Privacy Notice

This Privacy Notice is issued on behalf of the Mosaic Insurance group of companies. When there is mention of “Mosaic,” “we,” “us” or “our” in this notice, we are referring to the relevant company in the Mosaic group responsible for processing the information.

Mosaic believes strongly in protecting the confidentiality and privacy of information that you provide to us that relates to an identifiable individual (“personal information” or “personal data”) and that we collect, use, share, disclose and retain. This notice is intended to inform you about your choices regarding the use, access, and correction of your personal information. We are committed to ensuring any personal data we receive is protected and handled in accordance with applicable data-protection laws.

Insurance involves the use and disclosure of your personal data by various insurance market participants such as intermediaries, brokers, insurers, and reinsurers. There could be instances, such as when you request information, when we may obtain personal identifiable information from you or about you. Such personal data may include your name, mailing address, email, telephone number, or business contact, etc. This information will not be collected without your knowledge.

Please read the following carefully to understand how we will treat your personal information.

Collecting your data

We collect and use relevant information to provide insurance coverage that benefits you and to meet our legal obligations. We may collect a range of personal and business information supplied by you or third parties on your behalf. Specifically, we may collect the following personal information throughout the duration of your relationship with us:

  • Basic personal details such as your name, address, date of birth or age, gender, marital status, and additional information about your insurance requirements
  • Business contact details (such as email and telephone details) related to correspondents, brokers and/or other relevant connections to insurance business
  • Personal information related to your insurance requirements and details of any specific claims

We may also collect special-category data, such as race, ethnic origin, political opinions, religion, trade-union membership, genetics, biometrics, health, sex life or sexual orientation when needed to provide insurance or process claims. This information will only be used for the specific purpose for which it was provided and to carry out the agreed service. In certain instances, we may also need to collect and process special-category data relating to individuals who may benefit from the policy. Where necessary, we will obtain your consent to use special-category data and may do this via an intermediary or broker.

We may collect, use, or disclose to third parties special categories of personal information about other individuals, such as employees, family, or members of your household. Before providing us with personal information about other individuals, you agree: (a) to notify the individual about the content of this Privacy Notice; (b) inform the individual how and why their information will be used and, (c) if requested by us, to obtain their permission to share their personal information with us by requiring the individual to sign a consent form.

Collection of Information from Children

Our services are not directed to nor intended for children under the age of 13 and we do not knowingly collect personal information from children under the age of 13.

Other Considerations 

When you use Mosaic products, services, applications, post information on a Mosaic forum, chat room, use social-networking services such as Facebook, LinkedIn, Twitter, or other social-media sites, the personal information and content you share are visible to other users and can be read, collected, or used by them.

California Privacy Rights

California Civil Code Section §1798.83 and the California Consumer Privacy Act (CCPA) permits users of our website who are California residents to request certain data regarding our disclosure of personal information to third parties for their direct marketing purposes. The CCPA also provides California residents the right ‘To Be Forgotten’ by a company. To make such a request, please send us a message via email:


Using Your Information

We will only use your personal data when the law allows us to do so. Generally, we will use your personal data in the following circumstances:

  • Assessing your application for a product, service, or quote
  • Providing and administrating relevant insurance policies
    • Client care, including communicating with you
    • Payments to and from individuals
  • Verifying your identity and carrying out sanctions/anti-fraud/financial crime checks
  • Handling claims
    • Managing insurance and reinsurance claims
    • Defending or prosecuting legal claims
    • Investigation or prosecuting fraud
  • Dealing with complaints
  • General risk modelling
  • Renewals
    • Contacting the policyholder to renew your policy
    • Evaluating the risk to be covered and matching to appropriate policy/premium
    • Payment of premium
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
  • Where we need to comply with legal or regulatory obligations
  • Transferring books of business, company sales and reorganisations

Retention of Your Information

Retention periods for personal information vary. We retain personal data only for as long as it is necessary and for the purpose for which it was originally collected. We consider the following obligations when setting retention periods for personal information and the records we maintain: the need to retain information to accomplish the business purposes or contractual obligations for which it was collected; our duties to effectuate our clients instructions with respect to personal information we process on their behalf; our duties to comply with mandatory legal and regulatory record-keeping requirements; to fulfil statutory and regulatory requirements, and other legal impacts such as applicable statute of limitations periods. We may also retain personal information for other purposes delineated in applicable privacy laws. We will securely delete or erase your personal information if there is no valid business reason for retaining your data.

Storing Your Information

Given the nature of insurance, your information may be shared with, and used by, a number of third parties in the insurance sector—for example, insurers, agents or brokers, reinsurers, loss adjusters, premium collection, claims-validation processors and providers, sub-contractors, regulators, law enforcement agencies, fraud and crime-prevention detection agencies as well as compulsory insurance databases. We will only disclose your personal information in connection with the insurance cover we provide and to the extent required or permitted by law.

We require all third parties to respect the security of your personal data. Parties processing data on our behalf are only permitted to process your personal information for specified purposes and in accordance with our instructions.

Transfer of your Information

From time to time, we may need to share your personal information with other insurance market participants or their affiliates, who may be based outside of your country of residence. Furthermore, we may also make other disclosures of your personal information, for example, if we receive a legal or regulatory request from a foreign law enforcement entity. We will always take steps to ensure any international transfer of information is carefully managed to protect your rights and interests.

  • We will only transfer your personal information to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied alternative arrangements are in place to protect your privacy rights
  • Where applicable, transfers of data overseas will be covered by standard contractual clauses adopted by the European Commission, which give specific contractual protections designed to ensure your personal information receives an adequate and consistent level of protection
  • Any requests for information we receive from law enforcement or regulators will be carefully checked before personal information is disclosed

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data.

Storing Your Information

We apply appropriate safeguards to prevent your personal data being lost, used, altered, disclosed or accessed in an unauthorised way. In addition, we limit access to personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Confidentiality and Security

If personally identifiable information (i.e., name, address, e-mail and telephone details) is provided to any third parties, we will require that they maintain such information in strictest confidence in compliance with our Privacy Policy.

We take the security of your personal information seriously and make appropriate technical and organizational measures against unauthorized or unlawful processing of personal data, and against accidental loss, destruction of, or damage to, personal data.

The security of your personal information is important to us. Mosaic seeks to use reasonable administrative, technical and physical safeguards to protect personal information within the organization. However, no method of data transmission or storage system can be guaranteed to be 100% secure.

Your Rights 

Under certain circumstances, you have rights under data-protection laws in relation to your personal data:

  • Request access to your personal data
  • Request correction of your personal data
  • Request erasure of your personal data
  • Object to processing of your personal data
  • Request restriction of processing your personal data
  • Request transfer of your personal data
  • Right to withdraw consent of your personal data

Request access to your personal data (commonly known as a “data subject access request”). You are entitled to a confirmation of: whether we are processing your data; a copy of your data and information about purposes of processing; whom we disclose it to; whether we transfer it abroad and how we protect it; how long we retain the data; what rights you have; how the data was acquired; and how you can make a complaint. This enables you to receive a copy of the personal data we hold about you and to check we are lawfully processing it.

Request correction of your personal data. This enables you to have any incomplete, inaccurate, or outdated information to be corrected.

Request erasure of your personal data. Sometimes referred to as “the right to be forgotten,” this right entitles you to request your personal information to be deleted or removed from our systems and records. However, this right applies in certain circumstances. Examples of when this right applies to the personal data we hold (subject to exemptions) include: when we no longer need the personal information for the purpose it was collected; if you withdraw consent to our use of your information and no legal justification supports our continued use of your personal data; if you object to the way in which we use your information and we have no grounds to continue using it; if we have used your personal data unlawfully; and, if the personal information needs to be erased to comply with the law.

Please be advised there may be consequences if you exercise your right to erasure. If you subsequently make a claim, it may be impossible to administer your claim without your personal data.

Object to processing of your personal data. You have the right to object to our use of your personal information in certain circumstances. You can object to our use of your personal information where you have grounds relating to a particular situation and the legal justification that we rely on for using your personal information in our, or a third party’s, legitimate interest. However, despite your objections, we may continue to use your personal information where there are legitimate grounds to do so, or we need to use your personal data in connection with legal claims.

Request restriction of processing your personal data. You have the right to request that we restrict or suspend the use of your personal information. However, this right only applies in certain circumstances. For example, you can exercise this right if: you think the personal information we hold about you is inaccurate; the processing is unlawful and you oppose the erasure of your personal information and instead request the restriction of its use; we no longer need the personal information for the purposes we have used it; or you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct-marketing purposes. In some cases, we may demonstrate we have legitimate grounds to process your information which may override your objections.

Request the transfer of your personal data. You have the right under certain circumstances to data portability, which requires us to provide personal information to you or a third party in a commonly used, machine-readable format, but only where the processing of that information is based upon your consent or a contract to which you are a party.

Right to withdraw consent of your personal data. Where we have relied upon your consent to process personal information, you have the right to withdraw that consent. This right only applies where we process personal information based upon your written consent.

Ability to Opt-Out

When you engage us to provide insurance services, we may ask for personal information which we maintain in encrypted form on secure servers. Mosaic does not sell personal information; however, if we propose to use your personal data for any purposes, other than those described in this Notice and/or in any other specific notices, you may “opt-out” to having your information shared by contacting us at We will not collect or use sensitive personal information for purposes other than those described in this Notice unless we have obtained your permission.

Changes to our Privacy Notice

We review this Privacy Notice regularly and reserve the right to make changes at any time to comply with legal requirements. We encourage you to review this page for any updates to the Privacy Notice. If there will be any significant changes made to the use of your personal information in a manner that is different from that stated at the time of collection, we will notify you by posting a notice on our website.

How to contact us

For questions or concerns relating to our Privacy Notice or data protection practices, or if you would like to exercise any of your rights as defined above, please email us at

You may also contact our principal firm and Managing Agent, Asta Managing Agency at:

Data Protection Manager

5th Floor Camomile Court

23 Camomile Court

London EC3A 7LL




If you are not satisfied with our response or believe we are not processing your personal data in accordance with legal requirements, you can make a complaint to the relevant data protection authority.