Aviva set up fraudulent insurance

[Titchytitch]

@BankFodder received response from ICO as follows I've not had any correspondence from aviva since December not sure what is happening but this is ICOs response and I don't know how to respond

 

Thank you for your correspondence of 21 February 2022 regarding a complaint about Aviva and please accept my apologies for the delay in responding to you. Our office is currently dealing with large volumes of work. This has meant we have been unable to deal with incoming correspondence as promptly as we would like

 

I have now looked through the documentation on the case. It appears your complaint may relate to a matter of fraud. The ICO does not handle matters of fraud and we advise people to seek advice from Action Fraud in such cases, or to seek their own legal advice.

 

If it is not regarding fraud, then before we can consider your complaint further we need additional information from you. Please reply to this email, quoting the above reference number with all of the following

 

Copies of any letters or emails you sent to the organisation complaining about this matter.

Copies of any letters or emails they sent back, showing their complaints process has ended.

If you have not yet complained to the organisation we would strongly recommend that you do so to give them the chance to put things right before raising this matter with us. We have information on raising a concern with an organisation that may help you with this.                                                               

 

Without this information we may be unable to consider this matter further.

[unclebulgaria67]

So they are choosing not to look into any Data Protection issue, because of the fraud.

 

All of these organisations are getting you to run around in circles !

 

I am a bit confused by how anyone in this situation can manage to get to a position of clearing their records.

 

Is your relative willing to admit in writing to everything they did in your name without your consent 

?

 

[Titchytitch]

@unclebulgaria67 I just feel like im going round in circles no one is willing to listen

Nope he won't put it in writing even though he knows full well what he's done but I'm a bit perplexed as to why Aviva have stopped sending me default notices last one received was Dec 4th 2021

[unclebulgaria67]

@Titchytitch

 

Aviva may have noted the debts as not recoverable at the moment. 

 

 

Next likely action, is they pass the debts to a Debt Collection Agency (DCA) and you will again be faced with having to advise them about what has happened.

 

If the debts are on your credit record, you can contact the credit references to place notes against the debts, stating the debts are disputed and subject to fraud reporting (note any reference numbers you may have from Action Fraud or Police).  This is a useful action as any DCA should see these notes.

 

[Titchytitch]

@unclebulgaria67 nothing is showing adverse on my credit report yet 

[unclebulgaria67]

@Titchytitch

 

Keep checking say once a month.

[Titchytitch]

@unclebulgaria67 if nothing adverse is on over next few months do I assume they've written it off ?

[unclebulgaria67]

4 minutes ago, Titchytitch said:

@unclebulgaria67 if nothing adverse is on over next few months do I assume they've written it off ?

No. Never assume, unless they write to you stating they have written off.  

 

You may have to keep checking for several years.  

[Titchytitch]

@unclebulgaria67gosh what a nightmare! What should i say to the ICO I've got a massive box of correspondence how am I meant to send that over to them 

[unclebulgaria67]

@Titchytitch

 

If you don't have a document scanner at home  they are not expensive. I bought an all in one printer/scanner for about £40. 

 

Once you have the documents saved on your computer or tablet as a PDF document, you can email these to ICO.  But see if you can contact them to explain what you are wanting from them (not the fraud side, but Data Protection Act adherence by Aviva) and what documents you can share with them. Ask if you can email these.

[Titchytitch]

@unclebulgaria67 can someone help me draft a response to the ICOs email please I have a scanner on my phone too so I can scan what they want me to send 

[unclebulgaria67]

@Titchytitch

 

Possible letter in response to ICO

 

Thank you for your letter dated xx/xx/xxxx.

 

I am not expecting the ICO to consider any aspects that relate to fraud, as anything involving

criminality needs to be investigated by the Police.

 

What I am requiring of the ICO is to review whether Aviva have fully met the requirements of the Data Protection Act and GDPR.

 

The key question is, have Aviva acted lawfuly in processing data ?

 

I refer to the ICO publication online concerning lawful processing of data.

 

Lawful basis for processing

ICO.ORG.UK

---

There are six available lawful bases for processing. Which basis is most appropriate to use will depend on your purpose and relationship with the...

 

It may help, If I quote from the ICO online publication below and then follow with questions that the ICO may wish to ask Aviva to respond to.

 

"What are the lawful bases for processing?

The lawful bases for processing are set out in Article 6 of the UK GDPR. At least one of these must apply whenever you process personal data:

(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.

(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.

(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).

(d) Vital interests: the processing is necessary to protect someone’s life.

(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)"

 

@Titchytitch

Please have a go at writing some questions regarding a)consent, b)contract, c)legal obligation. Don't worry abour d to f.

For consent, Aviva did not have your consent as you were not involved in taking out any Insurance policies.  If this is correct, you could ask. How did Aviva gain the consent of the Policyholder ('Data subject') in arranging Insurance policies, when the 'Data Subject' had zero involvement in arranging any Insurance policies with Aviva, so had no opportunity to offer any consent  ?

[Titchytitch]

@unclebulgaria67 thank you soo much!

 

contract- the terms ot agreement werent sent to myself but were emailed electronically to an email address that wasnt even mine. Question to Aviva is, did they carry out sufficient checks to ensure that the actions they were taking were lawful under DPA/GDPR ?

 

Legal obligation- electronic acceptance was taken but it wasn't my own acceptance as the email the documents were sent to wasn't mine and I was entered into a credit agreement without my knowledge , payments for the policy were made from another bank account not my own. At no point was I spoken with throughout the policy so basic DPA wasn't even exercised. Did Aviva employees handling the policy arrangements fully comply with Avivas own guidance which would have been drawn up to meet requirements under DPA/GDPR ?  What did the guidance Aviva employees follow actually state at the time in xx/xx/xxxx when a third party was arranging Insurance in someone's else's name ?  Did Avivas guidance suggest referral to Avivas Data Protection Officer when there were any concerns about processing policies and data ?

 

  is this ok to add to the above letter so I can reply please x

[unclebulgaria67]

Have added questions to the above.

 

 

And remember to add that a subject access request disclosure from Aviva revealed that a customer adviser from Aviva raised concerns about setting up an Insurance policy to a Team Leader, as the person calling was not going to be the policyholder ('data subject'). The Team Leader decided to allow the policy and data to be processed.  Question from this is. Did the Aviva Team Leader fully consider whether the processing of data was going to be lawful, when they could not verify consent had been given by the 'data subject' ?

[Titchytitch]

@unclebulgaria67 response from ICO 

 

Thank you for your email of 13 June 2022. We still require the evidence as outlined in my previous email to show that you have raised the issue with Aviva yourself, and fully exhausted their complaints process. Ideally we also need a copy of their response to you. 

 

As an independent regulator, we cannot raise complaints with organisations without individuals raising them first. Please see our guidance here: Raising a complaint with an organisation | ICO

 

Once I have this, I will look at your case again.

[unclebulgaria67]

@Titchytitch

 

Thought that you had already raised this complaint with Aviva ?

 

If not, you will need to raise a complaint with Aviva under the DPA/GDPR.

[Titchytitch]

Yes all complaints have been raised with aviva but there's so much to submit will have a look at it properly tonight hopefully