This is a privacy notice for Connexus Insurance Solutions ltd.

Connexus Insurance Solutions Ltd (referred to as "We”, “Our” or “Us") who handle claims on behalf of Insurers/brokers are committed to protecting the privacy and security of your personal information. We take care to protect the privacy of our clients that communicate (online or offline) with us, over the phone, via our group website, and helpdesk.

We have therefore developed this privacy policy to inform you of the data we collect, what we do with your information, what we do to keep it secure, as well as the rights and choices you have over your personal information.

Throughout this document we refer to Data Protection Legislation which means the Data Protection Act 2018, GDPR (United Kingdom General Data Protection Regulation) (UK GDPR), the Privacy and Electronic communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the aforementioned legislation.

This policy should be read together with our Cookie Policy that can be found on our group website.

Data Controller

Connexus Insurance Solutions Ltd acts primarily as a data processor for the personal information we process on behalf of Insurers/brokers, unless otherwise stated. We are registered with the Information Commissioner’s Office (the ICO) under registration number Z5375189 for instances where we may act as a data controller.

Connexus Insurance Solutions Ltd is part of the Connexus Group of companies, (a private limited company registered in England with the company number 03499256),

You can contact us either by phone, email, or post.

By phone: 0333 043 3797
By email: dataprotection@connexus.co.uk
By post: 1210 Centre Park Square, Warrington, WA1 1RU

Our Data Protection team can be contacted at the above address or by emailing dataprotection@connexus.co.uk

How we collect your personal information

Prospective Insureds and Insured Persons

We may collect information about you in different ways: – information about you may be provided by your Insurers when handling a claim on their behalf, from you or your representative during notification of a claim, any service providers we instruct to investigate your claim.

We only collect personal information that we know we will genuinely use and in accordance with the Data Protection Legislation. The type of personal information that we will collect about you, from third party organisations or that you have voluntarily provided to us or from enquiry/contact forms, or other contact methods includes:

Identity Data includes first name, maiden name, last name, marital status, title, date of birth, gender, National Insurance Number, Driving Licence information or other identification information, accident/incident details, vehicle details. This includes details of additional drivers.

Contact Data includes address, email address or telephone numbers.

Employment Data includes the name of your employer and contact details.

Financial Data includes payment card details, bank account details and basic credit information.

Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Website. Records of conversations. (Calls may be recorded for training and monitoring purpose)

Vehicle operation and Location data– Vehicles we arrange on your behalf maybe equipped with a vehicle telematics system. All telematics system functionality may or may not be active during rental periods. Telematics systems may provide us with use of, disclosure of, or access to; (1) location information; (2) crash notification and related crash data; and (3) operational condition, mileage, diagnostic and performance reporting of vehicles, as permitted by law.

Profile Data includes information you provide us, services offered and used, feedback, and survey responses.

Other Personal Data you voluntarily provide, which may include people appointed to act on your behalf and special category personal data, for example data which you provide about your health where this relates to your ability to meet your obligations under the agreement.

Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature.

However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

Searches such as carrying out a Hire Purchase Investigation (HPI) check to see if there is any outstanding finance on the vehicle, Motor Insurance Database (MID) check to review the vehicle Insurance details and/or Motor Insurance Anti-Fraud and Theft Register to monitor written off vehicles and help trace stolen vehicles. CUE checks provide access to the Motor, Home and Personal Injury databases viewed to verify/add or update individual claims history, and DVLA Keeper records which may be viewed to identify the registered Keeper for a given vehicle. Driving Licence checks may be carried out to verify all motoring convictions have been correctly advised.

CCTV if you visit our offices.

Business Partners– if you are a business partner, we may collect your business contact details, we may collect your details if you visit our website, register for a newsletter, or attend one of our events.

How we use your information and Legal basis

Connexus Digital Solutions a trading name of Connexus Insurance Solutions, assisting our internal and external business partners in the following areas:

We must have a legal basis (lawful reason) to process your personal data. In most cases, the legal basis will be one of the following.
Performance of a contract: the processing is necessary to enter into a contract you have with an Insurer/broker.
Legal obligation: the processing is necessary for us to comply with the law. For example, Money Laundering Regulation and associated laws.
Consent: where we have obtained appropriate consents to collect or use your Personal Information for a particular purpose.
Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. For example, to understand how customers use our services so we can develop new services and improve the services we currently provide.

When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws.

Where we need to collect personal information by law, or under the terms of a contract, and you choose not to provide it, we may not be able to perform our duties under the contract you hold with Insurers/brokers. In this case, we may have to advise your Insurers/brokers who will notify us how they wish us to proceed.

Purpose/ Processing activity	Lawful basis or bases for processing your personal data
To contact you to discuss a claim, including the merits of any circumstances or to reply to any questions.	Performance of a contract
For the purposes of providing vehicle hire, handling claims and any other related purposes.	Performance of a contract
To verify your identity for fraud prevention purposes and security of the vehicle.	Legitimate Interest Legal obligation
Marketing/analytics from our website using cookies.	Consent
For the purposes of arranging medical appointments with medical experts and obtaining such medical reporting either from the medical expert and your General Practitioner.	Performance of a contract
To verify if there are any outstanding finance on a vehicle and/or details of the vehicle/s Insurance and/or tracing stolen or written off vehicles.	Performance of a contract
If you make us aware of any medical conditions and consent for us to note the information to manage your expectations/needs better.	Consent

Who we might share your information with

We may share your personal data with other organisations in the following circumstances:

The Insurer/broker we are handling your claim on behalf.
If the law or a public authority says we must share the personal data.
If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk).
Solicitors/Legal Advisors who act to recover any uninsured losses.
Loss Adjusters to investigate a claim.
External Auditors who audit our business
Police/ Fraud Detection Agencies in their investigation of an alleged crime/investigation.
Financial crime, fraud or uninsured detection agencies, databases and sanctions lists, including the Motor Insurers’ Bureau (MIB) who are the data controller for the Motor Insurance Database (MID) and Motor Insurance Anti-Fraud Theft Register (MIAFTR).
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
If the company or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets. (if agreed by the data controller)
To protect the rights, or safety of our clients or others.

If consent is necessary to facilitate this sharing, we will ensure it is obtained prior to processing.

These include:

Our Group of Companies including
Connexus Vehicle Assessors– who may assess the damage to your vehicle.
Performance Car Hire– who may agree to hire a vehicle to you.
Connexus Claims Solutions– should we arrange a hire vehicle from one of our carefully selected partners.
KLS Law/Specters– should we require to instruct solicitors to recover any losses for you following an accident/loss.
Connexus Medical Appointments– should you require medical assistance.
Assistance Providers- who can help provide assistance in the event of a claim.
Fraud Detection Agencies and Organisations working to prevent fraud in financial services.
Medical Service Providers- To obtain medical records.
Loss Adjustors and Claims Experts who help us assess and manage claims.
Solicitors and professional services firms.
External Auditors
Regulatory Authorities- FCA, ICO, as well as other regulators and law enforcement agencies in the EU and around the world.
Service Providers- who help manage our IT and back-office systems.

Your rights over your information

Your personal information is protected under data protection law, and you have several rights (see below) available to you depending on our reason for processing. Please contact our Data Protection team should you wish to exercise these rights. We may need to verify your identity before we can act on your request.

Where we act as a data processor, we will usually pass on any request to the data controller to respond and provide them with any information we may hold to ensure any request is fully considered.

You have the right to:Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you, subject to certain exceptions.

Request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Request erasure of your personal data. You may ask us to delete information we hold about you in certain circumstances, this is often referred to as the ‘right to be forgotten’. This right is not absolute and only applies in certain circumstances. It may not always be possible for us to delete the information we hold about you, for example, if we have an ongoing relationship with you or we are required to retain information to comply with our legal obligations.

Object to processing of your personal data when it is based upon our legitimate interests or for the purpose of statistical analysis, profiling, or direct marketing.

Request restriction of processing of your personal data. This is not an absolute right and only applies in certain circumstances. For example, where you contest the accuracy of your personal information, it may be restricted until the accuracy is verified, or where the processing is unlawful but you object to it being deleted and request that it is restricted instead.

Request data portability of your personal data to you or to a third party. You have the right to receive, move, copy, or transfer your personal information to another controller.

We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent for us to process your personal data at any time when we are relying on your consent. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

For more information about your privacy rights. The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers, such as us, are available publicly. You can access them here. Your data matters.

You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.

How long we keep your information for

We retain a record of your personal information in order to provide you with a high quality and consistent service. We will always retain your personal information in accordance with the Data Protection Legislation and will never retain your information for longer than is necessary.

Unless otherwise required by law, your data will be stored for a period of seven years after our services expire. We may also be requested by the individual data controller to retain the data for a longer or shorter period. We can advise you on any specific retention periods on request.

We may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

If your information is transferred to a third party their Data Retention Policy may differ to ours.

Automated Processing

We do not automate any of our services.

Security

Data security is of great importance to Connexus Insurance Solutions Ltd and, to protect your data, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure your collected data.

We take security measures to protect your information including:

Limiting access to our buildings to those that we believe are entitled to be there by use of passes.
Implementing access controls to our information technology; and
We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, website, and offices.

Transferring your data abroad

We do not transfer your personal data outside the UK and the European Economic Area (EEA) and, should we require to do so, we will ensure we have standard contractual clauses in place.

Keeping your information accurate

It is important that the personal data we hold about you is accurate and current. Please keep us informed of any changes during your relationship with us. This should include any change of address, telephone numbers and health matters that may affect the management of your account.

Complaints

If you have any questions about how we treat your personal data and protect your privacy, please email dataprotection@connexus.co.uk or call us on 0303 123 1113.

You also have the right to make a complaint to the Information Commissioner’s Office (ICO) make-a-complaint or call 0303 123 1113.

Changes to this Privacy Policy

This version was last updated on 27 February 2023 and historic versions can be obtained by contacting us at compliance@connexus.co.uk. If changes to this privacy notice have a major effect on what we do with your personal data or on you personally, we will give you enough notice to allow you to exercise your rights (for example, to object to the processing). We recommend that you check this policy regularly to keep up to date.