International Claims and Risk Consulting Sp. z o.o. (“ICRC,” “we”, “our” and “us”) have been appointed by your Insurer (“our Principals”) to provide a claims management and loss adjusting service in relation to a claim you have or may make against the policy you hold with them.
By engaging our services, usually via your Insurer on your behalf in the first instance, you consent to us collecting and processing personal data supplied by you and disclosing this information to our Principals and Partners in connection with the claim management processes we adopt (“the Services”).
- make a claim to your insurer, broker or directly to us, for loss or damage under the terms of their policy, by telephone, email or post
- interact with or use our website
What information does ICRC collect?
We gather various types of information, including information that identifies or may identify you as an individual (“Personal Information”) as explained in more detail below.
Information You Provide to Us:
From the Services: We receive and store information you provide directly to us or your Insurer/Broker when you make a claim against your policy (Claim Data). For example, when setting up new claims, we collect Personal Information such as name and email address in order to provide you and your Insurer with the Services. The types of information we may collect directly from Insurers and Claimants include: names, email addresses, postal addresses, phone numbers, job titles, gender, date of birth, policy details and bank details or other information we may request in connection with delivery of the Services (Policy Data).
Our primary legal basis for processing this data is Legitimate Business Interest. It is necessary for us to collect and process this information in order to fulfil our service delivery obligations to Principals and Claimants.
Telephone calls: We record all telephone calls to our staff and offices.
When you use the Website: When you visit our website, we collect certain information related to your device, such as your device’s IP address, referring website, what pages your device visited, and the time that your device visited our Website (Submission Data).
The legal basis for processing this data is Legitimate Business Interest.
How do we use the information?
We may use the information we collect from Principals, Claimants and Brokers in connection with the Services we provide for a range of reasons, including to:
- set up a new claim file – electronically via our Claim Database and in hard copy format
- Communicate with you, our Principals and other appropriate third parties in order to deliver the services to you and our Principals
- make decisions about claim assessment, processing and settlement
- process and complete transactions relating to any payments made or to be made to you in relation to your claim or previous claims (“Transaction Data”). The data may include your contact details, your bank account details, and the transaction details. The transaction data may be processed for the purposes of processing these payments and keeping proper records of those transactions
- prevent, detect and investigate crime, including fraud and money laundering. The legal bases for processing, in this case, will be our Legal Obligation.
- resolve complaints and handle requests for data access and correction
We will retain your Personal Information for a minimum of 10 years, after which it will be deleted and/or destroyed if it is no longer required for the lawful purposes for which it was obtained.
Notwithstanding the other provisions of this policy, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
How do we share and disclose information to third parties?
We will not use your data for any marketing purposes whatsoever. We will not rent or sell your Personal Information to anyone for marketing or other commercial purposes.
As part of our claims management process, we may share and disclose your information (including Personal Information) with others as follows:
Vendors, loss assessors and other service providers:
We may share your information with loss assessors/engineers, third party vendors, repairers and other service providers who we engage to perform tasks on our and/or your behalf. These companies include (for example) our national network of assessors, dealers and repairers, salvage agents, Uninsured Loss Recovery agents, third party insurers, our IT service providers and other parties, such as emergency services, roadside recovery agents, Police and other crime/fraud prevention agencies.
Where we share your personal data with any third party, we will ensure this processing is protected by appropriate safeguards including a suitable data processing agreement with that third party.
In addition to the specific disclosures of personal data detailed above, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation, or in order to protect your vital interests or the vital interests of another individual.
Some of the personal information we ask you for may be sensitive personal data (such as information about financial circumstances or criminal convictions). We will not use such sensitive personal data about you or others except for the specific purpose for which you provide it and to provide the services described previously. Please ensure that you only provide us with sensitive information about other people with their agreement.
Dealing with other people on your behalf
It is our policy to deal with your spouse or a partner who calls us on your behalf, provided they are named on the policy or we have recorded your permission to do so on our system. If you would like someone else to deal with your claim on your behalf, on a regular basis, please let us know. Please note that in order for us to deal with any other person who may call on your behalf, we will need to record your consent. If at any time you would prefer us to deal only with you, please let us know.
We use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorized access, disclosure, alteration and destruction.
If you believe that your communications with us or the data that we have retained is no longer secure or correct, you should contact us immediately.
A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first party cookies.
Remember that some of our websites features may not work with cookies turned off.
For your convenience, hyperlinks may be posted on the Websites that link to other websites (the “Linked Sites”). We are not responsible for, and this Privacy Notice does not apply to, the privacy practices of any Linked Sites or of any companies that we do not own or control. Linked Sites may collect information in addition to that which we collect on the Websites. We do not endorse any of these Linked Sites, the services or products described or offered on such Linked Sites, or any of the content contained on the Linked Sites. We encourage you to seek out and read the privacy notice of each Linked Site that you visit to understand how the information that is collected about you is used and protected.
Your Privacy Rights
You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to:
- your request not being found to be unfounded or excessive, in which case a charge may apply; and
- the supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).
We may withhold personal information that you request to the extent permitted by law.
The rights you have under data protection law are:
- the right to access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to object to processing;
- the right to data portability;
- the right to complain to a supervisory authority; and
- the right to withdraw consent.
Your right to access your data:
You have the right to ask us to confirm whether or not we process your personal data and to have access to the personal data, and any additional information. That additional information includes the purposes for which we process your data, the categories of personal data we hold and the recipients of that personal data. You may request a copy of your personal data. The first copy will be provided free of charge, but we may charge a reasonable fee for additional copies.
Your right to rectification:
If we hold any inaccurate personal data about you, you have the right to have these inaccuracies rectified. Where necessary for the purposes of the processing, you also have the right to have any incomplete personal data about you completed.
Your right to erasure:
In certain circumstances you have the right to have personal data that we hold about you erased. This will be done without undue delay. These circumstances include the following: it is no longer necessary for us to hold those personal data in relation to the purposes for which they were originally collected or otherwise processed; you withdraw your consent to any processing which requires consent; the processing is for direct marketing purposes; and the personal data have been unlawfully processed.
Please note that we may still use any aggregated and de-identified Personal Information that does not identify any individual, and may also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Your right to restrict processing:
In certain circumstances, you have the right for the processing of your personal data to be restricted. This is the case where: you do not think that the personal data we hold about you is accurate; your data is being processed unlawfully, but you do not want your data to be erased; it is no longer necessary for us to hold your personal data for the purposes of our processing, but you still require that personal data in relation to a legal claim; and you have objected to processing and are waiting for that objection to be verified. Where processing has been restricted for one of these reasons, we may continue to store your personal data. However, we will only process it for other reasons: with your consent; in relation to a legal claim; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
Your right to object to processing:
You can object to us processing your personal data on grounds relating to your particular situation, but only as far as our legal basis for the processing is that it is necessary for: the performance of a task carried out in the public interest, or in the exercise of any official authority vested in us; or the purposes of our legitimate interests or those of a third party. If you make an objection, we will stop processing your personal information unless we are able to: demonstrate compelling legitimate grounds for the processing, and that these legitimate grounds override your interests, rights and freedoms; or the processing is in relation to a legal claim.
Automated data processing:
To the extent that the legal basis we are relying on for processing your personal data is consent, and where the processing is automated, you are entitled to receive your personal data from us in a structured, commonly used and machine-readable format. However, you may not have this right if it would adversely affect the rights and freedoms of others.
Complaining to a supervisory authority:
If you think that our processing of your personal data infringes data protection laws, you can lodge a complaint with a supervisory authority responsible for data protection. You may do this in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
Right to withdraw consent:
To the extent that the legal basis we are relying on for processing your personal data is consent, you are entitled to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
Exercising your rights:
You may exercise any of your rights in relation to your personal data by written notice to us in addition to the other methods specified above.
International Claims and Risk Consulting Sp. z o.o.
al. Waszyngtona 20 lok. 26
03-910 Warsaw, Poland
Data Protection Officer
Our Data Protection Officer:
Pawel Garstka / email@example.com
If you have any questions or concerns regarding our privacy notice, please send a detailed message to firstname.lastname@example.org or by post to the address listed above.