Halliwell Forensics Limited, Ireland branch – GDPR Statement

Summary

We value the privacy of your personal information.

This Privacy Statement of Halliwell Forensics Limited, operating through its Ireland branch outlines how we collect, hold, use and disclose your personal information in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Act 2018 (Ireland).

For the purposes of GDPR, Halliwell Forensics Limited, Ireland branch, may act either as a data controller, a joint controller, or a data processor, depending on the circumstances.

In most cases, where we are instructed by insurer or corporate clients to carry out forensic or investigative services, we act as a data processor on their behalf and process personal data strictly in accordance with their instructions.

In some circumstances, where we provide services directly and are not acting on the instructions of a third‑party client (for example, where we are engaged directly by an individual or organisation), Halliwell Forensics Limited, Ireland branch, acts as the sole data controller and determines the purposes and means of processing personal data.

By visiting our website, using any of our services, or providing us with your personal information, you acknowledge that your personal information will be processed as described in this Privacy Statement.

Where we obtain personal data indirectly, this will normally occur on the instructions of our clients as data controllers and on the lawful bases they rely on. This may include relying on any consent you have previously provided to those clients or controllers to share your personal data with third parties such as us for the purposes of investigating and managing claims or related matters, as well as other lawful bases such as necessity for insurance claims handling, fraud prevention, or compliance with legal obligations.

The Purposes for Which We Hold, Use and Disclose Personal Information

We collect personal information to assist our clients in forensically investigating loss incidents (e.g. when we act for an insurer, this will involve us collecting personal information from insureds, claimants and other third parties involved in the claim, as well as checking the validity of such information).

We hold limited personal data which we use to inform our clients’ employees about corporate events and services that we provide. No such communication will be sent to individuals who withdraw their consent or otherwise opt out of such communications.

We also use the personal information that we hold, to contact you, to notify you about changes to our service, to verify your identity, and to provide customer support.

We provide the personal information we collect to our insurer clients, their agents and advisers such as lawyers. This is to assist the insurer or their agent to manage and administer their relationship with the insured, and to decide or advise on payment of a claim. We also provide personal information to other third parties who can confirm the information provided to us (e.g. repairers, witnesses to a claim or law enforcement agencies) to assist us in providing our insurance claims services (e.g. our investigators and other agents and contractors) or to assist with asset management assignments.

Where we disclose information to third parties, we limit the use and disclosure of personal information provided to us by them for the purposes for which we collected it (e.g. in relation to the handling or settlement of the relevant claim). Our insurer clients, their agents, advisers and other relevant third parties may have their own privacy policy that contains information about their privacy practices and how you can access any personal information they hold about you, seek correction of it or make a complaint about a breach of the GDPR.

We may also hold and use your personal information, and disclose your personal information to relevant third parties for the following purposes:

  • To deal with enquiries – we may need to collect your personal information to answer an enquiry you make;
  • Dealing with a complaint – for example a complaint made by you in respect of service provision;
  • Maintaining and improving our service, auditing, quality assurance and training – for example, we may review your personal information to identify how our services can be improved;
  • Assisting with the claims process by providing your name address and phone numbers to contractors
  • Other purposes – for any other purpose communicated to you at the time we collect your personal information or otherwise permitted or required by law.

Occasionally we may be required or authorised to collect personal information because of laws in Ireland or an order of a Court / Tribunal. If we are collecting personal information for this purpose, and we are permitted to do so, we will inform you.

International Transfers

We may transfer your personal data outside of Ireland where a relevant third party, such as an insurer, reinsurer or their authorised representatives, is located outside of Ireland. Insurers are most commonly located in UK, Europe and USA.

Where this occurs, we ensure that appropriate contractual arrangements are in place requiring those parties to comply with applicable Irish and EU data protection laws, and with our information security requirements. Any such international transfers are carried out in accordance with GDPR, including where applicable through the use of EU adequacy decisions, Standard Contractual Clauses approved by the European Commission, and other appropriate safeguards.

Where we collect personal information from you, please let us know if you have any objections to that information being disclosed to the categories of third parties referred to above, where such disclosure is permitted by law.

Categories of Data

The categories of personal data we process when handling claims are determined by the data controllers we are acting for and based on their instructions to us, or, where we act as a sole data controller, by reference to the purposes described in this Privacy Statement.

Personal Information We Collect and Hold

The personal information we collect and / or hold about you and other individuals (such as a co-insured or your spouse, partner or children) may include:

  • name, date of birth and gender of you, your colleagues/employees and/or family members,
  • contact details such as address, phone, fax and email of said persons
  • medical data;
  • county court judgements;
  • information relevant to providing a service such as:
  • your claims history;
  • information obtained as part of the investigation of a loss (e.g. information on a police report);
  • details of insurance policies you hold or have held; and
  • sensitive information such as criminal records (e.g. where this information is relevant to investigating an incident).

Medical data constitutes special category personal data under Article 9 GDPR. Information relating to criminal convictions or offences constitutes criminal offence data under Article 10 GDPR. We process such data only where necessary for the purposes explained above and in accordance with applicable data protection requirements, including the implementation of appropriate safeguards.

What Happens if You Don’t Give Us Your Personal Information

If you don’t provide us with the required personal information, we and our clients may not be able to provide you with some or all services (e.g. we may not be able to access or assess your claim).

How We Collect Information 

We may collect personal information about you and other individuals in various ways including:

  • over the phone, including telephone recordings;
  • audio/visual recordings, including CCTV;
  • in person;
  • when we interview witnesses or other third parties;
  • when attending site meetings in the notes of those meetings;
  • in writing, including via email and hard copy forms
  • social media or other on-line sources where data is in the public domain

From whom we may collect:

We may collect such information directly from you or through a variety of third parties such as repairers, suppliers, consultants, and the police. We may also collect personal information from publicly available sources such as the phone book or public websites.

When we collect personal information from you about someone else:

We may seek to collect from you, personal information about another person. This may happen if you have personal information about another person which is relevant to a claim. For example, you may have the details of a witness to an incident for which you are claiming under your insurance policy. If you provide us with information about another person, then you must:

  • have their consent or another lawful basis or authority and;
  • tell them:
    – that you are disclosing their personal information to us; and
    – refer them to this Privacy Statement.

How We Hold Personal Information

We hold personal information electronically and on paper / in hard copy.

For the personal information we hold electronically we take reasonable security measures including firewalls, secure logon processes, encryption and intrusion monitoring technologies.

For the information we hold in hard copy / on paper we have in place reasonable confidentiality procedures, and we also take reasonable security measures. We also require third party providers to hold personal information securely.

Data Retention

Your personal information will be retained for a minimum period of seven (7) years for legal, regulatory and accounting purposes, and thereafter only for as long as is reasonably necessary to fulfil the purposes for which it was collected, or as otherwise required by applicable law.

Your Rights

You have the right to withdraw your consent for us to process your personal information at any time where consent is the lawful basis relied upon for that processing. You also have the right to withdraw your consent for us to share your personal information with the third parties identified in this Privacy Statement where such sharing is based on consent.

Please note that withdrawing consent may result in us being unable to continue handling the relevant claim and may adversely affect the services we are instructed to provide by your insurers or other third parties.

You have the right to request rectification of inaccurate personal information, to request restriction of the processing of your personal information, or to object to our processing of your personal information.

You have the right to request the erasure of your personal information where it is no longer necessary for the purposes for which it was collected, or where there is no lawful basis for its continued processing.

Where we have collected your personal information from sources other than directly from you, you have the right to be informed of those sources.

You have the right to ask whether any decisions concerning you are being made by automated means and, where this is the case, to receive information about the logic involved and the potential significance and consequences of such processing for you.

You also have the right to request information about the appropriate safeguards in place where your personal information is transferred to a third country or an international organisation.

We take reasonable steps to ensure that the personal information we collect, use, store and disclose is accurate, up to date and complete. To help us do this, please inform us of any changes to your personal information. If you believe that the personal information, we hold about you is inaccurate, incomplete or out of date, please contact our Data Protection Officer using the contact details set out below to request a correction.

Accessing Your Information – Data Subject Access Request

You can make a written request to access the personal information we hold about you. If we aren’t able to meet your request for access, we’ll let you know why.

You have the rights to the following information:

  • The purpose(s) for which we are processing your information.
  • The categories of personal information we hold about you
  • The recipients or categories of recipient to whom the personal data have been or will be disclosed.
  • The period for which we will store your information; or the criteria used to determine that period

Where we act as a data processor, some of our clients may have a different process for handling such requests, and we will inform you if this is the case.

Exercising Your Rights

You can exercise any of these rights at any time by writing to:

Liz Tubb

Data Protection Officer

compliance@halliwellforensics.com

Complaints About How We Handle Your Personal Information

If you have a complaint about our handling of your personal information or an alleged breach of the principles contained in the GDPR, please contact us and provide us with the details of your complaint / the alleged breach as well as any supporting evidence. You can contact us via the below options:

Liz Tubb
Data Protection Officer
compliance@halliwellforensics.com

We will promptly acknowledge the complaint, carefully investigate it and determine the steps that we will undertake to resolve your complaint. We will contact you if we require any further information and will provide you with our determination once it is made.

If you are unhappy with our determination or are not satisfied with the way your information is handled, you have the right to lodge a complaint with the Irish Data Protection Commission (DPC):

Data Protection Commission

6 Pembroke Row,

Dublin 2,

D02 X963,

Ireland

Website: https://www.dataprotection.ie

Email address: dpo@dataprotection.ie

Webform: https://forms.dataprotection.ie/contact

u003cstrongu003eLimitation of Liability: u003c/strongu003eUNDER NO CIRCUMSTANCES WILL HALLIWELL FORENSICS OR ANY OF ITS AGENTS, EMPLOYEES, DIRECTORS, OFFICERS, SUBSIDIARIES OR AFFILIATED COMPANIES BE LIABLE FOR ANY DAMAGES WHATSOEVER TO YOU INCLUDING, BUT NOT LIMITED TO, ANY DIRECT, ACTUAL, SPECIAL OR CONSEQUENTIAL DAMAGES , THAT RESULT FROM (1) YOUR USE OF, OR YOUR INABILITY TO USE, THIS SITE OR ANY LINKED SITE, OR (2) FROM THE CONTENTS CONTAINED WITHIN THIS SITE OR FROM ANY LINKED SITE, OR (3) ANY VIRUSES, BAD CODE OR OTHER HARMFUL EFFECTS THAT COULD RESULT TO USERS FROM THIS SITE OR ANY LINKED SITE OR (4) DISCLOSURE OF YOUR PERSONAL IDENTIFIABLE INFORMATION THAT MAY OCCUR OVER THE INTERNET FROM YOUR USE OF THIS SITE OR ANY LINKED SITE OR (5) FROM ANY OTHER CAUSE AS A RESULT OF YOUR USE OF THIS SITE OR ANY LINKED SITE, EVEN IF HALLIWELL FORENSICS IS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.rnrnu003cstrongu003ePages with Restricted Access: u003c/strongu003eSome of the pages within this website are restricted to authorized users only. Unauthorized use or access to these pages is strictly prohibited and may subject you to administrative actions and/or criminal prosecution and revocation of access. Halliwell Forensics may monitor and record your usage of these pages. Evidence of your use collected during monitoring or recording may be used for administrative and/or criminal actions. Your further use of these pages constitutes consent to monitoring and recording.rnrnu003cstrongu003eSoftware Licenses: u003c/strongu003eYou acknowledge that any software available or provided to you on this website may contain technology that is subject to strict controls by various agencies of the United States Government. You hereby agree that you will not transfer or export such software from the United States except in accordance with United States export laws and regulations. Halliwell Forensics does not authorize the downloading or exportation of any software or technical data from this website to any jurisdiction prohibited by all applicable laws and regulations.rnrnu003cstrongu003eTermination: u003c/strongu003eYou acknowledge and agree that Halliwell Forensics may terminate or deny access to all or part of the services, products or materials available on this website without prior notice if you engage in any conduct or activities that Halliwell Forensics, in its sole discretion, believes violates any of these terms and conditions or any other rule, regulation or applicable law. Neither Halliwell Forensics nor any of its officers, agents or employees shall be liable to you in the event of such termination.

u003ch2u003eGeneralu003c/h2u003ernThis Agreement constitutes the entire agreement between you and Halliwell Forensics pertaining to this Site and it supersedes any and all other agreements, whether oral or in writing. The failure of Halliwell Forensics to insist upon strict compliance with any of the terms of the Agreement shall not be construed as a waiver with regard to any subsequent failure to comply with such term or provision. This Agreement is personal to you and it may not be assigned by you, although Halliwell Forensics may assign it to any successor in interest. If any provision of this agreement is invalid or unenforceable under law the remaining provisions shall continue in full force and effect and the invalid or unenforceable provision shall be construed as closely as possible to its original intent. This agreement shall be governed by the laws of the United States and the State of Delaware as if the agreement was a contract wholly entered into and to be performed within Delaware. You agree that any breach of this Agreement by you may result in irreparable harm to Halliwell Forensic entitling Halliwell Forensic to equitable relief. Any inquiries or concerns regarding the terms and conditions of this Agreement should be directed to u003ca href=u0022mailto:compliance@HalliwellForensics.comu0022u003eu003cstrongu003eu003cemu003ecompliance@halliwellforensics.comu003c/emu003eu003c/strongu003eu003c/au003e

u003ch2u003ePrivacy Noticeu003c/h2u003ernHalliwell Forensics respects and values the privacy of personally identifiable information (“PII”).  Accordingly, Halliwell Forensics has adopted a Privacy Policy governing privacy practices in our business operations and for our websites (“Sites”).  Our business operations and Sites are not directed at anyone under the age of 18. The purpose of this Privacy Notice is to disclose Halliwell Forensics’ privacy practices.rnrnIf you have questions or concerns regarding the contents of this notice, please contact us at: u003ca href=u0022mailto:compliance@HalliwellForensics.comu0022u003eu003cstrongu003eu003cemu003ecompliance@halliwellforensics.comu003c/emu003eu003c/strongu003eu003c/au003e

u003ch2u003eInformation Collectionu003c/h2u003ernu003cstrongu003ePersonally Identifiable Informationu003c/strongu003e We collect PII as required to operate our business, including, but not limited to, the following:rnu003culu003ern tu003cliu003eInformation we receive related to claim handling, such as the claimant’s occupation, employer, social security and driver’s license numbers, protected health information (“PHI”, as further defined below), non-public personal financial information (“NPFI” as further defined below), and Trade Secrets (as defined below);u003c/liu003ern tu003cliu003eInformation related to your transactions with us, our affiliates, or previous insurers or employers, such as your policy coverage, claim information, premiums, and payment and claim history;u003c/liu003ern tu003cliu003eInformation necessary to process your employment application with us;u003c/liu003ern tu003cliu003eInformation to better understand your needs as they relate to Halliwell Forensics’ products and services; andu003c/liu003ern tu003cliu003eOther PII as required by our business operations or Sites.u003c/liu003ernu003c/ulu003ern“PHI” is defined as personally identifiable health information that is held or transmitted by our company in performance of our contractual obligations with clients. This type of information includes information in electronic, paper, and oral form.rnrn“NPFI” is defined as information of a financial nature that is shared by a current, prospective, or prior client with us in the course of providing products and services to that client. This type of information is not otherwise available to the public and includes, but is not limited to, the following: credit history, financial benefits, national identifiers, account numbers, business records, accounting information involving the client, contracts in which the client is a party, claims which the client is a party to, client’s policy information, and any other data of the client that is financial in nature.rnrn“Trade Secrets” are defined to include any proprietary information of any current, prospective, or prior client that is obtained through the course of our business activities with that client or through the provision of products and services provided by us to the client. This type of information is not otherwise available to the public and includes, but is not limited to, the following: business records, contracts, claims, products, business methods, data processing procedures, marketing strategies, pending projects or proposals, mailing lists, and any other information related to a client’s activities, products, or services, which may or may not be protected or protectable under applicable patent laws.rnrnHalliwell Forensics’ policy is to collect, process, and disclose sensitive PII only if required to comply with legal or contractual obligations, or with your consent.  Sensitive PII includes PHI, and information about medical matters when relevant to a claim.rnrnu003cstrongu003eCookies and Click Streams u003c/strongu003e“Cookies” are small pieces of information that are stored by your browser on your computer’s hard drive for record-keeping purposes. Cookies and other user tracking devices (e.g., local shared objects) are used to determine whether a visitor is unique or whether a visitor has viewed our Website before, and for other website improvement purposes. We may use these tracking devices, including “persistent cookies” that will remain on your computer even after you close your browser, to enable you to have access to your personal content without having to login each time you visit. While most browsers are set to accept cookies and other tracking devices by default, you can set yours to refuse tracking devices or to alert you before accepting them.  However, by disabling tracking devices, you may not have access to the entire set of features of our Sites. Your browser manufacturer has information on changing the default setting for your specific browser.rnrnIn addition to information that you provide us voluntarily, we may collect other non-personally identifiable information in connection with the operation of our Sites, including, but not limited to, Internet Protocol (“IP”) addresses and browser or operating system information. We may also capture click streams, which record what you click on while browsing the Internet, to help us learn what parts of our Sites are most popular and among which audiences. The typical data that we review includes, but is not limited to, audience size, return visit rate, pages visited, time spent on pages, and similar data. This information is used to help optimize our user interface, improve content, and customize our site content and layout to better serve our clients and visitors.  Such information is collected or maintained by us or by service providers acting on our behalf.rnrnIf you have provided us with your email address, we may use this information to contact you, or to identify the pages you view when you visit our sites, the amount of time you spent on them, and other similar data.rnrnu003cstrongu003eInformation Use and Consumer Choiceu003c/strongu003e In the course of conducting our business, we use information you provide to us to handle and analyze claims, to process employment inquiries, or to provide you with information about our products and services.  We may share information you provide to us on an as-needed basis or as otherwise required by law. In certain situations, we will share information about you:rnu003culu003ern tu003cliu003eWith governmental authorities, but only to the extent that we are required to disclose any PII pursuant to the legal process we receive from the governmental authority;u003c/liu003ern tu003cliu003eWith law enforcement agencies;u003c/liu003ern tu003cliu003eWith our affiliated companies or a third party if reasonably necessary to enable them to assist in providing our services to clients, fulfilling the requests you make, or the business transactions you conduct, that relate to claims handling and analysis, employment inquiries, and to or otherwise solely to provide us with contracted services;u003c/liu003ern tu003cliu003eWith credit reference and fraud prevention agencies and other third parties, including insurers and loss adjusters, to prevent and detect fraud;u003c/liu003ern tu003cliu003eTo protect or defend our legal rights or property or the interests of clients or users of our Sites;u003c/liu003ern tu003cliu003eTo respond to claims that any posting or other content violates the rights of third parties;u003c/liu003ern tu003cliu003eTo protect the health and safety of our Website’s users or the general public when there is an emergency.u003c/liu003ernu003c/ulu003e

u003ch2u003eHow we use your Personal Datau003c/h2u003ernWe use this Personal Data to:rnu003culu003ern tu003cliu003eCommunicate with you and other interested parties to manage your claim.u003c/liu003ern tu003cliu003eHold your employment data while you are an employee and for a period thereafteru003c/liu003ern tu003cliu003eSend you important information regarding your claim and other administrative information.u003c/liu003ern tu003cliu003eMake decisions about claim assessment, processing and settlement.u003c/liu003ern tu003cliu003eWhere applicable manage claim disputes.u003c/liu003ern tu003cliu003eProvide improved quality, training and security (for example, with respect to recorded or monitored phone calls to our contact numbers).u003c/liu003ern tu003cliu003ePrevent, detect and investigate crime, including fraud and money laundering, and analysis and manage other commercial risks.u003c/liu003ern tu003cliu003eCarry out market research and analysis, including satisfaction surveys.u003c/liu003ern tu003cliu003eManage our business operations to comply with internal policies and procedures, including those relating to auditing finance, accounting and billing, IT systems, data and website hosting, business continuity, document and print management.u003c/liu003ern tu003cliu003eResolve complaints, and handle requests for data access or correction.u003c/liu003ernu003c/ulu003ernu003cstrongu003eSharing of Personal Data u003c/strongu003ernrnHalliwell Forensics may share your personal data with the following parties for the purposes of claim assessment or as required by law:rnu003culu003ern tu003cliu003eOur group companiesu003c/liu003ern tu003cliu003eOther insurance and distribution partiesrnu003culu003ern tu003cliu003eIn the course of processing claims, we may make Personal Data available to third parties such as reinsurance brokers, appointed representatives, distributors, financial institutions, securities firms and other business partnersu003c/liu003ernu003c/ulu003ernu003c/liu003ern tu003cliu003eOur service providersrnu003culu003ern tu003cliu003eExternal third-party service providers, such as medical professionals, accountants, actuaries, auditors, experts, lawyers and other outside professional advisors; travel and medical assistance providersu003c/liu003ern tu003cliu003eIT systems, support and hosting service providers, document and records management providers and outsourced service providers that assist us in carrying out business activities.u003c/liu003ern tu003cliu003eBanks and financial institutions that service our accounts, third-party claim administrators, claim investigators, construction consultants, engineers, examiners, jury consultants, translators and similar third-party vendorsu003c/liu003ern tu003cliu003ePayroll providers if you are an employee and other employee benefit providersu003c/liu003ernu003c/ulu003ernu003c/liu003ern tu003cliu003eAuthorities and third parties involved in court actionrnu003culu003ern tu003cliu003eWe may share Personal Data with government or other public authorities (including, but not limited to, workers’ compensation boards, courts, law enforcement, tax authorities and criminal investigations agencies); and third-party civil legal process participants and their accountants, auditors, lawyers and other advisors and representatives as we believe to be necessary or appropriate:rnu003culu003ern tu003cliu003eto comply with applicable law and regulations, including those outside your country of residenceu003c/liu003ern tu003cliu003eto comply with legal processu003c/liu003ern tu003cliu003eto respond to requests from public and government authorities including public and government authorities outside your country of residenceu003c/liu003ern tu003cliu003eto protect our operations or those of any of our group companiesu003c/liu003ern tu003cliu003eto protect our rights, privacy, safety or property, and/or that of our group companies, you or othersu003c/liu003ern tu003cliu003eto allow us to pursue available remedies or limit our damages.u003c/liu003ernu003c/ulu003ernu003c/liu003ernu003c/ulu003ernu003c/liu003ern tu003cliu003eOther Third Partiesrnu003culu003ern tu003cliu003eWe may share Personal Data with emergency providers (fire, police and medical emergency services); retailers; medical organizations and providers; travel carriers; credit bureaus; credit reporting agencies; and other people involved in an incident that is the subject of a claim; as well as purchasers and prospective purchasers or other parties in any actual or proposed reorganization, merger, sale, joint venture, assignment, transfer or other transaction relating to all or any portion of our business. To check information provided, and to detect and prevent fraudulent claims, Personal Data (including details of injuries) may be put on registers of claims and shared with other insurers. We may search these registers when dealing with claims to detect, prevent and investigate fraud.u003c/liu003ernu003c/ulu003ernu003c/liu003ernu003c/ulu003ernWe may also outsource some tasks, including the operation of certain Website functions that require access to information you supply online. In such cases, however, we require that the companies acting on our behalf abide by our privacy practices and institute safeguards to protect the confidentiality of your information.rnrnWe may contact you in response to your comments or inquiries, as part of the maintenance of your account with us (if you have one), or in order to complete a transaction that you requested.  We may also contact you to inform you of other products or services we believe may be of interest to you, but we will offer you an opportunity not to receive such communications. If you decide that you do not want to be contacted by Halliwell Forensics or to request that we limit the uses and disclosures of your PII, you can send an email to u003ca href=u0022mailto:compliance@HalliwellForensics.comu0022u003eu003cstrongu003eu003cemu003ecompliance@halliwellforensics.comu003c/emu003eu003c/strongu003eu003c/au003e with such requests.rnrnIf our company or our assets are acquired by another company, or in the event of a merger, consolidation, change in control, transfer of substantial assets, reorganization, or liquidation, we may transfer, sell, or assign to third parties information concerning your relationship with us, including, without limitation, personally identifiable information that you provide and other information concerning your relationship with us. Such third parties will assume responsibility for the personal information collected by us in connection with our business operations or through our Website and such third parties will assume the rights and obligations regarding such information as described in this Privacy Notice.rnrnOutside of the recipients and purposes noted above, we do not use, disclose, sell, or transfer any PII without consent unless required or permitted by law or regulation. Please note that if you choose not to provide such consent and it is required by law before we use, disclose, sell or transfer your PII, including sensitive PII, we may not be able to process your claim, employment inquiry, or other transaction.  The recipients of our data may be located in countries throughout the world. If the recipient is not affiliated with Halliwell Forensic, except as specified above, the recipient’s privacy practices will govern its use and disclosure of the transferred data.rnrnIn the context of an onward transfer Halliwell Forensics, LLC has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. The Halliwell Forensics, LLC shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.rnrnu003ca href=u0022https://www.privacyshield.gov/article?id=7-RECOURSE-ENFORCEMENT-AND-LIABILITYu0022u003eu003cstrongu003ehttps://www.privacyshield.gov/article?id=7-RECOURSE-ENFORCEMENT-AND-LIABILITYu003c/strongu003eu003c/au003ernrnu003cstrongu003eAccess and Correction: u003c/strongu003eAs a claims management company, we know the importance of accurate data. Therefore, we strive to maintain the accuracy of the information that we collect. We will provide you with access to PII you provide to us for as long as we maintain that information in a readily accessible format. Similarly, we permit and encourage you to correct inaccuracies in the information you submit to us. Where required by law, we will also allow you to request deletion or object to processing of your data.  Please note, as stated in the Terms and Conditions above, we do not make representations about the accuracy, reliability, completeness, or timeliness of the contents of our Sites and provide no warranties, express or implied, for the content or accuracy of information on our Sites.rnrnIf you wish to access PII that you have submitted to us, to request the correction of any inaccurate information you have submitted to us, to request deletion of, to object to processing of your data, or to request a paper copy of this Privacy Notice, please send an e-mail that includes your contact information to: u003ca href=u0022mailto:compliance@HalliwellForensics.comu0022u003eu003cstrongu003eu003cemu003ecompliance@halliwellforensics.comu003c/emu003eu003c/strongu003eu003c/au003ernrnu003cstrongu003eSecurity u003c/strongu003eWe recognize the importance of security for your PII and employ reasonable administrative, technical, and organizational safeguards to protect it against loss, misuse, unauthorized disclosure, or unauthorized alteration. Please note, however, that we cannot guarantee that unauthorized third parties will never be able to defeat our protection methods or use your information for improper purposes, or that errors in transmission will not occur, and as such we disclaim and limit any liability for such improper use, disclosure, loss, or misuse in the Terms and Conditions section above.rnrnWe limit access to PII to those employees and contractors working on our behalf who need access in order to carry out their job responsibilities. We maintain physical, electronic, and procedural safeguards that comply with all applicable laws that protect your PII. The computers and servers in which we store PII are kept in a secure environment.rnrnu003cstrongu003eLinks to Other Sites u003c/strongu003eAs noted in the Terms and Conditions above, our Sites may provide links to other websites not owned or controlled by us that we think might be useful or of interest to you. We are not, however, responsible for the privacy practices used by other website owners or the content or accuracy contained on those other websites. You may contact those websites directly for their individual privacy policies.rnrnu003cstrongu003ePrivacy Notice Changes u003c/strongu003eWe reserve the right to revise this Privacy Notice from time to time to reflect changes in our privacy practices. We encourage you to review our Sites, and this Privacy Notice in particular, on a periodic basis for any updates or changes to our privacy practices. Your continued access or use of any one of our Sites shall be deemed to be your acceptance of all privacy practices described in this Privacy Notice, including any changes, whether or not you have reviewed them. Please note that this policy is not intended to and does not create any contractual or other legal rights in or on behalf of either Halliwell Forensic or you or any other party.rnrnHalliwell Forensics complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Halliwell Forensics has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit u003ca href=u0022https://www.privacyshield.gov/u0022u003eu003cstrongu003ehttps://www.privacyshield.gov/u003c/strongu003eu003c/au003ernrnIn compliance with the Privacy Shield Principles, Halliwell Forensics commits to resolve complaints about our collection or use of your personal information.  EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Halliwell Forensics at:u003cstrongu003eu003cemu003e u003c/emu003eu003c/strongu003eu003ca href=u0022mailto:compliance@HalliwellForensics.comu0022u003eu003cstrongu003eu003cemu003ecompliance@halliwellforensics.comu003c/emu003eu003c/strongu003eu003c/au003ernrnHalliwell Forensics has further committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints.  If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint.  The services of EU DPAs are provided at no cost to you.rnrnThe Federal Trade Commission has jurisdiction over Halliwell Forensics compliance with the Privacy Shield. Please be aware that in certain circumstances individuals can invoke binding arbitration for complaints not resolved by other Privacy Shield mechanisms. The following link provides further information: u003ca href=u0022https://www.privacyshield.gov/article?id=ANNEX-I-introductionu0022u003eu003cstrongu003ehttps://www.privacyshield.gov/article?id=ANNEX-I-introductionu003c/strongu003eu003c/au003e

u003ch2u003eHalliwell Forensics GDPR Privacy Statement – UKu003c/h2u003ernu003cstrongu003eSummaryu003c/strongu003ernrnWe value the privacy of your personal information.rnrnThis Halliwell Forensics Privacy Statement outlines how we collect, hold, use and disclose your personal information. By visiting our website, using any of our services, or providing us with your personal information, you agree to your personal information being collected, held, used and disclosed as set out in this Privacy Statement. u003cstrongu003eWe also rely on the consent you gave our clients when they collected your personal data.u003c/strongu003ernrnu003cstrongu003eThe Purposes for Which We Hold, Use and Disclose Personal Information:u003c/strongu003ernrnWe collect personal information to assist our clients in forensically investigating loss incidents (e.g. when we act for an insurer, this will involve us collecting personal information from insureds, claimants and other third parties involved in the claim, as well as checking the validity of such information).rnrnWe hold limited personal data which we use to inform our clients employees about corporate events and services that we provide.  No such communication will be sent to those who withdraw their consent.rnrnWe also use the personal information that we hold, to contact you, to notify you about changes to our service, to verify your identity, and to provide customer support.rnrnWe provide the personal information we collect to our insurer clients, their agents and advisers such as lawyers. This is to assist the insurer or their agent to manage and administer their relationship with the insured, and to decide or advise on payment of a claim. We also provide personal information to other third parties who can confirm the information provided to us (e.g. repairers, witnesses to a claim or law enforcement agencies) to assist us in providing our insurance claims services (e.g. our investigators and other agents and contractors) or to assist with asset management assignments.rnrnWhere we disclose information to third parties, we limit the use and disclosure of personal information provided to us by them for the purposes for which we collected it (e.g. in relation to the handling or settlement of the relevant claim). Our insurer clients, their agents, advisers and other relevant third parties may have their own privacy policy that contains information about their privacy practices and how you can access any personal information they hold about you, seek correction of it or make a complaint about a breach of the GDPR.rnrnWe may also hold and use your personal information, and disclose your personal information to relevant third parties for the following purposes:rnu003culu003ern tu003cliu003eTo deal with enquiries – we may need to collect your personal information to answer an enquiry you make;u003c/liu003ern tu003cliu003eDealing with a complaint – for example a complaint made by you in respect of service provision;u003c/liu003ern tu003cliu003eMaintaining and improving our service, auditing, quality assurance and training – for example, we may review your personal information to identify how our services can be improved;u003c/liu003ern tu003cliu003eAssisting with the claims process by providing your name address and phone numbers to contractorsu003c/liu003ern tu003cliu003eOther purposes – for any other purpose communicated to you at the time we collect your personal information or as required or permitted by law.u003c/liu003ernu003c/ulu003ernOccasionally we may be required or authorised to collect personal information because of laws in the the United Kingdom or an order of a Court / Tribunal. If we are collecting personal information for this purpose, and we are permitted to do so, we will tell you.  We may also transfer your personal information outside the UK where the relevant third party is located outside of the UK (for example, to an insurer and reinsurers and their representatives who are located overseas). Our contractual arrangements with these entities generally include an obligation for them to comply with the UK’s data protection laws and GDPR. They will also be required to confirm with out IT security policies and sign where appropriate EU model clauses (where they are in the EU).rnrnThe categories of personal data we process when handling claims are determined by the data controllers we are acting for and based on their instructions to us.rnrnu003cstrongu003ePersonal Information We Collect and Holdu003c/strongu003ernrnThe personal information we collect and / or hold about you and other individuals (such as a co-insured or your spouse, partner or children) may include:rnu003culu003ern tu003cliu003ename, date of birth and gender of you, your colleagues/employees and/or family members,u003c/liu003ern tu003cliu003econtact details such as address, phone, fax and email of said personsu003c/liu003ern tu003cliu003emedical data;u003c/liu003ern tu003cliu003ecounty court judgements;u003c/liu003ern tu003cliu003einformation relevant to providing a service such as:u003c/liu003ern tu003cliu003eyour claims history;u003c/liu003ern tu003cliu003einformation obtained as part of the investigation of a loss (e.g. information on a police report);u003c/liu003ern tu003cliu003edetails of insurance policies you hold or have held; andu003c/liu003ern tu003cliu003esensitive information such as criminal records (e.g. where this information is relevant to investigating an incident).u003c/liu003ernu003c/ulu003ernu003cstrongu003eWhat Happens if You Don’t Give Us Your Personal Informationu003c/strongu003ernrnIf you don’t provide us with the required personal information, we and our clients may not be able to provide you with some or all services (e.g. we may not be able to access or assess your claim). Where we collect personal information from you, we expect you to tell us if you do not consent to us disclosing the personal information you provide to us to the types of third parties referred to above.rnrnu003cstrongu003eHow We Collect and Hold Personal Information u003c/strongu003ernrnu003cuu003eHow we collect:u003c/uu003ernrnWe may collect personal information about you and other individuals in various ways including:rnu003culu003ern tu003cliu003eover the phone, including telephone recordings;u003c/liu003ern tu003cliu003eaudio/visual recordings, including CCTV;u003c/liu003ern tu003cliu003ein person;u003c/liu003ern tu003cliu003ewhen we interview witnesses or other third parties;u003c/liu003ern tu003cliu003ewhen attending site meetings in the notes of those meetings;u003c/liu003ern tu003cliu003ein writing, including via email and hard copy formsu003c/liu003ern tu003cliu003esocial media or other on-line sources where data is in the public domainu003c/liu003ernu003c/ulu003ernu003cuu003eFrom whom we may collect:u003c/uu003ernrnWe may collect such information directly from you or through a variety of third parties such as repairers, suppliers, consultants, and the police. We may also collect personal information from publicly available sources such as the phone book or public websites.rnrnu003cuu003eWhen we collect personal information from you about someone else:u003c/uu003ernrnWe may seek to collect from you personal information about another person. This may happen if you have personal information about another person which is relevant to a claim. For example, you may have the details of a witness to an incident for which you are claiming under your insurance policy. If you provide us with information about another person, then you must:rnu003culu003ern tu003cliu003ehave their consent to do so; andu003c/liu003ern tu003cliu003etell them:rn– that you are disclosing their personal information to us; andrn– Refer them to this Privacy Statement.u003c/liu003ernu003c/ulu003ernu003cuu003eHolding personal information:u003c/uu003ernrnWe hold personal information electronically and on paper / in hard copy.rnrnFor the personal information we hold electronically we take reasonable security measures including firewalls, secure logon processes, encryption and intrusion monitoring technologies.rnrnFor the information we hold in hard copy / on paper we have in place reasonable confidentiality procedures and we also take reasonable security measures. We also require third party providers to hold personal information securely.rnrnu003cstrongu003eYour Rightsu003c/strongu003ernrnYour information will be held for at least seven years for legal, regulatory and accounting purposes and thereafter for as long as reasonably necessary or as we are contractually required to do so.rnrnYou have the right to withdraw consent for us to process your information at any time.rnrnYou have the right to withdraw consent for us to pass your information to third parties that we have outlined in this policy.rnrnHowever, withdrawing consent may result in us ceasing to handle the claim in question and may prejudice those services for which we are instructed by your Insurers or other parties to perform.rnrnu003cstrongu003eAccessing your information (Subject Access Request):u003c/strongu003ernrnYou can make a written request to access the personal information we hold about you. If we aren’t able to meet your request for access, we’ll let you know why.rnrnYou have the rights to the following information:rnu003culu003ern tu003cliu003eThe purpose(s) for which we are processing your information.u003c/liu003ern tu003cliu003eThe categories of personal information we hold about youu003c/liu003ern tu003cliu003eThe recipients or categories of recipient to whom the personal data have been or will be disclosed.u003c/liu003ern tu003cliu003eThe period for which we will store your information; or the criteria used to determine that periodu003c/liu003ernu003c/ulu003ernSome of our clients have a different process for the handling of these request, we will inform you if this is the case.rnrnu003cstrongu003eFurther Rights:u003c/strongu003ernrnTo rectification or restriction of the way in which we are processing your information; or to object to us processing it.rnrnTo erasure of your personal information provided it is no longer necessary for the purposes for which it was collected; or where there is no legal basis for us processing it.rnrnWhere we have collected information about you from sources other than yourself, information about those sources.rnrnTo ask us whether any decisions are being taken about you by automated means and if this is happening; information about the logic involved and any significant consequences on you.rnrnTo ask us about the appropriate safeguards we take if we transfer your information to a third country or international organisation.rnrnYou can exercise any of these rights at any time by writing to the Data Protection Officer Liz Tubb at u003ca href=u0022mailto:compliance@HalliwellForensics.comu0022u003eu003cstrongu003eu003cemu003ecompliance@halliwellforensics.comu003c/emu003eu003c/strongu003eu003c/au003e If you are not satisfied about the way in which your information is handled you have the right to lodge a complaint to the the Information Commissioner’s Office Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.rnrnu003cuu003eKeeping your information accurate:u003c/uu003ernrnWe take reasonable steps to ensure that the personal information we collect and store, use or disclose is accurate, up-to-date and complete. However, we rely on you to advise us of any changes to your information to help us do so. If you believe your personal information is not accurate, up-to-date or complete, then please let us know. If you’d like to request access to or seek correction of your personal information, please contact us. Our contact details are at the end of this Privacy Statement.rnrnu003cuu003eComplaints about how we handle your personal information:u003c/uu003ernrnIf you have a complaint about our handling of your personal information or an alleged breach of the principles contained in the GDPR, please contact us and provide us with the details of your complaint / the alleged breach as well as any supporting evidence. You can contact us via the below options:rnrnLiz TubbrnData Protection Officerrnu003ca href=u0022mailto:compliance@HalliwellForensics.comu0022u003eu003cstrongu003eu003cemu003ecompliance@halliwellforensics.comu003c/emu003eu003c/strongu003eu003c/au003ernrnRefer to the website – u003ca href=u0022https://www.halliwellforensics.com/u0022u003eu003cstrongu003ewww.halliwellforensics.comu003c/strongu003eu003c/au003e to obtain contact details.rnrnWe will promptly acknowledge the complaint, carefully investigate it and determine the steps that we will undertake to resolve your complaint. We will contact you if we require any further information and will provide you with our determination once it is made. If you are unhappy with our determination, please contact:rnrnu003cstrongu003eTransfer of Information Overseasu003c/strongu003ernrnWe may transfer your personal information overseas if your insurer is not resident in the UK. For example, we may transfer information via email to Insurers, their representatives or our representatives who are located overseas. These insurers are most commonly located in UK, Europe and USA. You should tell us if you object to any such transfer.