As a claims management company, we provide guidance and actively support the entire claims process for both domestic and commercial policyholders. Oakleafe is committed to protecting the privacy and confidentiality of all individuals and takes its responsibilities regarding the security of data very seriously. We abide by the rules of the General Data Protection Regulation (GDPR) upheld by the Information Commissioner Officer (ICO). This includes processing any personal data lawfully, fairly and in a transparent manner.
Oakleafe is therefore the Data Controller. However, where you supply us data to review, such as documents or carry out due diligence on your behalf we will do so as the Data Processor. As data processors of the data passed to us we will process that data in accordance with your instructions as data controller. We may only use the data outside of your instructions to comply with our legal responsibilities.
What information do we collect about you and why?
Where you provide your personal data on our website or contact us by email or other electronic means it will be taken as a positive action that you would like us to contact you about our services. We will only collect data that we need from you to assess whether we can assist you with your claim.
If you choose to use our services, we will then collect data from you or your firm for us to fulfil our obligation to provide you with claims support as set out in your contract with us.
When obtaining information from you we will do this by phone, email, post or face to face and will confirm the accuracy of the data collated always. It is important that all the data we hold on you is accurate therefore if your data changes please let us know so that we can update our records.
Generally, the types of information we review, hold and process is regarding the claim, such as accounts, insurance policies, complaints, contents, images, lists etc. However, some of this data also includes personal data such as your name or other information that is personal to you.
The more common types of personal information we will collect from you includes: name, address, telephone number, email address, job role, bank and accountant’s details. We may also collect data on your employees such as their name, job role, telephone number and email address so that we can liaise with them where required to provide claims advice and management.
Where we assist you with completion of a claim form, we will only collect information that is necessary for the completion of that form. This may include personal data such as date of birth, national insurance number, passport, 5-year address history, employment history, etc. In addition, we may collect sensitive data and criminal offence data where required by the insurers to answer any questions relating to cover they may need. Where we obtain information to assist with a claim we will only acquire the data that the insurer requests or we believe may assist the claim approval.
Contact details received from a third party
The majority of our business comes from referrals. Where a third party refers your details on to us we will ensure they have obtained your consent and confirm that you are expecting us to contact you.
Information from other sources
We may obtain information from other sources such as public records, e.g. Companies House, Google Search, Directorship Search. This is to enable us to verify who you are or facts that you have told us are accurate.
Where we assist you with a claim or any other form of claim management we may obtain information from public records to support your application. Such as, acquiring information on firms that you have been a Director of over the last 10 years, obtaining accounts information/projections from your accountant. A copy of all the data we have collated for your application will be emailed to you for your records.
How will we use this information?
We will only use your data in ways that you would reasonably expect us to. Below summarises how we will use your data.
Where you make an enquiry to use our services we will only collect data that will provide us with the information for us to assess whether we can assist you with your claims needs
Once you become a customer we will use your data for providing you with our support and to register you as a new customer. We will keep a copy of all email communications with you. Where we need additional information from you to support a claim or any other form of claim management we will request this from you. Where we need it for any other reason we will notify you of this.
Where we review a client file we will produce a report to highlight any areas that require attention and to then be held on the claim file.
The lawful basis on which we use this information
We will use your data to register you as a new customer or if you decide to change the service contract or take out additional services with us. We will do this under the lawful basis of a contract. Once a contract is in place we will provide you with claims management support as outlined in that contract.
For the claims management services stated above, we will carry these out using lawful basis legitimate interests. We have decided upon this basis as it allows us to meet with our obligation to provide claims management support to you, the firm or individual and is the most suitable lawful basis for processing data.
Where we need your consent, we will ask for this separately. Your consent must be freely given by positively opting in or making a clear affirmative action that you are giving your consent. We will do our very best to ensure you know exactly what you are consenting to and remind you that you may withdraw your consent at anytime by contacting us by email or phone. Where consent is obtained a record of this will be made confirming what you have consented to, the time and date and how consent was obtained.
Customers: Our customers are important to us however we appreciate that on some occasions you may wish to look elsewhere. If you do, it would be nice to stay in touch and therefore will ask for your consent for us to do so.
Potential Customers: Where you have expressed an interest in our service but have then decided not to proceed we will ask for your consent to stay in contact with you in case you would like to use our services later.
Non-Customers: We will only send you information about our services if we have obtained your consent to do so.
Who will it be shared with?
We will only share your data with firms who assist us in meeting our obligation to you to provide claims management. On occasion we use the support of other consultants, secretary type business's or IT Support companies. Where we use such firms, we will carry out due diligence on them and obtain a copy of their Privacy Notice.
We will also liaise with your Accountant where relevant to assist with your claim. We may also liaise with your lawyer or other support entity where required and requested by you.
Where required we may forward your details onto regulatory authorities or fraud agencies where we have a legal obligation to do so to comply with our regulatory requirements or where fraud is suspected. We may do this under the lawful basis legal obligation.
What we will do to ensure the security of personal information
We will not share any of the information you provide to third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us regardless of whether the information is in electronic or physical format. We use leading technologies and security measures to safeguard your information and keep strict security standards to prevent any unauthorised access to it.
How long will we retain your data?
We will only hold data for as long as is necessary. Where you have expressed an interest in our services but have not proceeded we will keep the information for one year in case you decide to proceed. Where we have provided claims management support of any kind we will retain the file for a minimum of seven years, in line with the law or longer if we have a professional obligation under current legislation. Where we need to hold your file for longer than this then we will inform you of this.
Where we review a file on behalf of the firm we will keep a copy of the client record for one year in case you wish to discuss the case. The client file will then be deleted however a copy of the report we produce will be held on file for a minimum of seven years.
What are your rights?
You have the right to:
- Be informed about how we use, share and store your personal information;
- Request access to the personal data we hold on you (also known as a Subject Access Request (SAR)). Where a SAR is requested we will respond promptly and within one month from the date we receive the request;
- Request your personal data is amended if inaccurate or incomplete;
- Request your personal data is erased where there is no compelling reason for its continued processing and we don’t have a legitimate interest to retain it;
- Request that the processing of your data is restricted;
- The right to object to your personal data being processed;
- Rights in relation to automated decision making and profiling.
Where the processing of your data is based on your consent, you have the right to withdraw this consent at anytime by contacting us by phone or email. We do not use automated decision-making systems.
Right to complain
We hope that the claims management service you receive from us is to the high standard you would expect. If at any point you are unhappy with the way we have used your data then please notify Oakleafe by either email, post or phone as shown below. If you remain concerned about the way we collect or use your personal data, you can raise your concern with the Information Commissions Office (ICO) on 0303 123 1113. For further details you may visit the ICO website www.ico.org.uk
We will tend to disclose the complainant’s identity to whoever the complaint is about, however if you wish your identity to remain anonymous, we will try to respect that. We will keep your complaint on record for two years once closed.
Changes to the information
We regularly review and, where necessary update our Privacy Notice. If we plan to use personal data for a new purpose our Privacy Notice will be updated, and you will be notified.
How to contact us
If you wish to contact us about the above or any other matter, then please contact us at:
Midas Business Centre Wantz Road Dagenham Essex RM10 8PS
Tel: 0333 2101 999