Privacy Policy

Any reference to “we” or “us” in this Privacy Policy shall mean TBO Services Limited trading as The Insurance Octopus. This Privacy Policy applies whenever we use your personal information and to (the “Site”) which is owned and operated by TBO Services Limited.

Our Privacy Policy is regularly reviewed to ensure that we continue to serve your privacy interests. We reserve the right to update this Privacy Policy from time to time, with any updates published on the Site. We therefore encourage you to review our Privacy Policy periodically for the most up to date information on our privacy practices. We will not, however, substantially change the way we use personal information you have already provided to us without your prior agreement.

TBO Services Limited will be what’s known as the “Controller” of the personal information you provide to us, which means we’re responsible for protecting the personal information we hold about you. TBO Services Limited is part of the Verastar Group.

We have appointed a data protection officer (“DPO”) who is responsible for answering questions about our Privacy Policy. If you have any questions regarding our Privacy Policy, including if you want to exercise any of your legal rights, please contact our DPO by emailing or by writing to us at: Data Protection Officer, Verastar Limited, No. 1 Dovecote, Old Hall Road, Sale. Cheshire, M33 2GS.

This Privacy Policy is provided in a layered format so you can click through to the specific areas set out below.


1. Why do we have this policy?

Your privacy is important to us, and we are committed to protecting your personal information from unauthorised use or disclosure. We will therefore use your personal information, or provide it to others, in accordance with this Privacy Policy.

Our Privacy Policy applies whenever you visit the Site, during the period you receive goods and/or services from us, or during the process of you applying for them, and afterwards. It also applies when we contact you to tell you about our goods and service. The Site is not intended for children and we do not knowingly collect data relating to children.

2. Collecting your information

We may hold information about you as a customer, a prospective customer or as a representative of a business customer. We collect this information in a number of ways:

  • information is collected through your use of the Site and any applications;
  • information is collected through your communications with us;
  • information is collected via our networks when you use any of our services, to enable us to provide the service, and to bill it;
  • information is sometimes collected from outside sources, such as banks or credit reference agencies, to help us with credit-related decisions.

We may also record and/or monitor calls for quality checks and/or staff training. Call recordings may be used to help us detect, prevent or combat fraud. We may provide call recordings to regulators.

3. Using your information

We may hold and use the following information about you:

  • your name, title, date of birth (Identity Data);
  • your phone number(s), address, email address(es) (Contact Data);
  • your banking or financial details (Financial Data);
  • your interests, preferences, feedback and survey responses and information we received when making a decision about you (including any information collected from credit reference agencies) (Profile Data);
  • details and information about the goods and/or services you receive from us or another provider (Usage Data or Transaction Data);
  • your IP address, your login data, browser type and version, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Site (Technical Data). For details of this type of information please see our Cookie Policy;
  • information about when you contact us and when we contact you (Marketing and Communications Data),

as well as any other information (including information about your health) which we reasonably need to operate your account or make decisions about you (including regulatory decisions).

If we need to collect your personal information by law or under the terms of a contract we have with you and you don’t provide that information, we may not be able to provide you with the applicable products or services. In this case, we may have to cancel a product or service you have with us but we will tell you if this is the case at the time.

If a debit or credit card provided to us is identified as having been used fraudulently, we will maintain a record of its use for reporting and preventing fraud.

We may use your information on the following lawful grounds:

  • where we need to in order to perform the contract we are about to enter into with you or have entered into with you.
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • where we need to comply with a legal or regulatory obligation.
  • where we are permitted to do so by law.
  • where it is in the public interest to disclose the information.
  • where it is otherwise permitted under data protection laws.

Generally we do not rely on consent as a legal basis for processing your personal information.

We have set out below, in a table format, a description of all the ways we plan to use your personal information, and which legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground on which we are relying to process your personal information where more than one ground has been set out in the table below.

Your data may also be used for other purposes for which you give your permission.

The period of time for which we keep personal information depends on how long we are required to keep it by law (in some cases, the law requires us to keep information for a minimum period) or how we use the information. Unless required by law to keep it, we will keep information no longer than we need to for the purpose or purposes for which we collected it.

Keeping you in touch

We may use your information to contact you by email, SMS, letter, telephone (including voicemail) or other ways, and share it within the Verastar Group so that members of Group can contact you in the same ways about the range of products and services within the Verastar Group portfolio, which includes the brands kinex, Unicom, Clear Business and Inspire Payments. These services include:

  • fixed line telecoms, broadband and mobile;
  • water, gas, electricity and other energy services;
  • insurance services;
  • merchant services.

The Verastar Group includes Verastar Limited trading as kinex, Unicom or Clear Business, Clear Business Water Limited, Economy Gas Limited, Sinq Power Limited and Inspire Payments Services Limited.

You can ask us to stop sending you marketing messages at any time by contacting us.

4. Sharing your information

We will keep your personal information confidential and will only share it as set out in this Privacy Policy. If we do share your personal information, the companies we share it with are contractually obliged to keep the personal information secure in accordance with our instructions and data protection laws.

We may share information about you:

  • within the Verastar Group of companies to gain a picture of how you engage with the Group overall;
  • with anyone we use to help us to operate our business to collect payments or recover debts or to provide a service on our behalf, such as contractors, consultants, advisers and the markets. We will put in place appropriate measures to ensure your personal information remains protected;
  • with any person to whom we sell or transfer (or enter into negotiations with to sell or transfer) including their legal and professional advisers for this purpose, our business or any of our rights or obligations under any agreement we may have with you, or any part thereof. If the transfer or sale proceeds, the transferee or purchaser, and their group of companies, may use your personal information in the same way as explained in this Privacy Policy;
  • with regulatory bodies, government authorities or ombudsmen schemes or other authorities to comply with our regulatory obligations and industry standards;
  • with the police and any other investigatory authority where we consider it reasonable to do so in order to protect our business, premises, visitors and staff;
  • with media organisations you’ve spoken to or corresponded with about your account;
  • with any individual or entity where we are required to do so by law (for example, pursuant to a court order);
  • with any other third party in respect of which you provide consent.

If you become a customer of TBO Services Limited, or apply for our products or services, we may also use and share information about you as follows:

  • with any payment system we use;
  • with credit reference agencies or fraud prevention agencies.

5. Credit reference and fraud prevention agencies

When you apply to us to open an account, we will check the following records about you and relevant other parties as described below:

  • our own;
  • those at credit reference agencies (CRAs). If you are a sole trader or in a partnership, we will treat your search as a “consumer” search, which means that when CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders. They supply to us both public (including the electoral register) and shared credit and fraud prevention information.

We will make checks such as: assessing your application for credit and verifying identities to prevent and detect crime and money laundering. We may also make periodic searches at CRAs to manage your account with us.

If you are a sole trader or are in a partnership and are making a joint application or tell us that you have a financial associate, we will link your records together so you must be sure that you have their agreement to disclose information about them. CRAs also link your records together and these links will remain on your and their files until such time as a disassociation is successfully filed with the CRAs to break that link.

Information on applications will be sent to CRAs and will be recorded by them. This information may be supplied to other organisations by CRAs to perform similar checks and to trace your whereabouts and recover debts that you owe. Records remain on file for 6 years after they are closed, whether settled by you or defaulted.

If you give us false or inaccurate information and we suspect or identify fraud we will record this and may also pass this information to organisations involved in crime and fraud prevention.

If you do not make payments that you owe us and we are unable to resolve the outstanding debt with you via our usual debt collection correspondence, we may use CRAs to trace your whereabouts and recover debts.

We and other organisations may access and use from other countries the information recorded by fraud prevention agencies.

Your data may also be used for other purposes for which you give your specific permission or, in very limited circumstances, when required by law or where permitted under data protection laws.

You can contact the CRAs below who currently operate in the UK; the information they hold may not be the same so it is worth contacting them all. They will charge you a small statutory fee.

  • Creditsafe, Bryn House, Caerphilly Business Park, Van Road, Caerphilly CF83 3GR or call 02920 886500
  • CallCredit, Consumer Services Team, PO Box 491, Leeds, LS3 1WZ or call 0870 060 1414
  • Equifax PLC, Credit File Advice Centre, PO Box 3001, Bradford, BD1 5US or call 0870 010 0583 or log on to
  • Experian, Consumer Help Service, PO Box 8000, Nottingham, NG80 7WF or call 0844 481 8000 or log on to

6. Transfer of information

We may transfer your information to other countries outside the UK, including outside the European Economic Area whose data protection laws may not be equivalent to those in the UK. If we do so, we will put in place appropriate measures for the protection of your personal information in such countries.

7. Security

Information provided through the Site is stored on our secure servers or those of any third party we engage to provide our IT platform.

Where we have given you, or you have chosen, a password which enables you to access certain parts of our Site, you are responsible for keeping the password confidential and must not share it with anyone. You are responsible for any actions carried out using your password save where there has been fraud.

Whilst we will have appropriate measures in place to protect personal information you send to the Site, we cannot guarantee the security of the internet, so please refrain from sending us particularly private or sensitive details in free text fields. Please only provide such details to the extent that specific data fields are provided. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Your rights

Under data protection laws, you have the following rights in relation to your personal information:

  • Request access to your personal information i.e. a right to be told whether we hold your personal information and, subject to certain exceptions, to be provided with a copy of such information.
  • Request correction of your personal information i.e. a right to have any incomplete or inaccurate personal information we hold about you corrected.
  • Request erasure of your personal information i.e. a right to ask us to delete or remove personal information where there is no good reason for us continuing to process it.
  • Object to processing of your personal information i.e. where we are relying on a legitimate interest and there is something which makes you want to object to processing on this ground because it impacts on your fundamental rights and freedoms.
  • Request restriction of processing your personal information i.e. a right to ask us to suspend the processing of your persona information in certain scenarios.
  • Request transfer of your personal information i.e. a right to have any information which we used to perform a contract with you transferred to you or a third party of your choice.
  • Right to withdraw consent.

If you would like to exercise any of these rights, please do so in writing to: Individual Rights Request, Data Protection Officer, Verastar Limited, No. 1 Dovecote, Old Hall Road, Sale, Cheshire, M33 2GS or You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we can refuse to comply with your request in these circumstances. Should you wish to exercise your rights against other Verastar Group companies, you will need to make a separate request for, and direct it to, each Verastar Group company.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will let you know and keep you updated.

9. Third party links

Our Site may contain links to the websites of third parties. If you follow a link to any third party website, please note that these websites will have their own privacy policies and that we do not accept any responsibility or liability in respect of the same.

10. Contact us

If you have any queries about this Privacy Policy you can contact us by emailing or by writing to us at: Data Protection Officer, Verastar Limited, No. 1 Dovecote, Old Hall Road, Sale, Cheshire, M33 3GS.

You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Please help us to keep your records up to date by notifying us of any changes to your personal details.

Policy Dated: 25th May 2018