Vault MGA Ltd (“we”, “our” or “us”) are committed to protecting your personal data and complying with data protection laws. Please read this privacy policy carefully. It provides information about how we use personal data and the rights available to you under data protection laws. Vault MGA Ltd (“we”, “our” or “us”) are committed to protecting your personal data and complying with data protection laws. Please read this privacy policy carefully. It provides information about how we use personal data and the rights available to you under data protection laws.

1. Information we may collect about you
   We may collect and process the following personal data about you:
   · Information provided to us through enquiry, application or claims forms, including:
   o information such as your name, address or contact details;
   o sensitive information (e.g. details of any criminal or fraudulent behaviour or medical information) obtained either through you or third parties;
   · we may maintain records of any correspondence with you including phone records;
   
2. Why we collect personal data
   We are required by data protection laws to have a legitimate reason to process and use your personal data. The main purpose for processing your personal data is for the provision and performance of an insurance contract.
   We may also gather personal data for the following purposes:
   · in order to prevent, identify and investigate fraud or any activity that is in the public interest;
   · to defend ourselves against or make any legal claims;
   · where we have lawful purpose for processing your data e.g. for maintaining our accounts and records, gathering market intelligence in order to develop and improve our products and services. We will ensure that the processing of your personal data does not affect your rights under applicable data protection laws;
   · to comply with a legal or regulatory obligation e.g. where we are required to maintain records of any transactions with you, or for compliance with international legal and regulatory authorities.
   
3. Sharing and safeguarding your personal data
   All personal data supplied to us is stored on secure servers and only accessed and used in line with our data protection policies and procedures. Your personal data will only be accessed by our employees or authorised third parties who require the information for their business purposes.
   
   Our group companies. We may share your personal data with our group companies, based in the UK, but only for the purposes laid out in this privacy policy and we will ensure the security of your personal data.
   
   3.1. Authorised third parties
   We may also be required to allow authorised third parties, including service providers and suppliers, access to your personal data, for the purposes stated in section 2 of this notice. Any data sharing with third parties will be in compliance with applicable data protection laws.
   
   3.2. Governmental, legal and regulatory authorities
   It may be necessary for us to share your personal data with financial and regulatory organisations (e.g. the Financial Ombudsman Service, the Financial Conduct Authority, the Information Commissioner’s Office) or law enforcement agencies (including courts) in order to assist them with enquiries, investigations or proceedings and ensure our compliance with our regulatory and legal requirements. As a financial services Company, we are required to have certain processes in place with regards to anti-bribery and corruption, money laundering and fraud. If any criminal offence is detected or suspected, we may share data with third parties (e.g. law enforcement agencies, fraud prevention agencies, anti-money laundering agencies) in order to prevent crime or aid investigations if crime is identified. We may also access this data as part of our ‘Know Your Client’ procedures to establish the parties we are dealing with and when assessing a claim payment in order to prevent criminal offence.
   
4. Your Rights
   Our policy complies with the EU General Data Protection Regulation. The law requires us to tell you about your rights and our obligations with regards to the processing and control of your personal data, however not all of the following may be applicable in our business dealings:
   
   There are some circumstances where we may be required to restrict your rights in order to safeguard the public or our own interests.
   
   For further information regarding your rights, please visit the Information Commissioner’s Office’s website
   If you have any questions regarding privacy or how we use personal data, you may contact us:
   
   Email:
   contact@vaultmga.com
   
   Postal Address:
   70 St Mary Axe
   London
   EC3A 8BE

5. Other websites
   Our website contains links to other websites. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies.
   
6. Changes to our privacy policy
   We keep our privacy policy under regular review and we will place any updates on this web page. This privacy policy was last updated 19 November 2025.

7. Your right to complain
   Should you have any concerns regarding how we process your personal data, then you have the right to report your concern to the Information Commissioner’s Office. For more information, please visit their website.