Privacy Notice

What we do with your data and what your rights are

We are Mike India 5 Limited T/a The Brownsword Group, a claims investigation specialist operating in the capacity of data processor (or sometimes joint data controllers) under authority and direction from our clients, the data controllers. Our address is Delta House, Alphagate Drive, Denton, Manchester, M34 3SH and you can email us at enquiries@brownsword.com or phone us on 0161 320 2555. If you prefer the retro approach you can send us a fax: 0161 320 2550.

We process data for our clients as data processors (or joint data controller) to their data controller status and as such all data is processed in accordance with their processing requirements (i.e. we do as we are told). Should consumers (that’s you) wish to access the privacy policy of the data controller (our client, typically an insurance company or solicitor) this should be sought directly from them.

All data is processed lawfully, fairly, transparently and in accordance with data protection legislation. We think this privacy notice is written in clear and transparent language, but if you disagree or have any questions, you can email us at enquiries@brownsword.com

The Data Protection Act 1998 has been replaced, from 25th May 2018, with the General Data Protection Regulations and the Data Protection Act 2018. The ‘GDPR’ can be found in full here if you want to read a few hundred pages of European legislation:

http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN

We act as sole data controller only in our capacity as an employer and in relation to any data submitted via our website contact form which is not in relation to instructions from our clients. Information on privacy for our employees is an internal document only.

Our commitment to you the consumer (the “data subject”):

  1. We aim to operate in a clear and transparent way at all times where possible.
  2. We will collect and process data fairly and lawfully.
  3. We will only use data in a way that people would reasonably expect.
  4. If you are contacting us using our contact form on the website and are not previously known to us and are not a customer of our clients, your data will be processed in accordance with your request and for the purposes of your enquiry only (for example, job applicants).
    1. Data you send to us via the website contact form will be processed internally in order to handle your request in the relevant department, and may be held on file with your consent for a period of time (for example if we are not currently recruiting but are interested in your profile we may keep your cv and personal details for future reference, if you say we can – you can change your mind at any time and tell us to delete it).
    2. If you are contacting us to apply for a vacancy or submit your cv, we may research and access publically available information on the internet including social media in pursuance of your application.
    3. If you are contacting us using our contact form on the website as a customer of our clients, we are acting as data processors in accordance with the requirements of our client, the data controller. It is the duty therefore of our data controllers to provide full privacy notice information and this can be requested from them directly. We act for many data controllers; for information on the data controller responsible for your case (usually your insurance company or a solicitor), including identity and contact details, please telephone us on: 0161 320 2555 or email us at: enquiries@brownsword.com alternatively please consult your policy details directly.
  5. As a customer of our clients, if you refuse to provide information to us this may affect the processing of your claim.
  6. We will not share any data with any third parties nor transfer it outside the UK.
  7. The recipients of the data we process will be our data controller (typically your insurance company as we are carrying out enquiries for them).
  8. We may engage third parties in the course of our data processing, for example a company who provides translation services, who would need your basic personal data to carry out the role (such as your name and address to attend the meeting), or the DVLA or Police if we are making enquiries involving them (for example we are investigation a road traffic incident where the Police attended and we wish to obtain the Police report). We will never disclose your personal data to any third party who does not have a function in our claims investigation enquiries.
  9. We retain the right to pass information on to any authorities who required us to do so by law as governed by the relevant legislation applicable in the UK.
  10. The purpose of processing your data is determined by the data controllers we are acting for and based on their instructions to us (for example, to help settle an insurance claim).
  11. The categories of personal data we process are determined by the data controllers we are acting for and based on their instructions to us. Personal data will either be presented to us by our data controllers based on information you have provided to them, or will be obtained directly from you in our dealings with you (conversations and written communication) or may be obtained by publicly accessible sources.
  12. We will process personal data (for example your name, address, date of birth, occupation and so forth) and also sensitive personal data where this is applicable to our enquiries (criminal convictions or racial or ethnic information where we are establishing identity or confirming the details provided to your insurance company, for example).
  13. The retention period (how long we will keep your data) is determined by our data controllers, typically this might be 6 or 7 years. After that time, all data will be securely destroyed.
  14. Each data subject (you) has rights as set out by the GDPR, these are:
    1. The right to be informed – that means a company should tell you what they do with your data. That is this privacy notice you are reading.
    2. The right of access – this means you can request a copy of your data and details about what is done with it. Because we are likely to just be the data processor, we will send any requests like this to the data controller to action.
    3. The right of rectification – if you think we have got something wrong, please tell us and we will discuss this with you and look at putting it right. We will also make every effort to make sure data is accurate in the first plce, so hopefully you won’t need this one!
    4. The right of erasure – you can request that a company deletes your data. They might not always do it though, it depends on what basis it was collected, but we will discuss this with you if you make this request.
    5. The right to restriction processing – similar to the above, you can ask a company not to carry out certain types of data processing, such as “stop sending me leaflets!”
    6. The right of data portability – if you are moving all your data from one company to another, they now have to send this data for you (for example if you are swapping mortgages).
    7. The right to object – you can object to a company processing data. This doesn’t mean they will automatically stop, but you can object. Again it depends on why the data is being processed.
    8. Rights about automated decision-making and profiling – this is where a company uses a computer to make a decision; we don’t do this so it doesn’t apply here.
    9. You always have the right to lodge a complaint with the Information Commissioner’s Office (the ICO). You can do that here: https://ico.org.uk/concerns/
    10. You have a right to be forgotten under data protection legislation however this might adversely affect our ability to provide services to your insurance company or solicitor. This right is not automatic and may be declined depending upon circumstances. Any right to be forgotten requests will be directed to the data controller handling your claim. For full information on the right to be forgotten please see; https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/individuals-rights/the-right-to-erasure/
  15. We will process and store your data really securely, including on paper, on computer systems (which no-one outside the company can access), on CD/DVD, and on the network including back-ups. We will carry out manual processing (things like photocopying) and electronic processing (email and computer storage). We have ISO 27001, that’s a standard to make sure our IT systems are super-safe, with encryption and antivirus and lots of other techy stuff. We review our processes on a regular basis to make sure we still comply with the law.
  16. All companies need a lawful basis (or several) to be able to legally process data. Our lawful bases for processing personal data and sensitive personal data are:
    1. the data subject has given consent to the processing of his or her personal data for one or more specific purposes (the consent being the lawful contract for services between you and your insurance company).
    2. processing is necessary for the performance of a contract to which the data subject is party. The services of the company may be necessary for the insurance company to fulfil their obligations under the contract with the data subject in the event of an insurance claim on their policy.
    3. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. Processing may be required in order to investigate and settle an insurance claim accurately. In this regard the legitimate interests of the insurance company to collect and use personal data will be considered against the rights of individual(s).
    4. the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject.
    5. processing relates to personal data which are manifestly made public by the data subject.
    6. processing is necessary for the establishment, exercise or defence or legal claims or whenever courts are acting in their judicial capacity.
  17. We will only process data for the purposes it has been collected for; nothing else.
  18. We will not use any of your data for marketing purposes.

If this information is required in any other format please contact us at: enquiries@brownsword.com with your requirements and we will aim to assist where reasonably practicable, for example we can provide a paper copy, bigger font, or email it to you. We might not be so keen to provide it in Latin, but we will consider all reasonable requests!

This privacy notice has been written in conjunction with: the Data Protection Act 2018, ICO guidelines and data protection legislation including Articles 12, 13 and 14 of the GDPR (the General Data Protection Regulations); and the Privacy and Electronic Communication Regulations 2015.

Privacy Policy where The Brownsword Group is a Joint Data Controller, Data Controller-in-Common and/or has Delegated Authority (in addition to the above)

We act as a supplier to your insurance company but may have delegated authority to make decisions on their behalf. We provide these services under contract to make sure we protect your personal information using appropriate security measures. This contract prohibits us from using your personal data other than as instructed by the insurance company.

We are appointed where additional information is required in relation to a reported or alleged incident. We are instructed as claims investigators to carry out additional services such as interviews, reports and evidence review in order to validate the information presented.

Who does this Privacy Policy apply to?

This privacy policy describes how we handle personal information about the following people:

  • Insurance policyholders.
  • Named drivers and others covered by an insurance policy where we are investigating a claim on that policy.
  • Witnesses and other third parties whose information we may receive.

We process personal information in line with the UK’s data protection laws and other relevant laws that apply.

The personal information we may collect about you

Individual Details – Name, address, other contact details such as email and phone numbers, gender, marital status, date of birth, nationality, employment status, job title, and any other personal details you have provided to your insurance company or which are accessible via databases or in the public domain.

Financial Information – financial history, sanctions and criminal offences, including information received from external databases about you.

Previous and Current Claims – Information about previous and current claims; dashcam recordings where this technology is used; information about you from external databases and information collected from publicly available sources of information including social media.

Special Categories of Personal Data – Information about health, disability, criminal convictions (including motoring offences).

Where we collect your personal information

We may collect personal information about you from:

  • You.
  • Your insurance broker / insurance company.
  • Your employer or their representative.
  • External databases, claims registers, sanctions lists, court judgement and similar databases.
  • Government agencies such as the DVLA (to check licence and vehicle information) and HMRC.
  • The publicly available electoral register.
  • Witnesses, experts, loss adjusters, engineers, legal advisers and claims handlers.
  • Other publicly available sources of information including social media.

How we use and disclose your personal information

Where we are assisting an insurance company in the processing of a claim, the purpose of collecting data includes; managing insurance claims, providing information and evidence on the validity of a claim, investigate suspected fraudulent or exaggerated claims.

We will disclose and share the information collected about you to your insurance company (our client and data controller or joint data controller or controller-in-common) or your insurance broker upon request of the insurance company.

The data protection laws classify information about your medical conditions, disabilities and criminal convictions as ‘special category’ personal data which warrants extra protection. We will share this kind of personal data where it is essential to administer your insurance claim or for anti-fraud purposes.

Profiling

We do not carry out any profiling.

Marketing

We do not carry out any marketing nor pass your details to any third party for the purposes of marketing.

Call Recording

You should note that telephone and video calls may be recorded or monitored, either by us or our client (your insurance company). Call recording and monitoring may be carried out for the following purposes:

  • training and quality control;
  • as evidence of conversations; and/or
  • for the prevention or detection of crime (e.g. fraudulent claims).

Preventing or detecting fraud and other criminal offences

We will check your information against a range of registers and databases for completeness and accuracy. We may also conduct searches of publicly available sources of information including social media to verify claims and detect and prosecute fraud. We may share your information with law enforcement agencies, legal advisers, investigators, other organisations and public bodies.

Consent and the Legal Basis for Processing Your Personal Information

The personal information you provide to us and we collect about you is needed for us to assess your claim in line with the terms of the contract you have entered into with your insurance company. Some of the information is collected for fraud prevention purposes, as described above.

You are free to withhold your consent or withdraw it at any time, but if you do so it may impact upon our ability to validate your claim.

We rely on the following legal basis for processing data;

Under Article 6, 1. of the GDPR, the company is processing data whereby:

  • the data subject has given consent to the processing of his or her personal data for one or more specific purposes (the consent being the lawful contract for services between the data subject and the insurance company).
  • processing is necessary for the performance of a contract to which the data subject is party. The services of the company may be necessary for the insurance company to fulfil their obligations under the contract with the data subject in the event of an insurance claim on their policy.
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.

Under Article 9, 2. of the GDPR, TBG is processing special categories of data whereby:

  • the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject.

(e) processing relates to personal data which are manifestly made public by the data subject.

(f) processing is necessary for the establishment, exercise or defence or legal claims or whenever courts are acting in their judicial capacity.

The Data Protection Act 2018 makes several provisions for processing data including special categories of data which The Brownsword Group’s activities rely on. These include:

  • SCHEDULE 1 PART 2 paragraph 10 ‘Preventing or detecting unlawful acts’.
  • SCHEDULE 1 PART 2 paragraph 11 ‘Protecting the public against dishonesty etc’.
  • SCHEDULE 1 PART 2 paragraph 14 ‘Preventing fraud’.
  • SCHEDULE 1 PART 2 paragraph 20 ‘Insurance’.

Other Disclosures

In addition to the disclosures described elsewhere in this privacy policy, we may also disclose your personal information in the following circumstances: (i) if required by law; (ii) in connection with a reorganisation, sale or transfer of all or any part of our business; (iii) if we believe that the disclosure is necessary to enforce or apply the terms of our contracts or otherwise to exercise or defend our rights; (iv) in order to comply with a judicial proceeding, court order or other legal obligation, or a regulatory or government inquiry.

Retention

We will keep your personal data only for as long as is necessary for the purpose for which it was collected. We have various different retention periods for different types of claims and to meet the requirements as set out in the contracts with our clients.

Your Rights

You have rights under the data protection laws including the right to access the information we hold about you and receive a copy of that information (subject to any legal restrictions that may apply), to have the information corrected if it is inaccurate, and to have it updated if it is incomplete.

We may ask for proof of your identity before we can respond to your request.

In certain circumstances you may also have the following rights:

  • The right to have your data deleted;
  • The right to restrict or object to the processing of your personal data;
  • Where you have provided personal data voluntarily, or otherwise consented to its use, the right to withdraw your consent.

If you wish to exercise any of your rights, please contact us.

You also have a right to make a complaint to the Information Commissioner:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Tel: 0303 123 1113 (local rate) or 01625 545745 (national rate)

Email: casework@ico.org.uk

Cookie Policy

What are cookies?
Cookies are used by websites to help them run smoothly and make certain features work.

Cookies cannot harm your computer.

Most web browsers automatically accept cookies. You can choose to alter your browser settings to prevent automatic acceptance, if you prefer. If you opt not to receive our cookies, we cannot guarantee that your experience with our website will be as quick or responsive as if you do receive cookies, and certain features may not work.

How long will a cookie stay on my computer?
The life of a cookie depends on what the purpose of the cookie is. Session cookies are temporary cookies that exist in the cookie file of your browser only for as long as you stay on the site. Persistent cookies are cookies that remain in the cookie file of your browser for much longer. Their lifetime depends on the specific cookie.

What about cookies from other sources?
We do not use or allow third parties to serve cookies.

Do we collect IP addresses?
Yes, our firewall collects IP addresses in order to protect our site from unauthorised access (both the website and our server will look at and store IP addresses as part of their firewalls). This is for security, and the protection of the website and data. If the firewall detects an attack from an IP address, it will stop that IP from having access to the site in order to prevent the website from being hacked.

We do not use this information for any other purpose and we do not run analytics on web traffic.