We are a “data controller” for the purposes of the Data Protection Act 1998, (i.e. we are responsible for, and control the processing of, your personal information).
We recognise how important it is to protect and manage the information you share with us. We use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we only authorise access to those employees who require it to fulfil their job responsibilities. When you share data with us through the website, that information is protected by secure socket layer (SSL) encryption. Our security systems meet or exceed industry standards and we are constantly monitoring internet developments to ensure our systems evolve as required.
We collect information about you in a number of ways:
We collect personal information provided by you including your name, address, telephone number and email when you submit this information through our website. We also collect personal information when you contact us or send us feedback.
Occasionally we may receive information about you from other sources (such as credit reference agencies), which we will add to the information we already hold about you to help us improve and personalise our service to you.
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
As a rule we do not collect personal information to process PPI checks, we simply provide a software solution to our clients who in turn use the personal information we have collected on this website to provide the services (including PPI checking services) offered by them. For further details please see the privacy policies and terms and conditions contained with each of our clients’ PPI checking service application.
If and when we do process any personal information, it would only be for the purposes of contacting you if you have requested us to do so and or to take note of any feedback you may have had for us.
Under data protection law, we can only use your personal information if we have a proper reason for doing so, e.g.:
to comply with our legal and regulatory obligations;
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
The table below explains what we use (process) your personal information for and our reasons for doing so:
|What we use your personal data for||Our reasons|
|To handle the PPI checking service application made by you||To send personal information supplied on your PPI checking service application to the client you consented to process it (see “Claims Management Companies we share information with” below)|
|To prevent and detect fraud against you||For our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures, so we can deliver the best service to you|
|Conducting checks to identify our customers and verify their identity||To comply with our legal and regulatory obligations|
|Operational reasons, such as improving efficiency, training and quality control||For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you|
|Statistical analysis to help us manage our business, e.g. in relation to customer base, product range or other efficiency measures||For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you|
|Updating and enhancing customer records||To take steps at your request before you enter into a contract with our clients (see “Claims Management Companies we share information with” below)
To comply with our legal and regulatory obligations
For our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our customers about existing enquiries
We will keep your personal information after you have made an enquiry through us. We will keep your personal information for as long as is necessary:
We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information as well as for the regulatory requirements we are bound to.
We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of quality assurance, training, fraud prevention and to comply with relevant data protection legislation.
For example, we may monitor how many times you visit the website, which pages you go to, traffic data, location data and how long you visit the website. This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually.
You can set your browser not to accept cookies and the websites below tell you how to remove cookies from your browser. However, some of our website features may not function as a result.
We collect information about you so that we can:
Information we hold
We will hold and use the following details about you:
We may keep details of any phone number(s) that you call us from and use them to contact you.
When we are managing your account, we may be given sensitive information such as medical information. We will hold and process this information to allow us to make decisions about the merits of a potential claim.
Some areas of our website may require you to be registered prior to certain information or services being made available. We use this information to provide you with the service or information you have requested or to answer your enquiries. We will hold your data on our systems as follows:
Information we share
We will keep your personal information confidential and only share it with others for the purposes explained in this policy. We have trusted relationships with carefully selected third parties who perform services on our behalf. All service providers are bound by contract to maintain the security of your personal information and to use it only as permitted by us.
We will not under any circumstances sell or share your data with third party marketing companies. We may, with your consent, share information about you:
Claims Management Companies we share information with
The companies listed below provide claims management services on our behalf. Companies regulated by the Claims Management Regulator have their registration recorded on the website www.gov.uk/moj/cmr
How we use your information
We will use your information to:
Your data may also be used for other purposes for which you give your permission or where we are permitted to do so by law or it is in the public interest to disclose the information or is otherwise permitted under the terms of the Data Protection Act 1998.
You have the following rights, which you can exercise free of charge:
|Access||The right to be provided with a copy of your personal information (the right of access)|
|Rectification||The right to require us to correct any mistakes in your personal information|
|To be forgotten||The right to require us to delete your personal information—in certain situations|
|Restriction of processing||The right to require us to restrict processing of your personal information—in certain circumstances, e.g. if you contest the accuracy of the data|
|Data portability||The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations|
|To object||The right to object:
|Not to be subject to automated individual decision-making||The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you|
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, see ‘How can you contact us?’ below.
To deliver services to you, it is sometimes necessary for us to share your personal information outside the European Economic Area (EEA), e.g.:
These transfers are subject to special rules under European and UK data protection law.
The following countries to which we may transfer personal information have been assessed by the European Commission as providing an adequate level of protection for personal information: United States of America
These non-EEA countries do not have the same data protection laws as the United Kingdom and EEA. We will, however, ensure the transfer complies with data protection law and all personal information will be secure. Our standard practice is to use data protection contract clauses that have been approved by the European Commission. To obtain a copy of those clauses, please contact us (see ‘How to contact us’ below).
Under the Data Protection Act 1998, you have a right to access certain personal records we hold about you. This is called a Data Subject Access Request, which you can make by writing to [email protected] or Content Discovered, The Union Building, 51-59 Rose Ln, Norwich, NR1 1BY.
You can request a copy of your information which we hold (this is known as a subject access request). If you would like a copy of some or it, please:
We want to make sure that your information is accurate and up-to-date. You may ask us to correct or remove any information that you think is inaccurate by contacting us.
You can require us to correct any mistakes in your information which we hold free of charge. If you would like to do this, please:
Our site may contain links to third party websites. If you follow a link to any of these websites, please note that these websites have their own terms and privacy policies and that we do not accept any responsibility or liability for them.
How to complain
We hope that we can resolve any query or concern you may raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.
How can you contact us
You can contact our Data Protection Officer through the following means.