Privacy Policy/ Statement
Purpose
Britton Insurance is committed to protecting and respecting your privacy. It is the firm’s aim to try and explain in simple English the purpose of collecting your information, what choices are available to you regarding the use of your data, the security procedures in place to protect your data, and how you can correct any inaccuracies in the information Britton Insurance hold about you.
During the product lifecycle Britton Insurance will receive personal data relating to potential or actual policyholders, beneficiaries under a policy, their family members, claimants and other parties involved in a claim. The purpose of gathering this data allows Britton Insurance provide advice on products and services we offer and to ensure the firm abide by legislation and various codes of conduct. Therefore references to “data subjects” in this notice include any living person from the preceding list, whose personal data Britton Insurance receives in connection with the services it provides. This notice sets out Britton Insurance’s uses of this personal data and the disclosures it makes to other insurance market participants and other third parties.
For the purposes of General Data Protection Regulations (GDPR) the data controller is:
Pat Britton & Co Ltd, Crennan House, Tirconaill Street, Donegal Town, Co Donegal Telephone +353 (74) 9721304 Email: dataprotection@brittoninsurance.com
Please read this notice carefully as it sets out the basis on which any personal data collected from you, or that you provide to Britton Insurance, will be processed by us.
Personal information we collect
Britton Insurance will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR) and will also endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary.
Britton Insurance collect and process the following personal data:
- Data subject details – name, address (and proof of address), other contact details (e.g. email and telephone details), gender, marital status, family details, date and place of birth, employer, job title and employment history, relationship to the policyholder, insured, beneficiary or claimant.
- Identification details – identification numbers issued by government bodies or agencies (e.g. PPSN, passport number, tax identification number, driver’s license number).
- Financial details – payment card number, bank account number and account details, income and other financial information.
- Insured risk – information about the insured risk, which contains personal data and may include, only to the extent relevant to the risk being insured:
- ➢ Health – current or former physical or mental medical conditions, health status, injury or disability information, medical procedures performed, relevant personal habits (e.g. smoking or consumption of alcohol), prescription information, medical history;
- ➢ Criminal records – criminal convictions, including driving offences; and
- ➢ Personal sensitive data – trade union membership.
- Policy details – details about quotes and policies obtained by data subjects.
- Credit and anti-fraud data – credit history, information about fraud convictions, and allegations of crimes and sanctions details received from various anti-fraud and sanctions databases, or regulators or law enforcement agencies.
- Claims – information about current and previous claims, which may include health data, criminal records data and personal sensitive data.
- Marketing data – where legitimate interest has been identified or if the individual has consented to receive marketing of our products and services and other companies’ products and services that may interest you.
- Website usage – details of your visits to our websites and information collected through cookies and other tracking technologies, including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.
Source of personal data
Britton Insurance collect and receive personal data from various sources, including (depending on the service provided):
- Data subjects and their family members, online or by telephone, or in written correspondence
- Data subjects’ employers or trade or professional associations of which they are a member
- In the event of a claim, third parties including the other party to the claim (claimant/ defendant), witnesses, experts (including medical experts), loss adjusters, lawyers and claims handlers
- Other insurance market participants, such as insurers, reinsurers and other intermediaries
- Credit reference agencies
- Anti-fraud databases and other third party databases, including sanctions lists
- Government agencies, such as vehicle registration authorities and tax authorities
- Claim forms
- Open electoral registers and other publicly available information
- Business information and research tools
- Third parties who introduce business to us and;
- Forms on our Britton Insurance website and your interactions with our website (please also see our Cookies Notice).
Call Recording and CCTV – Britton Insurance record incoming and outgoing calls for training, quality and verification purposes. CCTV is utilised at Britton Insurance’s office.
Other people’s data: As well as collecting personal information about you, Britton Insurance may also use personal information about other people, for example family members you wish to insure on a policy.
Note: If you are providing information about another person Britton Insurance expect you to show them this Privacy Notice and ensure that they have given you permission to provide this information to us so that a quote can be provided. If they have any concerns please ask them to contact ‘The GDPR Owner’ as per contact details above.
How Britton Insurance use and disclose your personal data – Legal Basis
In this section, we set out the purposes for which we use personal data, explain how we share the information, and identify the “legal grounds” on which we rely to process the information.
These “legal grounds” are set out in the GDPR, which allows companies to process personal data only when the processing is permitted by the specific “legal grounds” set out in the GDPR (the full description of each of the relevant grounds can be found in Appendix I). Please note that in addition to the disclosures we have identified in the table in Appendix II, we will disclose personal data for the purposes we explain in this notice to service providers, contractors, advisers, agents and third parties that perform activities on our behalf.
Withdraw Consent
Where you have provided consent this can be withdrawn at any time by emailing us at dataprotection@brittoninsurance.com or write to us at the contact details above. This does not affect the lawfulness of processing based on your consent prior to its withdrawal.
Automatic decision making
Certain processing activities may involve the use of automated (computer based) decision making; for example; before we can arrange an insurance product or service for you we must obtain a quotation from an insurer’s rating engine which calculates the insurance risks based on the information that you have supplied.
This will be used to determine if the insurer can provide you with a policy and to calculate the premium you will have to pay to arrange cover with them.
The results of these automated decision-making processes may limit the products and services we can provide you with. If you do not agree with the result, you have the right to request human intervention to allow you to express your point of view and contest the decision.
Retention of your personal data
Britton Insurance will process personal data in accordance with the firm’s Retention Policy. Britton Insurance collect, use, disclose and otherwise process personal data that is necessary for the purposes identified in this Privacy Notice or as permitted by law. If Britton Insurance require personal data for a purpose inconsistent with the purposes that was identified in this Privacy Notice, Britton Insurance will notify data subjects of the new purpose and, where required, seek data subjects’ consent (or ask other parties to do so on Britton Insurance’s behalf) to process personal data for the new purposes.
Our retention periods for personal data are based on business needs and legal requirements. Britton Insurance retain personal data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, Britton Insurance retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data.
Transferring outside the EEA
If Britton Insurance transfer personal data to a third party or outside the EU the firm will ensure the recipient (processor or another controller) has provided the appropriate safeguards and on condition that enforceable data subject rights and effective legal remedies for you the data subject are available from them.
Your Rights
Britton Insurance facilitate the data subject’s rights in line with the firm’s Data Protection Policy.
Your rights as a data subject
At any point while Britton Insurance are in possession of or processing your personal data, you, the data subject, have the following rights:
1. Right of access – you have the right to request a copy of the information that Britton Insurance hold about you.
2. Right of rectification – you have a right to correct data that Britton Insurance hold about you that is inaccurate or incomplete.
3. Right to be forgotten – in certain circumstances you can ask for the data Britton Insurance hold about you to be erased from our records.
4. Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
5. Right of portability – you have the right to have the personal data you have provided to Britton Insurance transferred to another organisation, in a structured, commonly used and machine-readable format.
6. Right to object – you have the right to object to certain types of processing such as direct marketing.
7. Right to object to automated processing, including profiling – you also have the right not to be subjected to automated processing including profiling.
8. Right to judicial review – in the event that Britton Insurance refuses your request under rights of access, Britton Insurance will provide you with a reason as to why. You have the right to complain as outlined below.
In order to exercise any of the above rights, please contact us using the contact details set out below.
Complaints and Queries
To submit questions or requests regarding this Privacy Notice or Britton Insurance’s privacy practices, please write to ‘The GDPR Owner’ at Pat Britton & Co Ltd, Crennan House, Tirconaill Street, Donegal Town, Co Donegal. Tel: +353 (74) 9721304. Email: dataprotection@brittoninsurance.com
In the event that you wish to make a complaint about how your personal data is being processed by Britton Insurance, you have the right to lodge a complaint directly with ‘The GDPR Owner’ at Britton Insurance and/or the Data Protection Commissioner.
Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois
Telephone 076 1104 800
Lo Call Number 1890 252 231
Email info@dataprotection.ie
Failure to provide requested information
If Britton Insurance are collecting your data to fulfil a contract (e.g. house insurance policy, motor insurance policy, etc.) and you cannot provide this data the consequences of this could mean the contract cannot be completed or details are incorrect.
Responsibilities
‘The GDPR Owner’ is responsible for ensuring that the Privacy Notice is correct and that mechanisms exist such as having the Privacy Notice on Britton Insurance website to make all data subjects aware of the contents of this notice.
Marketing
Britton Insurance use your data for legitimate business interests including marketing of our products and services by post, telephone (including mobile), email or other means of communication including social media. Where we wish to market other companies’ products or services to you, we will first ask for your consent. If you no longer wish your information to be used for marketing purposes, please email us at dataprotection@brittoninsurance.com or write to us at the contact details provided above.
Liability Risks Only
If you hold insurance to provide cover against any third party, you cannot be found or you become insolvent, or the court finds it just and equitable to so order, then your rights under the contract will be transferred to and vest in the third party even though they are not a party to the contract of insurance. The third party has a right to recover from the insurer the amount of any loss suffered by them. Where the third party reasonably believes that you as policyholder have incurred a liability, the third party will be entitled to seek and obtain information from the insurer or from any other person who is able to provide it concerning:
- the existence of the insurance contract
- who the insurer is
- the terms of the contract, and whether the insurer has informed the insured person that the insurer intends to refuse liability under the contract
This Privacy Notice is effective from 1st January 2021
| Appendix I
The legal grounds we may rely on for processing personal data and personal sensitive data |
|
| Legal Ground | Details |
| Performance of our contract with you | Processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract |
| Compliance with a legal obligation | Processing is necessary for compliance with a legal obligation to which we are subject. |
| For our legitimate business interests | Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where you are a child. These legitimate interests are set out next to each purpose. |
| Your explicit consent | You have given your explicit consent to the processing of those personal data for one or more specified purposes. You are free to withdraw your consent, by contacting ‘The GDPR Owner’. However, withdrawal of this consent may impact our ability to provide the services |
| Appendix II
Purpose of processing |
Legal grounds | Disclosures |
| Quotation/inception | ||
| Establishing a client relationship, identity, including fraud, anti-money laundering and sanctions checks | • Performance of our contract with the client
• Compliance with a legal obligation • Legitimate interests (to ensure that the client is within our acceptable risk profile and to assist with the prevention of crime and fraud) |
• Anti-fraud databases
• Relevant state bodies |
| Checking credit | • Legitimate interests (to ensure that the client is within the acceptable risk) | • Credit reference agencies |
| Evaluating the risks to be covered and matching to appropriate insurer, policy and premium | • Performance of our contract with the client
• Legitimate interests (to determine the likely risk profile and appropriate insurer and insurance product) |
• Insurers
• Insurance intermediaries • Product producers • Insurance Ireland |
| Policy Servicing | ||
| General client care, including communicating with clients and servicing existing business | • Performance of our contract with the client
• Legitimate interests (to correspond with clients, beneficiaries and claimants in order to facilitate the placing of and claims under insurance policies) |
• Insurers
• Insurance intermediaries • Product producers • Banks • Debt recovery providers • Risk management providers |
| Collection or refunding of premiums, paying on claims, processing and facilitating other payments | • Performance of our contract with the client • Legitimate interests (to recover debts due to us) | |
| Facilitating premium finance arrangements | • Performance of our contract with the client
• Legitimate interests (ensuring our clients are able to meet their financial obligations) |
• Premium finance providers
• Banks |
| Claims Processing | ||
| Managing insurance claims | • Performance of our contract with the client
• Legitimate interests (to assist our clients in assessing and making claims |
• Insurers
• Lawyers • Experts • Claims handlers • Loss adjusters • Relevant state bodies • Anti-fraud databases • Third parties involved in handling or addressing the claim or involved in investigation or prosecution |
| Defending or prosecuting legal claims | • Performance of our contract with the client
• Legitimate interests (to assist our client in assessing and making claims) |
|
| Investigating and prosecuting fraud | • Performance of our contract with the client
• Legitimate interests (to assist with the prevention and detection of fraud) • Compliance with a legal obligation |
|
| Renewals | ||
| Contacting you in order to arrange the renewal of the insurance policy | • Performance of our contract with the client
• Legitimate interests (to correspond with clients to facilitate the continuation of insurance cover) |
• Insurers
• Insurance intermediaries • Product producers |
| Throughout the insurance lifecycle | ||
| Marketing | • Legitimate interests (to contact you about insurance products and services which may be of interest to you)
• Consent – where Britton Insurance have not provided a service to you |
• Insurers
• Insurance intermediaries • Product producers • Unsubscribe Service / Marketing Automation Tool |
| Transferring books of business, company sales and re-organisations | • Legitimate interests (to structure our business appropriately) | • Purchaser (potential and actual) |
| Complying with our legal or regulatory obligations | • Compliance with a legal obligation | • Insurers • Relevant state bodies
• Auditors • Relevant regulators |
| To make back-ups of your data in case of emergencies, for disaster recovery purposes and for IT maintenance | •Processing is necessary to comply with legal obligations | • Relevant service providers |
| Website activities | ||
| To communicate with you regarding any queries you raise via the website | • Legitimate interests of Britton Insurance (to correspond with website users) | None |
| Statistical analysis | • Processing is necessary for the purposes of our •legitimate interests. This interest is to improve our processes, products and services. | |