Halligan Life & Pensions Ltd t/a Halligan Insurances, Good Insurance
what information we collect;
how we use that information;
how this information is shared;
your rights; and
other useful privacy and security related matters.
We hope you take the time to read this policy. It is important to check back often for updates to this policy. If we make changes we consider to be important, we will let you know by placing a notice on the relevant Service and/or contact you using other methods such as email.
Who is the Data Controller?
Halligan Insurances, Good Insurance’ data controller is Halligan Life & Pensions Limited of William Norton House, 575 North Circular Road, Dublin 1.
Who is the Data Protection Officer (DPO)?
Halligan Insurances, Good Insurance have appointed a Data Protection Officer (‘DPO’) who can be reached at firstname.lastname@example.org. Please see the ‘Your rights’ section below.
Information we collect
When you use our Services, we collect the following types of information:
We collect personal information provided by you or others to be used by us, and your insurance company (where applicable) for the provision and administration of insurance products, and related services and for statistical analysis. This information may include, but is not limited to your name, postal address, e-mail address, phone number, credit/debit card details and any other details as might be requested from you for the purpose of providing you with our Services.
We may also collect information from you if you request further information or contact customer support.
Should you be unable to to provide us with the required personal data, we will be unable to provide you with insurance or process a claim.
Additional Information collected:
We may also collect the following information:
name, contact information and message if you contact us, or participate in a survey, contest or promotion;
details such as device information including unique device identified;
your payments, payment method and other account transactions – these are routinely analysed to assist us in improving the Services we provide to you;
your telephone conversations – either to renew/update a policy or a customer service call;
your response to marketing campaigns from us or through our third parties i.e. open/click on such emails;
your social media profile details (name, profile photo and other information you make available to us) when you connect with or contact us through a social media account;
information from third party databases to comply with our legal and regulatory obligations.
Third Party and Publicly Available Sources
Not all the personal information we hold about you will always come directly from you. We may also collect information from third parties such as our partners, service providers and publicly available websites (i.e. social media platforms), to comply with our legal and regulatory obligations, offer Services we think may be of interest, to help us maintain data accuracy and provide and enhance the Services.
Legal and regulatory obligations: We may be required to use and retain personal information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; or fraud. We may also use personal information to meet our internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate: (a) under applicable law, which may include laws outside your country of residence; and (b) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence.
How long is the information stored
Information provided to generate a quotation, which is not converted into an insurance contract, may be retained for a period of up to 2 years from the date of the quotation.
Information in respect of a quotation, which does result into an insurance contact with a policy arranged and administered by us (to include all call recordings and claims on the policy) will be held for 6 years after the ending of our relationship to ensure we meet our regulatory obligations.
We have entered into binding authority agreements with some insurers. These agreements enable us to accept insurance business on the insurers behalf, in accordance with the insurers underwriting guidelines. Under these agreements we act as an agent of the insurer in some regards.
How is the information shared
Your personal information may be transferred or disclosed to the Company or, subject to appropriate agreement, to third parties, for the processing of that personal information based on our instructions and in compliance with this policy and any other appropriate confidentially and security measures.
We will use and share certain personal data in the administration of the contract or to commence a contract of insurance. These activities include for the following for legal purposes: providing a quotation, arranging and administering a policy, handling a claim, handling third party claims, sharing information with your Insurer where applicable and others that are authorised on your behalf, such as loss adjusters, claims handlers, medical practitioners, engineers and repairers and legal practitioners.
Third parties for legal reasons:
We will share personal information when we believe it is required, such as:
To comply with legal obligations and respond to requests from government agencies, including law enforcement and other public authorities, which may include such authorities outside your country of residence;
To verify the accuracy of the information we receive and to process payments for policies purchased;
To manage and investigate complaints made and to comply with laws and regulations.
Your personal information including, but not limited to, your registration details, records of payments, device information etc., may also be disclosed to any regulatory body in connection with policing the integrity and detection of crime and where the Company considers that there are reasonable grounds to suspect that you may be involved in a breach of such rules or the law. The Regulatory body may then use your personal information to investigate and act on any such breaches in accordance with their procedures.
Your rights and GDPR
Under the General Data Protection Regulation, you, as a data subject have a number of rights which are detailed below. Some of these only apply in specific circumstances and are qualified in several respects by exemptions in data protection legislation. We will advise you in our response to your request if we are relying on any such exemptions.
Access to personal data: You have a right to request a copy of the personal information that we hold about you. Should you wish to make such a request, please see the Contact Us section for information on how to contact us.
You should include adequate information to identify yourself and such other relevant information that will reasonably assist us in fulfilling your request. Your request will be dealt with as soon as possible.
Correction of personal data: You can request us to rectify and correct any personal data that we are processing about you which is incorrect. We may provide you with account settings and tools to access the information associated with your account.
Right to withdraw consent: Where we have relied upon your consent to process your personal data, you have the right to withdraw that consent.
Right of erasure: You can request us to erase your personal data where there is no compelling reason to continue processing. This right only applies in certain circumstances, it is not a guaranteed or absolute right.
Right to data portability: This right allows you to obtain your personal data that you have provided to us with your consent or which was necessary for us to provide you with our products and services in a format which enables you to transfer that personal data to another organisation. You may have the right to have your personal data transferred by us directly to the other organisation, if this is technically feasible.
Right to restrict processing of personal data: You have the right in certain circumstances to request that we suspend our processing of your personal data. Where we suspend our processing of your personal data we will still be permitted to store your personal data, but any other processing of this information will require your consent, subject to certain exemptions.
Right to object to the processing of personal data: You have the right to object to our use of your personal data which is processed on the basis of our legitimate interests. However, we may continue to process your personal data, despite your objection, where there are compelling legitimate grounds to do so or we need to process your personal data in connection with any legal claims.
Rights relating to automated decision making and profiling: You have the right not to be subject to a decision which is based solely on automated processing (without human involvement) where that decision produces a legal effect or otherwise significantly affects you. This right means you can request that we involve one of our employees or representatives in the decision-making process. We are satisfied that we do not make automated decisions of this nature.
How to contact us
For any requests related to your personal information or any of your rights referenced above, please feel free to contact us in one of the following ways:
Call: 01 8797100
Post: Customer Services, Halligan Life & Pensions Ltd, William Norton House, 575 North Circular Road, Dublin 1.
Filing a complaint
If you are not satisfied with how we manage your personal data, you have a right to make a complaint to the Office of the Data Protection Commissioner, Canal House, Station Road, Portarlington, Co Loais.
Other useful privacy & data security related matters
We retain personal information for as long as we reasonably require it for legal or business purposes. For the unregulated jurisdictions in which we operate, and subject to us not having a legal or regulatory requirement or a risk management reason for retaining your information for a longer period, your information will not be kept for longer than 7 years post account closure.
We recognise that online security and data protection is an area of vital importance for all our customers, so it is important to us that you have confidence in the security of your personal details before you register an account. We are committed to employing security measures to protect your information from access by unauthorised persons and to prevent accidental or unlawful processing, disclosure, destruction, loss, alteration and damage. Our technological security solutions are very advanced and are governed by a mature framework. Our approach is focused on preventing risks. In order to help us in this regard, we employ pseudonymization and encryption whenever possible to reduce the impact of any potential incidents. As the security of some communications via the internet is not completely secure, we cannot guarantee the security of any information that you disclose using your internet connection. You accept the inherent security implications of using the internet and the Group will accept no liability for any direct, consequential, incidental, indirect, or punitive losses or damages arising out of such an occurrence.
Published on 23rd May 2018