Protect Group – Use of Personal Data
Refund Process
Our on-line Refund Process has been designed to offer all our applicants a secure procedure to give peace of mind that all personal data is secure.
We are GDPR compliant and registered with the ICO under the Data Protection Acts of 1998 and 2018. Only authorised personnel have access to your personal information and data.
We need to collect and process your personal data to enable us to process your refund. This includes assessing your application, processing and paying valid applications.
As part of this process we may carry out fraud, credit and anti-money laundering and sanctions checks.
We may also disclose your personal data for these purposes to our service providers, contractors, agents, principals and group companies that perform activities on our behalf. Disclosure of your personal data to a third party will only be made where the third party has agreed to keep your information strictly confidential and use it only for the specific purpose for which we provide it to them.
We are required to report details of certain suspicious activities to the Serious Organised Crime Agency (SOCA).
What Personal Data might we collect
In order to process your refund application we require certain personal data about you and the circumstances leading to your application. We will not collect personal data from you that is not needed in order to process your application. Personal Data required may include:
- Individual identifying details including name, contact details, as well as details of any appropriate accompanying people or family members as appropriate;
- Identification details such as National Government issued documents;
- Payment information to allow crediting of the refund;
- Medical certification or details supporting your application;
- Anti-fraud information;
- Previous and current refund applications.
Where might we collect Personal Data from
Personal Data might be collected from a range of sources including:
- You;
- Your family members, accompanying parties, employers;
- Your health professionals;
- Anti-fraud databases;
- Government agencies.
Consent
You must have the consent of any person named in your refund application process to pass on any information about them.
We do not intentionally collect information from children under 16 years of age and, unless any such information is necessary for the processing of a refund application, shall delete any information unintentionally gathered upon request.
Data Storage
The Refund Protect application platform is hosted on the Microsoft Azure Cloud. All personal information and data you provide, such as medical information is encrypted at rest. You can read more about this here.
Payments Processing
All payments are made through Western Union. You can view their Privacy and Security policy here.
Once we have processed your information and data, it is stored on the Microsoft Azure Cloud for 14 days after a payment has been made to you. This is in order that the entire payment process is fully complete and gives an opportunity to resolve any questions which may arise. After this 14 day period your information and data is hashed and cannot be used again.
Cookies
We use “cookies” to collect and store information that your browser makes available when you visit our website. Additionally, our servers log the Internet Protocol address (“IP address”) of the device you use to visit our website. If you do not want us to do this, you can set your browser options to reject cookies or select the privacy mode setting on your individual internet browser. Rejecting cookies or selecting privacy mode may affect your ability to use some features on our website.
Data Protection
Under the Data Protection Act 1998 (from May 2018 General Data Protection Regulations), you are entitled to request a copy of any personal data that we hold about you.