McLarens Ireland Data Protection Statement

Summary

We value the privacy of your personal information.

This McLarens Irish Data Protection Statement outlines how we collect, hold, use and disclose your personal information in Ireland and in particular McLarens Chartered Loss Adjusters Limited (the “Company”).  By visiting our website, using any of our services, or providing us with your personal information, you agree to your personal information being collected, held, used and disclosed as set out in this Data Protection Statement. As a data processor we also rely on the consent you gave our clients when they collected your personal data.

If we act as a data controller jointly with our client then we may rely on, legitimate purposes for processing personal data as the basis for that processing.

The Purposes for Which We Hold, Use and Disclose Personal Information

We collect personal information to assist our clients in investigating, assessing and settling insurance and other claims (e.g. when we act for an insurer, this will involve us collecting personal information from insureds, claimants and other third parties involved in the claim, as well as checking the validity of such information).  We also hold data in relation to aviation matters, including aviation insurance claims, risk surveys salvage sales and asset management assignments.

We hold limited personal data which we use to inform our clients employees about corporate events and services that we provide.  No such communication will be sent to those who withdraw their consent.

We also use the personal information that we hold, to contact you, to notify you about changes to our service, to verify your identity, and to provide customer support.

We provide the personal information we collect to our insurer clients, their agents and advisers such as lawyers. This is to assist the insurer or their agent to manage and administer their relationship with the insured, and to decide or advise on payment of a claim. We also provide personal information to other third parties who can confirm the information provided to us (e.g. repairers, witnesses to a claim or law enforcement agencies) to assist us in providing our insurance claims services (e.g. our investigators and other agents and contractors) or to assist with asset management assignments.

We also provide claims information that we have received to our affiliates for the purposes of the affiliates handling claims on our behalf.

Where we disclose information to third parties, we limit the use and disclosure of personal information provided to us by them for the purposes for which we collected it (e.g. in relation to the handling or settlement of the relevant claim). Our insurer clients, their agents, advisers and other relevant third parties may have their own privacy policy that contains information about their privacy practices and how you can access any personal information they hold about you, seek correction of it or make a complaint about a breach of the Data Protection Act 2018 (incorporating General Data Protection Regulation (GDPR) (EU) 2016/679).

We may also hold and use your personal information, and disclose your personal information to relevant third parties for the following purposes:

  • To deal with enquiries – we may need to collect your personal information to answer an enquiry you make;
  • Dealing with a complaint – for example a complaint made by you in respect of service provision;
  • Maintaining and improving our service, auditing, quality assurance and training – for example, we may review your personal information to identify how our services can be improved;
  • Assisting with the claims process by providing your name address and phone numbers to contractors;
  • For handling a claim on your behalf where we cannot handle it and where the affiliate is better placed to handle the claim;
  • for fraud prevention purposes;
  • Other purposes – for any other purpose communicated to you at the time we collect your personal information or as required or permitted by law.

Occasionally we may be required or authorised to collect personal information because of laws in Europe or an order of a Court / Tribunal. If we are collecting personal information for this purpose, and we are permitted to do so, we will tell you.

We will be transferring and sharing personal data with our associated company in the United Kingdom, MYI Limited. MYI employees will also on occasions access personal data that is held by our companies in Europe to assist in a handling of a claim. Agreements are in place between the companies to ensure that data is held in accordance with GDPR.

We may also transfer your personal information outside the EU where the relevant third party is located outside of EU (for example, to an insurer and reinsurers and their representatives who are located overseas). Our contractual arrangements with these entities generally include an obligation for them to comply with UK data protection laws.

The categories of personal data we process when handling claims are determined by the data controllers we are acting for and based on their instructions to us.

Personal Information We Collect and Hold

The personal information we collect and / or hold about you and other individuals (such as a co-insured or your spouse, partner or children) may include:

  • name, date of birth and gender of you, your colleagues/employees and/or family members,
  • contact details such as address, phone, fax and email of said persons
  • bank account details;
  • medical data;
  • court judgements;
  • information relevant to providing a service such as:
  • your claims history;
  • information obtained as part of the management and processing of a claim (e.g. information on a police report);
  • details of insurance policies you hold or have held; and
  • sensitive information such as criminal records (e.g. where this information is relevant to processing a claim).

What Happens if You Don’t Give Us Your Personal Information

If you don’t provide us with the required personal information, we and our clients may not be able to provide you with some or all services (e.g. we may not be able to access or assess your claim). Where we collect personal information from you, we expect you to tell us if you do not consent to us disclosing the personal information you provide to us to the types of third parties referred to above.

How We Collect and Hold Personal Information

How we collect:

We may collect personal information about you and other individuals in various ways including:

  • over the phone, including telephone recordings;
  • audio/visual recordings, including CCTV;
  • in person;
  • when we interview witnesses or other third parties;
  • when attending site meetings in the notes of those meetings;
  • in writing, including via email and hard copy forms;
  • social media or other on-line sources where data is in the public domain;
  • from fraud detection agencies.

From whom we may collect:

We may collect such information directly from you or through a variety of third parties such as repairers, suppliers, consultants, fraud detection agencies and the Police. We may also collect personal information from publicly available sources such as the phone book or public websites.

When we collect personal information from you about someone else:

We may seek to collect from you personal information about another person. This may happen if you have personal information about another person which is relevant to a claim. For example, you may have the details of a witness to an incident for which you are claiming under your insurance policy. If you provide us with information about another person, then you must:

  • have their consent to do so; and
  • tell them:
    – that you are disclosing their personal information to us; and
    – Refer them to this Data Protection Statement.

Holding personal information:

We hold personal information electronically and on paper / in hard copy.

For the personal information we hold electronically we take reasonable security measures including firewalls, secure logon processes, encryption and intrusion monitoring technologies.

For the information we hold in hard copy / on paper we have in place reasonable confidentiality procedures and we also take reasonable security measures. We also require third party providers to hold personal information securely.

Your Rights

Your information will be held for at least seven years for legal, regulatory and accounting purposes and thereafter for as long as reasonably necessary or as we are contractually required to do so.

You have the right to withdraw consent for us to process your information at any time.

You have the right to withdraw consent for us to pass your information to third parties that we have outlined in this policy. 

However, withdrawing consent may result in us ceasing to handle the claim in question and may prejudice those services for which we are instructed by your Insurers or other parties to perform.

Accessing your information (Subject Access Request):

You can make a written request to access the personal information we hold about you. If we aren’t able to meet your request for access, we’ll let you know why.

You have the rights to the following information:

  • The purpose(s) for which we are processing your information.
  • The categories of personal information we hold about you
  • The recipients or categories of recipient to whom the personal data have been or will be disclosed.
  • The period for which we will store your information; or the criteria used to determine that period.

Some of our clients have a different process for the handling of these request, we will inform you if this is the case.

Further Rights:

To rectification or restriction of the way in which we are processing your information; or to object to us processing it.

To erasure of your personal information provided it is no longer necessary for the purposes for which it was collected; or where there is no legal basis for us processing it.

Where we have collected information about you from sources other than yourself, information about those sources.

To ask us whether any decisions are being taken about you by automated means and if this is happening; information about the logic involved and any significant consequences on you.

To ask us about the appropriate safeguards we take if we transfer your information to a third country or international organisation.

You can exercise any of these rights at any time by writing to the Data Protection Officer Liz Tubb at compliance@mclarens.com

If you are not satisfied about the way in which your information is handled, you have the right to lodge a complaint to in Ireland – the Data Protection Commission at 21 Fitzwilliam Square South, Dublin 2, D02 RD28,Ireland, telephone – (01) 765 01 00 1800 437 737

Keeping your information accurate:

We take reasonable steps to ensure that the personal information we collect and store, use or disclose is accurate, up-to-date and complete. However, we rely on you to advise us of any changes to your information to help us do so. If you believe your personal information is not accurate, up-to-date or complete, then please let us know. If you’d like to request access to or seek correction of your personal information, please contact us. Our contact details are at the end of this Data Protection Statement.

Complaints about how we handle your personal information:

If you have a complaint about our handling of your personal information or an alleged breach of the principles contained in the GDPR 2018 please contact us and provide us with the details of your complaint / the alleged breach as well as any supporting evidence. You can contact us via the below options:

Liz Tubb
Data Protection Officer
compliance@mclarens.com

Refer to the website – www.mclarens.com to obtain contact details.

We will promptly acknowledge the complaint, carefully investigate it and determine the steps that we will undertake to resolve your complaint. We will contact you if we require any further information and will provide you with our determination once it is made. If you are unhappy with our determination, please contact the relevant data protection commissions as detailed above.

Transfer of Information Overseas

We will transfer and share personal data with our associated company MYI Limited in the United Kingdom. MYI Limited is a wholly subsidiary of the same parent as we are owned by and have the same ultimate parent and shareholders.

We may transfer your personal information overseas if your insurer is not resident in the EU. For example, we may transfer information via email to Insurers, their representatives or our representatives who are located overseas. These insurers are most commonly located in UK, Europe and USA. You should tell us if you object to any such transfer.