MKA Privacy Policy

This Privacy Notice lets you know what happens to any personal data that you give to us, or any that we collect from or about you.

Michael Kennedy Associates (MKA) needs to collect personal information about people with whom it deals in order to carry out its business and provide its services. MKA assists Insurers in obtaining information to enable them to correctly determine their liability for insurance claims. It will at times be both a Data Controller and Data Processor, as defined under the EU General Data Protection Regulation (GDPR) and is registered with the Information Commissioner’s Office (ICO) under number ZA043202. Further details on the GDPR can be found at the ICO website ( ).

The lawful and proper treatment of personal information by MKA is extremely important to the success of our business and in order to maintain the confidence of our employees and customers. We ensure that our Company treats personal information lawfully and correctly.

We may change this Privacy Notice from time to time in order to reflect changes in the law and/or our privacy practices.

In this notice, ‘we’, ‘us’ or ‘our’ refers to Michael Kennedy Associates (MKA). ‘You’ or ‘your’ refers to the individual whose personal data we are processing.

Individual Details such as name, address, proof of address, contact details (including emails and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title, employment history, and family details (including their relationship to you).

Financial Information such as bank account or payment card details, income or transaction histories along with information regarding County Court Judgements (CCJ’s), Bankruptcy and Individual Voluntary Arrangements (IVA’s).

Insurance Policy and Claims Information including information about current and previous policies and claims.

Anti-Fraud Data.

Special Categories of Personal Data which have additional protection under the GDPR, including current criminal convictions.


Your family members, employer or agent/representative.

Insurers, insurance brokers, and Insurers’ agents and suppliers.

Websites or software applications for use on computers or mobile devices and/or social media content, tools and applications.

Anti-fraud databases, court judgements and other databases including LexisNexis/Trace IQ and Creditsafe.

Government agencies such as DVLA and HMRC.

Any open electoral register.

In the event of a claim, third parties including the other party or parties to the claim, witnesses, experts, loss adjusters, solicitors, claims handlers, translators, surveillance agents, engineers, suppliers, contractors, and others.

Claims Processing

Managing and investigating insurance claims.

Assisting Insurers in defending or prosecuting legal claims or regulatory proceedings.

Investigating or prosecuting fraud

Other Purposes include:

Complying with regulatory or legal obligations

Collecting customer feedback

Recipients to whom your information is disclosed will include ‘relevant parties’ which will include the following:

Insurers and/or their subsidiaries, legal representatives, suppliers, underwriters, brokers and/or Public Authorities (such as the police) as is necessary to perform our instructions.

We process your data on one of the following legal/legitimate grounds:

In order to enable the operation of the contract of insurance and specifically in order to enable Insurers to consider their liability for any claim that has been presented.

Where a legitimate interest to do so has been identified for which the processing of your data is necessary, and which balances your interest, rights and freedoms, such as for the purpose of Fraud Prevention.

Where we have a legal obligation to do so.

Where it is deemed to be in the substantial public interest, as set out in the enacting of the UK Data Protection Act.

Data is held by us electronically and in paper form.

Data is backed up in an encrypted format.

We will keep your personal data for so long as is necessary and for the purpose for which it was originally collected. In normal circumstances, MKA will automatically remove information at the expiry of 7 years. This is deemed a necessary and reasonable period; 6 years for potential Court proceedings plus a year.

Unless for the purpose of a specific enquiry, information will not be transferred outside of the European Economic Area.

In certain circumstances, you may have the right to require us to:

Provide you with further details about the use we make of your personal data. Provide you with a copy of the personal data we hold.

Correct any inaccuracies in the personal data we hold.

To have your personal information erased.

Where the processing requires your consent, to withdraw that consent so we stop the processing in question.

Transfer your personal data to another organisation.

Object to any processing based on the legitimate interests ground unless our reasons for that processing outweigh any prejudice to your data protection rights.

Object to automated processing, including profiling.

Restrict how we process or use your personal data in certain circumstances.

In certain circumstances, we may need to restrict the above rights to safeguard the public interest (eg prevention or detection of crime) or our interests (eg legal or litigation privilege).

If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights, or if you think we have breached the GDPR, you have the right to complain to the ICO, at the Information Commissioner’s Office, details below: