Insurance Ireland is the trading name of Insurance Ireland (Member Association) Company Limited by Guarantee. Insurance Ireland is the data controller of “personal data” as defined by Data Protection legislation, which includes the General Data Protection Regulation and the Data Protection Acts 1988 to 2018 (“Data Protection Law”). The purpose of this notice is to advise you what this means in practice and for the processing of your personal data by Insurance Ireland.
If you are a director or employee of one of our member companies or a member of an Insurance Ireland committee (i.e. the Insurance Link Oversight Committee or the Membership Appeals Committee), we will hold the contact details provided by you or your employer in order to fulfil our obligations as a membership organisation (which we consider to be a “legitimate interest” as provided for in Data Protection Law and on which we rely as a legal basis for processing your personal data). These purposes of processing include:
Sending you copies of our newsletters and publications or updates on topics such as Insurance Ireland’s advocacy activity, regulatory matters and other industry issues to keep you up to date on industry developments;
- Contacting you in relation to any committees or working groups you have asked to join;
- Informing you of events and processing any bookings you wish to make;
- Recording your attendance at events for the purpose of issuing you with a Certificate of Attendance;
- Responding to your queries; and
- Ensuring oversight through committees of the InsuranceLink database used by our members (as described further below) and membership of Insurance Ireland.
If you are a member of the media, you may contact us to seek an industry response on insurance matters or to arrange media interviews. Where you provide personal information to us in the course of making a media enquiry we will process this information on the basis that by requesting us to deal with your query you are giving us explicit consent.
If you are a member of the public, you may contact us for a number of reasons:
- To avail of the provisions of the Declined Cases Agreement which operates to ensure that members of the public are not denied motor insurance;
- To ask our Information Service to answer a query or complaint relating to insurance;
- To pass information to our Insurance Confidential anti-fraud hotline.
Legal basis for processing
We process your personal data for the purposes described above based on our legitimate interests as a membership organisation, which are contacting our members, conducting advocacy work, coordinating events for our members and administering the work of Insurance Ireland in an orderly fashion. We also process your personal data as necessary to comply with legal obligations (as described further below in respect of the Declined Cases Agreement and Insurance Confidential) and for the purpose of performing certain contracts.
Declined Cases Agreement
In relation to the Declined Cases Agreement, personal information such as your contact details and motor insurance history will be processed by us in order to comply with our obligation to administer the agreement. This information may be disclosed by us to motor insurers operating under the Declined Cases Agreement. This information will be kept by us for a period of 18 months.
If you provide us with information in relation to a third party (e.g. a named driver on your policy) you should provide this notice to that person. If the person is under the age of 18, you should obtain the consent of the holder of parental responsibility.
We process personal data in connection with the Declined Cases Agreement as it is necessary to do so to identify an alternative contract of insurance for you. Where it is necessary to share your personal data with other insurers to identify possible providers of cover, we rely on the legitimate interests of those participating in the Declined Cases Agreement in doing so. In these cases, participating insurers will only process your data for the purposes of performing the Declined Cases Agreement.
Where a declined case involves any suspected fraud or other offence, the basis of processing of this information is compliance with a legal obligation contained in Section 55 of the Data Protection Act as it applies to the processing of personal data for prospective legal proceedings or establishing, exercising or defending legal rights (such as the prevention of fraud against insurance companies).
Where you provide personal information to our Information Service in the course of making a query or complaint we will process this information on the basis that by requesting us to deal with your query or complaint you are giving us explicit consent. This information will be kept secure by us and may be disclosed by us to the insurer to which your query or complaint relates. This information will be kept by us for a period of two years.
If the information you provide includes health information which is considered as “special” data under the legislation, this will be processed by us under Section 50 of the Data Protection Act 2018 which relates to the processing of health data in relation to a policy of insurance. Any further use of special data by us will be subject to you providing us with your explicit consent which you may withdraw at any time.
Information provided to Insurance Confidential will be treated in strictest confidence and shared only with insurance companies and An Garda Siochana. The basis of processing of this information is compliance with a legal obligation contained in Section 55 of the Data Protection Act) as it applies to the processing of personal data for prospective legal proceedings or establishing, exercising or defending legal rights (such as the prevention of fraud against insurance companies).
Insurance Ireland databases
InsuranceLink which is a database of insurance claims operated on our behalf by Verisk. For more information see www.inslink.ie
- Integrated Information Data Service (“IIDS”) operated on our behalf by Accadian.
- The IIDS processes data relating to drivers’ penalty points pursuant to the Road Traffic Act 2012 and as instructed by the Minister for Transport. All data is passed through to each insurer and no Penalty Points data is stored in the IIDS. A log is kept on the IIDS containing the driver number, each time a request is made by an Insurer. This is done for audit purposes and is held for 2 years.
- In addition, the insurers using IIDS may also share No Claims Discount (NCD) information, but only with the person’s explicit consent. Within renewal letters for car insurance is a PIN number. Only when the individual shares this information with a new insurer, will they have access to the person’s NCD. This is required to validate any discounts insurers may apply to a premium. NCD data is only held in the system for up to three years and, as part of insurers’ renewal process, it is uploaded by an insurer shortly before the person’s current policy expires, If a PIN number does not appear on a renewal letter, it means that the person’s data has not been uploaded into the IIDS.
- Queries in relation to the IIDS can be emailed to email@example.com
We will retain personal data on our files to the extent such retention is adequate, relevant and limited to what is necessary for the purposes for which they are processed. We will not retain personal data for any longer than is necessary for the performing the purposes of processing outlined in this notice. We apply retention periods to different categories of personal data in accordance with applicable laws relating to the retention of data. We retain data for the duration of the relevant purpose plus a short period thereafter for evidential, legal compliance or audit purposes. This period may be up to 6 years or longer in exceptional cases.
Rights under Data Protection Law
Under data protection law, you have the right to:
- access a copy of your personal data;
- request rectification of your Personal Data if it is inaccurate or inappropriate;
- request deletion of your Personal Data;
- restrict or object our use of your Personal Data in certain circumstances;
- move (or port) personal data which is automated in certain circumstances; and
- lodge a complaint with the appropriate regulator (if you are unhappy with how your personal data is being handled).
If you wish to exercise any of these rights, the request should be sent to firstname.lastname@example.org or Subject Access Requests, Insurance Ireland, Insurance Centre, 5 Harbourmaster Place, IFSC, Dublin 1. If you are requesting a copy of your personal data please complete a copy of our Subject Access Request (SAR) form, which is available on request from email@example.com and outlines the information necessary for us to check our records. We may require proof of identity where we cannot otherwise authenticate your identity.