We necessarily process information. Some of the reasons for this are as follows:
Processing is permitted if it is necessary for the entry into, or performance of, a contract to which the Data Subject is a party. The processing must be more than just useful, it must be truly necessary in order for the contract to be performed.
This lawful basis is likely to be relevant to a policy of insurance, a claim made upon the contract.
Processing is permitted if it is necessary for the purposes of legitimate interests pursued by insurers or their representatives, except where the interests are
overridden by the interests, fundamental rights, or freedoms of the affected Data Subjects.
Personal data may be processed on the basis that the Data Subject has consented to the processing.
Consent must be freely given, specific, informed, and unambiguous.
- Consent may be withdrawn at any time – to do so, please email placing our reference and the associated VRM n the subject line with the words ‘consent withdrawal. The body of the text should include your full name, address, and phone number to enable us to cross-reference this with the information we hold about you i.e. to ensure the email originates from you.
The legal obligation lawful basis could often arise when there is a requirement to report suspicious activity under the Proceeds of Crime Act 2002 or
when compelled by an order of the court under any circumstances. This lawful basis can arise during the course of our engagement, as and when the
legal obligation to report or share Personal Data arose.
Criminal data processing example:
An insurance company has been alerted to multiple road traffic accident claims on various policies, which appear to be interconnected and fraudulent. The insurer requires our assistance in processing the Personal Data of the insured parties and the third parties involved in each suspect claim to explore the suspicion of criminality, including researching any criminal data of past similar and relevant activity that may support or eliminate the suspicion.
The lawful basis to process the Personal Data of the insured party, depending on the circumstances, may be the legitimate interest basis. However, for insured parties and third parties, one of the permissive conditions to process the Criminal Offence Data, as per Schedule 1 of the DPA may include: paragraph 10 (preventing or detecting
unlawful acts), paragraph 14 (preventing fraud), paragraph 33 (legal claims – if litigation is ongoing or contemplated), or paragraph 37 (insurance).