Privacy notice

Privacy notice updated February 2024

We're committed to safeguarding and preserving the privacy of personal data. This privacy notice explains what happens to any personal data you provide to us, or that we collect from you.

In this privacy notice, references to "our", "us" and "we" are to Superscript. Superscript is a trading name of:

  • Enro Limited, if you’re domiciled in the United Kingdom, which is registered in England and Wales under company number 9265254, with the Information Commissioner's Office number ZA093999, authorised and regulated by the Financial Conduct Authority 656459. Our registered office is Level 3, 16 Eastcheap, London, EC3M 1BD United Kingdom.
  • Superscript Advisory BV, if you’re domiciled in the European Economic Area, which is registered in the Netherlands under KvK 80525970, authorised and regulated by the Authority for the Financial Markets 12047717. Our registered office is Stationsplein 45, 4th floor, 3013 AK Rotterdam, Netherlands.

If you have any questions about our privacy notice, please email privacy@gosuperscript.com or call us on 0333 772 0759+31 10 8080 889.

This privacy notice describes how and why we obtain, store and process information which can identify you directly or indirectly, such as your name, contact details, business information and location information. This privacy notice applies where we're acting as a data controller in respect of your personal data. References to the processing of information include the collection, use, storage and protection of personal data. All personal data collected by us will only be processed in accordance with this privacy notice.

We'll ask you to agree to our use of cookies and your IP address in accordance with the terms of this privacy notice when you visit our website. You can find our Cookie Policy here.

We amend this privacy notice from time to time, so please review it regularly, for the most up-to-date version.

How we protect information

We're committed to ensuring that the information we process is as secure as possible. In order to prevent unauthorised access, use or disclosure, we've put in place physical, electronic and organisational procedures to protect it. Anyone processing personal data in our team or on our behalf must do so in accordance with this privacy notice and on the basis that we're satisfied that they can and will adhere to our high standards for data protection and security.

Information entered on our website and email data processed by our mail servers is encrypted in transit using HTTPS over Transport Layer Security (TLS). In addition, we use encryption as well as Secure Sockets Layer certificates (SSL) when sending payment information to our payment providers. Please note, however, that transmission of data over the internet is inherently insecure, so we can't guarantee the security of information sent over the internet.

If we provide you with a password to access our website or your account, it is your responsibility to keep it confidential. We won't ask you for your password, other than if and when you need it to log in to your account. We recommend that you regularly change your password.

Information we collect, and how we use it

Generally, information we may collect from and process about you falls into the following categories:

  1. Information we collect from you through our product application or renewal process, or through the management of your account – for example, your name, contact details and information about your business, or claims history. Financial information relating to your payments to and from us. This could be on the website, on the phone or if you write to us, generally we refer to this as ‘Account Data’ even if you don’t have a live account with us.
  2. Information automatically collected about you when you visit our site (“Website Data”) – Website Data may include your IP address, browser type and version, location data, source of referral, length of visit, pages you view, search queries you make and general use of our website.
  3. Information from third party sources – for example, sanctions checks, information from third party insurers and underwriters, information about your use of services from analytics software, information about your business online, this is also included as ‘Account Data’
  4. Information provided by you through social media, like personal social media handles, queries and complaints to us and social media posts “tagging” us.
  5. Information provided by you when you apply for a job with us and further information when you become an employee of Superscript.

Why do we use your information?

Your Account Data will be processed for a number of reasons, including

  • to follow up with you by email when you have started the application process,
  • to provide our products and services,
  • to assess your insurance requirements,
  • to provide cover,
  • to calculate your insurance premiums and policy conditions,
  • to obtain and provide you with quotes for insurance,
  • to arrange and manage your insurance policies, including claims, mid-term alterations, renewals and cancellations.

We may also use this information to help us improve and sell our services, and to monitor our compliance with regulatory requirements.

We may create a profile about you to help us provide services and understand your preferences to send you the most relevant information. We make automated decisions using profiling, which may include non-human intervention for example, to decide what type of cover and the level, cost and terms of the cover to provide to you. You can always contact our customer service team on 0333 772 0759 to discuss this further.

The law sets out the permitted basis for our processing of your information. We rely on the following bases to process your data:

  1. Legitimate interests – the processing is necessary for our, your or a third party's legitimate interests unless overridden by your personal data rights. We will do so in the interests of providing services to you, to provide insurance cover, for direct marketing, to prevent and detect fraud, for organisational reasons, to improve services, for network and information security purposes, to ensure we comply with the law and comply with your individual rights, to provide personalised messages, to retain evidence of our compliance and to defend Superscript against claims or fraud, for monitoring of performance, to improve use of AI, to host data in the cloud, for the purposes of an acquisition or legal restructuring, and to update customer and prospective customer details and preferences.
  2. Contract – the processing is necessary for a contract (insurance policy or employment) between us, or because we are taking specific steps towards entering into a contract with or on behalf of you.
  3. Legal Obligation - We process personal data where necessary to comply with any legal obligations which we're subject to; to establish or defend any legal claims so as to protect our or your legal rights, or the legal rights of other interested parties; or to obtain or maintain our own insurance cover, obtain professional advice or otherwise manage business risks.
  4. Consent – for certain activities, where we need your express consent to process your information, we will obtain it prior to using your information and you can change your mind at any time.
  5. Public interest - for instance cooperating voluntarily with a police investigation.

Call recording

Please note that we record phone calls for the purpose of collecting Account Data, for training and monitoring our team and for fraud prevention and security.

We don't store payment card information on our systems so please don't send it to us. We will never ask you for your bank details.

Information we share with third parties

We share Account Data with other businesses in the insurance industry, such as underwriters and other intermediaries and business service providers, including external consultants for the purposes of calculating premiums, assessing claims, arranging and handling your insurance.

We share Account Data with our own insurers and professional advisors where necessary to obtain insurance or professional advice; establish or defend legal claims; comply with any legal obligations; protect your interests as best we can, and otherwise manage business risks.

We may share data with applicable regulators, if and when requested; FCA, Financial Ombudsman, HMRC, The Pensions Regulator, ICO, Home Office, AFM, Belastingdienst.

We may share contact details including email address and name with Trustpilot for the purpose of collecting feedback to improve our services.

Payments to us may be processed by our payment service providers from time to time, which include Stripe (for credit and debit card payments), GoCardless (for direct debits) and Premium Credit (for insurance premium financing) ("PSPs"). We may share information with our PSPs to the extent necessary for the purposes of processing payments and refunds, and sending communications related to those payments and refunds. In the case of Premium Credit, we may also provide them with your personal data when introducing you to them. You should separately review the privacy policies and terms of our PSPs which are separate to this privacy notice and should be available on their respective websites.

We use third parties to enable us to provide our services, and these may store personal data, these third parties are:

  • IT services: AWS, Aircall, Heroku, MongoDB, Zapier, Sentry
  • Marketing Services: Doubleclick, Flashtalking, Fullstory, Question Scout (see our Cookie Policy for more information)
  • Client relationship management tools: Hubspot, Trustpilot, Segment, Intercom, Zendesk, Cognism
  • Data analysis: Google, Snowflake, Materialize, Confluent, Tableau, Gamma, Beauhurst, Crunchbase, Hightouch, Prefect, Stitch, Streamlit
  • Payment services: Stripe, GoCardless, Chargebee
  • Social Media services: Facebook, Linkedin, Twitter, Youtube, Instagram, Tiktok ("Third Party Data Processors").

We enter into agreements with Third Party Data Processors, which state that personal data will not be processed for any purpose other than as stated in our respective privacy policies.

International transfers of data outside the European Economic Area

The data storage facilities of some of our Third Party Data Processors are located in the USA. We enter into standard data protection clauses approved by the European Commission, a copy of which can be found on the Third Party Data Processors' respective websites to ensure protection of your personal data outside of Europe

Retention of personal data

We will retain your personal information for as long as you are our customer. If you decide to not renew your insurance with us or you decide not to go ahead with an application for our products and services, we will only keep your personal data for a period of time that is appropriate for the type of personal data and the reasons why we collected it for.

We will retain your Account Data for the following purposes;

  • maintaining our business records for analysis or audit purposes;
  • comply with our legal and regulatory record keeping requirements (i.e. fraud management)
  • defend or take legal action;
  • Manage our marketing suppression lists for those who no longer wish to receive marketing from us;
  • Manage any complaints about our products and services we have provided you;
  • Assess the effectiveness of any marketing messages we may have sent you.

The periods for which we will retain your personal information will typically fall into the following categories;

  • Your account data will be retained for a minimum of 7 years after closure. However, there may be instances where we are required to extend this time period to manage complaints / queries you may have or to meet our legal and regulatory requirements.
  • Personal data related to incomplete applications will be retained for a maximum of 2 years, unless you opted in to receive marketing emails.
  • Personal data collected through our website (i.e. cookies and related technologies) will be deleted as soon as it is no longer required.

Your individual rights

As the data subject you have the right to:

  • Request access to your personal information (commonly known as a data subject access request). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. -You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.
  • Right to withdraw consent, where it is relied upon to process your personal data.

You can exercise any rights, including modification or withdrawal of consent to send you marketing communications at any time by sending an email to privacy@gosuperscript.com or by post addressed to The Data Protection Officer at our local address as mentioned above.

Please note that we reserve the right to charge a reasonable fee to cover the administrative cost of providing the information or refuse to respond if your request is manifestly unfounded or excessive.

Complaints

You are entitled to complain to Superscript or your Data Protection Authority. We’re keen to make sure any concerns are dealt with, so please contact us at privacy@gosuperscript.com if you have any questions or concerns about how your information is used.

Our website may contain links to other websites. However, once you've used these links to leave our website, you should note that we don't have any control over that other website. Therefore, we can't be responsible for the protection and privacy of any information you provide whilst visiting third party websites and those other websites aren't governed by this privacy notice.