Introduction

At esure, we care about privacy.

We only use personal data where we can do so lawfully. We always consider the impact this may have on those whose data we use, and we aim to be fair and proportionate when using personal data. We work hard to ensure that the personal data we hold is safe and secure with us. When we no longer need to keep the information, we delete or anonymise it safely.

Who We Are

The esure Group is made up of a mix of different companies. In this Privacy Notice, "esure", "we", "us" or "our" refers to the esure Group company you have a relationship with, and who is the Controller of your personal information as a result. This means that the relevant entity is responsible for deciding how it holds and uses personal information about you.  For a full list of the relevant esure Group companies please see the  esure Group companies section below.

About This Document

The purpose of this Privacy Notice is to help you understand how we collect, use and protect your personal data. This Privacy Notice applies to all current and former:

  • Employees
  • Workers
  • Contractors

It also applies to their relatives or significant others (where an Employee, Worker or Contractor has shared their personal information with us e.g. as an emergency contact or beneficiary).

You should show this Privacy Notice to anyone else whose details you provide to us, for example your family members, emergency contacts etc.

This Privacy Notice does not form part of any contract of employment or other contract to provide services. It is important that you read this notice, together with any other Privacy Notice we may provide from time to time.

We may update this notice at any time, for example, to include legislation changes, new technologies or other developments in privacy laws. We will make reasonable efforts to inform you of any material changes in how we use your personal data, but we encourage you to check our website to view our most up-to-date Privacy Notice.

If you have any questions about this Privacy Notice, please contact our Data Protection Officer using the contact details provided in the ‘How to Contact us section of this Privacy Notice.

What Personal Data We Use

Personal data, or personal information, is any information about an individual from which that person can be identified. It does not include data which has been anonymised.

What personal data we use will depend on the nature of your relationship with us. We will only ever use information that is appropriate and necessary. We will collect, store and use personal data including:

  • Non-sensitive Data (“NS”)

    • Contact details including name, address, telephone number, work and personal email addresses
    • Date of birth
    • Gender
    • National Insurance Number
    • Marital status and dependants
    • Information about your family, next of kin and emergency contact information
    • Employment details, such as references, CV, job titles, work history, working hours, holidays, training and performance records, professional memberships information
    • Working pattern (including any requests for flexible working. Details of your time spent working and any overtime, expenses or other payments claimed, including details of any loans such as for travel season tickets
    • Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process)
    • Details relating to Maternity, Paternity, Shared Parental and Adoption leave and pay;
    • Disciplinary & grievance at work matters and investigations to which you may be a party or witness
    • Whistleblowing concerns raised by you, or to which you may be a party or witness
    • Bank statements or any other official documents (where provided by you as proof of address)
    • Official identification documents (e.g. passports, driving licences)
    • Your electronic signature when you sign off documents
    • Information about your use of our premises, access to data and communications systems (access to and use of our premises, systems and data held within these systems, including but not limited to what is accessed, when and by whom)
    • Vehicle registration number (e.g. if you are using our parking facilities)
    • Photographs (e.g. when issuing you with security access pass for one of our offices)
    • CCTV footage
    • Details of any secondary employment, conflict of interest declarations or gift declarations.
    • Start date and, if different, the date of your continuous employment
    • Leaving date and your reason for leaving
    • Location of employment or workplace
    • Compensation history
    • Information about your use of our information and communications systems
    • Results of HMRC employment status check, details of your interest in and connection with the intermediary through which your services are supplied
    • Country of birth, Nationality and citizenship
    • Carer status
    • Pronouns and gender identity data when these don’t reveal specific details about a person's health or medical care
    • Any content featuring you produced for use on our website, intranet or social media such as videos, authored articles, blog posts and speech transcripts
  • Special Category Data ("SC")

    • Information about your health, any medical condition and sickness records, including:
      • Where you leave employment and under any share plan operated by a group company the reason for leaving is determined to be ill health, injury or disability, the records relating to that decision.
      • Details of any absences (other than holidays) from work including time on statutory parental leave and sick leave which may include details of health conditions related to the absences.
      • Any health information in relation to a claim made under the permanent health insurance scheme.
    • Where you leave employment and the reason for leaving is related to your health, information about that condition needed for pensions and permanent health insurance purposes. Data concerning sexual orientation
    • Accident records if you have an accident at work.
    • Details of any DSE assessments, access needs or reasonable adjustments
    • Information you have provided regarding Protected Characteristics as defined by the Equality Act for the purpose of equal opportunities monitoring. This includes racial or ethnic origin, religious beliefs, disability status, and gender identification and may be extended to include other protected characteristics.
    • Pronouns and gender identity data when these reveal specific details about a person's health or medical care
    • Data relating to biometrics (face, fingerprint, or iris) for the purpose of logging into devices.
  • Criminal Offences and Convictions Data (“CO”)

    • Criminal activity, allegations, investigations and proceedings
    • Personal data relating to criminal convictions and offences, including unproven allegations, information relating to the absence of convictions and personal data of victims and witnesses of crime
    • Personal data about penalties, conditions or restrictions placed on an individual as part of the criminal justice process or civil measures which may lead to a criminal penalty if not adhered to, such as information about any unspent criminal/civil convictions
  • Financial Data ("FD")

    • Bank account details including sort-code and account number, salary (including grade and salary band) and payroll records, pension and benefits)
    • Tax status information
    • Financial and credit references

How We Collect Your Personal Data

We collect your personal data either:

  • Directly from you - e.g when you:
    • Apply for a role with us
    • Provide us with the information during job-related activities throughout (or after) your employment with us
  • Indirectly via third parties such as:
    • Recruitment, talent management and employment agencies
    • Background check providers such as Disclosure and Barring Service
    • Former employers
    • Credit reference agencies
    • Fraud prevention agencies or other background checking agencies
    • An Employee, Worker or Contractor where the personal information concerns the relatives or significant others which has been shared with us (e.g. as an emergency contact)
    • From Occupational Health and other health service providers
    • From Pension administrators and other government departments, for example tax details from HMRC
    • From providers of staff benefits
    • CCTV images from our landlords or taken using our own CCTV systems.

The Reasons (Purposes) We Use Your Personal Data, and the Lawful Bases We Rely On

Depending on the processing activity, we rely on the following lawful basis for processing your personal data under the UK GDPR:

  • Article 6.1 (a) when you have given your consent for one or more specific purposes
  • Article 6.1 (b) which relates to processing necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract
  • Article 6.1 (c) so we can comply with our legal obligations as your employer
  • Article 6.1 (d) in order to protect your vital interests or those of another person
  • Article 6.1 (f) for the purposes of our legitimate interest, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (GDPR). This includes the processing of CCTV footage.

Where the information we process is special category data, for example your health data, the additional bases for processing that we rely on are:

  • Article 9.2 (a) your explicit consent
  • Article 9. 2 (b) which relates to carrying out our obligations and exercising our rights in employment and the safeguarding of your fundamental rights
  • Article 9.2 (c) to protect your vital interests or those of another person where you are incapable of giving your consent
  • Article 9.2 (f) for the establishment, exercise or defence of legal claims (whether a claim is made by you or a third party)
  • Article 9.2 (h) where necessary for the purposes of medical or health care.
  • Article 9.2 (j) processing necessary for archiving purposes in the public interest, or scientific and historical research purposes or statistical purposes

In addition, we rely on the processing condition at Schedule 1 part 1 paragraph 1 of the DPA 2018. This relates to the processing of special category data for employment purposes.

We process information about staff criminal convictions and offences. The lawful basis we rely on to process this data are:

  • Article 6(1)(b) for the performance of a contract. In addition, we rely on the processing condition at Schedule 1 part 1 paragraph 1 of the DPA 2018.

Why We Use Your DataTypes of Personal Data We UseWhose Data We UseLawful Basis We Rely On

Employment or Contractor Engagement and administration of contracts

NS

SC

CO

FD

Employees
Contractors

It is necessary to use your personal data to enter into or perform the contract between you and us, such as when paying your salary or other benefits you are entitled to.


SC and CO data may also be processed for this purpose where it is necessary to process this information in the field of employment (e.g. to carry employment checks, for social protection or for health or social care).

Performance, Discipline, Grievance and day to day people management, training and development

NS

SC

FD

Employees
Contractors

We rely on legitimate interest to use your personal data to manage your performance, and to ensure you have access to and complete all relevant training and development activities.

SC and CO data may also be processed for this purpose where it is necessary to process this information in the field of employment (e.g. to carry employment checks, for social protection or for health or social care).

Fraud and Money Laundering Prevention and Identity Verification

NS

SC

CO

FD

Employees
Contractors
Relatives or significant others

We rely on legitimate interest to use your personal data to detect and prevent fraud, money laundering and to verify your identity.


SC and CO data may also be processed for this purpose where:

  • it is necessary to process this information in the field of employment (e.g. to carry employment checks); or
  • it is necessary for reasons of substantial public interest to process this information to prevent or detect unlawful acts

Ensuring and Improving Physical Security and Information Security

NS

SC

Employees
Contractors
Relatives or significant others

We rely on legitimate interest to use your personal data to ensure and improve physical security and information security.


We only use SC data in the form of biometrics to allow for secure log in on devices.

Health and Safety

NS

SC

Employees
Contractors
Relatives or significant others

We rely on legitimate interest to use your personal data to protect your health and ensure your safety.

SC data may also be processed for this purpose where:

  • it is necessary to process this information in the field of employment (e.g. to carry health and safety checks or to provide appropriate health and safety support/equipment); or
  • it is in substantial public interest to support you (e.g. if you have a disability or a medical condition).

Why We Use Your DataTypes of Personal Data We UseWhose Data We UseLawful Basis We Rely On

Compliance with Legal and/or Regulatory Obligations

NS

SC

CO

FD

Employees
Contractors

We will process your personal data when necessary to comply with our legal or regulatory obligations including (without limitation) for the purposes of:

  • Recruitment e.g. working permits;
  • Employment or contractor engagement e.g. family leave and/or sick pay;
  • Fraud and money laundering prevention and identity verification e.g. criminal history checks;
  • Disclosure of information to regulatory bodies e.g. fitness and propriety checks; or
  • Health and Safety e.g. fitness to work and reasonable adjustments.

HR Operations Management

NS

SC

FC

Employees
Contractors

We rely on legitimate interest to use your personal data to manage our HR operations e.g. to handle queries from colleagues, develop and further improve our processes and procedures.

SC data may also be processed for the purpose of enabling and promoting equal opportunity and diversity at esure. When we process your information for this purpose, we will only do so when you have given us your explicit consent to process your information for this purpose.

Employee Benefits Provision

NS

Employees
Contractors
Relatives or significant others

It is necessary to use your personal data to enter into or perform the contract between you and us, and to provide you with employee benefits such as allowing you to access and decide your contribution level to the employee pension benefit.

We will not process SC or CO data for this purpose.

Voluntary Participation Activities

NS

SC

FD

Employees
Contractors

If we invite you to participate in voluntary activities (e.g. testing products and systems), we will ask for your explicit consent to use your personal data for this purpose. You may choose not to participate in the activity or withdraw your consent at any stage without this affecting your employment/contract.

SC and CO data may also be processed for this purpose. When we process your information for this purpose, we will only do so when you have given us your explicit consent to process your information for this purpose.

Research and Analysis

NS

Employees
Contractors
Relatives or significant others

We rely on legitimate interest to use your personal data for research and analysis purposes e.g. to forecast staffing needs and demands.

We will not process SC or CO data for this purpose.

The above table sets out the personal information that is necessary for us to enter or carry out our contract with you or is a legal requirement. If you choose not to provide us with such information when requested, we may not be able to perform our contract with you (e.g. to pay your salary into your elected account, or to pay or provide your benefits), or may be prevented from complying with our legal obligations (e.g. to ensure the health and safety of our workers).

Please note however that this does not affect your right to withdraw consent where we rely on consent as a lawful basis.

Making Automated Decisions and Profiling

We do not envisage using your personal data to make any decisions about you solely based on an automated decision making, including profiling, process. We will notify you in writing if this position changes.

Sharing Your Personal Data with Others

We may share your data with:

  • Third-party service providers and suppliers that assist us or supply our HR systems (payroll, staff engagement etc)
  • Third-party service providers that provide you with employment benefits
  • Other entities in the esure Group, or other third parties as required in the context of the possible sale or restructuring of the business
  • Third parties as necessary to comply with the law (e.g. our regulators, HMRC)
  • The general public for business promotion purposes
  • The Financial Conduct Authority (“FCA”), the Prudential Regulation Authority and other regulatory bodies where this is required by the rules/regulations. This would be, for example, where the role you applied for is subject to regulatory pre-approval and/or regulatory notification, or when reporting staff conduct rule breaches
  • Any of your future prospective employers where a request is made under relevant applicable regulation (e.g. the FCA’s requirement to provide/obtain regulatory references)
  • Fraud prevention agencies for the purposes of the prevention, detection and investigation of fraud.

Sharing Your Personal Data in Relation to the Prevention, Detection and Investigation of Fraud

The personal data you have provided, we have collected from you or we have received from third parties can be shared with fraud prevention agencies that include the Insurance Fraud Register, administered by the Insurance Fraud Bureau & Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity.

Further details on how your information will be used by us and Cifas can be found here. Alternatively, you can call esure’s HR department on 0141 343 7400 or contact them by email (at myhr@esure.com ) with ‘data sharing with Cifas’ in the title of the email and clearly stating your full name and contact details.

Transferring Personal Data Outside the UK

Your personal data may be transferred to, and processed, in a destination outside the UK. In these circumstances, your personal data will only be transferred on one of the following bases:

  • The country that we send your data to is approved by the UK Government as providing an adequate level of protection for your personal data (such as countries in the European Economic Area)
  • We’ve agreed standard contractual clauses (approved by the UK Government) with the recipient which obliges them to safeguard your personal information
  • Another UK Government approved transfer mechanism is in place providing appropriate safeguards to the personal data (for example, an approved certification mechanism or binding corporate rules)

To find out more about how your personal data is protected when it is transferred outside the UK (and if you wish to obtain a copy of the appropriate and suitable safeguards), please contact our Data Protection Officer using the contact details provided in the ‘How to Contact us section of this notice.

How Long We Will Store Your Personal Data

We will retain your personal data for as long as necessary to fulfil the purposes we collected it for. Please refer to the Data Protection Officer using the contact details provided in the How to Contact us section of this notice for further detail regarding personal data retention periods.

Once your personal data is no longer required, we will either delete the data securely or anonymise it so that you cannot be identified directly or indirectly.

Your Rights

Data protection legislation gives you certain rights. These include the rights to:

  • ask us how we use your personal data
  • access your personal data and obtain a copy of the personal data we hold about you
  • ask us to correct any information about you that’s out of date, incorrect or incomplete
  • tell us that you don’t want us to use your personal data in a certain way e.g. to send you marketing communications
  • tell us to delete personal data we have on file about you. In some circumstances we won’t be able to do this e.g. if we’re required to keep the information by law or to establish, exercise or defend a legal claim
  • ask us to give your data to a third party provided it is technically feasible to do so (e.g. another employer)
  • ask us to temporarily pause processing of your data
  • not hold you to a decision that has been made solely in an automated way and ask us to review automated decisions we make about you.

Please note that these rights are not absolute. There may be times when we can’t do what you ask us to. If that’s the case, we’ll explain why when we reply to you.

How to Contact us

If you have any questions about this Privacy Notice, how we use your personal information or if you’re not happy with how we process your personal information, please contact the Data Protection Officer:

By email: dpo@esure.com

By post: Data Protection Officer, esure, The Observatory, Reigate RH2 0SG

We aim to resolve all complaints internally via our Data Protection Officer who can be contacted using the channels described above. You also have the right to make your complaint to the Information Commissioner at any time. For more details about your rights under data protection legislation, please visit the Information Commissioner's Office website: www.ico.org.uk

esure Group companies

The esure Group of companies comprises:

  • esure Services Limited
  • esure Insurance Limited
  • esure Broker Limited
  • esure Property Limited
  • esure Group plc
  • esure Finance Limited
  • esure Holdings Limited

Version

This Privacy Notice was last updated on 14/10/2025. Previous versions of the policy can be obtained by contacting our Data Protection Officer.