Privacy Policy

1. Who we are (data controller)

Easy Car Claims is the data controller for the personal data described in this policy. We can be contacted at claims@easycarclaims.co.uk or 0208 090 8872.

2. What personal data we collect

Depending on which service you use, we may collect:

• Identity: name, date of birth, address, driving licence number, National Insurance number, photo ID, PCO/TfL licence number
• Contact: phone, email, preferred language
• Vehicle: registration, make/model, insurance details, MOT history (via DVSA), keeper records (via DVLA where authorised)
• Accident details: date, time, location, description, photographs, video, dashcam footage, witness statements, police reference
• Third parties: the other driver's name, contact details, vehicle, insurer (where you provide these)
• Financial: bank details where you are owed money, loss-of-earnings figures, evidence (bank statements, platform earnings exports, tax returns)
• Medical: injury descriptions; medical records are usually only handled by the referred solicitor, not by us directly
• Technical: IP address, browser, pages viewed, referrer, basic device info via standard server logs and analytics tools

3. Why we collect it (lawful basis)

• Contract (Art. 6(1)(b)): to deliver the accident management services you instructed us to perform — recovery, replacement vehicle, repair, claim documentation, solicitor referral
• Legitimate interests (Art. 6(1)(f)): running our business safely (fraud prevention, verification checks via DVLA / DVSA, audit trails)
• Legal obligation (Art. 6(1)(c)): retaining accounting records, complying with HMRC, complying with regulators
• Consent (Art. 6(1)(a)): where you tick a box for marketing or non-essential cookies — you can withdraw at any time
• Special category data (Art. 9): medical information is processed by us in the limited capacity needed to refer your case to a specialist solicitor, on the basis of explicit consent and/or Art. 9(2)(f) (legal claims)

4. Who we share your data with

We only share personal data where it is necessary to deliver our services, fulfil a legal duty, or with your consent. Specifically:

• Panel solicitors — where you have a personal-injury or contested-liability element; named in the referral pack before transfer
• The at-fault driver's insurer — to recover the cost of repair, hire, and other losses
• Your own insurer — where notification is required for your policy
• The Motor Insurers' Bureau (MIB) — for uninsured-driver or untraced-driver claims
• Repair partners / our in-house bodyshop — to carry out the repair
• Recovery and storage operators — to move and store your vehicle
• Credit-hire providers — where the replacement vehicle is supplied under credit-hire arrangement
• DVLA — for vehicle / keeper record checks (under the Keeper at Date of Event (KADOE) framework when authorised)
• DVSA — for MOT history checks
• Service providers (processors): Supabase (database hosting, EU region), Vercel (web hosting, EU/UK region), Resend (transactional email), Firecrawl (third-party web verification), Google Analytics (anonymised analytics if you consent)
• Regulators, courts, police — where legally required
• Successor business — in the event of a sale or restructuring, with appropriate safeguards

We do not sell your personal data to third parties for marketing.

5. International transfers

Most of our processors are based in the UK or EU. Where data must be transferred outside the UK, we rely on adequacy decisions (e.g. EU and other approved jurisdictions) or the UK International Data Transfer Agreement (IDTA) with appropriate safeguards. We do not knowingly transfer personal data to jurisdictions without adequate protection.

6. How long we keep your data

Retention is tied to the type of data and any legal requirement to retain it:

• Active claim file: for the duration of the claim plus 7 years (statutory limitation + accounting period)
• Rejected / withdrawn enquiries: up to 24 months from last contact
• Accounting records (invoices, payment data): 6 years from end of tax year (HMRC requirement)
• Website analytics: 14 months
• Marketing consent records: until consent is withdrawn or 24 months from last engagement, whichever is first

After the retention period expires we securely delete or anonymise the data.

7. Your rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you (subject access request)
• Have inaccurate data corrected
• Request deletion of your data where there is no overriding legal basis to keep it
• Restrict our processing of your data
• Object to processing where we rely on legitimate interests
• Withdraw consent where consent is our basis (this doesn't affect prior lawful processing)
• Receive your data in a portable, machine-readable format
• Object to automated decision-making (we don't currently do this, but reserve the right to clarify)

To exercise any of these rights, email claims@easycarclaims.co.uk with the subject "DSAR" (Data Subject Access Request). We respond within one calendar month as required by UK GDPR, extendable by a further two months for complex requests.

8. Security

We protect your data with industry-standard measures: encrypted database (Supabase RLS + AES at rest), TLS in transit, restricted admin access, audit logging, regular security reviews. No system is 100% secure — we take a defence-in-depth approach.

9. Cookies

We use a small number of cookies, primarily for site function (session, security) and optionally for analytics (with consent). See our Cookie Policy for the full list.

10. Children

We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently done so, please contact us and we will delete it.

11. Complaints

If you're unhappy with how we've handled your personal data, please contact us first at claims@easycarclaims.co.uk so we can try to resolve it. You also have the right to complain to the UK Information Commissioner's Office (ICO) at any time:

• Website: ico.org.uk/make-a-complaint
• Helpline: 0303 123 1113
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

12. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will be notified to you in writing where practical.