Privacy and cookie policy


How we use your information

Your privacy is important to us and we are committed to keeping it protected. We have created this Customer Privacy Notice which will explain how we use the information we collect about you and how you can exercise your data protection rights. This Privacy Notice will help you understand the following:

Who are we?

We are Royal & Sun Alliance Insurance plc (RSA), we provide commercial and consumer insurance products and services under a number of brands, such as MORE THAN. We also provide insurance services in partnership with other companies.

Why do we collect and use your personal information?

As an insurer, we need your personal information to understand the level of insurance cover you require. We’ll use this information (e.g. your name, address, telephone number and email address) to communicate with you and if you have agreed, to send you news and offers related to our products and services.

We need to use your information to create a quote for you, allowing you to buy insurance products from us. When buying a product from us, you’ll also need to provide us with details about the items you wish to be covered by the insurance (e.g. car make and model, your home).

We may need to check information you have submitted with external companies/organisations (e.g. the DVLA, the Motor Insurance Database, credit reference agencies and criminal conviction checks.) When buying certain products, sometimes we will ask for special categories of personal data (e.g. driving offences for motor insurance, medical records in case of injury).

Once you become a customer, we’ll need to take your payment details to set up your cover. This could be direct debit, credit or debit card information. To service your policy, we might contact you via our website, emails, telephone calls or post. When using these services we might record additional information, such as passwords, online identifiers and call recordings.

For some of our products, we may collect information through smart sensors to assess your insurance needs (e.g. a black box installed in your vehicle when you buy a telematics driving product, which collects and uses geo-location and driving behaviour data).

If you need to claim against your insurance policy, we will need to collect information about the incident and this may be shared with other selected companies to help process the claim. If other people are involved in the incident, we may also need to collect additional information about them which can include special categories of personal data (e.g. injury and health data).

In submitting an application to us, you may provide us with equivalent or substantially similar information relating to other proposed beneficiaries under the policy.  You agree that you will bring this Privacy Notice to the attention of each beneficiary at the earliest possible opportunity.

Data protection laws require us to meet certain conditions before we are allowed to use your personal information in the manner described in this Privacy Notice.  To use your personal information, we will rely on one or more of the following grounds:

  • Performance of contract: We need to use your personal information in order to provide you with the policy (which is a contract of insurance between you and us), and perform our obligations under it (such as making payments to you in respect of a claim made under the policy).
  • Consent: In certain circumstances, we may need your consent unless authorised by law in order to use personal information about you which is classed as "special categories of personal data".

For marketing, you will always be given a choice over the use of your data.  

  • Necessity to establish, exercise or defend legal claim: If you, or we, bring a legal claim (e.g. a court action) against the other, we may use your information in either establishing our position, or defending ourselves in relation to that legal claim.   
  • Compliance with a legal obligation: Where laws or regulations may require us to use your personal information in certain ways.
  • Legitimate Interests: We will also process your personal information where this processing is in our "legitimate interests". When relying on this condition, we are required to carry out a balancing test of our interests in using your personal information (for example, carrying out market research), against the interests you have as a citizen and the rights you have under data protection laws.  The outcome of this balancing test will determine whether we can use your personal information in the ways described in this Privacy Notice.  We will always act reasonably and give full and proper consideration to your interests in carrying out this balancing test.

Where else do we collect information about you?

Where possible, we’ll collect your personal information directly from you. However, on occasion we may receive details about you from other people or companies. For example, this might happen if:

  • It was given to us by someone who applied for an insurance product on your behalf (e.g. an insurance broker, a family member) where you have given them the permission to do so; or
  • It was supplied to us when you purchased an insurance product or service that is provided by us in partnership with other companies; or
  • It was lawfully collected from other sources (e.g. Motor Insurance Database, Claims and Underwriting Exchange or fraud prevention databases) to validate the information you have provided to us.

We request those third parties to comply with data protection laws and to be transparent about any such disclosures.  If you would like some further information, please contact us.

Will we share your personal information with anyone else?

We do not disclose your information outside of RSA except:

  • Where we need to check the information you gave to us before we can offer you an insurance product (e.g. reference agencies);
  • Where we are required or permitted to do so by law or relevant regulatory authority (e.g. financial crime screening, fraud detection/prevention);
  • Where we provide insurance services in partnership with other companies (e.g. building societies, large retailers);
  • In the event that we are bought or we sell any business or assets, in which case we will disclose your personal information to the prospective buyer of such business or assets;
  • As required to enforce or apply this Privacy Notice, or the contract of insurance itself;
  • Within our group for administrative purposes;
  • As required in order to give effect to contractual arrangements we have in place with any insurance broker and/or intermediary through which you have arranged this policy;
  • With healthcare providers in the context of any relevant claim being made against your policy;
  • If we appoint a third party to process and settle claims under the policy on our behalf, in which case we will make your personal information available to them for the purposes of processing and settling such claims;
  • With our third party service providers (including hosting/storage providers, research agencies, technology suppliers etc.);
  • With our reinsurers (and brokers of reinsurers) in connection with the normal operation of our business;

Sometimes your personal information may be sent to other parties outside of the European Economic Area (EEA) in connection with the purposes set out above.  We will take all reasonable steps to ensure that your personal information is treated securely and in accordance with this Privacy Notice, and in doing so may rely on certain "transfer mechanisms" such as the EU-US Privacy Shield, and the standard contractual clauses approved by the European Commission.  If you would like further information please contact us.

Which decisions made about you will be automated?

Before we can offer you an insurance product or service, we may need to conduct the following activities, which involve automated (computer based) decision-making:

  • Pricing and Underwriting – this process calculates the insurance risks based on the information that you have supplied. This will be used to calculate the premium you will have to pay.
  • Credit Referencing – using the information given, calculations are performed to evaluate your credit rating. This rating will help us to evaluate your ability to pay for the quoted products and services.
  • Smart Sensor Data Analytics – an insurance product that collects your information using smart sensors (e.g. in car black box) to calculate your insurance risk (e.g. driving score). This may then be used to determine your policy rewards (e.g. cash back for safe driving) and to calculate your policy renewal premium.
  • Automated Claims – some small claims may qualify for automated processing, which will check the information you provide, resulting in a settlement or rejection of your claim.

The results of these automated decision-making processes may limit the products and services we can offer you. If you do not agree with the result, you have the right to request that we perform a manual reassessment using the same information that you originally provided. If you wish to do so please contact us

For how long will we keep your information?

Your personal information will be retained under one or more of the following criteria:

  • Where the personal information is used to provide you with the correct insurance cover, which will be kept as long as it is required to fulfil the conditions of the insurance contract.
  • Where the use of your personal information for a specific purpose is based on your consent, it will be kept for as long as we continue to have your consent (e.g. we would stop contacting you for marketing purposes once you have asked us to).
  • Where, for a limited period of time, we are using some of your information to improve the products or services we provide.
  • For as long as your information is required to allow us to conduct fraud and/or criminal checks and investigations.

Will you be contacted for marketing purposes?

If you have agreed, we might contact you by post, email, phone and text message to let you know about offers and services we think you’ll like. The messages may be personalised using information you have previously provided us.

You can ask us to stop contacting you for marketing purposes at any point.

We will only contact you for marketing purposes if we collected your information directly, except when authorised and instructed by the third-party acting on your behalf.

We may use the information which we collect about you to show you relevant advertising on third-party websites (e.g. Facebook, and Google). This could involve showing you an advertising message where through the use of cookies, we know you have browsed our products and services. If you don’t want to be shown targeted advertising messages from us, you can change the advertising setting on some third-party sites and some browsers to block our adverts.

Your information is incorrect what should you do?

If you hold a product or service with us and think that the information we hold about you is incorrect or incomplete, please contact us and we will be happy to update it for you.

What are your rights over the information that is held by RSA?

We understand that your personal information is important to you, therefore you may request the following from us to:

1. Provide you with details about the personal information we hold about you, as well as a copy of the information itself in a commonly used format.

2. Request your personal information be deleted where you believe it is no longer required. Please note however, we may not be able to comply with this request in full where, for example, you are still insured with us and the information is required to fulfil the conditions of the insurance contract.

3. Request the electronic version of the personal information you have supplied to us, so it can be provided to another company. We would provide the information in a commonly used electronic format. [Request Ref: DSR 3]

4. Request to restrict the use of your information by us, under the following circumstances [Request Ref: DSR 4]:

a. If you believe that the information we hold about you is inaccurate, or;

b. If you believe that our processing activities are unlawful and you do not want your information to be deleted.

c. Where we no longer need to use your information for the purposes set out in this Privacy Notice, but it is required for the establishment, exercise or defence of a legal claim.

d. Where you have made an objection to us (in accordance with section 5 below), pending the outcome of any assessment we make regarding your objection.

5. Object to the processing of your data under the following circumstances [Request Ref: DSR 5]:

a. Where we believe it is in the public interest to use your information in a particular way, but you disagree.

b. Where we have told you we are using your data for our legitimate business interests and you believe we shouldn’t be (e.g. you were in the background of a promotional video but you did not agree to be in it.)

In each case under section 5 above, we will stop using your information unless we can reasonably demonstrate legitimate grounds for continuing to use it in the manner you are objecting to.

If you would like to request any of the above, please contact us and submit a written request, including the request reference (e.g. DSR 1), as this will speed up your request. To ensure that we do not disclose your personal information to someone who is not entitled to it, when you are making the request we may ask you to provide us with:

  • Your name;
  • Address(es);
  • Date of birth;
  • Any policy IDs or reference numbers that you have along with a copy of your photo identification.

All requests are free of charge, although for requests for the provision of personal information we hold about you (DSR1) we reserve the right to charge a reasonable administrative fee where, we believe an excessive number of requests are being made. Wherever possible, we will respond within one month from receipt of the request, but if we don’t, we will notify you of anticipated timelines ahead of the one month deadline. 

Please note that simply submitting a request doesn’t necessarily mean we will be able to fulfil it in full on every occasion – we are sometimes bound by law which can prevent us fulfilling some requests in their entirety, but when this is the case we will explain this to you in our response.

Our Privacy Notice

If you have any queries regarding our Privacy Notice please contact us and we will be happy to discuss any query with you. Our Privacy Notice will be updated from time to time so please check it each time you submit personal information to us or renew your insurance policy.

How you can contact us about this Privacy Notice

If you have any questions or comments about this Privacy Notice please contact:

The Data Protection Officer
Bowling Mill
Dean Clough Industrial Park

You may also email us at

How you can lodge a complaint

If you wish to raise a complaint on how we have handled your personal information, please send an email to or write to us using the address provided. Our Data Protection Officer will investigate your complaint and will give you additional information about how it will be handled. We aim to respond in a reasonable time, normally 30 days.

If you are not satisfied with our response or believe we are not processing your personal information in compliance with UK Data Protection laws, you may lodge a complaint to the Information Commissioner’s Office, whose contact details are;

Information Commissioner’s Office
Wycliffe House
Water Lane

Call charges

0345 / 0344 / 0343 / 0330 numbers will be charged at your local rate. 0800 telephone numbers are free and 0844 numbers are charged at 5p per minute from a BT Landline. Other provider's charges, including calls from mobile phones, will vary depending on your network rate


Cookies are small text files placed on your computer and are commonly used on the internet. There are various types of cookies which perform different functions, such as remembering which items you have placed in your shopping basket or analysing your browsing behaviour to enable advertisers to present you with adverts more relevant to you and your interests.

For more information about cookies, visit

Accepting or rejecting cookies

Most web browsers will accept cookies, but if you would prefer we did not collect data by this method, you can disable this function within your browser settings. If you want to delete any cookies that are already on your computer, please refer to the instructions for your file management software to locate the file or directory that stores cookies.

We use cookies to:

  • Collect information that will help us to distinguish visitors, to understand visitors’ browsing habits on our website and to improve their experience.
  • Compile statistical reports on website activity e.g. numbers of visitors and the pages they visit.
  • Collect information that will allow us to tailor advertising to make it more relevant for you, based on your previous interactions with our website.
  • Remember information about you when you visit our site. Some of the cookies are essential in order to provide our services to you.

Below, we have set out the four categories of cookies that we use on our websites. These cookies are:

Some of our websites also include third party cookies, which are cookies not set by RSA. In each of the four categories above, we have specified where third party cookies are used.

The following types of cookies may be used during your visit to our website:


Strictly necessary cookies

These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies, services you've asked for, such as obtaining a quote or logging into your account, cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.

We use the following first party cookies which are strictly necessary:

  • ASP.NET_SessionId
  • parentHandle
  • Q
  • TS01 
  • -un-ss- 
  • -un-ws-

There are no third party cookies in this category.

We update our site frequently and sometimes that involves some changes in the cookies we have listed above. We try our best to keep this list up-to-date.

Performance cookies

These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. They also allow us to record and count the number of visitors to the website, all of which enables us to see how visitors use the website in order to improve the way that our website works.

These cookies do not collect information that identifies a visitor, as all information these cookies collect is anonymous and is only used to improve how our website works.

We use the following first party cookies for performance. Some of them may also appear as third party cookies:

Adobe Analytics

  • s_vi
  • s_cc
  • s_ev21
  • s_sq
  • s_vnum
  • s_lv
  • s_fid
  • s_ppv
  • s_ppvl
  • s_ptc​

Adobe Target

  • mbox
  • mboxPC
  • mboxSession
  • mboxNoLogging

Adobe DTM

DTM does not create cookies by default, but if certain functionality is leveraged, the following cookies will be set.

Predefined cookies (these will only be set if a condition is set in a rule that needs to use them):

  • _sdsat_landing_page
  • _sdsat_session_count
  • _sdsat_pages_viewed
  • _sdsat_traffic_source

Predefined localStorage settings (again, only set if the client sets them, not set by default):

  • sdsat_debug
  • sdsat_stagingLibrary
  • sdsat_hide_activity

User generated (will be set if a data element or mbox is created that needs them):

  • data element: ‘_sdsat_’ + data element name
  • mbox: ‘_sdsat_mbox_’  + random value


Google Analytics

  • _ga        
  • _gid      
  • _gat      
  • _dc_gtm_<property-id>.
  • _gac_<property-id>
  • __utma
  • __utmt
  • __utmb
  • __utmc
  • __utmz
  • __utmv
  • _setDomainName
  • _setCookiePath
  • _setVisitorCookieTimeout
  • _setSessionCookieTimeout
  • _setCampaignCookieTimeout

_storeGacMore information about Google analytics cookie use

Decibel Insight

  • da_lid 
  • da_sid


  • optimizelyBuckets
  • optimizelyEndUserId
  • optimizelySegments


  • yieldify_iv
  • yieldify_funnel
  • yieldify_visit


  • _qubitTracker
  • qp_permanent
  • qp_session

Adobe Analytics Cookie opt-out

To opt-out of aggregation and analysis of data about your visit to this site, it is necessary to install a cookie on your browser. This cookie identifies that you have opted-out.

If you delete the opt-out cookie, or if you change computer or web browser, you will need to opt-out again.

Opt-out - exclude me from visitor session aggregation and analysis (install the opt-out cookie) Click here to opt-out

Opt-in - include me in visitor session aggregation and analysis (do not install the opt-out cookie) Click here to opt-in

Google Analytics opt-out: browser add-on

Some of these may be set as first or third party cookies, depending on which part of our website you are browsing.

We update our site frequently and sometimes that involves some changes in the cookies we have listed above. We try our best to keep this list up-to-date but due to various technical constraints we can only update this list every three months.

Functionality cookies

These cookies allow our website to remember choices you make (such as your user name, language or the region you're in) and provide enhanced features. For instance, a website may be able to provide you with news or updates relevant to the policies you buy. These cookies can also be used to remember changes you've made to text size, font and other parts of web pages that you can customise.

They may also be used to provide services you have requested such as viewing a video or commenting on a blog. The information these cookies collect is usually anonymised. They do not gather any information about you that could be used for advertising or remember where you have been on the internet

We use the following first party cookies for functionality. Some of them may also appear as third party cookies:

Web chat services

  • SmartMaxUser
  • SmartMaxSession
  • LivePersonID

In addition, some of our partners may use third party cookies in this category. We update our site frequently and sometimes that involves some changes in the cookies we have listed above. We try our best to keep this list up-to-date but due to various technical constraints we can only update this list every three months.

Targeting cookies

These cookies collect several pieces of information about your browsing habits. They are usually placed by advertising networks rather than website operators. They remember that you have visited a website and share this information with other organisations such as advertisers. They do this in order to provide you with targeted adverts more relevant to you and your interests. Quite often they will be linked to site functionality provided by the other organisation. Although the cookies can track your visits around the web they do not usually know who you are.

Without these cookies, online advertisements you encounter will be less relevant to you and your interests. These cookies will usually be third party cookies, although if you are visiting the advertising network's own website, it is technically possible these could be first party cookies. These cookies can be associated with services provided by the third party, but this is not always the case. All information these cookies collect is anonymised, although they contain a unique key that is able to distinguish individual user browsing habits or store a code that can be translated into a set of browsing habits or preferences. Generally speaking the third party’s Privacy policy on their website will indicate if the cookie is being used as part of an advertising network.

Examples include:

  • Cookies placed by advertising networks to collect browsing habits in order to target relevant adverts to you. The site you are visiting need not actually be serving adverts, but often this will also be the case.
  • Cookies placed by advertising networks to complement services used by website operators to increase functionality, for example, commenting on a blog, adding a site to your social network, providing maps or counters of visitors to a site. We do not use any first party cookies for targeting, however some of our partners may use third party cookies in this category.


  • MediaMath cookies  set on mathtag.commt_misc 
  • mt_mop 
  • uuid 
  • uuidc
  • HRL8


  • DSID
  • IDE
  • NID
  • SID
  • _UID
  • FLC
  • AID
  • TAID

Learn more about the types of cookies used by Google.


AppNexus cookies set on the domain

  • Uuid2
  • Sess
  • Icu
  • Anj

Learn more about what these cookies do.


Quantcast cookies set on the domain:

  • d
  • mc

Fresh Relevance

  • tms_VisitorID

This cookie is used to identify each shopper and attributes site interactions to them. The cookie is set to expire after 80 weeks, which is extended each time the shopper visits the site. If they don't return to the site within that period, the cookie will be automatically deleted.

  • tms_wsid

This is a housekeeping cookie set to expire after 30 minutes and works in conjunction with the tms_VisitorID cookie to capture shopper activity.

  • tms_ft

This is a temporary cookie which lasts only for the duration of the browsing session. It is used to show the Trace Bar on the site when the Diagnostics: Open Your Website With Cart Trace link is clicked from the Settings | Settings Home page in Fresh Relevance. Therefore, it will not be seen by shoppers.

  • newsPopUp

This is the default cookie used by PopOver SmartBlocks to suppress a PopOver x days after it is last seen, where x is configurable for each PopOver. The duration is also the same value as x.

For more information about how cookies work, you can also visit this Wikipedia page.

Information on deleting or controlling cookies is also available at

Please note that if you disable cookies, our website functionality may be impaired and prevent you from obtaining a quotation or completing your purchase online.