Insurance involves the use and disclosure of your personal data by various insurance market participants such as intermediaries, insurers and reinsurers. The Code of Practice on Data Protection for the Insurance Sector sets out the obligations of insurers operating in Ireland in respect of the use and processing of Personal Information. We recommend you review this notice which can be accessed here.
Who do we collect personal information about
- Prospective and existing policyholders and beneficiaries
- Third parties or individuals who will act on behalf of a policyholder such as a power of attorney, solicitor or family member
- Third party claimants
- Users of our claims portal
- Visitors to our website
- Individuals with whom we do business such as brokers and third party suppliers
How we collect your Personal Information
We collect your Personal Information from:
- you (e.g. via your application or claim form, correspondence with us including telephone calls (please note that telephone calls are recorded) and emails and via your use of our claims portal);
- third parties such as witnesses and medical professionals;
- the policyholder (where you are a third party such as a beneficiary);
- our marketing activities such as market research;
- financial crime and fraud detection agencies and third parties we use to carry out credit checks;
- other companies in the AXA Group;
- other third parties involved in your insurance policy or claim such as brokers, claims handlers, investigators, loss adjusters;
- insurance industry bodies;
- publically available sources (for example, searches using google, public registers and social media);
- third parties who brand and sell our insurance policies;
- any third parties in the event of a sale, merger, reorganisation, transfer or dissolution of our business; and
- your use of our website (e.g. our web servers collect the name of the domain you used to access the internet, such as "aol.com" or "yahoo.com," and the website you came from and visit next).
Types of Personal Information that we collect
Depending on your relationship with us, Personal Information that we collect may include:
- General identification and contact information such as your name, address and other contact details and date of birth;
- ID documents such as passport/driving licence;
- Any information relevant to your insurance policy such as lifestyle, income and employment status;
- Job information where it relates to a claim made on a policy, for example where the policyholder can’t make repayments due to unemployment;
- Information relevant to any claims made;
- Details about family such as dependents or spouses;
- Information which is available publically;
- Financial information such as your bank account details and credit history;
- Your marketing preferences as you advise us; and/or
- Information enabling us to provide you with products and services such as details about previous insurance policies you have held and any previous claims you have made.
If relevant, we will also collect "special category data" which is Personal Information relating to health, genetic or biometric data, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, and trade union membership. For example:
- Medical information such as your current health status, the details of any injuries or disabilities and medical history because it is relevant to your insurance policy or claims, for example if you take out Cancer Protection, we will collect information about your health status and illness.
- Your religious beliefs where you disclose it to us (for example if it relates to any medical treatment you are having).
We may also collect criminal convictions data where we carry out anti money laundering and fraud checks.
We do not intentionally offer insurance policies or collect any personal information from children under 18 years of age. However, some information about children may be collected and used in connection with a policy claim, for example where relevant to the circumstances of the claim and associated vulnerabilities.
How and why we use your Personal Information
We use your Personal Information to:
- Assess and process your insurance application;
- Administer a policy;
- Process any claims you may make;
- Send you information regarding your policy;
- Provide improved quality, training and security;
- Carry out market research;
- Provide marketing information to you (including information about products and services offered by selected third parties) in accordance with your marketing preferences;
- Comply with applicable laws and regulatory obligations;
- Establish and defend legal rights;
- Prevent, detect and investigate crime, including fraud;
- To carry out fraud, credit and anti-money laundering checks;
- To conduct sanction checks;
- To take out our own insurance;
- For business purposes such as management information, internal audit, reviewing products, systems development, accounting records, responding to enquiries, maintaining records of communications, enforcing compliance with our terms and providing quality training and security
- To handle complaints.
We collect, use and disclose your Personal Information for the purposes set out above. For each purpose, we must have a legal ground to use your Personal Information.
When we process your Personal Information we will rely on the following legal grounds:
- Such use is necessary to enter into or perform your contract of insurance. We rely on this legal ground in order to assess and process your application, administer a policy, handle claims and provide insurance services.
- We have a legitimate interest which is not overridden by your rights or interests. We rely on this legal ground to manage our business; where you are a named party under a policy - to assess and process the application, administer the policy and handle claims and provide insurance services; respond to enquiries; maintain records of communications; enforce compliance with our terms; and to provide marketing information to you.
- Such use is necessary to comply with our legal obligations. We rely on this legal ground to prevent, detect and investigate crime, including fraud and to comply with applicable laws and regulatory obligations (for example where our regulator or law enforcement authorities require us to do something such as keeping records of our dealings with you and to conduct sanctions checking).
- We have obtained your consent. We rely on this legal ground for direct marketing communications.
When we process your 'special category data' we must have an additional legal ground. We will rely on the following legal grounds:
- In the case of special category data relating to your health, where such processing is necessary for an insurance purpose. We rely on this legal ground for processing health data in order to advise and arrange your contract of insurance, assess and process your insurance application, administer your policy and handle claims under an insurance policy.
- We have your explicit consent. We rely on this legal ground in order to advise and arrange your contract of insurance, assess and process your insurance application, administer your policy and handle claims under an insurance policy.
- We need to establish, exercise or defend our legal rights. We rely on this legal ground in order to handle complaints, to prevent, detect and investigate crime, including fraud or to comply with applicable laws and regulatory obligations.
|Purpose||Legal ground||Additional legal ground for special category data|
|To assess and process your insurance application||
|To administer a policy, handle claims and provide relevant services.||
|For business purposes such as responding to enquiries, maintaining records of communications, enforce compliance with our terms and providing improved quality, training and security.||
|To carry out market research||
|To provide marketing information to you (including information about products and services offered by selected third parties) in accordance with your marketing preferences.||
|To prevent, detect and investigate crime, including fraud and money laundering and to carry out sanctions checks.||
|To comply with applicable laws and regulatory obligation for example where our regulator or law enforcement authorities require us to do something or to keep records of our dealings with you||
|To take out our own insurance||
We will not share your Personal Information with any third parties for any purpose other than those described above. For example, we will not sell Personal Information to third parties that may wish to market their products and services to you.
Sharing your Personal Information
We may disclose Personal Information we collect to other organisations as detailed below. The organisations to whom we disclose Personal Information are obligated to use such information only for the purposes stated above. Disclosures may be made to the following third parties:
- The company who underwrites your insurance policy.
- Other third parties involved in the administration of a policy such as brokers.
- Third parties who brand and sell our insurance policies.
- The company who provides us with our own insurance policy.
- Third party administrators who we use to assist with the administration of a claim such as claims handlers, loss adjustors and independent medical advisers.
- Third parties who provide sanctions checking services, anti-fraud and credit checks.
- Financial crime and fraud detection agencies.
- Our group companies.
- Other insurers, regulators and industry/public bodies.
- Any third parties in the event of a sale, merger, reorganisation, transfer or dissolution of the business.
Disclosure of your Personal Information to the parties listed above, may involve the transfer of such information to other countries, including those outside of the EEA (see section “International transfers of Personal Information” below).
Security of collected information
We use encryption and authentication tools to protect information we gather on our website. E-mail communications outside of our website, however, may not be protected. If you are sending us an e-mail communication that includes highly confidential information, such as a credit card number, you may want to call us or send it by registered post.
We have deployed an adequate procedure to identify and communicate any incident of data breach within 72 hours and to resolve it within a reasonable period of time.
Retention of Personal Information
- We will hold your policy and account files for 7.5 years from the date on which your policy ends or when a claim is settled whichever is later;
- Where an insurance quote has not been taken up, we will hold quote and related Personal Information for 15 months.
We undertake to keep your Personal Information safe, confidential, accurate and efficient for the relevant usage duration period. At the end of the retention period, your Personal Information will be anonymized or destroyed.
Your marketing preferences
We sometimes use or share your Personal Information in ways that will improve or expand upon the services we provide to you. You can choose to opt-out of this at any time by contacting us at email@example.com or by calling 020 8380 3000.
We also provide you with regular opportunities to opt-out.
- Emails: If you no longer want to receive marketing emails, you may opt-out by clicking on the unsubscribe link provided in each email or by contacting us as set out above.
Text messages/telephone communications/postal mail: You may opt-out by contacting us as set out above.
Even if you opt-out of marketing communications, we will still provide you with important administrative communications.
International transfers of Personal Information
- entering into contractual obligations with the party we are transferring your Personal Information to;
- transferring to countries which have been deemed 'adequate' by data protection authorities; or
- complying with 'binding corporate rules' which are a set of rules approved by the relevant data protection authorities which allow AXA group companies to transfer Personal Information between themselves.
Third party websites
We are not responsible for the content, security or information collection practices of any third party websites, including those that you link to from our website. You should carefully review the privacy policies of each web site you visit to understand how they collect, use, and disclose information.
Your legal rights
In accordance with data protection laws, you have a right to:
- Obtain a copy of the Personal Information we hold about you, together with other information about how we process it;
- Request rectification of inaccurate or incomplete Personal Information, and, in some circumstances, to request us to erase or restrict our use of it, or otherwise to object to our processing of your Personal Information generally and for direct marketing purposes;
- Receive a copy or have a copy transmitted to another company (portability of data) (in a machine-readable format) of Personal Information which you have provided to us;
- Make a complaint about how we handle your data to the Office of the Data Protection Commissioner. Please visit http://www.dataprotection.ie for further information about how to do this.
- Withdraw any consent which you have given relating to use of your Personal Information, at any time. This includes consents to receiving direct marketing communications.
Note that there are certain limitations and exemptions to these rights which we may apply depending on the circumstances.
To exercise any of these rights, please contact us using the details set out in the 'contacting us' section.
Data Protection Officer
Phone number: + 353 (0) 61 737373 +353 or (0) 61 714 503
Changes to this Policy
Last updated: 06 July 2018