Insurance claims privacy notice
This privacy notice is designed to help you understand how we use personal information when investigating insurance claims. We have set out the services types, the information we may use to deliver the services, who we may share it with, and how long we will keep it.
Information we hold about you
Personal information is used by our Insurance team in order to process insurance claims involving the local authority. This personal information may include, but not limited to name, address, date of birth, national insurance number, telephone number, gender, copies of GP/hospital records, medical reports, sickness records and financial details.
We get most of this information from you, but we may also get some of this data from:
- central Government agencies
- other local authorities
- health and social care provider
- police and probation services
- independent legal advisors
- insurers and their associated claim handlers
- members of the public (referrer)
- commissioned partners
- family members
Why we need your information and how we use it
We use your information to:
- deliver the service, or handle your query
- plan and improve the services we offer
- detect and prevent crime or fraud
- research, however this would be in anonymised form unless we ask for your consent to use your personal information for this purpose
Who your information may be shared with?
Sometimes we may need to share your information, but we will only do so where it is necessary or required by law. We will only share the minimum information for each circumstance.
We may sometimes need to share some of your information with:
- other Government organisations
- independent legal advisers
- insurers and their associated claim handlers
- internally within our other departments
We may also use data processors to support activities, for example by providing the systems we need or delivering services on our behalf.
The Data Controller
We are the Data Controller for this processing.
The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment.
The lawful basis for the processing
Most of the personal information we process is provided to us directly by you, under the Data Protection Act 2018, the lawful bases we rely on for using your personal information are:
- we need it to perform a public task (UK GDPR Article 6 (e)
- we have a legitimate interest (UK GDPR Article 6 (f)
When we collect data about your race, health (including biometric or genetic data), we also rely on the following lawful basis:
- we have a legitimate interest (UK GDPR Article 9 (2) (d)
- you have already made the data public (UK GDPR Article 9 (2) (e)
- we need to defend a legal claim (UK GDPR Article 9 (2) (f)
- we need to collect it for Substantial Public Interest in order to comply with UK legislation (UK GDPR Article 9 (2) (g)
- we need to analyse your information (UK GDPR Article 9 (2) (j))
We have to collect this data in accordance with the Civil Procedure rules to be able to fully investigate the circumstances of your claim and provide a decision on liability.
Your claim may not be compliant in accordance with the Civil Procedure rules if you do not provide all of the information requested in connection with your claim, if the claim is not compliant there is no obligation to process it.
Protecting your information
Your information is held securely on a dedicated claims management database, only claim administrators have access to the system. Supplementary information may be held on our IT network.
How long will we keep your personal information?
We will only use your personal information whilst delivering the service to you and to deal with any questions or complaints that we may receive about this unless the law requires us to keep it for a longer period. In practice, this means that your information will be kept for up to six years after your claim has been investigated if we have denied liability. If the claimant is a minor the data will be kept until the claimants turns 23 years old. If your claim is successful, we will retain your personal information for up to two years following the settlement of the claim.
If we need to use your information for research or reports, your information will be anonymised and any information taken from notes (hand written or typed) during any consultation sessions will be securely destroyed. The information will continue to be used in a summarised and anonymised form in any research reports or papers that are published. The anonymised information in the papers may be of historic interest and may be held in public archives indefinitely.
Under data protection law, you have rights including:
- your right of access - you have the right to ask us for copies of your personal information
- your right to rectification - you have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- your right to restriction of processing - you have the right to ask us to restrict the processing of your information in certain circumstances
- your right to object to processing - you have the right to object to the processing of your personal data in certain circumstances
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
To make a request follow the instructions on our Data protection for you page.
How to complain if you are unhappy about how your data is used
You can complain directly to our Data Protection team online or by post:
- Contact the DPO
- By post: Data Protection Officer, 4 Civic Way, Ellesmere Port, CH65 0BE
You also have the right to complain to the Information Commissioner’s Office using the following details:
Will my personal information be accessible outside the UK?
Should the transfer of personal information outside of the UK become necessary, it will only take place if permitted by law, and then only where there are appropriate safeguards in place to protect the personal information.
Your information will be stored on servers within the UK.