We (Marley Risk Consultants Limited) are committed to protecting the privacy of all information including personal data that we collect and process during our business as loss adjusters and claims managers and adhere to, as per the UK GDPR (General Data Protection Regulation) definition shown below.
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Why we need your personal data
We have been appointed by our instructing principals to deal with your claim. Our instructing principals are general insurers, who are party to the claim, and also act as the Data Controller for your Personal Data. To provide our services, we will need to process your information and we act as Data Processors in this processing.
The data that we process will consist of the personal data given to us by our instructing principals upon our appointment and during the handling of your claim by us. It will also include any personal data collected by us from you or other parties throughout the claims process. We will only collect this information in accordance with data protection principles and definitions.
We will only process personal data that is necessary for the handling of your claim, examples of which may include but not necessarily be restricted to:
- Your name and address, place and date of birth, National Insurance number, passport number, driving licence number, contact details such as e-mail and telephone number/s, your gender, marital status, family status, photographs, video and other images, professional licenses and affiliations, professional and financial information and history.
- Information to investigate crime, including fraud and money laundering: For example, insurers commonly share information about their previous dealings with policyholders and claimants for this purpose.
- Telephone conversations which we may record but only for training and monitoring purposes and for the investigation of crime including fraud and money laundering and to provide fair processing information.
- Information made publicly available including via social media.
Purpose and legal basis of processing
The necessity to perform our services, as agreed between Marley Risk Consultants Limited and the Data Controller, regarding loss adjusting and claims settlement.
A “Data Controller” is the organisation that alone or jointly with others determines the purposes, conditions, and means of processing your personal data. Unless otherwise advised, Marley Risk Consultants’ function will be a Joint Data Controller and/or processor of your data.
We use your personal data to:
- Communicate with you and other interested parties to manage your claim.
- Make decisions about claim assessment, processing, and settlement.
- Provide improved quality, training, and security.
- Prevent, detect, and investigate crime, including fraud and money laundering.
- Resolve complaints, and handle requests for data access or correction.
As such your personal data will:
- Only be collected where we have lawful grounds and legitimate business reasons to do so.
- Be dealt with in a transparent and legitimate manner.
- Only be obtained and processed for the purposes of handling of your claim and will not be used for any purpose other than for the handling of your claim.
- Be corrected/updated if you inform us or if we discover that your details have changed or that they are incorrect.
- Be retained through appropriate organisational and technological measures.
- Be securely deleted at the end of the appropriate retention period defined by your Insurer and in compliance with privacy legislation. Specific details for any claim can be provided on request.
- Only be provided to others for the purpose of processing your claim and we will ensure that when we do this the recipient has appropriate security measures in place.
On all claims, your information will be provided to the Insurer who holds the relevant policy.
We do however value your feedback and provide this to your insurers (if applicable) in order that we can gauge, measure, and improve our service. We will specifically seek your consent should we invite you to take part in any such survey.
Please feel free to provide us with your feedback, good or bad.
Sharing of personal data
As part of the claim handling process, your personal data may be shared with others, where necessary to deal with the claim or as required by law including:
- Our group companies.
- Our instructing principals’ service providers.
- Our service providers
- Any regulatory party to comply with legal duties and requirements.
- Other parties such as the emergency services, our bank where we operate fund payment arrangements on behalf of our instructing principals’, any fraud prevention database supported by and or regulated by insurers or the FCA. For example, personal data may be put on registers of claims and shared with other insurers.
Where we provide personal data to a service provider, the service provider will be required to use appropriate technical and operational measures to protect the confidentiality and security of your personal data in accordance with all applicable data protection laws and regulations.
Should we need to transfer, store, or process your data on systems outside the EEA, then we will ensure that any such activity is subject to equivalent levels of security and data protection measures.
We will not use your data for any marketing purposes whatsoever and it will not be used, sold, shared, or distributed to any third party for marketing or any other commercial purpose/s.
Protecting your data
To protect your data we take all appropriate, reasonable, proportionate, technical, and legal measures. If you believe that your communications with us or the data that we have retained is no longer secure you should contact us immediately. Please see contact details below.
All possible reasonable steps are taken to ensure that your personal data is accurate and complete as is necessary for the performance of our services. Should you consider the data we hold is either inaccurate or no longer correct, you have the legal right to have it corrected. See contact details below.
Under UK data protection law, you have various rights in relation to your own data (i.e. where you are the ‘data subject’), which are summarised below:
- Right to be informed
Individuals should be entitled to a minimum set of information concerning the purposes for which their personal data will be processed.
- Right to gain access to your information
Individuals can request access to their personal data and GDPR puts obligations on data controllers to comply with such requests, where applicable, and to supply this data free of charge if the request is reasonable. This must be carried out within one month of receiving the request.
- Right to rectification
Individuals can request the rectification of any errors in their personal data where applicable, and this must be carried out within one month of receiving the request.
- Right to erasure
Individuals can request the deletion or removal of personal data where there is no legal reason for its continued processing.
- Right to restrict processing
Individuals have the right to request the restriction or suppression of their personal data. This is not an absolute right and only applies in certain circumstances.
- Right to data portability
Individuals can obtain and reuse their personal data for their own purposes across different services.
- Right to object
Individuals can object to the processing of personal data. However, in some circumstances there are legitimate reasons to continue that override this right, for example, the processing is necessary for the establishment, exercise, or defence of legal claims.
- Right to not be subject to a decision based on automated processing or profiling
Individuals have the right not to be subject to a decision when it is made solely because of the automated processing of their personal data. We must ensure that individuals are able to obtain human intervention, express their point of view and obtain an explanation of the decision and challenge it.
Please note that there will be situations where exceptions apply under data protection law that we may rely on. We or the Data Controller will inform you if we are unable to comply with your request, or how your request might impact you when you contact us.
To exercise these rights, please refer to the contact details below.
If you would like to discuss any aspect of this Privacy Notice or anything else about the personal data that we collect on you, please contact us using the details below.
Specific queries in relation to exercising your rights should be directed to:
- Address: The Data Protection Officer, Marley Risk Consultants Limited, Unit 6D Stella House, Vale Park Business Centre, Asparagus Way, Evesham, Worcestershire, WR11 1GN
- Email: [email protected]
If you have any concerns or complaints in relation to the processing of your data, we ask that you contact us first to give us the opportunity to understand the issue and see how we can address it.
In any event, you have the right to lodge a complaint with your Insurer (if applicable) or the supervisory authority, the Information Commissioners Office. To report a concern to the ICO, please refer to the contact details below: