Privacy notice

Purpose and scope

This Data Retention Policy applies to all digital data collected by Kennedys IQ. The purpose of this policy is to ensure that Kennedys IQ complies with all relevant legal requirements and industry standards related to data retention. This policy outlines the retention periods for different types of digital data collected by Kennedys IQ and the procedures for the disposal of such data.

What data we process and why

As a technology business Kennedys IQ designs, builds and operates products to help manage your claims more efficiently and effectively. To do this we use data, including personal and special category data and our processes are automated. This data comes from directly from your claims either from your solicitor or your insurance company or information you have input directly. Personal data is information that relates to an identified or identifiable individual examples include, but are not limited to: contact details such as name, address, date of birth, telephone number and email address. In addition, we may also process certain special category data about you such as:

  • Information about your health, including any medical condition, health and sickness records.
  • Genetic information and biometric data relating to your claim.

We will ensure that we treat all personal information in accordance with data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 (DPA 2018). Data protection law states that the personal information that we hold about you must be:

  • Processed lawfully, fairly and in a transparent manner.
  • Collected for specific purposes which we have explained to you, and will not be used in any other way which is incompatible with those purposes.
  • Relevant to the purposes we have explained to you and limited to those purposes only.
  • Accurate and kept up to date.
  • Held only for as long as is necessary for the purposes that we have explained to you.
  • Processed or held in a way that ensures security.

    Legal basis for the processing

    Our legal basis for processing your data under Art 6 of UKGDPR are:

    (b) Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract with you.

    (c) Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).

    (e) Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless your rights as the data subject override those legitimate interests.

    What we do with it

    There may be other circumstances in which we may lawfully share your data with third parties where, for example, we are required to do so by law, by court order, or to prevent fraud or other crimes. Where we are required to share data we do so in accordance with applicable data protection laws.

    How long we keep your data

    We will retain your personal data for only as long as it is necessary or for as long as we are legally required to do so and in line with IQ Data Retention Policy.

    Your rights

    In certain circumstances you have the right to:

    • Object – request that your data is not processed for certain purposes.
    • Erasure – request that your personal data is erased where one of the statutory grounds applies.
    • Data portability – the right to obtain and reuse your personal data for your own purposes across different services in certain circumstances.
    • Restrict processing – request that the processing of your personal data is restricted in certain circumstances – for example, where accuracy is contested.
    • Rectification – request that any inaccuracies in your personal data are rectified without delay. Request that any incomplete personal data is completed, including by means of a supplementary statement.
    • Access – request information about how your personal data is processed and to request a copy of that personal data.

    If your personal data is processed on the basis of consent, you have the right to:

    • Withdraw consent to the processing of your personal data at any time.

      How to contact us

      If you have any questions about anything in this notice, or if you consider that your personal data has been misused or mishandled contact us at dpo@kennedysiq.com

      Complaints

      You may also make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:

      Information Commissioner’s Office
      Wycliffe House
      Water Lane
      Wilmslow
      Cheshire SK9 5AF

      Email: casework@ico.org.uk

      Telephone: 0303 123 1113

      Changes to this notice

      We may modify or amend this privacy notice at our discretion at any time. When we make changes to this notice, we will amend the last modified date at the top of this page. Any modification or amendment to this privacy notice will be applied to you and your data as of that revision date.