Privacy Notice/Statement
Introduction
ARB Underwriting Ltd (ARB) is committed to respecting and protecting your privacy and would like you to feel safe when giving us your details. To provide you with relevant information, respond to your requests we sometimes request that you provide us with information about yourself. ARB will identify itself on Web pages and in correspondence
This Privacy Notice will inform you of the information we gather and how it is used. ARB maintains the same privacy practices with respect to data that is collected off-line and this notice also covers those methods of data collection and use. ARB complies with EU General Data Protection Directive - GDPR for the collection, use, and retention of personal information from European Union member countries.
For the purposes of GDPR the data controller is ARB Underwriting Limited. When we refer to ‘we/us’ within this document it is ARB Underwriting Limited.
Please read this Statement carefully as this sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Who are we?
ARB Underwriting was one of the 1st Managing General Agencies in Ireland. We have a team of experienced Underwriters who distribute our range of products through a panel of 350+ nationwide brokers.
From the outset ARB was an innovator in the Irish market, introducing non-standard motor insurance and multi-trip annual travel insurance into Ireland. In our 26 years we have built up a strong reputation on the market as an innovative and progressive company.
At ARB we pride ourselves at being an exciting and innovative underwriting agency. We underwrite a broad range of risks including motor, commercial, PI, & travel insurance. We have worked hard to develop strong, reliable markets. This is to ensure we can offer a high level of service with a wide range of quality insurance products both in the standard and niche markets.
Our GDPR Owner and data protection representatives can be contacted directly here:
Email Address: compliance@arb.ie
Phone Number: 01 525 7900
You have the right to make a complaint with the Office of the Data Protection Commissioner. Their contact details are as follows:
Data Protection Commissioner
Canal House,
Station Road,
Portarlington,
County Laois
Telephone: +353 (0)761 104 8000
Telephone: +353 (0)57 868 4800
E-mail: info@dataprotection.ie
Lo Call Number: 1890 252 231
Fax: +353 57 868 4757
Purpose for processing your data
Personal information provided will be used to set up, administer and manage your policy over the course of its life time. It will also be used to manage any claims/complaints made by you.
The information may also be used in the following ways:
-
For the detection/prevention of any activities that indicate fraud, money laundering or other offences.
-
To verify identity when providing policy information over the phone.
-
For statistical analysis or market research purposes.
-
Staff training.
-
For information backup purposes.
-
Reporting purposes to reinsurance agencies.
-
Compliance with all regulatory requirements.
-
Any further processing as set out in this document or other documents made available to you.
We may check the information you provide against other information available to the public (such as court judgements). If you give us false information or fail to disclose information and we suspect fraud, we will record this. We may share information about you with industry databases such as those operated by Insurance Ireland for the purpose of sharing information among insurance companies as a check against non-disclosure and to assist in preventing, detecting and/or protecting our customers and ourselves from fraud.
We also record telephone conversations for verification and training purposes.
The below contains examples of the types of information we collect for the purposes set out in this document.
Information Category
Type of Data Collected
Policy Information
Name, address, date of birth, gender, licence details, payment details, vehicle details, property details, driving history, claims history, criminal convictions, penalty points, named driver details, business information,
Information provided by 3rd party sources
Address Look ups, Eircode, vehicle details, vehicle history, penalty points, previous convictions, credit scores, risk details, etc
Current/Previous Claims Information
Incident details, details provided by claimants, current/previous health issues, criminal convictions, property details, vehicle details,
Why we are processing your data?
Our legal basis.
In order for us to provide you our products and services ARB need to collect personal data for the provision of our insurance products and services.
Our reason (lawful reason) for processing your data under the GDPR is: Legal basis – ARB needs to process your data as this is necessary in relation to a contract of insurance to which the individual has entered into or because the individual has asked for something to be done so they can enter into a contract.
We collect Personal Data and, where necessary and in accordance with legal requirements, Special Categories of Personal Data, in order to distribute and administer insurance products on behalf of our Product Providers, to transact business, validate and settle any claims, to develop or enhance our online service and to recruit staff.
Where appropriate, we will use this information:
-
To undertake a risk assessment and evaluation in line with underwriting protocols, determine the premium requirement and/or provide a quotation, to comply with our legal obligations and/or to bind cover on behalf of our Product Providers;
-
To set you up as a policyholder or record you as a party entitled to indemnity under the policy;
-
To communicate with you as required;
-
To administer and renew your policy;
-
To communicate with your broker, advisor or any third party acting on your behalf;
-
To create a candidate profile for you if you are a prospective employee so that we can take steps prior to entering into a contract with you;
-
As part of our efforts to keep our websites safe and secure which is necessary for compliance with our legal obligations and for our legitimate business interest;
-
To administer and improve our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, which is necessary for our legitimate business interests.
-
For training and security purposes which is necessary for compliance with our legal obligations and for our legitimate business interest;
-
To process your premium and other payments;
-
For claims management including investigating, assessing, processing, undertaking dispute resolution, settling claims and bringing and/or defending legal proceedings;
-
To make suggestions and recommendations to you and other users of our website about services that may interest you. This is necessary for our legitimate business interests and may be based on your consent where you have chosen to give it;
-
To deliver information about insurance products and services to you or to enter you in promotional competitions, where you have subscribed to same and in accordance with your preferences and based on your consent where you have chosen to give it;
-
To prevent, detect and investigate insurance fraud, as well as other offences including money laundering, and to assist An Garda Síochána (or other law enforcement agencies) or any other authorised investigatory body or authority with any inquiries or investigations;
-
To carry out research and analysis including analysis of policyholders and others whose Personal Data we collect as set out in this Privacy Policy in accordance with our legitimate business interests;
-
For staff training and quality assurance purposes;
-
To manage and investigate complaints;
-
To establish and defend legal rights, to protect our operations or those of our Group companies, Product Providers or business partners;
-
To comply with regulatory requirements;
-
For reinsurance purposes;
-
To check against international/economic or financial sanctions laws or regulated listings to comply with legal obligations or otherwise to protect our legitimate business interests and/or the legitimate interests of our Product Provider and others.
The legal bases for the processing of your Personal Data and Special Categories of Personal Data are:
-
Processing necessary for the performance of a contract which you have entered into with one of our Product Providers or to take steps at your request prior to entering into a contract;
-
Processing necessary for the purposes of the legitimate interests which we pursue prior to contract (for example, in providing you with quotations on behalf of our Product Providers) and post contract (for further details, see the section titled WHO MIGHT WE SHARE YOUR PERSONAL DATA WITH?) where such interests are not overridden by your interests or fundamental rights or freedoms which require the protection of your information;
-
Processing based on your consent where you have provided us with same, for example, if necessary in order to process a Special Category of Personal Data;
-
Processing data concerning health where necessary and proportionate for the provision of insurance policies;
-
Processing necessary for compliance with a legal obligation to which we are subject; and
-
Processing that you have provided consent for with respect to one or more specific purposes (for example, subscribing to a mailing list, entering a competition, submitting a request for information or communication).
In any event, ARB are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy.
How will we use the personal data we collect about you?
ARB will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary.
Special Categories of personal data If we collect any special categories of personal data (e.g. health, religious beliefs, racial, ethnic origin – financial information is not classified as special categories of personal data) – we will ensure that we will obtain your explicit consent.
Explicit Consent: This is consent that is freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Who are we sharing your data with?
In certain instances, we may make your information available to third parties with whom we have a relationship where that third party is providing services on our behalf. We will only provide those third parties with information that is necessary for them to perform the services and we take measures to protect your information.
When you apply for or purchase a product through a broker, or other third party, we will, as appropriate, correspond with that broker, or other third party relating to your products: this may result in us sharing your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with that broker, or other third party.
The third parties that we pass your personal data to are:
-
Your representatives, such as a relative, a named individual on the policy
-
Your broker or any legal representatives you may appoint;
-
Our own representatives, such as appointed legal counsel or third-party services providers for actions such as data storage, fraud detection, credit checking, motor assessors, risk analysis, etc;
-
Other individuals, such as third-party claimants and their representatives, other insurance companies, anti-fraud data bases (e.g. Insurance link);
-
Product reinsurers;
-
External Auditors, either third party or regulatory i.e. Central Bank of Ireland;
-
Government departments, such as An Garda Siochana and Motor Insurers’ Bureau of Ireland.
Please note, information about claims (whether by policyholders or third-parties) is collected by us when a claim is made under a policy and may be placed on InsuranceLink. This information may be shared with other insurance companies, self-insurers or statutory authorities.
The purpose of InsuranceLink is to help us identify incorrect information and fraudulent claims and, therefore, to protect policyholders. Under data protection legislation you have a right to know what information about you and your previous claims is held on InsuranceLink. If you wish to exercise this right, please contact us at the address below or for further information on InsuranceLink go to www.inslink.ie.
If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your explicit consent, unless we are legally required to do otherwise.
If we transfer personal data to a third party or outside the EU we as the data controller will ensure the recipient (processor or another controller) has provided the appropriate safeguards and on condition that enforceable data subject rights and effective legal remedies for you the data subject are available.
Data Subjects Rights:
ARB facilitates you, our clients, rights in line with our data protection policy and the subject access request procedure. This is available on request.
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
Right of access: You have the right to request a copy of the information that we hold about you.
Right of rectification: You have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten: In certain circumstances you can ask for the data we hold about you to be erased from our records.
Right to restriction of processing: Data Subject may request to restrict the processing of data that they feel is inaccurate, processed unlawfully, that is irrelevant to the contract, or have invoked their right to object.
Right of portability: Data subject may request that all personal information be copied and transferred to another company in a readable and functional format.
Right to object: You have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling: Data subject may request to not have decisions made on the processing of their data solely based on an automated electronic process without any human intervention.
Right to judicial review: In the event that we refuse your request under rights of access, we will provide you with a reason as to why.
All of the above requests will be forwarded on should there be a third party involved as we have indicated in the processing of your personal data.
You may exercise any of the above rights by writing to us compliance@arb.ie
Suite 1, The Cube Offices, Beacon South Quarter, Sandyford, Dublin 18
Tel: 01 525 7900
Additional information
Retention of your personal data
Data will not be held for longer than is necessary for the purpose(s) for which they were obtained.
ARB will process personal data in accordance with our retention schedule.
Only relevant data will be retained by ARB in order for it to fulfil its legal and regulatory responsibilities.
Quote information: 15 months
Policy information: 7 Years from end date of the policy.
Policy information where a claim is present: 7 years from when the claim is finalised
Employment applications: 1 year
Complaints
In the event that you wish to make a complaint about how your personal data is being processed by ARB or how your complaint has been handled, you have the right to lodge a complaint directly with the Data Protection Commission or ARB’s GDPR Owner.
Failure to provide further information
If we are collecting your data for a contract and you cannot provide this data the consequences of this could mean the contract cannot be completed or details are incorrect.
Profiling – automatic decision making
Automated decision-making takes place when an electronic system uses Personal Data and/or Special Categories of Personal Data to make a decision without human intervention.
We use automated decision making, including profiling, in the following situations:
We use the information provided by you and obtained from third party sources about you, including your claims history and other factors relating to the risk proposed such as your address, your age and the type of vehicle you drive in order to undertake a risk assessment and to determine the appropriate premium on behalf of our Product Providers.
During the underwriting process we may send some of your Personal Data to third party contractors in order to validate and obtain additional information relevant to the risk being proposed. We may also send your address details to a third party contractor to determine information about the area in which you live in order to assess any environmental risks (such as the potential flood risk). This is done in order to properly assess your risk profile which determines your premium and the insurance cover to be provided to you.
Underwriting is the process by which an insurance company assesses, accepts or rejects risks and classifies those selected, in order to charge an appropriate premium. The underwriting factors that must be evaluated to complete the underwriting process depend on the insurance product the customer is interested in; each product requires different categories of information to assess the risk profile of the proposer.
Where a decision is based on solely automated decision making, you will always be entitled to have a person review the decision so that you can contest it and to elaborate on your specific circumstances and make a personal representation.
Additional Processing
If we intend to further process your personal data for a purpose other than for which the data was collected, we will provide this information prior to processing this data.
Contact Us
Your privacy is important to us. If you have any comments or questions regarding this statement, please contact us by:
Email Address: compliance@arb.ie
Phone Number: 01 525 7900
Privacy policy statement changes
ARB may change this privacy policy from time to time. When such a change is made, we will post a revised version online. Changes will be effective from the point at which they are posted. It is your responsibility to review this privacy policy periodically so you’re aware of any changes. By using our services, you agree to this privacy policy.