Privacy Policy

protecting your employees

 

Request a brochure

Sedgwick Global Privacy Policy

Global Privacy Policy
 
Sedgwick’s caring counts commitment is to value the right of privacy of the companies and individuals we serve. It is Sedgwick’s policy to comply with all applicable privacy and data protection laws and maintain the trust of those we serve.
 
We want to share with you our policy to what personal information we may collect, how we may use this information and other important areas relating to your privacy and data protection. Please find below links to the policies that apply to all internet sites and applications of Sedgwick and its groups of companies.
 
Introduction and scope
Sedgwick, its subsidiaries and affinities (“Sedgwick,” “we,” “us,” “our,”) take your privacy seriously.
 
This Privacy Notice describes the types of Personal Data that we obtain through the Sites and Services (each as defined below), how we may use that Personal Data, with whom we may share it, and how you may exercise your rights regarding our processing. The Notice describes the measures we take to safeguard the Personal Data that we obtain and how you can contact us about our privacy practices. For further information specific to your country or jurisdiction please scroll to the end of this privacy notice for additional content.
 
“Personal Data” is information that identifies you or other individuals (such as your dependents). This Privacy Notice describes how we will handle Personal Data that we collect through:
  • Our websites and other software applications made available through computers and mobile devices (the “Sites”) and
  • Claims management, loss adjusting, product recall, benefits administration,insurance product customer service and co-ordination; medical screening and other risk and insurance related services and technology enabled business solutions, including cor similar processes such as claim forms, telephone calls, emails, text/chat messages and other communications with us, as well as from claim investigators, medical professionals, witnesses or other third parties involved in our business dealings with you (the “Services”).
In delivering most of our services Sedgwick and its subsidiaries acts on behalf of an insurer and/or insurance broker. In that situation the privacy policy of the insurer and/or insurance broker will apply as they will be the controller of the data we process on their behalf. If you are uncertain, we will always be here to help you identify the party that controls your data.
 
Contact
If you have questions, concerns or a complaint about this Privacy Notice or about Sedgwick’s privacy practices, please contact our Americas privacy team via e-mail at dataprotection@sedgwick.com or by post at 8125 Sedgwick Way, Memphis, TN 38125.
 
 
or
 
For privacy queries outside of the Americas please contact our international team on DPOinternational@ie.sedgwick.com or by post at Merrion Hall, Strand Road, Dublin 04, D04 K744, Ireland.
 
All queries regarding your claim or casefile should be communicated directly to your Sedgwick claim or casefile representative.
 
Updated 03/27/2025 
---
Personal information we obtain
The Personal Data we gather about you, your dependents and others will depend on the type and nature of the service. Where relevant and appropriate to the type of service we are offering, we may collect the following types of personal data in order for Sedgwick to fulfil our service requirements:
 
General identification and contact information
  • Your name, address, e-mail and telephone details, gender, marital status, family status, date and place of birth, educational background, physical attributes, activity records, driving records, photos and video images, employment history, skills and experience, professional licenses and affiliations, relationship to the policyholder, insured or claimant, and date and cause of death, injury or disability.
  • Identification numbers issued by government bodies or agencies – Social Security or national insurance number, passport number, tax identification number, military identification number, national resident number, or driver’s or other license number.
Financial information and account details
  • Bank account number and account details, credit history and credit score.
Medical condition and health status
  • In certain cases, we may receive information about your current or former physical or mental or medical condition, health status, injury or disability information, medical procedures performed, personal habits (for example, smoking or consumption of alcohol), prescription information and medical history.
Other potentially sensitive information
  • In certain cases, we may receive sensitive information about your trade union membership, religious beliefs, political opinions, family medical history or genetic information (for example, if you apply for insurance through a third-party marketing partner that is a trade, religious or political organization). In addition, we may obtain information about your criminal record or civil litigation history in the process of preventing, detecting and investigating fraud.
  • We may also obtain sensitive information if you voluntarily provide it to us (for example, if you express preferences regarding medical treatment based on your religious beliefs).
Telephone recordings
  • Recordings of telephone calls to our staff and offices.
  • Information to investigate crime, including fraud and money laundering: For example, insurers commonly share information about their previous dealings with policyholders and claimants for this purpose.
Information enabling us to provide our services
  • Location and identification of property insured (for example, property address, vehicle license plate or identification number);
  • Travel arrangements including reservation numbers, destination and hotel details;
  • Policy details and claim numbers, details of policy coverage and cause of loss; and
  • Prior accident or loss history, Your status as director or partner or other ownership or management interest in an organization and other insurance policies you hold.
  • Data relating to the circumstances, cause and value of an insurance claim and any information that may be relevant to insurer’s acceptance of the claim or continuing cover if you are insured with them.
How we use your personal data
The purpose for which we will use personal data will depend on your relationship with our organization. We use the personal data that we collect to:
    • Communicate with you and other parties involved in the delivery of our Services
    • Send and receive administrative information regarding your casefile, or any other service we are providing to you
    • Communicate with you and other interested parties to manage your claim and other services.
    • Send you important information regarding your claim and other administrative information.
    • Make decisions about claim assessment, processing and settlement.
    • Use with data analytics, modeling (such as predictive modeling), and the deployment of automated tools not creating a significant legal impact to you, and to use the results of such analysis, models, and tools for the purposes otherwise outlined in this Policy.
    • Manage claim disputes, where applicable.
    • To determine the extent of liability under an insurance claim and, where appropriate, arrange repairs, replacement or payment. The processing is generally needed to validate:
      • Details of those involved with the claim
      • Details that have been given to us, insurers or other parties
      • The circumstances, cause and value of the claim
      • Any matters that may be relevant to insurers acceptance of the claim. The way we process that data will generally be governed by the contract under which we are appointed
  • Provide improved quality, training and security (for example, with respect to recorded or monitored phone calls to our contact numbers).
  • Prevent, detect and investigate crime, including fraud and money laundering, and analyze and manage other commercial risks.
  • Conduct satisfaction surveys.
  • Manage our business operations to comply with internal policies and procedures, including those relating to auditing finance, accounting and billing, IT systems, data and website hosting, business continuity, document and print management.
  • Resolve complaints, and handle requests for datasubject rights as available under your local applicable jurisdictional privacy law or other governing statutory rights..
  • Comply with applicable laws and regulatory obligations (including laws outside your country of residence), such as those relating to anti-money laundering and comply with legal process and respond to requests from public and government authorities (including those outside your country of residence).
  • Establish and defend legal rights, protect our business operations (including our group companies), our rights, privacy, safety of employees and property, you or others related to the claim and pursue available remedies to limit our damages
We use data during the recruitment and employment process, including:
to decide whether to employ (or engage) you;
  • to decide how much to pay you, and the other terms of your contract with us;
  • to check you have the legal right to work for us;
  • to determine whether we need to make reasonable adjustments to your workplace or role because of your disability;
  • to monitor diversity and equal opportunities;
  • Workplace monitoring in accordance with applicable law;
  • to comply with employment law, immigration law, health and safety law, tax law and other laws which affect us;
  • the prevention and detection of fraud or other criminal offences; and
  • for any other reason which we may notify you of from time to time.
  • Completion of background checks.
  • Use during the normal course of pre-employment contracting during the recruitment process.
  • For our legitimate interests while conducting the recruitment process.
We may process special or sensitive personal data when we are processing it for the following purposes, which we may do:
  • where it is necessary for carrying out rights and obligations under law;
  • where it is necessary to protect your vital interests or those of another person where you/they are physically or legally incapable of giving consent;
  • where you have made the data public;
  • where processing is necessary for the establishment, exercise or defense of legal claims; and
  • where processing is necessary for the purposes of occupational medicine or for the assessment of your working capacity.
We will only process personal data for the specific purposes set out above or for any other purposes specifically permitted by the data protection legislation. We will notify you of those purposes when we first collect the data or as soon as possible thereafter.
 
We may, as a matter of law, and without requiring notice or consent, use your information for crime and fraud prevention, or systems administration within Sedgwick and to monitor and/or enforce Sedgwick’s compliance with any regulatory rules and codes.
 
You may let us know how you want to be contacted (e.g. by email, phone or post).
 
Legal basis for processing
For personal data to be processed lawfully in most countries, they must be processed on one of the basis as set forth by applicable law. These include, among other things, the data subject’s consent to the processing, or that the processing is necessary for the performance of a contract with the data subject, for the compliance with a legal obligation to which the data controller is subject, or for the legitimate interest of the data controller or the party to whom the data is disclosed. When sensitive Personal Data is being processed additional conditions must be met. When processing Personal Data as data controllers in the course of our business, we will ensure that those requirements are met.
 
Depending on your relationship with us, the legal basis for us processing your Personal Data is one of the following:
  • You have given consent to us or the party for whom we are acting
  • The processing is necessary for the performance of a contract or legal duty
  • Processing is necessary for a legitimate interest pursued by us or a third party.
Where processing is based on legitimate interest only, it will be in relation to one of the following:
  • Claim-handling on behalf of another party
  • Provision of our services
  • Establishing, exercise or defense of legal claims
  • Prevention, detection of crime
Where we use legitimate interest as our grounds for processing your data you have the right to object at any time.
 
How we share your personal data
Sedgwick may make personal data available to the following parties for the purposes of claim assessment and our other services or as required by law:
 
Other insurance and distribution parties
In the course of processing claims, we may make Personal Data available to third parties such as insurers, reinsurers, brokers, appointed representatives, distributors, financial institutions, securities firms, employers as applicable, and other business partners.
 
Our service providers
External third-party service providers, such as medical professionals, accountants, actuaries, auditors, experts, lawyers and other outside professional advisors; travel, background checks and medical assistance providers which are engaged as part of the casefile review process.
 
IT systems, support and hosting service providers, document and records management providers and outsourced service providers that assist us in carrying out business activities.
 
Banks and financial institutions that service our accounts, third-party claim administrators, claim investigators, construction consultants, engineers, examiners, jury consultants, translators and similar third-party vendors.
 
Authorities and third parties involved in court action
We may share personal data with government or other public authorities (including, but not limited to, workers’ compensation boards, courts, law enforcement, tax authorities and criminal investigations agencies); and third-party civil legal process participants and their accountants, auditors, lawyers and other advisors and representatives as we believe to be necessary or appropriate:
  • to comply with applicable law and regulations, including those outside your country of residence;
  • to comply with legal process;
  • to respond to requests from public and government authorities including public and government authorities outside your country of residence;
  • to protect our operations or those of any of our group companies;
  • to protect our rights, privacy, safety or property, and/or that of our group companies, you or others; and
  • to allow us to pursue available remedies or limit our damages.
Other third parties
We may share personal data with emergency providers (fire, police and medical emergency services); retailers; medical organizations and providers; travel carriers; credit bureaus; credit reporting agencies; and other people involved in an incident that is the subject of a claim; as well as purchasers and prospective purchasers or other parties in any actual or proposed reorganization, merger, sale, joint venture, assignment, transfer or other transaction relating to all or any portion of our business. To check information provided, and to detect and prevent fraudulent claims, personal data (including details of injuries) may be put on registers of claims and shared with other insurers. We may search these registers when dealing with claims to detect, prevent and investigate fraud.
 
Data Subject Rights
Where we are the Data Controller we will manage any appropriate data subject right requests made to us in accordance with local applicable privacy laws and outline how you can exercise your rights.. Most data subject rights have exemptions, exceptions and restrictions which apply in accordance with local privacy laws and other jurisdictional governing laws.Please refer to the “Contact us” section of the policy for any queries in relation to what your data subject rights are and how to exercise same.
 
Typical examples of data subject rights available under privacy laws, may include, unless exemptions at law:
  • The right to be informed
  • The right of access
  • Right to objection, restriction or rectification
  • Right to erasure
International Data Transfers
Due to the global nature of our business, for the purposes set forth above we may transfer personal data to parties located in other countries (including the United States and other countries that have a different data protection regime than is found in the country where you are based). For example, we may transfer Personal Data in order to process international travel insurance claims and provide emergency medical assistance services when you are abroad. We may transfer information internationally to our group companies, service providers, business partners and governmental or public authorities in order to perform our services.
 
If we transfer any of the personal data we hold to a country outside of your country of residence we will ensure that one or more of the following conditions applies:
  • The country to which the personal data is transferred ensures an adequate level of protection for the data subjects’ rights and freedoms
  • The data subject has given their consent
  • The transfer is necessary for one of the reasons set out in the local privacy regulation, for example in the performance of a contract between us and the data subject, or to protect the vital interests of the data subject
  • The transfer is legally required on important public interest grounds, or for the establishment, exercise or defence of legal claims
  • The transfer is lawfully undertaken through the use of an appropriate transfer mechanism such as standard data protection clauses adopted by the European Commission, on condition that enforceable data subject rights and effective legal remedies for data subjects are available
  • The transfer is authorized by the relevant data protection authority, where we have adduced adequate safeguards with respect to the protection of the data subjects’ privacy, their fundamental rights and freedoms, and the exercise of their rights
You can find more information about Standard Contractual Clauses here on the European Commission website. These clauses are contractual commitments between companies transferring Personal Data, binding them to protect the privacy and security of the data.
 
EU-US Data Privacy Framework and UK Bridge
Sedgwick Claims Management Service Inc., CareWorks Managed Care Services Inc., York Risk Services Group and EFI Global Inc. adheres to the principles of the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. The Sedgwick entities listed above may rely on the EU-U.S. DPF as a lawful basis for transfers of personal information. To learn more, visit our ‘Data Privacy Framework Notice’.
 
Sedgwick will also continue to rely on the SCCs for the purposes of transfers of personal data from the EU and UK to the US, where applicable. For further information please see International Data Transfers section above.
 
Security of personal data
We will take all appropriate reasonable technical, legal and organizational measures, which are consistent with applicable privacy and data security laws to safeguard your Personal Data. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any personal data you might have with us has been compromised), please immediately notify us.
 
Where we provide personal data to a vendor, the vendor will be selected carefully and required to use appropriate measures to protect the confidentiality and security of your Personal Data.
 
Accuracy of Data
We take reasonable steps to ensure that Personal Data we process remains accurate and complete as is necessary for the performance of our services.
 
Retention of personal data
We retain the data we collect in accordance with statutory, regulatory and contractual requirements for different periods of time depending on the purpose of the collection of the data and the services provided.
 
Control of your PIN
Your account can be used to view sensitive information for applications where a PIN is required. It is, therefore, important that you keep your PIN private, as you would your banking PIN. If your PIN is compromised, contact Sedgwick immediately.
 
Amendments
From time to time we alter our Privacy Notice as we introduce new services or change existing ones. Changes to this notice are effective as soon as they are posted on the Site and a notice has been placed on the login screens of the self-service applications. We from time to time also communicate this change via e-mail. The effective date of this version of the Privacy Notice appears at the top of the notice.
 
Third party websites
You from time to time have the option to enter a third-party website through the Site, or you from time to time have the option to enter our website from another third-party website. Since we cannot be assured that such third-party website follows our privacy policies, we encourage you to ask questions and review the privacy policies of these third parties. We have no responsibility or liability for the actions or policies of these independent sites, do not endorse any product or service mentioned or offered in such sites, and are not responsible for the content or privacy practices of such sites.
 
Children’s privacy
Ours are general purpose and professional websites that do not knowingly collect any information from children under age 18 not related to the claims process. We also strive to be fully compliant with the Children’s Online Privacy Protection Act (COPPA). We strongly encourage parents and guardians to regularly monitor and supervise their children’s online activities. If a child under the age of 18 has provided Personally Identifiable Information on one of our web site without the consent of his or her parent or guardian, we ask that a parent or guardian send an e-mail to dataprotection@sedgwick.com, and we will delete the child’s Personally Identifiable Information from our files.
 
For more information visit the Privacy page on sedgwick.com.