We are a “data controller” for the purposes of the Data Protection Act 1998, (i.e. we are responsible for, and control the processing of, your personal information).
- the personal information we collect about you
- what we do with your information, and
- who your information might be shared with.
We recognise how important it is to protect and manage the information you share with us. We use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we only authorise access to those employees who require it to fulfil their job responsibilities. When you share data with us through the website, that information is protected by secure socket layer (SSL) encryption. Our security systems meet or exceed industry standards and we are constantly monitoring internet developments to ensure our systems evolve as required.
Collecting your information
We collect information about you in a number of ways:
- Information you provide to us through our websites and applications;
- Information you provide through communications with us; and
- From outside sources such as customer service providers to help us with customer verification.
Personal information provided by you
We collect personal information provided by you including your name, address, telephone number and email when you submit this information through our website. We also collect personal information when you contact us or send us feedback.
Personal information provided by third parties
Occasionally we may receive information about you from other sources (such as credit reference agencies), which we will add to the information we already hold about you to help us improve and personalise our service to you.
Personal information about other individuals
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
- give consent on his/her behalf to the processing of his/her personal data;
- receive on his/her behalf any data protection notices; and
- give consent to the transfer of his/her personal data abroad.
How and why we use your personal information
Under data protection law, we can only use your personal information if we have a proper reason for doing so, e.g.:
- to comply with our legal and regulatory obligations;
- to take steps at your request before you enter into a contract with one of our clients;
- for our legitimate interests or those of a third party; or
- where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
The table below explains what we use (process) your personal information for and our reasons for doing so:
|What we use your personal data for||Our reasons|
|To provide PPI checking referral services to you||For the performance of our contract with you or to take steps at your request before entering into a contract|
|To handle enquiries from you||To take steps at your request before you enter into a contract with our clients (see “Claims Management Companies we share information with” below)|
|To prevent and detect fraud against you||For our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures, so we can deliver the best service to you|
|Conducting checks to identify our customers and verify their identity||To comply with our legal and regulatory obligations|
|Operational reasons, such as improving efficiency, training and quality control||For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you|
|Statistical analysis to help us manage our business, e.g. in relation to customer base, product range or other efficiency measures||For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you|
|Updating and enhancing customer records||
To take steps at your request before you enter into a contract with our clients (see “Claims Management Companies we share information with” below)
To comply with our legal and regulatory obligations
For our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our customers about existing enquiries
How long your personal information will be kept
We will keep your personal information after you have made an enquiry through us. We will keep your personal information for as long as is necessary:
- to respond to any questions, complaints or claims made by you or on your behalf;
- to show that we treated you fairly;
- to keep records required by law.
We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information as well as for the regulatory requirements we are bound to.
Monitoring and recording communications
We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of quality assurance, training, fraud prevention and to comply with relevant data protection legislation.
For example, we may monitor how many times you visit the website, which pages you go to, traffic data, location data and how long you visit the website. This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually.
You can set your browser not to accept cookies and the websites below tell you how to remove cookies from your browser. However, some of our website features may not function as a result.
Use of your information
We collect information about you so that we can:
- identify you and manage any accounts you hold with us;
- process your enquiries;
- conduct research, statistical analysis and behavioural analysis;
- detect and prevent fraud;
- customise our website and its content to your particular preferences;
- notify you of any changes to our website or to our services that may affect you;
- carry out security vetting; and
- improve our services
Information we hold
We will hold and use the following details about you:
- Your name, address, phone numbers, email address, date of birth and banking and financial details;
- Demographic and lifestyle information;
- Details of when you contact us and when we contact you;
- As well as any other information which we reasonably need to handle your enquiry, make decisions about you or fulfil our regulatory obligations.
We may keep details of any phone number(s) that you call us from and use them to contact you.
When we are managing your account, we may be given sensitive information such as medical information. We will hold and process this information to allow us to make decisions about the merits of a potential claim.
Some areas of our website may require you to be registered prior to certain information or services being made available. We use this information to provide you with the service or information you have requested or to answer your enquiries. We will hold your data on our systems as follows:
- Information for the purposes of claims management – 2 Years
Information we share
We will keep your personal information confidential and only share it with others for the purposes explained in this policy. We have trusted relationships with carefully selected third parties who perform services on our behalf. All service providers are bound by contract to maintain the security of your personal information and to use it only as permitted by us.
We will not under any circumstances sell or share your data with third party marketing companies. We may, with your consent, share information about you:
- With any firm, organisation or person we use to help us to provide a service on our behalf, including claims management services;
- With any firm, organisation or person who provides us with products or services or who we provide products and services to;
- With any person who has told us and who we have verified to be your parent, carer or helper where you are unable to handle your own affairs because of mental capacity or other similar issues;
- Certain authorities in order to detect and prevent terrorism (including to authorities outside the UK);
- With any person to whom we sell or transfer (or enter into negotiations to sell or transfer) our business or any of our rights or obligations under any agreement we may have with you. If the transfer or sale goes ahead, the transferee or purchaser may use your personal information in the same way as us;
- With regulatory and governmental authorities ombudsmen, or other authorities, including tax authorities, including those overseas, where we are requested by them to do so;
- and With Fraud Prevention Agencies (FPAs)
Claims Management Companies we share information with
The companies listed below provide claims management services on our behalf. Companies regulated by the Claims Management Regulator have their registration recorded on the website www.gov.uk/moj/cmr
Claim Easy Limited which is registered in England and Wales. Registered number 07908773. Registered office: 1 Century Park, Pacific Road, Broadheath, Altrincham, WA14 5BJ. Regulated by the Claims Management Regulator in respect of regulated claims management activities, registration number CRM29331.
Clear Law LLP, Timber Wharf, Units 115-119, 42-50 Worsley Street, Manchester, M15 4LD, England. Registered Company OC308339. Clear Law LLP is authorised and regulated by the Solicitors Regulation Authority under SRA Number 403088.
Quigley & Carter Limited which is registered in England and Wales. Registered number: 08846861. Registered office: Fourways House, 57 Hilton Street, Manchester, M1 2EJ. Regulated by the Claims Management Regulator in respect of regulated claims management activities, registration number CRM39933.
Direct Redress Limited which is registered in England and Wales. Registered number: 07489855. Registered office: Booths Park 5, Chelford Road, Knutsford, Cheshire, WA16 8GS. Regulated by the Claims Management Regulator in respect of regulated claims management activities, registration number CRM26236.
Flairford Securities Ltd trading as Brunel Franklin which registered in England and Wales. Registered number: 06576055. Registered office: 4th Floor, The Bloc, Ashley Road, Altringham, Cheshire, WA14 2DW. Regulated by the Claims Management Regulator in respect of regulated claims management activities, registration number CRM13067.
Crystal Legal Services Ltd which registered in England and Wales. Registered number: 06837474. Registered office: Gawsworth House, Westmere Drive, Crewe, CW1 6XB. Regulated by the Claims Management Regulator in respect of regulated claims management activities, registration number CRM20182.
Etico Group Limited trading as PPI Wise which registered in England and Wales. Registered number: 05942713. Registered office: North Church Business Centre, 84 Queen Street, Sheffield, South Yorkshire, S1 2DU. Regulated by the Claims Management Regulator in respect of regulated claims management activities, registration number CRM30283.
Allay Claims Ltd which registered in England and Wales. Registered number: 06836398. Registered office: Generator Studios, Trafalgar Street, Newcastle upon Tyne NE1 2LA. Regulated by the Claims Management Regulator in respect of regulated claims management activities, registration number CRM20000.
Richardson Mail Limited which registered in England and Wales. Registered number: 07384980. Registered office: Stamford House, Northenden Road, Sale, Cheshire, M33 2DH. Regulated by the Claims Management Regulator in respect of regulated claims management activities, registration number CRM25228.
Oracle Legal Ltd which registered in England and Wales. Registered number: 06810900. Registered office: Lester House, 21 Broad Street, Bury, Lancashire, BL9 0DA. Regulated by the Claims Management Regulator in respect of regulated claims management activities, registration number CRM17936.
Debt Specialists Limited which is registered in England and Wales. Registered number: 05809220. Registered Office: 8-10 Bolton Street, Ramsbottom, Bury, Lancashire, BL0 9HX. Regulated by the Claims Management Regulator in respect of regulated claims management activities, registration number CRM22906.
Waterloo Solutions Limited which is registered in England and Wales. Registered number: 07671221.Registered Office: Swinford House, Albion Street, Brierley Hill, West Midlands, DY5 3EE. Regulated by the Claims Management Regulator in respect of regulated claims management activities, registration number CRM27601.
Ashley Howard Limited which is registered in England and Wales. Registered number: 08273141. Registered office: Westminster House, 10 Westminster Road, Macclesfield, Cheshire, SK10 1BX. Regulated by the Claims Management Regulator in respect of regulated claims management activities, registration number CRM31496.
How we use your information
We will use your information to:
- Make, or assist in making, claims management decisions about you with regard to the merits of your claim, potential referrals to third parties and to check the details that you have let us and others have;
- Operate and manage your account and manage any application, agreement or correspondence you may have with us; Carry out, monitor and analyse our business;
- To identify, prevent, detect or tackle fraud, money laundering, terrorism and other crimes;
- To form a view of you as an individual and to identify, develop or improve products, that may be of interest to you;
- Carry out market research, business and statistical analysis;
- Provide information to independent external bodies such as governmental departments and agencies, universities and similar to carry out research;
- Carry out file audits;
- Perform other administrative and operational purposes including the testing of systems; and
- Comply with our regulatory obligations.
Your data may also be used for other purposes for which you give your permission or where we are permitted to do so by law or it is in the public interest to disclose the information or is otherwise permitted under the terms of the Data Protection Act 1998.
You have the following rights, which you can exercise free of charge:
The right to be provided with a copy of your personal information (the right of access)
The right to require us to correct any mistakes in your personal information
To be forgotten
The right to require us to delete your personal information—in certain situations
Restriction of processing
The right to require us to restrict processing of your personal information—in certain circumstances, e.g. if you contest the accuracy of the data
The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
The right to object:
— at any time to your personal information being processed for direct marketing (including profiling);
— in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests.
Not to be subject to automated individual decision-making
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, see ‘How can you contact us?’ below.
Transfer of information out of the EEA
To deliver services to you, it is sometimes necessary for us to share your personal information outside the European Economic Area (EEA), e.g.:
- with your and our service providers located outside the EEA;
- if you are based outside the EEA;
- where there is an international dimension to the services we are providing to you.
These transfers are subject to special rules under European and UK data protection law.
The following countries to which we may transfer personal information have been assessed by the European Commission as providing an adequate level of protection for personal information: United States of America
These non-EEA countries do not have the same data protection laws as the United Kingdom and EEA. We will, however, ensure the transfer complies with data protection law and all personal information will be secure. Our standard practice is to use data protection contract clauses that have been approved by the European Commission. To obtain a copy of those clauses, please contact us (see ‘How to contact us’ below).
Access to your information
Under the Data Protection Act 1998, you have a right to access certain personal records we hold about you. This is called a Data Subject Access Request, which you can make by writing to [email protected] or Content Discovered, The Union Building, 51-59 Rose Ln, Norwich, NR1 1BY.
You can request a copy of your information which we hold (this is known as a subject access request). If you would like a copy of some or it, please:
- email, call or write to us (see ‘How can you contact us?’ below)
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- let us know the information you want a copy of, including any account or reference numbers, if you have them
We want to make sure that your information is accurate and up-to-date. You may ask us to correct or remove any information that you think is inaccurate by contacting us.
You can require us to correct any mistakes in your information which we hold free of charge. If you would like to do this, please:
- email, call or write to us (see ‘How can you contact us?’ below)
- let us have enough information to identify you (eg account number, user name, registration details), and
- let us know the information that is incorrect and what it should be replaced with
Third party links
Our site may contain links to third party websites. If you follow a link to any of these websites, please note that these websites have their own terms and privacy policies and that we do not accept any responsibility or liability for them.
How to complain
We hope that we can resolve any query or concern you may raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.
How can you contact us
You can contact our Data Protection Officer through the following means.