ClaimWise UK Limited

Version: 1.0
Effective Date: 07/01/26
Last Review Date: 07/01/26
Next Review Due: 07/01/27

 

1. Introduction

ClaimWise UK Limited (“ClaimWise”, “we”, “us”, or “our”) is committed to protecting and respecting your privacy.

This Privacy Notice explains how we collect, use, store, share, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy applies to:

• Customers and prospective customers
• Website visitors
• Individuals who contact us by phone, email, or online forms

ClaimWise UK Limited operates as a Claims Management Company and is required to process personal data lawfully, fairly, and transparently. Our website has not been designed for use by children and we do not knowingly collect data relating to children.

2. Data Controller Details

Data Controller: ClaimWise UK Limited
Registered Address: 1–6 Pockets Wharf, Swansea, SA1 3XL
Email: info@claimwise.org.uk
Telephone: [To be confirmed]

ClaimWise UK Limited is responsible for determining how and why personal data is processed.

We are not required to appoint a Data Protection Officer (DPO) due to the amount of data that we process. If you have any questions relating to this privacy notice, including any requests to exercise your legal rights please use the below contact information.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Identity & Contact Information

• Full name
• Date of birth
• Postal address & Previous Addresses
• Email address
• Telephone number(s)

3.2 Financial & Claim-Related Information

• Lender details
• Vehicle finance agreement information (e.g. PCP or HP details)
• Commission information
• Supporting documentation relevant to a claim
• Bank details (for fee payments or compensation transfers)

3.3 Verification & Compliance Data

• Proof of identity (where required)
• Credit reference information (soft searches only, where consented)
• Communication records and call recordings

3.4 Technical Data

• IP address
• Browser type and version
• Device information
• Website usage data (via cookies)

3.5 Profile Data

Includes, understanding the services you’ve engaged, your interests, preferences, feedback and analysing the data you have provided as part of the service to improve our services, customer relationships and experiences.

4. How We Collect Personal Data

We collect personal data through:

• Online enquiry and lead-generation forms
• Telephone calls and email correspondence
• Our website
• Credit reference agencies (soft searches only)

5. Lawful Basis for Processing

We process personal data under the following lawful bases as defined by UK GDPR:

• Consent– where you have explicitly agreed
• Contractual necessity– to provide our claims management services
• Legal obligation– to comply with regulatory or legal requirements
• Legitimate interests– where processing is necessary and proportionate

You may withdraw consent at any time where consent is the lawful basis.

6. How We Use Your Personal Data

We use personal data to:

• Contact you following the submission of an enquiry
• Assess eligibility for financial claims
• Act on your behalf in pursuing a financial claim such as mis sold motor finance
• To share any sensitive information with third parties such as lenders
• Communicate with lenders, finance providers, and relevant third parties
• Conduct commission investigations
• To update you regarding the progress of your claim(s)
• Meet regulatory, audit, and compliance requirements
• Ask you to provide a review or complete a customer satisfaction survey
• Improve our services and customer experience
• To respond to any data subject access requests that we may receive from you
• To administer and protect our business and this website (including trouble shooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
• Notifying you about changes to our Terms of Business or Privacy Policy

We do not sell personal data.

SPECIAL CATEGORIES OF PERSONAL DATA

If we identify that you have characteristics of vulnerability, we may collect data relating to your health to ensure we can tailor and adjust our service to your needs and circumstances. We will obtain your consent to obtain and store this data for the sole purpose of delivering our service.

We do not collect any other Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your genetic and biometric data unless you ask us specifically to note these categories). We do not collect any information about criminal convictions and offences.

7. Data Sharing & Third Parties

We may have to share personal data with the parties set out below for the purposes set out above. :

• Lenders and finance providers
• Credit reference agencies (soft searches only)
• Regulatory bodies (including the Financial Conduct Authority, Information Commissioners Office and other authorities acting as processors in the United Kingdom who require reporting of processing activities in certain circumstances, if required)
• IT, CRM, and data hosting providers
• Legal or professional advisers such as Accountants and ComplianceConsultants

Valid8:

• We will disclose personal data to our partner Valid8 IP Ltd for the provision of credit report information which may include Equifax Ltd, Experian Ltd, TransUnion. If you’d like to understand how the credit reference agencies use and share personal data (including the legitimate interests they pursue) please read the Credit Reference Agency Information
• Notice (CRAIN) http://www.transunion.co.uk/crain; https://www.equifax.co.uk/crain/; https://www.experian.co.uk/legal/

All third parties are required to:

• Process data securely
• Use data only for specified purposes
• Comply with UK GDPR
• Please note we will never knowingly allow third-party service providers to use your personal data for their own purposes and only permit them to process your data for specified purposes and in accordance with our strict instruction, of which is contractually in place.

8. International Data Transfers

We do not routinely transfer personal data outside the UK.

If data is transferred outside the UK in future, we will ensure appropriate safeguards are in place, including:

• Adequacy decisions
• Standard Contractual Clauses (SCCs)

9. Data Retention

We will only retain your personal data for as long as is necessary to fulfil our obligations under the provision of our service as well as any purposes necessary to satisfy any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk, of harm of unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, including applicable legal requirements. We will retain call recordings and email correspondence for at least 12 months from our last point of contact with you.

In some circumstances you can ask us to delete your data under the ‘Right to Request Erasure’ However, an erasure request may be partially declined. In the event a complaint has been made, coupled with an erasure request, we will maintain records relating to the complaint, including basic information such as name, and telephone number. In the event that you do not wish to be contacted by us, we are required to maintain a log of this request, withholding applicable data to ensure we no longer contact you further.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Typical retention periods include:

• Claims and client records:up to 6 years after case closure
• Marketing data:until consent is withdrawn

Data is securely deleted or anonymised once no longer required.

10. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

• Secure CRM systems
• Access controls and role-based permissions
• Encryption where appropriate
• Staff training on data protection
• Regular reviews of data handling procedures

11. Your Data Protection Rights

In accordance with GDPR, you, in your capacity as a consumer and as a citizen, are entitled to a range of specific rights as the Data Subject that you may exercise under particular conditions, with a few exceptions

You have the right to:

• Access your personal data – The right of access, commonly referred to as subject access, gives you the right to obtain a copy of your personal data as well as other supplementary information. It helps you to understand how and why we are using your data, and to check we are using it lawfully.
• Request correction of inaccurate data – You have the right to have inaccurate personal data rectified. You may also be able to have incomplete personal data completed – although this will depend on the purposes for the processing. This may involve providing a supplementary statement to the incomplete data.
• Request erasure (“right to be forgotten”) – Under certain circumstances you have the right to have personal data erased. Also known as ‘The right to be forgotten’. The right is not absolute.
• Restrict processing – Under certain circumstances you have the right to request the restriction or suppression of your personal data, and as like the right to erasure, it is not absolute. Restriction of processing means we are permitted to store your personal data; we are unable to use it.
• Object to processing – Under certain circumstances you have the right to object to the processing of your personal data, however you do have the absolute right to object to direct marketing.
• Data portability – You have the right to obtain and reuse your personal data for your own purposes across different services. This eases the copying or transferring of personal data easily from one IT environment to another, safely and securely, without affecting the usability of the data.
• Right to be Informed – You have the right to be informed about the collection and use of your personal data. Your right to be informed forms part of this policy, and provides the purposes for processing your data, our retention periods and who it will be shared with.

Requests can be made by contacting: info@claimwise.org.uk

12. Complaints

DATA SUBJECT ACESS REQUESTS (DSAR)

You have the right to access to your personal information. Also known as a Data Subject Access Request (DSAR). This means you are entitled to obtain the following information about yourself:

• Confirmation that we are processing your personal data;
• A copy of your personal data; and
• Other supplementary information;

A third party may make a request on your behalf. We will require evidence from the third party as to evidence this entitlement. This may take the form of a written authority or be a more general power of attorney.

If you make a request electronically (via electronic means), we will provide the information in a commonly used electronic format unless you have specified otherwise. Please note, we may extend the time to respond by a further two months if the request is complex or you have made multiple requests. As you have the right to be informed, we will always ensure you are notified within one month of receiving the request, accompanied by an explanation.

HOW LONG DO WE HAVE TO COMPLY WITH A REQUEST?

We must act on your subject access request without undue delay and at the latest within one month of receipt. This is calculated as beginning from the day following receipt of the request until the corresponding calendar date the following month. We may request your identity to satisfy the request, however this will be proportionate to the request itself and if we have doubts of the authenticity of identification.

WILL IT COST YOU ANYTHING?

For the vast majority of requests, we cannot charge you a fee. Where the request is manifestly unfounded or excessive, we may charge a reasonable fee to cover the administrative costs of complying with the request. This also applies in the event that you request further additional copies of data following your initial request. This will again be charged as an administrative cost.

If you are unhappy with how we handle your data, you may complain to:

Information Commissioner’s Office (ICO)
Website: www.ico.org.uk

We encourage you to contact us first so we can resolve your concerns.

13. Cookies

Our website uses cookies to improve functionality and user experience. Full details are available in our Cookie Policy.

14. Policy Updates

We may update this Privacy Notice from time to time. The latest version will always be available on our website.

Approved by: Jamal Furreed (Director – ClaimWise UK Limited)
Review Cycle: Annual or upon regulatory change