This Privacy Policy is supplemental to our Website Terms, and which, by continuing to access the Website, you are deemed to accept and agree to be bound by.

Also provided is our Privacy Note.

This Website is provided by Jo Pavey Insurance Services

Jo Pavey Insurance Services is a trading name of Lloyd & Whyte Community Broking Ltd


Who are we?

We are Lloyd & Whyte Group Ltd, the umbrella under which our group of Financial Services business sits.  These businesses offer Insurance Products and Financial Planning advice to new and existing clients.

Lloyd & Whyte Group Ltd (‘we’ or ‘us’ or ‘our’) gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection regulation and laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.


The Lloyd & Whyte Group consists of the following companies:

  • Lloyd & Whyte Ltd – registered in England and Wales under company number 03686765
  • Business Choice Direct Insurance Services Ltd – registered in England and Wales under company number 10301653
  • Lloyd & Whyte (Financial Services) Ltd – registered in England and Wales under company number 02092560
  • Insurance Broking Finance Ltd – registered in England and Wales under company number 04981657
  • Medical Insurance Advisory Bureau Ltd – registered in England and Wales under company number 7217140
  • Stride Ltd – registered in England and Wales under company number 01122247
  • Direct Corporate Risks Ltd – registered in England and Wales under company number 12939587, an Appointed Representative of Business Choice Direct Insurance Services Ltd
  • Lloyd & Whyte Community Broking Ltd – registered in England and Wales under company number 04640518
  • Mi Commercial Risks Ltd – registered in England and Wales under company number 07313009, an Appointed Representative of Stride Ltd
  • Northcott Beaton Ltd – registered in England and Wales under company number 04773132


The registered office for all companies is Affinity House, Bindon Road, Taunton, Somerset TA2 6AA.


All companies are registered on the Information Commissioner’s Office Register with the following registration numbers:


Lloyd & Whyte Group Ltd                                               Z5716262

Lloyd & Whyte Ltd                                                            Z695206X

Lloyd & Whyte (Financial Services) Ltd                      Z5622700

Insurance Broking Finance Ltd                                     Z8336868

Medical Insurance Advisory Bureau Ltd                    Z7477686

Business Choice Direct Insurance Services Ltd        ZA215990

Stride Ltd                                                                             Z6183066

Direct Corporate Risks Ltd                                              ZA807306

Lloyd & Whyte Community Broking Ltd                     Z750829X

Mi Commercial Risk Ltd                                                   Z2382702

Northcott Beaton Ltd                                                       Z4846209

Privilege Plan Ltd                                                               Z1041348            


All companies act as the data controller and / or data processor when processing your data. Our Data Protection Appointed Person is Steve Astley, who can be contacted at Affinity House, Bindon Road, Taunton, Somerset, TA2 6AA, 01823 250 700



How do we collect information from you?


  • Directly from you, either over the telephone, by email, via Online meeting, Webchat or face to face
  • By you completing forms (paper versions or via our website or social media platforms)
  • We may, on occasions, obtain your information from a family member where we have been unable to meet you or speak to you directly, for instance when a joint policy is required, or you are seeking joint financial advice.


What type of information is collected from you?


We process your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.  N.B. Not all personal data listed below is obtained for each client.


The personal data that we collect includes but is not limited to:

  • Information about you:
  • Your name, date of birth, personal and business contact details
  • National Insurance, Passport and Driving License numbers and length of time held
  • Country of Birth, Nationality and UK Residency Status
  • Occupation and membership of professional bodies
  • Bank Account Details
  • Details relating to bankruptcy or County Court Judgements
  • IP Address
  • Where you apply for a mortgage we may need to gather information such as; payslips incl Online accounts, bank statements , property information.
  • Estate Planning Service – information relating to executors, guardians and trustees (name, address, DOB, their relationship to the testator, identification)
  • Information connected to products or services you have purchased through us or from other companies where you have completed a letter of authority, allowing us to obtain this information
  • Information about your contact with us:
  • Records completed at meetings
  • Telephone calls that may be recorded for training and monitoring purposes
  • Correspondence (electronic and paper) between us and you
  • Cookies that are automatically collected when you visit our website
  • Testimonials – we collect and display personal testimonials of satisfied customers and users of our Services in addition to other endorsements. With your consent, we may post your testimonial along with your name, on the Services.  If you wish to update or delete your testimonial, you can contact us at [email protected]
  • When visiting our offices:
    • Visual images may be captured via closed circuit television (CCTV) if you visit our offices; and
    • You will be asked to wear a personalised badge which will be destroyed when you leave the premises.
  • Information on children e.g., where a child is named as a beneficiary on a policy taken out by a parent or guardian on their behalf or as a beneficiary in a Will. In these cases, we will collect and use only the information required to identify the child (this could include but is not limited to their name, date of birth, gender and health information)
  • Sensitive personal information:
  • Health
  • Marital or civil partnership status
  • Trades union membership.
  • This may include information about other people e.g., health and medical information on close blood relatives (siblings, parents, grandparents)
  • Criminal records and motor convictions (including police cautions)
  • We only collect and use sensitive personal information where we need it to provide the product or service you have requested or to comply with our legal obligations.



How is your information used?


Occasionally, the basis we use as consent for processing your data is legitimate interests. This is because by your interactions with our website and company, we believe you may be interested in our services and also the content we will be sending to you will be helpful for your business.  Where this is the case, we have carried out a thorough Legitimate Interests’ Assessment (LIA) to ensure that we have weighed your interests and any risk posed to you against our own interests; ensuring that they are proportionate and appropriate.

We take your privacy very seriously and will never disclose, share or sell your data without your consent, unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time.

We may use your information to:

  • Carry out our obligations from any contracts entered into by you and us e.g. in order to provide a service and to ensure that policies or investments or pensions are correctly established and details can be sent out to your preferred address
  • Comply with our legal obligation for business accounting, tax purposes and to comply with Financial Conduct Authority regulations
  • Comply with our legal obligation to undertake checks to verify an individual’s identity, and to prevent financial crimes such as money laundering and fraud.
  • Send you marketing information where we have assessed that it is beneficial to you as a customer and in our Such information will be non-intrusive and is processed on the grounds of legitimate interests.
  • Perform statistical analysis, although wherever possible this data will be made anonymous prior to processing.
  • Send you our monthly newsletter if the content is going to be relevant to you. Each email will include a simple unsubscribe link for you to opt out if you wish
  • Seek your views or comments on the services and products we provide
  • Send you communications which you have requested and that may be of interest to you. We review our retention periods for personal information on a regular basis.  We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as it is set out in any relevant contract you hold with us.  If you unsubscribe from our newsletter we may retain your data on a suppression list to ensure you do not receive future email communications.


Who has access to your information?


We will not sell or rent your information to third parties.

We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. We use third parties to provide the below services and business functions; however, all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.

Companies within the Lloyd & Whyte Group

For operational reasons where we believe we have a legitimate interest to do so or where we have a legal obligation or in order to perform a contract, we may share your information between the various companies as detailed above within the Lloyd & Whyte Group.

Background Checks

To comply with UK legislation and in order to detect and prevent financial crime, we may share your data with law enforcement, credit and identity check agencies.  We are also legally required to check clients against the Financial Sanctions register, these searches will be held indefinitely in the event of an audit. We may also require credit checks where clients are opting to pay premiums by monthly instalments.

Product Providers

In order to establish the policies or investments you require it is necessary to share your data with the relevant product providers.   This data may be retained by the provider even though the policy or investment never went into force.  We will provide details of these providers, including how to access their own privacy policies, at the time of the recommendation.

Premium Finance Providers

Where you select to pay your premiums by monthly direct debit, your information will be shared with the relevant Premium Finance company in order for them to establish to the credit agreement and service your payment plan accordingly.

Professional Bodies

Where you are a member of a recognised professional body, e.g. BVA, BMA, we may share details with that body, including date of initial engagement, type of product undertaken, policy renewal and cancellation dates, as well as reason for cancellation. This data will only be used to understand usage trends and level of engagement and will NOT be used for any personalisation or direct marketing.


Regulatory and Statutory Bodies

We are on occasion required to share data with our regulator, the Financial Conduct Authority, the Information Commissioner’s Office and HMRC.

Service Support Companies

In certain circumstances, we work with external companies in order to support the products and services we are able to offer you, and in order to train and develop our people.  This can include companies dealing in product research, consultancy, technology, internet service providers, web hosting companies, external auditors, and print and graphic design companies.

We are proud to work in association with a local educational college, Richard Huish College, and regularly employ apprentices.  As part of the scheme, apprentices are assessed in our office by college staff, who may in these circumstances have sight of your personal data.  We have an additional confidentiality agreement in place with the college, and no identifiable personal data is included within assignments.



Your Data Protection Rights

You have the right to access any personal information that we process about you and to request information about:

  • What personal data we hold about you
  • The purposes of the processing
  • The categories of personal data concerned
  • The recipients to whom the personal data has/will be disclosed
  • How long we intend to store your personal data for
  • If we did not collect the data directly from you, information about the source


If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.

In certain circumstances, you may also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you, have the right to data portability of your information and the right to be informed about any automated decision-making we may use.

We may use automated decision-making when setting the premium level if you purchase a policy or obtain a policy quotation directly from our website, or when providing quotations for personal life or income protection insurances.

If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.




Security Precautions


We take your privacy seriously and take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place.  All information provided to us is stored on secure servers, with access restricted to relevant people only.

Emails are sent using Transport Layer Security (TLS), although this is dependent upon the receiving email server using the same system.

Any payment transactions will be encrypted using SSL technology and will be passed directly to our PCI-DSS compliant payment service provider and never stored on our system. We use anti-virus and anti-malware software to protect our systems, as well as a robust firewall.

Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure.  As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.



We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use your personal information to detect and reduce fraud and credit risk.


Use of ‘cookies’


Like many other websites, we use cookies. ‘Cookies’ are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. For example, we use cookies to store your country preference. This helps us to improve our website and deliver a better more personalised service.

It is possible to switch off cookies by setting your browser preferences.


Links to other websites


Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.


16 or Under


We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.


Transfers your information outside of Europe


Personal data in the European Union is protected by the General Data Protection Regulation (GDPR) but some other countries may not necessarily have the same high standard of protection for your personal data. We do not directly transfer or store any personal data outside the EU or EEA. The Data Protection Act 2018 (DPA 2018) continues to apply. The provisions of the EU GDPR were incorporated directly into UK law at the end of the transition period. The UK GDPR sits alongside the DPA 2018 with some technical amendments so that it works in a UK-only context.


Consequences of Not Providing Your Data


You are not obligated to provide your personal information to us, however, as this information is required for us to provide you with our services and within our legitimate interests, we will not be able to offer some/all our services without it.


How Long We Keep Your Data


We only ever retain personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed.   We are required by the Financial Conduct Authority (FCA) to retain client policy information for specified periods, depending upon the type of business written for Defined Benefits Pension Transfers, this is indefinitely.

Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.


Special Categories Data


Owing to the products and services that we offer, Lloyd & Whyte sometimes needs to process sensitive personal information (known as special category data) about you, as well as details of any criminal convictions, in order to provide a policy contract or ongoing service agreement. Where we collect such information, we will only request and process the minimum necessary for the specified purpose and identify a compliant legal basis for doing so.

These bases will either be where the processing is necessary for reasons of substantial public interest as outlined in Article 9 (2) (g) of the GDPR and Parts 2 and 3 of Schedule 1 of the Data Protection Act 2018; or where it is necessary for statistical purposes as outlined in Article 9 (2) (j) of the GDPR.

Where we rely on your consent for processing special category data, we will obtain your explicit consent through either a recorded telephone conversation or by asking you to sign our Client Declaration.

You can modify or withdraw consent at any time, which we will act on immediately, unless there is a legitimate or legal reason for not doing so, for example where you have already entered into a policy contract.


How to complain


We only process your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority.


Lloyd & Whyte

 Steve Astley

Affinity House, Bindon Road, Taunton, Somerset, TA2 6AA

01823 250 700

[email protected]


Information Commissioner’s Office

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

0303 123 1113

[email protected]



Review of this Policy


We keep this Policy under regular review.  This Policy was updated in April 2021