Charles Taylor Privacy Policy

We take care to protect the privacy of our clients, investors and users of these websites. This Policy explains how we process information about website visitors.

Be aware that Charles Taylor is a combination of separate entities and some have their own Privacy Policies which should be read when dealing with a specific entity. For example the Charles Taylor Assistance Privacy Policy; if you cannot find the link to the entity you are dealing with, please contact our Data Protection Officer (DPO) for assistance.

This Privacy Policy sets out how we process Personal Data (that is, data which allow you to be identified, either on its own or with other data available to us or the public). We have set this out for you under “Fair Processing Notice,”.

We set out below our procedures and explains our policy for retention and deletion of Personal Data.

1.

CHARLES TAYLOR will keep and maintain Data Inventories, listing the categories of all the Personal Data that it processes, including specifying Special Category Personal Data.

2.

CHARLES TAYLOR will keep and maintain a Fair Processing Notice.

3.

CHARLES TAYLOR conducts Data Privacy Impact Assessments upon developing new procedures or processes, or entering into new forms of business which involve the processing of Personal Data likely to result in a high risk to the rights and freedoms of natural persons or involving automated decision-making. The CHARLES TAYLOR DPO shall be responsible for any required prior consultation with the ICO . CHARLES TAYLOR will act in accordance with all its legal obligations in respect of Personal Data.

4.

CHARLES TAYLOR will give effect to rights to information.

5.

Any contracts in which both CHARLES TAYLOR and another entity are joint Data Controllers shall where possible specify their division of responsibilities to maximise the transparency to data subjects, especially regarding their data subject rights.

6. Processing Personal Data for Specified Purposes only

CHARLES TAYLOR maintain the Data Inventories which include:

  • for every type and category of Personal Data, the lawful basis (or bases) [consent; contract; legal obligation; vital interests; or legitimate interests] for its processing;
  • for every type and category of Special Category Personal Data, the exemption (or exemptions) relied upon from prohibition;
  • for every type and category of Personal Data relating to criminal convictions and the like, the provision of applicable data protection law which permits such processing (this type of Personal Data will normally only be processed if CHARLES TAYLOR are advised of, or discover, fraudulent conduct)
  • a record of any circumstances in which CHARLES TAYLOR as data controller or processor relies on its own legitimate interests,

where the processing of Personal Data is for different purposes than the original purposes for which the data was obtained, the new, different, purposes shall be recorded in the Data Inventories.

7. Data Minimisation

CHARLES TAYLOR will only process Personal Data insofar as is reasonably necessary to do so.

CHARLES TAYLOR will review its Data Inventories on a periodical basis, no less than once a year.

8. Data Integrity

CHARLES TAYLOR shall ensure, where reasonably practicable, that all Personal Data it processes shall be accurate and up to date.

CHARLES TAYLOR provides for the right to rectification, which shall be considered without undue delay on receipt of a written request from, or on behalf of, a data subject seeking to rectify (including seeking to amplify) their Personal Data.

9. Data Retention

The CHARLES TAYLOR Data Retention Policy provides details of the period (for which types and categories of) Personal Data shall be retained, and the lawful basis for that retention.

10. Appropriate Technical & Organisational Measures

CHARLES TAYLOR shall take all appropriate technical and organisational measures to keep Personal Data secure and processed only for the authorised purposes.

11. Audit and Review

This Policy shall be reviewed on an annual basis by the CHARLES TAYLOR DPO.

If we change this Policy, we will let you know by publishing the updated version on our website. We aim to protect and respect your privacy, and that intention will carry on in any future changes to this Policy.

This Privacy Policy comes into effect on 1 November 2020 replacing our previous Privacy Policy.

Further details can be found in our Cookie Policy, Terms and Conditions and Fair Processing Policy. For those who work at Charles Taylor, the Charles Taylor Group Privacy Policy is accessible online via Compass. Our other data protection policies are available upon request.

We are committed to processing all personal data fairly, lawfully, and transparently. To make things simpler, Charles Taylor has nominated one data controller, Charles Taylor Ltd, to handle all requests or queries you might have about our processing of your personal data. We have appointed a Data Protection Officer (DPO) to oversee compliance with data protection law. The contact details are:

Emma Hancock, The Minster Building, 21 Mincing Lane, London, EC3R 7AG; dpo@charlestaylor.com.

Last updated June 2023

This site and all content are copyright © Charles Taylor Ltd

All rights reserved

US Privacy Addendum

1. Commitment and Scope

1.1 This U.S. Privacy Addendum supplements the information contained in the Global Privacy Policy and our Fair Processing Notice.

1.2 Charles Taylor complies with the requirements of the prevailing data protection legislation with regard to the collection, storage, processing and disclosure of personal information and is committed to upholding the core data protection principles.

1.3 For those who work for Charles Taylor in the USA, the Charles Taylor Employee Privacy Notice is accessible online via our intranet.

2. Colorado residents

2.1 If you are a Colorado resident for whom we collect personal information as a controller under the Colorado Privacy Act (CPA), you may rely on the disclosures in our Global Privacy Policy and Global Fair Processing Notice.

2.2 Under the CPA you are afforded the following rights regarding your personal information:

  • Right to access
  • Right to correction
  • Right to deletion
  • Right to portability

2.3 In addition to the applicable rights outlined above, you may exercise your right under the CPA to opt out of the sale of personal information by emailing us at dpo@charlestaylor.com

2.4 Charles Taylor does not process your personal information for targeted advertising purposes or carry out profiling on you or your behavior and/or habits. You will not be discriminated against for exercising any of your data rights.

3. Connecticut residents

3.1 If you are a Connecticut resident for whom we collect personal information as a controller under the Connecticut Data Privacy Act (CTDPA), you may rely on the disclosures in the Global Privacy Policy and Global Fair Processing Notice.

3.2 Under the CTDPA you are afforded the following rights regarding your personal information:

  • Right to access
  • Right to correction
  • Right to deletion
  • Right to obtain a copy

3.3 In addition to the applicable rights outlined above, you may exercise your right under the CTDPA to opt out of the sale of your data and profiling that may have a legal or other significant impact. To opt out email dpo@charlestaylor.com

3.4 Charles Taylor does not process your data for targeted advertising purposes or carry out profiling on you or your behavior and/or habits. You will not be discriminated against for exercising any of your data rights.

4. Utah residents

4.1 If you are a Utah resident for whom we collect personal information as a controller under the Utah Consumer Privacy Act (UCPA), you may rely on the disclosures in the Global Privacy Policy and Global Fair Processing Notice.

4.2 Under the UCPA you are afforded the following rights:

  • Right to access
  • Right to deletion
  • Right to portability

4.3 In addition to the applicable rights outlined above, you may exercise your right under the UCPA to opt out of the sale of personal information processed by emailing us at dpo@charlestaylor.com

4.4 Charles Taylor does not process your data for targeted advertising purposes or carry out profiling on you or your behavior and/or habits. You will not be discriminated against for exercising any of your data rights.

6. California residents

6.1 If you are a California resident from whom we collect personal information as a business under the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020) (“CCPA”), you may rely on the Global Privacy Notice and the additional information below.

6.2 For the purpose of this section for California residents, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, or as otherwise defined by the CCPA. Personal Information does not include information that is publicly available, deidentified, or aggregated (as those terms are defined in the CCPA) or otherwise excluded from the scope of the CCPA.

6.3 Charles Taylor does not process your data for targeted advertising purposes or carry out profiling on your Personal information. You will not be discriminated against for exercising any of your data rights.

6.4 We do not use, disclose or sell sensitive Personal information for purposes which would require us to offer consumers the right to limit our collection and processing of this data under the CCPA.

6.5 We may disclose your Personal Information in limited circumstances, specifically for fraud prevention and identity verification purposes, as detailed further below. We do not engage in “cross-context behavioral advertising” (“CCBA”)” or share Personal information with third parties for such purposes.”

The following is a list of categories of Personal information (as defined by the CCPA) we have shared.

  1. Identifiers (e.g., personal and business contact information, date of birth, home address, email address, phone number)
  2. Characteristics of Protected Classifications under California or Federal Law (e.g., gender, family status, age range, and military and veteran status)
  3. Sensory information (e.g., photographs, audio recordings (including call recordings for customer service purposes), and video recordings)
  4. Professional or Employment-Related Information (e.g. job title, department, name of organisation)

6.6 CCPA Definition of ‘Selling’ Personal Information

The CCPA defines “selling” Personal Information to include providing it to a third party in exchange for valuable services. We disclose identifiers and internet or other electronic network activity information to certain third parties in exchange for valuable services, such as our business partners who we may work with to improve our services, to provide analytics insights or other business benefits, which may constitute a “sale” under the CCPA.

7. Categories of Personal Information that we Collect and Disclose

7.1 The following is a list of categories of Personal Information (as defined by the CCPA) we have collected and disclosed for a business purpose:

  • Identifiers (e.g., personal and business contact information, date of birth, home address, email address, phone number)
  • Characteristics of Protected Classifications under California or Federal Law (e.g., gender, family status, age range, and military and veteran status)
  • Sensory information (e.g., photographs, audio recordings (including call recordings for customer service purposes), and video recordings)
  • Professional or Employment-Related Information (e.g., job title, department, name of organisation)
  • Sensitive Personal Information (e.g., health information or biometric information for fraud and security prevention). We do not use, disclose or sell sensitive personal information for purposes which would require us to offer consumers the right to limit our collection and processing of this data under the CCPA.

8. Sources of Collection of Personal Information

8.1 Charles Taylor obtains the categories of personal information referred to above from the following categories of sources:

  • Directly from you. For example, from forms you complete or through the services we provide to you. The data collected will vary depending on the type of service we are providing,
  • Third parties such as a person or agency you have directed to share information with us,
  • Sources where we believe this is necessary to manage a claim you may have with us. For example, public registers, databases managed by credit references agencies, government agencies and other reputable organisations,
  • Service providers that may be used to collect information on our behalf,
  • Individuals linked to any claim you are making with us such as witnesses and persons representing you,
  • We may collect information automatically using log files, cookies and other mechanisms including IP addresses, the date and time of visits, the referral URL and information about your browser, cookies and online identifiers,

8.2 We will only use your information in ways we are allowed to by law, which includes only collecting as much information as we need.

9. Use of your Personal Information

9.1 During the past twelve (12) months, our practices with respect to the collection, use and disclosure of your personal information is reflected in the Global Charles Taylor Privacy Notice and Fair Processing Notice.

9.2 We do not use or disclose sensitive personal information for purposes which would require us to offer consumers the right to limit under the CCPA.

We do not use or disclose sensitive personal information for purposes which would require us to offer consumers the right to limit under the CCPA.

10. Collection and Sale of your Personal Information to Other Parties

10.1 Under the CCPA “Sale” is the selling, sharing, or disclosing of consumers’ personal information in exchange for valuable consideration.

10.2 We only sell your Personal Information for fraud prevention and identity verification purposes, as detailed further below. We do not “share” Personal Information with third parties for “cross-context behavioral advertising” (“CCBA”).

10.3 The following is a list of categories of Personal Information (as defined by the CCPA) we have sold.

  • Identifiers (e.g., personal and business contact information, date of birth, home address, email address, phone number)
  • Characteristics of Protected Classifications under California or Federal Law (e.g., gender, family status, age range, and military and veteran status)
  • Sensory information (e.g., photographs, audio recordings (including call recordings for customer service purposes), and video recordings)
  • Professional or Employment-Related Information (e.g., job title, department, name of organisation)

11. Retention

11.1 We use the following criteria to determine the period of time for which we retain each category of personal and sensitive information:

  • The length of time we have an ongoing relationship with you (for example, for as long as you use our services)
  • For as long as reasonably necessary for business purposes related to providing you with services (for example, for internal reporting and reconciliation purposes, or to provide you with feedback on information you might request)
  • Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of our engagement for a certain period of time before we can delete them or where we have agreed to retain these records due to our client’s legal or other obligations); or
  • Whether retention is necessary in light of our legal position (such as in regard to applicable statues of limitations, litigation or regulatory investigations)

12. Your Privacy Rights

12.1 If you are a California resident, you have the following consumer rights, in line with the California Consumer Privacy Act of 2018 (CCPA).

  • Right to access
  • Right to portability
  • Right for deletion
  • Right to correction
  • Right to limit the use of sensitive personal information

12.2 You have the right to request that Charles Taylor disclose certain information to you about our collection and use of your personal information over the past 12 months.

12.3 You have the right to request that Charles Taylor delete your personal information, subject to certain exceptions. After we receive and validate your request, we will delete your personal information as well as direct our service providers to delete your personal information, unless an exception applies.

Please note that you may only make a verifiable consumer request twice within a 12-month period.

12.4 You have the right to request that we correct inaccurate personal information about you. We will take into account the nature of the personal information and the purposes of the processing of the personal information in responding to your request. We will process your request if we receive a verifiable request and we will use commercially reasonable efforts to correct the inaccurate personal information as directed pursuant to the CCPA.

12.5 You have the right, at any time, to direct us to limit our use of your sensitive personal information only to that use which is necessary to perform the services or provide the goods reasonably expected or to fulfil the reason that we collected such information and/or other permissible business purposes. Please see the Global Charles Taylor Privacy Notice and Fair Processing Notice which detail the types of sensitive personal information we may collect.

12.6 We do not use or disclose your sensitive personal information for purposes other than to provide you with products and/or services. However, note that this information may be used, or disclosed to a service provider or contractor pursuant to a written agreement in order to provide such products and/or services. If you choose to limit such use, you can opt-in to such use again by contacting us via email. Note that this right does not apply to sensitive personal information that is collected or processed without the purpose of inferring characteristics about you.

12.7 We endeavour to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing within those forty-five (45) days.

If you wish to exercise any of your consumer rights, please submit a verifiable consumer request by contacting DPO@charlestaylor.com.

12.8 Only you, or a person registered with the California Secretary of State that you authorise (“authorised agent”) to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

We will not discriminate against you for exercising any of your CCPA rights.

If you are acting as an authorised agent to make a request to know, delete, correct, or opt out on behalf of a California resident, you may submit a request by contacting dpo@charlestaylor.com.

Please note that we will require you to attach a written authorisation signed by the resident whose Personal Information will be subject to the request.

13. Changes to this Privacy Notice

13.1 Charles Taylor reserves the right to amend this notice at our discretion and at any time. When we make changes to this notice, we will post the updated notice on the website and update the notice’s effective date. Your continued use of our services following the posting of changes constitutes your acceptance of such changes.

 

June 2023

‎ ‎ ‎ ‎

GLOBAL DATA PRIVACY POLICY

‎‎ ‎ ‎ ‎ ‎ ‎

1. Commitment and Scope

1.1 This Privacy Policy sets out Charles Taylor Group’s data handling procedures and explains our policy for retention and deletion of personal data. Our Fair Processing Notice sets out how we process personal data.

1.2 Charles Taylor complies with the requirements of the prevailing data protection legislation with regard to the collection, storage, processing and disclosure of personal information and is committed to upholding the core data protection principles

1.3 Most of our offices operate in countries which regulate the use of, and impose restrictions on overseas transfers of, personal data. To ensure we handle data properly. We have adopted a global approach to privacy compliance, as evidenced in our Intra-Group Data Transfer Agreement.

1.4 We are committed to a policy of protecting the rights and privacy of individuals (including staff, visitors to our websites, clients, subjects of investigations and others) in accordance with the data protection legislation.

1.5 Where the applicable law dictates a privacy notice requirement then a country-specific version has been created and is available as part of a drop-down list.

2. Who is the controller for personal data processed?

2.1 Depending on the circumstances of the processing activity and who determines the purpose and means for the processing of an individual’s personal data, Charles Taylor may be the controller or a processor under the data protection legislation.

2.2 When providing loss adjusting services to our clients, we will usually be a data controller. On occasion, we may be providing services to our clients which involve processing data on their behalf and strictly in accordance with their instructions. In such cases, Charles Taylor will be a data processor. We may also sometimes be joint data controller with another company.  Please refer to the privacy policies and notices of your insurer or other company on whose behalf we process personal information for more detail.

2.3 Charles Taylor is the data controller under the data protection legislation, when dealing with data of employees, consultants, contractors, apprentices and any other member or affiliate of Charles Taylor.                .

2.4 We are committed to processing all personal data fairly, lawfully, and transparently. To make things simpler, Charles Taylor has nominated one data controller, Charles Taylor Ltd, to handle all requests or queries you might have about our processing of your personal data. We have appointed a Data Protection Officer (DPO) to oversee compliance with data protection laws.

You can contact our DPO at:

Data Protection Officer

The Minster Building

21 Mincing Lane

London

EC3R 7AG

dpo@charlestaylor.com

2.5 We also have a European Representative who will act on our behalf in relation to EU GDPR compliance matters, including dealing with supervisory authorities and data subjects in the European Union. Our European Representative will work closely with our DPO. Their contact details are:

CEGA GSL SPAIN SLU

Calle Joan Maregall 36, Loc B

07006 Palma de Mallorca

Islas Baleares

Spain

DPOSpain@cegagroup.com

3. Our responsibilities

3.1 During its core business activities, Charles Taylor is instructed to process the personal data of individuals who are identified in our clients’ instructions or during the course of the investigation undertaken pursuant to such instructions. Charles Taylor will not process any personal data without first having been satisfied as to the lawfull basis on which to process personal data.

3.2 To comply with the law, Charles Taylor will ensure that information processed about individuals is kept to the minimum, collected, and used fairly, be accurate, used solely for the purpose intended, stored safely, securely including protection against   unauthorised or unlawful processing, loss, destruction or damage, using appropriate technical measures such as encryption or in password protected devices, retained for no longer than necessary and not disclosed to any third party unlawfully.

3.3 Some processing of personal data is considered high-risk, either because of the nature and volume of personal data processed or because we want to process that data using novel technology or a system or application that is new to us. Where this is the case, and where required by law, we assess the risks of the processing, how we mitigate those risks, and we document decisions taken in Data Protection Impact Assessments.

4. Processing personal data for specified purposes only

4.1 Our Fair Processing Notice explains the types of data we collect and how it is collected.

4.2 To ensure correct management of personal data, and to comply with many data privacy regimes around the world, we maintain records of data processing which identify key information in respect of all personal data we process. This enables us to align our privacy practices with local privacy laws.

4.3 Any individual whose personal data we process may contact the Group DPO to request information about the types of personal data we process, the lawful basis (or bases) for that processing and how we protect their personal data.

5. Data Minimisation

5.1 Charles Taylor will only process personal data insofar as is reasonably necessary to do so. Charles Taylor will review its Data Inventories on a periodical basis, no less than once a year.

6. Data Integrity

6.1 Charles Taylor shall ensure, where reasonably practicable, that all Personal data it processes shall be accurate and up to date.

6.2 We provide the right to rectification of any errors in your personal data and we consider them without undue delay on receipt of a written request, or on behalf of, a data subject seeking to rectify their personal data.

7. Data Retention

7.1 We will keep your personal data only for so long as is necessary and for the purpose for which it was originally collected. We may need to retain it for as long as there is any possibility that either you or we may wish to bring a legal claim, or where we are required to keep your personal data due to legal or regulatory reasons.

7.2 We have implemented a Group Document Retention Policy which sets out details of the periods for which certain categories of personal data shall be retained and the lawful basis for that retention.

8. Your legal rights

8.1 Under certain circumstances, you have rights under data protection laws in relation to your personal data. We will respect your rights and act promptly and in accordance with applicable law, rule or regulation relating to the processing of your personal data. Our Fair Processing Notice outlines your rights in further detail.

9. Appropriate Technical and Organisational Measures

9.1 Charles Taylor takes information security seriously and has put in place security measures which meet various industry standards for example, ISO 27001.

9.2 We continuously monitor our information security and work hard to meet our own high expectations in this regard, and the expectations of our industry clients and of data subjects.

9.3 Your personal data will only be shared with those of our staff or our business partners who have a need to see it for the legitimate purposes of carrying out our business and we work hard to maintain a culture of privacy awareness.

10. Changes to this Policy

10.1 This Privacy Policy comes into effect on 1 July 2023 replacing our previous Privacy Policy.

10.2 Further details can be found in our Cookie Policy, Global Fair Processing Notice and country-specific Fair Processing Notices at https://www.charlestaylor.com/en/legal-statements/privacy-policy/

10.3 For employees of Charles Taylor, the Charles Taylor Group Employee Fair Processing Notice Policy is accessible via our intranet. Job candidates can view our Candidate Fair Processing Notice on our Privacy pages on our website at https://www.charlestaylor.com/en/legal-statements/fair-processing/

10.4 Our other data protection policies are available upon request to dpo@charlestaylor.com

 

 

Last updated: June 2023
This site and all content are copyright © Charles Taylor Ltd 
All rights reserved.