Granite Financial Limited and all its subsidiaries (We/Us/Our) are committed to protecting and respecting your privacy.

This policy (together with our terms of use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purpose of the Data Protection Laws, the data controller is CRASH Services Limited of 134a Stockman’s Lane, Belfast, BT9 7JE.

Our nominated representative for the purpose of the Act is Michelle Murphy.

What Information we collect

If you purchase services from us, communicate with us, or do business with us, this will result in us collecting personal data about you. This personal information will include information relating to:

  • Contact details, Identification, administration of your claim, and marketing preferences.
  • We also collect information provided if you fill in a form, complete a survey, etc.
  • We do not normally collect sensitive personal data, however there are exceptions where this is necessary eg information relating to driving convictions required when providing insurance for a hire vehicle.

In the event you provide us with any sensitive personal data, we will take extra care to ensure your rights are protected.

Details of transactions you carry through our site and of the fulfilment of your orders. We do not, however, store the details of your credit/debit card.

To protect you, our business and third parties we may record calls between us.

How we use your Information

We only ever use your personal data with your consent, or to the extent necessary to:

  • enter into, or perform, a contract with you;
  • comply with a legal duty;
  • remember your preferences e.g. if you ask not to receive marketing material, we will keep a record of this, or
  • for our own (or a third party’s) lawful interests (such as marketing, internal record keeping, market research or to improve our products) provided your rights don’t override these.

We will only use your information for the purpose it was collected (or for similar/related purposes). For our clients, this includes using use personal data to the extent necessary to perform our contractual obligations (such as administering their accounts and providing them with services).

We will never sell your personal data or share it with third parties who might use it for their own purposes.

We may use Personal Information to detect, investigate and prevent fraud, and this may include sharing Personal Information with other insurers, fraud prevention agencies and databases, and law enforcement agencies.

Your Rights

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you, before collecting your data if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes.

When you enter one of our competitions or complete a registration form you will be asked if you would like to receive marketing information, this will be an opt in box.

You can unsubscribe from our marketing list at any time.

Our site may, from time to time, contain links to and from websites of our affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Access to Information

Individuals have the right to access their personal information and to limit the use and disclosure of their personal information. Please contact us if you wish to exercise these rights, by writing to the Data Protection Officer, at the address above or email

If you wish to access the personal information you should make a subject access request, this can be done verbally, by email or in writing. Once the request is received the Data Controller must verify the identity of the data subject before disclosing any personal information. We will comply with the request without delay, and within one month unless, in accordance with legislation, we decide that an extension is required.

No charge will be made for complying with a request unless the request is manifestly unfounded, excessive or repetitive, or unless a request is made for duplicate copies to be provided to parties other than the relevant individual making the request. In these circumstances, a reasonable charge will be applied.
We will take all reasonable steps to confirm your identity before releasing to you the personal information we hold about you.

IP Addresses and Cookies

We may collect information about your computer, including, where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is the statistical data about our user’s browsing actions and patterns, and does not identify any individual.

For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:

  • To estimate our audience size and usage pattern.
  • To store information about your preferences, and so to allow us to customise our site according to your individual interests.
  • To speed up your searches.
  • To recognise you when you return to our site.

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our site.

Where we Store your Personal Data

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try and prevent unauthorised access.

CRASH Services App

Data Removal Request

If you wish to have your personal data removed from our systems, please contact our Data Protection Officer (DPO) at Upon receiving your request, we will promptly process your request in accordance with applicable data protection laws.

Upon request for data removal, the following types of data associated with your mobile app account will be deleted:

  1. Personal information provided during registration (e.g., name, email address, contact information).
  2. Usage data collected during your interactions with the app.
  3. Any other personal data collected with your consent or as necessary for the provision of our services.

Retention Period

  1. Mobile App Account Data: Your mobile app account and the associated data will be deleted upon receipt of your removal request.
  2. Ongoing or Completed Cases: If you have an ongoing case with us, we may retain certain data for a period necessary to fulfil legal or regulatory obligations, resolve disputes, enforce our agreements, or as otherwise required by law. The retention period for such data will be determined on a case by case basis.

Please note that while we make every effort to remove your data promptly upon request, some residual data may remain in our systems for a limited period due to backups and system logs.

For further inquiries regarding data removal or our data retention practices, please contact our Data Protection Officer at

Disclosure of your Information

We may disclose your personal information to any member of Our group.

We may disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If CRASH Services Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or terms and conditions of supply and other agreements; or to protect the rights, property or safety of CRASH Services Limited, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Changes to our Privacy Policy

Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.


Questions, comments and requests regarding this privacy policy are welcomed and should be communicated by any of the methods highlighted on our Contact Us page.