Our Privacy Notice
Privacy Notice
Last updated: 09 March 2026
Mechanical Breakdown & General Insurance Services Limited (MB&G, “we”, “us, “our”) is committed to protecting and respecting your privacy.
This Privacy Notice explains how we collect, use, share and protect personal data when you:
- Visit our website
- Purchase or enquire about insurance products
- Engage with our services
- Interact with in a business or professional capacity
- Are involved in an insurance claim we administer
If you have any questions about this Privacy Notice or how we handle personal data, please contact:
Email: [email protected]
Address: Cobalt Business Exchange, Cobalt Park Way, Newcastle upon Tyne, NE28 9NZ
Data Protection Contact: Head of Compliance
Who We Are
MB&G provides insurance distribution and claims administration services.
Depending on the service being provided, MB&G may act as either:
- Data Controller – where we determine how and why personal data is processed
- Data Processor – where we process personal data on behalf of another organisation such as an insurer
When MB&G Acts as A Data Controller
MB&G acts as a Data Controller when we determine the purposes and means of processing personal data.
This typically includes:
- Insurance distribution activities
- Policy administration
- Customer service and complaints handling
- Managing business relationships
- Operating and maintaining our website
- Compliance with legal and regulatory obligations
In these circumstances MB&G is responsible for ensuring personal data is processed in accordance with applicable data protection law.
When MB&G Acts as a Data Processor
MB&G acts as a Data Processor when we process personal data on behalf of another organisation that is the Data Controller.
This includes situations where MB&G provides claims administration services on behalf of insurers, underwriting partners, or other authorised firms.
In these circumstances:
- The Insurer or partner organisation is the Data Controller
- MB&G process personal data only in accordance with their instructions
- Contractual arrangements govern the processing of personal data
If you have any questions how your personal data is used in connection with a claim, you may also need to refer to the privacy notice of the insurer responsible for the policy.
The Personal Data We Collect
We may collect and process the following categories of personal data.
Website Visitors
- Name and contact details
- IP address
- Browser type and device information
- Website usage information collected through cookies
Customers and Policyholders
- Name, address and contact details
- Date of birth
- Insurance policy information
- Claims information
- Payment information
- Communications and correspondence
Claimant and Third Parties
Where we administer claims we process:
- Claims details
- Incident information
- Vehicle or asset details
- Special category data, where relevant (e.g. health information)
- Supporting evidence such as photographs or reports
Where special category data is processed, this is done under Article (9)(2)(f) UK GPDR (processing necessary for the establishment, exercise or legal claims).
Data from third parties / publicly available sources
We may also obtain information from:
- Insurers, brokers, dealers and lead generators
- Repair networks and service providers
- Law enforcement and regulatory bodies
- Publicly available sources (e.g. Companies House, FCA Register)
- Credit reference, fraud prevention and sanctions agencies
Children’s Data
Our services are not intended for individuals under 16, and we do not knowingly collect children’s data.
Business Contact
- Name
- Job title
- Business contact details
- Professional background information
- Publicly available business information
How We Use Personal Data
Where MB&G acts as a Data Controller, personal data may be processed for the following purposes:
- Providing and administering insurance products and services
- Responding to enquiries and provide customer support
- Investigating and responding to complaints
- Managing insurance policies
- Preventing fraud and financial crime
- Meeting legal and regulatory obligations
- Managing business relationships and partnerships
- Marketing & communication preferences
- Competitions/promotions
- Improve our services, website and customer experience
Marketing Communications
We may contact you about products and services that may be of interest. Where consent is required, we will only send marketing messages if you have agreed to receive them. You may withdraw consent or opt out at any time.
The Lawful bases relied upon include:
- Performance of a contract
- Compliance with legal obligations
- Legitimate interests
- Consent (where required)
Where MB&G acts as a Data Processor, personal data is processed strictly in accordance with the instructions of the Data Controller.
Business-to-Business Relationships and Due Diligence
When MB&G is considering entering into, or is actively engaged in, a business relationship with another organisation (including insurers, intermediaries, suppliers, service provider and professional advisors), we may conduct proportionate due diligence.
This may involve reviewing publicly available information relating to the organisations and relevant employees, directors or representatives.
Sources of information may include:
- Companies House
- The Financial Conduct Authority Register
- Corporate websites
- Credit reference agencies
- Press releases
- Reputable media outlets
- Regulatory publications
- Financial sanctions lists
- Industry publications
Purpose of this processing
This information may be used to:
- Verify regulatory permissions and professional standing
- Asses financial and reputational risk
- Support responsible supplier and partner due diligence
- Ensure compliance with regulatory and governance obligations
- Monitor the ongoing suitability of business partners
Lawful Basis
The processing is carried out on the basis of legitimate interests, specifically ensuring MB&G engages with reputable and compliance organisations and manages operational and regulatory risk appropriately.
Only information that is relevant and proportionate for the purpose will be collected.
Financial Crime Prevention and Regulatory Screening
MB&G may process personal data to prevent, detect and investigate fraud, money laundering, sanctions breached and other financial crime.
This may involve:
- Identity verification checks
- Screening against sanctions lists
- Reviewing regulatory registers
- Fraud prevention and investigation activities
Where required, information may be shared with:
- Insurers
- Fraud prevention agencies
- Regulators
- Law enforcement authorities
These checks are carried out to meet legal and regulatory obligations and to protect MB&G and its customers from financial crime.
Automated Decision Making
Some insurance services may involve automated processing or decision making, for example when:
- Assessing eligibility for certain insurance products
- Detecting potentially fraudulent claims
- Identifying unusual or suspicious activity
Automated tools may analyse information such as:
- Policy details
- Transaction history
You have the right to request human intervention, express your point of view, and contest an automated decision.
Sharing Personal Data
Personal data may be shared with:
- Insurers and underwriting partners
- Claims administrators and loss adjustors
- Professional advisors (legal, compliance, audit)
- IT and technology service providers
- Regulators and law enforcement agencies where required
- Marketing platforms (Mailchimp, Klaviyo)
- Payment processors (Stripe)
- Third parties involved in the administration of insurance products or claims
All third parties are required to process personal data securely and in accordance with applicable data protection law.
International Transfers
Where personal data is transferred outside the United Kingdom, MB&G ensures appropriate safeguards are in place, such as:
- UK International Data Transfer Agreements
- Adequacy decisions
- Standard Contractual Clauses
Data Retention
Personal data will only be retained for as long as necessary to fulfil the purposes for which it was collected, including meeting legal, regulatory and contractual obligations.
Retention periods are determined in accordance with MB&G’s internal data retention policies.
Data Security
MB&G implements appropriate technical and organisational measures to protect personal data. To do this we use third-party suppliers for IT services, sharing personal data subject to contractual arrangements. These supplier as data processors, only act on our instructions outlined in contracts.
This includes governance and information security frameworks aligned with recognised standards such as ISO 27001 and ISO 9001.
Your Rights
Under UK data protection law, individual have a number of rights including:
- Access to your personal data
- Rectification of inaccurate information
- Erasure (in certain circumstances)
- Restriction of processing
- Objection to processing (including direct marketing)
- Data portability (where applicable)
- Withdraw consent at any time (where consent is used)
- Not to be subject to solely automated decisions with legal or significant effects
Requests can be made using the contact details above. We will respond within one calendar month.
Should you
You also have the right to lodge a complaint with the UK supervisory authority:
Information Commissioner’s Office
Cookies
Our website uses cookies to improve functionality and analyse how visitors use the website. Further information can be found in our Cookie Policy .
Changes to This Privacy Notice
We may update this Privacy Notice from time to time. The latest version will always be published on our website.