Privacy Policy

This privacy notice is written to comply with the European Union General Data Protection Regulation (GDPR). GDPR gives control to citizens and residents over their personal data.

Data Controller

Name: Tindall Riley & Co Limited (TRC)
Phone: +44 (0)207 407 3588
Address: Tindall Riley & Co Limited, Regis House, 45 King William Street, London EC4R 9AN

Data Protection Officer

Name: Dan Wilkinson
Phone: +44 (0)207 407 3588
Address: Tindall Riley & Co Limited, Regis House, 45 King William Street, London EC4R 9AN

Purposes of processing your personal data

Tindall Riley processes personal information to enable it to act as an intermediary for any financial transactions including insurance broking, and debt administration for its clients; promote its goods and services; maintain its accounts and records and to support and manage its staff.

Tindall Riley may maintain personal data for:

  • clients
  • suppliers
  • professional advisers and consultants
  • enquirers, complainants
  • employees
  • claimants
  • Legitimate interests for processing your personal data

In order for Tindall Riley to conduct business and fulfil its legal, regulatory and contractual obligations, it needs to perform legitimate and fundamental processing. These are:


  • Pre-insurance contract check (Legal: Sanctions, AML, Regulatory: PRA)
  • Third-party pre-contract check (Legal: Sanctions, AML, Regulatory: PRA)
  • Invoicing, remittance, payments, collections (Contractual, Legal: HMRC, HMG)
  • Provision of all contracted insurance services (Contractual)
  • Reasonably expected contract maintenance processing (Contractual)
  • Reasonably expected claim processing (Contractual)
  • Reasonably expected non- promotional communications (Contractual)
  • Marketing and other promotional communications (Sales generation)
  • Risk management contract review (Contractual)
  • Response to Subject Access Requests (Regulatory)
  • Reasonably expected performance measurement (Operational)
  • Reasonably expected IT support (Operational)
  • Reasonable expected Business Continuity Planning (Operational)
  • Legal and regulatory obligations (Operational)
  • Responding to enquiries, requests and complaints

Employees only

  1. UK right to work check (Legal: HMG)
  2. Reasonably expected employment processing (Contractual, Legal: HMRC, HMG)
  3. SIMR check for Insurance Managers (Regulatory: PRA)
  4. Reasonably expected succession and workforce planning (Operational)

Recipients of your personal data

Tindall Riley sometimes need to share the personal information it processes with individuals themselves and also with other organisations. Below is a description of the types of organisations Tindall Riley may need to share some of the personal information it processes with for one or more reasons.

  • business associates and professional advisers
  • central government
  • courts and tribunals
  • credit reference agencies
  • current, past or prospective employers
  • debt collection and tracing agencies
  • educators and examining bodies
  • employment and recruitment agencies
  • family, associates and representatives of the person whose personal data we are processing
  • financial organisations
  • healthcare and welfare organisations
  • law enforcement and prosecuting authorities
  • ombudsmen and regulatory authorities
  • other companies in the same group
  • suppliers and services providers
  • trade and employer associations

Transferring your personal data

Your personal data collected by Tindall Riley may be stored and processed in the United Kingdom or any other country in which Tindall Riley or associated third parties maintain facilities. Should Tindall Riley need to transfer your personal data, Tindall Riley will take reasonable measures to ensure that transfers of your personal data only go to third parties that also comply with the GDPR.

Keeping your personal data

Retention of specific records may be necessary for one or more of the following reasons:

  • To fulfil statutory or other regulatory requirements.
  • To evidence events/agreements in case of disputes.
  • To meet our operational needs.
  • To meet any historical purposes.

Personal data that is collected and subsequently never used for any business purpose will be reviewed and may be destroyed at Tindall Riley’s discretion.

Your rights over your personal data given to Tindall Riley

You have rights regarding the personal data we store on your behalf. These are:

  • Access to a copy of your personal data;
  • Object to processing;
  • Stop receiving direct marketing material;
  • Object to decisions being taken by automated means;
  • Have inaccurate personal data rectified, blocked, erased or destroyed;
  • Lodge a complaint with the ICO;
  • Claim compensation for damages caused by a breach of the GDPR.

Should you ever wish to exercise any of these rights, please contact the Data Protection Officer.

Why Tindall Riley needs to use your personal data

Your personal data is required for communication and setting up a contractual agreement to provide products and services. Without this data Tindall Riley will not be able to communicate with you or enter into a contractual agreement with you. This includes both business and employment contracts.

Automated profiling using your personal data

Tindall Riley does not use automated profiling.