Privacy Policy

About us


FloodFlash Limited (“FloodFlash”, “we”, “our” or “us”) is the Data Controller for any personal data you provide to us. We are registered in England and Wales under company number 10390196 with our Registered Office at 9th Floor, 107 Cheapside, London, EC2V 6DN. We can be found on the Information Commissioner’s Register of Data Controllers under reference number ZA266635. We are also authorised and regulated by the Financial Conduct Authority under firm reference number 784452. We are committed to ensuring that our customer’s privacy is protected and to complying with data protection laws. All personal information about a customer (“you” or “your”) will be treated as private and confidential and only in accordance with this policy. Please read this privacy policy carefully as it provides information about how we use personal data and the rights available to you under relevant data protection laws.


Layered approach


At FloodFlash, we use a layered approach to delivering information about data protection through:

  1. This privacy policy and

  2. The London Market Core Uses Information Notice . This Notice provides further information on how personal data is used within the insurance market.


How we may collect information about you


We may receive information about you from any of the following sources:

  • When you or your representative visits our website (, makes an enquiry or registers with us. This information may consist of basic information such as your name and contact details, for the purpose of responding to any query raised, plus for analytics and information security purposes.

  • When you or your representative obtains a quote, incepts, renews or amends a policy or makes a claim. This information may consist of the following personal information:

    • your name, contact details (including home address, telephone number and email address) and date of birth,

    • all other personal information that is provided to us when completing an application for a quote for any policy, including (as necessary) any sensitive information (e.g. information about your financial details, any previous convictions or policy voidances etc.),

    • details of all previous quotes for policies requested from us,

    • details of all policies held with us including dates of purchase, lapse and cancellation,

    • details of claims on policies held with us,

    • your payment history relating to policies held with us,

    • correspondence, or a record of it, if you should contact us and

    • surveys that you complete.

  • From third parties such as credit reference or debt collection agencies (e.g. to confirm your personal data).

  • From insurers, brokers, other insurance market participants, witnesses, third parties, solicitors (e.g. for details relating to an event that is the cause of a claim).

  • When we speak on the phone, we may record our conversation as a record of transaction to prevent fraud.

  • We may record any special requirements that you express or otherwise make known to us.

If you provide us with information on behalf of a third party, you confirm that the third party has appointed you to act on their behalf and/or that you are able to process their personal data in accordance with relevant data protection laws.

It is important that we keep your personal data accurate and up to date and so we ask you to provide accurate information and inform us of any changes.


Why we collect personal data


We are required by data protection laws to have a legitimate reason to process and use your personal data. FloodFlash Limited may use your personal information for the following purposes:

  • quoting, incepting and renewing of an insurance policy,

  • administration and maintenance of your insurance policy,

  • contacting you in the event of a claim,

  • to verify the information provided,

  • to assess your financial standing,

  • to assist you with enquiries,

  • to assess and process claims,

  • to defend ourselves against or make any legal claims,

  • to comply with our legal or regulatory obligations, including: identity and other verification checks, anti-money laundering, anti-fraud, counter-terrorist,

  • to facilitate our quality and compliance monitoring and reporting,

  • where we have lawful purpose for processing your data e.g. for maintaining our accounts and records, gathering market intelligence in order to develop and improve our products and services and

  • to contact you for marketing purposes such as keeping you informed of our product range and providing you with market commentary (see marketing section below for further details).

Sharing and safeguarding your personal data

In order to prevent unauthorised access or disclosure, we have put in place a number of physical, electronic and managerial procedures to safeguard and secure all personal data supplied to us. All personal data are stored on secure servers and only accessed and used in line with our data protection policies and procedures. Your personal data will only be accessed by our employees or authorised third parties who require the information for their business purposes.

Authorised third parties

In circumstances where it is necessary to share your personal data with a third party, there are contractual agreements in place to ensure the security and confidentiality of your personal data and the information will only be used for the specific purpose for which it has been provided to them. Examples of third parties we may share your personal data with include:

  • underwriters of any policies you purchase,

  • companies FloodFlash use to help us deliver our service,

  • with another company, if we were to merge with them or were acquired by them and,

  • anyone you have consented to provide information to.

Any data sharing with third parties will follow applicable data protection laws.

Governmental, legal and regulatory bodies

It may be necessary for us to share your personal data with financial and regulatory organisations (e.g. the Financial Ombudsman Service, the Financial Conduct Authority, the Information Commissioner’s Office) or law enforcement agencies (including courts) in order to assist them with enquiries, investigations or proceedings and ensure our compliance with our regulatory and legal requirements. As a financial services company, we are required to have certain processes in place with regards to anti-bribery and corruption, money laundering and fraud. If any criminal offence is detected or suspected, we may share data with third parties (e.g. law enforcement agencies, fraud prevention agencies, anti-money laundering agencies) in order to prevent crime or aid investigations if crime is identified. We may also access this data as part of our ‘Know Your Client’ procedures to establish the parties we are dealing with and when assessing a claim payment in order to prevent criminal offences.

International transfers

The data we collect from you may be transferred to and stored somewhere outside the UK and the European Economic Area (“EEA”). It may also be processed by staff outside the UK and the EEA who work for us or one of our suppliers. The parties we send your information to are obliged to comply with data protection laws, regulations and standards and, where we make a transfer of your personal information outside of the EEA, we will take the required steps to ensure that your personal information is protected. This will be either by means of approved Standard Contractual Clauses or an adequacy decision with regard to the relevant third country.

Retention of your personal data

We will only keep your personal data for as long as is reasonably necessary for the relevant purposes set out in this privacy policy or when we are obliged to do so in order to comply with legal or regulatory requirements. The amount of time we retain your data for depends on the nature of the personal data and what we require it for. When your personal data is no longer required, we will ensure it is securely deleted.


Links to other websites


Our services may contain links to and from other websites and services. We are not responsible for the privacy practices or the content of any third-party sites. Please check the individual privacy policy of any such websites or services before you submit any personal information to them.


Direct Marketing


We may contact you by email or telephone for our legitimate marketing purposes, including letting you know about other products and services. With your consent (as necessary), we may from time to time contact you by SMS or email with details of other products and services, provided you have not opted-out, which you can do by means of following the opt-out link in our emails and text messages. You may be automatically subscribed to our newsletter if you are using a corporate email address.

If you would like to opt-out of receiving marketing correspondence of any kind, you can also let us know at any time by writing to us, emailing or by calling the number at the bottom of this page.




This website uses cookies and weblog files to track site usage and trends. A cookie is a small data file, typically of letters and numbers, downloaded to a device when you access certain Websites.

The only cookies we use are for analysing the usage of our service. For example, they allow us to count the number of visitors and identify which pages are being viewed or used. We do this with the sole purpose of analysing data about webpage traffic and to improve our services, to tailor it to our customers’ needs and improve the performance and experience.

We use Google Analytics to help analyse use of our website. These analytical tools collect standard internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the website (including your IP address) is transmitted to Google. This information is then used to evaluate visitors’ use of the service and to compile statistical reports on activity and usage. These services each have their own privacy policies which should be consulted for further information.

You can consent to and manage cookies using the cookie banner on our website.


Your rights


You have a number of rights relating to personal information about you that we hold in our records:

You have the right to obtain from us a confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain information about the circumstances of processing.

You have the right to have any inaccurate personal data rectified. If you believe this might be the case, please contact us and we will update or remove any information found to be incorrect or incomplete.

If you haven’t bought a policy with us, you can ask us to delete your information. We need to keep some information in certain circumstances for the detection and prevention of fraud, to check the accuracy of any information we’ve provided (like quotes for example) or in case of any future disputes.

In those cases, we’ll retain the minimum information needed in the circumstances. To do this, we keep your conversation history, name, date of birth, any legal terms you’ve agreed to and a copy of the quotes we’ve issued.

If you have brought a policy with us, we may not be able to erase most of the data that we hold about you. This is because the data will continue to be necessary for us to perform the contract with you, and for the reasons of fraud prevention and the making of- and defence against claims.

You have a right to restrict the processing of your personal data in certain circumstances. This means you can limit the way we use your data and is an alternative to requesting the erasure of your data. For example, we could securely and temporarily store your data in another system if you contest its accuracy and we need to verify it.

You have a right to get a copy of the personal data we hold about you. We’ll provide your data in a standard portable format. If you have any trouble understanding the data, let us know and we will help.

We won’t usually charge a fee for providing that information but may do in certain circumstances. For example, if you make repetitive requests for information, we may charge a small fee or refuse your request.

There are some circumstances where we may be required to restrict your rights in order to safeguard the public or our own interests. For further information regarding your rights, please visit the Information Commissioner’s Office’s website or click on the links provided above.




If you have any questions regarding privacy, how we use personal data, or wish to exercise any of your rights, please contact us via email at or by writing to Head of Compliance, FloodFlash Limited, 18 East Tenter Street, London E1 8DN.

You may contact our Data Protection Officer Aphaia Ltd at

If you have made a complaint and are still unhappy, or have concerns about how we manage personal data, you can contact the Information Commissioners Office




We may change this Privacy Policy from time to time by updating this page. You should check this page regularly to ensure that you are happy with any changes. We will also notify you of any changes. This privacy policy was last updated on 03/02/2023.