QuestGates Limited is committed to keeping your personal information secure, private and confidential.
Everyone has rights with regard to the way in which their personal information is handled. During the course of our activities we will collect, store and process personal information about our customers, suppliers and other third parties, and we recognise that the correct and lawful treatment of the data will maintain confidence in the organisation and will provide for successful business operations.
This policy sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it.
For the purpose of UK data protection laws, the data controller is QuestGates Limited 11a The Wharf, Bridge Street, Birmingham B1 2JS.
The following are trading styles of QuestGates Limited:
- Hyperion Adjusters
- TS Loss Adjusters
QuestGates data protection principles
When processing your information, we must comply with six enforceable principles of good practice. These provide that your personal information must be:
- processed lawfully, fairly and in a transparent manner
- processed for specified, explicit and legitimate purposes
- adequate, relevant and limited to what is necessary
- accurate and, where necessary, kept up to date;
- kept for no longer than is necessary, and
- processed in a manner that ensures appropriate security
Why we need your information
We need your information and that of others you named on your insurance policy to complete the processing of your claim. Your information comprises of all the details we are provided by the insurance company, details that we collect directly from you and includes information we obtain about you from third parties. We will only collect the information we need for a legitimate interest so that we can provide you with the best possible and most efficient service.
What personal information will we process?
We may collect and process the following information (Personal Data):
- Individual details: Name, address (and proof of address), other contact details (e.g. email and telephone details), gender, marital status, family details, date and place of birth, employer, job title and employment history, relationship to the policyholder, insured, beneficiary or claimant
- Identification details: Driver’s license number
- Financial information: Bank account number
- Criminal records data: Criminal convictions, including driving offences
- Policy information: Information about the quotes individuals receive and the policies they obtain
- Credit and anti-fraud data: Credit history, information about fraud convictions, allegations of crimes and sanctions details received from various anti-fraud and sanctions databases, or regulators or law enforcement agencies
- Previous claims: Information about previous claims, which may include health data, criminal records data, and other Special Categories of Personal Data (as described in the Insured Risk definition above)
- Current claims: Information about current claims, which may include health data, criminal records data, and other Special Categories of Personal Data (as described in the Insured Risk definition above)
Special categories of Personal Data:
- Health data: Current or former physical or mental medical conditions, health status, injury or disability information, medical procedures performed, relevant personal habits (e.g. smoking or consumption of alcohol), prescription information, medical history
- Racial or ethnic origin
How we collect your personal information
We may obtain personal information by directly interacting with you, such as:
- Claim application this may be via instructions to handle insurance claims from our clients
- Corresponding with us by phone, email, letters or otherwise
- Meeting with you
We may also obtain personal information about you from third parties or publically available sources such as:
- The other party to the claim (claimant / defendant), witnesses, experts (including medical experts), loss adjustors, lawyers and claims handlers
- Other insurance market participants, such as Insurers, Reinsurers and other Intermediaries
- Credit reference agencies
- Anti-fraud databases and other third party databases, including sanctions lists
- Government agencies, such as vehicle registration authorities and tax authorities
- By conducting searches of publicly available databases or social media sites, such as Companies House, Facebook, Twitter, LinkedIn
How we will use your information and who we will share it with
We will only use your personal information when the law allows us to. We will only use your personal information for legitimate business interests namely in the handling of a claim made under an insurance policy in the following circumstances;
Special category Information
We will only use ‘special category’ information if;
- We have your explicit consent.
- Where it is necessary for our or a third party’s legitimate interests, and your interests and rights do not override those interest, or
- Where we need to comply with a legal or regulatory obligation
Dealing with other people
It is our policy to deal with your spouse or partner who calls us on your behalf, provided they are named on the policy. If you would like someone else to deal with your claim on your behalf on a regular basis please let us know. In some exceptional cases we may also deal with other people who call on your behalf, with your consent. If at any time you would prefer us to deal only with you, please let us know.
Fraud Prevention and Anti-Money Laundering
Please take time to read the following as it contains important information relating to the details you have given or should give to us. You should show this notice to anyone whose data has been supplied to us in connection with your claim.
To prevent and detect fraud we may at any time:
Share information with other organisations and public bodies including the police although we only do so in compliance with Data Protection law
Check and/or file details with fraud prevention agencies and databases and if we are given false or inaccurate information and we identify fraud, we will record this. We and other organisations may also use and search these agencies and databases from the UK and other countries to:
- Check your identity to prevent money laundering, unless you provide us with other satisfactory proof of identity
Law enforcement agencies may access and use this information.
We and other organisations may also access and use this information to prevent fraud and money laundering, for example when:
- Checking insurance claims
We may use information about you and that of others named on policy to ensure compliance with financial sanctions in effect in the UK and internationally. This will include the checking of your information against the HM Treasury list of financial sanctions targets as well as other publically available sanctions lists. Your information and that of others named on policy may be shared with HM Treasury and other international regulators where appropriate. You may also be contacted in order to provide further details in order to ensure compliance with Financial Sanctions requirements.
What if you cannot or will not provide us with your personal information
If you do not want to provide us with your personal information when requested, we will not be able to continue with your claim.
Disclosure of your information
We my share your personal information with the parties set out below:
- On all claims your information will be provided to the Insurer who holds the relevant policy
- Professional advisors and business networks which we are connected
- Our outsourced IT services provider, NetMonkeys Ltd. Together with providers of Wi-Fi, IT and system administration services to our business
- Credit reference and fraud prevention agencies
- The information Commissioners Office, solicitors, National Crime agency the serious Fraud office and any other regulators and authorities who require reporting of processing activities in certain circumstances
- Business partners, suppliers and sub contractors to the extent we consider it reasonably necessary for us to perform claim handling
- Third parties to whom we chose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this policy
- We require all third parties to respect the security of your personal information and to treat it in accordance wit the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions
Where we store your personal information
All information you provide to us is stored on our secure servers in the United Kingdom, or on secure cloud based services in a country within the European Economic Area.
We will take all steps reasonably necessary to ensure that your data is treated securely, including taking the following safeguards:
Entry Controls – Access to our offices is secured by means of electronic entry controls
Secure lockable desks and cupboards – Desks and cupboards are kept locked when not in use if they hold confidential information of any kind
Methods of disposal – Paper documents are disposed of by shredding in a manner that ensures confidentiality
Equipment – Our internal policies require that users lock or log-off from their computer when it is unattended
Firewalls and encryption – We apply industry-standard firewall protection and encryption technology
Training – We ensure our employees are trained in the importance of data security
Electronic access – All data stored electronically is password-protected. Where we have provided an authorised user with a password, that user is responsible for keeping this password confidential and is not permitted to share the password with anyone
Overseas transfers – Whenever we transfer your personal information outside the united Kingdom, we ensure a similar degree of protection is afforded to it by ensuring that we apply appropriate safeguards (either by transferring data only to recipients in the European Economic Area, to recipients in countries approved by the European Commission, to recipients that are party to the EU-US Privacy Shield, or by using specific contracts approved by the European Commission)
How long we will store your personal information
The length of time that we store your data will depend on the ‘legal basis’ for why we are using that data, as follows:
|Legal basis||Length of time|
|Where we use/store your data because it is necessary for us to comply with a legal obligation to which we are subject||We will use/store your data for as long as it is necessary for us to comply with our legal obligations|
|Where we use/store your data because it is necessary for our legitimate business interests||We will use/store your data for as long as it is necessary for our legitimate business interests, or such earlier time as you ask us to stop. However, if we can demonstrate the reason why we are using/storing your data is more important than your interests, rights and freedoms, then we will be allowed to continue to use/store your data for as long as it is necessary for our legitimate business interests|
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitive of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
You have various legal rights in relation to the information you give us, or which we collect about you as follows:
You have a right to access the information we hold about you free of charge, together with various information about why and how we are using your information, to whom we have disclosed that information, from where we originally obtained the information and for how long we will use your information.
You have the right to ask us to rectify any information we hold about you that is inaccurate or incomplete.
You have the right to ask us to erase the information we hold about you (the right to be forgotten). Please note that this right can only be exercised in certain circumstances and, if you ask us to erase your information and we are unable to do so, we will explain why not.
You have the right to ask us to stop using your information where: (i) the information we hold about you is inaccurate; (ii) we are unlawfully using your information; (iii) we no longer need to use the information; or (iv) we do not have a legitimate reason to use the information. Please note that we may continue to store your information, or use your information for the purpose of legal proceedings or for protecting the rights of any other person.
You have the right to ask us to transmit the information we hold about you to another person or company in a structured, commonly-used and machine-readable format. Please note that this right can only be exercised in certain circumstances and, if you ask us to transmit your information and we are unable to do so, we will explain why not.
Where we use/store your information because it is necessary for our legitimate business interests, you have the right to object to us using/storing your information. We will stop using/storing your information unless we can demonstrate why we believe we have a legitimate business interest which is more important than your interests, rights and freedoms.
If you wish to exercise any of your legal rights, please contact our Compliance Manager, David Nicholls by writing to the address at the top of this policy, or by emailing us at firstname.lastname@example.org.
You also have the right, at any time, to lodge a complaint with the Information Commissioner’s Office if you believe we are not complying with the laws and regulations relating to the use/storage of the information you give us, or that we collect about you.
We do not use automated decision-making processes.
Third party links
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Changes to our policy
Any changes we make to our policy in the future will be posted on our website and, where appropriate, notified to you by email or via social media. Please check our website frequently to see any updates or changes to our policy.
Questions, comments and requests regarding this policy are welcomed and should be addressed to our Compliance Manager, David Nicholls, by writing to the address at the top of this policy, or by emailing us at email@example.com.
Last updated May 2018