Privacy policy

Introduction

This UK Privacy Policy (“Policy”) applies to MIF Holdings Limited trading as Longbrook Insurance and each company controlled by it (“Longbrook Insurance”, “we”, “us”) and sets out how we collect, use, process and share personal data that is subject to applicable data protection laws. Longbrook Insurance is the data controller over this personal data. If you have any questions about this Policy, please refer to the “Contact Us” section below.

Third-party links

Our website may contain links to other websites operated by other organisations. If you follow a link to any of those third-party websites, please note that they have their own privacy notices. We are not responsible for their notices or their processing of your personal information. Please check these notices before you submit any personal information to them.

Information we collect about you

We will collect the process all or some of the following information about you:

Information you provide to us about yourself: Personal data that you provide to us, such as when you submit a query via the “Contact Us” form or sign up to alerts or other communications, including your name, your company, email address, telephone number, company address, domain and IP address.
Website and communication usage: details of your visits to our website and information collected through cookies and other tracking technologies including, but not limited to, your IP address, domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access. For more information about cookies, please see our Cookie Policy.
Correspondence between us: if you contact us, we will typically keep a record of that correspondence.
Third-party sources: we might receive information from third parties relevant to the services we are providing such as fraud prevention bodies. We may also collect information you have allowed to be publicly available, such as Companies House.

Why we use your information

When we use your personal data for the purposes outlined in this Policy we must have a lawful basis to do so. We will generally rely on one or more of the following lawful bases:

Legitimate interest: This is relevant where we use your personal data where it is necessary for our legitimate interests and does not override your rights.
Compliance with law or regulation: This is relevant where we use your personal data where necessary to comply with applicable laws.
Performance of a contract: This is relevant where we collect and use your personal data where necessary to enter into a contract directly with you or to perform our obligations under a contract directly with you.
Consent: This is relevant where we need your consent to use your personal data. However, we do not usually need your consent if there is another legal basis as above. You can withdraw your consent by contacting us (please refer to the “Contact Us” section below).

We have set out below the purposes for which we use your personal data and the legal bases we rely on to do so.

Purpose/Use	Type of data	Legal basis
Communicate with you in relation to a contract between us and/or your company and deal with or investigate any complaints or queries	Identity Contact information Transaction data	Necessary for our legitimate interests to maintain our relationship with you as and when necessary, unless we have a contract with you in which case we rely on performance of a contract.
Client management and business administration purposes	Identity Contact information Our correspondence Transaction data	Necessary for our legitimate interests to manage our business relationship and provide our services to you and/or your company unless we have a contract with you in which case we rely on performance of a contract. This may involve the processing of special categories of personal data and/or criminal convictions and offences data. We rely on the lawful basis of substantial public interest (prevention and detection of crime) to process any such personal data.
Market research, analytics and new product development	Identity Contact information Transaction data Our correspondence	Necessary for our legitimate interests to understand the business needs of our clients and undertake market insight to improve our business services and support product development. We may anonymise your personal data for this purpose.
Provide information about our activities, events and developments and marketing materials where you have chosen to receive these	Identity Contact information	Necessary for our legitimate interests to maintain our relationship with you as and when necessary. Depending on the type of marketing and our relationship with you, we may ask for your consent at the time we collect your Personal Data.
For legal and regulatory purposes, including to undertake continuing checks, monitoring and audits to ensure service quality and compliance with laws, policies and procedures	Identity (including KYC data) Contact information	Necessary for our legitimate interests to ensure the quality of our services and compliance with laws that require us to conduct these activities, for example where required for the prevention and mitigation of fraud and other financial crimes. This may involve the processing of special categories of personal data and/or criminal convictions and offences data. We rely on the lawful basis of substantial public interest (prevention and detection of crime) to process any such personal data.
Business restructuring, including in the context of sales, transfers, mergers and acquisitions	Identity (including KYC data) Contact information Our communication Transaction data Website usage	Necessary for our legitimate interest to allow us to restructure our business.
For the management and maintenance of our website	IP address Domain name Browser version and operating system Traffic and location data Web usage data including cookie data Our correspondence	Necessary for our legitimate interests to allow us to provide you with the content on our website, maintain and manage information technology services, data and network security and for fraud prevention Consent where required by applicable laws, for example, in relation to personal data obtained from non-essential cookies

Who we share your personal data with

We may share your personal data outside our organisation including with the following third parties:

Our suppliers or contractors, for the purposes described in this Policy. Suppliers and contractors include providers of archival, auditing, accounting, customer contact, legal, business consulting, banking, payment, delivery, data processing, data analysis, information broking, mailing, marketing, research, investigation, insurance, identity verification, brokerage, maintenance, trustee, securitisation, recruitment, website and technology services.
To potential investors or purchasers of any part of our business or to third parties with which we enter into joint venture arrangement or distribution arrangements.
To other third-parties where required to do so by law, such as in connection with any legal proceedings or prospective legal proceedings, law enforcement purposes, or in order to establish, exercise or defend our legal rights including providing information to others for the purposes of fraud prevention and reducing credit risk.

In some circumstances, the parties to whom we disclose personal information may operate outside the UK and the European Union (“EU”). Where we transfer your personal data outside the UK or the EU, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the personal data, as some countries may not protect personal data in the same way as the UK or EU. Broadly these are:

The country to which we send the personal data may be approved by the UK or EU for receiving personal information. All EU and European Economic Area (“EEA”) countries are approved by the UK and the UK is approved by the EU/EEA.
The recipient may have signed a contract based on “standard contractual clauses” approved by the UK or EU which require the recipient to protect your personal data.
We may be legally permitted to transfer your personal information outside the UK or the EU using other methods.

How long we hold your data for

How long we keep your personal data will depend on our business needs and any legal requirements to keep the personal information in question. Your personal data will only be held by us for as long as is necessary for the purposes it was collected for. We may continue to retain it after we have ceased such uses for certain legitimate business purposes. We may also continue to retain personal data to meet our legal requirements or to defend or exercise our legal rights.

Keeping information secure

We maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal information in accordance with legal requirements.

Dealing with Longbrook Insurance online

For all visitors to our website, we use cookies and other web browser technologies to collect information such as the server your computer is logged on to, your browser type (for example, Chrome or Firefox), and your IP address. (see the “Cookies” section below).

Cookies

Please refer to the Longbrook Cookie Policy for information on how we use cookies and similar tracking technologies.

Website host

This website is hosted by Squarespace. Squarespace collects personal data when you visit this website in accordance with the Squarespace Privacy Policy.

Your rights if you are in the UK or the European Union

You generally have the right to request us to:

provide you with a copy of your personal data.
update any inaccuracies in the personal data we hold.
delete any personal data we no longer have a lawful basis to use.
where processing is based on consent, to withdraw your consent. This means we stop that particular processing, but it will not affect the validity of the processing based on your consent before you withdrew it.
to ask us to transmit the personal data you have provided to us and we still hold about you to a third party electronically.
object to any processing based on the legitimate interests legal ground for reasons connected to your individual situation. However, we have the right to continue this processing if we believe we have a legitimate overriding reason to continue.
restrict how we use your personal data whilst a complaint is being investigated.
stop sending you marketing communications.

You also have the right not to be subject to a decision when it’s based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.

Please note that there may be circumstances where the right you have requested does not apply, or does not apply in full.

Please email enquiries@longbrookinsurance.com to exercise any of these rights.

Contact us

Longbook Insurance is registered in England with company number 10140440 and registered office and principal place of business at Ropemaker Place, 28 Ropemaker Street, London, EC2Y 9HD.

If you have any questions or complaints regarding privacy or information handling, please write to enquiries@longbrookinsurance.com.

If your concerns are not resolved to your satisfaction, you may be able to escalate your complaint to an external dispute resolution scheme or to a regulatory authority (if you are in the European Union or United Kingdom, you may contact one of the data protection regulators found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080 or here: https://ico.org.uk/).

Changes to this Policy

We keep this Policy under regular review. The information on this page was last updated in November 2025.