1. PRIVACY STATEMENT

The Innovation Group Limited and its Group Companies (“Innovation”) manage critical incidents in the car and home on behalf of the world’s leading insurers, brokers and fleet managers, together with warranty and service plan provision for many automotive manufacturers globally. As a result of the services it provides Innovation may have a requirement to process personal information about you. Innovation is fully committed to protecting your personal information and recognises its responsibility to keep any information about you safe and secure at all times. Innovation will only process personal data in accordance with current data protection legislation (including the General Data Protection Regulation 2016 (“GDPR”) and Protection of Personal Information Act 4 of 2013 (“POPIA”).

2. OBJECTIVES

This privacy notice explains the following:

• The type of information we may collect about you whether through Innovation’s websites or through other means such as services that we offer, claims that we are dealing with, telephone calls, emails, as well as claims investigations, witness statements, employment records or other third party connections in our business dealings with you;
• How the information about you is used;
• When we may use your details to contact you;
• Whether your information will be shared with anyone else;
• Legitimate grounds of processing your information;
• Your right of erasure; and
• Your right to request the information we hold about you

3. WHAT INFORMATION DO WE COLLECT ABOUT YOU

In order to provide our group services we may need to collect certain personal data about you. The data processed will depend on your relationship with us (such as client policy holder, third party policy holder, witness, claimant, website user, appointed representative or other person relating to our business). We may obtain personal data about you from: insurers; car dealerships (warranty); garages (repairs); contractors (property repairs); medical experts (if personal injury) or from yourself in a telephone conversation, email or letter.

Personal information collected about you and your dependants may include:

• General information – such as your name, address, email address, telephone numbers, marital status, date of birth, policy and claim information, date of claim, vehicle registration numbers, videos and photographs (may include neighbouring properties or other vehicles).
• Identification Information – such as identity document, national insurance number, passport details, driving licence etc.
• Financial Information – such as bank details, credit history, credit score & other financial information.
• Medical and health status – such as injuries sustained, medical conditions and customer circumstances (e.g. elderly or vulnerable) etc.
• Other sensitive information – in some rare instances we may receive some sensitive information about your religious beliefs, political opinions, trade union membership, family medical history, physical or mental health conditions, sexual orientation, biometric or genetic data, criminal record, civil litigation history in the process of preventing and investigating fraud. We may also obtain sensitive information if you voluntarily provide it to us though the course of business that we carry out.
• Telephone recordings & CCTV footage – telephone calls with you will often be recorded under regulatory and/or contractual obligations with the data controller and to assist in the investigation and prevention of fraud. In some circumstances calls may be recorded for the purposes of training. If you do not wish us to use your recording for training purposes you have the right to object to this type of processing. If you visit our premises you may also be recorded by CCTV cameras in communal areas.

The data we collect will only be relevant to the service you require and by submitting these details to us you enable us to process your information to perform our obligations under a contract or to enable us to carry out this service for you efficiently and effectively.

4. HOW WILL WE USE THE INFORMATION?

We will only use your information for the purposes of the business we carry out with you or on behalf of our clients. This may include:

• Contacting you to provide updates and collect further information as part of our business with you;
• Provide a service to you;
• Make decisions regarding your insurance and assistance services such as claim assessment, processing and settling, managing disputes etc;
• Provide an improved service to you through use of call monitoring and recorded phone calls. Please note you retain the right to opt out of your call being recorded for the purposes of training, but calls will still be recorded for record keeping, and prevention or detection of crimes;
• Complaint handling;
• Investigate and prevent fraud and money laundering; and
• Employment.

5. WHERE DO WE STORE YOUR INFORMATION / PERSONAL DATA?

Personal information is stored in secured servers and storage systems. This is done within region where possible. We also use third party cloud providers to support us in providing our services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them. Each data centre has appropriate technical and operational measures in place to ensure the security of your personal data at all times.

6. DO WE SHARE YOUR INFORMATION / PERSONAL DATA?

Innovation will only share your personal information with third parties where it is necessary to enable us to provide a service to you and may include:

• Our Group Companies – Innovation consists of a group of companies offering business process services and software solutions to the insurance, fleet, automotive and property industries. As a result Innovation may need to share your information with our group entities for the purpose of internal administration and to provide the best possible service to you. Please note that some of our group companies are located outside of the European Economic Area (EEA) in countries such as: United States of America, Canada, India, Pakistan, and South Africa. Before we share any of your information with one our group companies located outside of the EEA we ensure there are relevant protections in place which include intra-group agreements and EU model clauses which govern the transfer of such data. Our group companies share the same ethos in connection with privacy and will treat the data as if they were located within the EEA.
• Our Service Partners – In order to provide a service to you we may use other service providers such as repairers, contractors, recovery agents, external engineers, lawyers, rental companies, claim investigators, construction consultants, and other outsourced service providers that may need to assist us with our business. If we need to share your information with our service partners or third party service providers we will ensure they are carefully selected and appropriate measures are in place to ensure your personal data is handled correctly at all times.
• Other third parties – We may share personal information with other third parties such as police, ambulance services, credit reference agencies, fraud prevention agencies and any other third party that may be involved in an incident or a claim that we are dealing with.

7. YOUR RIGHTS

We will take appropriate steps to ensure that your information is safe and secure at all times. This will include physical security to our offices, technical security of our IT systems and ensuring that any paperwork we hold about you is stored securely.

We will always process your personal data fairly and lawfully and for the specified purpose of our business dealings or in connection with our contractual obligations with our clients that you may be under a contract with.

We will ensure that the personal data that we hold is relevant, not excessive and will not be held any longer than is necessary and in line with Innovations retention policy. An example of the typical period of time we may hold onto your personal data is 7 years following our last dealing with you. This is in line with The Limitation Act 1980 and market practice. However, there may be times where we need to hold onto certain personal information longer. If this is the case we will ensure that we have a legitimate processing ground for this.

You have the right to request a copy of the information we hold about you under POPIA. In order for Innovation to comply with your POPIA, if we are the data controller, we will provide a response to you within 30 days. If Innovation are the data processor and we are only processing your information on behalf of one of our clients under a contract, we may have to refer your request to them. They may ask for our assistance in obtaining the relevant information you have requested. We will notify you of this once we have transferred your request, or you may hear directly from the data controller if we are unable to contact you directly.

If you believe that any of the information that we hold about you is incorrect, or out of date, you have the right to request that we amend your details accordingly. We may have to ask you some security questions in order to do this and may require evidence relating to the change of details where necessary.

You have the right to be forgotten (commonly referred to as “erasure rights”). You are able to make this type of request in any manner, but we would suggest that this request is made in writing wherever possible. There may be some instances where we are unable to comply with your request, for example: if you owe Innovation money under a contract; if you have made a claim which Innovation are or have previously dealt with then we will need to hold onto your information for at least 7 years or any other length of time that has been stipulated to us when we are acting on behalf of another party you are contracted with.

You have the right to request that processing is restricted where for example you contest that the data we hold is inaccurate or where you believe the processing is unlawful. You have the right to receive personal data about you in a machine readable format and to give that data to another controller. You have the right to object to the processing of your personal data where our processing is based on legitimate interest or public interest.

Occasionally Innovation may want to use your personal data for a different purpose than it was originally provided. If Innovation want to do this we require your specific and informed consent. We may need to contact you via telephone, email or post in order to obtain your consent and if you choose not to opt in Innovation endeavour not to contact you again relating to this matter unless it is in the normal course of business.

8. OTHER INFORMATION WE MAY COLLECT

Internet Browser: most websites collect certain analytical data to help them understand browsing habits of users. This may include collection of IP address, operating system type, geographic area of user, time of use, type of browser, pages visited and many more. This information is only used to monitor site usage levels and trends.

Cookies are text files containing small amounts of information which are downloaded to your personal computer, mobile or other device when you use a website. Cookies are then sent back to the originating website on each subsequent visit, or any other website that recognises the cookie. Cookies are used to try and improve your browsing experience by remembering your preferences, letting you navigate more efficiently and can also help to ensure that any advert you see online are more relevant to you and your interests. In order to see our full cookies policy please click here or visit https://www.innovation.group/cookie-policy.

9. THIRD PARTY WEBSITES

Our websites may contain links to third party websites which are outside our control and are not covered by this privacy notice. For use of these websites please refer to the privacy policy on the third party website.

Please note that the inclusion of a link on our websites does not imply our endorsement of that site or the policies that are contained within it.

10. RESPONSIBILITIES

The Board of Directors of The Innovation Group Limited (the “Board”) has overall responsibility for this notice, and for reviewing the effectiveness of actions taken in response to breaches raised under this policy.

The Board shall review this notice from a legal and operational perspective at least once a year.

This notice is designed to guide external customers and their policyholders, clients and website users with regard to what information we may collect about you during our business dealings and how and where we store your information.

This policy will also be reviewed by Group Legal on a regular basis.

11. REPORTING BREACHES

In order for Innovation to deal with any breaches of this notice effectively, and should any employee, third party, client, website users and customers or their policy holders become aware of any potential or actual breach of this notice, please notify Innovation Group's Information Officer on information.officer@innovation.group and Group Legal on grouplegal@innovation.group so that we may fully investigate the breach and resolve any causes found.

12. GENERAL

In respect of GDPR and POPIA Innovation are data controllers when it comes to our employees, and any data where we decide the method and means of processing. For all other types of data Innovation are a data processor which means our processing of your data is controlled by a third party that you are under a contract with.

Innovation Group South Africa's contact details are:

Innovation Group (Pty) Ltd, 155 West Street, Sandown, Sandton, 2031, South Africa

innovation.group

Innovation has appointed an Information Officer who can be contacted by email at information.officer@innovation.group. You have the right to lodge a complaint with the Data Protection Supervisory Authority or the Information Regulator via email at POPIAComplaints@inforegulator.org.za.

13. REVIEW

This policy is reviewed regularly and in case of influencing changes to ensure it remains appropriate for the business and our ability to serve our customers.