Data Privacy Notice & Data Protection

Version 1.1 Effective from June 2024

We comply with the requirements of the General Data Protection Regulation (GDPR). Your data will be processed only in ways compatible with the purposes for which it was given.

Who Controls Your Personal Data & How Can You Contact Them

We control your Personal Data to allow us to give you advice and recommendations on your financial affairs, your data is then passed on to the relevant company/companies we have agencies with by way of application forms, by post email or through their secure websites online. 

Data We May Collect About You

In order for us to give you a recommendation and information on financial products, we need to collect and process personal information about you. If you do not provide the information we need, we may not be able to offer you advice or provide our services to you. The types of personal data that are processed may include:

• Individual details – Name, address (including proof of address), other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and employment history, and family details, including their relationship to you.
• Financial detail – full details on your income, debts, & assets you may own.
• Identification details – Identification numbers issued by government bodies or agencies, including your PPS Number, passport number, tax identification number. 

Special Categories of Personal Data

We do not process health information other than holding the information you have filled in via our portal and application forms. Life insurers process and control your health data to underwrite your policy or decide to decline cover. Claims information and policy information are also processed as necessary.

Where We May Collect Your Personal Data From

We may collect your personal data from various sources, including:

• Information you give us on application forms (written and via our online portal), email, phone, video call, in-person meetings, file sharing, and publicly available information on websites.
• Your employer or other representatives.
• Life companies we have agencies with, and any other records you have or had any other contracts of insurance with or sought a quote from us.

Legal Bases for Processing Your Information

We will only use your Personal Data for lawful reasons. These are:

1. The use is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering a contract (such as providing a recommendation).
2. The use is necessary to comply with our legal obligations.
3. You have consented to us using your information in such a way.
4. The use is necessary for the purpose of our legitimate interests.
5. The use is necessary for the performance of a task carried out in the public interest, such as assisting a regulatory authority’s investigation of a criminal offence.

The Purpose of Processing Your Information

• To give you information on and provide you with recommended financial products. 
• Disclose data to the policyholder, the life assured, beneficiary, trustee, assignee, successors, group company or to other parties.
• To comply with legal and regulatory requirements including Anti-Money Laundering and Sanctions compliance. 
• To understand how people interact with our websites (if applicable).
• To carry out and determine the effectiveness of advertising, and of marketing campaigns. 

Who We Share Your Information With

In order to provide our services and to comply with legal obligations imposed on us, we may share your information with:

Third-Party Data Transfers

We have Data Processing Agreements (DPAs) in place with all our third-party providers, including but not limited to Adobe, Atlassian, Google, Pipedrive and Salesforce to ensure that your personal data is protected in compliance with the GDPR. No personal data is transferred to third countries outside the EEA without appropriate safeguards.

How Long Do We Keep Your Information

When providing products to you it may be necessary to retain your information for an extended period of time. We keep your information for as long as required by law for the purpose that you gave it to us for.  As a general rule for legal and best practice reasons, we are required to keep your information for 6 years after the date on which our relationship with you ends. 

Your Rights to Access, Transport, Correct, Delete & Restrict The Use Of Your Personal Data

You have the right to access a copy of your Personal Data which we hold on you.  In the case of Personal Data, you provided to us to process on the basis of your consent or for automated processing, you have the right to have it provided in a commonly used electronic format to you or to another Data Controller (subject to applicable Data Protection Law).  If you would like a copy of your Personal Data, please contact us. Your request will be dealt with as quickly as possible and in any event, within a month for us to respond. If at that stage we are unable to provide the data you require (due to the complexity or number of requests) we may extend the period to provide the data by a further two months but shall explain the reason why. There is no charge for the request for your data but it must be in writing or email.

Correcting Your Personal Data

You have the right to have your Personal Data corrected if you feel we have incorrect data held on you.

Deleting Your Personal Data

Subject to any overriding legal obligation requiring us to retain it, you have the right to have your Personal Data deleted, however erasing your information may make it difficult or impossible for us to give you information on, provide you with, or administer our financial products. If you want your information deleted please contact us.

Restricting Our Use of Your Personal Data

You have the right to restrict our use of your Personal Data in certain circumstances. If you wish to exercise your rights in this regard please contact us.

Automated/Profiling Decision Making

Where we use automated decision-making you will always be informed & you will be entitled to have a person review the decision so that you can contest it and put your point of view and circumstances forward. E.g. When we produce quotes for the business you are contacting us about. When we want to market to you we may run a program that allows us to identify certain criteria of clients (all those that fit within certain criteria for example).

Your Right to Object & Withdraw Your Consent to Data Processing

Where our lawful basis for processing your Personal Data is based on our legitimate interests, you have the right to object. You also have the right to withdraw your consent to any processing at any time. However, if we cannot process your data it may make it difficult, impossible or unlawful for us to give you information on, provide you with advice on financial products. If you want to object or withdraw your consent to processing please contact us.

Obtaining and Managing Consent

We obtain consent from our clients through our online applications, where clients must tick a box to accept our terms and conditions, including our Data Privacy Notice. Links to the full notice are provided on our website, and a copy is emailed to the client. Additionally, when clients sign a Statement of Suitability, we note that they have received the terms of business.

Use of Artificial Intelligence (AI)

We use AI technology to enhance the efficiency and accuracy of our services. AI may assist in various functions, including but not limited to, the review and analysis of documents, assisting in underwriting processes, and the drafting of communications.

Ensuring Data Protection: We ensure that your personal data is not used for training AI models by any external providers. All AI systems are used responsibly with robust data protection measures in place. Importantly, a human is always involved in overseeing AI-assisted tasks to ensure accuracy, compliance with security standards, and the protection of your personal data.

Compliance with the EU AI Act: We are committed to complying with the forthcoming EU AI Act. We continuously review and update our practices to ensure they meet the latest regulatory standards and best practices in AI usage and data protection.

Data Breach Notification

We follow the guidelines set by the Data Protection Commission of Ireland for handling data breaches. In the event of a data breach, we have procedures in place to:

• Identify and contain the breach quickly.
• Assess the risk to individuals and determine whether the breach is likely to result in a high risk to their rights and freedoms.
• Notify the Data Protection Commission within 72 hours of becoming aware of the breach, if required.
• Inform affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
• Document all breaches, regardless of whether notification is required.

Your Right to Make A Complaint About Your Data

If you are dissatisfied with the way we handle your Personal Data please contact us. We will do our best to address your concerns swiftly and resolve any issues you have. You have the right to complain to the Office of The Data Protection Commission, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23 www.dataprotection.ie. Tel: +353 761 104 800. Fax: +353 57 868 4757. E-Mail: info@dataprotection.ie