Our group privacy notices have been updated to ensure that we are compliant with data protection legislation.  We are required to provide this information to those individuals whose personal data we process. In this instance, we do not have a direct relationship with most of the individuals whose personal data we process, where these individuals are your clients or are claimants making claims against you or your insured.  We request that you review our updated privacy policy and determine whether you need to make changes to your own privacy notices, and where applicable inform clients of such changes if required.

Summary of updates to the Privacy Notice:

  • Under section 6 of the new privacy notice, the list of third parties who disclose personal data to has been expanded.
  • Under section 5 of the new privacy notice, the legal basis is still correct, but this section has been updated to include performance of a contract as an additional legal basis for processing data. Furthermore, we’ve specified the exemption under Article 9 GDPR/Schedule 1 of the DPA 2018 to enable us to process any special category or criminal personal data. This exemption is processing data for insurance purposes.
  • Under section 8 of the new privacy notice, the wording has changed to reflect the possibility that we might transfer personal data outside of the European Economic Area, and that we have safeguards in place to do this. 
  • Under section 9 of the new privacy notice, the retention period has been updated to 30 days.
  • Under section 2 of the new privacy notice, the types of personal data processed has been expanded (details relating to offences, health data, employment information etc).
  • Under section 3.2 of the new privacy notice, we’ve expanded the list of third parties who we collect personal data from.

If you have any questions please contact ClaimsPortal@mib.org.uk.

Regards

Phil Dicken

Chair, Claims Portal Ltd