CALL US: 0208 981 4633

Your Privacy And Security

 

Introduction

Castle Group London Ltd trading as Castle Accident Management ltd are totally committed to keeping your personal data safe. We will always treat your personal data with respect and design our products and services with your privacy in mind.

This privacy policy will help you understand how we collect, use and protect your personal data.

You acknowledge that by providing your personal data to us, you consent to its processing in the manners outlined below. When providing personal data about others, you confirm that you have the consent of these individuals to supply their personal data. We are unable to offer you any product or service that requires the processing of special category personal data, as defined in the General Data Protection Regulation (GDPR), unless you provide explicit consent for the collection and use of such data.

Who we are

Castle Group London Ltd trading as Castle Accident Management (Registered number 09016644)

Data we collect

We collect personal data and sensitive personal data as part of providing services to you. We may also monitor or record calls, emails, SMS messages or other communications in accordance with UK law.

Types of data we may collect

Personal data

Examples of personal data we may collect include:

  • Name and titles
  • Physical address and address history
  • Driving License details
  • NI Number details
 

Special category personal data

Examples of special category personal data we may collect include:

  • Medical history
  • Claims history
  • Criminal convictions

We may also indirectly collect other special category personal data during the course of any fraud investigations.

Call recording and monitoring

We may monitor or record calls, emails, SMS messages or other communications for:

  • Business purposes such as quality control and training
  • Processing necessary information for entering into or performance of a contract
  • Prevention of unauthorised use of our telecommunication systems and websites
  • Ensuring effective systems operation
  • Meeting any legal obligation
  • Protecting your vital interests
  • Prevention or detection of crime
  • For the legitimate interests of the data controller
 

Telematics

If you have a Telematics Unit, we will use the Unit to capture data including date, time, speed, location and other associated vehicle and driving related information from your vehicle. This information includes:

  • Date
  • Time
  • Latitude
  • Longitude
  • Speed
  • Duration
  • Distance
  • Acceleration
  • Braking
  • Cornering
  • Other associated vehicle information

Our Telematics systems normally collect information while your vehicle is being used, and transmit this to us. Instances where the Telematics systems may send real-time data and alerts to us include where a collision or crash is detected, if the device’s tamper alerts are activated, or if it is at your request, for example if your vehicle has been stolen and a Theft Tracking service has been activated.

When data is collected

We will collect your personal data when:

  • You make customer enquiries
  • You register for information or other services
  • You register a claim
  • You respond to communications or surveys
  • We require additional information from you for validation purposes
 

How your data is used

  • Fraud prevention and detection
  • Administering debt recoveries
  • Verifying your identity when required
  • Undertaking market research, product development and statistical purposes
  • For assessment and analysis to enable us to review, develop and improve the services which we offer and to enable us to provide you and other customers with relevant information.
 

Legitimate Interests

There are certain circumstances where we process your personal data for our legitimate business interests. These can be commercial or societal benefits and in order for us to process your data, we will always balance our interests against your own to ensure it is fair.

The following processes rely on legitimate interest:

  • Fraud detection and prevention
  • Engaging and contacting you throughout the lifecycle of your claim to ensure you have a good experience as Castle Accident Management customer
  • Internally auditing our processes to maintain our high standards
  • Sharing data with selected third parties in order to add value to our products

If you have any further questions, don’t hesitate to contact us. You can telephone us on 0208 981 4633, or write to us at Castle Accident Management, 363 Commercial Road, London, E1 2PS

Who has access to your data

Apart from ourselves, other companies that may have access to your data include:

  • Companies or associates that are used to enable your claim to continue. The Companies would include:
  • Third parties involved with the claim, their insurer, solicitor or representative
  • Medical teams, the police or other investigators
  • Assigned Engineer
  • Our Soliciting panel
  • Assigned garage that would complete repairs
 

Confidentiality and disclosure of your data

We will endeavor to treat your personal data as private and confidential.

We would like to bring to your attention to our obligations to disclose data in the following four exceptional cases permitted by law, and the other situations set out below. These are:

  • Where we are legally compelled to do so
  • Where there is a duty to the public to disclose
  • Where disclosure is required to protect our interest
  • Where disclosure is made at your request or with your consent

If you make a complaint about the service we have provided, we may be obliged to forward details about your complaint, including your personal data, to the relevant ombudsman. You can be assured that they are similarly obliged to adhere to the Data Protection Act and keep your personal data strictly confidential.

Data subject rights

You have a number of rights as a data subject. Please note that these rights do not apply in all circumstances.

Request your data

In order to access the data we hold about you, you need to make a ‘Subject Access Request’, or SAR. To make a SAR please email us at:

info@castleaccidentmanagement.com

or write to us at

Castle Accident Management, 363 Commercial Road, London, E1 2PS

Please provide

  1. Your name, address, policy/claim number and what information you would like.
  2. Identification documents; one which shows your name and signature (e.g. a copy of your passport) and one which shows your Name and Address (e.g. a copy of a recent bill or bank statement or other official document). We will accept just one identification document if it shows your name, address and signature such as a copy of your driving license. (This is to take reasonable steps to confirm your identity before providing you with details of any personal information we may hold about you.)

Please note that if your SAR involves personal data of other people (such as named drivers on your policy) or you are making a request on behalf of another (such as a parent on behalf of their child), we will need identification from these individuals, as well as a signed letter of authority from them that they are happy for you to act on their behalf and for us to release their data to you.

Once we have received your request and identification documents, we will have one month to fulfil your request. Where for some reason this will not be possible, for instance due to large volumes of data being involved, we are permitted by law to take up to an additional two months to fulfil your request. Where any such delay is anticipated we will inform you of this as soon as possible along with details of when we expect to be able to provide you with the requested documentation.

Your other rights as a data subject, where applicable, include:

  • The right to be informed about our processing of your personal data
  • The right to have your personal data corrected if it is inaccurate, and to have incomplete personal data completed
  • The right to object to the processing of your personal data
  • The right to have your personal data erased (“right to be forgotten”)
  • The right to move, copy, or transfer your personal data (“data portability”)
  • Rights regarding automated decision making, including profiling

For more details on these rights and how to exercise them, please contact:

info@castleaccidentmanagement.com

If you have any complaints relating to the processing of your personal data, you also have the right to complain to the relevant Supervisor Authority. In the UK this is the Information Commissioner’s Office (ICO). They can be contacted at:

Information Commissioner’s Office

Castle Group London

363 Commercial, London, E1 2PS

Fraud prevention

In order to prevent and detect fraud, we may at any time share information about you with our panel associates.

If false or inaccurate information is provided and fraud is identified, you could be refused certain services, finance, or employment and details will be passed to fraud prevention agencies. Law enforcement agencies may access and use this information.

We and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:

  • recovering debt
  • checking details on proposals and claims for all types
  • checking details of job applicants and employees

Your data may also be used for other purposes for which you give your specific permission or, in very limited circumstances, when required by law or where permitted under the terms of the GDPR

Information Security

On our websites/ systems we protect any data you have given us by industry standard security to encrypt sensitive data in transit to our servers.

It may be necessary to transfer your personal data to other Group companies or service providers.

Show further information

Please be aware that communications over the Internet, such as emails, are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered – this is the nature of the Internet. We cannot accept responsibility for any unauthorised access, or loss of personal information, that is beyond our control.

Additionally, you can protect your system by installing anti-virus and running scans as recommended by the vendor. You should also run any security updates / patches you receive for your system from the supplier.

Never respond to unsolicited emails from unfamiliar sources. Such emails may be fraudulent and attempt to get you to provide your personal details.

Retention of your data

Your personal data will be kept for as long as we require it in order to provide you with the agreed product(s) or service(s). It will continue to be retained after any account, policy or service has been closed or otherwise come to an end in line with our legal and regulatory requirements, this information is used for reporting/ tending within the business.

Changes to this policy

This privacy policy was last updated on 6th Sep 2022. We reserve the right to make changes to this policy and you will be informed of any changes when you next visit our website.

From time to time we may need to change the way we use your personal data. Where we believe you may not reasonably expect such a change we will write to you. When we do so, you will have 60 days to object to the change but if we do not hear from you within that time you consent to that change.

 

© 2022 Castle Accident Management

Privacy Policy