GDPR Privacy Statement

Noble Claims Services Ltd (NCS) take the protection of your privacy and the confidentiality of your personal information (Personal Data) extremely seriously. This privacy statement sets out how we meet our obligations regarding data protection and the rights of our customers, prospective customers, and former customers (Data Subjects) in respect of their Personal Data as defined under relevant data protection legislation including the Data Protection Acts of 1998 and 2018 (the DPA), the General Data Protection Regulation effective from 25 May 2018 (the GDPR) and any subsequent data protection legislation.

This privacy statement should be ready in conjunction with our Online Privacy Policy and Terms of Business.

What is Personal Data?

GDPR defines Personal Data as any information relating to an identified or identifiable natural person (Data Subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as an individual’s: name, contact details (including address and e-mail address, telephone number), date of birth, gender, marital status, financial details, details of occupants of your property, employment details and benefit coverage or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

We may also collect ‘special categories’ of Personal Data such as racial or ethnic origin, political opinions, religious beliefs or other beliefs of a similar nature, trade union membership, genetic and biometric data, or data relating to sexual orientation. We may also collect data relating to criminal convictions and offences.

Where Personal Data about you is obtained from publicly available sources, we will only use such data fairly, meaning for legitimate purposes as would be anticipated of (and reasonably expected as) the activities of an insurance broker, and not further processed in a manner that is incompatible with those purposes.

What Personal Data does NCS gather?

We will only gather Personal Data that is necessary for us to provide our services to you. This data includes personal and special category data. Below is a list of examples of the data we may gather:

Your name, date of birth, residential address and address history. Residency, marital status, contact details such as email address and telephone numbers.
DVLA details, driving history, licensing authority, previous insurance details, previous accidents and motor convictions.
Financial and employment details, including finance commitments and affordability questions, national insurance number, bank details and credit references (e.g. your credit rating).
In order to assess the terms of the insurance contract or administer claims that arise, we ask for special category sensitive data, such as medical history, county court judgments and criminal convictions.
Any information which you have provided in support of your policy or insurance claim.
Information from insurers, witnesses, third parties and solicitors in relation to an insurance claim made by you or against you.

The provision of your Personal Data is a contractual obligation in order for us to be able to administer your claim.

How does NCS handle your data?

The security and protection of your information is extremely important. NCS has appropriate safeguards in place, in accordance with our data protection obligations, for the protection of any Personal Data which we process. Our security controls are aligned to industry standards and good practice, ensuring that we effectively manage the risks associated to the confidentiality, integrity and availability of your information.

Furthermore, we ensure that our employees are aware and remain up-to-date of our data protection obligations; and all members of staff undertake annual training and testing.

We do not hold more information about you than what is required for the purposes for which it is being processed.
We endeavour to ensure that any information about you is accurate and kept up to date.
We do not keep your information for longer than is necessary or as required by law.
We process your information in accordance with your rights under the relevant Data Protection Laws.

We will share your Personal Data with authorised third parties. This is necessary and required by law in order for us to administer your claim. Depending on the type of insurance claim you have made on your insurance policy, your Personal Data may be provided to the following:

Policy Administration

Underwriters
Brokers/Agents
Fleet Managers

Claims Handling

Claims Handlers
Fleet Managers
Claims Investigators
Solicitors
Medical Assessors / Providers
Engineers
Salvage Agents
Repairers
Windscreen Repairers
Hire Car Providers
Reinsurers
Fraud Prevention Agencies

We may also receive your Personal Data from the above parties.

We may also pass your Personal Data to other companies who process data on our behalf. Some of these companies may be based outside of the EEA. In all cases we always take steps to ensure that your Personal Data is kept securely.

The processing of your Personal Data

We use your Personal Data for the following purposes:

Insurance Provision

We process your Personal Data in order to administer your insurance claim.

Administration

To manage and administer our relationship with you to perform all orders and contracts with you.

Complaints

To investigate and respond to any complaint made by you in relation to any insurance claim we manage.

Telephone Calls

We may monitor and record telephone calls for the purpose of security and training.

Fraud Prevention

Before we provide services to you we undertake checks for the purposes of preventing fraud and money laundering. These checks require us to process your Personal Data.

When we and fraud prevention agencies process your Personal Data, we do so on the basis of having a legitimate interest in preventing fraud and money laundering, in order to protect our business and comply with the laws that apply to us. This processing forms part of the contractual requirement of the services you have requested.

We, and fraud agencies, may enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

Fraud prevention agencies can retain your Personal Data for different periods of time. If you are considered a fraud or money laundering risk, your Personal Data can be held for six (6) years.

Whenever fraud prevention agencies transfer your personal data outside to the EEA. They impose contractual obligations on the recipients of that data to protect your Personal Data to the standard required in the EEA.

Personal Data retention

We will retain your claims records for six (6) years, plus four (4) months to allow for serving of proceedings from the date of the file closure unless the claim involves a minor. In the case of a minor being involved in the claim, then we will retain your claim records for six (6) years, plus four (4) months from when the individual turns eighteen (18).

Personal Data security

Furthermore, we ensure that our employees are aware and remain up-to-date of our data protection obligations; and all members of staff undertake annual training and testing.

Your rights

You are provided with legal rights governing the use of your Personal Data. These rights are as follows:

The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.

You can exercise your individual rights at any time. Further information on these rights can be found below:

The right to be informed

It is your right to know how we process your Personal Data.

The right of access

You have the right to access the data we hold about you.

You can request to see what Personal Data we hold on you and there is no charge for this service and will be provided to you within one (1) month of your request.

Should you wish to receive a copy of the information we hold on you, please contact our Data Controller by email: data@nobleclaims.co.uk

Or you can write to us:

Data Controller
Noble Claims Services Ltd
19 West Street
Carshalton
Surrey
SM5 2PT

The right to rectification

You have the right to request that incomplete or inaccurate Personal Data about you is rectified without undue delay.

We take all steps to ensure that the Personal Data we hold about you is accurate and complete. If you do not believe this is the case, please contact us to amend and update it.

The right to erasure

In certain circumstances, you have the right to ask us to erase your Personal Data, for example where the personal information we collected is no longer necessary for the original purpose, however this will need to be balanced against other factors, for example legal and regulatory obligations which mean we cannot comply with your request.

The right to restrict processing

In certain circumstances, you have the right to request the restriction of our processing of your Personal Data (although we will still be permitted to store it where we have a legitimate interest in doing so, for example to address future disputes, in which case access to such Personal Data will be restricted as appropriate).

The right to data portability

In certain circumstances, you have the right to ask that we transfer any personal information that you have provided to us to another third party of your choice. Once transferred, the other party will be responsible for looking after your personal information.

The right to object

You have the right to object to our processing your data (this can be in relation to only certain types of processing if you wish, so that other types of processing necessary for the performance of our contractual obligations can continue) where we do so in connection with our legitimate interests, or in relation to our profiling your data or using it for marketing purposes.

Please note:

In exercising your Individual Rights, you should understand that in some situations we may be unable to fully meet your request. For example, if you make a request for us to delete all your personal data, we may be required to retain some data for taxation, prevention of crime and for regulatory and other statutory purposes.

You should understand that when exercising your rights, a substantial public or vital interest may take precedence over any request you make. In addition, where these interests apply, we are required by law to grant access to this data for law enforcement, legal and/or health-related matters.

The flow of data within the insurance sector is complex and we ask you to keep this in mind when exercising your ‘rights of accesses to your information. Where we may be reliant on other organisations to help satisfy your request this may impact on timescales.

Complaints

If you are dissatisfied with any aspect of the way in which we process your Personal Data please contact our Data Controller. You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via their website, by live chat or by calling their helpline on 0303 123 1113.

Contact us

If you have any questions regarding this policy, the use of your data and your Individual Rights please contact our Data Controller via one of the following methods:

Email: data@nobleclaims.co.uk

Telephone: 020 8370 4994

Post: Data Controller, Noble Claims Services, 19 West Street, Carshalton, Surrey, SM5 2PT