This Privacy Policy explains  how we use your personal data which we collect about individuals in relation to our insurance products.

We take the security of your Personal Information very seriously. We use a combination of technical, organisational and physical security measures to protect your Personal Information in line with our obligations under data protection law. Our employees receive training to help us comply with data protection law and safeguard your privacy.

Most of the Personal Information we collect relates to the individual who is taking out a policy. We may also ask for Personal Information about other individuals if we need it., e.g.: if you ask us to provide insurance for other household or family members, or members of a group.

If we ask an insured person to provide health information about other family members where this is relevant to the risk we’re covering when we arrange a policy or handle a claim; and if your policy covers support or treatment for other individuals such as your spouse, family or friends.

If you provide us with Personal Information about someone else, we’ll assume that you have their permission, where required. We’ll process their Personal Information according to this Privacy Policy so you might find it helpful to show them this Privacy Policy and if they have any concerns please contact us

ST&R Limited, part of the JST Group, is the data controller of your personal data. We are responsible for how we collect, store, and use your information.
Our registered address is:
ST&R Limited,
Lingmell House,
Water Street,
Chorley,
Lancashire
PR7 1EE

You can contact us at:
Tel: 01257 542 454
Email: complaince@starlimited.co.uk
Compliance Manager: Leanne Hodgson

Use of Your Information

We use the information we collect from you for the following purposes:

1. To provide our insurance broking services to you.

We use your personal information (such as your name, address, contact details, risk information, and insurance history) to assess your needs and arrange appropriate insurance cover. This may include:

• Collecting information required by insurers to provide quotes (e.g. property details, business activities, driving history, etc.)
• Recommending insurance products that match your risk profile and circumstances
• Submitting applications to insurers and managing policy documentation
• Handling mid-term adjustments (MTAs), renewals, and cancellations
• Assisting you in the event of a claim

This processing is necessary to perform our contract with you and to take steps at your request prior to entering into an insurance contract.

1. To provide information that you request relating to our products or services.

When you contact us with a query — whether online, by phone, or in person — we may need to process your personal data to respond accurately. This includes:

• Providing quotations or renewal details
• Explaining policy coverage and exclusions
• Advising on claims procedures or documentation
• Clarifying the status of your policy or upcoming renewals

This ensures we can fulfil your requests promptly and accurately.

1. To provide details of similar goods or services to those you have previously purchased.

We may use your previous purchasing history to let you know about similar insurance products that may be relevant to your needs. For example:

• If you have a commercial motor policy with us, we may notify you of suitable fleet insurance options.
• If your personal home insurance is due for renewal, we may inform you of alternative or upgraded products.

This is done under our legitimate interest to offer you relevant services that could benefit you, but we will always provide you with an opportunity to opt out of such communications.

1. To provide information about other products or services, including from selected third parties, where you have provided your explicit consent.

Where you have expressly agreed, we may share your contact details with selected third-party providers or send you marketing material about:

• Ancillary services such as legal cover, breakdown assistance, or premium finance
• Other financial products that we believe may be of genuine interest to you
• Insurance partners offering complementary services outside your current policy

We will only process your data in this way if we have your freely given, informed, and unambiguous consent, which you may withdraw at any time.

Types of Personal Information Collected

• General data – includes your name, date of birth, marital status, country of residence/citizenship and your relationships to other people, e.g. family members where they are also covered on the policy.
• Contact data – includes your address, telephone number and e-mail address.
• Identification data – includes government issued identification numbers e.g. your NHS number and other identifiers e.g. usernames and social media identifiers.
• Appearance and behavioural data – includes your gender, age, descriptive data e.g. your height, demographic data and behavioural data e.g. your purchase history.
• Health and lifestyle data – including details of pre-existing or past medical conditions, your family medical history, details regarding appointments and consultations with medical professionals, diagnoses, medical records, whether you do or have ever smoked, details regarding alcohol consumption. For further information see Sensitive Personal Information.
• Product data – includes information about quotes, policies, schemes and claims and any other information relevant to your product, including renewal dates and policy and claim histories.
• Employment-related data – includes your employment status, job title, salary and employment history.
• Vulnerability data – information about health, life events, resilience and capability that helps us identify if you might have additional support requirements in order that we can better meet your needs.
• Telephone recordings– information obtained during recordings of telephone calls.
• Marketing and communication preferences, promotion entries and customer feedback – includes marketing and communication preferences, information relating to promotions and prize draws, responses to surveys, complaints and details of your customer experience.

We only use your data where we have a legal basis to do so. This includes:

You can withdraw your consent to marketing at any time by contacting us using the details above.

*Legitimate interest examples may include –

• To further our business and commercial activities and objectives, or those of a third party, e.g. to provide our products and services and produce management information on our performance and the performance of third parties.
• To help us better understand our customers and improve our customer engagement including by carrying out marketing analytics and profiling, e.g. by making certain predictions and assumptions about your interests.

Use of Legitimate Interests as a Legal Basis

In certain situations, we rely on legitimate interests as a lawful basis for processing your personal data. This means we process your data where it is necessary for the operation of our business, and where doing so does not override your rights, interests, or freedoms.

Examples of where we may rely on legitimate interest include:

• Administering and managing our insurance broking services
• Communicating with existing customers about similar products or services
• Preventing fraud or misuse of our services
• Responding to non-contractual enquiries from potential clients
• Internal record keeping and data analytics to improve service delivery
• Monitoring calls or emails for training, compliance and quality assurance

Balancing Test – Protecting Your Interests

Before relying on legitimate interests, we carry out a balancing test to assess:

1. Purpose– Is the purpose of processing clearly defined and necessary?
2. Necessity– Is there a less intrusive way to achieve the same outcome?
3. Impact– What is the potential impact on your privacy?
4. Safeguards– Are there appropriate safeguards in place (e.g. data minimisation, encryption, opt-outs)?

We ensure that:

• The processing is proportionate and relevant
• Your data is not used in a way that is unexpected or unfair
• You have the right to object to processing where legitimate interest is the basis
• You are informed of the processing and its purpose in this privacy notice

Categories of Personal Data We Process

We may process the following categories of personal data:

• Identity information (e.g. name, date of birth, driving licence details)
• Contact details (e.g. address, email, phone number)
• Insurance history and cover requirements
• Payment information (e.g. bank or card details)
• Claims and incident information

Sensitive data where applicable (e.g. health, criminal convictions – with explicit consent). We can only collect and use sensitive personal information where we have an additional, specific lawful basis to process such information. We usually rely upon one of the following lawful bases where we process Sensitive Personal Information:

• Reasons of substantial public interest:
• insurance purposes – including advising on, arranging, underwriting and administering contracts of insurance, administering claims under a contract of insurance and exercising rights, or complying with obligations that arise in connection with contracts of insurance.
• complying, or helping someone else comply with, a regulatory requirement relating to unlawful acts and dishonesty – including regulatory requirements to carry out money laundering checks.
• preventing or detecting unlawful acts – including disclosures to competent authorities.
• preventing fraud – including investigating alleged fraud.
• safeguarding the economic well-being of certain individuals – including where we identify additional support required by our customers.
• equality of opportunity or treatment – including where we need to keep under review the equality of treatment of customers with additional support needs.
• Necessary to establish, exercise or defend a legal claim – including where we are faced with legal proceedings, we bring legal proceedings ourselves or where we are investigating legal proceedings that a third party has brought against you.
• Necessary to protect the vital interests of you or another individual.
• Information has been clearly or obviously made public by you.

Storing Your Personal Data

We store your data securely, including via our encrypted online storage system at Star-Store.co.uk. By submitting your data, you agree to this form of secure storage.

We ensure that appropriate safeguards are in place (such as standard contractual clauses) to protect your data to UK GDPR standards.

We apply the following safeguards to protect your data:

• Access to controls: Role-based permissions and restricted staff access to sensitive data.
• Encryption: All personal data stored electronically is encrypted to recognise industry standards.
• Firewall and antivirus protection: Regularly updated to protect our system from external threats
• Regular backups: Your data is backed up securely.

While we take reasonable steps to protect your data, please note that data transmission over the internet is not completely secure and is at your own risk.

Data Retention Periods

We retain personal data for only as long as is necessary to fulfil the purposes we collected it for, including:

• Fulfilling legal, regulatory, tax, accounting, or reporting requirements.
• For insurance industry record-keeping, typically up to 7 years after the end of your relationship with us.
• Where there is no specific legal requirement, we will delete or anonymise your data once it is no longer needed.

Providing personal data to us is necessary for us to provide you with an insurance policy or related services. If you do not provide the information requested, we may not be able to offer our services or enter a contract with you.

Some information may also be required by law or regulatory obligations (e.g. anti-fraud checks, sanctions screening).

Automated Decision-Making / Profiling

In the provision of insurance services, we may use automated decision-making or profiling to:

• Assess your risk profile
• Determine premium levels
• Conduct anti-fraud checks

Where this occurs, it is done either to fulfil a contract with you or under our legitimate interest. If an automated decision significantly affects you, you have the right to request a human review of the decision.

Your Rights Under the UK GDPR

You have the following rights under data protection law:

• Right to access – You can request a copy of the personal data we hold about you.
• Right to rectification – You can request that we correct any inaccurate or incomplete data.
• Right to erasure – You can ask us to delete your data in certain circumstances.
• Right to restrict processing – You can ask us to suspend use of your data.
• Right to data portability – You can request your data in a structured, machine-readable format.
• Right to object – You can object to our processing in certain situations, especially for marketing purposes.
• Right not to be subject to automated decision-making – You may request human intervention.

To exercise your rights, please contact our Compliance Manager  at the details above. We aim to respond to requests within one month. It may take us longer if the request is particularly complicated or you have made several requests. We’ll always let you know if we think a response will take longer than one month. We may also ask you to provide more detail about what you want to receive or are concerned about.

We may not always be able to do what you have asked. This is because your rights will not always apply, e.g. if it would impact the duty of confidentiality we owe to others, or if the law allow us to deal with the request in a different way. We will always explain to you how we are dealing with your request. In some circumstances (such as the right to erasure or withdrawal of consent), exercising a right might mean that we can no longer provide our product to you.