Privacy Policy

The work of Cogent Claims Limited is to act on behalf of the insurer, the insurer’s broker or the individual claimant and depending on the nature of the relationship, the privacy policy of the insurer and/or insurance broker may apply. If you are uncertain, we will always be here to help you identify the party that controls your data.

Cogent Claims Limited is committed to protecting the privacy of Personal Data we collect and process in conducting our business. “Personal Data” is information that identifies you or other individuals (such as your dependants). This Privacy Policy describes how we will handle Personal Data that we collect through:

Claims handling process:

• Claim forms, telephone calls, e-mails and other communications with us, as well as from claim investigators, medical professionals, witnesses or other third parties involved in our business dealings with you Collectively referred to as the “Services”.

We collect and process your Personal Data in accordance with this Privacy Policy which also includes details about our use of website cookies in line with current data protection legislation including the General Data Protection Regulation 2016/679 (GDPR).

For information on your rights and how Personal Data is collected, stored and processed as part of the claims handling service go to Section 5 of this Policy.

If you have any questions about our use of your Personal Data you can contact our Data Protection Officer:

[email protected]

or

Data Protection Officer

Cogent Claims Limited

Kingfisher House,

Peel Avenue,

Wakefield,

WF2 7UA

Registration Number – 08996061

Personal Data collected about you and your dependants may include:

General identification and contact information

• Your name, address, e-mail and telephone details, gender, marital status, family status, date and place of birth, educational background, physical attributes, activity records, driving records, telematics data which records the driving behaviours demonstrated (this includes but is not limited to: a log of all of the journeys, speeding events, cornering, braking and acceleration), photos and video images, employment history, skills and experience, professional licenses and affiliations, relationship to the policyholder, insured or claimant, and date and cause of death, injury or disability
• Identification numbers issued by government bodies or agencies – national insurance number, passport number, tax identification number, military identification number, or driver’s or other license number

Financial information and account details

• Bank account number and account details, credit history and credit score

Medical condition and health status

• In certain cases we may receive information about your current or former physical or mental or medical condition, health status, injury or disability information, medical procedures performed, personal habits (for example, smoking or consumption of alcohol), prescription information and medical history.

Other sensitive information

• In certain cases we may receive sensitive information about your trade union membership, religious beliefs, political opinions, family medical history or genetic information (for example, if you apply for insurance through a third-party marketing partner that is a trade, religious or political organisation). In addition, we may obtain information about your criminal record or civil litigation history in the process of preventing, detecting and investigating fraud.
• We may also obtain sensitive information if you voluntarily provide it to us (for example, if you express preferences regarding medical treatment based on your religious beliefs).

Telephone recordings

• Recordings of telephone calls to and from our staff and offices.

Fraud and Crime Prevention

• Information to investigate crime, including fraud and money laundering: For example, insurers commonly share information about their previous dealings with policyholders and claimants for this purpose.

Information enabling us to provide our services

• Location and identification of property insured (for example, property address, vehicle license plate or identification number)
• Travel arrangements including reservation numbers, destination and hotel details
• Policy details and claim numbers, details of policy coverage and cause of loss
• Prior accident or loss history, your status as director or partner or other ownership or management interest in an organisation and other insurance policies you hold.

Marketing preferences and customer feedback

• • You may let us know how you want to be contacted (e.g. by email, phone or post)

We use this Personal Data to:

• Communicate with you and other interested parties to manage your claim.
• Send you important information regarding your claim and other administrative information.
• Make decisions about claim assessment, processing and settlement.
• Manage claim disputes, where applicable.
• Provide improved quality, training and security (for example, with respect to recorded or monitored phone calls to our contact numbers).
• Prevent, detect and investigate crime, including fraud and money laundering, and analyse and manage other commercial risks.
• Carry out market research and analysis, including satisfaction surveys.
• Manage our business operations to comply with internal policies and procedures, including those relating to auditing finance, accounting and billing, IT systems, data and website hosting, business continuity, document and print management.
• Resolve complaints, and handle requests for data access or correction.
• Comply with applicable laws and regulatory obligations (including laws outside your country of residence), such as those relating to anti-money laundering and comply with legal process and respond to requests from public and government authorities (including those outside your country of residence).
• Establish and defend legal rights, protect our business operations (including our group companies), our rights, privacy, safety of employees and property, you or others related to the claim and pursue available remedies to limit our damages.

We will only process Personal Data for the specific purposes set out above or for any other purposes specifically permitted by the data protection legislation. We will notify you of those purposes when we first collect the data or as soon as possible thereafter.

The Personal Data processed when you use our Services will only be shared with Cogent Claims Limited for the purposes set out in this Privacy Policy and will not be transferred to other individuals or businesses for their own use.

Cogent Claims Limited may share your Personal Data, only for purposes described in this Privacy Policy, with specific vendors or other entities with whom we have a business relationship to provide the claims handling services on behalf of Cogent Claims Limited.

We may, as a matter of law, and without requiring notice or consent, use your information for crime and fraud prevention, or systems administration within Cogent Claims Limited and to monitor and/or enforce Cogent Claims Limited’s compliance with any regulatory rules and codes.

For Personal Data to be processed lawfully, they must be processed based on one of the lawful bases set out in the Regulation. These include, among other things, the data subject’s consent to the processing, or that the processing is necessary for the performance of a contract with the data subject, for the compliance with a legal obligation to which the data controller is subject, or for the legitimate interest of the data controller or the party to whom the data is disclosed. When sensitive Personal Data is being processed, additional conditions must be met. When processing Personal Data as data controllers in the course of our business, we will ensure that those requirements are met.

If we collect Personal Data directly from you as the data subjects, we will inform you about:

• The purpose or purposes for which we intend to process that Personal Data.
• The types of third parties, if any, with which we will share or to which we will disclose that Personal Data.
• The means, if any, with which data subjects can limit our use and disclosure of their Personal Data.

If we receive Personal Data about a data subject from other sources, we will provide the data subject with this information as soon as possible thereafter.

Where we are the data controller with regard to that data, we will inform data subjects who our Data Protection Officer is, and how you can exercise your rights as data subject, including the right to object to the processing of your Personal Data when it is processed based on legitimate interests or legal requirement.

Cogent Claims Limited may make Personal Data available to the following parties for the purposes of claim assessment or as required by law:

• Insurer, other insurance and distribution parties
  • In the course of processing claims, we may make Personal Data available to your insurers and third parties such as reinsurance brokers, appointed representatives, distributors, financial institutions, securities firms and other business partners
• Our service providers
  • External third-party service providers, such as medical professionals, accountants, actuaries, auditors, experts, lawyers and other outside professional advisors; travel and medical assistance providers
  • IT systems, support and hosting service providers, document and records management providers and outsourced service providers that assist us in carrying out business activities.
  • Banks and financial institutions that service our accounts, third-party claim administrators, claim investigators, construction consultants, engineers, examiners, jury consultants, translators and similar third-party vendors
• Authorities and third parties involved in court action
  • We may share Personal Data with government or other public authorities (including, but not limited to, workers’ compensation boards, courts, law enforcement, tax authorities and criminal investigations agencies); and third-party civil legal process participants and their accountants, auditors, lawyers and other advisors and representatives as we believe to be necessary or appropriate:
    • to comply with applicable law and regulations, including those outside your country of residence
    • to comply with legal process
    • to respond to requests from public and government authorities including public and government authorities outside your country of residence
    • to protect our operations
    • to protect our rights, privacy, safety or property, and/or that of Cogent Claims Limited, you or others
    • to allow us to pursue available remedies or limit our damages.
  • Other Third Parties
    • We may share Personal Data with emergency providers (fire, police and medical emergency services); retailers; medical organisations and providers; travel carriers; credit bureaus; credit reporting agencies; and other people involved in an incident that is the subject of a claim; as well as purchasers and prospective purchasers or other parties in any actual or proposed reorganisation, merger, sale, joint venture, assignment, transfer or other transaction relating to all or any portion of our business. To check information provided, and to detect and prevent fraudulent claims, Personal Data (including details of injuries) may be put on registers of claims and shared with other insurers. We may search these registers when dealing with claims to detect, prevent and investigate fraud.

We may also anonymise, aggregate or combine any of the information we collect to analyse trends and provide statistical data to assist with forward planning of business operations.

We will take all appropriate reasonable technical, legal and organisational measures, which are consistent with applicable privacy and data security laws to safeguard your Personal Data. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any Personal Data you might have with us has been compromised), please immediately notify us.

Where we provide Personal Data to a vendor, the vendor will be selected carefully and required

We take all reasonable steps to ensure that Personal Data we process remains accurate and complete as is necessary for the performance of our services to you and in line with the controls detailed in this Privacy Policy.

We will retain Personal Data for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

If you provide Personal Data to us regarding other individuals, you agree:

• to inform the individual about the content of this Privacy Policy
• to obtain any legally-required consent for the collection, use, disclosure, and transfer (including cross-border transfer) of Personal Data about the individual in accordance with this Privacy Policy.

“Other Information” is information that does not reveal your specific identity, such as:

• Information collected through cookies, tags and other technologies

We and our third-party service providers may collect “Other Information” in a variety of ways, including:

• Using cookies: cookies are pieces of information stored directly on the computer you are using and you can find further details in our cookies policy that is available on our website.

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any vendors, including any vendor operating any site or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our group companies. Before providing any Personal Data to any such linked website, please make sure to review that website’s privacy policy carefully to understand how it deals with your Personal Data.

We will inform you when we require your consent to process your Personal Data and will request it from you as outlined in this Privacy Policy. If you do not consent, we may not be able to provide you with our Services. If necessary, please contact us as set out in the “Who to Contact About Your Personal Data” section above for further information.

The use of your Personal Data depends on the type of service we are providing and your relationship with our organisation. It may also be governed by the contract we have with the party for whom we are acting.

Our principal business activity is handling claims under policies arranged with the insurance sector or organisations operating in a similar capacity. To perform all these activities, we need to process Personal Data.

Personal Data means information relating to an individual.

Processing Personal Data means operations (automatic or otherwise) such as collection, recording, adapting, altering, consulting, using, disseminating, transmitting, making available, storing, erasing or destroying the data.

A data controller is the organisation that alone or jointly with others determines the purposes, conditions and means of processing your Personal Data.

Unless otherwise advised, Cogent Claims Limited will be a controller of your data. However, this may vary depending on our relationship with you and the contractual arrangements of the service providers we are working with. Please also note we sometimes, when information is shared with service providers, revert to being the processor of your data and the service provider becomes the controller.

Depending on your relationship with our organisation the legal basis for us processing your Personal Data is one of the following:

• You have given consent to us or the party for whom we are acting
• The processing is necessary for the performance of a contract or legal duty
• Processing is necessary for a legitimate interest pursued by us or a third party. Where processing is based on legitimate interest only, it will be in relation to one of the following:
  • Establishing, exercise or defence of legal claims
  • Prevention, detection of crime and fraud

Where we use legitimate interest as our grounds for processing your data you have the right to object at any time.

We will inform you when we require your consent to process your Personal Data and will request it from you as outlined in this Privacy Policy. If you do not consent, we may not be able to provide you with our Services. If necessary, please contact us as set out in the “Who to Contact About Your Personal Data” section above for further information.

If you do not provide us with your Personal Data we will not be able to provide you with our services.

The intended purpose of processing your Personal Data is to determine the extent of any liability for a claim and where appropriate, arrange repairs, replacement or payment. The processing is generally needed to validate:

• Details of those involved with the claim
• Details that have been given to us, insurers or other parties
• The circumstances, cause and value of the claim
• Any matters that may be relevant to insurers acceptance of the claim

The way we process data is generally governed by the contract under which we are appointed. We will not process your data for other purposes without obtaining your prior permission unless permitted or required by law.

The nature of our work is such that we may need to make background enquiries regarding individuals connected with a claim to validate information we are given, satisfy contractual obligations, comply with regulatory or legal requirement, to combat fraud, financial crime and money laundering. As part of the validation process we may check with other parties including credit reference agencies, data providers and other parties who may assist in validating the claim.

At the outset of a claim, we usually receive basic information about you/your claim direct from you, a telematics box, from insurers or the party we are representing. Depending on the type and nature of the claim, we might then have to gather additional information from other sources such as:

Credit reference agencies, local and public authorities, services and agencies, health service, healthcare providers, government, the internet, social media, crime prevention agencies, police, fire brigade, suppliers, valuers, vendors, donors, witnesses, friends, relatives, acquaintances and any other person or organisation that might assist with the validation/ servicing of the claim. Please refer to paragraph 4 of this Privacy Policy for further information on the Personal Data we collect.

The data we gather about you and others involved with the claim largely depends on the type and nature of the claim but may include:

Name, address, age, occupation, employer, lifestyle, internet profile, social media, credit status, electoral data, CCJs, criminal record, security measures, health and financial information.

We may also gather data relating to the circumstances, cause and value of the claim and any information that may be relevant to insurer’s acceptance of the claim.

When acting for insurers or another party, we will only pass your Personal Data to them or their agents. However, we might also need to share Personal Data or at least some of it, with other parties involved with the servicing or validation of your claim as described in “Sources of Personal Data” above.

We are also obliged to combat financial crime and money laundering, which may necessitate us sharing your Personal Data with the Police or anti-fraud agencies, organisations, schemes and registers. We might also disclose certain data where this is needed to assist other parties involved with specific fraud/criminal investigations, tribunals, regulatory enforcement and litigation. We will also co-operate in such matters internationally where agreements are in place with the other countries in question.

As part of the services we provide, we may need to analyse or process your Personal Data automatically to indicate the best way of handling the claim. However, any such profiling that produces legal effects concerning you or similarly affects you, will not be relied on exclusively without human intervention or taking other factors into consideration.

You have the right at any time to correct any inaccurate Personal Data we hold about you. We also want our records to be as accurate as possible so please advise us of any errors. However, please note that a difference of opinion or view is not necessarily inaccurate data and changes might not be possible. However, should you wish to express your own views, please provide details or a statement and we will add them to our records. Where this is required, please communicate the corrections or supplements to those dealing with your claim.

You have the right to have your data deleted when it is no longer needed which is known as the “Right to be forgotten.” However, we have an obligation to keep records for audit, regulatory and legal purposes and to combat financial crime.

To meet these obligations, we keep claim records for 15 years or any lesser period specified by those we are acting for. Consequently, we cannot simply delete records when requested or when a claim has been finalised. However, in certain circumstances we may be able to “Restrict Processing”. We might also be able to delete specific data or a document, for example where it has been sent to us in error and this will be done without undue delay.

In the first instance, please speak to those handling your claim to see if they can assist.

You have a right to withdraw consent and object to processing your Personal Data in certain circumstances. However, to deal with your claim, we will require you to co-operate with our enquiries and withdrawal of consent may prevent your claim from being considered further. Should you wish to exercise your right, please put this in writing (email is also acceptable) to those handling your claim.

Please also note that if you object or withdraw consent, we might still need to process your data to resolve ongoing commitments and satisfy obligations detailed under “Erasure and your Right to be Forgotten.”

The law gives an individual the right to object according to their particular situation, where we are processing their data:

• Solely on the basis of legitimate interests pursued by us or a third party or a task in the public interest (Please note that the right to object does not apply if we are processing your data for the performance of a contract e.g. an insurance policy. Consequently in most cases there will be no legal right to object)
• For scientific or historical research and statistics. (We do not ordinarily do this so these grounds for objection do not generally apply)

Any objection on the above grounds should be communicated to those handling your claim for referral to our data protection department.

When requested we will restrict processing where:

• You contest the accuracy of the Personal Data that we are processing. However, please note that:
  • a difference of opinion or view is not necessarily inaccurate data.
  • the restriction will only apply to the Personal Data in dispute rather than all the information we hold regarding the claim. When a restriction is put in place, we will not process the data in question other than to resolve its accuracy during which time the restriction will be noted on our system.
• Processing is unlawful and to prevent erasure you demand a restriction on processing instead. If the processing is unlawful we will place a restriction on the record and if requested preserve the data.
• We are due to delete your Personal Data but you request that we preserve it for the establishment, exercise or defence of legal claims.
• You object to us processing your data where our only grounds for doing so are either a task in the public interest or a legitimate interest pursued by us or a third party. We will then restrict processing pending verification as to whether or not we have overriding grounds for processing.

In each case we will inform you before any restriction is lifted. However, please note the following:

• Even with a restriction in place, we are still allowed to store data and process it for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.
• A restriction only applies to Personal Data and we are allowed to continue processing other data regarding your claim. For example we still have to conclude or stop tasks already instigated such as correspondence with other parties and payments to suppliers which you may then have to complete.
• We will not be responsible for any delay caused by unnecessary restrictions imposed by you

Under the GDPR, you have a right to receive your Personal Data by making what is known as a “Subject access request” or SAR. In most cases, the information you want should be available without the need for making a formal SAR by asking those handling your claim and you should approach them in the first instance. This will avoid possible delay of a formal SAR where the GDPR allows us a month to respond which may be extended by a further two months in complex cases.

Please also note that when responding to a SAR we are not obliged to provide data likely to prejudice your insurer’s position, is legally privileged or relates to a third party who has not given permission for it to be released. In certain circumstances, we might also be bound by confidentiality not to disclose information. Therefore, certain data might be withheld depending on the situation and nature of your claim.

Should you wish to pursue a formal SAR, please inform those handling your claim which will speed up your identification. Alternatively, the request can be directed to the relevant Data Protection Department at Cogent Claims Limited as above. In certain circumstances, your request may have to be redirected to an organisation we are acting for (where they are the data controller), in which case we will advise you their contact details.

If you submit a SAR, we will advise you of the next steps as soon as possible, and in no more than one month.

Please be aware that our organisation may record telephone calls for training and security purposes.

Call recordings will be retained for limited periods depending on the service being provided, any contractual requirements with those we are working for and the technical facilities in place.

You have the right to receive the Personal Data about you that has been provided to us in a machine-readable format or when requested, we can also send it to another data controller where this is technically feasible. However, please note:

• portability only applies to data capable of being converted into machine readable format which may exclude images, scanned document, photographs etc. provided
• portability is only available where:
• processing is based on consent or for the performance of a contract and
• the processing is carried out by automatic means

However, should you want to exercise your right under this option, please advise those handling your claim.

If you have a complaint about how we use your information, then please contact us at:

Data Protection Officer

Cogent Claims Limited

Kingfisher House,

Peel Avenue,

Wakefield,

WF2 7UA

If you have a complaint about the way in which your data has been processed, you can contact the ICO at: www.ico.org.uk/concerns.

We will seek to respond to any request we receive in relation to your rights within one month. However, if this is not possible, we will advise you within one month that the time frame will be extended by up to a further two months and give an explanation why the extension is required.

Our response to and any actions necessary for us to comply with a request by you in respect of any of your rights will be handled free of any charge to you. The only exception to this will if the request is excessive or repetitive. If we do intend making a charge we will inform you of this before proceeding with any actions that might incur that charge