Privacy and Cookie Policy

Data Protection Notice

The protection of your personal data is important to the BNP Paribas Group, which has adopted strong common principles in relation to data protection for the entire Group and which are reflected in its Group Privacy Policy.

This Data Protection Notice provides you with detailed information relating to the protection of your personal data by:

Proficiency Solutions (is a trading style of Cardif Pinnacle Insurance Management Services plc) Registered Address:

Pinnacle House
A1 Barnet Way

The above company is part of BNP Paribas Cardif and the BNP Paribas Group (both "Group companies").

We are responsible for the collecting and processing of your personal data in relation to our activities. The purpose of this Data Protection Notice is to tell you which personal data we collect and process about you and why, who we share your data with and why, how long we keep it and how you can exercise your rights.

Further information may be provided to you when applicable.


We may collect any of the following types of personal data about you including but not limited to any of the following types:

  • Identification information (e.g. name, date of birth);
  • Contact information (e.g. email address and telephone numbers);
  • Employment information (e.g., employment role, location, type of employment, employer's name);
  • Data from your interactions with us (e.g. our websites, personal meetings, telephone calls, emails, correspondence, chat notes on our system);
  • Data relating to your use of our training services (e.g. training modules, pass and fail rates, duration, payments, discounts, training history, service provision);
  • CCTV (e.g. where you visit our premises);
  • Connection and tracking data (e.g. cookies, connections to online customer service, replies to online surveys);
  • Data relating to your participation in competition and promotional activities (e.g. date of participation, your answers, your pictures and the type of prizes)

We do not collect or process any data relating to your racial or ethnic origin, political beliefs, religious or philosophical beliefs, trade union membership, genetic data or sexual orientation unless we have a legal obligation to do so.

The personal data that we use may be collected directly from you or obtained from the following sources for the purposes of verifying or enriching our data:

  • Your account owner or administrator;
  • Our service providers;
  • Websites and social media containing publicly available information;
  • Data bases made public by third parties


We may also collect and process information about you where you have no direct relationship with us. This may happen where your personal information is provided by, for example:

  • Financial or judicial authorities, arbitrators and mediators, state agencies or public bodies, upon request and to the extent permitted by law (e.g. Financial Ombudsman Service, Financial Services Compensation Scheme, HM Revenue & Customs);
  • An employer;
  • Our commercial partners


a. To comply with our legal and regulatory obligations

Your personal data may be used to comply with various legal and regulatory obligations, including:

  • Responding to an official request from a duly authorised public, regulatory or judicial authority

b. To perform a contract with you or your employer or to take steps at your or your employer's request before entering into a contract

We use your personal data to enter into and perform our contracts, including:

  • Handling your complaints;
  • Providing you with information about our services;
  • Respond to your enquiries including a request to update your personal data when your circumstances change;
  • Evaluating if we can offer you products or services and if so on which terms.

c. To fulfil our legitimate interests

We use your personal data in order to offer and develop our products and services and to defend our legal rights for the following reasons:

  • To prevent fraud;
  • To defend or pursue legal claims;
  • For IT management, including infrastructure management, business continuity and IT operations and security;
  • To establish individual statistical models allowing us to generate and offer you competitive relevant products and services;
  • To analyse test results and update our training modules;
  • To establish aggregated statistics, for research and development, in order to monitor risk and the performance of our businesses, improve existing products and services or create new ones;
  • Where we record calls for the purposes of staff training and monitoring, administering your user record, handling complaints, detecting fraud, and to improve the quality of our services;
  • To personalise our and other BNP Paribas Group companies' product offerings to you by:
    • Improving the quality of our products or services (e.g. customer satisfaction surveys);
    • Advertising our products or services that might be of interest to you according to your situation and profile which we can assess by segmenting our potential customers; and
    • Organising prize competitions and promotional campaigns.

d. Respecting your choices where we have requested your consent

In certain cases, we require your consent to process your data, for example:

  • To send you communications for direct marketing purposes unless you tell us you want to opt out of receiving any further communications by contacting us using the details set out in Section 9 below or by unsubscribing. If you do not exercise this right, you may continue to receive communications from us whether you hold a user record with us or not


For the purposes above, we only share your personal data with the following individuals or entities:

  • Your employer, account owner or administrator; trade bodies (e.g. Finance and Leasing Association);
  • Service providers who perform services on our behalf;
  • Financial or judicial authorities, arbitrators and mediators, state agencies or public bodies, upon request and to the extent permitted by law (e.g. Financial Ombudsman Service, Financial Services Compensation Scheme, HM Revenue & Customs);
  • Certain regulated professionals such as, lawyers, notaries, trustees and auditors;
  • Debt collecting and credit reference agencies;
  • Fraud prevention agencies.


Where we transfer your data to a country outside the European Economic Area (EEA), where the European Commission has recognised that non-EEA country as providing an adequate level of data protection, your personal data will be transferred on this basis without your specific authorisation.

For transfers to non-EEA countries whose level of protection has not been recognised as adequate by the European Commission, we will either rely on an exemption from a rule or law that is applicable to the specific situation (e.g. if the transfer is necessary to perform our contract with you) or use one of the following safeguards to ensure the protection of your personal data:

  • Standard contractual clauses approved by the European Commission; or
  • Binding corporate rules (for inter-group transfers), where applicable.

To obtain a copy of these safeguards or details on where they are available, you can send us a written request as set out in Section 9.


Your personal data is retained by us in digital format for as long as we need to comply with our legal and regulatory obligations and for the defence of complaints and claims against us for as long as your user record remains active. This includes being able to provide evidence in the case of any legal or regulatory investigations, disputes or claims regarding the provision of our products or services to you.

In the case of personal information contained in paper format, the document will be recorded in digital format and retained on our systems. We will permanently delete test data greater than 7 years old on inactive user records and permanently delete inactive user records that have no test history remaining.


In accordance with applicable regulations and your account owners instructions, you have the following rights:

  • To access: you can obtain information relating to the processing of your personal data and a copy of the personal data held;
  • To rectify: where you consider that your personal data are inaccurate or incomplete, you can require that such personal data is updated;
  • To erase: you can require the deletion of your personal data, to the extent permitted by law;
  • To restrict: you can request the restriction of the processing of your personal data;
  • To object: you can object to the processing of your personal data, on grounds relating to your particular situation. You have the absolute right to object to the processing of your personal data for direct marketing purposes, which includes profiling related to such direct marketing;
  • To withdraw your consent: where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time;
  • To data portability: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically possible, transferred to a third party.

If you wish to exercise the rights listed above, please contact us using the details in Section 9 below.

In accordance with data protection legislation, in addition to your rights above, you are also entitled to make a complaint to:

The Information Commissioner's Office
Head Office:

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113

2nd Floor, Churchill House, Churchill Way, Cardiff CF10 2HH
Tel: 029 2067 8400

45 Melville Street, Edinburgh EH3 7HL
Tel: 0303 123 1115

Northern Ireland:
3rd Floor, 14 Cromac Place, Belfast BT7 2JB
Tel: 028 9027 8757 or 0303 123 1114


In the context of constant technological evolution we may have to update this Data Protection Notice. Please check the latest version of this Data Protection Notice on our website. We will inform you of any changes through our website or through our other usual communication channels with you.


To exercise your rights or if you have any questions regarding our use of your personal data please contact us at:

Data Protection Correspondent
Pinnacle House, A1 Barnet Way, Borehamwood, Hertfordshire WD6 2XX

So that we can answer your requests as quickly as possible, please indicate the right(s) you wish to exercise. An acknowledgement of receipt will be provided.

We are required to answer all requests within one month but we are allowed to extend this period by one further month depending on the complexity of the request. We will contact you in writing if we are unable to reply to your request within one month.

If you have a separate enquiry related to the BNP Paribas Group then you may contact the Group's Data Protection Officer at:
Jerome Caillaud - Data Protection Officer, BNP Paribas CARDIF, 8, rue du Port, 92728 Nanterre, France


Cookies are small text files stored on your computer when you visit some web sites. To use our website properly, you need to have cookies enabled. Cookies allow certain information from your web browser to be collected by us, which we use to track visitor use. They do not identify who is using the computer, just the computer being used. Cookies and other similar technology make it easier for you to use our website on future visits.

Browsers can be used to restrict, block or delete cookies. Each browser is different, so check the 'Help' menu of your particular browser (or your mobile telephone's handset manual) to learn how to change your cookie preferences. Please be aware that if you block all cookies, this website (and many others you visit) will cease to work for you.

These are the main types of cookies we use, and what we use them for:

  • Social Media Cookies
    For websites used by individual customers, there may be the opportunity to 'share' content with friends through social networks - such as Facebook and Twitter. You may be sent cookies from these websites. We don't control the setting of these cookies, so we suggest you check the third party websites for more information about their cookies and how to manage them.
  • Session cookies
    (sometimes called phpsessid): this type of cookie allows our web servers to respond to your actions on the website, such as moving through online forms or browsing the website. The website wouldn't work for you without it.
  • Analytics cookies
    (sometimes called utma, utmz): these cookies enable the function of Google Analytics or other analytics software. This software helps us take and analyse collective visitor information such as browser usage, new visitor numbers and response to marketing activity. That information is not held at individual customer level and helps us to improve the website and your experience, and to ensure our marketing campaigns are relevant.
  • Third party referral cookies
    (sometimes called drt): these cookies are set by third party companies which refer you to our website or advertise our products. We don't control the setting of these cookies.
  • Preferences cookies:
    these cookies help us recognise you when you return to our website. For example, your language preferences.

Cookies and other connection and tracking data stored on your device are kept for a period of 13 months from their collection date.

Proficiency Solutions is a trading style of Cardif Pinnacle Insurance Management Services plc. Registered in England and Wales Number 2729650. Registered office: Pinnacle House, A1 Barnet Way, Borehamwood, Hertfordshire WD6 2XX. A BNP Paribas company. ©2021 Cardif Pinnacle Insurance Management Services plc.