Privacy Policy

1. Who we are

Acies MGU is a trading name of Acies Management Holdings Limited (company no. 11136744), a Managing General Underwriter and Lloyd’s Coverholder, authorised and regulated by the Financial Conduct Authority (FRN 830581). Our registered address is 71 Fenchurch Street, London EC3M 4BS.

We are the data controller for the personal data described in this policy. When we refer to “we”, “us” or “our”, we mean Acies Management Holdings Limited trading as Acies MGU.

2. Information we collect

We may collect and process the following personal data:

• Identity and contact data: name, email address, telephone number, and business address provided when you contact us, submit an enquiry, or engage with our underwriting services.
• Professional data: broker or MGA firm name, FCA reference number, role, and professional qualifications, where relevant to a business relationship.
• Insurance risk data: information about the risk to be insured, including property details, claims history, policy requirements, and underwriting submissions received through our MGA partners.
• Technical data: IP address, browser type, device information, and pages visited, collected automatically when you use our website.
• Cookie data: see our Cookie Policy for details.

3. How we use your information

We process your personal data on the following lawful bases under UK GDPR:

• Contract: to provide underwriting services, process binding authority agreements, administer policies, and manage our MGA partnerships.
• Legal obligation: to comply with FCA regulatory requirements, Lloyd’s reporting obligations, anti-money laundering legislation, and sanctions screening.
• Legitimate interests: to operate and improve our website, respond to enquiries, prevent fraud, evaluate potential MGA partnerships, and manage our business relationships.
• Consent: where you have opted in to receive marketing communications or accepted non-essential cookies.

4. Who we share your data with

We may share your personal data with the following categories of recipients:

• Capacity providers, Lloyd’s syndicates, and reinsurers: to place and administer insurance cover under our binding authorities.
• Lloyd’s of London: for market reporting, coverholder compliance, and regulatory purposes.
• Acies Management Holdings group companies: including our MGA subsidiaries, for group administration and regulatory purposes.
• Regulatory bodies: the Financial Conduct Authority, the Information Commissioner’s Office, and other regulators where required.
• Service providers: hosting (Vercel), analytics (Google Analytics, Microsoft Clarity), content management (Sanity CMS), and other technology services, under appropriate data processing agreements.
• Professional advisers: lawyers, auditors, and accountants where necessary.

We do not sell your personal data to third parties.

5. International transfers

Some of our service providers are based outside the United Kingdom. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including UK adequacy decisions, standard contractual clauses, or equivalent protections as required by UK GDPR.

6. Data retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected. For insurance-related data, we typically retain records for a minimum of six years after the end of a policy or business relationship, in line with FCA requirements, Lloyd’s market standards, and limitation periods for insurance claims. Website analytics data is retained in anonymised or aggregated form.

7. Your rights

Under UK GDPR you have the right to:

• Access your personal data and obtain a copy.
• Rectify inaccurate or incomplete data.
• Erase your data in certain circumstances.
• Restrict processing in certain circumstances.
• Object to processing based on legitimate interests or for direct marketing.
• Data portability: receive your data in a structured, machine-readable format.
• Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact privacy@aciesmgu.com. We will respond within one month.

8. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. These include encrypted data transmission (TLS), access controls, and regular security reviews. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

9. Changes to this policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated “Last updated” date. We encourage you to review this policy periodically.

10. Contact and complaints

For questions about this policy or how we handle your data, contact privacy@aciesmgu.com.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.