McLarens Logo
Search

McLarens DPL Privacy Statement – Colombia  

Summary

This privacy statement covers McLarens and Halliwell.

We value the privacy of your personal information.

This McLarens Privacy Statement outlines how we collect, hold, use and disclose your personal information.  Before processing your data, we have obtained your consent to so do. You may have consented to your insurer or to us during the claims process.

Definitions

The following defined terms must be considered when applying and interpreting this Policy:

  • Authorization: Prior, express, and informed consent from the Data Owner to process their Personal Data.
  • Privacy Notice: A supplementary document to this Policy, provided in physical, electronic, or other formats by McLarens. It is made available to the Data Owner before their Personal Data is processed. This notice informs the Owner about the existence of data processing policies, how to access them, and the characteristics of the data processing when providing access to the full policy is not feasible.
  • Personal Database: An organized collection of personal data subject to processing.
  • Personal Data: Any information linked to or associated with one or more identifiable natural persons.
  • Sensitive Personal Data: Information affecting the privacy of the Data Subject or whose misuse could lead to discrimination. This includes data revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, union membership, or affiliation with social or human rights organizations. It also encompasses data about health, sexual life, and biometric details.
  • Public Data: Information that does not affect the privacy of the Owner and is not classified as private or sensitive. Examples of Public Data include information related to an individual’s civil status, profession or occupation, and their status as a businessperson  or public servant. By its nature, Public Data may be found in public records, official documents, gazettes, bulletins, or enforceable court decisions that are not classified as confidential.
  • Sensitive Data: Information affecting the privacy of the Data Subject or whose misuse could lead to discrimination. This includes data revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, union membership, or affiliation with social or human rights organizations. It also encompasses data about health, sexual life, and biometric details.
  • In charge: Refers to the natural or legal person, whether public or private, who, independently or in association with others, processes personal data on behalf of the Data Controller.
  • Habeas Data: A fundamental right enabling individuals to know, update, rectify, and/or delete their personal information collected and processed, in accordance with applicable laws and regulations.
  • Principles for the Processing of Personal Data: These are the fundamental legal and jurisprudential rules that guide and inspire the processing of personal data. They establish the criteria and actions to resolve potential conflicts between the rights to privacy, habeas data, protection of personal data, and the right to information.
  • Claim: A request made by the Data Owner or an authorized person, as stipulated by law, to correct, update, delete their Personal Data, or revoke authorization in cases established by law.
  • Data Controller: A natural or legal person, public or private, that decides on the database and/or the processing of personal data.
  • SIC: Superintendence of Industry and Commerce.
  • Holder: The natural person whose personal data is subject to processing.
  • Treatment: Any operation or set of operations performed on personal data, including collection, storage, use, circulation, or deletion.
  • Transfer: The transfer of personal data occurs when the individual or entity responsible for or in charge of processing the data, located in Colombia, sends the information to a recipient who is responsible for its processing. The recipient may be located either within or outside the country.
  • Transmission: The processing of personal data involving its communication, either within or outside the territory of the Republic of Colombia, for the purpose of enabling the Processor to perform processing activities on behalf of the Controller.

PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA

McLarens and Halliwell adhere to the following principles, which establish the rules to be followed in the collection, management, use, processing, storage, and exchange of Personal Data:

  • Principle of Legality: Processing is a regulated activity that must comply with the applicable laws governing Personal Data and related fundamental rights.
  • Principle of Purpose: Processing must serve a legitimate purpose aligned with the Constitution and the Law, which must be clearly communicated to the Data Owner.
  • Principle of Liberty: Processing may only be conducted with the prior, express, and informed consent of the Data Owner. Personal Data cannot be disclosed without prior authorization unless required by legal, statutory, or judicial mandates.
  • Principle of Truth or Quality: Information subject to processing must be truthful, complete, accurate, up-to-date, verifiable, and understandable. The processing of partial, incomplete, fragmented, or misleading data is strictly prohibited.
  • Principle of Transparency: The Data Owner has the right to obtain information about the existence and processing of their personal data from McLarens at any time and without restrictions.
  • Principle of Restricted Access and Circulation: Processing is limited by the nature of personal data, as well as the provisions of the Law and the Constitution. Personal Data may only be accessed or processed by individuals authorized by the Data Owner or those permitted by law.

Except for public data, Personal Data cannot be made available on the Internet or through mass communication channels unless access is technically restricted to ensure that only authorized persons or entities have knowledge of the information, as required by law.

  • Confidentiality Principle: All individuals involved in processing data within our databases must maintain strict confidentiality. They are prohibited from disclosing personal, commercial, accounting, technical, business, or any other type of information obtained during the execution of their duties.

The Purposes for which we Hold, Use and Disclose Personal Information:

We collect personal information to assist our clients in investigating, assessing and settling insurance and other claims (e.g., when we act for an insurer, this will involve us collecting personal information from insureds, claimants and other third parties involved in the claim, as well as checking the validity of such information).  

We hold limited personal data which we use to inform our clients employees about corporate events and services that we provide.  No such communication will be sent to those who withdraw their consent.

We also use the personal information that we hold, to contact you, to notify you about changes to our service, to verify your identity, and to provide customer support.

We provide the personal information we collect to our insurer clients, their agents and advisers such as lawyers. This is to assist the insurer or their agent to manage and administer their relationship with the insured, and to decide or advise on payment of a claim. We also provide personal information to other third parties who can confirm the information provided to us (e.g., repairers, witnesses to a claim or law enforcement agencies) to assist us in providing our insurance claims services (e.g., our investigators and other agents and contractors) or to assist with asset management assignments.

Where we disclose information to third parties, we limit the use and disclosure of personal information provided to us by them for the purposes for which we collected it (e.g., in relation to the handling or settlement of the relevant claim). Our insurer clients, their agents, advisers and other relevant third parties may have their own privacy policy that contains information about their privacy practices and how you can access any personal information they hold about you, seek correction of it or make a complaint about a breach of the DPL.

We may also hold and use your personal information, and disclose your personal information to relevant third parties for the following purposes:

  • To deal with enquiries – we may need to collect your personal information to answer an enquiry you make.
  • Dealing with a complaint – for example a complaint made by you in respect of service provision.
  • Maintaining and improving our service, auditing, quality assurance and training – for example, we may review your personal information to identify how our services can be improved.
  • Assisting with the claims process by providing your name address and phone numbers to contractors
  • Other purposes – for any other purpose communicated to you at the time we collect your personal information or as required or permitted by law.

Occasionally we may be required or authorised to collect personal information because of laws in Colombia or an order of a Court / Tribunal. If we are collecting personal information for this purpose, and we are permitted to do so, we will tell you.  We may also transfer your personal information outside Colombia where the relevant third party is located outside of Colombia (for example, to an insurer and reinsurers and their representatives who are located overseas) but only to countries where the level of data privacy law is the same or greater than that in Colombia.

Our contractual arrangements with these entities generally include an obligation for them to comply with Colombia ’s data protection laws.

The categories of personal data we process when handling claims are determined by the data controllers we are acting for and based on their instructions to us.

Personal Information We Collect and Hold

The personal information we collect and / or hold about you and other individuals (such as a co-insured or your spouse, partner or children) may include:

  • name, date of birth and gender of you, your colleagues/employees and/or family members,
  • contact details such as address, phone, fax and email of said persons
  • bank account details.
  • medical data.
  • county court judgements.
  • information relevant to providing a service such as:
  • your claims history.
  • information obtained as part of the management and processing of a claim (e.g., information on a police report).
  • details of insurance policies you hold or have held; and
  • sensitive information such as criminal records (e.g., where this information is relevant to processing a claim).

What Happens if You Don’t Give Us Your Personal Information?

If you don’t provide us with the required personal information, we and our clients may not be able to provide you with some or all services (e.g., we may not be able to access or assess your claim). Where we collect personal information from you, we expect you to tell us if you do not consent to us disclosing the personal information you provide to us to the types of third parties referred to above.

How We Collect and Hold Personal Information

How we collect:

We may collect personal information about you and other individuals in various ways including:

  • over the phone, including telephone recordings.
  • audio/visual recordings, including CCTV.
  • in person.
  • when we interview witnesses or other third parties.
  • when attending site meetings in the notes of those meetings.
  • in writing, including via email and hard copy forms
  • social media or other on-line sources where data is in the public domain

From whom we may collect:

We may collect such information directly from you or through a variety of third parties such as repairers, suppliers, consultants, and the police. We may also collect personal information from publicly available sources such as the phone book or public websites.

When we collect personal information from you about someone else:

We may seek to collect from you personal information about another person. This may happen if you have personal information about another person which is relevant to a claim. For example, you may have the details of a witness to an incident for which you are claiming under your insurance policy. If you provide us with information about another person, then you must:

  • have their consent to do so; and
  • tell them:
    – that you are disclosing their personal information to us; and
    – Refer them to this Privacy Statement.

Holding personal information:

We hold personal information electronically and on paper / in hard copy.

For the personal information we hold electronically we take reasonable security measures including firewalls, secure logon processes, encryption and intrusion monitoring technologies.

For the information we hold in hard copy / on paper we have in place reasonable confidentiality procedures, and we also take reasonable security measures. We also require third party providers to hold personal information securely.

Your Rights

McLarens, as the Data Controller and/or Data Processor, guarantees the rights of Data Subjects at all times.

  • Data Subjects have the right to know, update, and rectify their personal data held by McLarens. This right may be exercised in cases involving partial, inaccurate, incomplete, or fragmented data that could lead to errors, as well as data whose processing is explicitly prohibited or unauthorized.
  • Data Subjects may also request proof of the authorization granted for the processing of their data, except in cases where such authorization is not required by law, as established in Article 10 of Law 1581 of 2012 or any related regulations that modify, supplement, or replace it. This includes cases where the continuation of processing is permitted under Article 10, numeral 4 of Decree 1377 of 2013.
  • Data Subjects have the right to be informed by McLarens, upon request, about the existence of their personal data and the purposes for which it has been used.
  • Similarly, Data Processors must provide, upon request, information regarding the use of the Data Subject’s personal data
  • Data Subjects may submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of Law 1581 of 2012, Decree 1377 of 2013, or any other applicable regulations that modify, supplement, or complement these laws.
  • They also have the right to revoke authorization and/or request the deletion of their data if the processing does not adhere to constitutional and legal principles, rights, and guarantees. Revocation or deletion will proceed if the Superintendency of Industry and Commerce determines that the Data Controller or Processor has engaged in conduct contrary to the law or the Constitution.
  • Data Subjects are entitled to free access to their personal data that has been subject to processing.

In accordance with the law, the company has a maximum of ten (10) business days from the date of receipt to resolve these queries, responding via regular or electronic mail. If it is not possible to address the query within this timeframe, the applicant will be informed of the reasons for the delay and provided with a new resolution date. This extension may not exceed five (5) business days following the expiration of the original term.

Further Rights:

To rectification or restriction of the way in which we are processing your information; or to object to us processing it.

To erasure of your personal information provided it is no longer necessary for the purposes for which it was collected; or where there is no legal basis for us processing it.

Where we have collected information about you from sources other than yourself, information about those sources.

To ask us whether any decisions are being taken about you by automated means and if this is happening; information about the logic involved and any significant consequences on you.

To ask us about the appropriate safeguards we take if we transfer your information to a third country or international organisation.

To enable the Holders of personal information to make requests, queries, and claims; to know, update, rectify, or delete information; to revoke the authorization granted; or to request proof of authorization and exercise their rights in general, McLarens has provided the following means of contact through the area responsible for privacy policies. The designated Data Protection Officer is:

Liz Tubb

  • email: compliance@mclarens.com
  • Phone number: (+44 7841338326)
  • By writing to the following address in Colombia: Carrera 15 A No. 120 – 42 oficina 402, Edificio Santa Bárbara, Bogotá – Colombia – addressed to Liz Tubb – compliance@mclarens.com who will send the communication to the Compliance area to continue with the respective procedure

The Holder must indicate his/her full name and identification number, as well as the physical address or email address where he/she will receive the response.

Submission route and procedure

  • Queries: The Holders or their successors may consult the personal information stored by McLarens. In response, McLarens is obligated to provide all the information contained in the individual record or any data linked to the Holder’s identification.
  • Claims: If the Holders of Personal Data processed by McLarens, or their successors, believe that the information contained in McLarens‘ databases needs to be corrected, updated, or deleted, or if they identify a potential non-compliance with applicable regulations, they may file a claim under the following terms:
    1. The claim must be submitted as a formal request addressed to McLarens. The request should include the Holder’s identification, a description of the facts giving rise to the claim, the claimant’s address, and any supporting documents.
    2. Once a complete claim is received, McLarens will include a legend in its database stating “claim in process” and the reason for the claim within no more than two (2) business days. This legend will remain in place until the claim is resolved. This legend will remain in place until the claim is resolved.
    3. McLarens will address the claim within the maximum time period allowed by law, starting from the day after the claim is fully received.
    4. Before processing any claim, McLarens will verify the identity of the claimant, ensuring that they are the Holder, their successor, or their legal representative. If the claimant does not fall into one of these categories, the claim will not be processed.
    5. A complete claim must include the following:
      • Identification of the Data Holder and, if applicable, the claimant (if they are not the same person).
      • A description of the facts giving rise to the claim.
      • A physical or electronic address for notifications.
      • Supporting documents and attachments relevant to the claim.
      • The specific request or objective of the claim.
    6. When requesting the deletion of data, it cannot be carried out if:
      • There is a legal or contractual obligation to retain the data.
      • Retention of the data is essential to safeguard the interests of the Owner or the public interest.
    7. If requesting the revocation of authorization, the claimant must provide the reasons for the alleged non-compliance with the duties outlined in this Policy, or explain why the data in the database needs correction or updating. The revocation must specify whether it is total or partial: Partial revocation occurs when the claimant requests the cessation of data processing for specific purposes or particular data. Total revocation occurs when the claimant requests a complete cessation of all data processing for any authorized purposes and data.
  • Complaints to the SIC: In accordance with the provisions of Article 16 of Law 1581 of 2012, the Holder or their successor may file a complaint with the Superintendency of Industry and Commerce only after the consultation or claim procedure outlined in this Policy has been fully exhausted with McLarens. Delegatura de Protección de Datos Personales, de la Superintendencia de Industria y Comercio, Carrera 13 No. 27-00, pisos 1 y 3 Bogotá, Colombia

In accordance with the law, the company has a maximum of ten (10) business days from the date of receipt to resolve these queries, responding via regular or electronic mail. If it is not possible to address the query within this timeframe, the applicant will be informed of the reasons for the delay and provided with a new resolution date. This extension may not exceed five (5) business days following the expiration of the original term.

Keeping your information accurate:

We take reasonable steps to ensure that the personal information we collect and store, use or disclose is accurate, up-to-date and complete. However, we rely on you to advise us of any changes to your information to help us do so. If you believe your personal information is not accurate, up-to-date or complete, then please let us know. If you’d like to request access to or seek correction of your personal information, please contact us. Our contact details are at the end of this Privacy Statement.

Transfer of Information Overseas

We may transfer your personal information overseas if your insurer is not resident in Colombia. For example, we may transfer information via email to Insurers, their representatives or our representatives, which includes all companies within the McLarens Group, who are located overseas. These insurers and McLarens Group Companies are most commonly located in UK, Europe and USA. You should tell us if you object to any such transfer.

Date of Privacy Statement This Privacy Statement was written on 21st November 2022 and will be reviewed annually, latest update – 20th February 2025.

About Us
Our Firm
Governance
All content © Copyright 2025 McLarens.