Keystone Legal Benefits Ltd is a company:

  • Incorporated in England & Wales, number 02307623.
  • Authorised and Regulated by the Financial Conduct Authority, number 313653.
  • Registered under the Data Protection Act Z4709949.

This notice applies to you if you are a prospective, current or former individual client of Keystone Legal Benefits Ltd, or an employee and/or beneficial owner of a corporate client, who:

  • has registered with us to enquire about the Insurance and services we offer; and/or
  • we have contacted you about the Insurance and services we offer.

This notice does not form part of any contract for services. A copy of our client terms and conditions is available upon request, is published on our website and, for new clients, is issued in the Key facts documents/Policy schedules.

We are committed to respecting your privacy. This notice is to explain how we may use the personal information we collect and use about you during and after your working relationship with us. This notice explains how we comply with the law on data protection and what your rights are.

We have not appointed a Data Protection Officer to oversee our compliance with data protection laws as we not required to do so. Should you need to contact us, see the ‘CONTACTING US’ section at the end of this privacy notice.


When you interact with us in relation to your work with us, you may provide us with or we may obtain personal information about you, such as information regarding your:

      • Contact details: information that allows us to contact you directly such as your name, email address, telephone/mobile numbers and addresses. We may contact you for instructions (if you are a client or a person authorised to give instructions to us by a client);
      • Identification documents: information such as passport, driving licence, utility bills, identity cards, signature, etc.
      • Correspondence: including details of your existing insurance policy with us and other documents and files.
      • Financial information: bank accounts details, payment and receipt details, financial status;
      • Advisors relating to your case: including, Solicitors, Medical Reporting agencies etc;
      • Records of your interactions with us: such as any enquiries or complaints you make, telephone conversations, letters and other correspondence (including e-mail).;
      • Your marketing preferences: so that we know whether and how we should contact you.


We do not generally collect, store or use ‘special categories’ of more sensitive personal information regarding you. Examples of special categories are as follows:

      • information about your race or ethnicity, religious beliefs, sexual orientation and political opinions;
      • information about your trade union memberships; and
      • biometric information about you, for example fingerprints, retina scans.

If we did collect any special category personal information about you, we do not currently rely on consent as a basis for processing special category personal information.

We also do not collect, store and use any criminal records information in relation to you. If we did collect any criminal records information, we do not currently rely on consent as a basis for processing criminal records information.


We will collect personal information from a number of sources. These include the following:

      • Directly from you: from yourself, when you register to become a client of ours, complete forms we provide to you, use our website, make a claim, make a complaint, provide identification, contact us by phone, email or communicate with us directly in some other way;
      • Third parties authorised by you: a family member or someone else authorised by you;
      • Our website: provides us with information about how you use it;
      • Your professional advisors: such as solicitors, Medical Reporting agencies etc.;

We may also collect additional personal information throughout the period of the policy through to policy expiry.


The table below describes the main purposes for which we process your personal information, the categories of your information involved and our lawful basis for being able to do this.



information used

Lawful basis

For the purposes of on- boarding you as a client

Name, personal contact details and other identifiers, and identification documents, identification and anti-money

laundering checks


This is necessary to enable us to enter into, manage and perform our contract with you regarding your insurance policy.

To provide an ongoing service to you

All the personal information we collect

This is necessary to fulfil our contract with you.

Marketing to you, our services, products and events which may be of potential interest to you

Name, personal contact details and other identifiers, marketing preferences and investment records

When you have registered as a client with us, we have a legitimate interest as part of our service to you, to identify new opportunities that may be of interest to you.


For prospective individuals who have not registered with us, we will have obtained your explicit consent to market to you.

To manage our business and internal reporting

All the personal information we collect about you

We have a legitimate interest to ensure that we operate efficiently and manage our business properly.


To be able to manage and perform our contract with you regarding your insurance policy.

To deal with enquiries, complaints and other communications from you and dealing with legal disputes involving you

All the personal information we collect about you

We have a legitimate interest to ensure that we operate efficiently and deal with any enquiries, complaints or other communications.


We have a legitimate interest to ensure that all legal claims are managed effectively.

For the purposes of staff training

All       the      personal information we collect


We have a legitimate interest to improve the services we provide.

To conduct data analytics studies and customer satisfaction surveys or feedback requests to review, and better

understand our client,

retention, and satisfaction levels


Our client records and any information you provide in response to our client feedback


We have a legitimate interest in order to improve as a business.

For the purpose of complying with FCA regulatory requirements

All the personal information we collect about you

We have a legal obligation to comply with regulatory requirements and we have a legitimate interest in complying with regulatory requirements.

Storage of records relating to you and also records relating to our business

All the personal information we collect about you

To be able to manage and fulfil our contract with you, we may have a legal and/or regulatory obligation to do so and we also have a legitimate interest to keep proper records.

For some of your personal information, you will have a legal, contractual or other requirement or obligation for you to provide us with your personal information. If you do not provide us with the requested personal information we may not be able to properly perform our contract with you or comply with legal obligations. For other personal information, whilst you may not be under an obligation to provide it to us, if you do not provide it then we may not be able to properly perform our services for you as an insurance broker.

You should be aware that it is not a condition of any contract with us that you agree to any request for consent from us and we do not usually rely on consent as a basis for processing your personal information. However, if we have asked you for consent, and you have given us your consent to use your personal information, you have the right to withdraw this consent at any time, which you may do by contacting us as described in the ‘CONTACTING US’ section below.

If you decide that you don’t want to receive marketing content from Keystone any longer, please note that we may still be required to send you emails regarding information in connection with products or services that we are currently providing to you.


We share personal information with the following parties:

      • Any party approved by you: for example, family members, solicitor, banks,
      • Advisors: either advisors appointed by you, for example legal advisors, or advisors appointed by us;
      • Insurance Company: Policy details
      • The Government, government bodies or our regulators: where we are required to do so by law or to assist with their investigations or initiatives, for example HMRC, the Financial Conduct Authority (‘FCA’) or the Information Commissioner’s Office;
      • Police, law enforcement and security services: to assist with the investigation and prevention of crime and the protection of national security.

We do not disclose personal information to anyone else except as set out above unless we have your consent or we are legally obliged to do so. We do not sell your data.


Email, post, telephone and SMS marketing: from time to time, we may contact you by email, post, telephone or SMS with information about products we believe you may be interested in.

We will only send marketing messages to you in accordance with the marketing preferences.

You can then let us know at any time that you do not wish to receive marketing messages by sending an email to us at / using the details set out in the ‘CONTACTING US’ section below. You can also unsubscribe from our marketing by clicking on the unsubscribe link in any written marketing messages we send to you or letting us know during any marketing telephone call.


A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular website. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

To see a list the cookies we use and why we use them click here to view our cookie policy.


Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement.


We have put in place appropriate security measures to prevent your personal data from being accidently lost, used, accessed, altered or disclosed in an unauthorised way.  Our key focus is on continuous management of security information.  In addition, we limit access to your personal data to those employees, agents and other third parties who have a business need to know.  They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulators of a breach where we are legally required to do so.


The personal information we collect may be transferred to and stored in countries outside of the UK and the European Union. Some of these jurisdictions require different levels of protection in respect of personal information and, in certain instances, the laws in those countries may be less protective than the jurisdiction you are typically resident in.

If we engage a third party to process personal information on our behalf we contractually require them to apply appropriate safeguards for personal information. For further details please contact us by using the details set out in the ‘CONTACTING US’ section below.

The personal information we collect about you is not transferred to or stored in countries outside of the UK or European Union except as set out in this section.

Our staff and other individuals working for us may, in limited circumstances, access personal information outside of the UK and European Union if they are working or on holiday abroad outside of the UK or European Union. If they do so they will be using our security measures and will be subject to their arrangements with us which are subject to English Law and the same legal protections that would apply to accessing personal data within the UK.

In limited circumstances the people/organisations to whom we may disclose personal information as mentioned in the section ‘Who we share your personal information with’ above may be located outside of the UK and European Union. In these cases, we will impose any legally required protections to the personal information as required by law before it is disclosed.

If you require more details on the arrangements for any of the above then please contact us using the details in the ‘CONTACTING US’ section below.


Your insurance policy is Bastion Insurance Company Ltd who are based in Malta and Authorised by the Malta Financial Services Authority.  The duration for which we retain your personal information will be to a maximum of 10 years following the end of your insurance policy this is required under the Maltese Companies Act. 

It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you move home or change your phone number or email address. You may be able to update some of the personal information we hold about you and can contact us by using the details set out in the ‘CONTACTING US’ section below.


You have the following rights in relation to your personal information:

      • the right to be informed about how your personal information is being used;
      • the right to access the personal information we hold about you;
      • the right to request the correction of inaccurate personal information we hold about you;
      • the right to request the erasure of your personal information in certain limited circumstances;
      • the right to restrict processing of your personal information where certain requirements are met;
      • the right to object to the processing of your personal information;
      • the right to request that we transfer elements of your data either to you or another service provider; and
      • the right to object to certain automated decision-making processes using your personal information.

You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. For example, we do not use automated decision making in relation to your personal data. However, some have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.

Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website

To exercise any of the above rights, or if you have any questions relating to your rights, please contact us by using the details set out in the ‘CONTACTING US’ section below. If you are unhappy with the way we are using your personal information you can also complain to the UK Information Commissioner’s Office or your local data protection regulator. We are here to help and encourage you to contact us to resolve your complaint first.


We may update this privacy notice from time to time. When we change this notice in a material way, we will update the version date at the bottom of this page. For significant changes to this notice we will try to give you reasonable notice unless we are prevented from doing so. Where required by law we will seek your consent to changes in the way we use your personal information


In the event of any query or complaint in connection with the information we hold about you or our marketing to you, please email or write to us at FAO: Keystone Legal Benefits Ltd, Beaumont House, Auchinleck Way, Aldershot, Hampshire, GU11 1WT.

Keystone Legal Benefits Ltd is authorised and regulated by the FCA, ref number 313653.

Version dated 11th November 2022