We value your privacy and are committed to protecting personal data. This Privacy Policy document outlines what data we collect, how we use it, protect it and your rights.
Important Information
Purpose of this Privacy Policy
We take the privacy, including the security, of personal information we hold about you seriously. This privacy notice is designed to inform you about how we collect personal information about you and how we use that personal information. You should read this privacy notice carefully so that you know and can understand why and how we use the personal information we collect and hold about you.
We may issue you with other privacy notices from time to time, including when we collect personal information from you. This privacy notice is intended to supplement these and does not override them.
Our website and service is not intended for children and we do not knowingly collect data relating to children.
Key definitions
The key terms that we use throughout this privacy notice are defined below, for ease:
- Data Controller: under UK data protection law, this is the organisation or person responsible for deciding how personal information is collected and stored and how it is used.
- Data Processor: a Data Controller may appoint another organisation or person to carry out certain tasks in relation to the personal information on behalf of, and on the written instructions of, the Data Controller.
- Personal Information: in this privacy notice, we refer to your personal data as ‘personal information’. ‘Personal information’ means any information from which a living individual ("natural person") can be identified. It does not apply to information that has been anonymised.
- Special Information: certain very sensitive personal information requires extra protection under data protection law. Sensitive data includes information relating to health, racial and ethnic origin, political opinions, religious and similar beliefs, trade union membership, sex life and sexual orientation and also includes genetic information and biometric information.
- Corporate Information: in this privacy notice, we refer to corporate data as ‘corporate information’. ‘Corporate information’ means any information related to the insured corporate entity ("legal entity').
This information does not fall within the scope of GDPR and other data protection legislation.
Controller and data protection officer
Eqlaim Limited is the controller and responsible for your personal data (collectively referred to as “Eqlaim”, “we”, “us” or “our” in this privacy policy).
Eqlaim is registered with the Information Commissioners Office (“ICO”) in the UK under registration number ZB257201.
We do not have a data protection officer, but if you have any questions about this privacy notice or issues arising from it, you should contact Filiberto Secchi, who is responsible for matters relating to data protection at Eqlaim, including any matters in this privacy notice. You can contact them using the details set out above:
- by emailing us at hello@eqlaim.com; or
- by writing to us at 128 City Road, London, United Kingdom, EC1V 2NX
Details of personal information we collect and hold about you
We may collect, use, store and transfer different kinds of personal information about you which we have grouped together in general categories and provided details of retention periods in relation to those categories as follows:
| General Category | Types of Personal Data in that category | Retention Period |
|---|---|---|
| Identity information | This is information relating to your identity such as your first name, last name, username or similar identifier, title. | specify how long these types of data will be kept |
| Contact information | This is information relating to your contact details such as email address, addresses, and telephone numbers | specify how long these types of data will be kept |
| Account/Profile information | This is information relating to your account with us including username and password includes, preferences, feedback and survey responses. | specify how long these types of data will be kept |
| Marketing information | This is information relating to your marketing and communications preferences | specify how long these types of data will be kept |
| Website, Device and Technical Information | This is information about your use of our website and technical data which we collect including your IP address, the type of browser you are using and the version, the operating system you are using, details about the time zone and location settings on the device and other information we receive about your device. | specify how long these types of data will be kept |
Details of special information we collect and hold about you
Special information is explained in section 1 above. We do not collect or hold any special information about you.
We do not collect information from you relating to criminal convictions or offences.
How we collect personal and special information
Direct interactions
We usually collect Identity Information, Contact Information, Account/Profile Information,Marketing Information, Website, Device and Technical Information and Special Information; directly from you when you fill out a form, survey or questionnaire, contact us by email, telephone, in writing or otherwise. This includes the personal information that you provide to us when you subscribe to our mailing list.
We may receive some of your personal information from third parties or publicly available sources. This includes:
- Identity Information and Contact Information from our Customers, their representatives and their delegated/nominated professionals including Loss Adjusters, Forensic Accountants and Third Party Administrators.
- Identity Information and Contact Information from publicly available sources such as Companies House;
We may also receive Website, Device and Technical Information automatically from technologies such as cookies that are installed on our website. To find out more about these please see our cookie policy.
Sourced from our customers
Our System relates to the processing and managing business insurance claims and typically will include information provided by our customers regarding their customers/ claimants. When you make a claim against a policy underwritten by our Customer, and our Customer has engaged us directly or instructed a third party (our client) to assist we will collect and process Identity, Contact, and Technical. We will receive this information from our Customers, their representatives or instructed party, and other publicly available sources.
This personal data will not include criminal conviction data and or any special categories of sensitive personal data.
We will use personal information provided in accordance to legitimate uses and will usually be limited to creation of your account to facilitate the processing of a business related claim.
How and why we use personal information
We are only able to use your personal information for certain legal reasons set out in data protection law. There are legal reasons under data protection law other than those listed below; but, in most cases, we will use your personal information for the following legal reasons:
- Contract Reason: this is in order to perform our obligations to you under a contract we have entered into with you;
- Legitimate Interests Reason: this is where the use of your personal information is necessary for our (or a third party’s) legitimate interests, so long as that legitimate interest does not override your fundamental rights, freedoms or interests;
We do not generally rely on consent as a legal basis for processing your personal data although we will get your consent before sending direct marketing communications to you via business email. You have the right to withdraw consent to marketing at any time by contacting us. We may rely upon the Legitimate Interest basis to contact you via your business email address.
We have summarised below the different purposes for which we use your personal information and, in each case, the legal reason(s) allowing us to use your personal information. Please also note the following:
- if we use the Legitimate Interests Reason as the legal reason for which we can use your personal information, we have also explained what that legitimate interest is; and
- for some of the purposes, we may have listed more than one legal reason on which we can use your personal information, because the legal reason may be different in different circumstances. If you need confirmation of the specific legal reason that we are relying on to use your personal data for that purpose, please contact us using the contact details set out at the beginning of this privacy notice.
| Purpose | Type of data | Legal Reason(s) for using the personal information |
|---|---|---|
| To register you as a new customer/user | Persistent | Contract Reason |
| To manage our contract with you and to notify you of any changes |
| Contract Reason Legal Obligation Reason |
| To comply with audit and accounting matters |
| Legal Obligation Reason |
| To improve the goods, services, and/or digital content that we supply |
| Legitimate Interests Reason (in order to improve the goods, services, and/or digital content for future customers and to grow our business) |
| To ensure the smooth running and correct operation of our website |
| Legitimate Interests Reason (to ensure our website runs correctly) |
Sometimes we may anonymise personal information so that you can no longer be identified from it and use this for our own purposes. In addition, sometimes we may use some of your personal information together with other people’s personal information to give us statistical information for our own purposes. Because this is grouped together with other personal information and you are not identifiable from that combined data we are able to use this.
Under data protection laws, we can only use your personal information for the purposes we have told you about, unless we consider that the new purpose is compatible with the purpose(s) we told you about. If we want to use your personal information for a different purpose that we do not think is compatible with the purpose(s) we told you about, then we will contact you to explain this and what legal reason is in place to allow us to do this.
Disclosures, transfers, storage and processing of personal information
Disclosure of personal information
We may need to share your personal information with other organisations as per the states purposes above. These organisations include:
- Clients, business partners, suppliers and sub-contractors for the performance and compliance obligations of any contract we enter into with them or you;
- Suppliers: such as IT support services, payment providers, administration providers, and marketing agencies;
- Government bodies and regulatory bodies: such as HMRC, fraud prevention agencies;
- Our advisors: such as lawyers, accountants, auditors, insurance companies;
To help us to deliver you the best service we can we use a number of third party tools which are carefully chosen to assist us in providing the best service we can, including:
- Amazon Web Services, our hosting partner. We use Amazon, a top tier data hosting service, to host our service and keep our data safe.
- Namecheap Website Hosting services.
- LinkedIn to contact with other companies to develop business opportunities.
- Slack communication system.
- Our own self-hosted version of Mautic (an open-source CRM and marketing automation tool).
We will disclose your personal information to third parties in the following circumstances:
- if an organisations proposes to purchase our business and assets, in which case we may disclose your personal information to the potential purchaser.
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligations
The same lawful basis for any third party processing applies and includes:
- their own legitimate business interests in processing your personal data, in most cases to settle claims;
- satisfaction of their contractual obligations to us as both a data controller and data processor;
- for the purpose of a contract in place or in contemplation;
- to fulfil our legal obligations.
Transfer/sharing of personal information
As a global service we may from time to time need to transfer data outside of the EEA to service providers located outside the EEA, in such circumstances we will ensure that safeguards are in place to ensure that a similar degree of protection is given to your personal information as is given to it within the EEA and that the transfer is made in compliance with data protection laws (including, where relevant, any exceptions to the general rules on transferring personal information outside of the EEA that are available to us – these are known as ‘derogations’ under data protection laws).
The safeguards set out in data protection laws for transferring personal information outside of the EEA include:
- where the transfer is to a country or territory that the EU Commission has approved as ensuring an adequate level of protection;
- where personal information is transferred to another organisation within our group, under an agreement covering this situation, which is known as 'binding corporate rules';
- having in place a standard set of clauses that have been approved by the EU Commission;
- compliance with an approved code of conduct by a relevant data protection supervisory authority (in the UK, this is the Information Commissioner’s Office (ICO);
- where the EU Commission has approved specific arrangements in respect of certain countries, such as the US Privacy Shield, in relation to organisations that have signed up to it in the USA.
Storage and processing of personal information
All data that we collect from you will be stored on Amazon servers within the EEA however it may be transferred to, and accessed, in destinations outside the EEA.
It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or are a delegated and entrusted party appointed by the insurer. This By submitting your personal data and that of your users you agree to this transfer, storing or processing. we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice.
All information you provide to us is stored on our secure servers. All server browser communications are encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our system, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to try to prevent unauthorised access.
Your rights under data protection laws
Retention of data
We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate business interests. Accordingly, we regularly review our use of data with the aim of removing data that we no longer have a legitimate business interest in maintaining.
Under data protection laws, you have certain rights in relation to your personal information, as follows:
- Right to request access: (this is often called ‘subject access’). This is the right to obtain from us a copy of the personal information that we hold about you. We must also provide you with certain other information in response to these requests to help you understand how your personal information is being used.
- Right to correction: this is the right to request that any incorrect personal data is corrected and that any incomplete personal data is completed.
- Right to erasure: (this is often called the 'right to be forgotten').This right only applies in certain circumstances. Where it does apply, you have the right to request us to erase all of your personal information.
- Right to restrict processing: this right only applies in certain circumstances. Where it does apply, you have the right to request us to restrict the processing of your personal information.
- Right to data portability: this right allows you to request us to transfer your personal information to someone else.
- Right to object: you have the right to object to us processing your personal information for direct marketing purposes. You also have the right to object to us processing personal information where our legal reason for doing so is the Legitimate Interests Reason and there is something about your particular situation that means that you want to object to us processing your personal information. In certain circumstances, you have the right to object to processing where such processing consists of profiling (including profiling for direct marketing).
Corporate Information
Voluntary disclosure
Corporate Information, or information not belonging to natural persons does not fall under the purview of GDPR and data protection laws. As such it can be recorded, processed and stored freely and without limitation so long as it does constitute personal data. (Information related to one-person companies may constitute personal data where it allows the identification of a natural person. Business email addresses like or employees’ business telephone numbers are considered personal data relating to natural persons in the course of a professional activity and therefore are governed by this privacy policy)
However, in the interest of openness and transparency we will treat Corporate Information with the same level of detail and care as Personal Information.
Exceptions to Rights do apply and we will not handle requests to alter, delete or transfer the data in any such manner. We will work with you in your capacity as trusted party to alleviate any concerns your have regarding corporate data stored on Eqlaim, however we have no legal obligation to do so for such data.
Details of corporate information we collect and hold
We may collect, use, store and transfer different kinds of corporate information which we have grouped together in general categories:
| General Category | Types of Corporate Data in that category | Retention Period |
|---|---|---|
| Business information | This is information relating to the business, its background and history, operating location, and products and services | specify how long these types of data will be kept |
| Claims information | This is information relating to the claim, the incident and its impact on the business. This includes includes the nature and circumstances of a claim, amount claimed, results of claims, correspondence history, supporting information for claims and associated photographic information and evidence. | specify how long these types of data will be kept |
| Financial information | This is information relating to the business's financial performance past and present and includes management and statutory accounts, expenses and invoices as well as projections. | specify how long these types of data will be kept |
The types of corporate data: 1) do not fall within the scope of privacy legislation and 2) may differ from claim to claim, depending on circumstances.
How and why we use corporate information
| Purpose | Type of data | Legal Reason(s) for using corporate information |
|---|---|---|
| To register you as a new customer/user | Persistent | Data not covered or governed by data protection laws |
| To manage our contract with you and to notify you of any changes |
| Data not covered or governed by data protection laws |
Other
Marketing
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
We do not pass your personal information on to any third parties for marketing purposes.
Cookies
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.
Password Settings
All users are required to set a strong password (at least 8 characters with special characters and password blacklisting) which will have to be changed if there are pressing reasons, such as a personal data breach. We would ask that if you are a user of our system that you keep your password safe and report any loss/breach of your passwords to us as soon as practically possible.
Complaints
If you are unhappy about the way that we have handled or used your personal information, you have the right to complain to the UK supervisory authority for data protection, which is the Information Commissioner’s Office (ICO). Please do contact us in the first instance if you wish to raise any queries or make a complaint in respect of our handling or use of your personal information, so that we have the opportunity to discuss this with you and to take steps to resolve the position. You can contact us using the details set out at the beginning of this privacy notice.
Privacy Policy update
We may update this privacy notice from time to time. This version was last updated on July 12, 2022.