Introduction

My personal data is data, which by itself, or with other data available to you, can be used to identify me. You are Impact Assessors and act as data controllers and data processors. This data protection statement sets out how you will use my personal data. I can contact you at enquiries@impactassessors.com, 0330 2020236 or at PO Box 126, Biggleswade, Bedfordshire. SG18 9XY if I have any questions.
 
This statement relates to the use of personal data obtained either directly from me or via third parties you are contracted to provide services to, such as my vehicle insurance company. Any references to ‘you’ or ‘your’ are references to Impact Assessors.

The types of personal data you collect and use

You will use my personal data for the reasons set out below. The company requesting my vehicle inspection, in order to perform the service you are contracted for, will provide you most of this. The personal data you use about me may include:
 
  • Full name and personal details, including contact information (e.g. home and business address, email address, home, business and mobile phone numbers);
  • Vehicle registration;
  • Vehicle Identification Number (VIN); and
  • Vehicle insurance policy number.

Providing my personal data

You will tell me if providing some personal data is optional, including if you ask for my consent to process it. In all other cases I must provide my personal data so you can perform my vehicle assessment.

Monitoring of communications

Subject to applicable laws, you will monitor and record my calls, emails, text messages and other communications relating to my dealings with you. You will do this for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of your communications systems and procedures, to check for obscene or profane content, for quality control and staff training, and when you need to see a record of what has been said. You may also monitor activities associated with the service you provide me for these reasons. Your legitimate interests or your legal obligations justify this. 

Using my personal data: the legal basis and purposes

You will process my personal data:
  1. As necessary to perform the service you are contracted for, e.g:
    1. To contact me to arrange to inspect my vehicle;
    2. To provide a report to the requesting vehicle insurance company; and
    3. To agree a valuation for my vehicle and conclude settlement, where necessary.
  2. As necessary for your own legitimate interests or those of other persons and organisations, e.g:
    1. For good governance, accounting, managing and auditing your business operations; and
    2. To monitor emails, calls, other communications, and activities on the service you provide.
  3. As necessary to comply with a legal obligation, e.g:
    1. When I exercise my rights under data protection law and make requests;
    2. For compliance with legal and regulatory requirements and related disclosures; 
    3. For establishment and defence of legal rights; and
    4. For activities relating to the prevention, detection and investigation of crime.
  4. Based on my consent, e.g:
    1. When I request you to disclose my personal data to other people or organisations such as a company handling a claim on my behalf, or otherwise agree to disclosures.
 
I am free at any time to change my mind and withdraw my consent. The consequence might be that you cannot do certain things for me.  

Sharing of my personal data

Subject to applicable data protection law you may share my personal data with:
 
  • My vehicle insurance company / the company requesting you to inspect my vehicle;
  • Sub-contractors and other persons who help you provide your products and services;
  • Companies and other persons providing services to you;
  • Your legal and other professional advisors, including your auditors;
  • Regulatory bodies such as the Information Commissioner’s Office;
  • Courts, to comply with legal requirements, and for the administration of justice;
  • Other parties where necessary in an emergency or to otherwise protect my vital interests;
  • Other parties where necessary to protect the security or integrity of your business operations;
  • Other parties when you restructure or sell your business or its assets or have a merger or re-organisation; and
  • Anyone else where you have my consent or as required by law.

International transfers

You will not transfer my data outside the UK.

Data anonymisation and aggregation

My personal data will not be converted into statistical or aggregated data.  

Automated decision making and processing

You do not undertake automated decision making or processing.

My marketing preferences

You will not use my personal information for marketing purposes.

Criteria used to determine retention periods

The following criteria are used to determine data retention periods for my personal data:
 
  • Retention in case of queries. You will retain my personal data as long as necessary to deal with my queries;
  • Retention in case of claims. You will retain my personal data for as long as I might legally bring claims against you; and
  • Retention in accordance with legal and regulatory requirements. You will retain my personal data based on your legal and regulatory requirements.  

My rights under applicable data protection law

My rights are as follows (noting that these rights don’t apply in all circumstances):
 
  • The right to be informed about your processing of my personal data;
  • The right to have my personal data corrected if it is inaccurate and to have incomplete personal data completed;
  • The right to object to processing of my personal data;
  • The right to restrict processing of my personal data;
  • The right to have my personal data erased (the “right to be forgotten”);
  • The right to request access to my personal data and information about how you process it;
  • The right to move, copy or transfer my personal data (“data portability”); and
  • Rights in relation to automated decision making including profiling.

I have the right to complain to the Information Commissioner’s Office which has enforcement powers and can investigate compliance with data protection law: ico.org.uk