Our Privacy Notice

Privacy Notice – Version 1.0

We are fully committed to keeping your personal data safe. We will always treat your personal data with respect and design our products and services with your privacy in mind.

This Privacy Notice will help you understand how we collect, use and protect your personal data, who we share it with and your rights as the data subject, when you are transferred to us from a third party, visit our website, use our app or when completing paperwork and forms.

We are the data controller for the purposes of the personal data we will collect. We do use other people to process some of your data and in some cases, the partners we work with will be considered the joint controller of your information.

You acknowledge that by providing your personal data to us, you consent to its processing in the manners outlined below. When providing personal data about others, you confirm that you have the consent of these individuals to supply their personal data. 

We are unable to offer you any product or service that requires the processing of special category personal data, as defined in the General Data Protection Regulation (GDPR), unless you provide explicit consent for the collection and use of such data.

About us

KOMODO is a trading name of Komodo Claims Limited, registered in England and Wales company number 15430943. Registered office at 2nd Floor, 1 Jubilee Street , Brighton, England, BN1 1GE.

In this Privacy Notice, references to “we” or “us” or “KOMODO” are to Komodo Claims Limited. We are the Controllers of your personal data.

We reserve the right to amend this Privacy Notice at any time and without notice in response to changes in data protection laws and privacy legislation.

Data Collection

The personal information that we collect will depend on your relationship with us. We will collect different information depending on whether you are a policyholder, named driver or other covered party or beneficiary under a policy, website/app user, claimant, witness, expert, representative or other third party.

We collect and hold personal information and personal data as part of providing services to you. We may also monitor or record calls, emails, SMS messages or other communications in accordance with UK law.

Please note, in certain circumstances we may request and/or receive sensitive personal data about you. For example, we may need access to health records for the purposes of processing claims, or details of any unspent criminal convictions for the purposes of preventing, detecting and investigating fraud.

If you provide personal information to us about other individuals you agree: (a) to inform the individual about the content of this Privacy Notice; and (b) to obtain any consent where we indicate that it is required for the processing of that individual’s personal information in accordance with this Privacy Notice. 

Please view the relevant section below for detailed information regarding the types of personal information we are likely to collect and use about you.

Who we collect personal information about

  • Individuals who currently have an open or have a closed claim with KOMODO;
  • Individuals who have held or were covered by a motor insurance policy with one of our partners, but which is now expired or terminated;
  • Individuals who have signed-up or obtained a information or quote from KOMODO but have not taken up a claim;
  • Individuals to whom any benefit is payable under a live claim or would have been payable to under an expired or terminated claim;
  • Users of the KOMODO app and websites;
  • Third party claimants, witnesses to incidents and experts instructed in relation to claims; and;
  • Representatives of claimants, individuals covered by a claim or a third party.

When we collect personal data

  • When KOMODO websites or apps are used;
  • You make customer enquiries;
  • You register for information or services;
  • You register or make a claim;
  • When other individuals are part of a claim;
  • You register or complete a credit repair agreement;
  • When you/we are contacted in writing by telephone or social media channels;
  • You respond to communications, surveys, complete a feedback form, or vote in a poll;
  • We require additional information from you for validation purposes;
  • When individuals agree to support the KOMODO brand, promotional or marketing activities.
  • If we are contacted in relation to a complaint; and
  • When we are alerted to suspected fraud.

Collected Personal information

  • Information such as your name, address, email address, contact details, date of birth, gender, relationship to the claimant (where are you not the claimant);
  • Identification information such as driving licence number, taxi licence details and national insurance number;
  • Information relating to your driving history, such as the number of years your licence has been held and any driving convictions.
  • Information about your job including job title, employment history.
  • Information relevant to your claim. This will depend on the nature of the claim but could include details about your property and business activities, for example where your vehicle is stored or what local authority you work for; your involvement in an incident giving rise to a claim or a potential claim;
  • Information relevant to your claim or Information relating to previous claims which you may have been involved in;
  • Financial information such as your bank details, payment details and information obtained as a result of our credit checks;
  • Information obtained through our use of cookies or similar technologies;
  • Information captured during our telephone calls, including the recording of calls;
  • Video or photographic images;
  • Your marketing preferences; and
  • IP addresses.

Collected Sensitive personal data

  • Details of your current or former physical or mental health, and medical records;
  • Driving convictions;
  • Claims history or information;
  • Information relating to your criminal history (including offences, alleged offences and any caution, court sentence, criminal convictions or unspent criminal convictions); and
  • Details of your race and/or ethnicity;

We may also indirectly collect other special category personal data during the course of any fraud investigations.

How we collect your personal data

We collect personal information from a number of different sources including:

  • Directly from you or from someone else on your behalf by telephone, email, or via our website and app (including through the use of cookies and web analytics tags);
  • From other third parties involved in your claim such as insurers, claimants, defendants or witnesses;
  • From other third parties who provide a service in relation to your insurance policy or claim such as loss adjusters, claims handlers, experts (including medical experts), healthcare providers and other service providers;
  • From medical reports and counsel’s opinions;
  • From emergency assistance and services providers;
  • From other claims service providers;
  • Via publicly available sources such as internet search engines and social media sites;
  • From data contributors such as software houses and intermediaries;
  • From credit reference agencies and fraud prevention agencies;
  • From risk analysis, fraud prevention, identity verification companies which we may receive data from;
  • Via insurance industry fraud prevention and detection databases and sanctions screening tools;
  • From providers of demographic, vehicle or Telematics data (This information includes: Date, Time, Latitude, Longitude, Speed, Duration, Distance, Acceleration, Braking, Cornering and Other associated vehicle information);
  • Via call and video recordings;
  • From third parties who we buy marketing lists from;
  • From government agencies such as the Driver and Vehicle Licencing Authority (DVLA) or Her Majesty’s Revenue and Customs (HMRC) and from professional regulators;
  • From local authorities;
  • From Insurers, brokers and insurance intermediaries; and
  • From CCTV providers.

Purposes for which your personal data is used

We may process your information for a number of different purposes and under data protection laws we need a reason for doing so. We have set out below the reasons why we process your information and the applicable circumstances when we will process your personal information.

Our provision and administering of your insurance contract or credit repair agreement.

We may use your personal information for this purpose when:

  • Verifying your identity when required
  • Providing a quote;
  • Administering and providing any services or claim;
  • Providing all related services such as assessing an application for credit repairs;
  • Managing your claim;
  • Undertaking market research, customer satisfaction, feedback surveys, product development and statistical processes;
  • Communicating with you and resolving any complaints that you may have;
  • For assessment and analysis to enable us to review, develop and improve the services which we offer and to enable us to provide you and other customers with relevant information
  • Prevention and detection of fraud; and
  • Administering debt recoveries.

The normal legal basis for processing customer information is for our own legitimate business purposes

In specific situations, we require your information to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests, This includes (but is not limited to):

  • Developing, improving, and personalising our products, pricing and services;
  • Enhancing our customer service, experience, and relationship (e.g. customer and market research, business analysis, providing relevant product and service information/communications);
  • Monitoring usage of our app and websites;
  • Managing claims by customers;
  • Maintaining our business, infrastructure, records and operations including internal reporting, maintaining accounting records, analysing financial results, internal or external audits;
  • Helping to detect and prevent fraud, financial crime and anti-social behaviour, including working with law enforcement agencies;
  • Investigating, Detecting, Developing or ensuring the effective operation of our administration and security systems;
  • Improving the relevance of our advertising and marketing campaigns and identifying advertisement audiences;
  • Displaying personalised online advertisements on third-party websites and social media platforms;
  • Using information we hold about you to provide direct marketing including*:
    • sending you direct marketing emails/SMS/electronic messages; 
    • making available personalised offers (including administering any loyalty scheme);
    • contacting you via telephone regarding new products or offers that may be of interest;
    • identifying trends and ensure we can keep up with demand, or develop new products/services; 
    • use your address details to send you direct marketing information by post, telling you about products and services that we think might interest you.
  • Sharing necessary information with other Group companies, insurers and reinsurers.
  • Receiving professional advice; and
  • Sharing data with third parties in the event of organisational change (including selling or transferring any parts of our business to third parties, acquiring new businesses, entering into mergers or undertaking corporate restructuring activity).
  • Tracing or recovering debt.

*when you provide your details to us and subsequently do not choose to opt out from receiving our communications we will use your personal information, preferences and details of your transactions to keep you informed by email, web, text, telephone and through our contact centre about relevant products and services including tailored special offers, discounts, promotions, events, competitions and so on. This is only applicable in the UK.

Note: In specific situations, we may also collect and process your data with your consent. For example, when you tick a box or sign up to receive email newsletters.

Sometimes we have a legal or regulatory obligation to use your personal information

We may use your personal information for this purpose when:

  • Any regulatory body wishes us to maintain certain records of any dealings with you.

Occasionally we need to use your information to establish, exercise or defend our legal rights

We may use your personal information for this purpose when we are faced with any legal claims and/or We want to pursue any legal claims ourselves.

Sometimes we need to use your personal information for reasons of substantial public interest

We may use your personal information including sensitive personal data such as that relate to criminal convictions for this purpose when investigating fraudulent claims, carrying out fraud, credit and anti-money laundering checks.

Criminal conviction sensitive personal data

We have a legitimate interest in using your personal information (including sensitive personal data such as your criminal convictions) where this is necessary or appropriate to provide our services to you. 

How we use and process this data will be restricted to certain activities as necessary or required by law. 

Who we share personal information with

From time to time, we may share your personal information with the other companies in our group and with third parties. We will keep your personal information confidential and only share it with the third parties listed below for the purposes explained previously. 

We have trusted relationships with these carefully selected third parties and all third parties are bound by contract to maintain the security of your personal information and to use it only as permitted by us. If you would like further information regarding the disclosures of your personal information, please see below for our contact details.

Disclosures within our group

In order to provide our services your personal information is shared with other companies in the wider KOMODO Group. Your personal information might be shared for our general business administration purposes or for the prevention and detection of fraud.

Disclosures to third parties

We also disclose your information to the third parties listed below for the purposes described in this Privacy Notice. This might include:

  • Third parties who assist in the administration of claims such as loss adjusters, first notification of loss providers, claims handlers, accountants, auditors, lawyers and other experts;
  • Credit reference agencies, who will use your information to carry out anti-money laundering checks and credit assessments. This type of search does leave a footprint that other lenders will be able to see, but they won’t be able to see the outcome of the search.
  • Fraud detection agencies and other third parties who operate and maintain fraud detection registers including but not limited to the Claims and Underwriting Exchange, Insurance Fraud Register, Motor Insurance Anti-Fraud and Theft Register and other centralised insurance industry applications/databases and investigative firms we ask to look into claims on our behalf in relation to suspected fraud;
  • Motor Insurance Database managed by MDS on behalf of the Motor Insurance Bureau;
  • Insurance regulators who include Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA);
  • The police, courts, tribunals, and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime;
  • Government agencies such as the Driver and Vehicle Licensing Agency (DVLA) and the Motor Insurers’ Bureau (MIB);
  • Other insurers who provide us with our own insurance;
  • Industry bodies;
  • Selected third parties on whose behalf we sell optional additional products;
  • Debt collection agencies or any organisations we instruct to commence legal proceedings against you;
  • Our third party services providers such as IT suppliers, actuaries, auditors, lawyers, marketing agencies and referral administrators, document management providers and tax advisers;
  • Product and service providers, such as engineers, salvage agents, rehabilitation providers, foreign claims handling agents and uninsured loss provider; and
  • Selected third parties in connection with the sale, transfer or disposal of our business.

We may also disclose your personal information to other third parties where the disclosure is required by law or by a regulator with authority over us or you, such as where there is a court order, statutory obligation or request; and we believe that such disclosure is necessary in order to assist in the prevention or detection of any criminal action (including fraud) or is otherwise in the overriding public interest

Our approach to sending data outside of the UK and European Economic Area (EEA)

Personal information that we collect may be shared with an organisation located outside of the UK and EEA. It may also be processed by us or by one of our suppliers outside of the UK and EEA. When these circumstances apply, we will always take measures to ensure your data is protected.

Any requests from organisations such as law enforcement or regulators will be reviewed and validated prior to disclosing data with the exception of a legal or regulatory requirement, your data will only be transferred outside of the UK and EEA when we are satisfied the country is recognised as having an adequate level of data protection or there is another arrangement in place to offer protection of your data.

Automated decision making

We may use Automated Decision Making (ADM) based on the personal information you provide to assess whether you meet the criteria for the services you have selected.

We may also use automated decision making:

  • To assess a potential customer’s ability to meet the cost of repairs or credit repairs;
  • To validate information;
  • To assess the risk of fraud being committed;
  • For the profiling of information we collect and hold; and
  • To establish and utilise risk acceptance criteria, when calculating and accepting or declining a request for a service.

You have the right to contest any decision produced by solely automated means and request for human intervention. If you do this we must allow you to express your point of view, to obtain an explanation of how we reached the decision, and allow you to challenge the decision. To do this, please contact our Data Protection team at [email protected] or using the address in the ‘Our Contact details’ section.

Marketing activities

We may use your personal information to provide you with information about our products or services which may be of interest to you. We rely on our legitimate interests (to develop our products and grow our business) to send you marketing communications in line with the GDPR and Privacy and Electronic Communications Regulations (PECR).

You can always update your marketing preferences at any time by contacting our customer services team on [email protected] or by telephone. In such circumstances, we will continue to send you service related (non-marketing) communications where necessary.

How long we keep personal information

We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Notice and in order to comply with our legal and any regulatory obligations.

In most cases your personal data will be retained for six years.

However, it may sometimes be necessary to retain data for longer, for example where there are legal grounds for doing so. Even if we delete your personal information it may persist on backup or archival media for legal, tax or regulatory purposes.

Your rights

You have a number of rights which are outlined below. If you wish to exercise these rights, please contact our Data Protection team at [email protected] or using the address in the ‘Our Contact details’ section. In most cases, we will complete your request within 30 days.

The right to access your personal information – You are entitled to a copy of the personal information we hold about you and an explanation of how we use it.

The right to rectification – If you believe that any information we hold about you is incorrect or incomplete you can contact us to ask us to update or amend it.

The right to erasure – In certain circumstances, you can ask us to delete your personal data. This right is not absolute – we may be required to keep it for legal or regulatory reasons.

The right to restriction of processing – In certain circumstances, you can ask us to stop using your personal information, for example if you believe the personal information we hold about you is wrong.

The right to data portability – In certain circumstances, you can ask us to transfer your personal information to another organisation.

The right to object to processing – You have the right to object to us processing your personal information where we rely on a genuine business need to process that personal information. In some circumstances we won’t be able to stop processing your information, but we will let you know if this is the case.

Rights relating to automated decisions – If you have been subjected to an automated decision and do not agree with the outcome, you can ask us to review it.

The right to lodge a complaint with the ICO – You have a right to submit a complaint to the Information Commissioner if you believe we have not complied with our obligations under relevant data protection laws and/or regulation: 

https://ico.org.uk/make-a-complaint/your-personal-information-concerns/

How we protect your information

We use a range of organisational and technical security measures to protect your information.

Where we have given you (or where you have chosen) a password, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

We restrict access to your information as appropriate within KOMODO to those who need to know that information for the purposes set out above.

Firewalls are used to block unauthorised traffic to the servers and the actual servers are located in a secure location which can only be accessed by authorised personnel. Our internal procedures cover the storage, access and disclosure of your information.

Third-party websites

We cannot be held responsible for the privacy policies and practices of other websites potentially linked to our website.

We do take great care in ensuring only links to companies, organisations and individuals following the same standards and policies as us remain on our website, but we cannot guarantee this. In such instances, you are advised to check the privacy policies on external websites that are not a part of KOMODO.

Our contact details

If you have any questions about how we collect, store or use your personal information, you may contact our data protection team at:

Data Protection Team

KOMODO Claims Limited,

2nd Floor, 1 Jubilee Street,

Brighton, BN1 1GE

Email: UK.[email protected]

Changes to our Privacy Notice

We keep our Privacy Notice under review and reserve the right to make changes to our Privacy Notice in accordance with UK legislation. 

We recommend that you make regular checks on our Privacy Notice to ensure that you are aware of any changes that may have been made.

From time to time we may need to change the way we use your personal data. Where we believe you may not reasonably expect such a change we will write to you. When we do so, you will have 60 days to object to the change but if we do not hear from you within that time you consent to that change.

This Privacy Notice was last updated on 31st January 2024.

We’re here to help if you need us

At Komodo, we are committed to supporting our customers. If you have any questions about our services, our FAQs have answers to some of our frequently asked questions. Or, if you would like to report an incident, please feel free to get in touch with our dedicated team.

Call us on 0808 169 9496

Email us at [email protected]