Privacy Policy
This Privacy Policy governs the collection, storage, usage and safeguarding of personal data collected by Gullwing Insurance (also referred to as “we”, “us”, or “our”). When referring to “Gullwing Insurance”, we refer to Gullwing Insurance BV and Gullwing Racing Support UK Ltd, as well as any of their trading names.
Please read this Privacy Policy carefully – agreeing to this Privacy Policy, such as accepting it through our cookie banner or registration page, or otherwise directly engaging in contact with Gullwing Insurance (also referred to as using “the Service” or “our Services”), you confirm that you have read, understood and agree to this Privacy Policy in its entirety.
This Privacy Policy was last updated on 26 / 09 / 2025. Please check back regularly to keep informed of updates to this Privacy Policy. In order to see previous revisions of the Privacy Policy, please contact us.
Who we are
Gullwing Insurance, Gullwing Racing Insurance, Gullwing Sports Insurance and Gullwing Prestige Insurance are trading names of Gullwing Insurance BV, which is EEC authorized and regulated by The Authority Financial Markets (www.afm.nl), Registration No. 12009032. Gullwing Racing Support UK Ltd is registered in England, and authorised and regulated by the Financial Conduct Authority (www.fca.org.uk) under registration number FRN 978267.
How to contact us
Gullwing Insurance BV
Jan Gielenlaan 1
5626 HN Eindhoven
The Netherlands
Phone #: +31 40 2624848
race@gullwing.com
What is personal data?
Personal data is defined as it is in the EU’s General Data Protection Regulation. In essence, it means data that directly or indirectly identifies you. To assist your understanding of how personal data may flow through the insurance process, we have visualised the various stages of insurance and an overview of who may need your personal data to perform the relevant obligations connected to your relationship with us. This visualisation can be found in Annex 1a.
When a company processes your personal data, it is either a “controller” or a “processor”. In different circumstances, Gullwing Insurance may be either. Let’s look at a few examples:
Example A. You took out the insurance policy with Gullwing Insurance yourself:
When you take out an insurance policy directly with us yourself, we will be the data controller.
Example B. You are making in claim in relation to a Gullwing Insurance policy:
When you make a claim in relation to an insurance policy purchased through Gullwing Insurance, we will be the data controller.
Example C. You took out the insurance policy with a broker or other intermediary:
If you purchased a policy with a broker or other intermediary, the
broker or intermediary will be the initial data controller, and their
data protection contact can advise of the identities of the entities
with whom they share your personal data.
Example D. You are neither a policyholder or an insured, or not sure if we hold personal data about you:
You should contact the organization that you assume collected your
personal data who, in turn, should provide you with details of the
entities with whom they share your personal data. For any further
information requests, please contact us.
Personal data we collect
We collect personal data about you in three ways:
- Website visits: We collect information about the way you interact with and use our Services through log files and website analytics tools (using cookies). This information may include your IP address, referral and exit URLs, browser type, operating system, date/time of access, pages visited, the popularity of certain content, and clickstream data. More information on these website analytics tools is provided later in this Privacy Policy. If you did not agree to the placement of statistical cookies, this data will remain limited and anonymized. For more information on our usage of cookies, and our policy on cookie consent, please see the Cookie Policy.
- Direct interactions: You may give us certain data including your identity information, contact data, and other personal data required for the purpose of requesting a quotation for our Services, entering into a policy with us, or filing a claim with us. This includes any data that you upload or share while using our Services and personal data contained in the documents you upload to our Services.
- Third parties and publicly available sources: We may receive personal data about you from various third parties such as other insurers or brokers who you have communicated with in relation to your policy, anti-fraud databases, sanctions lists, court judgments and other databases, government agencies, open electoral register or in the event of a claim, third parties including the other party to the claim (claimant / defendant), witnesses, experts (including, where applicable, medical experts), loss adjustors, solicitors and claim handlers. We may also collect data about you from third parties who take out a policy with us and are required to provide your information, e.g., where you will be a named beneficiary of the policy, a named driver on the policy or where a family member, employer or other entity has taken out a policy which requires personal information about you.
The sources where we collect your personal data will depend on your particular circumstances. For us to provide insurance quotes, policies, process any claims you may have in connection with one of our policies (whether it is between you and us, or a third party and us but under which you have a claim) and to deal with any concerns, we will need to collect and process certain personal data about you. The types of personal data we may have to process will depend on the nature of your policy, claim and / or complaint may include the following information set out in Table 1 below.
Table 1
How we use your data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Legitimate Interests: Circumstances where it is necessary for our legitimate interests (or those of a third party and necessary for the Service) and your interests, and fundamental rights do not override those interests. For example, when you have a policy with us or otherwise benefit from a policy which a third party (such as an employer or family member) has entered into with us.
- Legal Obligation: Circumstances where we need to comply with a legal or regulatory obligation. For example, information that is required to be stored under Wwft (Anti-Money Laundering and Anti-Terrorist Financing Act) or other regulatory obligations.
It may be necessary for us to process your personal data such as, but not limited to, policy data and claims data using automated analysis and human discretion in order to ensure that premiums properly reflect the relevant underlying risks and further improve the effectiveness of our claims process. We do not use any special categories of sensitive personal data such as information about your health or criminal convictions for profiling purposes.
In Table 2 below, we have set out a description of the ways we use your personal data, and the legal basis we rely on to do so. We also indicate what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
Table 2
- Identification Data
- Digital Data
- Performance of a contract with you
- Legitimate interests (i.e., to improve your user experience with our Services and to further develop our Services)
- Identification Data
- Contact Data
- Financial Data
- Credit and Anti-Fraud Data
- Performance of a contract with you
- Compliance with a legal obligation (to comply with laws and regulations)
- Legitimate interests (i.e., to ensure you are within our acceptable risk profile)
- Identification Data
- Risk Data
- Policy Data
- Historical Claims Data
- Credit and Anti-Fraud Data
- Performance of a contract with you
- Compliance with a legal obligation (to comply with laws and regulations)
- Legitimate interests (i.e., to determine the likely risk profile, appropriate insurance product, and risk profile)
- Identification Data
- Contact Data
- Financial Data
- Performance of a contract with you
- Legitimate interests (i.e., to recover due debts to us)
- Identification Data
- Contact Data
- Policy Data
- Risk Details
- Current and Historical Claims Data
- Historical Communication Data
- Performance of a contract with you
- Legitimate interests (i.e., so that we can correspond effectively with our policyholders, insureds and beneficiaries in relation to policies, or those who have made claims pursuant to or connected to a policy entered into with us)
- Identification Data
- Contact Data
- Risk Data
- Financial Data
- Policy Data
- Current and Historical Claims Data
- Credit and Anti-Fraud Data
- Historical Communication Data
- Performance of a contract with you
- Compliance with a legal obligation (i.e., to ensure we do not pay a claim that is in breach of applicable laws and regulations)
- Legitimate interests (i.e., to assess the veracity and quantum of claims)
- Identification Data
- Contact Data
- Risk Data
- Financial Data
- Policy Data
- Current and Historical Claims Data
- Credit and Anti-Fraud Data
- Historical Communication Data
Note: See section below concerning instances where we might need special categories of sensitive personal data including information about your health and criminal convictions.
- Performance of contract with you
- Compliance with legal obligations (to comply with laws and regulations)
- Legitimate interests (i.e., to defend or initiate necessary legal claims)
- Identification Data
- Contact Data
- Risk Data
- Financial Data
- Policy Data
- Current and Historical Claims Data
- Credit and Anti-Fraud Data
- Historical Communication Data
Note: See section below concerning instances where we might need special categories of sensitive personal data including information about your health and criminal convictions.
- Performance of contract with you
- Compliance with legal obligations (to comply with laws and regulations)
- Legitimate interests (i.e., to assist with the detection and prevention of fraud)
- Identification Data
- Contact Data
- Policy Data
- Current and Historical Claims Data
- Performance of a contract with you
- Legitimate interests (i.e., to create timely, personalised renewal offers to facilitate the placing of applicable cover under insurance policies)
- Identification Data
- Contact Data
- Policy Data
- Performance of a contract with you
- Legitimate interests (i.e., to correspond with the insured, policyholder or beneficiary to facilitate the placing of applicable cover under insurance policies)
- Identification Data
- Contact Data
- Risk Data
- Financial Data
- Policy Data
- Current and Historical Claims Data
- Credit and Anti-Fraud Data
- Compliance with legal obligations (to comply with laws, regulations and other legal obligations)
- Legitimate interests (i.e., to structure our business appropriately)
- Identifaction Data
- Contact Data
- Risk Data
- Financial Data
- Policy Data
- Current and Historical Claims Data
- Credit and Anti-Fraud Data
- Historical Communication Data
Note: See section below concerning instances where we might need special categories of sensitive personal data including information about your health and criminal convictions.
- Compliance with legal obligations (to comply with laws, regulations and other legal obligations)
- Identifaction Data
- Contact Data
- Risk Data
- Financial Data
- Policy Data
- Current and Historical Claims Data
- Credit and Anti-Fraud Data
Note: See section below concerning instances where we might need special categories of sensitive personal data including information about your health and criminal convictions.
- Legitimate interests (i.e., to build risk models that allow for the acceptance of risk with appropriate premiums)
Special Categories of Data: As indicated in Table 1 and Table 2, in order to process certain policies and / or claims connected to those policies, it may be necessary for us to collect and process certain special categories of data. However, given the limited likelihood of us needing to obtain this information from you, if we do need this information, we will write to you to obtain your consent for processing this information. You may withdraw your consent to such processing at any time by contacting us. However, if you withdraw your consent, this may impact our ability to provide you with insurance cover or pay claims.
Change of Purpose: We will only use your personal data for the purposes for which we collected it, unless we find that we need to use that data for another reason, and that reason is justifiably compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Who we share your data with
We may need to share your personal data information with third parties. For example, we may need to share your personal data to provide you with the insurance coverage under your policy, or to pay or otherwise investigate any claim arising from a policy entered into with us.
We share your personal data within Gullwing Insurance, and where necessary to perform essential business functions, we share your personal data with our authorized external third parties. For example, to process claims effectively and to carry out necessary business functions, external companies may provide functional support to Gullwing Insurance.
Gullwing Insurance, like many companies, uses (cloud) service providers (“CSPs”) to provide functional IT support. This includes the storage of personal data you provide to us. Any personal data provided to a third party is used solely for Gullwing Insurance’s necessary business functions. We may also transfer data to appropriate third parties as required by applicable laws, rules and regulations, in response to a lawful request from governmental authorities, or to comply with a legal process. We will request your express opt-in consent before we share your personal data with any company outside Gullwing Insurance for marketing purposes.
We may also transfer data to appropriate third parties as required by applicable laws, rules and regulations, in response to a lawful request from governmental authorities, or to comply with a legal process. We will request your express opt-in consent before we share your personal data with any company outside Gullwing Insurance for marketing purposes.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Where your data is stored
We share your personal data within Gullwing Insurance and with authorized external third parties. Both Gullwing Insurance and these authorized external third parties are located across the world. Some of these countries may be subject to additional or different data protection requirements. Where this is the case, we will take appropriate measures to protect your personal information in accordance with this policy and all applicable data privacy laws.
Whilst Gullwing Insurance stores your personal data within the EEA, some of our authorized external third parties may store your personal data outside of the EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We may use specific contracts approved by the European Commission which give your personal data the same protection it has in Europe.
- We may transfer your personal data to the authorized external third party if they are part of the EU-US Data Privacy Framework, which requires them to provide similar protection to personal data shared between Europe and the US.
- The authorized external third party has EU approved binding corporate rules or other EU approved certifications.
Please contact us if you want further information on the specific mechanism we use when transferring your personal data out of the EEA.
How we secure your data
Gullwing Insurance maintains physical, electronic, and procedural safeguards that comply with applicable regulations to guard your personal data. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business-need-to-know and a legitimate interest. They will only process your personal data on our instructions. We have put in place procedures to deal with any suspected unauthorized access or loss of personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long we keep your data
We will keep your information for as long as is necessary to fulfil the purposes described in the policy, and as long as required by law. How long we keep your information depends on, among other things, whether or not you have reported a claim. If you do not report a claim, we will keep your information for ten (10) years after your relationship with Gullwing Insurance has ended, while after reporting a claim, we will keep your information for ten (10) years after the claim is closed in accordance with the law.
In some circumstances, we may retain anonymized data, such as car, sum insured, track, insurance premium and other calculation parameters, for research or statistical purposes. This data will no longer be associated with you, in which case we may use this information indefinitely without further notice to you. Please contact us if you require specific information about the retention period of your personal data.
Google Analytics
We use Google Analytics for the collection and analysis of visitor statistics. Google uses this information to evaluate the use of the website, compile reports on website activity for the website owner, and provide other services related to website activity and internet usage. For more information, please refer to Google’s privacy policy at https://policies.google.com/privacy.
PostHog
We use PostHog for the collection and analysis of visitor statistics. This information is stored by PostHog within the EU, according to EU standards, and is used by Gullwing Insurance to understand the usage of the website and Services, with the intention of improving your experience with the Services. For more information, please refer to PostHog's privacy policy at https://posthog.com/privacy.
Your legal rights
Under the GDPR, you have several rights regarding our processing of data about you. These rights include:
- You have the right to access the information we hold and process about you and a range of additional information, such as how we use this information;
- You have the right to have inaccurate information about yourself corrected;
- In certain circumstances, you have the right to have information about you deleted when we no longer have a lawful ground to keep that information;
- In certain cases, you have the right to have the processing of your personal data restricted;
- In certain cases, you have the right to object to our otherwise lawful processing of your personal data. You may also object to processing your data for direct marketing purposes;
- In certain cases, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have that personal data transferred from one controller to another without hindrance;
- You have the right not to be part of an automated decision process (“profiling”), in events where the decision significantly impacts you.
In certain circumstances, we may need to restrict the above rights in order to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that your personal data is not disclosed to any other person. We may also ask you for further information to clarify your request.
We try to respond to all legitimate requests within one calendar month. Occasionally, it may take us up to three calendar months to honor your request. In this case, we will notify you within one calendar month and keep you updated. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, under these circumstances, we may refuse to comply with your request.
If you require further information on these rights, or you wish to exercise your rights, please contact us via e-mail at race@gullwing.com.
You have the right to complain to the Dutch Data Protection Agency if you are unhappy with how we process your personal data. You can find the contact details at https://www.autoriteitpersoonsgegevens.nl/en.
Annex 1a
