Privacy Policy - Careworks

General identification and contact information

• Your name, address, e-mail and telephone details, gender, marital status, family status, date and place of birth, educational background, physical attributes, activity records, driving records, photos and video images, employment history, skills and experience, professional licenses and affiliations, relationship to the policyholder, insured or claimant, and date and cause of death, injury or disability.
• Identification numbers issued by government bodies or agencies – Social Security or national insurance number, passport number, tax identification number, military identification number, national resident number, or driver’s or another license number.

Financial information and account details

• Bank account number and account details, credit history and credit score.

Medical condition and health status

• In certain cases, we may receive information about your current or former physical or mental or medical condition, health status, injury or disability information, medical procedures performed, personal habits (for example, smoking or consumption of alcohol), prescription information and medical history.

Other potentially sensitive information

• In certain cases, we may receive sensitive information about your trade union membership, religious beliefs, political opinions, family medical history or genetic information (for example, if you apply for insurance through a third-party marketing partner that is a trade, religious or political organization). In addition, we may obtain information about your criminal record or civil litigation history in the process of preventing, detecting and investigating fraud.
• We may also obtain sensitive information if you voluntarily provide it to us (for example, if you express preferences regarding medical treatment based on your religious beliefs).

Telephone recordings

• Recordings of telephone calls to our staff and offices.
• Information to investigate crime, including fraud and money laundering: For example, insurers commonly share information about their previous dealings with policyholders and claimants for this purpose.

Information enabling us to provide our services

• Location and identification of property insured (for example, property address, vehicle license plate or identification number);
• Travel arrangements including reservation numbers, destination and hotel details;
• Policy details and claim numbers, details of policy coverage and cause of loss; and
• Prior accident or loss history, your status as director or partner or other ownership or management interest in an organization and other insurance policies you hold.

Cookies contain small amounts of information which are downloaded to your device when you visit our website. Cookies are sent back to our website to allow us to recognize your device.

We use the personal data that we collect to:

• Communicate with you and other interested parties to manage your claim.
• Send you important information regarding your claim and other administrative information.
• Make decisions about claim assessment, processing and settlement.
• Manage claim disputes, where applicable.
• Provide improved quality, training and security (for example, with respect to recorded or monitored phone calls to our contact numbers).
• Prevent, detect and investigate crime, including fraud and money laundering, and analyze and manage other commercial risks.
• Conduct satisfaction surveys.
• Use during the normal course of pre-employment contracting during the recruitment process.
• For our legitimate interests while conducting the recruitment process.
• Manage our business operations to comply with internal policies and procedures, including those relating to auditing finance, accounting and billing, IT systems, data and website hosting, business continuity, document and print management.
• Resolve complaints, and handle requests for data access or correction.
• Comply with applicable laws and regulatory obligations (including laws outside your country of residence), such as those relating to anti-money laundering and comply with legal process and respond to requests from public and government authorities (including those outside your country of residence).
• Establish and defend legal rights, protect our business operations (including our group companies), our rights, privacy, safety of employees and property, you or others related to the claim and pursue available remedies to limit our damages

We use data during the recruitment and employment process, including:

• to decide whether to employ (or engage) you;
• to decide how much to pay you, and the other terms of your contract with us;
• to check you have the legal right to work for us;
• to determine whether we need to make reasonable adjustments to your workplace or role because of your disability;
• to monitor diversity and equal opportunities;
• to comply with employment law, immigration law, health and safety law, tax law and other laws which affect us;
• the prevention and detection of fraud or other criminal offences; and
• for any other reason which we may notify you of from time to time.

We may process special or sensitive personal data when we are processing it for the following purposes, which we may do:

• where it is necessary for carrying out rights and obligations under law;
• where it is necessary to protect your vital interests or those of another person where you/they are physically or legally incapable of giving consent;
• where you have made the data public;
• where processing is necessary for the establishment, exercise or defense of legal claims; and
• where processing is necessary for the purposes of occupational medicine or for the assessment of your working capacity.

We will only process personal data for the specific purposes set out above or for any other purposes specifically permitted by the data protection legislation. We will notify you of those purposes when we first collect the data or as soon as possible thereafter.

We may, as a matter of law, and without requiring notice or consent, use your information for crime and fraud prevention, or systems administration within CareWorks and to monitor and/or enforce CareWorks’ compliance with any regulatory rules and codes.

You may let us know how you want to be contacted (e.g. by email, phone or post).

For personal data to be processed lawfully in most countries, data must be processed on a basis as set forth by applicable law. These include, among other things, the data subject’s consent to the processing, or that the processing is necessary for the performance of a contract with the data subject, for the compliance with a legal obligation to which the data controller is subject, or for the legitimate interest of the data controller or the party to whom the data is disclosed. When sensitive Personal Data is being processed additional conditions must be met. When processing Personal Data as data controllers in the course of our business, we will ensure that those requirements are met.

Depending on your relationship with us, the legal basis for us processing your Personal Data is one of the following:

• You have given consent to us or the party for whom we are acting
• The processing is necessary for the performance of a contract or legal duty
• Processing is necessary for a legitimate interest pursued by us or a third party. Where processing is based on legitimate interest only, it will be in relation to one of the following:
  • Claim handling on behalf of another party
  • Establishing, exercise or defense of legal claims
  • Prevention, detection of crime

Where we use legitimate interest as our grounds for processing your data you have the right to object at any time.

CareWorks may make personal data available to the following parties for the purposes of claim assessment or as required by law:

Other insurance and distribution parties

• In the course of processing claims, we may make Personal Data available to third parties such as reinsurance brokers, appointed representatives, distributors, financial institutions, securities firms and other business partners.

Our service providers

• External third-party service providers, such as medical professionals, accountants, actuaries, auditors, experts, lawyers and other outside professional advisors; travel and medical assistance providers.
• IT systems, support and hosting service providers, document and records management providers and outsourced service providers that assist us in carrying out business activities.
• Banks and financial institutions that service our accounts, third-party claim administrators, claim investigators, construction consultants, engineers, examiners, jury consultants, translators and similar third-party vendors.

Authorities and third parties involved in court action

• We may share personal data with government or other public authorities (including, but not limited to, workers’ compensation boards, courts, law enforcement, tax authorities and criminal investigations agencies); and third-party civil legal process participants and their accountants, auditors, lawyers and other advisors and representatives as we believe to be necessary or appropriate:
  • to comply with applicable law and regulations, including those outside your country of residence;
  • to comply with legal process;
  • to respond to requests from public and government authorities including public and government authorities outside your country of residence;
  • to protect our operations or those of any of our group companies;
  • to protect our rights, privacy, safety or property, and/or that of our group companies, you or others; and
  • to allow us to pursue available remedies or limit our damages.

Other third parties

• We may share personal data with emergency providers (fire, police and medical emergency services); retailers; medical organizations and providers; travel carriers; credit bureaus; credit reporting agencies; and other people involved in an incident that is the subject of a claim; as well as purchasers and prospective purchasers or other parties in any actual or proposed reorganization, merger, sale, joint venture, assignment, transfer or other transaction relating to all or any portion of our business. To check information provided, and to detect and prevent fraudulent claims, personal data (including details of injuries) may be put on registers of claims and shared with other insurers. We may search these registers when dealing with claims to detect, prevent and investigate fraud.

We will take all appropriate reasonable technical, legal and organizational measures, which are consistent with applicable privacy and data security laws to safeguard your Personal Data. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any personal data you might have with us has been compromised), please immediately notify us.

Where we provide personal data to a vendor, the vendor will be selected carefully and required to use appropriate measures to protect the confidentiality and security of your Personal Data.

We will retain Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law.

Your account can be used to view sensitive information for applications where a PIN is required. It is, therefore, important that you keep your PIN private, as you would your banking PIN. If your PIN is compromised, contact CareWorks immediately.

From time to time we alter our Privacy Notice as we introduce new services or change existing ones. Changes to this notice are effective as soon as they are posted on the Site and a notice has been placed on the login screens of the self-service applications. We from time to time also communicate this change via e-mail. The effective date of this version of the Privacy Notice appears at the top of the notice.

You from time to time have the option to enter third party web site through the Site, or you from time to time have the option to enter our web site from another third-party web site. Since we cannot be assured that such third-party web site follow our privacy policies, we encourage you to ask questions and review the privacy policies of these third parties. We have no responsibility or liability for the actions or policies of these independent sites, do not endorse any product or service mentioned or offered in such sites, and are not responsible for the content or privacy practices of such sites.

Ours are general purpose and professional websites that do not knowingly collect any information from children under age 18 at any time. We also strive to be fully compliant with the Children’s Online Privacy Protection Act (COPPA). We strongly encourage parents and guardians to regularly monitor and supervise their children’s online activities. If a child under the age of 18 has provided Personally Identifiable Information on one of our web site without the consent of his or her parent or guardian, we ask that a parent or guardian send an e-mail to inquiries@careworks.com, and we will delete the child’s Personally Identifiable Information from our files.

The list below summarizes our collection, use, and disclosure of personal data. To the extent that there is any conflict between this list and other sections of this Privacy Notice, this list shall prevail.

Data Subject Rights – California Residents

This portion of our Privacy Policy advises California residents of rights provided in the California Consumer Privacy Act (“CCPA”) and how to effectuate those rights by communicating with us. Please note, we will seek to verify your identity when we receive an individual rights request from you in order to ensure the security of your personal data.

Please customize your data preferences or direct any rights requests or additional questions you may have regarding this Privacy Policy to inquiries@careworks.com.

If you do, we will need to collect personal data and other information such as your name, email or transaction history in order to verify your identity. You may also authorize an agent to make a request on your behalf, who will need to provide similar information for verification.

Right to Deletion of Personal Data

California residents have the right to request the deletion of personal data as prescribed in Section 1798.105(a) of the CCPA. CareWorks may not delete some or all requested personal data as allowed or required by applicable law.

Right of Access: Right to Request Disclosure of Data Collection and Sharing Practices

You may request to receive details about how we collect, use, and share your personal data. Specifically, you may request to receive the specific pieces of personal data that we have collected about you.

You may also request to receive:

• the categories of personal data that we have collected about you,
• the categories of personal data that we have disclosed for a business purpose,
• the categories of sources from which we collected the personal data,
• our purposes for collecting that personal data, and
• the categories of parties with whom we share your personal data.

Right to Opt-Out of Sale

We do not, and do not intend to, sell your personal data.

Right to not be Discriminated Against for Exercising CCPA Rights

We do not discriminate against you for exercising any CCPA rights, such as the access and deletion rights described above.

We treat the data of everyone who comes to our site in accordance with this Privacy Notice, regardless their “Do Not Track” setting.