Here's what you need to know about data protection for Flow insurance

Our data protection statement...

Important things you need to know

How we use your personal information

Find out more about how we collect, use and store your personal information. This includes any personal information given to us about other people named on the policy, quote or claim. You can read this information in a PDF or below. If you'd like a printed copy, please contact us.

How we use personal information

This document explains how Flow collect, use and store personal information relating to potential or actual policyholders, beneficiaries under a policy, their family members, claimants and other parties involved in a claim. When we refer to individuals, this includes any living person whose personal information we receive in connection with the services and products we provide.

We want you to be confident about how we use personal information. As a regulated company and data controller, we take the responsibilities for the security and management of personal information seriously. That’s why we invest in our systems and processes to make sure the way we collect, use, share, and store the information meets both the regulatory and our own high standards. When we talk about policy, this could include any products or services you have with Flow.

Who we are and how to contact us

Flow is a registered trademark of Liverpool Victoria General Insurance Group (LVGIG). The Liverpool  Victoria General Insurance Group includes Liverpool Victoria Insurance Company Limited (LVIC) and LVGIG is part of the Allianz Group. More information can be found at

Flow insurance is underwritten by Liverpool Victoria Insurance Company Limited. The data controller of any personal information given to us about you or other people named on the policy, quote or claim is Liverpool Victoria Insurance Company Limited. It is your responsibility to let any named person know about who we are and how this information will be processed including who underwrites your policy.

If you have any questions about how we process personal information, please get in touch with us  by  writing  to:  GI Customer Support, Liverpool Victoria General Insurance, County Gates, Bournemouth, BH1 2AT or email us at You can also contact our Data Protection Officer by writing to: Data Protection Officer, 57 Ladymead, Guildford, Surrey, GU1 1DB, or by emailing

Personal information rights

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
You have the right to:
  • access the personal information we hold about you, or anyone on the policy
  • correct personal information you think is inaccurate or to update information you think is incomplete
  • have personal information deleted in certain circumstances
  • restrict us processing personal information, under certain circumstances
  • receive personal information in a portable format – this only applies to information you have provided to us
  • object to us processing personal information, under certain circumstances

You can also ask us to have a team member review an automated decision.

If you want to find out more or to exercise these rights, please let  us know by writing to: GI Customer Support, Liverpool Victoria General Insurance, County Gates, Bournemouth, BH1 2AT or email us at 

How we collect, use and share personal information

We only collect information that we need, and have strict controls to keep it safe. We collect personal information to provide our products and services (e.g. handling claims) to you. Without the information we collect, we wouldn’t be able to give you a quote or an insurance policy and it may affect the outcome of any claims you make. Personal information we collect will be held in digital and / or paper files.

We collect personal information such as name, address, date of birth, occupation, criminal convictions, health, claims history, IP addresses and information about the technology you are using. We’ll also collect information which relates to the things you want to insure (for example your household contents or vehicles).

Where applicable, we’ll process special category data which can include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (where used for
identification purposes), data concerning health, data concerning a person’s sex life and data concerning a person’s sexual orientation.

Where applicable, we’ll collect data relating to criminal offences, including alleged offences, criminal proceedings, outcomes and sentences (previous criminal convictions, bankruptcies and other financial sanctions such as County Court Judgements)

We collect personal information, including contact details about everybody named on your policy, quote, incident or claim when you:

  • provide information for the purposes of attempting or getting a quote
  • apply for a policy and when we prepare your renewal quote
  • buy and/or use a product or service
  • ask us a question
  • make, inform us of, or we investigate a claim or incident, including anyone associated with that incident.
  • make a payment
  • update personal details
  • change cover
  • register a complaint
  • takepart in market research(e.g. customer satisfaction surveys)
  • update marketing preferences

When you make a claim, we may ask you to provide information about whether you’re vulnerable or experiencing medical symptoms that could affect how or when we attend to your property or vehicle. We do this so we can keep our customers and our suppliers safe.

The personal information we collect will be used by us and third parties who process information on our behalf. This includes reinsurers and organisations who administer your policy or service your claims. We never sell your data to anyone.

Legal grounds for processing personal information

By law, we must have a legal justification to process your personal information for the purposes described in this privacy notice.

We collect personal information to provide our quotes, products and services to you. We do this to enter into and / or perform  the insurance contract with you. This includes arranging, underwriting and managing our products and handling claims in accordance within the terms of the policy.

As a regulated financial services organisation, we’re required to comply with legal and regulatory obligations. This includes meeting responsibilities we have to our regulators, tax officials, law enforcement and any other legal responsibilities we have, such as the prevention, detection and reporting of fraud and other financial crime.

We will process personal information for our legitimate interests, when we have a business reason to do so. This includes but is not limited to:

  • developing, improving, and personalising our products, pricing and services
  • enhancing our customer service, experience, and relationship (e.g. customer and market research, business analysis, providing relevant product and service information)
  • providing a customer service that keeps our customers and suppliers safe by identifying when they may be vulnerable or experiencing medical symptoms that could affect us attending a vehicle or property
  • improving the relevance of our advertising and marketing campaigns and identifying advertisement audiences
  • displaying personalised online advertisements on third-party websites and social media platforms
  • helping to detect and prevent fraud and financial crime
  • developing and improving our administration, security systems and insurance applications
  • promoting responsible lending and helping to prevent over- indebtedness
  • sharing it with third parties in the event of organisational change (e.g. if we bought or merged with another organisation)
  • sharing personal information with other LV= companies and the Allianz Group

If we need consent to process personal information, we’ll ask for this first. This consent can be withdrawn at any time.

We will process special category personal data to protect the vital interests of the customer and which is relevant for emergency medical care when an individual is incapable of giving consent to the processing.

By law, we only collect and use special category personal data and / or criminal offence personal data where we have an additional specific legal justification to process such information. Where we process this type of information we do so for reasons of substantial public interest, including:

  • for insurance purposes of advising on, arranging, underwriting and administering an insurance contract, handling a claim under an insurance contract and complying with rights and obligations in connection with insurance contracts
  • for the prevention, detection and reporting of unlawful acts such as fraud and other financial crime
  • safeguarding the economic well-being of certain individuals where we identify additional support required by customers
  • keeping under review the equality of treatment of customers with additional support needs

It may also be necessary for us to process special category personal data and / or criminal offence personal data to establish, exercise or defend a legal claim including where we’re faced with legal proceedings, we bring legal proceedings ourselves or where we’re investigating legal proceedings a third party has brought against you.

Bank account and payment card details

We use a secure payment processor for all card payments. When a payment is processed, we share the details of the payer, such as the cardholder name and billing address, with the processor.

We also share with them contact details provided by you so your bank can authenticate the transaction and help protect you against fraud. In response, we receive a unique transaction code and an extract of your card number, which we store as a record of the transaction.

You can choose to renew your insurance automatically using these card details – just let us know when you buy your policy. You can change this at any time.

You can also choose to use these card details again, if you make any changes to the policy. 

Automated decision making and profiling

We use the personal information you provide us, information we already hold about you, information about you provided by third parties and information about the risk of insuring you to inform our business decisions (e.g. product design, pricing, customer journeys or marketing strategy).

We use profiling and automated decision making to help determine the prices, policy terms, relevant products/services, when you research or ask for a quote, buy insurance, make any changes, renew or make a claim.

When you ask for a quote, we’ll use an automated underwriting engine that takes account of the information you provide on your quote. We may also validate information you provide against other records we hold about you in our systems and third-party databases, including public databases.

We take account of all of the information available to us to help determine the likelihood of a claim being made, how much it might cost and we use that assessment to decide whether or not to offer insurance, the price of the policy and whether we can offer the option to pay monthly.

When you have a policy with us, we’ll use an automated underwriting engine so we can offer you a renewal quote. We may use your information to perform analytics and make sure we’re pricing our products appropriately.

If you need to make a claim under a policy, we use automated systems to help manage and settle the claim.  We take account of the information we hold about you, details of the policy and details of the claim.

We may also validate the claim against third-party databases, including public databases. We use the information to determine the cost of the claim and how to settle the claim such as repairing, replacing or providing cash settlement.

To help us prevent and detect crime, we evaluate and predict whether your conduct accessing our products or services suggests a risk of fraud. You may automatically be considered to pose a fraud or money laundering risk if our processing of your personal data:

  • reveals your behaviour to be consistent with that of known fraudsters or money launderers
  • is inconsistent with your previous submissions
  • reveals that you appear to have deliberately hidden your true identity

This activity is essential to allow us to decide whether there’s a risk of fraud, which may result in us refusing to offer you insurance or accepting your claim.

If you’ve chosen to receive marketing information from us, profiling and automated decision making will be used to make our marketing more relevant, e.g. personalising the channels used to market to you, the marketing messages you receive and the offers you’re sent.

Where we make an automated decision that has a legal or substantially similar effect, you may request a team member to review that decision. We’ll consider your comments and assess whether the decision was made correctly.

International transfers

In the event that we process personal information outside the UK, the processing in those locations is protected by UK and European data standards.

If the information you provide to us is transferred to countries outside the UK and the European Economic Area (EEA) by us or our suppliers, steps will be taken to make sure appropriate security measures are in place with the aim of ensuring your privacy rights continue to be protected.

Where your claim occurs abroad, we’ll also send data to the necessary service providers and agencies as required to service your claim.

The Industry Databases and Institutions we check and exchange information with

Financial crime & fraud prevention agencies

The personal information, about any customer or third party or representative, we have collected will be shared with crime and fraud prevention agencies, including their members, law enforcement and other relevant organisations. Flow and these organisations will use it to prevent financial crime and fraud and to verify your identity. If financial crime or fraud is detected, you could be refused certain services, finance or employment. Where we suspect financial crime or fraud, we may cancel any policies you may have with us, retain any premiums paid, be unable to pay any claim or offer you the requested product or service.

Regulatory bodies

Personal information will be used or disclosed as required to regulators, for example the Financial Conduct Authority (FCA), The Prudential Regulation Authority (PRA), Information Commissioner’s Office (ICO) and Financial Ombudsman Service (FOS), to monitor and enforce our compliance with any regulation.


Claims and Underwriting Exchange and other databases 

You must tell us about any claim or incident, even if it  wasn’t your fault. We’ll search databases such as the Claims and Underwriting Exchange (CUE), Motor Insurance Anti-Fraud and Theft Register, CIFAS, No Claims Discount (NCD) database and all DVLA databases when you apply for insurance, make a claim or renew your policy, to validate your no claim discount and claims history (or that of any other person or property likely to be involved in the insurance or claim).

We will share personal information such as claim or incident details including dates, costs, fault status, any impact to no claim discount (NCD) and if any personal injury has occurred. The table below details the ways we share personal information for the policyholder and/or other people named on the policy, quote or involved in any claim.

The person on the documents named as the Policyholder
  • Any credit agreements they enter into
  • Any fraud or financial crime detected
  • No Claim Discount (NCD) entitlement
  • Claims, incidents or accidents
NCD Holder
(for motor insurance only)
The person who has earned the NCD
  • No Claim Discount (NCD) entitlement
  • Claims, incidents or accidents against any vehicle(s) they’re the NCD Holder of
  • Any fraud or financial crime detected
Anyone named on the policy or any other third party.
  • Claims, incidents, for motor insurance, accidents where they’re in control of the vehicle or as a passenger
  • Any fraud or financial crime detected
  • Witness to an incident

Incidents or claims

When we’re notified of an incident or claim, we’ll share this with relevant agencies and appropriate service providers. We’ll keep this information updated as the claim progresses and is settled. This includes details of any persons involved in the incident or claim and details of the policyholders and/or the NCD holder attached to the policy.

We will also collect information, including CCTV, dashcam footage or images where relevant, from anyone, e.g. claimant, witnesses or police. We may also use data from your car/car manufacturer.

Credit reference agencies (CRA)

In order to process your application, renewal or claim, we’ll supply personal information about you or anyone on the policy to credit reference agencies (CRAs) and they will give us information, such as financial history. We do this to assess creditworthiness and affordability, check identity, make pricing and underwriting decisions, manage policies, trace and recover debts and prevent fraud and other financial crime.

We’ll also continue to exchange information with CRAs on an ongoing basis, including settled accounts and any debts not fully repaid on time. CRAs will share personal information with other organisations. This data will also be linked to the data of any joint applicants or other financial associates.

The identities of the CRAs and the ways in which they use and share personal information are explained in more detail at, and

Price comparison or other introductory services

If you request a quote on a price comparison website or other introductory service, the information you give them is passed to us. We’ll also pass personal information (e.g. policy details, and suspected or proven fraud and other financial crime information) back to them.

Public information

We may use public information (such as electoral roll, county court judgements, vehicle taxation status, MOT information, bankruptcy or repossessions).


We work with selected partners to display relevant online advertisements to you on third-party websites and social media platforms.

We’ll use personal information to identify appropriate audiences for our advertisements. The selected partners we work with to do this do not use your information for their own purposes and we make sure they delete it once we’ve identified advertisement audiences.

We will send you marketing information by email, post, phone and/or SMS about other Flow products, services and discounts if you’ve given us permission. The marketing information we’ll send includes information about products, services, discounts and business updates.

We use your home address, phone numbers and email address to contact you according to your marketing preferences.

If you don’t want to receive marketing, you can let us know any time by emailing

If you opt out of marketing, this won’t stop you from receiving important service related information that we need to tell you about relating to your policy or claim.

Competitions, prize draws and similar promotions

If you enter any of our competitions, prize draws and similar promotions, we’ll use your personal information to administer these activities. These activities have additional terms and conditions which will contain more information about how we use and share your personal information.

If you send us your personal information to enter a competition, prize draw or similar promotion, we’ll process your entry details to allow for winners to be contacted after the closing date. Please refer to the specific terms and conditions of the competition, prize draw or promotion that you are entering for further details.

If you enter via social media channels, your personal information is subject to the retention and deletion process of that channel, so please refer to them directly for information on how your data will be processed.

Social media and published information

We may use published information, including social media, for prevention and detection of fraud.

Specialist services we use

We use other companies to provide some services, e.g. banks and building societies, breakdown and recovery agents, claim adjusters, claim suppliers, legal service providers, communication services, debt recovery agencies, marketing agencies, reward voucher and incentive scheme administrators, fraud and other financial crime investigation services etc. They will be given the personal information they (or their sub-contractors) need to manage their service.

Market research agencies

We may share personal information with market research agencies who will conduct market research and business analysis on our behalf.

Reinsurers and reinsurance brokers

Reinsurers provide insurance policies to insurance companies. Insurance companies engage a reinsurance broker to advise and assist in arranging a reinsurance policy. We may need to share any personal information, including policy, claims, medical, and suspected fraud and other financial crime information, with our reinsurers and reinsurance brokers.

Other insurers

We share and collect your personal information with other insurers if you make a claim, to verify the information you’ve provided is correct and prevent financial crime and fraud. If you move to a new insurer, we may confirm certain details about your insurance to them


If you give us a driving licence number when requesting a motor insurance quote, to add a new driver or preparing a renewal quote, we will pass it to the DVLA MyLicence service to verify the status of the licence and entitlement. We’ll then get any relevant restriction information, endorsements and/or conviction data.
We may also liaise with the DVLA to establish the keeper of the vehicle, to support us in any claim or policy investigation.
We’ll retain any images you send us of your driving licence, for the purposes of processing your quotation and administering your policy.

Motor Insurance Database

We’ll add details about your insurance policy to the Motor Insurance Database (MID), which is managed by the Motor Insurers’ Bureau (MIB). The MID and the data stored on it may be used by the Police, the DVLA, the DVANI, the Insurance Fraud Bureau and other bodies permitted by law for purposes not limited to but including:

  • electronic licensing
  • continuous insurance enforcement
  • law enforcement (prevention, detection, apprehension and/ or prosecution of offenders)
  • the provisions of government services and/or other services aimed at reducing uninsured driving

If you’re involved in a road traffic accident (either in the UK or abroad), insurers and/or the MIB may search the MID to obtain relevant information. Other persons (including their appointed representatives) pursuing a claim in respect of a road traffic accident (including foreign citizens) may also obtain relevant information held on the MID.

It’s important that the MID holds your correct registration number. If it doesn’t, you risk the police seizing your vehicle. You can check that your registration number is shown on the MID at

Flood Re 

The Flood Re scheme helps individual’s get insurance in flood risk areas. If you are eligible, we will send your details to the scheme. Medical and other health services
If you make a claim and give us consent, we’ll get medical information from the relevant health provider, e.g. doctor or hospital. In an emergency we’ll manage claims as appropriate, until we’re able to get consent.


We collect and use information about claimants (including children under the age of 18) and witnesses, in order to process or pursue a claim.

Other insured parties

An insured party on your policy (e.g. a named driver) may notify us of an incident or claim against your policy.

Law enforcement and government agencies

Information may be shared between us and law enforcement agencies (e.g. the police) about an incident, which may result in a claim or may affect a policy or ongoing claim.

Giving someone permission to talk to us about your policy

We can only talk about the policy to you or someone we’re satisfied that you have authorised to talk to us, on your behalf, after we’ve carried out data security checks.


When you contact us, personal information you give us will be recorded and stored on our systems. All calls and web chats are recorded. This helps us improve our customer service, train our staff, respond to complaints and prevent fraud and other financial crime.

All communications will be in English. You can get this document from us in Braille, large print or in an audio format by contacting us.

Cookies and similar technologies

We use third-party advertising technology on our website, apps and emails, such as the use of cookies or small text files on our website or pixels within emails. We use cookies and similar technologies to provide online services, enhance your online experience, to help prevent fraud, enhance online security of your data, deliver content when you’re browsing elsewhere and help us understand how our website, apps and emails can be improved. We don’t store any contact details or banking information.

If you want to find out more about our use of cookies, please see our cookie policy on our website and apps.

Other information we use

We use the following to provide a quote and to administer any policy or claim.

  • geographical (e.g. flood scores, information about a location)
  • demographics (e.g. modelled data on household incomes, credit reference agency scores)
  • information about what you want to insure or make a claim for (e.g. vehicle repair history, vehicle finance data, property information, building council tax band)
  • payment validation (e.g. the registered address of the card)
  • claims compensation and recovery databases (e.g. reimbursement of nhs costs resulting from an accident)
  • geo location data (e.g. information that can be used to find an electronic device’s location)
  • device recognition (e.g. the device you have been using to access flow)
  • ANPR (automated number plate recognition) (e.g. to identify the movements or whereabouts of a vehicle)

How long we keep personal information

If you provide information for the purposes of obtaining a quote from us, we’ll keep your details for up to three years to make sure we meet our statutory and regulatory obligations (e.g. as laid down by FCA and other regulatory bodies), and to allow us to manage complaints and prevent fraud or financial crime. This includes quotes that are abandoned, incomplete or unfinished.

If you buy a policy from us, we’ll keep all personal information for seven years after the policy ends to make sure we meet our statutory and regulatory obligations (e.g. as laid down by FCA, Money Laundering regulations, the HMRC, MIB and other regulatory bodies), and to allow us to manage complaints, claims and prevent fraud or financial crime.

From seven years and up to 40 years after the policy ended, we will keep the personal information we need for analysis purposes (e.g. risk and business modelling such as for pricing) and so that we can identify who and what was covered by the policy. Beyond 40 years, we will keep information we need for longer term analysis (e.g. weather event modelling).

In exceptional cases, we may need to keep claim information for longer than 40 years (e.g. where serious injury has occurred and there’s potential need to provide life-long care to an injured person or when requested by a court of law).

If you contact us by telephone, we’ll keep a copy of the call recording for up to three years to allow us to manage policies, claims, complaints, for training and monitoring purposes and to prevent and detect fraud or financial crime.

In some cases where there is a valid reason to retain the data, it will be necessary for us to hold your information past the specified retention periods listed. For example, where there is a legislative or relevant regulatory requirement or for the purposes of any court proceedings or if there are reasonable grounds to believe the data needs to be retained for legal proceedings or the party, to whom the data relates, provides their consent.


Right to make a complaint

If you have any questions or concerns about the way we process personal data please contact us at

If you’re not satisfied with the outcome of your query, you can contact the Information Commissioner’s Office on 0303 123 1113 or visit


This Privacy Notice was last updated in August 2021. We may change this information from time to time. Any changes will be made available on our website.