The Claims Advice Bureau is committed to protecting the personal privacy of its clients and users of the site.
1 About Us
Claims Advice Bureau (UK) Limited is a data controller and is committed to protecting your privacy and takes its responsibilities regarding the security of user information very seriously. This privacy statement sets out how Claims Advice Bureau (UK) Limited complies with both UK and European Union data protection requirements and applies to all services and products you may obtain through us. We have structured our website so that you can visit without identifying yourself or revealing any personal information. Once you choose to provide us with any information by which you can be identified, then you can be assured that it will only be used in accordance with this Privacy Notice.
This website and our services are not intended for children and we do not knowingly collect data relating to children.
If you have any queries about the policy, please get in touch with us using XXXX or write to us at the address below and we will do our best to answer your questions.
Data Protection Office
2 What is Personal data?
Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
3 How we use your information
This privacy notice tells you how we, Claims Advice Bureau (UK) Limited, will collect and use your personal data for example:
- To contact you in response to a specific enquiry,
- To provide our products and services that you request from us,
- Send you transactional communications via the contact details you have provided to us during our services;
- Contact third parties on your behalf, with your specific instruction;
- Send you email notifications which you have specifically requested;
- To personalise the website for you,
- To send you promotional emails and mailings about XXXX products, services, offers and other things that we think may be relevant to you,
- Operate and manage your account and manage any application, agreement or correspondence you may have with us;
- Carry out, monitor and analyse our business;
- To identify, prevent, detect or tackle fraud, money laundering, terrorism and other crimes,
- To contact you via email or telephone for market research reasons
- To form a view of you as an individual and to identify, develop or improve products, that may be of interest to you.
- For audits, regulatory purposes, legal obligations, and compliance with industry standards
- Perform other administrative and operational purposes including the testing of systems
- Please note that we will not under any circumstances sell or share your data with third party marketing companies without your consent.
4 Why do we collect and store personal data?
We need to collect personal data in order for us to provide you with a service, to answer enquires about our services and to maintain our records. In any event, we are committed to ensuring that the information we collect, and use is appropriate for this purpose, and does not constitute an invasion of your privacy.
5 Personal data categories we collect
We may collect, use, store and transfer different kinds of personal data about you which we have categorised as follows:
This includes, first name, maiden name, last name, marital status, title, date of birth and gender
This includes, physical address, email address and telephone numbers.
This includes, bank account information and payment details.
This includes, recorded calls for quality checks and staff training. Such recordings may also be used to help us combat fraud.
This includes, internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
This includes, information about how you use our website, products and services.
Marketing and Communications Data
This includes, your preferences in receiving marketing from us and your communication preferences.
This includes statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
Special Categories of Personal Data
This includes health and vulnerability related data that you may voluntarily share with us during the fulfilment of our services to you. We will always ask for your explicit consent to record and share Special Category Data.
Credit Reference Agency Data
We may ask for consent to access your lender information from a Credit Reference Agency This includes lender name, account types, account status
6 How we might collect personal data
We use different methods to collect data from and about you as follows:
When you voluntarily provide it to us: –
You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- apply for our products or services;
- request marketing to be sent to you; or
- give us some feedback.
Collected automatically: –
Provided by third parties or publicly available sources: –
We may receive personal data about you from various third parties as set out below:
- Technical Data from analytics providers such as Google based outside the EU;
- Identity and Contact Data from publicly available sources, including Companies House and the Electoral Register based inside the EU.
- Identity, Property Ownership Data and a Soft Credit Check via a customer trace with Lexis Nexis Risk Solutions UK Ltd
7 Processing purpose and our legal basis
We will always have a legal basis for processing personal data and we have methodically assessed our purposes and legal bases. Our legal basis for processing your information is most commonly in line with our contractual obligations to fulfil the services and products you request from us.
As a Regulated company we are audited and held to high standards for the services and products we offer. Therefore, we may be legally obligated to process personal data during regulatory audits.
In the process of delivering our services, there may be legitimate interests that we pursue, which we have tested to ensure that those interests are balanced, appropriate and we have considered any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). If you have any questions about the legal basis for our processing activities, please feel free to get in touch with our Data Protection Office.
8 Recipients of your personal data
During the course of providing the services that you request from us, we may share your information with our processing partners, known as recipients and data processors.
We conduct due diligence with both recipients and data processors around the areas of their data security protocols, data protection policies and we have strict contracts in place that govern how they process your information.
None of our Processors have the right to use your data other than for the purposes instructed by Claims Advice Bureau (UK) Limited.
We contract with administrative partners to provide human resource support, internal IT Support services including the use of centralised IT Systems and other internal functions. These recipients do not process personal data for the specific purpose of providing you with the service which we are contracted to fulfil.
Our administrative partners are bound by confidential contracts and operate as support functions only. There are multiple security mechanisms in place to prevent unauthorised disclosure or access to your personal data. Access to your personal data is for the specific purpose of maintaining excellent levels of service & systems and is necessary for the performance of our contractual obligations to you.
Mail & scanning services
Claims Advice Bureau (UK) Limited
Parts of our service are delivered by our carefully selected processing partners. We use Claims Advice Bureau (UK) Limited.
When we email our customers with service updates we may use Mailchimp to help us with this.
Customer Feedback & Surveys
Customer service is really important to us, so we might use Survey Monkey or Feefo to keep a track on how we’re doing.
We securely store call recordings with First Solutions Limited
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
Data Information Services
We may use carefully selected, authorised data suppliers.
9 When we may have to disclose your personal data
We may have to disclose your personal data with other third parties as set out below. These organisations or bodies will not use your information to contact you. These third parties will be subject to obligations to process your personal information in compliance with the same safeguards that we deploy.
HM Revenue & Customs
We’re required to disclose certain data with the HMRC.
Financial Conduct Authority
We’re authorised and regulated by the FCA, so we may have to disclose small amounts of data with them for auditing purposes for products and services under their regulation.
There may be other regulators and authorities such as Solicitors and Accountants, acting as processors based in the United Kingdom who require reporting of processing activities in certain circumstances.
Compliance Consultants and other like services acting as processors, based in the United Kingdom who require reporting of processing activities in certain legal and compliance circumstances.
10 Transferring data outside of the EEA
In the provision of our services to you we use data processors that are outside of the European Economic Area (EEA). Specifically, we use data processors based in South Africa.
The General Data Protection Regulation has strict rules about data transfers to international organisations and we use approved data transfer mechanisms, including the EU–US Privacy Shield and contracts with model clauses, particularly when using data processors based in South Africa.
We take extra steps to ensure comprehensive due diligence and regular audits, both onsite and remote, of the data processing activities of our data processors.
If you would like any more information, please get in touch by contacting our Data Protection Office, details can be found at the start of this Privacy Notice.
11 Making sure your data is secure
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
12 How long do we keep data?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available and you can request more details of that by contacting our Data Protection Office.
By law we have to keep certain information about our customers and this data will be held solely and securely for those legal purposes.
13 A little bit of profiling and automated decision making
When using some of our services you may have the option to undertake our Digital Journey, which is an automated online experience. We have built logic and analysis into our Digital Journey that will make decisions on the validity of your case submission, but you can rest assured that throughout this process there is the facility to query the processing with us in person.
When we complete a Subject Access Request (SAR) with your bank, some profiling will be necessary in line with the contract in order to process the bank statements received through the third party software. This software has logic and analysis built into it which will identify financial agreements you have paid by checking for lender codes, names and payment references and this produces a report detailing the results. The benefits are that this allows for greater consistency in identifying products , it may reduce potential of human error and will allow us to deliver the results within a shorter timeframe, therefore improving the efficiency of the process. This report will then be used to review your potential additional reclaims and other products and services which we or our trusted partners may be able to assist you with. This process will be necessary for the performance of the contract in relation to the SAR service.
For more information on the above, or to object to either process, or to request a manual review of the accuracy please feel free to get in touch with our Data Protection Office
14 Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
It is important that all of the information that we hold for you is and remains accurate. You can update your information with us by advising us over the telephone or via e-mail at Anthony@claimsadvicebureau.com
- Right to be forgotten – in certain circumstances, you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review: in the event that XXX refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain and we have provided a specific section on this below.
All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.
15 Requesting access to my data
Claims Advice Bureau (UK) Limited at your request, can confirm what information we hold about you and how it is processed. If Claims Advice Bureau (UK) Limited does hold personal data about you, you can request the following information:
- Identity and the contact details of the person or organisation that has determined how and why to process your data.
- Contact details of the Data Protection Office, where applicable.
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests of Claims Advice Bureau (UK) Limited or a third party, information about those interests.
- The categories of personal data collected, stored and processed.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
- If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information.
- How long the data will be stored.
- Details of your rights to correct, erase, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- How to lodge a complaint with the supervisory authority.
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
What forms of ID will I need to provide in order to access this?
Claims Advice Bureau (UK) Limited accepts the following forms of ID when information on your personal data is requested:
Passport, driving licence, birth certificate, utility bill from last 3 months.
Contact details of the Data Protection Office (DPO):
Contact Name: Data Protection Office
Address: Ivy Mill Business Centre, Ivy Mill, Crown Street, Failsworth, Manchester M35 9BD
Telephone: 0161 637 4242
16 When things don’t go as planned
In the event that you wish to make a complaint about how your personal data is being processed by Claims Advice Bureau (UK) Limited or third parties, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Claims Advice Bureau (UK) Limited data protection representatives Data Protection Office (DPO).
The details for each of these contacts are:
Supervisory authority contact details
Contact Name: Information Commissioner
Address line 1: Information Commissioners Office
Address line 2: Wycliffe House
Address line 3: Water Lane
Address line 4: Wilmslow
Address line 5: Cheshire
Postcode: SK9 5AF
Telephone: 0303 123 1113
Data Protection Office contact details
Contact Name: Data Protection Office
Address: Ivy Mill Business Centre, Ivy Mill, Crown Street, Failsworth, Manchester M35 9BD
Telephone: 0161 637 4242
If you have any queries about the policy, please get in touch with us using Anthony@claimsadvicebureau.com or write to us at the address below and we will do our best to answer your questions.
Data Protection Office
We’re giving you this information as part of our initiative to comply with recent legislation, and to make sure we are honest and clear about your privacy when using our website – we know you’d expect nothing less from us.
Cookies We Use
This cookie allows us to count the unique numbers of visitors to our site and does not contain any personally identifiable information.
_utmb & _utmc
These cookies allow us to see how long our visitors spend on our website. They do not record any personally identifiable information.
This cookie allows us to see where on the internet visitors to our website come from. It is anonymous and does not record any personally identifiable information.
This cookie is used to show the correct phone number to our visitors. It records no information about visitors. If you would like to remove cookies from your machine you can find further instructions here
Claims Advice Bureau (UK) Limited are Authorised and Regulated by the Financial Conduct Authority FRN: 837876, Regulation recorded at www.register.fca.org.uk.