Privacy and Cookie Policy

Data Protection Notice

The protection of your personal data is important to the BNP Paribas Group, which has adopted strong common principles in relation to data protection for the entire Group and which are reflected in its Group Privacy Policy available at

This Data Protection Notice provides you with detailed information relating to the protection of your personal data by:

Proficiency Solutions is a trading style of Cardif Pinnacle Insurance Management Services plc. Registered Address:

Pinnacle House
A1 Barnet Way

The above company is part of BNP Paribas Cardif and the BNP Paribas Group (both "Group companies").

We are responsible for the collecting and processing of your personal data in relation to our activities. The purpose of this Data Protection Notice is to tell you which personal data we collect and process about you and why, who we share your data with and why, how long we keep it, what your rights are and how you can exercise them.

Further information may be provided to you when applicable.


We may collect any of the following types of personal data about you including but not limited to any of the following types:

  • Identification information (e.g. name, date of birth);
  • Contact information (e.g. email address and telephone numbers);
  • employment information (e.g., employment role, location, type of employment, employer's name);
  • data from your interactions with us (e.g. our websites, personal meetings, telephone calls, emails, correspondence, chat notes on our system);
  • data relating to your use of our training services (e.g. training modules, pass and fail rates, duration, payments, discounts, training history, service provision);
  • CCTV (e.g. where you visit our premises);
  • connection and tracking data (e.g. cookies, connections to online customer service, replies to online surveys);
  • data relating to your participation in competition and promotional activities (e.g. date of participation, your answers, your pictures and the type of prizes)
  • information about your device (IP address, technical specifications and unique identifying data);
  • log-in credentials used to connect to BNP Paribas' websites, apps and portals;

We do not collect or process any data relating to your racial or ethnic origin, political beliefs, religious or philosophical beliefs, trade union membership, genetic data or sexual orientation unless we have a legal obligation to do so.

The personal data that we use may be collected directly from you or obtained from the following sources for the purposes of verifying or enriching our data:

  • Your account owner or administrator;
  • Our service providers;
  • Websites and social media containing publicly available information;
  • Data bases made public by third parties


We may also collect and process information about you where you have no direct relationship with us. This may happen where your personal information is provided by, for example:

  • Financial or judicial authorities, arbitrators and mediators, state agencies or public bodies, upon request and to the extent permitted by law (e.g. Financial Ombudsman Service, Financial Services Compensation Scheme, HM Revenue & Customs);
  • An employer;
  • Our commercial partners
  • Service providers; and
  • Other BNP Paribas Group entities.


a. To comply with our legal and regulatory obligations

Your personal data may be used to comply with various legal and regulatory obligations, including:

  • responding to an official request from a duly authorised public, regulatory or judicial authority; and
  • recording transactions for accounting purposes

b. To perform a contract with you or your employer or to take steps at your or your employer's request before entering into a contract

We use your personal data to enter into and perform our contracts, as well as to manage our relationship with you, which includes:

  • handling your complaints;
  • providing you with information and answering your requests for information about your training module; responding to requests to update your personal data when your circumstances change and making consequential changes to your training module;
  • respond to your enquiries including a request to update your personal data when your circumstances change;
  • evaluating if we can offer you products or services and if so on which terms.

The above processes may include the making of automated decisions at certain stages including, but not limited to, generating invoices and more.

c. To fulfil our legitimate interests

We use your personal data in order to offer and develop our products and services and to defend our legal rights for the following reasons:

  • to prevent fraud;
  • to defend or pursue legal claims;
  • for IT management, including infrastructure management, business continuity and IT operations and security;
  • to establish individual statistical models allowing us to generate and offer you competitive relevant products and services;
  • to analyse test results and update our training modules;
  • to establish aggregated statistics, for research and development, in order to monitor risk and the performance of our businesses, improve existing products and services or create new ones;
  • where we record calls for the purposes of staff training and monitoring, administering your user record, handling complaints, detecting fraud, and to improve the quality of our services;
  • to create and develop individual statistical models and analysis for research and development purposes, allowing us to improve our risk management, create new and alternative products and services, offer more competitive pricing or offer more personalised products and services;
  • to personalise our and other BNP Paribas Group companies' product offerings to you by:
    • improving the quality of our products or services (e.g. customer satisfaction surveys);
    • advertising our products or services that might be of interest to you according to your situation and profile which we can assess by segmenting our potential customers; and
    • organising prize competitions and promotional campaigns.
    • Research ∓ Development ("R∓D") which includes establishing statistics and models to:
      • optimise and automate our operational processes (e.g. creating a "Frequently Asked Questions" ("FAQ") or by using a digital online chat assistant ("chat bot"));
      • prevent potential security failures, improve customer authentication and access rights management;
      • improve security management;
      • offer products and services that will best meet your demands and needs;
      • adapt products and services distribution, content and pricing in accordance with your profile;
      • create new offers;
    • IT Security and IT systems performance, including:
      • Management of IT, including infrastructure management (e.g. shared platforms and portal access), business continuity and security (e.g. user authentication)

In each case, our legitimate interests remain proportionate and, where we are required to do so, we verify these according to a balancing test so that your interests and fundamental rights are preserved. Should you wish to obtain more information about the balancing test, please contact us using the contact details provided in Section 9 below "How to contact us".

d. Respecting your choices where we have requested your consent

In certain cases, we require your consent to process your data, for example:

  • to send you communications for direct marketing purposes unless you tell us you want to opt out of receiving any further communications by contacting us using the details set out in Section 9 below or by unsubscribing. If you do not exercise this right, you may continue to receive communications from us.


For the purposes above, we only share your personal data with the following individuals or entities:

  • Your employer, account owner or administrator; trade bodies (e.g. Finance and Leasing Association);
  • Service providers who perform services on our behalf;
  • Financial or judicial authorities, arbitrators and mediators, state agencies or public bodies, upon request and to the extent permitted by law (e.g. Financial Ombudsman Service, Financial Services Compensation Scheme, HM Revenue & Customs);
  • Certain regulated professionals such as, lawyers, notaries, trustees and auditors;
  • Debt collecting and credit reference agencies;
  • Fraud prevention agencies.


In cases of international data transfers originating from the UK or the European Economic Area (EEA) to a non-EEA country, the transfer of your personal data may take place. Where the European Commission has recognised that non-EEA country as providing an adequate level of data protection, your personal data may be transferred on this basis without your specific authorisation.

In cases of international data transfers originating from the UK or the EEA to non-EEA countries where the level of protection has not been recognised as adequate by the European Commission, we will either rely on an exemption from a rule or law that is applicable to the specific situation (e.g. if the transfer is necessary to perform our contract with you) or use one of the following safeguards to ensure the protection of your personal data:

  • Standard contractual clauses approved by the European Commission; or
  • Binding corporate rules (for inter-group transfers), where applicable.

To obtain a copy of these safeguards or details on where they are available, you can send us a written request as set out in Section 9.


Your personal data is retained by us in digital format for as long as we need to comply with our legal and regulatory obligations and for the defence of complaints and claims against us for as long as your user record remains active. This includes being able to provide evidence in the case of any legal or regulatory investigations, disputes or claims regarding the provision of our products or services to you.

We retain your personal data for a period of 7 years from the date of the data collection or the date of our last contact with you so that we can comply with applicable laws and regulations and our operational requirements, such as appropriate account maintenance, facilitating client relationship management, being able to respond to legal claims or regulatory complaints or requests

If you are a client:
We retain your data in digital and, only if required, paper format, in the majority of cases for the duration of the contractual relationship and thereafter, for the statutory limitation period for claims and complaints pursuant to the contract, unless law or regulation imposes a shorter or longer retention period. Where we retain a digital format of your data for the required retention period, we will destroy any corresponding documents that we collect in paper format, in the majority of cases, within 1 year after the date of collection.

Information relating to the validation of your identity and provided by you (or your nominated representative) in relation to the exercise of your data subject rights, as set out in Section 7, is retained indefinitely following the date of exercise of that right by you and depending on the type of right exercised by you.

If you are a prospective client:
We retain your data in digital format for 2 years following the date of the data collection or the date of our last contact with you. As we need to comply with our legal and regulatory, your data is retained for this period so that we can answer your claims or to present evidence in the event of a dispute.


In accordance with applicable regulations and your account owner's instructions, you have the following rights:

  • To access: you can obtain information relating to the processing of your personal data and a copy of the personal data held;
  • To rectify: where you consider that your personal data are inaccurate or incomplete, you can require that such personal data is updated;
  • To erase: you can require the deletion of your personal data, to the extent permitted by law;
  • To restrict: you can request the restriction of the processing of your personal data;
  • To object: you can object to the processing of your personal data, on grounds relating to your particular situation. You have the absolute right to object to the processing of your personal data for direct marketing purposes, which includes profiling related to such direct marketing;
  • To withdraw your consent: where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time;
  • To data portability: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically possible, transferred to a third party.

If you wish to exercise the rights listed above, please contact us using the details in Section 9 below.

In accordance with data protection legislation, in addition to your rights above, you are also entitled to make a complaint to:

The Information Commissioner's Office
Head Office:

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113

2nd Floor, Churchill House, Churchill Way, Cardiff CF10 2HH
Tel: 029 2067 8400

45 Melville Street, Edinburgh EH3 7HL
Tel: 0303 123 1115

Northern Ireland:
3rd Floor, 14 Cromac Place, Belfast BT7 2JB
Tel: 028 9027 8757 or 0303 123 1114


In the context of constant technological evolution we may have to update this Data Protection Notice. Please check the latest version of this Data Protection Notice on our website. We will inform you of any changes through our website or through our other usual communication channels with you.


To exercise your rights or if you have any questions regarding our use of your personal data please contact us at:

Data Protection Correspondent
Pinnacle House, A1 Barnet Way, Borehamwood, Hertfordshire WD6 2XX

So that we can answer your requests as quickly as possible, please indicate the right(s) you wish to exercise. An acknowledgement of receipt will be provided.

We are required to answer all requests within one month but we are allowed to extend this period by one further month depending on the complexity of the request. We will contact you in writing if we are unable to reply to your request within one month.

If you have a separate enquiry related to the BNP Paribas Group then you may contact the Group's Data Protection Officer at:
Jerome Caillaud - Data Protection Officer, BNP Paribas CARDIF, 8, rue du Port, 92728 Nanterre, France


The BNP Paribas Group is committed to delivering the best possible service to you while maintaining the confidence that you place in us. As part of this, we have adopted strong principles across the Group to ensure the protection of your personal data.

We set out below information about how we place, use and store cookies on your device when you use our website (the "Website2) and you select the option to manage and delete cookies.

1. What is a cookie?

Cookies are small text, image or software files that are placed on your device when you access our Website. The word "device", when used in this Cookies Policy, refers notably to computers, smartphones, tablets and all other devices used for accessing the internet

Cookies may be either: (i) session specific, meaning that they are deleted from your device once the session and browser are closed; or (ii) persistent meaning that they will remain on your device until they are removed.

Cookies perform a number of useful functions, such as to:

  • Authenticate and identify you on our Website in order to provide you with services that you have requested;
  • Enhance the security of the Website, including to prevent fraudulent use of login credentials and protect user data from access by unauthorised parties;
  • Monitor your use of our Website in order to improve them;
  • Remember information that you provided to us (e.g. to automatically populate forms with information that you have previously provided to us so that you can log on more quickly);
  • Keep track of your preferences and settings in your use of our Website (e.g. time zone).

2. What kind of information can be stored in a cookie?

The information stored by the cookies on your device may relate to the following, subject to its retention period:

  • the webpages you have visited on that device;
  • the type of browser you use;
  • your IP address;
  • and any other information that you have provided on our Website.

Cookies may contain personal data. Our Data Protection Notice above covers where we use cookies that collect your personal data.

3. What kinds of cookies do we use and for what purpose?

Cookies used on our Websites are classified into different categories:

3.1 Strictly necessary cookies (mandatory)

These cookies are necessary for the Website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

4. Who places the cookies on your device (the companies of BNP Paribas Group or a partner)?

When you select which types of cookies you allow on your device, the cookies may be deposited directly by us or by one of our partners.

This means that when you authorise the installation of certain so-called "third-party" cookies on your device, our partners will also be able to access the information they contain (such as, for example, your browsing statistics when you allow third-party analysis cookies) within the limits of our Data Protection Notice and those of our partners.

Please see our cookie list below:

5. How can you manage cookies?

To see the different categories of cookies that we use on the Site and/or Application and configure your choices, you can consult the cookie management module accessible here. You can modify at any time your preferences, withdraw or re-provide your consent at any time.

Please note that the use of strictly necessary cookies for the proper functioning of the Site does not require your consent. This is why the option "strictly necessary cookies" is pre-checked in our cookie management tool and is not optional.

By refusing certain types of cookies (preference cookies for example), we will not be able to optimize your user experience on our Website and some parts may not function properly.

By default, we save your cookie choices on a device for a maximum of 12 months. If you change your mind about the preferences you have expressed regarding cookies, you can update your choices at any time, by clicking the link below. We will ask you to repeat your choice every 12 months.

Proficiency Solutions is a trading style of Cardif Pinnacle Insurance Management Services plc. Registered in England and Wales Number 2729650. Registered office: Pinnacle House, A1 Barnet Way, Borehamwood, Hertfordshire WD6 2XX. A BNP Paribas company. ©2024 Cardif Pinnacle Insurance Management Services plc.