Guidance

Claims management regulator - privacy notice

Published 24 May 2018

This guidance was withdrawn on

This page has been withdrawn because it’s out of date. Responsibility for the regulation of Claims Management Companies has been taken over by the Financial Conduct Authority.

© Crown copyright 2018

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/cmr-privacy-notice/cmr-privacy-notice

This privacy notice sets out the standards that you can expect from the Claims Management Regulation Unit (CMRU) when we request or hold personal information (‘personal data’) about you; how you can get access to a copy of your personal data; and what you can do if you think the standards are not being met. The Ministry of Justice (MoJ) is the data controller for the personal information the CMRU processes. MoJ collects and processes personal data for the exercise of its own and associated public functions. These include the discharging of statutory duties under the Compensation Act 2006.

1. About personal information

Personal data is information about you as an individual. It can be your name, address or telephone number. It can also include information about your business, details of individuals involved with the business, and your company’s business model.

We know how important it is to protect individual’s privacy and to comply with data protection laws. We will safeguard your personal data and will only disclose it where it is lawful to do so, or with your consent.

2. Types of personal data we process

We only process personal data that is relevant for us to carry out our statutory duties. This may include: your contact details; details about your company and individuals involved with the company.

3. Purpose of processing and the lawful basis for the process

CMRU’s legal base for processing personal data is defined as “Public Task”. This means that the processing is necessary to perform a task in the public interest or for official functions. The processing of data will be used to discharge our statutory functions under the Compensation Act 2006 and other relevant legislation.

4. Who the information may be shared with

We sometimes need to share the personal information we process with other organisations. Where this is necessary we will comply with all aspects of the data protection laws. The organisations we share your personal information with include: other regulators and enforcement agencies (for example when breaches of business conduct rules need to be investigated); other third parties as required by the discharge of our statutory duties under the Compensation Act 2006 and other relevant legislation.

5. Details of transfers to third country and safeguards

It may sometimes be necessary to transfer personal information overseas to discharge of our statutory duties under the Compensation Act 2006 and other relevant legislation. Any transfers made will be in full compliance with all aspects of the data protection law.

6. Retention period for information collected

CMRU is covered by a Record Retention and Disposal Schedule based on the MoJ model which ensures that records are not kept for longer than necessary and stored/disposed of appropriately. For example, we review data files six years after the date of the last activity, when a decision to destroy or retain the file will be made.

7. Access to personal information

You can find out if we hold any personal data about you by making a ‘subject access request’. See more information on making a subject access request at: Data.access@justice.gsi.gov.uk

8. When we ask you for personal data

We promise to inform you why we need your personal data and ask only for the personal data we need and not collect information that is irrelevant or excessive:

  • You can withdraw consent at any time, where relevant;
  • You can lodge a complaint with the supervisory authority;
  • Protect it and make sure no unauthorised person has access to it;
  • Only where appropriate and necessary share it with other organisations for legitimate purposes;
  • Make sure we don’t keep it longer than is necessary;
  • Not make your personal data available for commercial use without your consent; and
  • Consider your request to correct, stop processing or erase your personal data.

You can get more details on:

  • Agreements we have with other organisations for sharing information;
  • Circumstances where we can pass on personal information without telling you, for example, to help with the prevention or detection of crime or to produce anonymised statistics;
  • Our instructions to staff on how to collect, use or delete your personal information;
  • How we check that the information we hold is accurate and up-to-date;
  • How to make a complaint; and
  • How to contact the Ministry of Justice Data Protection Officer.

For more information about the above issues, please contact us:

Claims Management Regulation Unit, 102 Petty France, London, SW1H 9AJ claimsmanagementregulation@justice.gov.uk

For more information on how and why your information is processed please see the information provided when you accessed our services or were contacted by us.

9. Complaints

When we ask you for information, we will keep to the law. If you consider that your information has been handled incorrectly, you can contact the Information Commissioner for independent advice about data protection. You can contact the Information Commissioner at:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Tel: 0303 123 1113 www.ico.org.uk

Back to top