We respect our client’s privacy and are dedicated to protecting their personal information, this policy sets out how we aim to do this when you visit our website and inform you of the law that protects you and your rights when it comes to privacy of your personal data.
The Claims Protection Agency herein in referred to as ‘the company’.
This policy aims to provide you with details of how the company will collect and process your personal data when you use our website, this includes any of your data you may input through our website when you complete our online forms which sign you up to any of our services.
Our website is intended for the use of adults and therefore we do not wish to knowingly collect any data in relation to children.
This policy aims to complement our other policies and notices, with no intention of overruling them. Therefore, it is key to read this policy along with any other notice that we may provide to you on specific matters where we collect/process your personal data, to ensure you are informed of the reasons why we require your personal data.
Version date: this policy was in effect from 1st February 2020, any historic versions can be provided upon request.
The company is the data controller and are responsible for protecting your personal data in line with this policy.
Our Data Controller is John Johnstone, they are responsible for overseeing the implementation of this Policy and for monitoring compliance with this Policy. They are also accountable for answering any queries in relation to this policy and should you wish to get in contact or exercise your legal rights as explained in this policy, then you are able to do so using the below contact details:
Address: Unit 8a, Ashbrook Business Park, Longstone Road, Heald Green, M22 5LB
Telephone: 01617685766
If you are dissatisfied at any time, please contact us and we will try our best to resolve your concerns. At any time, you also have the right to make a complaint by contacting the Information Commissioner’s Office (ICO), who is the UK supervisory authority for data protection issues (www.ico.org.uk).
It’s crucial that personal data we hold on our files about you is up to date and accurate, so please do keep us updated with any changes throughout your relationship with us.
Our Privacy Policy may be subject to changes, we aim to inform you of such changes.
Any of our actions and engagements on external social media platforms that the company undertake are subject to that platforms terms and conditions along with their individual privacy policies.
We advise users to use such platforms with caution and be aware of supplying personal data on such sites.
Our website uses sharing buttons on social media sites in order to help share web content directly to the platform. We advise users to use such sharing tools at their own discretion and to be aware that the social media platform can monitor their usage. The platform may store users request to share a web page directly through their social media accounts.
Our website through social media accounts might on occasions share links to other relevant web pages. Despite our best efforts we cannot protect against spam or hacking on social media sites, so again we advise users to approach shortened URLs published on such sites with caution. The company therefore cannot be held liable when visiting any shortened URLs should any damages occur.
Our website may include links to other third-party websites, applications and plug-ins. If you click on a third-party link or enable such connections this may allow third- parties to collect or share data about you. We are not responsible for these third-party websites or their privacy policies, therefore when you leave our website, we urge you to be aware of other websites privacy notices.
Personal data relates to information about an individual from which that person can be identified. Personal data does not include anonymous data where the identity of the individual has been removed.
The personal data we might collect, process, store and transmit are detailed as follows:
Should you fail to provide personal data which we require by law, or under the terms of a contract we have with you, we may not be able to perform the contract agreed or are
trying to enter in to with you. In such a scenario, we may have to cancel a product or
service you have with us, but we will notify you at the time should this be the case.
Should we identify that you are a vulnerable customer, we may collect data relating to your health, this will ensure we can tailor our communication and service to meet your needs and circumstances. In this instance we would obtain your consent prior to storing this information for the sole purpose of delivering our service.
We do not collect any other Special Categories of Personal Data about you (including: your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your genetic and biometric data). We also do not collect any information about previous criminal offences or convictions.
We may collect, use and share aggregated data that derives from your personal data such as demographic data. Is not considered personal data in law as it doesn’t reveal your identity, however, should we combine such data with your personal information so that your identify could be recognised we will treat this as personal data and ensure it is used in accordance with this policy.
We may collect, use and share your personal data solely within our group for the purpose of improving our customer experience, for example we may perform data analysis on your engagement with us to improve our service offering. 4.0 Collecting Personal Data
The company uses varies methods to collect data including:
Where you directly provide us with your personal data such as by completing one of our forms or by corresponding with us by telephone, post, email etc. This includes personal data you provide when you:
When you visit and interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. This personal data is collected by using cookies and other similar technologies. Please see our separate cookies policy to find out more.
At times we might get personal data about you from different third parties such as:
Technical Data: from analytics providers for example Google based outside the EU;
Identity and Contact Data: from various publicly availably sources such as the Electoral Register, Companies House and credit checks based inside the EU. Identity and Contact Data: from various data brokers based inside the EU, including marketing which directs consumers to our website.
We only use personal data in line with the law normally in following scenarios: Where you have provided clear consent for us to process your personal data for a specific purpose.
Where we need your personal data to implement the contract we are about to enter or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third-party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
Below we have set out a full description of all the ways we intend to use your personal data. We only intend to use your data for the purpose we collected it for, if there is a requirement to use your data for another unrelated reason, we will notify you explaining the legal basis for this decision. There may be a situation where we process your personal data without your consent where it is required by law.
There may be a situation where we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please do not hesitate to get in touch with us if you want details about the specific legal ground, we are relying on to process your personal data.
| Purpose/activity | Type of data | Lawful basis for processing including basis of legitimate interest |
|---|---|---|
|
To register you as a new customer |
(a) Identity (b) Contact |
(a) Performance of a contract with you with consent |
|
To process and deliver your order including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us |
(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications |
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us) |
|
To manage our relationship with you which will include: |
(a) Notifying you about changes to our terms or privacy policy |
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation |
|
(a) Notifying you about changes to our terms or privacy policy (b) Asking you to leave a review or take a survey |
(b) Asking you to leave a review or take a survey |
(a) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) |
|
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
(a) Identity (b) Contact (c) Technical |
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation |
|
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences |
(a) Technical (b) Usage |
(a) Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
|
To make suggestions and recommendations to you about goods or services that may be of interest to you |
(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile |
Necessary for our legitimate interests (to develop our products/services and grow our business) |
We are committed to providing you with clear choices around personal data and the way we use it. In line with your contact preferences, we may contact you regarding different products or service that we or other companies within our group can offer you. At times we may rely upon legitimate interest to make such recommendations to you about products or services that could be of interest to you. In this case we will consider and review any potential impact upon you (positive and negative) and your rights before we begin to process your personal data for our legitimate interests. For any activity where our interests are overruled by the impact on you, we will not use your personal data (unless we have your consent or are otherwise required to or permitted to legally).
At any time, you can update your marketing preferences by contacting us and you can opt out and stop all marketing messages should you require (this will not apply to personal data that you provided us using our services).
Identity, Contact, Technical, Usage and Profile Data may be used by us to make an assessment on what we think may be of interest or what you may need or want. This enables us to conduct future marketing by deciding which product/service offers could be applicable to you.
Before we share your personal data with any third-party companies outside of the company’s group for the intention of marketing purposes will we always get your consent through an opt-in.
A cookie is an element of data that websites can send to your browser, which might then be stored on your system. See our separate cookies policy for more information about how we use cookies. Should you set your browser settings to refuse any cookies some parts of our website may not work. 6.0 Sharing your Personal Data
To undertake our processes, maintain our relationships and improve the services we offer, we may also share your personal data with other third parties we work with, such as:
| Company Name | Company Details | Processing Activity |
|---|---|---|
|
Solicitors Regulation Authority |
Solicitors Regulation Authority, The Cube, 199 Wharfside Street, Birmingham, B1 1RN |
Under regulatory requirements, we may have to share data with the Solicitors regulation Authority |
|
Connex One Limited |
Company Registration Number: 08814633 Registered Office Address: Bow Chambers, 8 Tib Lane, Manchester, England, M2 4JB |
Provide our dialler system and our responsible for maintaining/safeguarding our data security. |
|
DPD Local UK Ltd |
Company Registration Number: 01421773 Registered Office Address: Dd Local Uk Ltd Roebuck Lane Smethwick West Midlands United Kingdom B66 1BY |
Provide secure pick-up and delivery services. |
|
Shred-it Limited |
Company Registration Number: 04047194 Registered Office Address: Ground Floor 177 Cross Street Sale Manchester M33 7JQ |
Provider of a secure documentation destruction service. |
|
Shredall (East Midlands) Limited |
Company Registration Number: 03317730 Registered Office Address: Joy House Bestwood Business Park Park Road Bestwood Village Nottingham Nottinghamshire NG6 8TQ |
Provide secure data storage facilities. |
|
Wisemann Law trading as Bee Legal |
Company number: 09411174 Registered trading address: 18-22Lloyd House Lloyd Street, M2 5WA (b) Usage |
Provide legal services to our clients |
|
Royal Mail Group Limited |
Company Registration Number: 04138203 Registered Office Address: 100 Victoria Embankment London EC4Y 0HQ |
Provide postal services for the business. |
There may be times when we are required to disclose your personal information, these include with:
Solicitors’ Regulation Authority (SRA), Financial Conduct Authority (FCA), Claims Management Regulator, HM Revenue & Customs, other authorities, and regulators acting as processors based in the UK who may require reporting of processing activities in certain circumstances. Professional bodies such as solicitors, accountants, consultants, and any similar bodies acting as processors, based in the UK who may require reporting of processing activities under certain legal or compliance circumstances. Third parties which we may choose to sell, transfer, or merge parts of our business/assets. We may also seek to acquire another business or merge with them. If this were to happen to our business, then the subsequent new owners may choose to use your personal data in the same way as detailed in this policy.
We will only ever share your personal data in line with current UK data protection laws. Requiring all third parties to treat your personal data in line with the law and use for the intended purpose in line with our guidelines.
The Company may from time to time transfer personal data to countries outside of the European Economic Area (EEA). The transfer of personal data to a country outside of the EEA shall take place only if one or more of the following applies:
The company aim to maintain a high standard of security and privacy when it comes to protecting our customers personal information. We want to give our customers confidence in our processes and have robust measures in place to ensure we protect your information from any loss, unauthorised access or misuse. We constantly review our data security processes to ensure they remain fit for purpose.
We also limit access to customers personal data to those colleagues, agents, third- parties or contractors who absolutely need to have access.
All personal data breaches must be reported immediately to the Company’s DPO. We have an appropriate procedure in place to deal with any data breaches and will notify the persons affected and any regulator which legally require us to report the breach.
The company shall not keep personal data for any longer than is necessary in light of the purpose or purposes for which that personal data was originally collected, held, and processed. We have to keep some specific information about our customers by law, where this is the case we will keep securely and hold solely for the legal purpose required.
When personal data is no longer required, all reasonable steps will be taken to erase or otherwise dispose of securely without delay.
For full details of the company’s approach to data retention, including retention periods for specific personal data types held by the company, please refer to our Data Retention Policy which you can request by contacting us.
Under UK data protection law, you have several rights in relation to your personal data and the processing of it, including:
However, this will not have affected our legal ability to do this before you withdraw your consent, and if you do withdraw consent to process your personal data, we may not be able to offer you certain services.
Should you wish to exercise your rights please contact us, there could be occasions when we aren’t able to complete your request, however we will inform you of this and the reasoning.
There is no fee when requesting a copy of your personal data, although there may be occasions where we charge a reasonable amount should we find your request recurring or unwarranted or if you require further copies of such information that we have previously provided.
In order to process any of your requests we may need to confirm your identify through a process of security checks.
We aim to respond to all relevant requests as soon as possible and usually within one month of receiving. Sometimes it may however take us longer to process, but we will always keep you informed if this is the case.
The Claims Protection Agency Limited is registered in England and Wales. Registration Number: 08467014 Authorised and Regulated by the Financial Conduct Authority: FCA No: 836470
The Claims Protection Agency, Unit 8a Ashbrook Business Park, Longstone Road, Heald Green, Manchester, M22 5LB