Privacy policy

1. Introduction

The Insurance Fraud Bureau (“IFB”, “we”, “us” or “our”) operate the IFB service. The IFB is a non-for-profit organisation which provides counter-fraud services to the UK insurance industry. For this purpose, the IFB maintains access to a variety of industry data sets, as well as data obtained via various other sources which we use to provide our services.

This Privacy Notice  (together with our Terms of Use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or is provided to us, will be processed by the IFB.  Please read the following carefully to understand the IFB’s views and practices regarding your personal data and how we will treat it.

Insurance Fraud Bureau is the controller responsible for the personal data collected about you in connection with this website and the services.

 

2. Information we collect about you

The personal data we collect and use in connection with this website and the services may include:

  • Contact details, such as your name, email address, postal address or telephone number;
  • Other personal details, such as your date of birth, identification and gender;
  • Details of suspected or proven offences;
  • Health information, such as information about your health status or prognoses; and
  • Technical information, such as information about your device IP address, browser configuration, geolocation and other technical information about how you react with specific pages on our website.

    

3. How we collect your information

The IFB hold industry data submitted to the Motor Insurance Database (“MID”), the Claims Underwriting Exchange (“CUE”) and Motor Insurance Anti-Fraud & Theft Register (“MIAFTR”), data from which is fed through to the IFB’s data analytics solution on a weekly basis.

You can find more about the MID, CUE and MIAFTR databases at:

https://www.mib.org.uk/privacy-and-cookie-policy

The IFB also receive information from our members (“Authorised Users” of the service). Please see below a table detailing the Authorised Users of the IFB. Information may be submitted to the IFB by its members for fraud prevention and detection purposes.

Data may be collected from submissions made to the IFB from Members, via the Cheatline, from law enforcement and other strategic partners.

Type

Description

Insurers

Means any insurance company, Lloyd's syndicate or compensator authorised to underwrite motor insurance and “Insurers” shall be construed accordingly.

Intermediaries

A party, authorised by the Financial Conduct Authority, acting on behalf of an Insurer including broker offices/call centres, broker websites, Independent Financial Advisors, Managing General Agents and affiliated partners.

Software Houses

Firms specialising in providing software that allows Insurers, Intermediaries and Aggregators to trade insurance policies electronically.

Aggregators

An insurance aggregator authorised by MIB from time to time in writing to carry out enquiries of the Data within the MIB Hub and to distribute the results of these enquiries to its panel members.

Other third parties

All Authorised Third Parties save for Insurers, Intermediaries Aggregators and Software Houses.

The IFB work closely with certain third parties (including, for example, insurers, law enforcement bodies, government departments, local authorities, industry regulators such as the Solicitors Regulation Authority and other public or private bodies) and may receive information about you from them.

 

4. How we use your information

The personal data we collect in connection with this website is used for the following purposes:

  • to provide intelligence warnings of suspected fraud activity. It also uses the same data to apply risk scoring technology within the data analytics tool to build networks to identify suspect fraud risks;
  • to identify suspicious insurance fraud behaviours across the aggregated data sets to detect and prevent fraud for IFB customers and the wider industry;
  • to enable the insurance industry to share intelligence on individuals and organisations suspected to be linked to insurance fraud, in an efficient, effective, and compliant manner. All processing of personal data through its intelligence databases is strictly limited to the purpose of detecting and preventing insurance fraud;   
  • in respect of data submitted directly, personal data may be provided to this website using online forms, bulletin boards or via telephone through Cheatline. This data will be used to prevent and detect fraud. If you have provided information anonymously, your personal data has not even been collected;
  • to carry out qualitative and quantitative testing to ensure the accuracy of fraud modelling and statistical analysis; and
  • to respond to lawful requests from the police in support of investigations of crime, including but not exclusively fraud.

 

5. Legal bases for processing your information

We rely on the following legal basis to collect and use your data.

  • To pursue our legitimate interests or a third party’s legitimate interests to provide the services in the most appropriate way. This means that we will process your personal data for the purposes of fraud prevention and detection, crime prevention and prosecution of offenders, as well as associated research, management information, staff training, and media support tasks.

We would rely on the following conditions to process special category data and/or data relating to criminal convictions or alleged offences:

  • To prevent and detect fraud, or suspected fraud.
  • To prevent and detect unlawful acts.

 

6. Who we share your information with

Your personal data may be disclosed by the IFB to the third parties listed below within the United Kingdom and overseas:

  • other companies in MIB’s group of companies (acting as controllers or processors);
  • insurers (acting as controllers or processors), law enforcement bodies (including Police, Financial Conduct Body) (acting as controllers or processors);
  • government departments (acting as controllers or processors) including Driver and Vehicle Licensing Agency, Compensation Recovery Unit of the Department for Work and Pensions, HM Revenue and Customs, UK Visas and Immigration;
  • local authorities (acting as controllers or processors);
  • experts (acting as controllers or processors) reporting on the cause of the accident, medical injuries and the prognosis and verification of financial and other circumstances);
  • other public or private bodies (acting as controllers or processors, where we are obliged or permitted by law to do so;
  • financial services institutions (including, but not limited to, banks and building societies), ID and background verification organisations (acting as controllers or processors) and credit reference agencies;
  • regulatory bodies (acting as controllers or processors) including the Solicitors Regulation Authority, General Medical Council and Information Commissioner’s Office;
  • professional advisors (acting as controllers or processors) including lawyers, accountants, bankers, auditors and insurers; and
  • other service providers (acting as processors or controllers (as appropriate)) including IT suppliers and administration services providers.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.  

 

7. Accuracy of your information

We rely on the availability of accurate personal data to enable us to provide the services to you and operate our business.  You should therefore notify us of any changes to your personal data that may affect the proper management and administration of the services we provide to you.

 

8. Overseas transfers of your information

Your personal data may be transferred to any country, including countries outside the European Economic Area (“EEA”) where the transfer is necessary for the purposes of establishing, exercising or defending legal rights, obtaining legal advice, for the purposes of fraud prevention, or in connection with any legal proceedings, or is otherwise permitted by law.

The IFB takes steps to ensure any personal data transferred outside the EEA is transferred in accordance with the principles of adequacy or appropriate safeguards as required by law.

 

9.  Retention period

The IFB will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, the IFB considers the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which the IFB processes your personal data and whether the IFB can achieve those purposes through other means, and the applicable legal requirements.

A summary breakdown of data retention limits across all core IFB systems is outlined below.

IFiHUB and iBase

Status / File type

Retention Period

 

Level 1

Level 2

Level 3

Under Investigation

1 year

3 years

6 years

Closed - Confirmed suspect

3 years

4 years

6 years

Closed – Confirmed fraud

30 days

30 days

30 days

Closed – Not suspect

2 days

2 days

2 days

Closed – Victim

1 year

3 years

6 years

Analytics Engine

MIAFTR

The earliest of 6 years after loss date or 6 years after creation date within the system

MID Policy Documents

Policies are weeded if closed and unchanged 3 years after policy end date

CUE Claims Records

Will expire the earliest of 3 years from the closed date or 3 years from the loss date.

IFR data

Process in place to refresh IFR data ingested to the Analytics solution every 7 days.

Intelligence Feed

         2 to 6 years depending on value assigned to intelligence (High/Medium/Low)

Insurance Fraud Register

All records loaded to IFR

Auto-weeded from system 5 years from Create Date.

In some circumstances the IFB will hold data in its intelligence databases that relates to a victim of fraud.  In respect of the IFiHUB, the victim will need to provide express written consent for that data to be publicised in the database. In certain circumstances you can ask the IFB to delete your data: see “Right to Erasure” below for further information.

In some circumstances the IFB may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case MIB may use this information indefinitely without further notice to you.

 

10.  Your information rights

You have the following rights in relation to the personal data we hold about you.

  • The right to access and inspect your personal data or be provided with a permanent copy of the information we hold about you.
  • The right to request inaccurate personal data about you is rectified, particularly if it is factually inaccurate.
  • The right to request your personal data is erased in certain circumstances, e.g. if it is no longer necessary for us to retain the information.
  • The right to object to the use of your personal data, particularly where you feel there are no longer sufficient grounds for us to continue processing the information or we rely on the legitimate interests lawful basis to carry out the processing.
  • The right to request the restriction of your personal data from further processing, e.g. where the personal data is inaccurate and you request the restriction of the information until it is corrected.
  • The right to request that some aspects of your personal data be provided to you or a third party of your choice in electronic form to enable its reuse.
  • The right to refuse direct marketing communications or ask to stop sending you direct marketing communications.
  • The right to withdraw your consent, where you have previously given your consent for us to collect and process your personal data.
  • The right to object to a decision which is based solely on automated processing and which creates legal or other significant effects.
  • The right to complain to the data protection supervisory authority if you have concerns about the way we collect and use your personal data.

Please note that some of the rights described above may be limited in certain circumstances, such as where exemptions or legal obligations apply or there is an overriding legitimate interest in continuing to process the personal data.  If we are unable to fulfil a request from you to exercise one of the above rights, we will contact you to explain the reason for our refusal.  If you wish to exercise your rights or have concerns about the way we collect and process your personal data please contact us at: dsar@mib.org.uk.

 

11.  Cookies

We use cookies on our websites.  Cookies are small data files sent from a website to your web browser.  They are stored in your web browser’s cache and allow a website or a third party to recognise your browser or mobile device. We collect information about you automatically when you visit our website by using cookies and other tracking technology.  For more information about cookies, and other tracking technology including how to turn them off, please see our Cookie Notice.

 

12.  Service complaints

If you wish to make a complaint or enquire about any aspect of the services we provide, please contact us at:

Customer Services 

Motor Insurers' Bureau

Linford Wood House

6-12 Capital Drive

Milton Keynes

MK14 6XT

 

email:feedback@mib.org.uk

 

13.  Data protection complaints

If you wish to make a complaint about the way we use your personal data you should contact us in the first instance at:

Data Protection Officer

Motor Insurers Bureau

Linford Wood House

6-12 Capital Drive

Milton Keynes

MK14 6XT

 

email: privacy@mib.org.uk

 

If you are not satisfied with the way we have handled your data protection complaint you may refer your complaint to the UK data protection supervisory authority at:

Information Commissioner's Office

Wycliffe House,

Water Lane,

Wilmslow,

SK9 5AF

Website: www.ico.org.uk

 

14.  Changes to this notice

We will update this Notice from time to time to ensure it continues to reflect the way we collect and use your personal data.  Any changes to this Notice will be posted here and notified to you via email and such changes will become effective as soon as they are posted.  You should therefore periodically review this notice to ensure you understand how we collect and use your personal data.

Our use of cookies

We use necessary cookies to make our site work. We'd also like to set analytics cookies that help us make improvements by measuring how you use the site. These will be set only if you accept.

For more detailed information about the cookies we use, see our cookies page.

Manage cookies Allow all cookies

Our use of cookies

We use necessary cookies to make our site work. We'd also like to set analytics cookies that help us make improvements by measuring how you use the site. These will be set only if you accept.

For more detailed information about the cookies we use, see our cookies page.

Allow all cookies

Necessary cookies

Always on

Necessary cookies enable core functionality such as logging in and out of the portal area. Necessary cookies can be disabled by changing your browser settings, but this may affect how the website functions.

Marketing cookies

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and personalised to you to improve your experience across the website.

Statistics cookies

Statistic cookies help us to understand how visitors are interacting with our website by collecting and reporting information anonymously. This helps us to understand where we can improve functionality on the website to provide visitors with a better experience.

Allow selected cookies