Tautona Privacy Policy

At Tautona we respect your privacy and we are committed to protecting your Personal Information. This privacy policy will inform you as to how we look after your Personal Information when we contract with you or visit our website and tell you your privacy rights and how the law protects you. Tautona is in charge of the data that is collected by us. To put that in GDPR-speak, Tautona is the “Data Controller” for the data described in this policy statement.

  1. Introduction and scope

    1. Tautona.ai Proprietary Limited (“Tautona” or “we” or “us” or “our“) provides specialist insurance claim automation services internationally. You can find out more about Tautona on our website https://Tautona.ai/

    2. Tautona strives to ensure that our use of Personal Information of data subjects is lawful, reasonable, and relevant to our business activities, with the ultimate goal of improving our offerings and your experience.

    3. This Tautona Privacy Policy (this “Privacy Policy“) sets out what we will do with any Personal Information (defined in paragraph 2.1 below) we collect from or about you, or that you provide to us, when you use our services, including our website (which we also refer to in this Privacy Policy as the “Website“).  Please read this Privacy Policy carefully to understand our views and practices regarding your Personal Information and how we will treat it.

    4. It is important that you read this Privacy Policy together with any other document or agreements which describes the manner in which we may provide in specific circumstances when we are collecting or processing Personal Information about you.  This will enable you to properly understand the manner in which Tautona will process your Personal Information. This Privacy Policy supplements such other documents and agreements, and this Privacy Policy is not intended to override them.

  1. The Personal Information that we collect about you

    1. Tautona may collect, get, receive, record, organise, collate, store, update, change, retrieve, read, process, analyse, use and share your Personal Information in the ways set out in this Privacy Policy.  When we do one or more of these actions with your Personal Information, we are “Processing” your Personal Information.

    2. Personal Information” refers to private information about an identifiable person.  Personal Information does not include information that does not identify a person (including in instances where that information has been anonymised or sensitised).  The Personal Information that we collect about you may differ on the basis of the services that you receive from Tautona.

    3. We may Process different kinds of Personal Information about you which we have grouped together as follows:

      1. Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender, VIN number, policy number, national insurance number, claim number.

      2. Contact Data includes billing address, delivery address, email address and telephone numbers.

      3. Financial Data includes bank account, payment card details, policy payment data.

      4. Transaction Data includes details about payments to and from you and other transactional details about insurance policies.

      5. Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

      6. Profile Data includes [your username and password, policy details, your interests, preferences, feedback and survey responses.

      7. Usage Data includes information about how you use our website, products and services.

      8. Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

      9. Claims Data includes the nature and circumstances of a claim, amount claimed, results of claims, correspondence history, supporting information for claims and associated information and evidence.

    4. Tautona may also process, collect, store and/or use aggregated data, which may include historical or statistical data (“Aggregated Data “) for any purpose.  Aggregated Data could be derived from your Personal Information but is not considered Personal Information as this data will not directly or indirectly reveal your identity.  However, if we combine or connect Aggregated Data with your Personal Information so that it can directly or indirectly identify you, we will treat the combined data as Personal Information which will be used in accordance with this Privacy Policy.

  2. How we collect your Personal Information

    1. We collect your Personal Information in three ways, namely:

      1. through direct or active interactions with you;

      2. through automated or passive interactions with you; and

      3. from our affiliates and third parties, including service providers.

    2. Direct or active collection from you 

      1. We may require you to submit certain information in order for you to access certain portions of the Website, to receive our services or to conclude an agreement with us, or when we fulfil our statutory obligations.  We also collect information directly from you when you communicate directly with us, for example via e-mail, telephone calls, feedback forms, site comments and forums.

      2. If you contact us, we may keep a record of that correspondence.

      3. The information we may actively collect from you may include any of the information listed in paragraph 2 of this Privacy Policy.:

    3. Passive collection from your Access Device

      1. We passively collect some of your Personal Information from devices that you use to access and navigate through the Website (each an “Access Device“) by using various technological means, for instance, using server logs to collect and maintain log information.

      2. The information which we may passively collect from your Access Device may include your Identity Information, your Contact Information, your Technical Information, your Usage Information and your Marketing and Communications Information, and any other information which you permit us, from time to time, to passively collect from your Access Device.

    4. Information collected from third parties

      1. Tautona receives Personal Information about you from our affiliates, business partners and third-party service providers, purely to supplement information which you have already agreed to give us.

  3. How we use your Personal Information

    1. We will only use your Personal Information when the law allows us to. Most commonly we will use your Personal Information in the following ways:

      1. Legal obligation: Where we need to process the Personal Information to comply with a legal obligation 

      1. Legitimate interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

      1. Performance of a contract: To carry out our obligations arising from any contracts we intend to enter into or have entered into between you and us and to provide you with the information, products and services that you request from us in terms of anti-fraud and protection from fraudsters and scammers. The core service we offer to our customers is the automated review of insurance claims. Automated decision making will improve the speed and efficiency of your claims. Tautona only proceeds with automated decision making in the case that the insurer has obtained customer consent about processing their Personal Information

    1. We use the information we collect to provide current and develop new services, and to protect us, our services and our users.

    2. Tautona will restrict its processing of your Personal Information to the original purposes for which we collected it, unless Tautona reasonably considers that it is required to be processed for another purpose and that purpose is compatible with the original purpose. If you would like us to explain how the further processing for the new purpose is compatible with the original purpose, please contact us.

  1. Compulsory information and consequences of not sharing with us

Where Tautona is required to process certain Personal Information by law, or under the terms of a contract we have with you, and you fail to provide that Personal Information when requested, Tautona may not be able to perform the contract we have or are trying to enter into with you. In this case, Tautona may be required to terminate its relationship with you, but we will notify you if this is the case at the time.  The terms of any applicable laws and/ or the contract between you and Tautona, will govern the termination of the agreement.

  1. Sharing of your Personal Information

    1. We will not intentionally disclose, for commercial gain or otherwise, your Personal Information other than as set out in this Privacy Policy or with your permission.

    2. Tautona may share your Personal Information under the following circumstances:

      1. to our agents, advisers, service providers and suppliers which have agreed to be bound by this Privacy Policy or terms which offer the same level as protection as this Privacy Policy;

      2. to our employees, suppliers, service providers and agents if and to the extent that they need to know that information in order to process it for us and/or to provide services for or to us, such as hosting, development and administration, technical support and other support services relating to the Website or the operation of Tautona business;

      3. in order to enforce or apply any other contract between you and us;

      4. in order to protect our rights, property or safety or that of our customers, employees, contractors, suppliers, service providers, agents and any other third party;

      5. in order to mitigate any actual or reasonably perceived risk to us, our customers, employees, contractors, agents or any other third party;

      6. to governmental agencies and other regulatory or self-regulatory bodies if we are required to do so by law or if we reasonably believe that such action is necessary to:

        1. comply with the law or with any legal process;

        2. protect and defend the rights, property or safety of Tautona, or our customers, employees, contractors, suppliers, service providers, agents or any third party;

        3. detect, prevent or deal with actual or alleged fraud, security or technical issues or the abuse, misuse or unauthorised use of the Website and/or contravention of this Privacy Policy.

  2. Storage and transfer of your Personal Information

    1. The data that we collect from you will be stored by Google Cloud Platform (GCP) servers within the European Economic Area (EEA).

    2. Except as otherwise agreed Tautona will not transfer Personal Information originating in the EEA or the United Kingdom, in a location outside the EEA or the United Kingdom without your prior written consent, and where you consent to such transfer, we will comply with applicable Data Protection Laws by providing an adequate level of protection to any Personal Information that is transferred.

    3. In seeking such consent and approval Tautona shall ensure it has regard to and complies with all government and regulator policies, procedures, guidance and codes of practice on the processing and/or transfers of Customer Information outside the relevant originating county and/or overseas generally.

  1. Security

    1. We take reasonable technical and organisational measures to secure the integrity of retained information, using accepted technological standards to prevent unauthorised access to or disclosure of your Personal Information, and protect your Personal Information from misuse, loss, alteration or destruction.

    2. From time to time, we review our information collection, storage and processing practices, including physical security measures, to keep up to date with good practice.

    3. Tautona has implemented procedures to address any suspected data breaches and will notify you and any applicable regulator of a breach where Tautona is legally required to do so within the period in which Tautona is required to issue such a notification.

  2. Retention of your Personal Information

    1. We may keep and Process some or all of your Personal Information if and for as long as:

      1. we are required or permitted by law or a contract with you to keep it;

      2. we reasonably need it for lawful purposes related to our functions and activities;

      3. we reasonably need it for evidentiary purposes; or

      4. you agree to us keeping it for a specified further period.

    1. To determine the appropriate retention period for Personal Information, Tautona will consider, among other things, the quantity, nature and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means.  Tautona will always comply with applicable legal, regulatory, tax, accounting or other requirements as they pertain to the retention of Personal Information.

  1. Keeping your Personal Information updated and correct

    1. Where required by law, we take reasonable steps to ensure that your Personal Information is accurate, complete, not misleading, and up to date.

    2. You must let us know if any information we have about you is incorrect, incomplete, misleading or out of date, by notifying us at the contact details set out in clause 18 below.

  2. Your rights

    1. Please note that, under certain circumstances, you may have rights under data protection laws in relation to your Personal Information.  You may have the right to:

        1. Request access to your Personal Information (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Information that Tautona has about you.

        2. Request correction of the Personal Information that we hold about you. This enables you to ensure that any incomplete or inaccurate data that Tautona holds about is corrected.

        3. Request erasure of your Personal Information. This enables you to request that Tautona delete or remove Personal Information where there is no lawful basis for us continuing to process it. You also have the right to ask us to delete or remove your Personal Information where you have successfully exercised your right to object to processing (described below), where we may have processed your information unlawfully or where we are required to erase or anonymise your Personal Information to comply with applicable law. Tautona may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

        4. Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where Tautona is processing your Personal Information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedom.

        5. Request restriction of processing of your Personal Information. This enables you to ask Tautona to suspend the processing of your Personal Information in limited circumstances, which may differ by jurisdiction.

        6. Request the transfer of your Personal Information to you or to a third party. We will provide to you, or a third party you have chosen, a copy of your Personal Information in our possession in a structured, commonly used, machine-readable format. Note that this right only applies in certain jurisdictions and is limited to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you

        7. Withdraw consent at any time where we are relying on consent to process your Personal Information. However, this will not affect the lawfulness of any Processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.  Please note that we may continue to Process your Personal Information in certain instances where we are not relying on your consent.

  1. What rights does GDPR give you?
  1. If you are an EU national then the GDPR gives you certain rights in relation to the data we hold about you. Full details of your rights are available in the text of the GDPR (see europa.eu/!du98Pj), but here is a quick summary:
  • Rectification: If any of the data we hold about you is incorrect then you can ask us to correct it.
  • Access: You have the right to view the data we hold about you and to receive copies of this data in digital format.
  • Erasure: You can request that we erase all the data we hold about you.
  • Restriction of processing: In some cases, you can ask us to retain your data but not do anything with it.
    1. Please note however that, as stated above, we can’t personally identify you using the data we collect so you will need to provide details of the IP address you were using and proof that it was you using this IP address at the time.

  1. How do I exercise my GDPR rights?

    1. If you want to exercise any of your rights in relation to data Tautona holds about you then please email: datacontroller@Tautona.ai or write to the Data Controller at the address given on the contact page of our website.

    1. For most requests we will need to verify your identity so that we don’t give out information to the wrong person, so please provide a contact phone number where we can contact you, or sufficient details to enable us to validate your request.

  1. What if I have a complaint?

    1. If you are concerned about how we manage your data, or how we have handled a request to exercise your rights, then please get in touch with us to discuss it. We would appreciate the chance to deal with your concerns before you approach a regulator, so please contact us in the first instance. To do this, please send an email detailing your concerns to datacontroller@Tautona.ai

    1. If you are not satisfied with the response, you can take your concern to the Information Commissioner’s Office. For details of how to do this please refer to the ICO web site: ico.org.uk.

  1. Changes to this Privacy Policy

We may, at any time, change this Privacy Policy and will take reasonably practical steps to inform you of the changes.  Without limiting the ways, we may inform you, we may inform you either by sending you an e-mail (if you give us your e-mail address when you register to use the Website), but utilising a “pop-up” notification on our website, or by notifying you when you access our website.