Privacy and Cookies Policy – UK


This Privacy and Cookie Policy explains how the Company uses the personal data we collect about all individuals that have dealings with the Pro Group. This includes but is not limited to clients, customers, data subjects, all staff, contractors and consultants, agents and subsidiaries acting for or on behalf of the Company.

We take the security of all personal data very seriously. We use a combination of technical, organisational and physical security measures to protect your personal data in line with our obligations under data protection law. Our employees receive training to help us comply with data protection law and safeguard your privacy.

This policy is issued on behalf of Pro Group Holdings Ltd. When we mention ‘Pro’, ‘us’, ‘we’, ‘our’ we mean the relevant company that processes the data within the Pro Group.


When we use the term ‘personal data’ we mean information relating to natural persons who:

  • Can be identified or who are identifiable, directly from the information in question: or
  • Who can be indirectly identified from that information in combination with other information.

Personal data may also include special categories of personal information or criminal conviction or offenses data. These are considered to be more sensitive and we only process them in more limited circumstances.

Understanding our role in relation to the personal data we handle is crucial when ensuring compliance with data protection laws and the fair treatment of individuals.

Depending on what role we perform for you, the Company will either be the:

  •     Data Controller
  •     Data Processor

Data collection and use

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data: includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender;
  • Contact Data: includes billing address, delivery address, email address and telephone numbers;
  • Special Categories of Personal Data: includes race or ethnicity, religious or philosophical beliefs; sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data;
  • Financial Data: includes credit and payment card numbers, bank account details and payment information;
  • Usage Data: includes information about how you use our website, products and services;
  • Marketing Data: includes marketing and communication preferences, information relating to promotions, customer experience and company statistics.

We use different methods to collect data:

  • Direct interactions: data collected directly from an individual by phone, post, email, filling in forms or otherwise.
  • Third parties: data may be exchanged via a third party in relation to your association with us. For example: insurers, brokers, claims handlers, assistance providers, legal advisers, experts and publicly available sources or the authorities (this list is not exhaustive).
  • Automated technologies: when interacting with our website, we will automatically collect technical data about the equipment being used, browsing actions and patterns. We collect this data using cookies and other similar technologies. Please see the ‘Use of Cookies’ below for further details.
  • Hotjar: We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.

Use of Cookies

A cookie is a small text file that is placed and stored on your computer, mobile or other devices by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information about visitor behaviours to the website owner. The cookies collect information in an anonymous form, including the number of visitors to the website, where visitors have come to the website from and the pages they visited.

Before cookies are placed on your computer or device, you will be shown a pop-up prompt requesting your consent to set those cookies. By giving your consent here you are enabling us to provide the best possible experience and service to you. You can opt out of being tracked by Google Analytics across this and all websites by simply downloading this tool from Google: Cookie opt out.

How do we use personal data?

We will only use personal data when the law allows us to. Most commonly, we will use personal data in the following circumstances:

  • Where we need to perform a contract, whether that is directly or indirectly
  • Where it is necessary for our legitimate interests (or those of a third party) and an individual’s interests and fundamental rights do not override those interests
  • Where we need to comply with a legal obligation

Change of Purpose: We will only use the personal data for the purposes for which it was collected, if wider use is desired, we would require new consent from the individual.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Disclosure of Personal Data

We may share data with other companies in our group, affiliate businesses and with third party service providers (data processors), such as insurance providers, compliance, and other agents relevant to the business activity. Where any of the data is required for such a purpose, we will take reasonable steps to ensure that the data will be handled safely, securely and in accordance with individuals rights, our obligations and the obligations of the third party under the applicable law.

We have an obligation to disclose data in the following four examples permitted by law, and the other situations set out below. These are:

  • Where we are legally compelled to do so;
  • Where there is a duty to the public to disclose;
  • Where disclosure is required to protect our interest; and
  • Where disclosure is made at your request or with your consent.

Also, it may be necessary to share your details in the following circumstances:

  • In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets
  • If all the company’s assets are acquired by a third-party, personal data held by us about our customers will be one of the transferred assets

We require all third parties to respect the security of your personal data and to treat it in accordance with the law of the jurisdiction it is handled in. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to use it in accordance with our agreement with them and this policy.

International Transfers

Sometimes we, or third parties acting on our behalf, may need to transfer personal data between jurisdictions. The Company will always take steps to ensure that any transfer of personal data outside of its home jurisdiction is carefully managed to protect privacy rights and ensure that adequate safeguards are in place. This might include transfers to countries that are considered to provide adequate levels of data protection for all personal data (such as countries in the European Union) or putting contractual obligations in place with the party we are sending information to. Transfers within the group will be covered by an agreement entered into by members of the group (an intra-group agreement) which contractually obliges each group company to ensure that personal data receives an adequate and consistent level of protection wherever it is transferred within the group.

Data Security

We have put in place appropriate security measures, policies and procedures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach. We will notify you and the applicable regulator or authority of the breach where we are legally required to do so.


The Company will only retain personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process the data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

To support us in managing how long we hold data and our record management, we maintain a data retention policy which includes clear guidelines on data retention and deletion.

Data Rights

Under certain circumstances, individuals have rights under data protection laws in relation to personal data:

Request access

Data subjects may submit a Subject Access Request to obtain a copy of the personal data that we hold about them in a structured or portable manner.

To make a Subject Access Request please write to:

The Data Protection Officer
Pro Group
Southgate House
Southgate Street
United Kingdom

Or email:

You will need to provide the following documentation for verification purposes:

  • Your full name, address and any reference number related to our work with you
  • Identification documents showing name, address and signature;
    – A copy of your driving license (shows all 3) or
    – A copy of your passport and a recent utility bill or bank statement.

We aim to respond to all valid requests within one month. It may take longer if the request is particularly complicated or if several requests have been made. We’ll always let you know if we think a response will take longer than one month. We may also ask you to provide more detail about what you want to receive or are concerned about.

Request Correction

We do our best to ensure that your personal information is accurate and kept up to date. If you believe your information is inaccurate or incomplete, then please contact us to request that we amend or update it.

Request erasure (right to be forgotten)

You may ask us to erase your personal data, but this right only applies in certain circumstances, e.g. where:

  • it is no longer necessary for us to use your personal data for the original purpose;
  • our lawful basis for using your personal data is consent and you withdraw your consent; or
  • our lawful basis is legitimate interests and there is no overriding legitimate interest to continue using your personal data if you object.

This isn’t an absolute right and we have to balance your request against other factors such as legal or regulatory requirements, which may mean we cannot erase your Personal Information.

Restrict processing

You may ask us to stop using your personal data in certain circumstances such as:

  • where you have contacted us about the accuracy of your personal data and we are checking the accuracy;
  • if you have objected to your personal information being used based on legitimate interests.

This isn’t an absolute right and we may not be able to comply with your request.

Data portability

In some cases, you can ask us to transfer the personal data that you have provided to us to another third party of your choice. This right only applies where:

  • we have justified our use of your personal data based on your consent or the performance of a contract with you; and
  • our use of your personal data is by electronic means.

Withdraw consent

Where we are relying on your consent to process your personal data, you have the right to withdraw this consent. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Make a complaint

If you have any cause for complaint about our use of your personal data, please contact us using we will do our best to solve the problem for you.

How to contact us

If you have any questions about this Privacy & Cookie Policy or our privacy practices, please contact our Data Protection Officer in the following ways:

Write to us:

Data Protection Officer
Pro Group
Southgate House
Southgate Street
United Kingdom

Or email us on:

Your local commission

Pro Group covers many jurisdictions, whilst we predominantly practice the rules under the UK General Data Protection Regulation (UK GDPR), we do adhere to any local niches with the data protection sphere. 

If you have any concerns about the way in which we handle your data, please refer to your local supervisory authority:

  • UK- The Information Commissioner’s Office (ICO)
  • Germany- The Federal Commissioner for Data Protection and Freedom of Information (Bfd)
  • Argentina- Argentinian Data Protection Authority (AAIP)
  • Brazil- National Data Protection Authority (ANPD)
  • US- The United States follows a sectoral approach to data protection There is no all-encompassing federal legislation that ensures the privacy and protection of personal data. Instead, legislation at the federal level primarily protects data within sector-specific contexts. Please see the supervisory authority in your state.


This Privacy & Cookie Policy is updated from time to time to take account of changes in our business activities, legal requirements and to make sure it’s as transparent as possible, so please check back here for the current version.

This Privacy & Cookie Policy was last updated on 30th June 2022.