National Injury Claimline Ltd’s Privacy Policy
This Privacy Policy explains how National Injury Claimline Ltd (Trading as The Housing Claim Experts, The Clinical Negligence Experts, The Compensation Experts, NHS Claim Experts, The Compensation Review, Compensation Experts, Local Claim Line and, Should I Claim?) collects and processes Personal Data in relation to Data Subjects.
National Injury Claimline Ltd is the Controller of Personal Data. National Injury Claimline Ltd is registered in England and Wales under the company registration number: 09944369. Any reference to ‘the Controller’ within this Privacy Policy shall mean National Injury Claimline Ltd.
As a Controller of Personal Data, National Injury Claimline Ltd is also registered with the Information Commissioner’s Office (ICO), registration details: ZA160649.
This Privacy Policy was last updated on 03/05/2024.
Our Contact Details
Name: National Injury Claimline Ltd
Address: Egerton House, Wilmslow Road, Towers Business Park, Manchester, M20 2DX
Phone Number: 0161 452 03 11
Email: data@national-injury-claimline.co.uk
The Controller may collect Personal Data directly from Data Subjects for various purposes.
Examples of the categories of Personal Data that the Controller may obtain directly from Data Subjects may include but are not necessarily limited to identity information, contact information, claims information, special category information (health data), housing disrepair claim information, and tenancy information.
The Controller may obtain Personal Data directly from Data Subjects prior to and throughout the provision of claims management services, through the following means:
From time to time, the Controller may obtain Personal Data about Data Subjects from external sources. This includes:
External Sources | Categories of Personal Data Obtained |
Third-party claims management lead generation companies. | Identity information, contact information, claim information, special category information (health data). |
Any form of representative acting for and on behalf of Data Subjects. | This is subject to the nature of any such representations made by those acting for and on behalf of individuals (irrespective of whether a prospective claimant or not). |
The Financial Ombudsman Service. | Complaint information, identity information, and financial information (for redress where necessary). |
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases that the Controller relies upon to process Personal Data are described as follows:
The Controller may rely on further conditions for processing that are set out within Article 9 UK GDPR (Explicit Consent/Legal Claims) where the processing of special categories of Personal Data is required.
As the Controller of Data Subjects' Personal Data, there are a variety of purposes for which the Controller processes Personal Data. The Controller has set out the purposes for processing Personal Data about any Data Subjects and the lawful bases and where appropriate, additional conditions for processing. These are described as follows:
Purposes For Processing Personal Data | Lawful Basis |
The Controller may collect and record Personal Data about and from Data Subjects to share that Personal Data with a partnered regulated claims management company so that the partner can contact the Data Subject to provide regulated claims management services requested by the Data Subject. | Consent (Lawful Basis). |
Where Special Category Health Data is concerned, the Controller shall also rely on Explicit Consent (Condition for Processing). | |
The Controller may collect and record Personal Data about and from a Data Subject using online data capture forms to contact Data Subjects to provide regulated claims management services (claims relating to personal injury, medical negligence and housing disrepair) requested by the Data Subject. | Legitimate Interests (Lawful Basis) (necessary for the Controller to provide services requested by Data Subjects). |
Where Special Category Health Data is concerned, the Controller shall also rely on Explicit Consent (Condition for Processing). | |
The Controller may collect and record Personal Data about and from a Data Subject to provide regulated claims management services (claims relating to personal injury, medical negligence and housing disrepair) requested by the Data Subject. | Legitimate Interests (Lawful Basis) (necessary for the Controller to provide services requested by Data Subjects and to satisfy contractual commitments with partnered law firms). |
Where Special Category Health Data is concerned, the Controller shall also rely on Legal Claims (Condition for Processing). | |
The Controller may disclose Personal Data collected from a Data Subject to a partnered law firm so that the partnered law firm can provide legal services to that Data Subject in relation to personal injury, medical negligence and/or housing disrepair claims. | Legitimate Interests (Lawful Basis) (necessary for the Controller to provide services requested by Data Subjects and to satisfy contractual commitments with partnered law firms). |
Where Special Category Health Data is concerned, the Controller shall also rely on Legal Claims (Condition for Processing). | |
To request feedback from Data Subjects regarding services offered by the Controller. | Legitimate Interests (necessary for us to improve the quality of services) (Lawful Basis) |
To assist and provide support to Data Subjects in the event that they have been identified as vulnerable or have additional support needs relevant to the provision of claims management services. | Consent (Lawful Basis). |
Where Special Category Health Data is concerned, the Controller shall also rely on Explicit Consent (Condition for Processing). | |
To publish feedback provided by Data Subjects. | Consent (Lawful Basis). |
To respond to and satisfy (where necessary) any data rights requests submitted by Data Subjects. | Legal Obligation (Lawful Basis). |
To respond to any complaints submitted by Data Subjects. | Legal Obligation (Lawful Basis). |
Monitoring and oversight e.g., recording and monitoring telephone calls and communications for compliance with regulatory rules, and company processes and for quality and training purposes. | Legitimate interests (necessary to ensure that the Controller can comply with the FCA's rules and resolve complaints submitted by Data Subjects) (Lawful Basis). |
Where Special Category Health Data is concerned, the Controller shall also rely on Legal Claims (Condition for Processing). | |
Recording calls e.g., recording telephone calls between the Controller and Data Subjects in relation to services, requests, complaints etc. | Legal Obligation (Lawful Basis). |
Where Special Category Health Data is concerned, the Controller shall also rely on Legal Claims (Condition for Processing). | |
To communicate significant changes to the Controller’s Privacy Policy. | Legal Obligation (Lawful Basis) |
Record keeping. | Legitimate interests (necessary to ensure that the Controller can comply with the FCA’s rules and various regulatory requirements) (Lawful Basis). |
Financial crime matters. | Legal obligation (Lawful Basis). |
To train and develop AI-enabled tools to improve our services for customers, including sharing personal data with group/sister companies for the same purpose. | Consent (Law Basis). |
Where Special Category Health Data is concerned, the Controller shall also rely on Explicit Consent (Condition for Processing). |
Throughout the provision of claims management services, the Controller may disclose Data Subjects' Personal Data to other Controllers and processors for the purposes described within this Privacy Policy.
Third-Party | Category of Recipient |
Email, messaging and call service providers | Processor |
Customer Relationship Management (CRM) software | Processor |
Cloud storage providers | Processor |
Cloud computing providers | Processor |
Cloud AI-service Providers | Processor |
Financial Ombudsman Service | Controller |
Action Fraud | Controller |
National Crime Agency (NCA) | Controller |
Regulators | Controllers |
Partnered Claims Management Company | Controllers |
Partnered Law Firms | Controllers |
Law enforcement authorities | Controller |
Group/Sister Companies | Controllers |
To determine the appropriate retention period for Personal Data, the Controller considers the amount, nature and sensitivity of the Personal Data, the potential risk, of harm from unauthorised use or disclosure of Personal Data, and the purposes for which the Controller processes Personal Data and whether the Controller can achieve those purposes through other means, including applicable legal requirements.
Details of retention periods for different aspects of Personal Data are available upon request.
The Controller may transfer Data Subjects’ Personal Data outside the UK/EEA to third countries when using Processors who may also use Sub-processors. In these circumstances, any transfers shall be made where there is an adequacy decision. Where no adequacy decision applies, the Controller’s Processors have Binding Corporate Rules (BCRs) and/or Standard Data Protection Clauses such as an International Data Transfer Addendum (an addendum to the EU’s Standard Contractual Clauses) or an International Data Transfer Agreement. Alternatively, these transfers may be made to a receiver that has signed up to an approved code of conduct or has a certification under an approved certification scheme. Alternatively, a transfer may be covered by an exception that is specified within the UK GDPR.
Under data protection law, Data Subjects have the following rights:
Your right of access - Data Subjects have the right to ask the Controller for copies of their personal information.
Your right to rectification - Data Subjects have the right to ask the Controller to rectify personal information that is deemed to be inaccurate. Data Subjects also have the right to ask the Controller to complete information that is deemed to be incomplete.
Your right to erasure - Data Subjects have the right to ask the Controller to erase personal information in certain circumstances.
Your right to restriction of processing - Data Subjects have the right to ask the Controller to restrict the processing of their personal information in certain circumstances.
Your right to object to processing - Data Subjects have the right to object to the processing of their personal information in certain circumstances.
Your right to data portability - Data Subjects have the right to ask that the Controller transfer their personal information provided to the Controller to another organisation, or to the Data Subject, in certain circumstances.
Your right to withdraw consent – If a Data Subject has provided the Controller with consent for the processing of their Personal Data, that Data Subject has the right to withdraw that consent.
If a Data Subject would like to make a request and/or would like to withdraw consent to the processing of any Personal Data, please contact the Controller by using the following contact information:
Address: Egerton House, Wilmslow Road, Towers Business Park, Manchester, M20 3DX
Phone Number: 0161 452 03 11
Email: data@national-injury-claimline.co.uk
If the Data Subject has any concerns about the Controller’s use of the Data Subject’s personal information, the Data Subject can make a complaint to the Controller by using the contact information provided within this Privacy Policy.
A Data Subject can also complain to the ICO if the Data Subject is unhappy with how the Controller has used the Data Subject’s Personal Data. The Controller would, however, appreciate the opportunity to resolve any complaints directly with the Data Subject.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
The Controller is entitled to change this Privacy Policy at any time whether or not required by law. The Controller will inform Data Subjects about changes to this Privacy Policy where the Controller makes a substantial change. This Privacy Policy was last updated on 30/05/2024.
Current Version: NICPP300524