Data Protection Notice
Insurance Ireland is the trading name of Insurance Ireland (Member Association) Company Limited by Guarantee. Insurance Ireland is the data controller of “personal data” as defined by Data Protection legislation. The purpose of this notice is to advise you what this means in practice.
If you are a director or employee of one of our member companies, we will hold the contact details provided by you or your employer in order to fulfil our obligations as a membership organisation (which we consider to be a “legitimate interest” as provided for in the legislation). These include:
- Sending you copies of our newsletters and publications or updates on topics such as Insurance Ireland’s advocacy activity, regulatory matters and other industry issues to keep you up to date on industry developments;
- Contacting you in relation to any committees or working groups you have asked to join;
- Informing you of events and processing any bookings you wish to make;
- Responding to your queries.
The information that you provide to us will be kept secure by us and not disclosed to third parties. Your contact details will be kept until we are advised that you are no longer an employee of that organisation. You can unsubscribe from specific services at any time by contacting us or following the unsubscribe option on relevant emails. This is also the case if you are not an employee of a member company but are interacting with us on a professional basis.
If you are a member of the media, you may contact us to seek an industry response on insurance matters or to arrange media interviews. Where you provide personal information to us in the course of making a media enquiry we will process this information on the basis that by requesting us to deal with your query you are giving us explicit consent.
If you are a member of the public, you may contact us for a number of reasons:
- To avail of the provisions of the Declined Cases Agreement which operates to ensure that members of the public are not denied motor insurance;
- To ask our Information Service to answer a query or complaint relating to insurance;
- To pass information to our Insurance Confidential anti-fraud hotline.
Declined Cases Agreement
In relation to the Declined Cases Agreement, personal information such as your contact details and motor insurance history will be processed by us in order to comply with our obligation to administer the agreement. This information may be disclosed by us to motor insurers operating under the Declined Cases Agreement. This information will be kept by us for a period of 18 months.
If you provide us with information in relation to a third party (e.g. a named driver on your policy) you should obtain the consent of that person. If the person is under the age of 18, you should obtain the consent of the holder of parental responsibility.
We process personal data in connection with the Declined Cases Agreement as it is necessary to do so to identify an alternative contract of insurance for you. Where it is necessary to share your personal data with other insurers to identify possible providers of cover, we rely on the legitimate interests of those participating in the Declined Cases Agreement in doing so. In these cases, participating insurers will only process your data for the purposes of performing the Declined Cases Agreement.
Where a declined case involves any suspected fraud or other offence, the basis of processing of this information is Section 55 of the Data Protection Act as it applies to the processing of personal data for prospective legal proceedings or establishing, exercising or defending legal rights (such as the prevention of fraud against insurance companies).
Where you provide personal information to our Information Service in the course of making a query or complaint we will process this information on the basis that by requesting us to deal with your query or complaint you are giving us explicit consent. This information will be kept secure by us and may be disclosed by us to the insurer to which your query or complaint relates. This information will be kept by us for a period of two years.
If the information you provide includes health information which is considered as “special” data under the legislation, this will be processed by us under Section 50 of the Data Protection Act 2018 which relates to the processing of health data in relation to a policy of insurance. Any further use of special data by us will be subject to you providing us with your explicit consent which you may withdraw at any time.
Information provided to Insurance Confidential will be treated in strictest confidence and shared only with insurance companies and An Garda Siochana. The basis of processing of this information is Section 55 of the Data Protection Act as it applies to the processing of personal data for prospective legal proceedings or establishing, exercising or defending legal rights (such as the prevention of fraud against insurance companies).
Insurance Ireland databases
Insurance Ireland also acts as a data controller for the following databases:
InsuranceLink which is a database of insurance claims operated on our behalf by Verisk. For more information see www.inslink.ie
- Integrated Information Data Service (“IIDS”) operated on our behalf by Accadian.
o The IIDS processes data relating to drivers penalty points pursuant to the Road Traffic Act 2012 and as instructed by the Minister for Transport. All data is passed through to each insurer and no Penalty Points data is stored in the IIDS. A log is kept on the IIDS containing the driver number, each time a request is made by an Insurer. This is done for audit purposes and is held for 2 years.
o In addition, the insurers using IIDS may also share No Claims Discount (NCD) information, but only with the person’s explicit consent. Within renewal letters for car insurance is a PIN number. Only when the individual shares this information with a new insurer, will they have access to the person’s NCD. This is required to validate any discounts insurers may apply to a premium. NCD data is only held in the system for up to three years and, as part of insurers’ renewal process, it is uploaded by an insurer shortly before the person’s current policy expires, If a PIN number does not appear on a renewal letter, it means that the person’s data has not been uploaded into the IIDS.
o Queries in relation to the IIDS can be emailed to email@example.com
We will generally retain personal data on our files for the duration of the relevant purpose plus a period thereafter for evidential, legal compliance or audit purposes (this period may be up to 6 years or longer in exceptional cases).
General Rights under Data Protection Law
You have the right to request a copy of your personal data and to have incorrect personal data about you corrected. If you wish to request a copy of your personal data please complete a copy of our Subject Access Request (SAR) form which is available on request and outlines the information necessary for us to check our records. We will require proof of identity. Your request should be sent to Subject Access Requests, Insurance Ireland, Insurance Centre, 5 Harbourmaster Place, IFSC, Dublin 1.
You have the right to withdraw your consent for the processing of personal date, have your personal data erased or the processing restricted.
Where the processing is based on explicit consent, you have the right to withdraw consent at any time. This will not affect the lawfulness of any processing we have carried out prior to the withdrawal of consent.
You have the right to make a complaint to the Office of the Data Protection Commissioner.
The Insurance Ireland Data Protection Officer can be contacted at firstname.lastname@example.org or by writing to Data Protection Officer, Insurance Ireland, Insurance Centre, 5, Harbourmaster Place, Dublin 1, D01 E7E8.
23 May 2018