Privacy Statement

Crawford & Company

EU GDPR Privacy Notice

Effective Date: 25 May 2018


Who We Are

Crawford & Company is a global, independent provider of claims management solutions, providing integrated claims services, business process outsourcing and consulting services worldwide to the risk management and insurance industry, as well as to self-insured entities.  We are committed to protecting the privacy of the personal information we collect and providing clear information about how we handle personal information.  We encourage you to read this Policy carefully so that you understand how we treat your personal information and what rights you may have.

Scope of this Privacy Policy

Your privacy is important to us.  We have developed this EU GDPR Privacy Notice (the “EU Privacy Notice” or the “Notice”) to provide additional information about how the Crawford & Company group handles personal information that is subject to the GDPR. In this EU Privacy Notice we use the term “GDPR” to include the EU General Data Protection Regulation as well as associated national laws. 

This EU Privacy Notice explains how Crawford & Company and its affiliates and subsidiary companies (together, “Crawford”, “we”, “us” or “our”) handle the personal information that is subject to the GDPR, which we collect from individuals through our websites and associate services, about our former, current and prospective clients, and about other individuals that use our products or engage with us regarding our claims management and related services (our “Services”) or communicate with us, as well as other personal information we receive in providing the Services. This EU Privacy Notice is intended to disclose the personal information that we collect that is subject to the GDPR, and to explain how we use and disclose this personal information, and the choices and rights individuals have regarding this personal information.  This Notice does not apply to the personal information that we process about current and former employees, which is subject to a different privacy notice.

Crawford’s Online Privacy Policy: For users outside the EU, the Crawford Online Privacy Policy, available here, applies to all users of our relevant websites (see list below), including associated pages and online services, that display this Privacy Notice (the “Sites”).   

For the purposes of the GDPR, and unless you are explicitly notified otherwise, Crawford & Company International, Inc. is the controller of your personal information, and where the processing of personal information is also undertaken by other Crawford Group companies with whom you engage, they are joint controllers with Crawford & Company International, Inc. for your personal information.  See the “Contact Us” section below for a list of affiliate controllers and their locations and for details on how to contact Crawford or exercise your rights with respect to your personal information.

Data Processor for Client Claims Data

We handle personal information as a result of providing our claims handling and related services to our clients.  Crawford is generally a processor of the personal information that we process in the course of providing our claims handling services to clients; we only process such personal information on behalf of and under the instruction of our clients, or where otherwise required by EU data protection law.  Our respective clients are the data controllers of the claims data that we process on their behalf; how we handle this personal information is subject to our client agreements and the privacy policies of our respective clients – not this EU Privacy Notice.  This EU Privacy Notice also does not cover any third-party websites or services.

Information We Collect

We may collect personal information directly from you, such as when you register for news and information, contact us online or submit forms through the Sites.  We may also collect personal information from third parties and automatically through your use of the Sites and Services.  In this EU Privacy Notice, “personal information” means any information that identifies or could be used to identify an individual person, and includes other similar terms like personal information or personally identifiable information

Where the personal information we collect is needed to comply with law, or to enter into or perform an agreement with you, we will inform you accordingly at the time of collection.  If you decline to provide us any required personal information, we may be unable to provide products or services to you.  

Information We Collect Directly

We may collect personal information about you in the course of operating our business, including through your use of our Site, when you contact or request information from us, when you engage or use our Services or as a result of your relationship with one or more of our staff and clients.  For example when you:

  • engage us to perform the Services
  • request information from us or submit other enquiries
  • participate in events we host or sponsor
  • meet with us at our offices
  • contact us for client relations or customer support purposes
  • access Services we make available to you, whether online, through the Sites or otherwise
  • enquire about or apply to job openings
  • seek to work with us, or accept requests from us to provide professional, expert, consultant or contractor services 
  • receive or request customer support or other services
  • contact or communicate with us online, by email, postal mail, fax or otherwise

Typically, the personal information you give us may include name, business affiliation, address, telephone number, email address and any personal details required to resolve any enquiries or complaints.  If you are seeking to work with us, or accept requests from us to provide professional, expert, consultant or contractor services related to our provision of Services, we may collect additional information about your qualifications and experience, as well as (where permitted by applicable law) any criminal convictions.  Where you are applying for employment with us, you will be asked to provide certain additional information, for example about your education, employment history and right to work, pursuant to a specific privacy notice for job candidates.

Information We Collect from Third Parties

We may also obtain information about you from third parties, including your employer, our clients and other parties, as well as publicly accessible sources.  We may also collect information about how users interact with us or share content on our social media pages. The personal information we may receive as a result of providing the Services to clients may include a variety of different personal information depending on the Services provided.  For example, we may receive names and relevant business contact information from our clients, which may be related to their employees, agents or other authorised parties.  We also may conduct background checks or identity verifications related to applicants, suppliers, providers and other third parties, to the extent permitted by law and necessary to protect ourselves, clients and third parties from fraud and misconduct.  We also perform sanctions screening and anti-money laundering checks, as required and permitted by applicable law.

If you request access to certain Services or restricted or protected information from us, we may need to contact third parties (such as your employer) to verify that you are authorised; we may take steps to verify your authorisation and identity, including by requesting additional information from you or third parties (such as the clients for whom we are acting).  

Automatically-collected Information

We use cookies, log files, pixel tags, local storage objects, and other tracking technologies to automatically collect information when users access or use the Sites or any online services that we make available, such as IP address, general location information, domain name, page views, a date/time stamp, browser type, device type, device ID, Internet service provider (‘ISP’), referring/exit URLs, operating system, language, clickstream data, and other information about the links clicked, features used, size of files uploaded, streamed or deleted, and similar device and usage information.  For more information, see the “Cookies, Analytics and Targeted Ads” section below.

Monitoring of Communications

Subject to applicable laws we may monitor and record calls, emails and other communications with us. We do this to protect the security of our communications systems and procedures, for quality control and staff training purposes, fraud detection and prevention, and when we need to see a record of what has been said between us. We will also monitor for regulatory compliance (where applicable) as well as crime prevention and detection purposes.

Other Information

As noted, we handle personal information as a result of providing our claims handling and related Services to our clients.  This information may include claims-related information, transactional details, health, disability and medical information, identification information, and other information; our  handling of this personal information is subject to our client agreements and our clients’ respective policies – not this EU Privacy Notice – since we are acting on behalf of and under the instruction of our clients (i.e., as a data processor).

Purposes and Legal Bases for Our Use of Personal Information

In the course of conducting our business, we use personal information to provide and improve our services, to process job applications, to provide information about our products and services, to respond to requests and to otherwise communicate with you and others.   

Please note: as explained, we collect certain personal information in the provision of our Services (including claims handling services), subject to our client agreements; we use such personal information only as a data processor, acting on behalf of and under the instructions of our clients or where otherwise required by applicable law.  Our clients are responsible for determining and notifying individuals of the purposes and legal bases of our processing of personal information as their data processor.

Legal Bases

In general, we use personal information for the purposes set out in the table below, under the following legal bases:

  • Perform / Enter into Contract with You: as necessary to enter into or perform any contract with you.
  • Comply with Law: for compliance with our legal obligations under EU law, including responding to legal and regulatory requests and court orders.
  • Establish, Defend and Protect Legal Rights: as necessary to establish, defend and protect our legal rights and interests, or those of third parties.
  • Legitimate Business Interests: Pursuant to our legitimate business interests (such as to ensure that we provide high quality, efficient and timely client service, to improve the way we deliver our Services, to develop new offerings and tools, for industry benchmarking and trend analysis, to deliver more relevant content and information, to secure our and our clients’ systems, and to prevent misconduct and fraud), which are not overridden by your interests and fundamental rights. 
  • Explicit Consent: for sensitive data, with your express consent, or where necessary to carry out our obligations under employment, social security and similar laws.

We may also create anonymous and aggregated data sets and reports in order to assess, improve and develop our business, products and services, prepare benchmarking reports on our industry, and for other research and analytics purposes; provided this data is not identifiable to, and cannot be linked or re-identified to a particular individual, it is no longer subject to the restrictions in this Notice.

Purposes of Processing 

Legal Bases of Processing

Verifying Identity and Authorisation

  • To verify the identity of clients, contacts, partners, applicants and others with whom we do business or who we are considering for [employment or] a business relationship
  • To confirm or verify that individuals are authorised to access, use or provide information or services
  • Perform / Enter into Contract with You
  • Comply with Law
  • Your Consent
  • Legitimate Business Interests

Providing Support and Services

  • To provide and operate our Services and the Sites, communicate with you about your use of the Services, respond to your enquiries, perform troubleshooting, fulfil your orders and requests, process your payments, and complaints and enquiries, provide technical support 
  • For other customer service and support purposes
  • Perform / Enter into Contract with You
  • Establish, Defend, Protect Legal Rights
  • Legitimate Business Interests

Improving Services and Analytics

  • To better understand how users access and use the Sites, Services and other products and offerings, and for other research and analytical purposes
  • To evaluate and improve our services and business operations and to develop additional products, services and features  
  • Legitimate Business Interests
  • Establish, Defend, Protect Legal Rights

Personalised Support and Services

  • To tailor content we send or display on the Sites in order to offer location customisation and personalised help and instructions
  • To otherwise personalise your experiences with us
  • Legitimate Business Interests
  • Your Consent

Marketing and Promotions

  • For direct marketing and promotional purposes  
  • To send you newsletters, special offers or promotions, and contact you about our products or services or information we think may interest you.  If you are located in a jurisdiction that requires opt-in consent to receive electronic marketing messages, we will only send you such messages if you opt-in to receive them 

We do not use the information we collect from third parties in providing the Services or handling specific claims for marketing and promotional purposes 

  • Legitimate Business Interests
  • Your Consent

Protecting Our Legal Rights and Prevent Misuse

  • To protect the Sites, Services and our business operations; to prevent and detect fraud, unauthorised activities and access, and other misuse
  • Where necessary to investigate, prevent or take action regarding illegal activities, suspected fraud or situations involving potential threats to the safety or legal rights of any person or third party
  • To investigate or prevent violations, and to enforce our terms of use and agreements, or this Privacy EU Privacy Notice
  • Establish, Defend, Protect Legal Rights
  • Legitimate Business Interests

Complying with Legal Obligations 

  • To comply with the law or legal proceedings
  • To respond to legal process or law enforcement requests 
  • As required by regulators or public authorities

For example, in response to subpoenas, court orders and other lawful requests by regulators, courts and law enforcement agencies, including responding to national security or law enforcement disclosure requirements

  • Comply with Law
  • Establish, Defend, Protect Legal Rights
  • Legitimate Business Interests

General Business Operations

  • Where necessary to the administration of our general business, accounting, recordkeeping and legal functions
  • As part of our routine business administration, such as employee training, compliance auditing and similar internal activities
  • Establish, Defend, Protect Legal Rights
  • Legitimate Business Interests

Disclosure of Information

  • Crawford Group.  As a global company, your personal information may be shared amongst our affiliates and subsidiary companies, whose handling of your personal information is subject to this EU Privacy Notice. 
  • ProvidersWe may share your information with third party service providers who use this information to perform services for us, such as payment processors, hosting providers, auditors, advisors, law firms, consultants and customer service and support providers.  We may also share information with third party providers as necessary to perform our services to you.
  • Enterprise users. If you communicate with us or engage us to perform the Services on behalf of your company (our client), we may share with that client information about our interactions with you.
  • Business TransfersWe may disclose or transfer information, including personal information, as part of any merger, sale and/or transfer of our assets, acquisition or restructuring of all or part of our business, bankruptcy or similar event, including related to due diligence conducted prior to such event where permitted by law.
  • Legally RequiredWe may disclose your information if we are required to do so by law or regulation (e.g., to law enforcement, courts or others, e.g., in response to a subpoena or court order).
  • Protect our RightsWe may disclose information where we believe it is necessary to respond to claims asserted against us, or to comply with legal process (e.g., subpoenas or warrants), enforce or administer our agreements and terms, for fraud prevention and detection, risk assessment, investigation, and to protect the rights, property or safety of Crawford, our clients and customers, our staff or others.
  • Anonymised and Aggregated Data. We may share aggregate or de-identified information with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual.
  • Client Services and Claims-related Personal Information.  As noted above, we are a service provider to our clients, and a data processor with respect to the personal information we collect in performing our Services (including claims handling services).  Any personal information we collect related to handling claims on behalf of our clients may be disclosed to such clients or others as directed by our clients; such disclosures are subject to our clients’ policies.

Cookies, Analytics and Targeted Ads

We and our service providers use cookies, pixels, java script and other tracking mechanisms to track information about your use of our Site and Services, and we may combine this information with other information, including personal information, we collect about you.   We may also work with third party ad networks, analytics companies, measurement services and others to display advertising on our Services, and to manage our advertising on third party sites, mobile apps and online services.  Please also see our Cookie Policy for more information about how we use cookies and work with third party ad networks and analytics providers.

Direct Marketing

We may send periodic promotional emails to you, and where required by law we will obtain your consent to do so.  You may opt-out of such communications by following the opt-out instructions contained in the email.  If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send you emails about your account or any Services you have requested or received from us.

International Transfers

We are a global company, and the data that we collect from you may be transferred to, accessed or stored in, and subject to requests from law enforcement in, jurisdictions outside of your home jurisdiction, including the United States, the Philippines, Australia, Canada, the European Union and other jurisdictions in which we or our service providers operate. Some of these jurisdictions, including the United States and the Philippines, may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements.  

If you are in the European Economic Area (“EEA”) and we process your personal information in a jurisdiction that the European Commission has deemed to not provide an adequate level of data protection (a “third country”),  we will implement measures to adequately protect your personal information, such as putting in place standard contractual clauses approved by the European Commission or another measure that has been approved by the EU Commission as adducing adequate safeguards for the protection of personal information when transferred to a third country.  You have the right to obtain a copy with details of the mechanism under which your personal information is transferred outside of the EEA; you may request such details by contacting us as set forth in the “Contact Us” section below.


We take information security seriously.  We have implemented appropriate safeguards and technical measures to protect the personal information that we have under our control from unauthorised access, use or disclosure. However, no data security measures can guarantee 100% security.

Retention of your Personal Data

As a general rule, we retain your personal information for as long as necessary to fulfil the purposes for which it was collected or as necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records and enforce our agreements.  In general, we will retain relevant personal information of Site visitors for at least three years from the date of our last interaction with you and in compliance with our obligations under applicable laws.  With respect to the claims-related data and files we handle as a processor, we retain this personal information in accordance with our clients’ instructions.  We may retain personal data for longer where required by our regulatory obligations, professional indemnity obligations, or where we believe it is necessary to establish, defend or protect our legal rights and interests or those of others. 

Your Rights

We will take steps to maintain accurate and complete personal information about you. In order to do so, we need you to notify us of changes in your personal circumstances (for example, change of address) so that we can update our records.  Subject to the conditions set out in the applicable law you have the following rights with regard to our processing of your personal information:

  • Your right of access.  If you ask us, we will confirm whether we are processing your personal information and, if necessary, provide you with a copy of that personal information (along with certain other details).  If you require additional copies, we may need to charge a reasonable fee.
  • Your right to correction (rectification).  If the personal information we hold about you is inaccurate or incomplete, you are entitled to request to have it corrected.  If you are entitled to have information corrected and if we have shared your personal information with others, we will let them know about the rectification where possible.  If you ask us, we will also tell you, where possible and lawful to do so, with whom we have shared your personal information so that you can contact them directly.
  • Your right to erasure. You can ask us to delete or remove your personal information in some circumstances, such as where we no longer need it or if you withdraw your consent (where applicable).  If you are entitled to erasure and if we have shared your personal information with others, we will let them know about the erasure where possible.  If you ask us, we will also tell you, where it is possible and lawful for us to do so, with whom we have shared your personal information with so that you can contact them directly.
  • Your right to restrict (block) processing. You can ask us to restrict the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information or you object to our use or stated legal basis.  If you are entitled to restriction and if we have shared your personal information with others, we will let them know about the restriction where it is possible for us to do so.  If you ask us, we will also tell you, where it is possible and lawful for us to do so, with whom we have shared your personal information so that you can contact them directly.
  • Your right to data portability.  You have the right, in certain circumstances, to receive a copy of personal information we have obtained from you in a structured, commonly used and machine readable format, and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
  • Right to object. You can ask us to stop processing your personal information, and we will do so, (i) to the extent that we are relying on our legitimate interests to use your personal information, in which case you have the right to object to such use, unless we can either demonstrate compelling legitimate grounds for the use that override your interests, fundamental rights and freedoms or where we need to process the data for the establishment, exercise or defence of legal claims, and (ii) where we are processing your personal information for direct marketing purposes.
  • Your rights in relation to automated decision-making. You have the right not to be subject to a decision when it is based on automatic processing if it produces a legal effect or similarly significantly affects you, unless it is necessary for entering into or performing a contract between us.
  • Your right to withdraw your consent. In the event your personal information is processed on the basis of your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Your right to lodge a complaint. You also have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal information infringes applicable law. 

Please note that some of these rights may be limited, such as where we have an overriding interest or legal obligation to continue to process the data.  Please contact us as indicated in the “Contact Us” section below if you wish to exercise any of your rights, or if you have any enquiries or complaints regarding the processing of your personal information by us.

Third-Party Sites and Services

Crawford’s Sites may contain links to third-party websites or services. We are not responsible for the data privacy practices of such third parties, whose practices are subject to their own privacy policies and procedures and not Crawford’s Privacy EU Privacy Notice.      

Information About Children

Our Sites and Services are not directed towards children and we do not encourage children to participate in providing us with any personal information. We do not knowingly collect any personal information from children under the age of 16, without parental consent. If you have reason to believe that a child under the age of 16 has provided personal information to us through the Site or Services without a parent or guardian's consent, please contact us at

Changes to this Privacy EU Privacy Notice

We may update this Privacy EU Privacy Notice from time to time to reflect changes, and will post changes by updating the privacy EU Privacy Notice (and effective date) on this page. If we make any material changes that affect how we treat your personal information, we will endeavour to notify you in advance, such as by prominently posting a notice on this website or by directly sending you a notification. We encourage you to periodically review this website and our EU Privacy Notice to understand how Crawford protects your personal information.  Once effective, the revised EU Privacy Notice will apply to you and your personal information.

Contact Us

If you have questions or concerns regarding this EU Privacy Notice, please contact our EU Data Protection Officer at:

Crawford Global Privacy Office
Attn: EU Data Protection Officer
70 Mark Lane
London EC3R 7NQ UK



Crawford & Company Adjusters (UK) Limited

Crawford & Company (Sweden) AB        

70 Mark Lane

Gruvgatan 35 A,

London EC3R 7NQ UK

Gothenburg SE



Crawford Aviation Limited


70 Mark Lane

Crawford & Company Belgium NV

London EC3R 7NQ UK

Jan Olieslagerslaan 41


B-1800 Vilvoorde, Brussels BE

Contractor Connection (Repairnet) UK Limited


70 Mark Lane

Crawford Polska Sp z.o.o             

London EC3R 7NQ UK

ul. Ciszewskeigo 15


02777 Warsaw PL



Crawford (Denmark) A/S


Lergravsvej 59

Crawford & Company (Deutschland) GmbH        

Kobenhavn S 2300 DK

Werdener Str. 4,


40227 Düsseldorf, Germany



Crawford & Company (Netherlands) BV


Warenarburg 1, 2907 CK Capelle aan den Ijssel

Crawford & Company(Norway) AS

Rotterdam NL

Kjorbokollen 30,


Sandvika 1337 NO



Crawford & Company (Espana) 


Calle Miguel Angel 14 1st Floor

Crawford & Company Italia SRL

Madrid 28010 ES

Via Desiderio da Settignano, 15


Milan 20149 IT



Crawford & Company


5909 Peachtree Dunwoody Rd Bldg. D, Ste. 1000

Crawford & Company (Sweden) AB        

Atlanta, GA 30328-7275 USA

Finland branch 


Rantatie Business Park,

Crawford & Company International, Inc.

Hermannin Rantatie 8

5909 Peachtree Dunwoody Rd Bldg. D, Ste. 1000

FI-00580 Helsinki

Atlanta, GA 30328-7275 USA




Broadspire Insurance Services, Inc.


5909 Peachtree Dunwoody Rd Bldg. D, Ste. 1000


Atlanta, GA 30328-7275 USA