Privacy Policy

ClaimsCog EU Privacy Notice

Last Updated: February 20, 2023

Who we are

ClaimsCog is a global, independent provider of claims management solutions, providing integrated claims services, business process outsourcing and consulting services worldwide to the risk management and insurance industry, as well as to self-insured entities. We are committed to protecting the privacy of the personal information we collect and providing clear information about how we handle personal information. We encourage you to read this Notice carefully so that you understand how we treat your personal information and what rights you may have.

Scope of this privacy notice

Your privacy is important to us. We have developed this EU Privacy Notice (the “EU Privacy Notice” or the “Notice”) to provide information about how the ClaimsCog Group handles personal information that is subject to the EU General Data Protection Regulation as well as associated European Union/European Economic Area (“EEA”) national laws (collectively, in this Notice the “GDPR”).

This EU Privacy Notice explains how ClaimsCog and its affiliated and subsidiary companies (together, “ClaimsCog”, “we”, “us” or “our”) handle the personal information that is subject to the GDPR, which we collect about individuals:

  • that use our websites and associated services
  • who are our former, current and prospective clients
  • who communicate with us
  • who otherwise use our products or engage with us regarding our loss adjusting, third party claims administration and other claims management and related services (our “Services”)
  • other individuals whose personal information we receive in providing the Services

This EU Privacy Notice is intended to disclose the personal information that we collect from these individuals subject to the GDPR, and to explain how we use and disclose this personal information, as well as the choices and rights individuals have regarding this personal information. This Notice does not apply to the personal information that we process about current and former employees, which is subject to different respective employee privacy notices. This EU Privacy Notice also does not cover any third-party websites or services.

ClaimsCog’s Online Privacy Policy: For users outside the EU, the ClaimsCog Online Privacy Policy, available here, applies to all users of our relevant websites, associated pages and online services.

For the purposes of the GDPR, and unless you are explicitly notified otherwise, ClaimsCog International, Inc. is the controller of your personal information, and where the processing of personal information is also undertaken by other ClaimsCog Group companies with whom you engage, they are joint controllers with ClaimsCog International, Inc. for your personal information. See the “Questions, Concerns and Contact Details” section below for a list of relevant ClaimsCog Group controllers and their locations, as well as details on how to contact ClaimsCog or exercise your rights with respect to your personal information.

Client claims data

Our primary business is to provide claims management and related services globally – including third party claims administrator services, loss adjusting and associated risk, consulting and other services. Generally, we provide these services to entities that provide coverage, issue or underwrite the policies or are otherwise responsible for payment of the claims that we handle. We refer to these entities as “insurers” which broadly includes insurance companies, brokers, agents, underwriters, self-insured entities and other entities that issue or underwrite policies, provide coverage for or otherwise make decisions regarding the claims we handle.

As a part of our claims management services, we process claims and handle administrative functions for insurers, such as receiving notices of claims, administering forms and documentation requests and proving support-related services to policy holders and claimants. We also help insurers evaluate, assess and establish their liability for claims and make recommendations related to the settlement of claims, including payments, repairs and replacements. We process personal information during the course of providing our claims management activities to insurers.

Our respective clients – the insurers – are data controllers of the claims data that we process on their behalf and our processing of personal information is subject to the instructions of our respective clients – not this EU Privacy Notice. While our role depends upon the relevant circumstances, ClaimsCog is generally a data processor of the personal information that we process in the course of providing our claims handling services to insurers; we only process such personal information on behalf of and under the instruction of our clients or where otherwise required by EU data protection law.

Information we collect

We may collect personal information directly from you, such as when you register for news and information, contact us online or submit forms through the Sites. We may also collect personal information from third parties and automatically through your use of the Sites and Services. In this Notice, “personal information” means any information that identifies or could be used to identify an individual person.

Where the personal information we collect is needed to comply with law, or to enter into or perform an agreement with you, we will inform you accordingly at the time of collection. If you decline to provide us any required personal information, we may be unable to provide products or services to you.

Information we collect directly

We may collect personal information about you in the course of operating our business, including through your use of our Sites, when you contact or request information from us, when you engage or use our Services or as a result of your relationship with one or more of our staff and clients. For example when you:

  • engage us to perform the Services
  • request information from us or submit other enquiries
  • participate in events we host or sponsor
  • meet with us at our offices
  • contact us for client relations or customer support purposes
  • access Services we make available to you, whether online, through the Sites or otherwise
  • enquire about or apply to job openings
  • seek to work with us, or accept requests from us to provide professional, expert, consultant or contractor services
  • receive or request customer support or other services
  • contact or communicate with us online, by email, postal mail, fax or otherwise

Typically, the personal information you give us may include name, business affiliation, address, telephone number, email address and any personal details required to resolve any enquiries or complaints. If you are seeking to work with us, or accept requests from us to provide professional, expert, consultant or contractor services related to our provision of Services, we may collect additional information about your qualifications and experience, as well as (where permitted by applicable law) any criminal convictions. Where you are applying for employment with us, you will be asked to provide relevant information, for example about your education, employment history and right to work, pursuant to a specific privacy notice for job candidates.

Information we collect from third parties

We may also obtain information about you from third parties, including your employer, our clients and other parties, as well as publicly accessible sources. We may also collect information about how users interact with us or share content on our social media pages. The personal information we may receive as a result of providing our Services to clients may include a variety of different personal information depending on the Services provided. For example, we may receive names and relevant business contact information from our clients, which may be related to their employees, agents or other authorised parties. We also may conduct background checks or identity verifications related to applicants, suppliers, providers and other third parties, to the extent permitted by law and necessary to protect ourselves, clients and third parties from fraud and misconduct. We also perform sanctions screening and anti-money laundering checks, as required and permitted by applicable law.

If you request access to certain Services or restricted or protected information from us, we may need to contact third parties (such as your employer) to verify that you are authorised; we may take steps to verify your authorisation and identity, including by requesting additional information from you or third parties (such as the clients for whom we are acting).

Information we collect automatically

We may also collect certain information automatically when you interact with or use our Sites and Services.

Usage Data and Log Files. We use cookies, log files, pixel tags, local storage objects and other tracking technologies to automatically collect information when users access or use the Sites or any online services that we make available, such as IP address, general location information, domain name, page views, a date/time stamp, browser type, device type, device ID, Internet service provider (‘ISP’), referring/exit URLs, operating system, language, clickstream data and other information about the links clicked, features used, size of files uploaded, streamed or deleted as well as similar device and usage information. This automatically-collected information may also include hashed identifiers derived from email addresses for the purposes of cross-device tracking for targeted advertising. For more information, see the “Cookies, Analytics and Targeted Ads” section below.

Monitoring of Communications. Subject to applicable laws, we may monitor and record calls, emails and other communications with us. We do this to protect the security of our communications systems and procedures, for quality control and staff training purposes, fraud detection and prevention and when we need to see a record of what has been said between us. We will also monitor for regulatory compliance (where applicable) as well as crime prevention and detection purposes.

Other information

As noted, we handle personal information as a result of providing our claims handling and related Services to our clients. This information may include claims-related information, transactional details, health, disability and medical information, identification information and other information. Our handling of this personal information is subject to our client agreements and our clients’ respective policies – not this EU Privacy Notice – since we are acting on behalf of and under the instruction of our clients (i.e., as a data processor).

Purposes and legal bases for our use of personal information

In the course of conducting our business, we use personal information to provide and improve our Services, to process job applications, to provide information about our products and Services, to respond to requests and to otherwise communicate with you and others.

Please note: as explained, we collect certain personal information in the provision of our Services (including claims handling services), subject to our client agreements; we use such personal information only as a data processor, acting on behalf of and under the instructions of our clients or where otherwise required by applicable law. Our clients are responsible for determining and notifying individuals of the purposes and legal bases of our processing of personal information as their data processor

Legal bases for our processing of personal data

In general, we use personal information for the purposes set out in the table below, under the following legal bases:

  • Our Contract with you. As necessary to enter into or perform any contract with you.
  • Comply with law. For compliance with our legal obligations under EU law, including responding to legal and regulatory requests and court orders.
  • Our legal rights. As necessary to establish, defend and protect our legal rights and interests, or those of third parties.
  • Our legitimate interests. Pursuant to our legitimate business interests that are not overridden by your interests and fundamental rights, such as to ensure that we provide high quality, efficient and timely client service, to improve the way we deliver our Services, to develop new offerings and tools, for industry benchmarking and trend analysis, to deliver more relevant content and information, to secure our and our clients’ systems and to prevent misconduct and fraud. As set forth in the “Your Rights” section below, you have the right to object to our processing of your personal information on the basis of our legitimate interests and we must stop such processing unless we have a compelling interest in the continued processing that overrides yours.
  • Your consent. With your express consent, such as where we process special categories of information.

Purposes of processing

In general, we process your personal information for the purposes set out in the table below. We may also create anonymous and aggregated data sets and reports in order to assess, improve and develop our business, products and the Services, prepare industry and other benchmarking reports and for other research and analytics purposes; provided this data is not identifiable, and cannot be linked or re-identified, to a particular individual, it is no longer subject to the restrictions in this Notice or the GDPR.

Purposes of processing

Legal bases

Verifying Identity and Authorisation

· To verify the identity of clients, contacts, partners, applicants and others with whom we do business or who we are considering for contractor, consulting or other business relationships

· To confirm or verify that individuals are authorised to access, use or provide information or services

· Our Contract with You

· Comply with Law

· Your Consent

· Our Legitimate Interests

Providing Support and Services

· To provide and operate our Services and the Sites, communicate with you about your use of the Services, respond to your enquiries, perform troubleshooting, fulfil your orders and requests, process your payments, complaints and enquiries as well as to provide technical support

· For other customer service and support purposes

· Our Contract with You

· Our Legal Rights

· Our Legitimate Interests

Improving Services and Analytics

· To better understand how users access and use the Sites, Services and other products and offerings, and for other research and analytical purposes

· To evaluate and improve our Services and business operations and to develop additional products, services and features

· Our Legitimate Interests

· Our Legal Rights

Personalised Support and Services

· To tailor content we send to you or display on the Sites in order to offer location customisation and personalised help and instructions

· To otherwise personalise your experiences with us

· Our Legitimate Interests

· Your Consent

Marketing and Promotions

· For direct marketing and promotional purposes

· To send you newsletters, special offers or promotions and contact you about our products or Services as well as information we think may interest you. If you are located in a jurisdiction that requires opt-in consent to receive electronic marketing messages, we will only send you such messages if you opt-in to receive them

· We do not use the information we collect from third parties in providing the Services or handling specific claims for marketing and promotional purposes

· Our Legitimate Interests

· Your Consent

Protecting Our Legal Rights and Prevent Misuse

· To protect the Sites, Services and our business operations; to prevent and detect fraud, unauthorised activities and access, and other misuse

· Where necessary to investigate, prevent or take action regarding illegal activities, suspected fraud or situations involving potential threats to the safety or legal rights of any person or third party

· To investigate or prevent violations, to enforce our Terms of Use and agreements or this EU Privacy Notice

· Our Legitimate Interests

· Our Legal Rights

Complying with Legal Obligations

· To comply with the law or legal proceedings

· To respond to legal process or law enforcement requests as required by regulators or public authorities

· For example, in response to subpoenas, court orders and other lawful requests by regulators, courts and law enforcement agencies, including responding to national security or law enforcement disclosure requirements

· Comply with Law

· Our Legitimate Interests

· Our Legal Rights

General Business Operations

· Where necessary to the administration of our general business, accounting, recordkeeping and legal functions

· As part of our routine business administration, such as employee training, compliance auditing and similar internal activities

· Our Legitimate Interests

· Our Legal Rights

Disclosure of information

We may disclose your personal information as set forth below:

  • ClaimsCog. As a global company, your personal information may be shared amongst our affiliates and subsidiary companies, whose handling of your personal information is subject to this EU Privacy Notice.
  • Providers. We may share your information with third-party service providers who use this information to perform services for us, such as payment processors, hosting providers, auditors, advisors, law firms, consultants and customer service and support providers. We may also share information with third-party providers as necessary to perform our Services to you.
  • Enterprise users. If you communicate with us or engage us to perform the Services on behalf of your company (our client), we may share with that client information about our interactions with you.
  • Business transfers. We may disclose or transfer information, including personal information, as part of any merger, sale and/or transfer of our assets, acquisition or restructuring of all or part of our business, bankruptcy or similar event, including related to due diligence conducted prior to such event where permitted by law.
  • Legally required. We may disclose your personal information if we are required to do so by law or regulation (e.g., to law enforcement, courts or others, e.g., in response to a subpoena or court order).
  • Protect our rights. We may disclose information where we believe it is necessary to respond to claims asserted against us or to comply with legal process (e.g., subpoenas or warrants), enforce or administer our agreements and terms, for fraud prevention and detection, risk assessment, investigation and to protect the rights, property or safety of Crawford, our clients and customers, our staff or others.
  • Anonymised and aggregated data. We may share aggregate or de-identified information with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual.
  • Client services and claims-related personal information. As noted above, we are a service provider to our clients, and a data processor with respect to the personal information we collect in performing our Services (including claims handling services). Any personal information we collect related to handling claims on behalf of our clients may be disclosed to such clients or others as directed by our clients; such disclosures are subject to our clients’ policies.

Cookies, analytics and targeted ads

We and our service providers use cookies, pixels, java script and other tracking mechanisms to track information about your use of our Sites and Services and we may combine this information with other information, including personal information, we collect about you. We may also work with third-party ad networks, analytics companies, measurement services and others to display advertising on our Services, and to manage our advertising on third-party sites, mobile apps and online services. Please also see our Cookie Policy for more information about how we use cookies and work with third-party ad networks and analytics providers.

Direct marketing

We may send periodic promotional emails to you and where required by law we will obtain your consent to do so. You may opt-out of such communications by following the opt-out instructions contained in the email. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you emails about your account or any Services you have requested or received from us.

International transfers

We are a global company and the data that we collect from you may be transferred to, accessed or stored in, and subject to requests from law enforcement in, jurisdictions outside of your home jurisdiction, including the United States, the Philippines, Australia, Canada, the European Union and other jurisdictions, in which we or our service providers operate. Some of these jurisdictions, including the United States and the Philippines, may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements.

If you are in the EEA and we process your personal information in a jurisdiction that the European Commission has deemed to not provide an adequate level of data protection (a “third country”), we will implement measures to adequately protect your personal information, such as putting in place standard contractual clauses approved by the European Commission or another measure that has been approved by the European Commission as adducing adequate safeguards for the protection of personal information when transferred to a third country. You have the right to obtain a copy with details of the mechanism under which your personal information is transferred outside of the EEA; you may request such details by contacting us as set forth in the “Questions, Concerns and Contact Details” section below.

Security

We take information security seriously. We have implemented appropriate safeguards and technical measures to protect the security, confidentiality and integrity of the personal information we collect and maintain. However, no data security measures can guarantee 100% security.

Retention of your personal data

As a general rule, we retain your personal information for as long as necessary to fulfil the purposes for which it was collected or as necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records and enforce our agreements. In general, we will retain relevant personal information of Site visitors for at least three years from the date of our last interaction with you and in compliance with our obligations under applicable laws. With respect to the claims-related data and files we handle as a processor, we retain this personal information in accordance with our clients’ instructions. We may retain personal information for longer where required by our regulatory obligations, professional indemnity obligations or where we believe it is necessary to establish, defend or protect our legal rights and interests or those of others.

Your rights

We will take steps to maintain accurate and complete personal information about you. In order to do so, we need you to notify us of changes in your personal circumstances (for example, change of address) so that we can update our records. Subject to the conditions set out in the applicable law, you have the following rights with regard to our processing of your personal information:

Right of access. If you ask us, we will confirm whether we are processing your personal information and, if necessary, provide you with a copy of that personal information (along with certain other details). If you require additional copies, we may charge a reasonable fee.

Right to correction (rectification). If the personal information we hold about you is inaccurate or incomplete, you are entitled to request to have it corrected. If you are entitled to have information corrected and if we have shared your personal information with others, we will let them know about the rectification where possible. If you ask us, we will also tell you, where possible and lawful to do so, with whom we have shared your personal information so that you can contact them directly.

Right to erasure. You can ask us to delete or remove your personal information in some circumstances, such as where we no longer need it or if you withdraw your consent (where applicable). If you are entitled to erasure and if we have shared your personal information with others, we will let them know about the erasure where possible. If you ask us, we will also tell you, where it is possible and lawful for us to do so, with whom we have shared your personal information with so that you can contact them directly.

Right to restrict (block) processing. You can ask us to restrict the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information or you object to our use or stated legal basis. If you are entitled to restriction and if we have shared your personal information with others, we will let them know about the restriction where it is possible for us to do so. If you ask us, we will also tell you, where it is possible and lawful for us to do so, with whom we have shared your personal information so that you can contact them directly.

Right to data portability. You have the right, in certain circumstances, to receive a copy of personal information we have obtained from you in a structured, commonly used and machine readable format, and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.

Right to object to marketing. You can ask us to stop processing your personal information to the extent we do so on the basis of our legitimate interests, including marketing purposes. If you do so, we will stop such processing for our marketing purposes. Where our processing is on the basis of our other legitimate interests, we must stop such processing unless we have compelling legitimate grounds that override your interest or where we need to process it for the establishment, exercise or defence of legal claims. Where we are relying on our legitimate interests (other than marketing), we believe that we have a compelling interest in such processing but we will individually review each request and related circumstances.

Rights regarding automated decision-making. You have the right not to be subject to a decision when it is based on automatic processing if it produces a legal effect or similarly significantly affects you, unless it is necessary for entering into or performing a contract between us.

Right to withdraw your consent. In the event your personal information is processed on the basis of your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint. You also have the right to lodge a complaint with a supervisory authority if you consider that our processing of your personal information infringes the law.

Please note that some of these rights may be limited, such as where we have an overriding interest or legal obligation to continue to process the data. Please contact us as indicated in the “Questions, Concerns and Contact Details” section below if you wish to exercise any of your rights or if you have any enquiries or complaints regarding the processing of your personal information by us.

Third-party sites and services

Crawford’s Sites may contain links to third-party websites or services. We are not responsible for the data privacy practices of such third parties, whose practices are subject to their own privacy policies and procedures and not Crawford’s EU Privacy Notice.

Information about children

Our Sites and Services are not directed towards children and we do not encourage children to participate in providing us with any personal information. We do not knowingly collect any personal information from children under the age of 16, without parental consent. If you have reason to believe that a child under the age of 16 has provided personal information to us through the Site or Services without a parent or guardian’s consent, please contact us at [email protected].

Changes to this EU privacy notice

We may update this EU Privacy Notice from time to time to reflect changes, and will post changes by updating the EU Privacy Notice (and effective date) on this page. If we make any material changes that affect how we treat your personal information, we will endeavour to notify you in advance, such as by prominently posting a notice on this website or by directly sending you a notification. We encourage you to periodically review this website and our EU Privacy Notice to understand how ClaimsCog protects your personal information. Once effective, the revised EU Privacy Notice will apply to you and your personal information.

Questions, concerns and contact details

If you have questions or concerns regarding this EU Privacy Notice or would like to exercise your data subject rights regarding your personal information, please contact us:

ClaimsCog
Gemini Business Centre
140 Old Shoreham Road
Hove
BN3 7BD