Privacy Policy
Property Consortium (Holdings) Ltd T/a Claims Consortium Group (“CCG”) is committed to respecting privacy rights and to protecting personal information at all times. As such, we will ensure that all our activities involving personal information meet the letter and spirit of our Privacy Policy.
We are committed to abiding by all data protection laws in the UK in which we operate, and we will be open and transparent in how we use your personal information. Many people will be aware of the UK General Data Protection Regulation (UK GDPR) and the 2018 UK Data Protection Act. Claims Consortium Group acknowledge its requirement to comply with these laws.
This policy contains links to more information on many of the topics listed and further external links if you wish to read more about personal data management.
We are registered with the UK Information Commissioner’s Office as a data controller and our registration number is ZA006896. We also act as a Processor on the behalf of our clients when carrying out our services as a claims handling company.
Our head office address is Nightingale House, East Reach, Taunton, Somerset, TA1 3EN.
If you need to contact someone to talk about personal data privacy you can contact our Privacy team at dataprotection@claimsconsortiumgroup.co.uk
What type personal data do we collect?
You may give us Personal Data and Special Categories of Personal Data:
- By corresponding with us in writing, by phone, email or otherwise. We ask you to disclose only as much Personal Data and/or Special Categories of Personal Data as is necessary to provide you with our Products and services or to submit a question/suggestion/comment in relation to our websites, our Products or our customer service;
- By corresponding with us in relation to one or more of your policies (e.g. with respect to a claim);
- By corresponding with us if you are a third-party claimant or beneficiary/claimant under a policy;
- By setting up profiles or logging onto your profile on online portals i.e. Track My Claim and Synergy;
- By posting on our social media platforms and any other services to which you can post information. Please note that if you share Personal Data or Special Categories of Personal Data through these services, this information may become public information;
- When you supply us with goods or services;
- By applying to work with us. The type of information you may provide includes your curriculum vitae (CV), a cover letter, your name, address, email address and telephone number. CVs should include information relevant to your employment history and education (e.g. degrees obtained, places worked, positions held, relevant awards). We ask that you do not disclose Special Categories of Personal Data (e.g. medical information, religion, philosophical or political beliefs) or financial data in your application;
- Employment and qualification details such as occupation, employer details, employee number, job position, membership status of any relevant bodies, employment and education history.
- By visiting our offices your image may be captured on the closed-circuit television (CCTV) cameras located in our car park and public reception. Our CCTV policy regulates how we use Personal Data captured via CCTV.
- We will only process your personal data where we have legal basis for doing so. Below are the examples of the classes of Personal Data and/or Special Categories of Personal Data we may obtain from and/or about you or any other person who may benefit from claim coverage taken out or sought by you:
- Contact and identifying information such as title, name, address (including postcode), email address, telephone number, policy number, date and place of birth.
- Financial information such as bank account details, credit/debit card details
- Other Personal Data such as telephone recording, CCTV recording when you visit onsite, audio visual images and recordings, photographic images.
- Claims data such as details of the circumstances of any incident giving rise to a claim under the policy, details of activities carried out by you and service provided to you following any such incident, and other lawfully obtained information relevant to your claim
- Geographical information such as where you will be at certain time for the purpose of arranging site visits to Insured properties
- Any health-related information that you may be provided to us for the purpose of ensuring the correct level of customer service is provided to accommodate any ‘special circumstances’.
- When a User or Visitor uses our online service, we may automatically record certain information from the User’s device by using various type of technology, including cookies. This automatically collected information may include IP address or other device address or ID, web browser and/or device type, web pages or sites visited, and the dates and times of the visit, access, or use of the Service. For further details, please refer to our cookie policy.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
What personal data do we collect about you, from other parties?
Where appropriate, as a Controller, we may obtain the following Personal Data and/or Special Categories of Personal Data about you from third-party sources:
- Your pension contribution details
- Your tax contribution details from HMRC
- Your driving license penalty points from DVLA
- Your right to live and work information from Home Office, UKVI
- Your CV and related contact details from partner recruitment agencies
Why do we collect this personal data?
We collect Personal Data and, where necessary and in accordance with legal requirements, Special Categories of Personal Data, in order to provide you with our services, to transact business, to develop or enhance our online service, to recruit staff and to bring professional services firms on board.
– As a Controller, we will use your personal information in order to:
- Review your performance at work.
- Paying the wages into your bank account
- In case of emergency, notify next of kins and/or GP.
- Maintain accurate record of your career development.
- Assess suitability for job role and right to work in the UK.
- Complete driver’s license check to allow use of company vehicles.
- Maintain accurate record of company property in use across the organisation.
– As a Processor, we will use your personal data in order:
- To communicate with you as part of our business relationship with you so that we can fulfil our contract with our client.
- To administer your claim so that we can fulfil our contract with our client.
- As part of our efforts to keep our Websites safe and secure which is necessary for compliance with our legal obligations and to help us fulfil our contracts.
- To process your excess payment and other payments;
- For claims management including investigating, processing, undertaking dispute resolution and settling claims which is necessary for compliance with our legal obligations and to help us fulfil our contract with our client.
- To prevent, detect and investigate crimes, including fraud and money laundering.
- To comply with regulatory requirements.
– The legal bases for the processing of your Personal Data and Special Categories of Personal Data are:
- Processing necessary for the performance of a contract which you have entered into with our client.
- Processing necessary for the performance of a contract which you have entered into with us or to take steps at your request prior to entering into a contract (as an employee, consultant).
- Processing necessary for the purposes of the legitimate interests where such interests are not overridden by your interests or fundamental rights or freedoms which require the protection of your information.
- Processing data concerning health where necessary in relation to the services we provide to you on behalf of our client.
- Processing necessary for compliance with a legal obligation to which we are subject.
Who might we share your personal data with?
We may share your Personal Data, if necessary and in accordance with legal requirements, with other companies in the Group such as, subsidiaries and other third parties relating to your claim such as:
- Your insurers, advisor, tradesmen, surveyors, professional services firms, sub-contractors, loss assessors, loss adjusters and partners.
We may also disclose your personal data to regulatory authorities, law enforcement agencies or regulatory authorities in response to a legal process in accordance with the law.
How long do we keep hold of your personal data?
The time periods for which we retain your Personal Data depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted.
All Personal Data and Special Categories of Personal Data will be retained for the duration of the periods set out in our data retention policy. These periods of time are subject to legal and regulatory requirements or to enable us to manage our business. When determining the relevant retention periods, we consider factors including:
- Legal obligation(s) under applicable law to retain law for a certain period of time.
- Statute of limitation under applicable law.
- Potential or actual disputes.
- Guidelines issued by UK data protection authority.
In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Do we transfer your information outside the European Union or European Economic Area?
We do not transfer your personal data outside EEA.
What are your Data Subject rights?
The UK GDPR provides the following rights for individuals:
- The right to be informed.
➢ Individuals have the right to be informed about the collection and use of their personal data. - The right of access (commonly known as a Subject Access Request or SAR).
➢ Individuals have the right to access and receive a copy of their personal data, and other supplementary information. - The right to rectification.
➢ The UK GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete. - The right to erasure.
➢ The UK GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete. Also known as ‘the right to be forgotten’. - The right to restrict processing.
➢ Individuals have the right to request the restriction or suppression of their personal data. This is not an absolute right and only applies in certain circumstances. When processing is restricted, you are permitted to store the personal data, but not use it. - The right to data portability.
➢ The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services provided it does not result in a disclosure of information relating to other people. - The right to object.
➢ The UK GDPR gives individuals the right to object to the processing of their personal data in certain circumstances.
Individuals have an absolute right to stop their data being used for direct marketing.
In other cases where the right to object applies you may be able to continue processing if you can show that you have a compelling reason for doing so. - Rights in relation to automated decision making and profiling.
➢ You can only carry out this type of decision-making where the decision is: - i. necessary for the entry into or performance of a contract; or
ii. authorised by domestic law applicable to the controller; or
iii. based on the individual’s explicit consent.
➢ We must give individuals information about the processing.
➢ Introduce simple ways for them to request human intervention or challenge a decision.
CCG does NOT carry out automated decision making.
You may exercise any of above rights by writing to us at our registered office at: Privacy Office, Nightingale House, East Reach, Taunton, Somerset, TA1 3EN or by emailing us at dataprotection@claimsconsortiumgroup.co.uk
Where we act as a ‘Processor’ on behalf of our client, we assist our clients to meet their regulatory obligations in relation to data subject rights. Please contact your insurance company in order to exercise any of your rights. CCG can assist with any Data Subject request, but we will have to obtain permission to proceed from the specific Client (Data Controller).
Timeframe for Data Subject requests
We are obligated to respond to a Data Subject request within one (1) month of receipt.
Responses to SARs shall normally be made within one month of receipt, however this may be extended by up to two months if the SAR is complex and/or numerous requests are made. If such additional time is required, the data subject shall be informed.
The Company does not charge a fee for the handling of normal SARs. The Company reserves the right to charge reasonable fees for additional copies of information that has already been supplied to a data subject, and for requests that are manifestly unfounded or excessive, particularly where such requests are repetitive.
If you are not satisfied with our response to your right, you may lodge a complaint with respect of your information. In UK, the local Supervisory Authority is Information Commissioner’s Office with an address at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Data Security
We have put in place organisational and technical measures to protect the security of your Personal Data and Special Categories of Personal Data.
Details of these measures are available upon request.
Third parties will only process your Personal Data and Special Categories of Personal Data on our or our client’s instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your Personal Data and Special Categories of Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Data and Special Categories of Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data and Special Categories of Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you, our clients, where appropriate and, any applicable regulator of a suspected breach where we are legally required to do so.
Changes to this Privacy Policy
We may change this privacy policy from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
Any change will be made available next to the opening title date.
How can you contact us?
To contact us about anything to do with your personal data and data protection, including to make a data subject access request, please the following details:
By post addressed to: Privacy Office, Nightingale House, East Reach, Taunton, Somerset, TA1 3EN
By email: dataprotection@claimsconsortiumgroup.co.uk
Complaints?
If you have any concerns or complaints in relation to the processing of your data, we ask that you contact us first to give us the chance to understand the issue and see how we can address it.
In any event, you have the right to lodge a complaint with our supervisory authority, the Information Commissioners Office. To report a concern to the ICO:
- Telephone helpline 0303 123 1113
- Textphone service 01625 545 860
- ico.org.uk/concerns/