1. General information
This privacy notice sets out how and why we process your personal information within the MIB Group.
The information under Section 1 of this Privacy Policy relates to all of MIB’s processing (including the areas listed under section 2).
Section 2 sets out information which is specific to the listed areas.
2. Who we are and how to contact us
MIB is a private company registered in England.
MIB’s company number is 412787.
MIB’s registered office and postal address is:
Linford Wood House
6-12 Capital Drive
Milton Keynes
MK14 6XT
MIB’s phone number is: 01908 830001
If you wish to contact MIB to request a copy of your data or for any of your other rights please see the contact details stated under Your rights.
For further information about contacting us please visit contact us.
3. MIB Group Companies
Employers Liability Tracing Office (ELTO)
Insurance Fraud Bureau (IFB)
Motor Insurers’ Bureau (MIB)
Motor Insurers’ Information Centre (MIIC)
MIB Management Services Limited (MIB MSL)
MIB Portal Services
Official Injury Claim (OIC)
Tracing Services Limited (TSL)
Trustee(s) of the Motor Insurers Bureau Pension & Life Assurance Scheme
4. MIB's role
MIB is the data controller* for the personal information we process, unless we state otherwise. MIB collect, provide, store and process personal data with other organisations some of whom are also data controllers and some of whom and data processors. We provide details on these organisations in MIB Group companies.
MIB are responsible for ensuring that we comply with relevant data protection law when processing your personal data.
* The ICO provide helpful explanations for data protection terms, such as data controller, on their site https://ico.org.uk, or you can contact us if you have any questions.
5. Updating this Privacy Notice
MIB keep our privacy notice under regular review to make sure it is up to date and accurate. We will publish the latest version of this privacy notice at Privacy Policy and we encourage you to check this page from time to time for the latest version.
MIB published this version of the privacy notice on December 2024.
6. Data Protection Officer's (DPO) contact details
MIB has appointed a Data Protection Officer who is responsible for overseeing our data protection compliance. MIB’s Data Protection Officer is the Head of Compliance and GPO, who can be contacted by emailing privacy@mib.org.uk, or via our postal address.
7. Information we process about you
Please see section 2: Types of processing for other data we may process about you specific to the listed activities.
Types of personal information |
Details |
|
Individual details |
Your names, previous names, title (e.g Mr/Mrs/Ms), address, other contact details (for example, email address and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and job category. |
|
Identification details |
Identification numbers issued by government bodies or agencies, such as your national insurance number, passport number, tax identification number and driving licence number. |
|
Policy information |
Details of your insurance policies, including the vehicle registration insurer and policy number. |
|
Technical information |
Information relating to your use of our website, including identifiers such as your IP address, browser information, times and dates, response times, page interactions. |
|
Registered service users |
Name, user-name (where different), contact details (for example address, phone number, email address), company details, job title and category. |
|
Other data |
8. Why we process your data and our legal grounds for doing so
Please see section 2: Types of processing for other processing specific to the listed activities.
Purpose |
Legal basis |
|
Internal research, staff training and business administration
We may process your personal information for internal research and management purposes to allow MIB to identify trends and to assist in internal resource allocation. We may also process your personal information for staff training and records maintenance purposes, in the context of MIB’s own business administration and to improve the service MIB provides to customers and partners. |
Legitimate interests: We have a legitimate interest in using your information where this is necessary or appropriate for MIB’s internal purposes such as assisting in resource allocation, training our staff and maintaining records.
|
|
Responding to enquiries
We may collect your personal information to respond to enquiries from you and to provide you with information about MIB. |
Legitimate interests: We have a legitimate interest in using your information where this is necessary or appropriate to respond to your enquiries and provide you with information about MIB and its operations. |
|
Visitors to our website
Our website may invite you to provide us with your personal information. Where you provide us with your information, we will only use it for the purpose for which it has been provided by you.
Our website uses cookies to help it work more efficiently and to provide us with information on how the website is being used. You can control cookies through the settings or preferences of your browser, as well as through dedicated browser extensions or add-ons. For more information on how we use cookies, please see our cookies notice. |
Legitimate interests: We have a legitimate interest in: - providing the facilities on our website that you have requested, - understanding how our website is used, and the popularity of the content on our website. |
|
Visitors to our offices
We have security measures in place at our offices, which include building access controls and may include CCTV. Images captured by CCTV are securely stored and only accessed on a need to know basis (e.g. to look into an incident). CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft).
We require visitors to our offices to sign in at reception and we keep a record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need to know basis (e.g. to look into an incident). |
Legitimate interests: We have a legitimate interest in making sure our offices, and the people that visit and work at our offices, are safe and secure. |
|
User management
To manage access to systems for registered users, including access management, support and ensuring system security. |
Legitimate interests: To support people's access to our systems and services as well as ensuring information security. |
|
Assessment, analysis, improvement and development
To enable us to review, analyse improve and develop our services and business. |
Legitimate interests: We have a legitimate interest in understanding the data and how we can improve and develop the services that we provide. |
|
Newsletters
To support awareness of and promote MIB and its’ partners’ work and services.
To provide relevant updates and news.
To provide help, tips, guidance and support knowledge. |
Legitimate interests: The newsletters will support both the recipients and MIB with understanding, receiving updates and with help. |
|
Testing (e.g. system testing)
In some cases it might be necessary to conduct testing on our different systems using data, with strict privacy and security controls in place. |
As stated under the relevant section under Section 2: Types of Processing:
Testing will be conducted to ensure that the data, systems and services are able to fulfil their purposes. The relevant purposes and their legal basis are defined in the relevant Why we process your data and our legal grounds sections. |
|
Law enforcement purposes, including fraud prevention and detection For law enforcement purposes, including the prevention and detection of crime (including fraud). |
Legitimate interests: Where it is necessary for the Police and other authorised third parties (such as the Insurance Fraud Bureau (IFB)) to process the data for the prevention and detection of crime. |
9. Where we get your information from
This section sets out where we get your information from across all areas of MIB. Please see Section 2: Types of processing for data specific to the listed activities.
We may collect your personal information from various sources, including:
-
Directly from you: For example if you send us a claim form, submit a statement, make an enquiry with us, make a complaint, enter a survey, send us an email or speak to us by phone, or apply for a job with us.
-
From your representative (where you have one): For example if your representative communicates with us about your claim, makes an enquiry on your behalf, sends an email or speaks to us by phone on your behalf.
-
From insurers and their representatives:as set out in section 2: Types of Processing, when relevant.
-
By actively obtaining your personal information ourselves: For examplethrough the use of Cookies, server logs and other similar technologies.
The sources that apply to you will depend on why we are collecting your personal information. Where we obtain your information from a third party, we may ask them to provide you with a copy of this privacy notice (or if applicable, a shortened version of it) to ensure you know we are processing your information and the reasons why.
10. Who we share your information with
We do not make your information generally available to others. However we do share your information where appropriate, as set out below.
This section sets out the how we share your information across all areas of MIB. Please see section 2: Types of processing for data specific to the listed activities.
- MIB Group Companies: Please see MIB Group Companies.
- External service providers and third party suppliers: in order to operate efficiently, we require the assistance of various external service providers, particularly in relation to our IT systems. Some of these services (such as email hosting and data backups) involve the service provider holding and using your personal information. In each case where we share your information with one of our service providers, the service provider is required to keep it safe and secure and make sure it is properly protected. They are also not permitted to use your personal information for their own purposes.
- With third parties to protect the rights and property, and ensure the safety, of MIB and others.
- Bodies to comply with legal or regulatory requirements: we may share withother third parties, such as relevant public and government authorities, including regulators and law enforcement bodies, where we are required or requested to do so to comply with legal or regulatory requirements.
- Anti-fraud agencies: we may make disclosures to agencies whose purpose is the detection and prosecution of fraud (e.g. the Insurance Fraud Bureau) and those who manage anti-fraud databases (e.g. the Insurance Fraud Register).
- New owners: if we sell our business, then your information will be transferred to the new owner to enable the continuation of the business.
11. Your rights
Your right of access: You have the right to ask us for copies of your personal information and other supplementary information.
Your right to be informed about how and why your data is used: This Privacy Notice provides information about how and why your data is used, but if you have any other questions please contact us.
Your right to rectification: You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete any information you think is incomplete.
Your right to erasure: You can ask us to erase your personal information in certain circumstances. If you would like to discuss this, or understand whether this is applicable to you, please contact us at the details below.
Your right to restriction of processing: You have the right to ask us to restrict the processing of your information in certain circumstances. If you would like to discuss this, or understand whether this is applicable to you, please contact us at the details below.
Your right to object to processing: You have the right to object to processing in certain circumstances if we are processing your information because the process is for a public task or in our legitimate interests. If you would like to discuss this, or understand whether this is applicable to you, please contact us at the details below.
Your right to data portability: This right only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under a contract. Please see Why we process your personal data and our Legal grounds to understand whether this right applies to you, or contact us at the details below if you would like advice or guidance.
To request one of your rights please contact us at dsar@mib.org.uk, or write to the Data Support Team using the postal address under Who we are and how to contact us. You can also visit our website for help regarding right of access requests: Requesting your data from MIB.
We will assess requests on a case-by-case basis and we might ask you for proof of identity or for clarification of your request before doing so.
12. Your right to complain
If you have any queries or concerns about our processing of your personal data or our response to any requests by you to handle your rights please contact us at privacy@mib.org.uk or by writing to the postal address under Who we are and we will do our best to assist you.
You also have the right to complain to the authority that supervises our processing of your personal information.
In the UK, the relevant supervisory authority is the Information Commissioner's Office (ICO). Details of the ICO can be found at https://ico.org.uk.
13. Keeping your information safe
We take security issues seriously. We implement appropriate steps to help maintain the security of our information systems and processes and prevent the accidental destruction, loss, or unauthorised disclosure of the personal information we process.
14. How long we keep your personal data for
We will keep your personal data for no longer than is required to fulfil the purposes described to you in 1.8. Why we process your personal data and our legal grounds, unless there is a legal requirement to keep it for longer (in which case we will remove your personal data as soon as the legal requirement ends).
If you would like further information about how long we keep your data for, please contact us.
15. Do we transfer your data overseas?
Yes, MIB may transfer data to countries outside of the United Kingdom.
Where we transfer your personal data to other countries, we will protect your information by ensuring that those transfers are made in compliance with all relevant laws. This means that we will either:
• transfer your information to a country that the UK has assessed as having adequate data protection laws to protect your personal data, or
• put controls in place to protect your data, which in most cases will be by using UK government approved agreement terms.
If you would like further information on how your personal data is protected when transferred to another country please email us at privacy@mib.org.uk.
16. Links to other websites
Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.