Nutshell Insurance Privacy Policy

We take your privacy seriously and want to be clear about how we use your personal information. This Privacy Policy explains why we collect your data, who we might share it with, what your rights are, and anything else we think you should know.

We offer different types of insurance – like car, home, business, and pet insurance – and this policy applies to all of them. Sometimes, we need to share your information with trusted partners who help us manage your policy. The main reason we use your information is to provide the services you’ve asked for. We also use it for things like research and preventing fraud.

This Privacy Policy applies to personal information processed by BISL Limited, who are the data controller of the personal data that you provide on our website and/or the data we collect from you and others. This means that we are the company responsible for deciding how your information is processed.

BISL Limited is part of the Markerstudy Group and provides products and services under various brands. If you want to know more about the Markerstudy Group, you can find out more at Markerstudy Group (www.markerstudygroup.com).

When we say “we”, “us” or “our”, we mean the specific company in the Markerstudy Group that handles your data. If you have any questions about how we use your information, you can email us at dataprotection@markerstudy.com.

If another company is involved in your policy – like an insurer or a provider of extras such as breakdown cover – they may also use your data. In that case, they’ll have their own privacy policy, which you should read (check your policy documents for details).

The list of our suppliers is as follows:

Motor Legal Protection (MLP)

Administered by ACM ULR Ltd. Underwritten by RAC Insurance Ltd.

Guaranteed Replacement Car (GRC)

Administered by ACM ULR Ltd. Underwritten by ARAG plc on behalf of SCOR UK Company Limited

No Claims Discount (NCD) Protection

Administered by BISL Limited

If you pay for your policy by monthly instalments you will be taking out a credit agreement. Your credit arrangement will be provided by BFSL Limited, which is part of the Markerstudy Group and which provides credit arrangements on our behalf. Data relevant to your credit agreement will be shared with BFSL Limited. BFSL Limited will also be a data controller of this data and will be responsible for how that data is processed.

We follow strict rules to keep your personal information safe. The type of information we collect depends on the service you use and your situation. Most of it comes directly from you, but sometimes we collect details about other people too – like named drivers or family members. If you give us someone else’s information, please make sure they know and agree.

Here’s the kind of information we might collect:

Personal information – such as your name, date of birth, and details of others on your policy.
Contact information – including address, telephone numbers and email details.
Identification information – driving licence, usernames and social media identifiers.
Appearance and behavioural – include your gender, age, images, demographic data and behavioural data, e.g. your purchase history.
Insurance details – information about what you are insuring (vehicle, home, pet etc.).
Product Information – quotes, policies, schemes, claims, relationships you have with intermediaries and any other information relevant to your product, including renewal dates and policy and claim history.
Claims information – if a claim is made under an insurance policy, this includes information about the claim collected from you and relevant third parties, e.g. witnesses, suppliers etc.
Fraud and sanctions – information obtained as a result of our investigations including via external bodies such as the Insurance Fraud Bureau.
Employment-related information – employment status, job title.
Vehicle and driving-related information – includes driving licence entitlement and restrictions or endorsements, driving convictions, vehicle details including registration number, MOT details and carbon emissions, vehicle ID number, digital location ID, dashcam footage and telematics data where you are seeking a policy with telematics capability. Where you have taken out a telematics insurance policy, it is a condition of the policy that a telematics device is fitted to your vehicle, or you download a telematics app. This information helps us profile your vehicle's usage and ensures that your insurance premium reflects your driving habits.
Financial data – includes credit and payment card numbers (including updated card information provided by card issuers when changes are made), bank account details, payment information, whether you provide a continuous payment authority (CPA).
Credit assessment data – includes information received from credit agencies, e.g. credit rating and details of bankruptcy orders, voluntary arrangements and county court judgments. For further information see Credit Reference Agencies.
Authentication data – includes account log-in information, passwords and memorable data for accessing your accounts.
Video and audio recordings – include photographic images, video footage and audio recordings and where relevant, telematics data.
Telephone recordings and online chat transcripts – information obtained during recordings of telephone calls or online chats with our representatives and call centres.
Communication preferences – including promotion entries and customer feedback. Any information relating to promotions and prize draws, responses to surveys, complaints and details of your customer experience.
Cookies – small files that help us understand how you use our website (see our Cookie Policy for more).
Communications – We record the date, time, click rates, device type, and IP address when you open our emails or texts. This helps us improve customer service and prevent fraud.
Criminal information – records, including license endorsements, penalties, and offences for all insured individuals.
Additional Information – health or life details that help us offer better support.

We collect your personal information at different points while you’re using our services – like when you ask for a quote, speak to our team, make a claim, use our website or customer portal, or if your policy includes a black box (telematics).

We get your information in a few different ways:

directly from you, such as when you request a quote, renew your policy, make changes or claims, and when you contact us.
from insurance brokers – if you’ve used one to arrange your policy.
from price comparison websites – if you use one to get a quote, they send us the details you entered. If you buy a policy through them, we’ll also share some info back with them, like whether you bought the policy or if it’s still active. We may also share info to help with complaints or to prevent fraud.
from third party databases used by the insurance industry (e.g. DVLA, Claims Underwriting Exchange and Motor Insurers Bureau - see below for more information).
from our suppliers (e.g. to assess damage following a claim).
from publicly available sources (e.g. the electoral register).
from other insurers with whom you have held insurance (e.g. to verify no claims discount eligibility or for the prevention or detection of crime).
from other companies within the Markerstudy Group (we may also share information across the Group, when necessary, such as for fraud prevention purposes)
from how you use our website – we may track things like how many quotes you’ve asked for, what you click on, and what you type into forms.
if you contact us electronically, we may collect your electronic identifier e.g. Internet Protocol (IP) address or telephone number supplied by your service provider.
from phone calls or online chats – we usually record these to support what was said, improve our service, and for training.

Sometimes we need to share your information with other companies to provide certain services or features. When we do this, we make sure they keep your data safe and only use it for the reasons we’ve agreed.

We may receive information from or share information with the following third parties, if necessary:

Contracted third parties providing services in connection to your policy, for example insurers (where we are the broker), legal advisors, assistance providers/optional extra product providers etc.
Price comparison websites and similar companies - to make things easier for you online.
Credit reference agencies.
Optional extra product providers (such as legal expenses cover).
Government agencies/DVLA/MIB.
Regulators such as Financial Conduct Authority (FCA).
Insurance bodies, including Association of British Insurer .
Debt companies.
Fraud prevention services – like the Insurance Fraud Bureau.
Finance companies – if you pay for your policy in instalments.
Data analysis companies – like LexisNexis or Experian, to help us understand and manage risk.

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioural metrics, heatmaps, and session replay to improve and market our products/services. This is done using cookies and other tracking tools, but only if you’ve agreed to it. You can read more in Microsoft’s Privacy Statement.

We need to collect and use your personal information so we can give you a quote or set up an insurance policy. If you don’t give us the information we ask for, we won’t be able to offer you a quote or provide cover.

Providing you with a quote and administering your policy

We use your personal details – like the ones you give us when you ask for a quote, your past policies, ID details, credit checks, payment history, and how you use our website – to:

Give you a quote
Set up and manage your policy
Handle payments and renewals
Deal with claims and complaints
Check that your details are accurate
Work out the right price for your insurance

Providing you with a service

We and our trusted partners use your information (including from our other brands) to build a better picture of you as a customer. This helps us:

Make better decisions when you apply for products
Check your creditworthiness
Show you more relevant content and offers
Work out future quotes more accurately.

We also share this information with our insurers for the same reasons.

If our business is ever sold or merged with another company, we may need to share your information – but we’ll make sure it stays protected and is only used for the right reasons.

Understanding your needs

We collect your personal information to understand your needs and meet regulatory requirements. This includes data on your assistance needs, health, life events, financial situation, and capabilities.

This information may come directly from you or from third parties like our suppliers or partners.

Some types of information, like health or criminal records, are more sensitive. We only use this kind of data when it’s really needed – for example, to offer extra support or provide documents in a different format.

We may share this information with third party suppliers or business partners to ensure they can provide an appropriate service to you. Additionally, we may analyse this data to enhance our services and better meet our customers’ needs. We may also exchange this information with other companies within the Markerstudy Group of Companies for these purposes. You can request changes or updates to the data we hold at any time. Please let us know using the contact information at the end of this Privacy Policy.

If we use information about criminal offences, it’s usually to help with your insurance or to prevent fraud.

Existing Data

We’ll check our records to see if you’ve had a policy or quote with us or one of our brands before. We may also share your information with our group companies and insurers to help with this.

Credit providers we work with may also check their records if you’ve applied for credit with them before. This helps us assess your quote and may be used for research and analysis.

We also check data from our trusted partners to apply discounts, prevent fraud, and improve our services.

Publicly available sources

We and our insurers sometimes use publicly available information – like your postcode or the electoral roll – to help assess risk and give you an accurate quote. We may also check public records when you make a claim.

Information About Other People

If your policy includes other people – like a named driver – we may need to collect their information too. Please make sure they know about this privacy policy. By agreeing to the policy, you’re also agreeing to us using their information where needed.

Sensitive Information and Criminal Records

To give you a quote and manage your insurance policy, we may need to ask for sensitive personal details. This could include your health (like medical conditions) or any criminal convictions or offences.

Where we collect special personal data and criminal conviction or offence data to provide you with your quote and your policy, we process this data because it is in the substantial public interest to do so for the purposes of advising on, arranging, underwriting or administering an insurance contract.

We may also keep this data to help with legal claims or to prevent and detect crime, including fraud.

Payment and Card Information

We use your payment details to manage any money owed under your policy. This might involve sharing your payment information with banks, credit agencies, or debt collectors to help with things like processing payments, refunds, or handling claims.

If you have taken out credit you can find further information within the credit agreement.

If you’ve agreed to let us store your card details, we’ll use them to renew your policy, process refunds, or collect any extra charges. We’ll always let you know before taking a payment and give you a chance to make other arrangements if needed.

Marketing

When you request your quote, you will be given an opportunity to confirm whether you are happy to receive marketing material from us. If you confirm you are happy to receive this material, we will use your postal address, email address and telephone number to send you marketing materials by post, email, telephone call or SMS. We do not pass your data to third parties for marketing purposes.

You can change your mind at any time by logging into My Account and updating your preferences. You can also unsubscribe from emails by clicking on the unsubscribe link on any marketing emails that we send you or by contacting us.

This will not impact any communications that we need to send you for the purpose of your policy, for example communications about your renewal, updates about your policy or information about any quotes we’ve provided to you.

We use the data we hold to help us understand our customer demographic to help us improve the services that we provide to you and to help us target our advertising and marketing so that we show customers adverts or marketing which may be more relevant to them. We may sometimes work with carefully selected third parties to do this for example using advertising services provided by organisations such as Google and Facebook and may share data with them to carry out this research and analysis, however, will not sell your data to third parties for them to market to you.

Research and Analysis

Sometimes we may contact you by post, email, or phone to ask for feedback or invite you to review our services. We may also ask research companies to do this on our behalf.

We use data from your quotes, policies, and claims to improve our services and products. We may share this data with our insurance partners, usually in a way that doesn’t identify you. This data won’t be used to make decisions about you personally.

We also look at how you use our website to help us improve it. We do this because it’s in our business interest to make our services better. We take care to protect your rights when using your data this way. If you don’t want to be contacted for research, just let us know.

After you buy or renew a policy, we may ask a third party to invite you to leave a review of our service.

Competitions and Special Offers

We may share your data with trusted partners to apply discounts or memberships to your account. This helps us give you the right price for your policy.

If you enter a competition or special offer, we’ll use your personal details (like your name and contact info) to run the promotion. We might need to share your data with others, like suppliers, to send you a prize.

Sometimes, our website may let you send a page to a friend. If you do this, please make sure your friend is okay with it. We’ll include your name in the message, so they know who sent it.

Automated Decision, Profiling and Artificial Intelligence (AI)

When you ask us for a quote, apply for insurance, make changes to your policy, or renew it, we sometimes use computer systems to make decisions automatically. This means a computer—not a person—reviews your information to help us decide things like:

Whether we can offer you insurance
How much your policy will cost
Whether you’re eligible for a credit agreement to pay in instalments
Whether there are any signs of fraud or unusual activity

This is called automated decision-making.

Markerstudy Group will perform necessary checks when utilising AI models to comply with data protection laws and relevant regulations prior to any processing. Data security and encryption will be applied to any personal data used.

Types of processing we may perform:

We use this kind of technology because it helps us quickly and fairly assess your insurance needs. The system looks at lots of details, like your personal info and vehicle details, to work out your quote and policy terms.
We may check your information against our own records and trusted third-party databases (including public ones) to make sure everything is accurate and we’re pricing our products appropriately.
If something in your information looks suspicious or doesn’t match what you’ve told us before, our system may flag it for fraud or money laundering checks.
We also use your data to help us improve our services. This includes using AI and machine learning to analyse trends, train our systems, and better understand our customers.
These tools help us manage claims, predict what products people might need, and spot false claims. We also use them to make sure our data is accurate and up to date.

Because of these automated checks, we might:

Offer you a specific price or policy terms
Adjust your premium
Decide not to offer you insurance.

We always follow data protection laws and take steps to keep your information safe and secure.

We collect and use your information by following data protection laws. The legal bases we rely on include:

Performance of a contract – For example, to set up your insurance, manage your policy, or handle any claims.
Compliance with a legal obligation – We may need to share your information with regulators, tax authorities, or the police if the law says we must.
Legitimate interests – This includes improving our services, contacting you about our products (unless you’ve asked us not to), doing research, and running customer surveys.
Consent – Sometimes we’ll ask for your permission to use your information for a specific reason.
Substantial Public Interest - If we need to use sensitive information (like health or criminal record details), we’ll only do so when it’s necessary for legal reasons or because it helps keep insurance fair and affordable for everyone.

When We Use Sensitive Information

We may need to use sensitive personal data (like health or criminal history) for reasons such as:

For insurance purposes, including advising on, arranging, underwriting, and administering insurance contracts; managing claims under an insurance contract; and exercising rights or fulfilling obligations related to insurance contracts.
Meeting legal checks, like anti-money laundering rules.
Preventing or reporting crime.
Investigating and preventing fraud.
Ensuring individuals' financial stability, including extra support for customers when needed.

Credit Reference Checks and Searches

Credit reference agencies (CRAs) collect and share information about people’s credit history. We, our insurers, or credit providers will carry out checks with credit reference agencies, including-

checks against publicly available information such as the Electoral Register, County Court Judgments, bankruptcy or repossession information.
checks against data relating to your credit history. If you enter into a credit agreement to pay for your policy, details about you and your payment record may also be passed to Credit Reference Agencies. Credit Reference Agencies share information with other organisations, enabling applications for financial products to be assessed or to assist the tracing of debtors, or to prevent fraud. We may ask Credit Reference Agencies to provide a credit scoring computation. Credit scoring uses a number of factors to work out risks involved in any application. A score is given to each factor and a total score obtained and this together with other factors will be used to assess your application for a quote or a policy.

If you take out a credit agreement, your payment history may be shared with CRAs. This helps other lenders assess future applications and trace unpaid debts. We may also use credit scoring to help us decide whether to offer you a policy and at what price.

We will continue to exchange information with credit reference agencies on an ongoing basis which includes when you request a quote, if amendments are requested to your policy or at renewal.

CRAs will keep a record of these checks, even if you don’t go ahead with the quote. If you do take out credit, other lenders may see this on your credit file.

You can find out further information about how the Credit Reference Agencies collect and use personal data using the details:-

Claims and Underwriting Exchange, and Other Registers and Databases

To verify the information provided, we, the insurer and/or the re-insurer will confirm your identity, prevent fraud, and review your past insurance history, including your no claims information, by sharing data with various official insurance databases. These include:

Claims and Underwriting Exchange (CUE)
Hunter Database
Motor Insurance Anti-Fraud and Theft Register
No Claims History Database
Other industry databases or registers.

We also share your data with LexisNexis Risk Solutions, who check it against information from other insurers and sources. You can learn more about how they use your data here: https://risk.lexisnexis.com/group/processing-notices/insurance-services.

Other insurers may access the information we provide to these databases, including details about your quotes, policies, and any incidents you report (which you must tell us about under the conditions of your policy) - even if you don’t make a claim.

Prevention of Fraud and Financial Crime

To protect you and others from fraud, we work with trusted partners to check your identity and spot suspicious activity. This may include sharing your personal data with:

Credit reference agencies
Fraud prevention agencies
The Police and other public bodies

We may also:

record your details on the Insurance Fraud Register (IFR)
co-operate fully with the Police authorities in the detection, investigation and prosecution of those involved in fraud
pass information to the Claims and Underwriting Exchange Register, run by Motor Insurer’s Bureau (MIB Ltd), the Motor Insurance Anti-Fraud and Theft Register, run by the Association of British Insurers (ABI), and other industry databases
check and/or submit your details with fraud prevention databases, and if you give us false or misleading information and we suspect fraud, we will record this.

If we or a fraud prevention agency believe there’s a risk of fraud or money laundering, we may refuse to offer you insurance or stop your existing cover. These records can be kept for up to six years and may be checked by other organisations when you apply for credit, insurance, or other financial services.

We do this because it’s in the public interest to prevent crime and protect the financial system.

Money Laundering Regulations and Proceeds of Crime Act

You agree to give any evidence and information about your identity, and the identity of your partner or any named driver that we may reasonably ask for to meet our obligations under Money Laundering Regulations and the Proceeds of Crime Act. If we become aware of or suspect financial crime, we must report this to the National Crime Agency or the appropriate law-enforcement agencies (or both) as soon as possible. These steps help us to meet our legal obligations and play our part in protecting the financial- system from criminal activity.

Motor Insurers’ Bureau

Your insurance details will be added to the Motor Insurance & Policy Database (MIPD), which is managed by the Motor Insurers’ Bureau (MIB). We work in partnership with the Motor Insurers’ Bureau (MIB) and associated not-for-profit companies who provide several services on behalf of the insurance industry.

At every stage of your insurance journey, the MIB will be processing your personal information and more details about this can be found via their website: www.mib.org.uk. Set out below are brief details of the sorts of activity the MIB undertake:

Checking your driving licence number against the DVLA driver database to obtain driving licence data (including driving conviction data) to help calculate your insurance quote and prevent fraud
Checking your ‘No Claims Bonus’ entitlement and claims history
Prevent, detect and investigate fraud and other crime, including, by carrying out fraud checks
Maintaining databases of:
- Insured vehicles (Motor Insurance & Policy Data - MIPD)
- Vehicles which are stolen or not legally permitted on the road (Vehicle Salvage & Theft Data – VS&TD)
- Motor, personal injury and home claims (CUE)
- Employers’ Liability Insurance Policies (Employers’ Liability Database)
Managing insurance claims relating to untraced and uninsured drivers in the UK and abroad
Working with law enforcement to prevent uninsured vehicles being used on the roads
Supporting insurance claims processes.

People making a claim after a road accident (including from outside the UK) may also access this information. It’s important that your vehicle registration is correct on the MIPD—if it’s wrong, the police could seize your vehicle. You can check your details at www.askMID.com.

We will keep your personal information only as long as needed to meet our legal, contractual, and regulatory obligations. It is important that you are aware that retention periods vary depending upon the circumstances.

We may keep your data to:

Help prevent and detect fraud
Answer any questions or complaints about your quote or policy
Carry out research to improve our products and services

If you’d like to know exactly how long we’ll keep your information, just contact us using the details in this Privacy Policy.

As previously mentioned, we may use third parties to provide all or part of the service to you. In these instances, while the personal data you provide will be disclosed to them, it will only be used for services for which we have engaged that third party.

If any of these companies are based outside the UK, we’ll make sure your data is still protected. We do this by:

Checking their security and data protection standards
Using secure ways to transfer your data
Having legal agreements in place that meet UK data protection laws

These agreements often include Standard Contractual Clauses or International Data Transfer Agreements. If you want more details, just get in touch.

The personal information you provide is held securely and in confidence by us in our computer systems and other records. When we process your personal information, we do so in compliance with the law. We maintain strict security standards and procedures to prevent unauthorised access to your data. We use technologies, such as data encryption, fire walls and server authentication to protect the security of your details.

You have several rights under data protection law. You can contact us at any time to use any of these rights. Sometimes we may not be able to agree to your request—for example, if it affects someone else’s privacy or if the law says we can’t. If that happens, we’ll explain why.

Here’s a summary of your rights:

Right to Access your personal information:

You have the right to ask us to provide a copy of the personal data that we hold about you. This is called a Data Subject Access Request or “DSAR”.

When contacting us please describe the information you require and include the following: your full name, your date of birth, your full address and your quote/policy number. For security purposes we may need to ask you for further information to verify your identity. If you require information sending to different contact details to those held on your policy, please include a copy of your passport or driving licence and proof of address such as a recent utility bill to assist us in verifying your identity. We might also need to ask you for additional information to help us locate the data that you are looking for.

Once we have all the information that we need to process your DSAR, we will respond within one month unless your DSAR is very large or complex, in which case we may need to extend this period. If we need to do this, we will let you know. If you want to make a DSAR in relation to personal data that is held by a third party associated with your policy such as a insurer, then you will need to contact them directly. You can find their details in your policy documents.

Right to Rectification

We make sure that your personal information is correct and up to date. If you think the information, we have is wrong, please tell us. Once we check that you are who you say you are and confirm the right changes, we'll fix any mistakes as soon as we can.

Right to Erasure

You also have the right to ask us to delete any personal information we have about you. We must delete your information in some cases, like when we no longer need it. But sometimes, the law lets us keep it, like if we need it to manage your policy or to prevent fraud. We will always keep your personal information according to our rules for how long we should keep it.

Data Portability

You have the right to ask us to give you a copy of your personal data in a format that computers can read. You can also ask us to send this data to another company. This applies to the personal data you gave us, which we have processed electronically, like the data you entered on our website when you got a quote.

Right to Restrict Processing

You can request that we only store your personal data in limited cases, such as when there's a disagreement about its accuracy and validation is needed.

Right to Object

You can ask us to stop using your data for certain reasons, like marketing. But we may still need to use it for things like managing your policy or preventing fraud.

Right to Object to Automated Decision Making and Profiling

When you request a quote, apply for insurance, make changes to your policy, or renew it, we use automated processes to assess insurance risk and perform credit, fraud, and validation checks as outlined in this Privacy Policy. This means that some decisions are made automatically by a system or computer reviewing your personal information rather than by one of our employees, a process known as 'automated decision-making'.

The nature of the quotes that we provide to you means that we have to use this kind of automated decision making in relation to your personal data (including special categories of personal data) to assess your quotes. This means that our computers will consider lots of different pieces of information about you and about the policy you have requested (such as information about your vehicle) in order to calculate whether or not we are able to offer you a quote, at what price this should be and whether we can offer you a credit agreement to pay for your premium.
We may also use automated decision making to decide if you pose a fraud or money laundering risk.
As a result of these checks, your premium and/or policy terms will be determined or adjusted, or we may not be able to provide you with insurance.
You are entitled to request a review of any significant decisions made about you that were determined solely through automated processes.

If you ask us to review the decision, we will make sure that it is examined by a human and we will confirm the outcome to you. This does not necessarily mean that the decision will be changed.

Right to Complain

We aim to provide you with the high standard of service you expect. If you are unhappy with how we used your data or have a complaint, please contact us by email or post using the details below.

If you would like to contact us about one of your data rights set out under “Your Rights” above, then please contact datarequest@markerstudy.com or write to Data Requests, BGL Customer Services, Fusion House, Bretton Way, Bretton, Peterborough, PE3 8BG. You can use these details to contact BISL Limited, BFSL Limited or ACM ULR Limited which are all part of the Markerstudy Group.

If you have any other queries or concerns about this Privacy Policy, or if you would like to contact the Data Protection Officer for BISL Limited, BFSL Limited or ACM URL Limited, you can email dataprotection@markerstudy.com or write to the Data Protection Officer at Fusion House, Katharine Way, Bretton, Peterborough, PE3 8BG. Please make sure you include details of the product and brand that you are contacting the Data Protection Officer about in your email.

If you’re still concerned about how your data is being used, you can contact the Information Commissioner’s Office (ICO), the UK’s independent authority for data protection on 0303 123 1113. For further details, you may visit the ICO website https://ico.org.uk.

For information requests from competent authorities such as the Police, wishing to request disclosure of personal information held by us, please complete the appropriate DPA form and send to Lawenforcement@markerstudy.com.

We review and update our Privacy Policy from time to time, especially if there are important changes in how we use your personal information or how we need to contact you. These updates might be due to new laws, changes in technology, or government rules.

We recommend checking our website regularly to stay up to date. If you keep using our services after we’ve made changes, it means you’re happy with the updated policy.

This Privacy Policy was last updated: July 2025.