AED Group Fair Processing & Privacy Notice



We have updated our Privacy Notice to reflect the changes made under EU General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA 2018).

This Privacy Notice (the “Notice”) relates to the following AED Group Companies: AED Adjusting, AEDes First, AED Connect, Equine First, and Pet First (“we”, “our”, or “us”; also known as the “Data Processor”), and is for Data Subjects ("you") who, directly or indirectly, use our services - typically, Policyholders and Third Party Claimants. We are based at Faversham House, Wirral International Business Park, Old Hall Road, Bromborough, CH62 3NX.

This Notice outlines our approach to the privacy and fair processing of the information (“data”) we need to collect, hold and otherwise process about you during the provision of our claim services; details of which can be viewed via our website (www.theaedgroup.com). We recommend that you read our Online Privacy Notice which governs the use of our website.

Data Sources

We receive and collect data from a variety of sources depending on the nature of the service we are providing, including from some, or all, of the following:

  • Our Clients- the claim documentation which they supply to assist us in the handling of claims
  • Policyholders and/or their appointed Solicitors, Representatives, Insurance Brokers, Contractors or Suppliers
  • Third Party Claimants and/or their appointed Solicitors, Representatives, Medical Experts, Insurance Brokers, Contractors or Suppliers
  • Witnesses with material information about an accident or incident we are investigating
  • Other Insurance Companies, Insurance Brokers, or Counter-Fraud Registers when we are verifying insurance or claims history
  • The Police, law enforcement agencies, or recognised Governing and Regulatory bodies
  • Publicly available information

This list is not exhaustive, and, in specific circumstances, we may need to collect additional data for the purposes set out in this notice.

We may also record and monitor telephone calls for training, regulatory compliance, quality evaluation and verification of information provided and received.

Data Categories

The data which we process falls within one of three data categories referred to in the GDPR.

Personal Data

This is any data relating to an identifiable person and, depending upon the type of claim or service we provide, may include: Name, Address, Date of Birth, Risk Address, Contact Telephone Numbers, Email Address, Occupation, Mortgage provider, VAT status/number, Bankruptcy Information, CCJs, Previous Insurance and Claims History, Current Policy Details, Police Crime Numbers, and Details of Loss/Damage sustained.

Special Category Data

Due to the nature of the services we provide, any Special Category Data that we process is limited and normally restricted to health and/or medical data, where such information is relevant; for example, a personal injury claim.

Criminal Convictions and Offences Data

Occasionally the circumstances of a claim may necessitate the processing of data relating to criminal convictions, offences, or related security measures.

Data Use


Personal Data

In most circumstances/cases, the primary legal basis under which we process Personal Data is our legitimate interest to do so in assisting our Clients with the performance of an Insurance Contract. Other circumstances and the relevant legal basis for processing Personal Data are outlined below:

  • To evaluate insurance cover, validate and handle your claim
    • Additional legal basis for processing: where we are required to do so by law, e.g. a regulatory requirement to perform anti-money laundering, sanctions and/or counter-fraud enquiries
  • For research and analysis of our claim database to improve our services and develop new ones
  • To manage our IT environment/operations and business operation and/or to ensure security of Your Data
    • Additional legal basis for processing: we have a legal duty to ensure the security of Your Data
  • For training purposes
Special Category Data and Criminal Convictions and Offences Data

If it becomes necessary to request Special Category Data and/or Criminal Convictions and Offences Data, for the purposes of handling your claim and/or enabling our Clients to ensure that the risk information they hold is correct, our legal basis for processing will depend on the nature of the information requested and the circumstances of the individual case.

Normally, we rely on the consent of the Data Subject to process these types of data; but where alternative legal grounds are adopted, these will be clearly recorded on our claim file.

If asked to provide consent, Data Subjects should be aware of their rights, in the absence of a legal duty to provide the data, to decline or withdraw their consent at any time; and where the absence of consent may hinder Insurers in the performance of the Insurance Contract, this will be discussed with the Data Subject on a case by case basis.

Details of how a Data Subject can exercise their rights are detailed in the “Your Statutory Rights” section of this Notice.

Data Security

We are committed to ensuring that Your Data is secure and have put in place suitable organisational and technical measures to safeguard and secure all information we hold, including; physical, electronic (aligned with the Government’s Cyber Essentials Scheme) and procedural safeguards appropriate to the sensitivity of the information we process.

Data Sharing

Aligned with our Data Protection Policy and Procedures, we may share Your Data with the following parties for the purposes set out above:

  • Your Insurance Company (the Data Controllers), and their associated companies, agents and reinsurers
    • Details of how Insurers use your information may be included in your policy documentation, or available by contacting your Insurers directly
  • Other Insurance Companies and/or Counter-Fraud Agencies for the purposes of detecting and preventing insurance fraud
    • This may include the administrators of Counter-Fraud Registers, which Insurers use to share information, such as; the Claims and Underwriting Exchange (CUE) Register and the Central Register & Identification Scheme (CRIS)
  • Other AED Group Companies in connection with the conduct of our business and provision of our services to you
  • External Third Party service providers such as Accountants, Financiers, Auditors, Lawyers, I.T. Service Providers, Contractors, Forensic Investigators, Surveyors and Engineers who assist us in carrying out our business activities and our administration of your claim
  • Persons acting on your behalf who are named on your policy, or who have been authorised by you to act on your behalf
    • If at any time you would prefer us to deal only with you, please let us know
  • Other Parties as we believe to be necessary or appropriate to:
    • Comply with legal process and/or respond to requests from public and government authorities
    • Enforce our terms and conditions, protect our operations, protect our rights, privacy, safety or property and/or that of you or others
    • Detect and prevent crime, and to allow us to pursue available remedies or limit any damages which we may sustain

We will not sell, distribute or lease Your Data to Third Parties for marketing purposes.

We do not normally share Your Data with companies, or individuals, based in other countries who may not be subject to the laws of the UK, but should this become necessary we will take all reasonable steps to ensure that Your Data is treated securely and in accordance with this Notice; including putting in place agreements with those we send your information to, requiring them to treat Your Data with similar protections to those that apply in the UK.

Your Statutory Rights

Under the GDPR, and the DPA 2018 you have certain rights which you may exercise by contacting our Customer Services Manager:

  • Your Right to be Informed- we have a legal obligation to provide you with concise, transparent, intelligible and easily accessible information about your personal information. We have written this Privacy Notice to comply with this right;
  • Your Right to Rectification- you can ask us to correct information about you which is wrong or incomplete;
  • Your Right to Erasure- you can ask us to delete information about you under certain circumstances, such as withdrawing your consent (and we have no legal reason to keep using your information);
  • Your Right to Object- in certain circumstances you can tell us you no longer agree to us using information about you and ask us to stop; for example for marketing purposes;
  • Your Right to Restrict Processing- in certain circumstances you can ask us not to use your personal data;
  • The Right to access your personal data- if we are the Data Controller of your personal data you can request a copy of the information we hold about you, which in most circumstances will be provided free of charge. You may be asked to verify your identity before we can provide the personal data to you. If we are the Data Processor, your request will be relayed, without delay, to the relevant Data Controller who will respond to you directly;
  • Your Right to Portability- you can ask us to provide you, or someone else at your request, the information you have provided to us about yourself in a structured, commonly used and machine-readable format.

Sometimes, for legitimate reasons, we will be unable to stop using your information when you ask us to, but if this should be the case we will explain the reason(s) why.

Retention of Your Data

To satisfy contractual, industry and regulatory standards, Your Data will be retained for no longer than the appropriate legal limitation period applicable in the UK; unless contractual requirements dictate otherwise.

When Your Data is no longer needed it will be securely destroyed and/or erased.

Contact

Any questions you may have about this Notice, or requests to exercise any of your rights, should be directed to our Customer Service Manager, who can be contacted by writing to:

  • The Customer Service Manager, AED Group, Faversham House, Wirral International Business Park, Old Hall Road, Bromborough, CH62 3NX; or
  • info@theaedgroup.com

Complaints

We would encourage you, in the first instance, to raise any complaint you may have relating to the processing of Your Data with our Customer Service Manager.

However, if we are unable to resolve an enquiry or complaint you do have the right to complain to the Information Commissioner's Office about how we treat Your Data, by contacting them at https://ico.org.uk/global/contact-us/

Changes to this Notice

We may update this Notice from time to time; and will notify you of the changes where we are required by law to do so