Privacy and Cookie Notice
Insurgo Media Services Limited
Last updated: 13 May 2026
Introduction
Insurgo Media Services Limited (“Insurgo”, “we”, “us”, or “our”) is committed to protecting and respecting your privacy and ensuring your personal data is handled securely, lawfully, and transparently.
This Privacy and Cookie Notice explains how we collect, use, store, disclose, and protect personal data when you:
- visit our website at www.insurgo.co.uk;
- contact us or submit an enquiry;
- engage with our services;
- subscribe to communications or marketing;
- interact with us in the course of business; or
- otherwise provide personal data to us.
This notice applies to website visitors, clients, prospective clients, suppliers, business contacts, and other individuals whose personal data we process.
This Privacy and Cookie Notice is intended to comply with:
- UK General Data Protection Regulation (“UK GDPR”);
- Data Protection Act 2018; and
- Privacy and Electronic Communications Regulations (“PECR”).
Who We Are
Insurgo Media Services Limited is a company registered in England and Wales under company number 07044710. Our registered office is:
Unit 12 Roseheyworth Business Park
Abertillery
Gwent
NP13 1SP
United Kingdom
Contact Details
Email: compliance@insurgo.co.uk
Telephone: +44 (0)1495 372000
Website: www.insurgo.co.uk
For the purposes of UK data protection law, Insurgo Media Services Limited acts as the Data Controller in relation to personal data collected through our website, business operations, and marketing activities.
In certain circumstances, we may also process personal data on behalf of clients as a Data Processor where required to deliver contracted services.
ICO Registration
Insurgo Media Services Limited is registered with the UK Information Commissioner’s Office (“ICO”) under registration reference ZA149164.
Data Protection and Security
We maintain appropriate organisational, technical, and administrative measures designed to protect personal data and support compliance with applicable data protection laws and recognised information security good practices.
These measures include:
- controlled access to systems and data;
- user authentication and access controls;
- staff confidentiality obligations;
- cybersecurity and endpoint protection measures;
- supplier due diligence;
- data minimisation practices;
- secure backup and recovery processes;
- retention and deletion management;
- monitoring and logging controls; and
- incident response procedures.
Privacy and security considerations are incorporated throughout the lifecycle of our systems, services, and business operations.
Categories of Personal Data We Collect
Depending on how you interact with us, we may collect and process the following categories of personal data.
Identity and Contact Data
Includes names, business names, job titles, postal addresses, email addresses, telephone numbers, and other contact details.
Client and Transaction Data
Includes service enquiries, project information, billing information, payment details, and records relating to services we provide.
Technical Data
Includes IP addresses, browser type and version, operating system, device identifiers, website usage information, login information, and technical diagnostics.
Usage Data
Includes information about how you use our website, pages viewed, links clicked, time spent on pages, downloads, and interactions with content or services.
Marketing and Communications Data
Includes marketing preferences, communication preferences, event registrations, subscription data, and records of correspondence with us.
Recruitment Data
Where you apply for a role with us, we may collect CVs, employment history, qualifications, and recruitment-related information.
We only collect personal data necessary for legitimate business purposes, legal obligations, or the delivery of our services.
We do not knowingly collect personal data from children under the age of 13.
We do not intentionally collect special category personal data unless required for a specific lawful purpose and voluntarily provided.
How We Collect Personal Data
We collect personal data:
- directly from you when you contact us, engage our services, complete forms, request information, or subscribe to communications;
- automatically through your use of our website and systems, including through cookies, analytics, and technical logging technologies; and
- from third parties including business partners, publicly available sources, professional advisers, and service providers.
Our servers may automatically record technical information such as IP address, browser type, referring pages, and access times for security, diagnostics, and analytics purposes.
How We Use Personal Data and Our Lawful Basis
Under UK GDPR, we rely on the following lawful bases:
- performance of a contract;
- compliance with legal obligations;
- legitimate interests; and
- consent.
We use personal data for the following purposes:
| Processing Activity | Lawful Basis |
| Responding to enquiries | Legitimate interests |
| Providing and supporting services | Performance of a contract |
| Managing client and business relationships | Legitimate interests / Contract |
| Processing payments and transactions | Contract / Legal obligation |
| Maintaining website and system security | Legitimate interests |
| Improving our services and user experience | Legitimate interests |
| Sending marketing communications | Consent / Legitimate interests |
| Analytics and website performance monitoring | Consent where required / Legitimate interests |
| Recruitment and hiring processes | Legitimate interests / Contract |
| Complying with legal and regulatory obligations | Legal obligation |
Where we rely on consent, you may withdraw that consent at any time.
Our legitimate interests include operating and improving our business, maintaining the security of our systems, communicating with clients and prospective clients, marketing relevant services, and delivering services effectively.
Marketing Communications
We may send you marketing communications relating to our services, industry insights, updates, events, and relevant business information.
We will only do so where:
- you have given consent;
- you are an existing client or business contact and we are permitted to market similar services under PECR; or
- we are otherwise permitted by applicable law.
You may opt out of marketing communications at any time by:
- clicking the unsubscribe link in our communications; or
- contacting us at compliance@insurgo.co.uk.
We maintain suppression and unsubscribe records to ensure ongoing compliance with applicable laws.
Cookies and Website Technologies
Our website uses cookies and similar technologies to:
- enable website functionality;
- improve website performance;
- analyse website usage;
- maintain security; and
- enhance user experience.
Cookies may collect information relating to browsing behaviour, device identifiers, usage patterns, and preferences.
We categorise cookies as follows:
Strictly Necessary Cookies
Required for the website to function properly. These do not require consent.
Analytics and Performance Cookies
Help us understand how visitors use the website and improve performance. These are only used where consent is provided.
Functionality Cookies
Remember preferences and settings to improve your experience. These are only used where consent is provided.
Advertising and Marketing Cookies
Used to measure advertising effectiveness and deliver relevant content or advertisements. These are only activated after consent is provided.
You can manage your cookie preferences through our cookie banner, cookie preference tools, or your browser settings.
Disabling certain cookies may affect website functionality.
For more information about cookies, visit:
https://www.allaboutcookies.org
Analytics and Tracking
We may use analytics and reporting tools to understand website usage, improve performance, measure engagement, and optimise services and marketing activity.
Analytics information is aggregated, anonymised, or pseudonymised wherever reasonably possible.
We may use platforms including:
- Google Analytics;
- Google Tag Manager;
- LinkedIn Insight Tag;
- Meta/Facebook Pixel; and
- similar analytics or advertising technologies.
Sharing Personal Data
We do not sell personal data.
We may share personal data with trusted third parties where necessary to operate our business or deliver services, including:
- IT and managed service providers;
- hosting and cloud infrastructure providers;
- CRM and communications platforms;
- marketing and analytics providers;
- payment processors;
- professional advisers, accountants, auditors, and insurers;
- legal and regulatory authorities; and
- law enforcement agencies where required by law.
Where third parties process personal data on our behalf, they are contractually required to process data only on our instructions, maintain appropriate security measures, and comply with applicable data protection laws.
International Data Transfers
Some third-party providers may process personal data outside the United Kingdom.
Where international transfers occur, we implement appropriate safeguards including:
- UK International Data Transfer Agreements (“IDTAs”);
- UK Addendums to Standard Contractual Clauses (“SCCs”);
- adequacy regulations; and
- supplier due diligence assessments.
We assess international transfers to ensure an appropriate level of protection is maintained for personal data.
Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, including legal, regulatory, contractual, accounting, and legitimate business requirements.
Typical retention periods include:
| Data Type | Typical Retention Period |
| Customer and supplier records | 6–7 years |
| Financial and accounting records | 6–7 years |
| Marketing data | Until unsubscribe or inactivity review |
| Website analytics | Up to 26 months |
| Security logs | Up to 12 months |
| Recruitment records | Up to 12 months unless retained longer with consent |
Where appropriate, personal data may be anonymised, pseudonymised, or securely deleted once retention periods expire.
Data Security
We implement appropriate technical and organisational security measures to protect personal data against unauthorised access, alteration, disclosure, loss, or destruction.
Measures may include:
- access controls and authentication;
- encryption where appropriate;
- anti-malware and endpoint protection;
- monitoring and vulnerability management;
- secure backup and recovery controls;
- staff training and awareness;
- supplier risk management; and
- incident response procedures.
Access to personal data is restricted to individuals who require access for legitimate business purposes.
Personal Data Breaches
We maintain incident response procedures designed to detect, investigate, and respond to personal data breaches promptly.
Where a breach is likely to result in a risk to individuals’ rights and freedoms, we will notify the ICO in accordance with UK GDPR requirements.
Where required, affected individuals will also be notified without undue delay.
Automated Decision-Making and Profiling
We do not carry out solely automated decision-making or profiling that produces legal or similarly significant effects on individuals.
Third-Party Links and Embedded Content
Our website may contain links to third-party websites, embedded content, or integrations with third-party platforms such as social media services, video platforms, or analytics providers.
These third parties may collect data about you in accordance with their own privacy policies.
We are not responsible for the privacy practices or content of third-party websites or services.
Your Rights
Under UK GDPR, you have the right to:
- be informed about how your personal data is used;
- access your personal data;
- request correction of inaccurate data;
- request deletion of personal data in certain circumstances;
- restrict processing in certain circumstances;
- request portability of certain personal data;
- object to processing, including direct marketing; and
- withdraw consent where processing is based on consent.
You may exercise your rights by contacting us at:
Email: compliance@insurgo.co.uk
We will normally respond within one month.
We may request proof of identity before processing certain requests.
Complaints
If you have concerns about how we process personal data, please contact us first so we can attempt to resolve the issue.
Email: compliance@insurgo.co.uk
Telephone: +44 (0)1495 372000
You also have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”).
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk
Changes to This Privacy and Cookie Notice
We may update this Privacy and Cookie Notice periodically to reflect changes in law, regulatory guidance, operational practices, technology, or security measures.
The latest version will always be available on our website together with the updated revision date.
Where changes are material, we will take reasonable steps to bring them to your attention.
