Criterion is a company of Charles Taylor Plc.
You can visit our websites without revealing who you are or providing any personal information about yourself.
We take care to protect the privacy of our clients and investors and for users of these websites. This policy explains how we process information about website visitors.
The cookies placed on your device as a result of your accessing this website collect information about how visitors use the site, for instance which pages visitors go to most often, and whether they get error messages from web pages. These cookies do not collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works. By using our website, you agree that we can place these types of cookies on your device.
Group Fair Processing Notice
This Fair Processing Notice tells you about processing of “personal data” by Charles Taylor Group.
We may hold and process your personal data in order to provide professional services to clients in the global insurance industry. Our activities (‘the Services) include performing contacts of insurance, claims and funds handling, claims and fund management, claims administering, underwriting, loss adjusting, and the provision of medical assistance. When providing the Services we are “data controllers” of your personal data, though sometimes, in providing the services on behalf of another party we will be operating as a “data processor.” We may also sometimes be a joint data controller with a company: if you don’t know who is the proper data controller for your personal data, then you can contact us below, and we will check for you.
We are committed to processing all personal data fairly, lawfully, and transparently. To make things simpler, Charles Taylor Group have nominated one data controller, Charles Taylor Plc, to handle all requests or queries you might have about our processing of your personal data. We have appointed a Group Data Protection Officer (“DPO”) to oversee compliance with data protection law. Their contact details are: Barry Proudfoot; The Minster Building, 21 Mincing Lane, London, EC3R 7AG; +44 20 3320 2258, firstname.lastname@example.org.
You have various legal rights in your personal data including the right of: information and access to your data, including a “portable” copy of your data; erasure and rectification of your data; and rights to restrict or object to processing of your personal data. Where we rely on your consent to process your personal data you can withdraw that consent at any time. To exercise these data subject rights please contact the following email address: email@example.com.
The data we generally hold and process includes names, contact details, dates of birth, insurance policies, contracts, or claims in which you may have been involved. This may include special category personal data including, potentially, information about your medical history, race, ethnicity, sexual orientation, religious beliefs, trade union membership, genetic and biometric data, political opinions, and any other physical or mental health details. This personal data is held only for the purposes of performing the Services.
Charles Taylor Plc will almost always obtain your data from either you directly, or our clients, who include individuals, businesses, trusts, funds and insurance companies., who in turn will have obtained it from you or your employer or family member or a company close to you in relation to a contract, insurance policy or employment policy.
Our lawful bases for processing personal data include:
- where you have given us your consent, we rely on that consent, including your explicit consent to process special category personal data;
- where you are party to a contract, and that contract requires your personal data to be processed;
- where we may have legal obligations that mean we have to process personal data, including anti-money laundering obligations, checking criminal convictions, checking international sanctions registers and fraud investigation and recovery.
- some aspects of our processing may fall within the “public interest” lawful basis.
In all circumstances, however, we also rely on our legitimate interests, and those of our insurance industry clients or other clients, to ensure that you and the other people who are named under your insurance policy are properly protected by the provision of adequate insurance against the risk of misfortune. Where we rely on our legitimate interests, we will always balance them against the rights and freedoms of the people whose personal data we process. Where their rights override our legitimate interests we will cease to process personal data.
From time to time, we may need to disclose personal data to third parties. Sometimes, these will be companies who process on our behalf and only act upon our instructions. Sometimes, these will be individuals and companies such as: consultants; doctors; experts; lawyers; and other professionals within the insurance industry.
From time to time we will need to transfer your personal data outside the European Union. We will, save for exceptional circumstances, only do so:
- to a country in the European Economic Area or that the European Commission has certified as having adequate data protection law;
- under Binding Corporate Rules within our group of companies;
- with your consent, to protect your vital interests, for important reasons of public interest, to perform a contract in your interest, for the defence of legal claims.
We will always keep records of where your data has been sent outside of the EU and you can have access to these records if you wish. We will generally keep personal data for as long as we have a lawful basis (including the legitimate interest basis), or where that lawful basis comes to an end, we may retain it for six years and one year afterwards, for the purposes of litigation. Any data kept after this time will be pseudonymised so that you are no longer identifiable from such data.
There are some very limited circumstances where we, on behalf of our clients, use computer questionnaires to give you a quick decision on whether or not they can provide you with insurance cover, and in some cases to generate a quote based on your individual circumstances, including things which may involve your Special Category Personal Data (like your health data). This is a form of ‘automated decision-making’, because it compares your answers against our insurance client’s criteria, and makes a ‘decision’ about whether to provide cover and, at times, how much that might cost.
There may be some very limited circumstances where we, on behalf of our clients, use automated decision making to provide decisions in relation to dealing with, progressing and settling insurance claims. This automated decision making will not generally involve your Special Category Personal Data, but nonetheless, is a form of ‘automated decision-making’ as it assists in our decision making about the progressing and settling of insurance claims.
We will not use automatic decision making without either (a) your explicit consent; or (b) it being necessary for the establishment, exercise or defence of legal claims; or (c) it being in the public interest, ac-cording to the UK Data Protection Act 2018. However, if you are not happy with the result of an auto-mated decision, you can request human intervention, express your own views, and/or contest the auto-mated decision by writing to firstname.lastname@example.org (but please put ‘Automated Decision-Making’ in the email Subject line).