OUTsurance Privacy Notice
OUTsurance DAC (‘OUTsurance’ or We), is a member of the global OUTsurance Group (‘Group’). We are established in Ireland to undertake and carry out insurance business against non-life risks and liabilities, including home and motor insurance. We are regulated by the Central Bank of Ireland, registered under company number 724743, and headquartered in Co. Dublin, Ireland.
We know you care about your privacy, and we take that seriously. This Privacy Notice describes OUTsurance’s policies and practices regarding the collection and use of your personal data and sets forth your privacy rights.
We use certain expressions throughout this document which are defined below for your reference.
Consent is any “freely given, specific, informed and unambiguous” indication of the individual’s wishes by which the data subject, either by a statement or by clear affirmative action, signifies agreement to personal data relating to them being processed for one or more specific purposes.
Cross Border Data Transfers to countries outside the European Economic Area (EEA) or to international organisations is subject to restrictions. Data does not need to be physically transported to be classified as transferred. Viewing data in another location would be equated to a transfer for GDPR purposes.
Data Controller means the entity which, by itself or jointly with others, determines the purposes and means of processing Personal Data. OUTsurance is the Data Controller in respect of Personal Data and Special Categories of Personal Data covered by this Privacy Policy.
Data Breach is a security incident leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or processed.
Data Processor is an organisation or individual that processes information on behalf of a data controller. They have no decision-making authority and cannot do anything with data unless instructed by the controller. An example is a payroll company, accountant, or research company.
Data Protection Officer (DPO) is a staff member or contractor hired to ensure and demonstrate compliance with data protection laws. They must be experts in data protection laws and practices and should communicate with supervisory authorities, conduct DPIAs, advising the organisations on the GDPR and how to comply.
Data Subject (You)
Identified or identifiable natural person, i.e., one who can be identified, directly or indirectly, in particular by reference to an identifier, such as name, an identification number, and location data.
Legitimate Interest
When relying on our legitimate interest or a third party’s, we will demonstrate to you that your fundamental rights have not been compromised. We will:
- Ensure the purpose is legitimate
- Ensure processing is necessary to the legitimate interest
- Inform you at the time of collection
- Balance interests with your interests
- Uphold your fundamental rights and freedoms
Personal Data means any information relating to a ‘data subject’ (You).
Special Categories of Personal Data includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Access & Rectification means that you are able to request certain information from us free of charge, unless making copies in which a small administration fee may be charged.
Data Portability gives you the right to obtain and transfer your data to a different controller or service in a “commonly structured and machine-readable form”.
Erasure is also known as the “Right to be Forgotten” when you may request your personal data to be erased and no longer processed subject to our legal and accounting obligations.
Rectification of your data, including correction of errors and updating incomplete information.
Restriction of Processing of stored personal data with aim of limiting processing in the future. Different from erasure, it allows personal data to continue to be stored without further being processed.
To Be Informed about the collection and the use of your personal data at the time of collection. The data with respect to the below topics will be provided to you in a concise, transparent, intelligible, easily accessible format:
- Purpose of processing personal data
- Retention periods for the data
- Who the data will be shared with
To Complain. If you have any concerns in relation to the way We process your personal data, you can either contact our Data Protection Officer (DPO) or address your issue directly to Data Protection Commission.
To Object to the processing of your personal data where the Legitimate interest is used as the legal basis for processing data in relation to your policy.
Withdrawal of consent. For certain uses of your personal information, we may ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information. Withdrawal of consent would not invalidate any processing we carried out prior to your withdrawal of consent. Please note that in some cases we may not be able to process your insurance if you withdraw your consent.
We do not generally rely on consent for processing personal information in relation to insurance contracts; we generally rely on other legal grounds, such as the basis that processing is necessary for the performance of a contract to which you are party.
We process your Personal Data and Special Categories of Personal Data in connection with the insurance policies we underwrite and administer in the Republic of Ireland. In addition, depending on your relationship with us (for example, a partner, a vendor, or a candidate for a role with us), we may collect different types of data relating to you.
Where appropriate, we will use this information for certain purposes depending on the relationship we have with you.
If you are an actual or prospective insured member, we will use this information for the following purposes:
- Undertake a risk assessment and evaluation in line with our underwriting protocols, determine the premium requirement and/or provide a quotation, in order to comply with our legal obligations and to enter into a contract with you;
- Set you up as a policyholder or record you as a party entitled to indemnity as well as administer the policy, including with respect to the collection of premiums, processing of claims and other payments made in the course of our contractual relation;
- Communicate with you and/or any third party acting on your behalf as part of our business relationship;
- Manage claims, including investigating, assessing, processing, undertaking dispute resolution, settling claims, and bringing and/or defending legal proceedings.
- Identify whether a vehicle has been taxed, NCT or if the vehicle has been involved in a claim or written off using the VRN system; to validate your driving licence number with the relevant authority; to validate the number of penalty points disclosed by you; to validate the licence date and country of origin of the licence.
- Prevent, detect, and investigate insurance fraud, as well as other offences including money laundering, and to assist An Garda Síochána or any other authorised investigatory body or authority with any inquiries or investigations;
- Deliver information about our products and services to you or to enter you in promotional competitions, where you have subscribed to same and in accordance with your preferences and based on your consent where you have chosen to give it.
- Direct Marketing
If your chosen preference is to receive marketing, we may contact you by email, SMS, phone, or post, depending on your preferred method of communication, to send you OUTsurance branded information on special offers, partnerships, competitions, vouchers, and products.
We may reach out to you via email, SMS, phone, or post for cross selling purposes if you have provided consent for the same via phone or through our website.
We may reach out to you to follow up on a quote you have requested via email, SMS, phone, post or through our website if you have provided consent for the same.
- To opt-out of receiving communication related to direct marketing activities please contact us via phone, email, or post. See contact details section below for more information.
If you are a business partner, we may also collect your personal information from our day-to-day business activities with you, business referrals and your attendance at events.
We may, as a result of our business dealings, come to possess personal data in relation to you and your employees, directors, officers, and other representatives. We may receive such data from you, from such persons, or from other sources (for example, published or publicly available directories); and some limited data may be recorded indirectly by internal security and communication systems or by other means (for example, visitor logs maintained by security officials at our offices). Subject to compliance with the applicable data protection legislation, we may use and disclose such data solely for purposes connected with the business dealings.
If you have applied for a job through our Careers portal or job posting websites such as LinkedIn, Indeed, Irish jobs, your personal data will be collected and stored in our servers or third-party servers. Typically, this is the data which will be collected, stored, and processed (until you ask us to stop the processing or ask us to delete it):
- Name, address, telephone number(s) and email address
- Details of qualification (where required for a role), skills, experience, and employment history
- Details of eligibility to work in Republic of Ireland.
- Any additional information contained in a candidate’s CV such as referee information, disclosed at interview or otherwise provided to us during the recruitment process.
- Your accessibility requirements, if any.
- In case you attend an onsite job interview, your images will be captured in our CCTV which have been installed strictly for security purposes.
We will retain data in relation to unsuccessful job applications, including Curriculum Vitae and references for 1 year and 1 day or, where successful, for the duration of the employment plus 7 years from the date of termination.
There are also legitimate business interests under which we will be processing data as follows:
- To develop and improve insurance products. It may include the creation of models and profiles for purposes such as pricing, fraud prediction, evolution of claims, monitoring of quality standards, customer’s suitability for the product and determination of premium.
- To investigate, detect and prevent fraud, as well as cases of high claim rate, for which information of the interested parties will be consulted in the common databases of the insurance sector and in capital solvency databases, at the time of the conclusion of the contract, during its validity and after its resolution. Likewise, it also seeks to prevent and detect identity and civil status fraud.
- For video surveillance and access control at our headquarters to ensure the safety of people and property as for the prosecution of crimes, where appropriate.
- To carry out internal audit processes and ensure our regulatory compliance.
- Although we normally rely on Consent for direct marketing activities, Depending on the specific case we may have a legitimate interest in sending commercial communications that may be of the interest of consumers. This may include marketing campaigns, cross-selling, promotion of our products and brand, loyalty programs and rewards agencies, information on bonuses for referring family and friends, congratulations on special occasions, newsletters or other sponsorships, information on events, sending information on offers and incentives through the elaboration of commercial profiles. These campaigns can be carried out through emails, calls, SMS, search engines, social networks and involve automated processing for monitoring.
- To manage our social networks and the content published on them given our legitimate interest in positioning our image via digital means and interacting with users through them.
- To promote service quality surveys and loyalty to our insurance products via email, SMS or telephone in order to make strategic and business decisions, as well as improve the services provided.
- To administer, improve, and ensure the safety of our website both for users and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes. For further information please see our Cookies Policy.
- For quality assurance in relation to the services we provide. It will include call recording for monitoring of the performance of sales agents, claims handlers and related employees in delivering the expected levels of customer service. Recordings will be used in induction and development training sessions of sales advisors.
- To manage and investigate complaints;
- To defend our legal rights, to protect our operations or those of our Group companies or business partners;
- To check against international/economic or financial sanctions laws or regulated;
- To ensure compliance with legal and regulatory requirements. For motor policies only, in compliance with the Road Traffic Act 1961 (as amended) we share details of your policy with the Motor Insurers Bureau of Ireland (The details on MIBI processing activity can be found on https://www.mibi.ie), the Minister for Transport, Tourism and Sport and An Garda Síochána for the purposes of section 78A as autonomous data controllers.
- For reinsurance purposes.
If you are buying an insurance policy with us, the personal data we collect, and use will differ depending on the product we are arranging but typically includes:
- Full name (of policyholder and any other individuals who may benefit from the relevant insurance claims or services)
- Date of Birth, Gender, Marital Status
- Employment details
- Existing policy details
- Username and password for a website account (which you may set up in order to obtain a quote or purchase insurance or services)
- Address and contact details, including email address and phone number
- Level of cover and policy details (for insurance policies)
- Other details requested on application forms such as vehicle registration, make and model, or boiler make and model
- Payment details, which may include your credit card or bank details
- Vehicle registration number, Driving Licence Number
- No Claims Discount (NCD) PIN where applicable
- Health-related data in the context of claims
- Unspent criminal convictions and for car insurance, penalty point information and Road Traffic offences.
We will also assign you a policy or contract number which we will record alongside your other personal details.
If you provide us with details relating to other individuals (for example, those with an interest under the policy or contract such as named drivers and authorised persons), please ensure such individuals are aware that we will use their details for the purposes of the relevant insurance policy or services, and direct them to this privacy notice for more information. If you do not provide us with the requested information, then we may not be able to offer you the applicable insurance policy or services. |
Furthermore, you may give us Personal Data and Special Categories of Personal Data:
By corresponding with us in writing, by phone, email or otherwise. We ask you to disclose only as much Personal Data and/or Special Categories of Personal Data as is necessary to provide you with our Products and services or to submit a question/suggestion/comment in relation to our websites, our Products, or our customer service;
By applying for, or purchasing, one or more of our Products, either directly from us or via an authorised intermediary, advisor or another third party (e.g. your employer if you are a member of a group scheme);
By setting up profiles or logging onto your profile on www.outsurance.ie (our “website”);
By posting on our social media platforms, message boards, blogs, and any other services to which you can post information. Please note that if you share Personal Data or Special Categories of Personal Data through these services, this information may become public information;
When you supply us with goods or services;
By applying to work with us. The type of information you may provide includes your curriculum vitae (CV), a cover letter, your name, address, email address and telephone number. CVs should include information relevant to your employment history and education (e.g. degrees obtained, places worked, positions held, relevant awards). We ask that you do not disclose Special Categories of Personal Data (e.g. medical information, religion, philosophical or political beliefs) or financial data in your application;
By visiting our offices your image may be captured on the closed-circuit television (CCTV) cameras located in Cherrywood Business Park’s common areas, including car park, and Building 3 general reception. Your personal data is processed in accordance with their Privacy policy, which can be found here: https://thecampus.ie/privacy-policy/ There is also a limited number of cameras installed in our offices exclusively for security purposes, covering the publicly accessible areas within the premises. Images captured are not further processed in a manner that is incompatible with those purposes. Notification of CCTV usage will be available through easily read and well-lit signs at the entrances.
Automated decision-making In order to incept and administer an insurance policy, OUTsurance may use profiling and automated decision-making processes. Automated decision-making is the process of making a decision by automated means without any human involvement. These decisions can be based on factual data, as well as on digitally created profiles or inferred data. Examples of this include:
Some of the benefits of automated processes include allowing greater consistency and fairness (e.g. by reducing the potential for human error and discrimination) and a more efficient decision-making process. Where sensitive personal information is relevant to the profiling, such as past motoring convictions for motor insurance, your sensitive personal information may also be used in the profiling models. OUTsurance endeavours reasonable efforts to ensure that data you provide us with is recorded accurately and checks the analytics for hidden bias. We also have measures in place to verify and ensure, on an ongoing basis, that data reused or obtained indirectly is accurate and up to date. Please note: You have certain rights in respect of automated decision making where that decision has significant effects on you. |
We may share your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with other companies in the Group, partners of the Group and coinsurance and reinsurance companies, located in Ireland and abroad, including outside the European Economic Area (’EEA’).
We may also share your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with selected third parties, including business partners, and suppliers and sub-contractors, such as engineers, repairers, motor assessors, loss adjustors, expert appraisers, expert witnesses and alike located in Ireland and abroad, including outside the EEA (for example, to provide you with our Products and for the performance of any contract we enter into with you or them). Further details of the sharing of Personal Data (including, if necessary and in accordance with legal requirements, Special Categories of Personal Data) are set out below and in Schedule of this Privacy Policy.
All our third-party service providers and other entities in the Group are required to take appropriate security measures to protect your Personal Data and/or Special Categories of Personal Data, in line with our policies. We do not allow our third-party service providers to use your Personal Data or Special Categories of Personal Data for their own purposes. We only permit them to process your Personal Data and/or Special Categories of Personal Data for specified purposes and in accordance with our instructions.
Data Analytics OUTsurance uses your personal data for certain purposes concerning data analytics as follows: Get a more complete understanding of how you engage with our business so we can deliver better experiences and drive results. Develop a customer-centric measurement across our website and app identifying the role different channels play. |
In addition, we may disclose your Personal Data and Special Categories of Personal Data with third parties:
In the event that we sell or buy any business or assets, in which case we will disclose your Personal Data and Special Categories of Personal Data to the proposed seller or buyer of such business or assets, as appropriate;
If we, or substantially all of our assets, are acquired by a third party, in which case Personal Data and Special Categories of Personal Data held by us will be one of the transferred assets;
If we are under a duty to disclose or share your information in order to: comply with any legal obligation, Court Order or to co-operate with state bodies; enforce this Privacy Policy or apply our terms of use and other agreements; or protect our rights, property, safety, customers, or others. This includes, without limitation, exchanging information with other companies and organisations (including private investigators, where appropriate) for the purposes of fraud protection and credit risk reduction;
We have set out in Schedule of this Privacy Policy a list of third parties with whom we share your Personal Data and, where necessary and in accordance with legal requirements, Special Categories of Personal Data.
Please note, information about claims (whether by our customers or third parties) is collected by us when a claim is made under a policy, including where the information is made available on InsuranceLink. This information may be shared with other insurance companies, self-insurers, or statutory authorities.
The purpose of InsuranceLink is to help us identify incorrect information and fraudulent claims and, therefore, to protect customers. Under data protection legislation you have a right to know what information about you and your previous claims is held on InsuranceLink. If you wish to exercise this right, please contact us at the address below or for further information on InsuranceLink go to www.inslink.ie.
Finally, where you have consented to our doing so, we may share information that you provide to companies within the Group and with other companies that we establish commercial links with so we and they may contact you (by email, SMS, telephone or other appropriate means) in order to tell you about carefully selected products, services or offers that we believe will be of interest to you.
Retaining Your Personal Data and Special Categories of Personal Data
The time periods for which we retain your Personal Data and Special Categories of Personal Data depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted.
All Personal Data and Special Categories of Personal Data will be retained for the duration of the periods set out in our Data Retention Policy. These periods of time are subject to legal, tax and regulatory requirements or to enable us to manage our business. If you would like further information, please contact us at the details provided below.
In some circumstances we may anonymise your Personal Data and Special Categories of Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you. This anonymised data may be used for research or analytical purposes.
Security of Your Information
We have put in place measures to protect the security of your Personal Data and Special Categories of Personal Data.
Details of these measures are available upon request.
Third parties acting on our behalf or other third parties such as loss adjusters, assessors, amongst others will only process your Personal Data and Special Categories of Personal Data on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your Personal Data and Special Categories of Personal Data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your Personal Data and Special Categories of Personal Data to those employees, agents, contractors and other third parties who have a business need to know.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
The duration for which we retain data is determined by its intended use, the timeframes specified by laws, and the duration needed to ensure compliance with legal requirements. Typically, we keep information for the following periods:
Type of record |
Retention period |
CCTV images within OUTsurance’s Head office area |
30 days |
Data related to unsuccessful or incomplete quotes |
36 months |
Data related to Potential or Actual Claims Taken Out on a Policy |
10 years after the full and final settlement has been agreed. |
Data related to Potential or Actual Claims Taken Out on a Policy where a child is involved
|
The later date of 10 years after the child turns 18, or the full and final settlement date has been agreed. |
Policy Data |
10 years from date on which the policy expires |
Do We Transfer Your Information Outside the European Economic Area?
Yes. Given the global nature of our business, our data is transferred to at least one other country outside the European Economic Area.
The Personal Data and Special Categories of Personal Data that we collect from you may be transferred to, and stored, outside the European Economic Area (‘EEA’) and for which there may be no adequacy decision relating to the safeguards for Personal Data from the European Commission. In such instances, appropriate safeguards are put in place to protect your Personal Data and Special Categories of Personal Data and you may obtain a copy of these safeguards by contacting our Data Protection Officer using the contact details provided below.
You can contact us through the following channels:
Phone: OUTsurance Customer Services on +353 1800 600 400 or,
Email: dpo@outsurance.ie
Post: Data Protection Officer, OUTsurance DAC, 2nd floor, Building 3, The Campus - Cherrywood Business Park, Dublin 18, Co. Dublin, Ireland D18 TF72.
Our Cookie Policy is available at www.outsurance.ie. It provides information about the use of cookies on our website. We will also ask you to consent to our use of cookies in accordance with the terms of the policy when you first visit our website. Terms relating to your insurance policy or service-only contract with us (where relevant) are provided separately by us on this website.
We recognise that information privacy is an ongoing responsibility, and so we will, from time to time, update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.
Postal Address
|
21 Fitzwilliam Square South Dublin 2 D02 RD28 Ireland |
Email Address |
SCHEDULE
How We Obtain Your Personal Data
We collect Personal Data through our various interactions with OUTsurance Group, you, and our appointed agents. This can be through different channels such as websites, contact centres, e-mail, post and in person. Further information about these channels is set out below.
Personal Data Provided By |
Details |
Direct Engagement with You |
We collect your Personal Data directly from you when you:
|
Indirect Engagement |
We collect your Personal Data indirectly from third party service providers in certain circumstances. These parties include:
|
Personal Data is also obtained from other sources such as third-party databases and public websites. We use these databases and websites to obtain additional details to help verify Personal Data and other information you have provided. Further information about these channels is set out below.
Third Party Database |
Details about Collecting Personal Data |
Insurance Link |
This database contains information relating to claims (i.e. Claims Data). It is a shared insurance industry database that allows its users (i.e. insurance companies, self-insurers, and statutory authorities) to gather, share and compare recorded claims with claims history information provided by new claimants against policyholders. Personal Data shared on Insurance Link may be shared with other insurance companies, self-insurers, or statutory authorities. For more information please visit https://www.inslink.ie. |
IIDS (Integrated Information Data Service) |
This is a shared members database that, by arrangement with the Department of Transport, allows users to confirm the accuracy of penalty points and no claims discount information provided by customers with motor policies. |
Third parties with whom we share your Personal Data
We must share Personal Data on insured persons to third party databases, our service providers, staff, agents, Government/statutory/regulatory bodies. We may also share your Personal Data during the insurance process on third party databases to verify certain Personal Data that you have provided to us. Further information on such sharing is set out below.
Third-party Database |
Details about sharing personal data |
InsuranceLink |
Database containing information relating to claims (i.e. Claims Data). It is a shared insurance industry database that allows its users (insurance companies) to gather, share and compare recorded claims with claims history information provided by new claimants against policyholders. Personal Data shared on Insurance Link may be shared with other insurance companies, self-insurers, or statutory authorities. For more information, please visit https://www.inslink.ie. |
National Fleet Database |
This database is used to verify information provided to us for fleet insurance customers. |
Motor Insurance Bureau of Ireland |
Governing authority which deals with motor accidents which are committed by uninsured or unidentified persons, or which involve foreign vehicles. |
National vehicle and Driver File |
Database containing a register of all vehicles and drivers of vehicles in Ireland |
Personal Injuries Assessment Board |
Independent State body which assesses personal injury compensation |
Other entities we share Your Personal Data with can be found in the table below:
Some third parties may keep their own record of Personal Data obtained (e.g. Insurance Link). Please check the Data Protection Notices of these third parties if you want more information about how they process Personal Data. We may have to share some or all of your Personal Data with the parties listed below. Please note that these parties are non-exhaustive as they may change from time to time.
Recipient |
Details about sharing personal data |
Our staff or agents |
|
Service Providers |
|
Government, Regulatory and Statutory Bodies |
|
Witnesses |
Witnesses to any incidents/accidents to which you are involved |
Claimants and their Legal or Medical representatives |
|
Any Party You Have Given Us Permission to Speak to |
|
Any Party Named Under Your Insurance Policy |
|
Other Insurers and Their Agents |
|