Privacy Policy

Who we are is a trading name of BiMPY Ltd, a company registered in England and Wales (registration company number 07834152). You can verify this information on Financial Conduct Authority register

  1. Values

Thank you for trusting Us with information about you. We take that trust seriously and want you to know how we use your information and why. This document describes the legal basis on which we process and store data about you, the insurance you may or may consider holding and other related data.

If you have queries about how we use your data or comments or questions about this policy, please email us at

Policy updates: We keep this policy under regular review, and this page may be updated occasionally.

  1. Who are We?

In this document, the words “We”, “Us”, and “Our” refer to BiMPY Ltd (and the trading name “BiMPY”). Our address is Arduthie Business Centre, Kirkton Road, Stonehaven, Aberdeenshire AB39 2NQ.

  1. The purpose of this notice

This policy is designed to help you understand what kind of information we collect concerning our products and services and how we will process and use this information. In providing you with products and services, we will collect and process information commonly known as Personal Data.

This notice describes how we collect, use, share, retain and safeguard personal data.

This notice sets out your rights; We explain these later in this notice, but in summary, these rights include your right to know what data we hold about you, how this data is processed and how you can place restrictions on using your data.

  1. Definitions

In this policy, some words and phrases have a specific meaning or that we use specially. They are:

“Personal Data” is any information which relates to an identifiable living human being.

“Process” We “Process” your Personal Data when We do anything with it, which might include: collecting, recording, organising, storing, adapting, altering, retrieving, using, combining, disclosing, or deleting it.

“Customer” is a person who interacts with us about our business.

  1. Your data and what We do with it

We will collect and process your personal data to arrange and administer your insurance policy or provide information about the insurance you are contemplating buying. The data we collect ensures we can accurately identify you and the equipment you are insuring and maintain your policy. We record details of products you have insured, your name and contact details, insurance premiums, and claims in our computer systems to provide the promised service.

We will use your personal data for the performance of our contract with you, to quote for and provide you with insurance products and services, to process claims and renewals, to administer your policy and our business, to respond to any requests from you about services we provide and to process complaints.

We may collect data from you in writing, over the telephone, on our website or via the websites of our partner organisations when you write to us directly or where we provide you with paper-based forms for completion or where we complete a form in conjunction with you. We ensure the physical security of all the places where somebody can access your data and that only authorised personnel can retrieve information about you.

We will collect your personal data when you visit our website, where we will collect your unique online electronic identifier; this is commonly known as an IP address.

When you first visit our website, we will also collect electronic personal data, where we will place a small text file commonly known as a cookie on your computer. Cookies identify visitors, simplify accessibility, and monitor visitor behaviour when viewing content, navigating our website, and using features. For more information, please see our cookie policy.

We may record your communications when contacting our customer care, complaints and other customer-focused functions.

We store bank details; if you elect to pay your premiums by direct debit, you can cancel a direct debit at any time at your bank or by calling us.

  1. Sharing your data

We will share your personal data within our business and with our business partners. This is the standard practice within the insurance industry where it is necessary to share information to place, quantify and underwrite risks, assess overall risk exposure and process claims. Determining the premium payable and administering our business is also essential.

We also share personal data with authorised third parties. This is necessary where we are required to do so by law, where we need to administer our business, quote for, source, place and administer your insurance, perform underwriting activities and process claims. 

Some examples follow:



Debt recovery agencies;

Claims handling companies;

Equipment repair companies;


  1. Data Security

Up-to-date firewalls and software protect our systems to reduce the risk of accidental data release or access by unauthorised persons. Our data is always encrypted, and We take additional precautions with data relating to your payment and financial records.

Our website uses industry-standard encryption at all times, and you should always be able to see that the security is active through the browser you use to access our sites. You will see a locked padlock next to the URL.

We store bank account details to collect payments that you pay by direct debit. These details are encrypted as soon as they are provided.

We do not use credit checking and have no information about your credit history.

  1. Retention periods

We must keep records of insurance policies for regulatory and statutory reporting reasons.

We retain your personal data at the end of any contractual agreement for five years (We reserve the right to retain claims and complaints data indefinitely for fraud reduction). We keep personal data where you have permitted us to provide information about products or services we offer until you withdraw your permission and then for five years unless you ask us to remove it.

Retaining data is necessary where required for contractual, legal or regulatory purposes or our legitimate business interests for statistical analysis (profiling) and product development and marketing purposes.

Sometimes we may need to retain your data for longer, for example, if we are representing you or defending ourselves in a legal dispute, as required by law, or where evidence exists that a future claim may occur.

  1. Cookies and analytics

Our websites use cookies to improve your experience on the site, by, for example, not requiring you to repeat information if you are completing a claim, you can elect to block cookies from our website within your browser, and if you do this, you will still be able to access our site. However, we may need to ask you to re-enter some information.

As you browse our pages, we record aggregated information, such as the visited pages and the time the pages are displayed. We use this information to aid the design of the website.

  1. Data sharing – 3rd parties

We do not sell or exchange your personal data with other organisations. If you hold insurance through us, somebody will share your data with the insurance company underwriting your policy. We will also have to share relevant data when you have a claim with companies that undertake repairs or replacement of your product as a part of your contract with us. We always ensure that these companies comply with data protection regulations.

  1. Platforms

We use a variety of software platforms to run our business. If you have a question about the platforms We use, please email us at

  1. Where is your data located?

We use a combination of bespoke and commercial software. Our insurance records are held on a secure server in the UK and on backups in the UK and the EU. Other data may be processed by software packages which operate via the cloud.

This means that some of your data may be held in the EEA, and some may be held in services in the USA (with suitable data privacy shields) or elsewhere. We always pick mainstream suppliers with appropriate security standards and validate that they meet the requirements of data protection legislation.

  1. Your rights

You are provided with legal rights governing the use of your personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.

These rights are known as Individual Rights under the Data Protection Act 2018. Individuals can exercise their Individual Rights at any time.

In exercising your individual rights, you should understand that in some situations, We may be unable to meet your request fully; for example, if you request for us to delete all your personal data, We may be required to retain some data for taxation, prevention of crime and for regulatory and other statutory purposes.

The flow of data within the insurance sector is complex, and we ask you to keep this in mind when exercising your ‘rights of access’ to your information. We may rely on other organisations to help satisfy your request, impacting timescales.

  1. Complaints

If you have a complaint about the way we are handling your information or how we have responded to a request for information or removal, you can take this up in the first instance by emailing us at

If we can’t sort it out, our relevant supervisory authority is the Information Commissioner for the UK. 

  1. Personnel

We are both a data controller and a data processor.

A data ‘controller’ is the individual or organisation which, alone or jointly with others, determines the purposes and means of processing personal data.

A data ‘processor’ is the individual or organisation that processes personal data on the controller’s behalf.

Where We collect data directly from you, We are considered the data controller. When we use third parties to process your data, these parties are known as processors of your personal data. Where other parties are involved in underwriting or administering your insurance, they may also process your data. In this circumstance, We will be a joint data controller of your personal data.