Privacy notice

Welcome to our Kennedys IQ privacy notice. Here we tell you how Kennedys IQ collects and processes personal data when you use certain products or services we provide.

Who we are?

Kennedys IQ (“IQ”) is a software solutions company. We provide technology based solutions for insurance companies and corporates to help them manage claims and legal matters efficiently.

When you use our Portal Manager product (including any use of its Fraud Detector and Quantum features) or Fraud Detector or Quantum as products in isolation (collectively referred to here as “Portal Manager”), we are a data controller and responsible for your personal data. For more information on Portal Manager (including fraud detection and quantum) and its features click here

If you choose to engage in a data project with us we are also we are a data controller and responsible for your personal data. Data projects are bespoke to IQ client needs. One such project is our SmartClaim project, here we are a separate individual data controller alongside our client.

For all other products and services we provide we are data processor; we processes personal data only in accordance with IQ client instructions.

How can you contact us?

If you have any questions about this privacy notice or our data protection practices please contact Tom Gummer, Data Protection Officer for Kennedys IQ at tom.gummer@kennedysiq.com. You can also write to us at: Kennedys IQ, 25 Fenchurch Avenue, London, United Kingdom.

What data do we collect?

Portal Manager combines insurance claims records from multiple insurance companies and their handling agents, insurance industry databases, government databases and other public sources. Insurance claims records may contain a range of personal data about individuals associated with the claim, including:

  • Insured Persons: policyholders, covered or named persons and persons related to a policyholder.
  • Claimants: policyholder claimants and third party claimants; and
  • Business Partner(s): brokers, solicitors, medical experts, accountants, loss adjusters, vehicle hire and repair companies and other businesses associated with the provision of post-accident services to a claimant.
  • Other parties to a claim: witnesses, named drivers, passengers.

The types of personal data collected will depend on the nature of each claim processed, but may include:

  • Insured Person Data: name, address, telephone number, email address, relationship to the policyholder, previous claims,  date of birth, occupation
  • Health Data: physical and mental conditions, medical history and procedures, medical records
  • Criminal Data: driving offences, unspent convictions, police reports;
  • Claimant Data: name, address, telephone number, email address, relationship to the policyholder/insured person, previous claims, details of incident giving rise to claim, date of birth, national insurance number, occupation;
  • Business Partner Data: name, job title, work address email and telephone number

The SmartClaim project is generating software for the insurance sector. The following data may be processed in order to: a) ensure its removal, or b) for the purposes of claims administration and management via the project and its output. 

  • Insured Persons: policyholders, covered or named persons and persons related to or involved with a policyholder (e.g. employees).
  • Claimants: policyholder claimants and third party claimants; and
  • Business Partner(s): brokers, solicitors, and other businesses associated with the provision of post-accident services to a claimant.
  • Other parties to a claim: witnesses, employees.

The types of personal data processed will depend on the nature of each claim, but may include:

  • Insured Person Data: name, address, telephone number, email address, relationship to the policyholder, previous claims,  date of birth, occupation
  • Health Data: physical injuries sustained, if any
  • Claimant Data: name, address, telephone number, email address, relationship to the policyholder/insured person, previous claims, details of incident giving rise to claim, date of birth, national insurance number, occupation;
  • Business Partner Data: name, job title, work address email and telephone number

Why do we collect that data?

Portal Manager processes this personal data for the purposes of claims administration and management including assessing whether a claim is likely to be fraudulent or not and for the purpose of communicating and progressing a claim in accordance with the Protocol and the Civil Procedure Rules. We are required to collect this personal data in order to be able to fulfil our contractual obligation to provide the Portal Manager product to IQ clients.

Portal Manager does not make use of any automated decision-making. Users of the product decide what action they take in relation to each claim being processed and managed.

The SmartClaim project processes personal data in order to ensure its removal from the project or for the purposes of claims administration and management via the project and its output.

What is our legal basis for carrying out this processing?

All processing mentioned in this notice is necessary for the purposes of insurers’, policyholders’ legitimate interests and the public interest in administering claims efficiently, identifying potentially fraudulent claims and helping prevent insurance fraud.

Do we share this data?

With regards to Portal Manager only, We may disclose your personal data to third parties who provide data enrichment (such as address enhancement) and fraud look up services in order to support the output of our Portal Manager product.

We may also share elements of this personal data with other contracted users of Portal Manager in order to allow the detection of fraudulent claims and the operation of a fraud pool.

With regards the SmartClaim project, personal data is not shared with third parties, other than through usual use of technology stack providers.

Where is data located or accessed from?

Portal Manager data and SmartClaim project data is hosted within the United Kingdom and the European Union and is only accessible to a limited number of Kennedys IQ personnel. For system support purposes, the personal data in Portal Manager may from time to time be accessed by our extended development team who are based in India. This team is part of the Kennedys Group. Standard contractual clauses have been entered into with this team, to ensure compliance with relevant data protection laws.

Retention period

We will only retain the data within Portal Manager for as long as it assists with the purpose of administering claims efficiently, identifying potentially fraudulent claims and helping prevent insurance fraud.

We will only retain the data within the SmartClaim data project for as it assists with the purpose of administering claims efficiently.

Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data including the right to: receive a copy of personal data we hold about you; ask that we rectify incorrect or incomplete personal data we hold about you; ask that we don’t process certain personal data we hold about you; and the right to make a complaint at any time to the Information Commissioner’s Office, the UK regulator for data protection issues (www.ico.org.uk). For more information about these rights, visit https://ico.org.uk/for-the-public/.

If you are not located in the EU or the UK, you may still have rights in relation to your personal data under your local data privacy law. Many countries provide data subjects with a right to seek access to any personal data we hold about you, and to request correction of that data if it is incorrect. To make a request pursuant to these rights, contact Data Protection Officer for Kennedys IQ at tom.gummer@kennedysiq.com.