We are committed to abiding by all data protection laws in the UK in which we operate and we will be open and transparent in how we use your personal information.
Many people will be aware of the General Data Protection Regulation (GDPR) and the new 2018 UK Data Protection Act. Claims Consortium Group acknowledge its requirement to comply with these laws.
This policy contains links to more information on many of the topics listed and further external links if you wish to read more about personal data management.
We are registered with the UK Information Commissioner’s Office as a data controller and our registration number is ZA006896. We also act as a Processor on the behalf of our clients when carrying out our services as a claims handling company.
Our head office address is Blackdown House, Culmhead Business Centre, Culmhead, Taunton, Somerset, TA3 7DY.
If you need to contact someone to talk about personal data privacy you can contact our Privacy team at firstname.lastname@example.org
What type personal data do we collect?
You may give us Personal Data and Special Categories of Personal Data:
- By corresponding with us in writing, by phone, email or otherwise. We ask you to disclose only as much Personal Data and/or Special Categories of Personal Data as is necessary to provide you with our Products and services or to submit a question/suggestion/comment in relation to our websites, our Products or our customer service;
- By corresponding with us in relation to one or more of your policies (e.g. with respect to a claim);
- By corresponding with us if you are a third-party claimant or beneficiary/claimant under a policy;
- By setting up profiles or logging onto your profile on online portals i.e. Track My Claim and Synergy;
- By posting on our social media platforms and any other services to which you can post information. Please note that if you share Personal Data or Special Categories of Personal Data through these services, this information may become public information;
- When you supply us with goods or services;
- By applying to work with us. The type of information you may provide includes your curriculum vitae (CV), a cover letter, your name, address, email address and telephone number. CVs should include information relevant to your employment history and education (e.g. degrees obtained, places worked, positions held, relevant awards). We ask that you do not disclose Special Categories of Personal Data (e.g. medical information, religion, philosophical or political beliefs) or financial data in your application;
- Employment and qualification details such as occupation, employer details, employee number, job position, membership status of any relevant bodies, employment and education history.
- By visiting our offices your image may be captured on the closed-circuit television (CCTV) cameras located in our car park and public reception. Our CCTV policy regulates how we use Personal Data captured via CCTV.
- We will only process your personal data where we have legal basis for doing so. Below are the examples of the classes of Personal Data and/or Special Categories of Personal Data we may obtain from and/or about you or any other person who may benefit from claim coverage taken out or sought by you:
- Contact and identifying information such as title, name, address (including postcode), email address, telephone number, policy number, date and place of birth
- Financial information such as bank account details, credit/debit card details
- Other Personal Data such as telephone recording, CCTV recording when you visit onsite, audio visual images and recordings, photographic images.
- Claims data such as details of the circumstances of any incident giving rise to a claim under the policy, details of activities carried out by you and service provided to you following any such incident, and other lawfully obtained information relevant to your claim
- Geographical information such as where you will be at certain time for the purpose of arranging site visits to Insured properties
- Any health-related information that you may be provided to us for the purpose of ensuring the correct level of customer service is provided to accommodate any ‘special circumstances’.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
What personal data do we collect about you, from other parties?
Where appropriate, as a Controller, we may obtain the following Personal Data and/or Special Categories of Personal Data about you from third-party sources:
- Your pension contribution details
- Your tax contribution details from HMRC
- Your driving license penalty points from DVLA
- Your right to live and work information from Home Office, UKVI
- Your CV and related contact details from partner recruitment agencies
Why do we collect this personal data?
We collect Personal Data and, where necessary and in accordance with legal requirements, Special Categories of Personal Data, in order to provide you with our services, to transact business, to develop or enhance our online service, to recruit staff and to bring professional services firms on board.
– As a Controller, we will use your personal information in order to:
- Review your performance at work
- Paying the wages into your bank account
- In case of emergency, notify next of kins and/or GP.
- Maintain accurate record of your career development
- Assess suitability for job role and right to work in the UK
- Complete driver’s license check to allow use of company vehicles
- Maintain accurate record of company property in use across the organisation.
– As a Processor, we will use your personal data in order:
- To communicate with you as part of our business relationship with you so that we can fulfil our contract with our client
- To administer your claim so that we can fulfil our contract with our client
- As part of our efforts to keep our Websites safe and secure which is necessary for compliance with our legal obligations and to help us fulfil our contracts;
- To process your excess payment and other payments;
- For claims management including investigating, processing, undertaking dispute resolution and settling claims which is necessary for compliance with our legal obligations and to help us fulfil our contract with our client
- To prevent, detect and investigate crimes, including fraud and money laundering;
- To comply with regulatory requirements.
– The legal bases for the processing of your Personal Data and Special Categories of Personal Data are:
- Processing necessary for the performance of a contract which you have entered into with our client;
- Processing necessary for the performance of a contract which you have entered into with us or to take steps at your request prior to entering into a contract (as an employee, consultant);
- Processing necessary for the purposes of the legitimate interests where such interests are not overridden by your interests or fundamental rights or freedoms which require the protection of your information
- Processing data concerning health where necessary in relation to the services we provide to you on behalf of our client and
- Processing necessary for compliance with a legal obligation to which we are subject
Who might we share your personal data with?
We may share your Personal Data, if necessary and in accordance with legal requirements, with other companies in the Group such as, subsidiaries and other third parties relating to your claim such as:
- Your insurers, advisor, tradesmen, surveyors, professional services firms, sub-contractors, loss assessors, loss adjusters and partners.
We may also disclose your personal data to regulatory authorities, law enforcement agencies or regulatory authorities in response to a legal process in accordance with the law.
How long do we keep hold of your personal data?
The time periods for which we retain your Personal Data depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted.
All Personal Data and Special Categories of Personal Data will be retained for the duration of the periods set out in our data retention policy. These periods of time are subject to legal and regulatory requirements or to enable us to manage our business. When determining the relevant retention periods, we take into account factors including:
- Legal obligation(s) under applicable law to retain law for a certain period of time;
- Statute of limitation under applicable law;
- Potential or actual disputes; and
- Guidelines issued by UK data protection authority.
If you would like further information, please contact us at the details provided below.
In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you
Do we transfer your information outside the European Union or European Economic Area?
We do not transfer your personal data outside EEA.
What are your rights?
Where we act as a ‘Controller’, you have the following rights:
- To access the personal data, we hold about you.
- To require us to rectify any inaccurate Personal Data relating to you without undue delay.
- To have us erase any Personal Data or Special Categories of Personal Data we hold about you in specific circumstances, e.g. where it is no longer necessary for us to hold the Personal Data or Special Categories of Personal Data for the administration of your contract or if you have withdrawn your consent to the processing.
- To object to us processing your Personal Data or Special Categories of Personal Data in specific circumstances,
- To ask us to provide your Personal Data to you in a portable format or, where technically feasible, for us to port that information to another provider provided it does not result in a disclosure of information relating to other people.
- In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. In that instance, any processing that we have carried out before you withdrew your consent remains lawful.
You may exercise any of above rights by writing to us at our registered office at: Privacy Office, Blackdown House, Culmhead Business Centre, Culmhead, Taunton, Somerset, TA3 7DY or by emailing us at email@example.com
Where we act as a ‘Processor’ on behalf of our client (the ‘Controller’), we assist our clients to meet their regulatory obligation in relation with data subject rights however in such case, please contact your insurance company in order to exercise any of your rights.
If you are not satisfied with our response to your right, you may lodge a complaint with respect of your information. In UK, the local Supervisory Authority is Information Commissioner’s Office with an address at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
We have put in place organisational and technical measures to protect the security of your Personal Data and Special Categories of Personal Data.
Details of these measures are available upon request.
Third parties will only process your Personal Data and Special Categories of Personal Data on our or our client’s instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your Personal Data and Special Categories of Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Data and Special Categories of Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data and Special Categories of Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you, our clients, where appropriate and, any applicable regulator of a suspected breach where we are legally required to do so.
Any change will be made available next to the opening title date.
How can you contact us?
To contact us about anything to do with your personal data and data protection, including to make a data subject access request, please the following details:
By post addressed to: Privacy Office, Blackdown House, Culmhead Business Centre, Culmhead, Taunton, Somerset, TA3 7DY
By email: firstname.lastname@example.org
If you have any concerns or complaints in relation to the processing of your data, we ask that you contact us first to give us the chance to understand the issue and see how we can address it.
In any event, you have the right to lodge a complaint with our supervisory authority, the Information Commissioners Office. To report a concern to the ICO: