Privacy Policy | Claims Engine

1. Data Controller

Claims Engine Ltd (“Claims Engine”, “we”, “us”) is the Data Controller for personal data collected through this website and in connection with our claims management services.

Registered Address: 1 Example Street, London, EC1A 1AA
Email: privacy@claimsengine.co.uk
DPO: dpo@claimsengine.co.uk

We are registered with the Information Commissioner’s Office (ICO). Registration Number: ZA000000.

2. What Personal Data We Collect

We collect the following categories of personal data:

Category	Examples
Identity Data	Title, first name, last name, middle names, date of birth
Contact Data	Email address, mobile number, postal address
Financial Data	Finance agreement type, lender name, vehicle registration, agreement dates
Technical Data	IP address, browser type and version, cookie data, referring URL
Usage Data	Pages visited, time spent, clicks, form completions
Signature Data	Electronic signature image
Communications	Emails, messages, and correspondence between you and Claims Engine

We do not intentionally collect special category data (such as health, race, or biometric data). If you voluntarily provide such information, we will treat it with appropriate care.

3. How We Use Your Personal Data

We process your personal data for the following purposes:

Processing your claim: To assess eligibility, prepare and submit your complaint, and manage the claims process on your behalf.
Communication: To keep you informed about the progress of your claim and respond to your enquiries.
Contractual obligations: To fulfil our obligations under our Terms and Conditions.
Legal compliance: To comply with our regulatory obligations under FCA rules and applicable law.
Service improvement: To analyse how users interact with our website and improve our services.
Marketing (with consent): To send you information about related services, where you have given consent.

4. Legal Basis for Processing

Purpose	Legal Basis (UK GDPR)
Processing your claim	Performance of a contract (Art. 6(1)(b))
Legal compliance	Legal obligation (Art. 6(1)(c))
Fraud prevention	Legitimate interests (Art. 6(1)(f))
Service improvement and analytics	Legitimate interests / Consent (Art. 6(1)(a) or (f))
Marketing communications	Consent (Art. 6(1)(a))
Processing financial data	Performance of a contract / Legitimate interests

5. Who We Share Your Data With

We may share your personal data with the following categories of recipients:

Lenders and finance companies: Shared as necessary to submit and pursue your claim.
Financial Ombudsman Service (FOS): If your complaint is escalated, we share relevant data with the FOS.
Solicitors: Where legal proceedings are required, we may share data with regulated solicitors acting on your behalf.
IT service providers: Including hosting, database, and analytics providers operating under data processing agreements.
Regulatory authorities: Including the FCA and ICO, where required by law.
Credit reference agencies: Solely for the purpose of soft credit searches in connection with your claim.

We do not sell your personal data to third parties. We do not share your data for third-party marketing purposes without your explicit consent.

6. How Long We Keep Your Data

We retain personal data for as long as necessary for the purposes described in this policy, and in accordance with our legal and regulatory obligations:

Active claims: For the duration of the claim and 7 years thereafter (FCA regulatory requirement).
Unsuccessful or cancelled claims: 3 years from cancellation or closure.
Marketing data: Until you withdraw consent or we cease marketing activities.
Technical and analytics data: Up to 26 months (Google Analytics default).

7. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

Right of Access: You may request a copy of the personal data we hold about you (Subject Access Request).
Right to Rectification: You may request that inaccurate or incomplete data is corrected.
Right to Erasure: You may request deletion of your data, subject to our legal obligations (e.g. regulatory retention requirements).
Right to Portability: You may request that we provide your data in a structured, machine-readable format.
Right to Object: You may object to processing based on legitimate interests or for direct marketing.
Right to Restrict Processing: You may request restriction of processing in certain circumstances.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting prior processing.

To exercise any of these rights, please contact our Data Protection Officer at dpo@claimsengine.co.uk. We will respond within one month. If you are unsatisfied, you have the right to lodge a complaint with the ICO at ico.org.uk.

8. Cookies

We use cookies and similar tracking technologies on our website. For full details of the cookies we use and how to manage them, please see our Cookie Policy.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

SSL/TLS encryption for all data transmitted via our website;
Encrypted storage of sensitive data;
Access controls limiting data access to authorised personnel only;
Regular security assessments and staff training.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO within 72 hours as required by UK GDPR.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on our website. The “last updated” date at the top of this policy reflects the most recent revision.