GLOBAL DATA PRIVACY POLICY  

1. Commitment and Scope  

1.1 This Privacy Policy sets out Charles Taylor Group’s data handling procedures and explains our policy for retention and deletion of personal data. Our Fair Processing Notice sets out how we process personal data. 

1.2 Charles Taylor complies with the requirements of the prevailing data protection legislation with regard to the collection, storage, processing and disclosure of personal information and is committed to upholding the core data protection principles  

1.3 Most of our offices operate in countries which regulate the use of, and impose restrictions on overseas transfers of, personal data. To ensure we handle data properly. We have adopted a global approach to privacy compliance, as evidenced in our Intra-Group Data Transfer Agreement.  

1.4 We are committed to a policy of protecting the rights and privacy of individuals (including staff, visitors to our websites, clients, subjects of investigations and others) in accordance with the data protection legislation. 

1.5 Where the applicable law dictates a privacy notice requirement then a country-specific version has been created and is available as part of a drop-down list.  

2. Who is the controller for personal data processed?  

2.1 Depending on the circumstances of the processing activity and who determines the purpose and means for the processing of an individual’s personal data, Charles Taylor may be the controller or a processor under the data protection legislation.  

2.2 When providing loss adjusting services to our clients, we will usually be a data controller. On occasion, we may be providing services to our clients which involve processing data on their behalf and strictly in accordance with their instructions. In such cases, Charles Taylor will be a data processor. We may also sometimes be joint data controller with another company.  Please refer to the privacy policies and notices of your insurer or other company on whose behalf we process personal information for more detail.  

2.3 Charles Taylor is the data controller under the data protection legislation, when dealing with data of employees, consultants, contractors, apprentices and any other member or affiliate of Charles Taylor.

2.4 We are committed to processing all personal data fairly, lawfully, and transparently. To make things simpler, Charles Taylor has nominated one data controller, Charles Taylor Ltd, to handle all requests or queries you might have about our processing of your personal data. We have appointed a Data Protection Officer (DPO) to oversee compliance with data protection laws.  

You can contact our DPO at: 

Data Protection Officer 
The Minster Building 
21 Mincing Lane 
London 
EC3R 7AG 

dpo@charlestaylor.com 

2.5 We also have a European Representative who will act on our behalf in relation to EU GDPR compliance matters, including dealing with supervisory authorities and data subjects in the European Union. Our European Representative will work closely with our DPO. Their contact details are: 

CEGA GSL SPAIN SLU 
Calle Joan Maregall 36, Loc B 
07006 Palma de Mallorca 
Islas Baleares 
Spain 

DPOSpain@cegagroup.com 

3. Our responsibilities  

3.1 During its core business activities, Charles Taylor is instructed to process the personal data of individuals who are identified in our clients’ instructions or during the course of the investigation undertaken pursuant to such instructions. Charles Taylor will not process any personal data without first having been satisfied as to the lawful basis on which to process personal data.  

3.2 To comply with the law, Charles Taylor will ensure that information processed about individuals is kept to the minimum, collected, and used fairly, be accurate, used solely for the purpose intended, stored safely, securely including protection against unauthorised or unlawful processing, loss, destruction or damage, using appropriate technical measures such as encryption or in password protected devices, retained for no longer than necessary and not disclosed to any third party unlawfully. 

3.3 Some processing of personal data is considered high-risk, either because of the nature and volume of personal data processed or because we want to process that data using novel technology or a system or application that is new to us. Where this is the case, and where required by law, we assess the risks of the processing, how we mitigate those risks, and we document decisions taken in Data Protection Impact Assessments.  

4. Processing personal data for specified purposes only  

4.1 Our Fair Processing Notice explains the types of data we collect and how it is collected. 

4.2 To ensure correct management of personal data, and to comply with many data privacy regimes around the world, we maintain records of data processing which identify key information in respect of all personal data we process. This enables us to align our privacy practices with local privacy laws.  

4.3 Any individual whose personal data we process may contact the Group DPO to request information about the types of personal data we process, the lawful basis (or bases) for that processing and how we protect their personal data.  

5. Data Minimisation  

5.1 Charles Taylor will only process personal data insofar as is reasonably necessary to do so. Charles Taylor will review its Data Inventories on a periodical basis, no less than once a year. 

6. Data Integrity 

6.1 Charles Taylor shall ensure, where reasonably practicable, that all Personal data it processes shall be accurate and up to date. 

6.2 We provide the right to rectification of any errors in your personal data and we consider them without undue delay on receipt of a written request, or on behalf of, a data subject seeking to rectify their personal data. 

7. Data Retention  

7.1 We will keep your personal data only for so long as is necessary and for the purpose for which it was originally collected. We may need to retain it for as long as there is any possibility that either you or we may wish to bring a legal claim, or where we are required to keep your personal data due to legal or regulatory reasons. 

7.2 We have implemented a Group Document Retention Policy which sets out details of the periods for which certain categories of personal data shall be retained and the lawful basis for that retention. 

8. Your legal rights  

8.1 Under certain circumstances, you have rights under data protection laws in relation to your personal data. We will respect your rights and act promptly and in accordance with applicable law, rule or regulation relating to the processing of your personal data. Our Fair Processing Notice outlines your rights in further detail.  

9. Appropriate Technical and Organisational Measures  

9.1 Charles Taylor takes information security seriously and has put in place security measures which meet various industry standards for example, ISO 27001.  

9.2 We continuously monitor our information security and work hard to meet our own high expectations in this regard, and the expectations of our industry clients and of data subjects.   

9.3 Your personal data will only be shared with those of our staff or our business partners who have a need to see it for the legitimate purposes of carrying out our business and we work hard to maintain a culture of privacy awareness. 

10. Changes to this Policy  

10.1 This Privacy Policy comes into effect on 1 July 2023 replacing our previous Privacy Policy. 

10.2 Further details can be found in our Cookie Policy, Terms and Condition,s and Privacy Policy.

10.3 For those who work at Charles Taylor, the Charles Taylor Fair Processing Notice for Employees and our Privacy Policy Notice are accessible online via our intranet. Our Candidate Fair Processing Notice is also available on this website.

10.4 Our other data protection policies are available upon request to dpo@charlestaylor.com 

Last updated: June 2023 

This site and all content are copyright © Charles Taylor Ltd   

All rights reserved.