Privacy Policy

Scottish Accident is the trading name of SA Group Scotland Ltd, a company registered in Scotland (Company No. SC520331). Our registered address is 36 Speirs Wharf, Glasgow, G4 9TG.

We are authorised and regulated by the Financial Conduct Authority (FRN 836473). We act as a claims management company helping individuals pursue insurance claims following accidents and injuries.

Depending on the nature of your claim, we may collect the following personal data:

• Full name, email address, phone number, and postal address
• Date of birth and National Insurance number
• Vehicle registration, make, model, and insurance details
• Accident details including date, time, location, and description
• Injury details and medical information relevant to your claim
• Photographs of vehicle damage, accident scenes, and injuries
• Documents such as driving licences, insurance certificates, and police reports
• Voice recordings and video recordings submitted as part of your claim
• IP address and device information when you use our platform

We use your personal data to:

• Process and manage your insurance claim from start to settlement
• Communicate with insurers, solicitors, repair companies, hire car providers, and medical professionals on your behalf
• Comply with our regulatory obligations under FCA rules
• Send you service notifications about claim progress, required actions, and updates
• Improve our services and resolve any complaints

AI-Assisted Claim Processing

If you submit a claim via voice or video recording, we use AI technology to assist with processing your claim. This includes:

• Speech-to-text transcription - converting your voice recording into written text
• Language translation - translating non-English recordings into English so our team can process your claim
• Data extraction - identifying key details from your recording (such as names, dates, locations, and vehicle information) to populate your claim form

All AI processing is performed on Cloudflare's infrastructure using open-source AI models. Your recordings are not sent to OpenAI, Meta, or any other model provider. Cloudflare does not retain your data after processing is complete, and your recordings are never used to train AI models. A member of our team reviews all AI-extracted information before it is added to your claim.

Please note that AI processing may occur on servers located outside the UK, including in the United States, via Cloudflare's sub-processors (see Section 5). Appropriate safeguards are in place for all international transfers.

We process your data under the following legal bases:

• Contract: Processing is necessary to deliver the claims management service you have engaged us to provide.
• Legitimate interest: Processing your claim data to pursue recovery from third-party insurers, which is in both your interest and ours.
• Legal obligation: We are required by the FCA to maintain records of claims activity, complaints, and financial transactions.
• Consent: Where required, we obtain your explicit consent at the point of claim submission, particularly for processing special category data (e.g. health and injury information) and AI-assisted processing of voice/video recordings.
• Legal claims (Article 9(2)(f)): Processing of health and injury data is necessary for the establishment, exercise, or defence of your legal claim.

We may share your personal data with the following parties, strictly as required to process your claim:

• Your own insurer and the third-party insurer (to settle liability and damages)
• Solicitors appointed to handle injury claims on your behalf
• Approved repair garages (for vehicle damage assessment and repair)
• Hire car companies (to arrange temporary replacement vehicles)
• Medical providers and experts (for injury assessment and reports)
• Police (where relevant to your claim or required by law)

All third parties we work with operate under data processing agreements and are required to handle your data in compliance with UK GDPR.

Technology Partners

We use the following technology partners to deliver our services. Data processing agreements are in place with each provider:

• Cloudflare (hosting, database, file storage, AI processing) - data processed in UK and EU data centres. AI inference for voice/video claims may be processed by Cloudflare's sub-processors: Nebius BV (England) and CoreWeave, Inc. (United States)
• Resend (transactional email delivery) - US-based, operating under Standard Contractual Clauses for international transfers
• Twilio (SMS notifications) - US-based, operating under Standard Contractual Clauses for international transfers

Where data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR Article 46, including Standard Contractual Clauses approved by the Information Commissioner's Office.

We retain your personal data for 6 years from the date your claim is closed, in line with FCA regulatory requirements and the Prescription and Limitation (Scotland) Act 1973. This ensures we can respond to any future queries, complaints, or legal proceedings related to your claim.

If you request earlier deletion of your data under your GDPR rights, we will comply where legally permissible. Some data may need to be retained to meet our regulatory obligations even after a deletion request.

Under the UK General Data Protection Regulation, you have the right to:

• Access: Request a copy of all personal data we hold about you.
• Rectification: Ask us to correct any inaccurate or incomplete data.
• Erasure: Request deletion of your personal data (right to be forgotten), subject to our legal retention obligations.
• Portability: Request your data in a structured, machine-readable format so you can transfer it to another provider.
• Restriction: Ask us to limit how we process your data in certain circumstances.
• Objection: Object to processing based on legitimate interest.

To exercise any of these rights, contact us at info@scottishaccident.co.uk . We will respond within 30 days.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk .

We use essential cookies only. We do not use any analytics, tracking, or marketing cookies.

Our essential cookies are:

These cookies are strictly necessary for the platform to function and cannot be disabled. They do not collect or transmit any data to third parties.

We take the security of your data seriously. Our measures include:

• All data is encrypted in transit using TLS (Transport Layer Security)
• Data is stored on Cloudflare infrastructure with UK and EU data centre locations
• Passwords are securely hashed and never stored in plain text
• Access to personal data is restricted to authorised staff on a need-to-know basis
• Authentication tokens are short-lived and stored in httpOnly secure cookies to prevent cross-site scripting attacks
• We conduct regular reviews of our security practices and access controls

We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. Any significant changes will be communicated via our platform. We encourage you to review this page periodically.