Who are we?
We are Enthalpy Limited, trading as ‘Ravenstone UK’. Our contact details are as follows:
Stafford Court, 145 Washway Road, Sale M33 7PE
Tel: 0161 969 9000 Fax: 0161 973 9623 Email: firstname.lastname@example.org
We work with Insurance Companies and Solicitors (our clients) as Claim Consultants to assist in the processing and administration of insurance claims. In accordance with the Data Protection Act 2018 we will act in the capacity of Data Processor (or sometimes joint Data Controllers) under authority and direction from our clients, who remain the Data Controllers. This means that we may process and store some personal data in order to do this. We will process and store data securely, both physically on paper and digitally on our computer systems.
What information do we hold and where did we get it come from?
The information we typically process can consist of, but not necessarily extends or be limited to, your name, personal details, contact details including address, telephone number and email address, and details that directly relate to any relevant insurance policy, claim and any incident or event that may have resulted in an insurance claim against that policy.
This information will either be provided to us by the Data Controller based on information provided to them either by you or by other involved parties, or will be obtained directly from you in our dealings with you (conversations and written communication). Information may also be obtained from publicly accessible sources such as the Electoral Register or Telephone Directory.
What is our lawful basis for processing this data?
We will only process personal data where we have an established lawful basis to do so. We do so lawfully and in accordance with the Data Protection Act 2018. Our lawful basis for will fall into at least one of the below categories:
- The data subject has given this consent to the processing of his or her personal data for one or more specific purposes.
- Processing is necessary for the performance of a contract to which the data subject is party.
In plain English, if you are a policyholder or named driver covered under the prevailing policy, consent is normally established as part of the contract for services between you and your insurance company. Our services may be necessary for the insurance company to fulfil their obligations under the contract with you in the event of an insurance claim against that policy.
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
This may apply if you are not directly involved as a Policyholder or similar. You may be a witness with some degree of involvement where processing may be required in order to investigate and settle an insurance claim accurately.
What will we do with the data we process?
The primary recipients of the data we process will be our clients, the Data Controller (typically an insurance company or Solicitor).
We may also need to engage third parties during the course of our process, for example we may need to share information with the DVLA or Police if we are making enquiries involving them. We might also engage a company to provide translation services, who would reasonably be expected to have access to your basic personal data to carry out their role (such as your name and address).
We will only process and store data for the purposes it has been collected for; nothing else. We will not share or sell data to any unauthorised third parties for any marketing exercises or any purpose other than those as instructed by the Data Controller. Data will not be processed, stored or transferred outside of the UK.
How long will we keep the data for?
The retention period (how long we will keep your data) is determined by the Data Controller. After that time, we will securely destroy all copies of the data, both physically and digitally. Please contact us if you would like to know what retention period applies to your data.
What are your rights?
Each data subject (you) has the following rights:
- The right to be informed – that means we should tell you what we do with your data.
- The right of access – this means you can request a copy of your data and details about what we have done with it from us.
- The right of rectification – if you think we have got something wrong, please tell us and we will discuss this with you and look at putting it right.
- The right of erasure – you can request that we delete your data. We will discuss this with you if you make this request as it can depend on what basis the data has been collected. It may also affect your contractual position with the Data Controller.
- The right to restrict processing – similar to the above, you can ask us not to carry out certain types of data processing, such as not contacting you by email, for example.
- The right to data portability – not really applicable for our purpose.
- The right to object – you can object to us processing your data. Please contact us to discuss this option if you wish to do so.
- Rights about automated decision-making and profiling – this is where a company uses a computer to make a decision; we don’t do this so it doesn’t apply.
- Right to withdrawn consent – if our lawful basis is established through consent, it is your right to withdrawn consent at any time.
- Right to complain – You always have the right to lodge a complaint with the Information Commissioner’s Office (the ICO). You can do that here: https://ico.org.uk/concerns/
This privacy notice has been written in conjunction with: the Data Protection Act 2018, ICO guidelines and data protection legislation including Articles 12, 13 and 14 of the GDPR (the GDPR is the General Data Protection Regulations, new laws which replace the Data Protection Act 1998); and the Privacy and Electronic Communication Regulations 2015.
If this information is required in any other format, please contact us and we will aim to assist where reasonably practicable, for example we can provide a paper copy, bigger font, or email it to you.