Privacy Policy


The General Data Protection Regulation (GDPR) came into force on 25 May 2018 and seeks to protect and enhance the rights of data subjects.  Annurca Risk Ltd (ARL) is compliant with GDPR and is committed to protecting and keeping confidential all the information you provide to us.

This privacy notice sets out how ARL collects and uses any information that you give to us.  It confirms who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and how to contact us and supervisory authorities in the event you have a complaint.


ARL is a limited company incorporated on 18 May 2016, registered at Companies House with Company Number 10185520 and with a registered office at  Dukeries Business Centre, 31-33 Retford Road, Worksop, Notts S80 2PU.


The main reason we will use personal information is to enable us to provide a service in accordance with instructions that we receive from ARL clients.  We will also use your personal information where it is necessary for our legitimate interests or where we need to comply with a legal or regulatory obligation.  The information will be held in hard copy and/electronic format.

When we process personal data on our clients’ behalf, we are acting as a processor.

We use a private and secure electronic system to assist us in processing and protecting your information and keeping it secure from risks of cyber crime and fraud.  All external service providers that we use are subject to confidentiality agreements with ARL.  We confirm that all personal information provided to us is kept in the UK and we will not transfer personal data to another country outside the UK unless we are specifically instructed to do so.


Typically the personal information that we come into possession of arrives to us in one of two ways:-

  1. Information provided to us by our clients that we are asked to process; or
  2. Information that we collect that our clients instruct us to collect.


We share personal information with the client that requested it, third parties we may need to contact to collect or validate personal information, and service providers we use to provide services and look after our infrastructure.

External bodies or regulators may sometimes have the need to audit our client files.   This is strictly on a confidential basis by way of an audit in order to ensure that we are meeting our regulatory, legal, quality and financial management standards.   We may also need to share information with our professional indemnity insurers and insurance brokers.

We do not sell or disclose your personal information to governments, marketing or advertising services, other clients, or anyone else except as outlined in this statement or required by law.


Under the GDPR subjects have certain rights in respect of the processing of personal information, which may vary dependant on the legal basis for collection of that personal information and how that information is used.  Further information about these rights can be found on the Information Commissioners website

If you would like to exercise any of these rights please contact our Operations Director Gareth Kite by email at or by post at Dukeries Business Centre, 31-33 Retford Road, Worksop, Notts, England, S80 2PU.


We will hold your personal data for an appropriate period of time, depending on the nature of the matter to which it relates and the contractual relationship that we have with clients.  After that period of time any records held in any form will be destroyed confidentially without further reference to you.  To determine the appropriate retention period, we consider the nature and sensitivity of the personal information and the transaction concerned, and (when processing data) any periods of time identified in any contracts in place with the controller of the data.


We have put in place measures to protect the security of your personal information from being accidentally lost, used or accessed in an unauthorised way.  Those processing your information will do so only in an authorised manner and as subject to a duty of confidentiality.

We have procedures in place to deal with any suspected data security breach.  We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

We will use our best efforts to ensure that no unauthorised parties have access to any of your personal information.


Our website uses cookies to better the user’s experience while visiting the website.  Cookies are small files saved to the computer’s hard drive that track, save and store information about the user’s interactions and usage of the website.  This allows the website, through its server, to provide the users with a tailored experience within the website.

We use traffic log cookies to identify which pages are being used, which helps us analyse data about webpage traffic and improve the website in order to tailor it to customer’s needs.  We only use this information for statistical analysis purposes and then the data is removed from the system.  The cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.  You can choose to accept or decline cookies.  Users are advised that if they wish to deny the use of saving of cookies from this website onto their computer’s hard drive, they should take necessary steps within their web browser’s security settings to block all cookies from this website and its external serving vendors or use the cookie control system if available upon their first visit.

This Website uses analytics services provided by Google Analytics. Website analytics refers to a set of tools used to collect and analyse usage statistics, enabling us to better understand how Users use the Website.  This, in turn, enables us to improve the Website and the products and/or services offered through it.  You do not have to allow us to use these Cookies, as detailed below, however whilst our use of them does not pose any risk to your privacy or your safe use of the Website it does enable us to continually improve our business.

The analytics services used by this Website use Cookies to gather the required information. Certain of these Cookies may be placed immediately when you decide to visit the Website and it may not be possible to obtain your prior consent.  You may remove these Cookies and prevent future use of them by following the steps set out below.

The analytics services used by this Website use the following Cookies:

Google Analytics uses the _ga cookie. This stores one valuable piece of information: your Client ID. For a full breakdown of cookies collected by Google Analytics please follow this link:


Our website may contain links to enable you to visit other websites.  We only look to include safe and relevant external links, but warn users that you are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website.  We cannot guarantee or verify the content of any externally linked website, despite our best efforts.  Users should therefore note that they click on external links at their own risk and we cannot be held liable for any damages or implication caused by visiting any external links mentioned.  Users should note that we do not have any control over such other websites and therefore we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and this privacy notice does not govern such sites.


If you have any questions about this privacy notice or how to make a complaint about how your personal information is being processed by ARL, you have a right to complain to ARL’s Operations Director Gareth Kite via email to gareth, or by post to Annurca Risk Ltd, Dukeries Business Centre, 31-33 Retford Road, Worksop, Notts, England, S80 2PU.

The GDPR also gives you rights to lodge a complaint with a supervisory authority.  The supervisory authority in the UK is the Information Commissioner who may be contacted at


This privacy notice was published in May 2018.  We may change this privacy notice from time to time.