At SportShield, a trading style of Exchequer Risk Management (EXRM), we are committed to safeguarding your online data and protecting your privacy.

SportShield Privacy Policy

Effective: September 2025

(A) This Policy

This Policy is provided by SportShield (trading style of Exchequer Risk Management Ltd.) and is addressed to individuals outside our organisation with whom we interact, including (but not limited to) clients, prospective clients, partners, and website visitors. Defined terms used in this Policy are explained in Section (N) below.

For the purposes of this Policy, SportShield/EXRM is the Data Controller. Contact details are provided in Section (M) below.

This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of Personal Data, or changes in applicable law. We encourage you to read this Policy carefully, and to regularly check this page to review any changes.

(B) Processing your Personal Data

Collection of Personal Data:

We may collect Personal Data about you, such as your name, address, and contact details. Examples of sources from which we may collect Personal Data include:

When you provide it to us directly (e.g., through our website, email, or telephone).

In the course of our relationship with you, such as arranging or managing sports insurance policies.

From other members of the EXRM group.

From information you choose to make public, including social media.

From third parties (e.g., insurers, brokers, referees, law enforcement).

When you visit the SportShield website (www.sportshield.co.uk), which may automatically collect certain technical information such as device type, browser settings, IP address, and usage data.

Creation of Personal Data:

We may also create records, such as correspondence or policy administration details, to support our services.

Relevant Personal Data:

Categories may include:

Personal details (e.g., name, date of birth, nationality).

Contact details (e.g., phone numbers, email addresses, postal addresses).

Policy and claim-related information.

Financial details (e.g., payment information where relevant).

Technical information from website use.

Lawful basis for Processing Personal Data:

We may rely on:

Your consent.

Performance of a contract (e.g., insurance policies).

Legal obligations.

Protection of vital interests.

Legitimate interests (such as business operations, client service, and marketing).

Sensitive Personal Data:

We generally do not process sensitive data unless required or permitted by law, or with your explicit consent (for example, medical information necessary for certain sports insurance claims).

Purposes for Processing Personal Data include:

Arranging and managing sports insurance policies.

Processing claims or policy adjustments.

Conducting marketing activities (where permitted by law).

(C) Disclosure of Personal Data to third parties

We may disclose Personal Data to:

Insurers, underwriters, and claims handlers to provide or administer policies.

Other members of EXRM for legitimate business purposes.

Legal and regulatory authorities.

Professional advisers (lawyers, auditors, accountants).

Third-party service providers (e.g., IT, payment processing, marketing support).

Law enforcement agencies, courts, or regulators where required.

Acquirers in the event of a business transfer.

Where third-party Processors are used, they will be subject to contractual obligations to process your data securely and only on our instructions.

(D) International transfer of Personal Data

We may transfer your data internationally (e.g., to insurers or service providers outside the UK/EEA). When doing so, we ensure appropriate safeguards are in place in line with applicable law.

(E) Data Security

We apply appropriate technical and organisational security measures to protect your Personal Data against unauthorised access, loss, misuse, or disclosure.

(F) Data Accuracy

We take steps to ensure the Personal Data we hold is accurate and up to date. You may be asked to confirm details periodically.

(G) Data Minimisation

We only collect and retain Personal Data that is reasonably necessary for the purposes outlined in this Policy.

(H) Data Retention

We will keep your Personal Data for as long as necessary for the purposes described:

General enquiries: up to 6 months.

Marketing contact (with consent): until consent is withdrawn.

Client and policy data: up to 7 years after the end of the relationship, in line with legal and regulatory requirements.

(I) Your legal rights

You may have the following rights under applicable data protection law:

Access to your Personal Data.

Rectification of inaccurate data.

Erasure of your data (in certain circumstances).

Restriction or objection to Processing.

Data portability.

Withdrawal of consent (where applicable).

Lodging a complaint with the Information Commissioner’s Office (ICO).

(J) Cookies

Our website may use cookies to improve user experience, analyse traffic, and track preferences. For further details, see our Cookie Policy.

(K) Terms of Use

All use of our website is subject to this Privacy Policy and our Cookie Policy.

(L) Your obligations

If you provide us with Personal Data about others (e.g., additional insured parties), you must ensure you are lawfully entitled to do so.

(M) Contact details

If you have any questions, please contact:

SportShield (Exchequer Risk Management Ltd.)

Address: No.3 Siskin Drive, Coventry, CV3 4FJ

Tel: 0247 601 8147

Email: enquiries@sportshield.co.uk

(N) Definitions

Client: A customer of SportShield/EXRM.

Controller: The entity deciding how and why Personal Data is processed (SportShield/EXRM).

Personal Data: Any information identifying an individual.

Processor: A third party processing Personal Data on our behalf.

Sensitive Personal Data: Includes medical, health, or criminal data.

Processing: Any activity carried out on Personal Data (collection, use, storage, transfer, etc.).