- Hastings (Westport) Ltd trading as Hastings Insurance Brokers, Irishweddinginsurance.ie, Mytravelinsurance.ie & Myfarminsurance.ie;
- David Flannelly (Holdings) Ltd trading as Hastings Insurance Brokers & Flannelly Insurances and
- Pat Hardiman Insurances Ltd trading as Hastings Insurance Brokers,
thereafter referred to as ‘Hastings,’ is committed to respecting and protecting your privacy.
Hastings recognises that protecting personal information is very important to you. It is the intention of this privacy notice statement to explain to you the information practices of Hastings in relation to the information we collect, use and store about you. It is supplemental to the Data Protection Notice provided to you in our Terms of Business. It sets out in more detail how we handle and manage your personal information including sensitive data we may process. Personal data relates to you, anyone insured under your policy or anyone whose personal data we process in connection with your policy/portfolio and applies to all your dealings with us.
For the purposes of the General Data Protection Regulations (GDPR) the data controller is:
- Contact details for GDPR Queries at Hastings are: The Octagon, Westport, Co Mayo Tel. 098 27227 or Email: Dataprotection@hastings.ie.
- When we refer to ‘we’ we mean Hastings.
It is important that you read this document and show it to anyone else who is insured or named under your policy of insurance. Please make sure anyone else insured or named under your policy has provided you with consent to provide their personal information to us.
Who are we?
Our principal business as Insurance Broker is to provide advice and arrange transactions on your behalf in relation to life & pensions/savings & investments/mortgages and general insurance products including personal and commercial lines. Hastings has 6 branches located in Westport, Claremorris, Ballina, Castlebar, Tuam and Sligo.
Purpose for collecting and processing your data
As an Insurance Broker, the personal data we collect from you is passed on to an insurance company in order to obtain a premium and provide you with a quotation in relation to a service you have requested, arrange a transaction on your behalf, administer, manage your policy, provide premium renewal details and assist with claims as part of our service. We may also collect your personal data to verify your identity or to compile and process your information for audit, statistical or research purposes, for compliance with regulatory and legal requirements, for internal record keeping and to protect your vital interests. We may also process your personal data where we have a legitimate interest to do so, subject to those interests not over-riding your fundamental rights and freedoms. This includes: market research and statistical analysis to improve our services and products, to protect our business, reputation, resources and equipment, manage network and information security and prevent and detect fraud, dishonesty and other crimes, investigating complaints, training and monitoring staff.
We receive personal information about you, when you contact Hastings through various channels ie, by requesting a quotation, using one of our website’s including www.hastings.ie, www.Irishweddinginsurance.ie, www.Mytravelinsurance.ie www.Myfarminsurance.ie or the live online chat facility, submitting a claim, telephone, post, email or by visiting any one of our branches.
The personal data we will collect from you and process, where relevant, is dependent on the type of product you are seeking, this is not a limited list and may include:
- Personal, such as title, full name, address, landline telephone number, mobile number, work number, email address
- Your date of birth, gender and/or age, PRSI number,
- Your nationality, residency and/or citizenship status, if needed for the product or service
- Details of beneficiaries, such as joint policy holders, named drivers, beneficiaries of our products or services
- Family members (if relevant to the product or service)
- Your marital status, family, lifestyle or social circumstances, if relevant to the product (for example, the number of dependents you have or if you are a widow or widower)
- Records of your contact with us such as via phone, if you get in touch with us online using our online ‘contact us’ services or details such as your mobile phone location data, IP address, records of landline telephone recordings
- Products and services you hold with us, as well as have been interested in and have held and the associated payment methods used, including existing policy number, client identification number, renewal dates of policies with us and other insurers, premium details, details of excesses, images/surveys
- The usage of our services, any claims and whether those claims were paid out or not (and details related to this)
- Bank and payment card details, in order to reimburse any premium owed to you, records of payments and arrears
- Marketing to you and analyzing data, including history of those communications, whether you open them or click on links, and information about products or services we think you may be interested in, and analyzing data to help target offers to you that we think are of interest or relevance to you. Offers may include our car, insurance, financial services, connected car, travel and any of our other products and services
- Vehicle & Driver(s) information, such as make and model, registration number, year of manufacture, value, purchase date, fuel type, engine size, vehicle licensing cert, who uses the vehicle, carrying capacity, weight, distance travelled per year, type of use of vehicle ie, business use or social/domestic use, right/left-hand drive, details of insurance cover, change in insurance cover and modifications if any, connected vehicles insured. Driving history, no claims bonus, gap in cover, claims history, disqualifications and penalty points incurred
- Information about your use of products or services held with the firm, such as other insurance policies, mortgage, savings or financial services and products
- Information we obtained from third parties, including information about insurance risk, pricing, claims history, instances of suspect fraud and usage history
- Fraud, debt and theft information, including details of money you owe, suspected instances of fraud or theft, and details of any devices used for fraud
- Criminal records information, including alleged offences, for example if you apply for car insurance
- Information about your health or if you are a vulnerable customer. Injuries/illnesses suffered by you or anyone insured on the policy either prior to taking out an insurance or during policy coverage
- Information about your property, such as location, value, number of rooms, property type and building work you’ve had done
- Financial details about you, source of income, source of wealth, details of your expenditure, and payment method(s), if relevant
- Details about all of your existing borrowings and loans, if relevant
- Information about your employment status, if relevant
- Information about your property occupier status, such as whether you are a tenant, live with parents or are an owner occupier of the property where you live at the time of your application
- Information we obtain from third parties, including vehicle details, details of outstanding finance, vehicle claims/history, publicly available information, and information to help improve the relevance of our products and services
- Where relevant, information about any guarantor which you provide in any application
- Tax information, if relevant (for example, for tax planning purposes)
- Images, in connection with the risk being insured or for other business use including claims processing.
Note: Some personal data is mandatory in order for the performance of the contract. In the event you decide not to provide the mandatory personal data we will be unable to provide you with a certain service or product. We will indicate to you where any personal data required is mandatory or optional.
Why we are processing your data? Our Legal Basis.
In order for Hastings to provide you with any of the insurance services listed above, Hastings needs to collect personal data to be able to provide a quotation, arrange a transactions on your behalf, administer, manage your policy and assist with claims as part of our service.
Our reason (lawful reason) for processing your data under the EU’s General Data Protection Regulation (GDPR) is:
- Legal basis – Hastings needs to collect and process your data on the basis that it is necessary to do so to enter into and/or to perform a contract with you.
We are committed to ensuring that the information we collect and you give us is appropriate for this purpose, and does not constitute an invasion of your privacy.
How will Hastings use the personal data is collects about me?
We will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulations (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary.
Special Categories of personal data.
Where we collect any special categories of personal data, known as ‘sensitive data’ ie data about your health or information in relation to your criminal convictions such as penalty points/driving convictions, this will only be requested and processed where it is necessary for the performance of an insurance contract and will only be processed by way of a) explicit consent b) assessment of risk c) for the prevention of fraud d) for the establishment, exercise, enforcement or defence of legal claims or e) to protect the vital interests of a person.
Who we are sharing your data with?
As an Insurance Broker we share your data with the insurance companies we deal with in order to obtain a quotation, issue renewal terms and provide alternative quotations for you. We may also be required to share your data for example, with the National Vehicle and Driver File, Personal Injuries Assessment Board or other third parties involved in administering your insurance contract including any loss assessors/adjustors, witnesses to any incidents/accidents you are involved in, claimants and their legal or medical representatives. These third parties are obliged to keep your details secure, and use them only to fulfil the service they provide on your behalf. In order to fulfil our legal and regulatory obligations we may also share your personal data with any authorities for example: The Data Protection Commission, Revenue Commissioners, Central Bank of Ireland, Financial Services and Pensions Ombudsman, our legal advisors or the Garda Siochana. When we believe we have been given false or misleading information, or we suspect criminal activity we must record this and inform the relevant authorities. Your data is held within the Hastings branch network and may be shared with any providers or suppliers where the firm outsources the processing of certain functions, for example: Auditors, Legal advisors, IT/Software providers, Payment Processes or other third parties involved in administering your contract. Your data may also be shared with any party where you have given us permission to speak with them ie, a relative or friend, any party named under your insurance.
In the instance where we have to transfer data outside the European Economic Area (EEA) to help provide you with products and services, we will do so in compliance with obligations under Data Protection Legislation and would expect the same standard of data protection is applied outside of the EEA to these transfers and the use of the information, to ensure your rights are protected.
In certain contracts of insurance where, for whatever reason, you cannot be found or you become insolvent, or the court finds it just and equitable to so order, then your rights under the contract may be transferred to and vested in the third party even though they are not a party to the contract of insurance. The third party has a right to recover from the insurer the amount of any loss suffered by them. Where the third party reasonably believes that you as policyholder have incurred a liability the third party may be entitled to seek and obtain information from the insurer or from any other person who is able to provide it concerning:
- the existence of the insurance contract,
- who the insurer is,
- the terms of the contract, and
- whether the insurer has informed the insured person that the insurer intends to refuse liability under the contract.
Data Subjects Rights:
Hastings facilitate your rights under Data Protection Legislation to address any concerns or queries about the processing of your personal data. At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you;
- Rights of Rectification – you have a right to correct data that we hold about you that is inaccurate. In certain cases you are obliged in the terms of your insurance contract to inform us of any changes ie, change of address;
- Right to Withdraw Consent – you have the right to withdraw your consent to your data being processed where we use consent as the legal basis;
- Right to be forgotten – you have the right to have your personal data deleted or to be forgotten. However we can only delete your data in certain circumstances and there may be instances where we cannot provide a deletion ie, an ongoing claim;
- Right to restriction of processing – where certain conditions apply you have a right to restrict the processing of your data;
- Right of portability – you have the right to have the data we hold about you transferred to another organisation;
- Right to object – you have the right to object to certain types of processing such as direct marketing;
- Right to be excluded from profiling or automated processing; you also have the right to be subject to the legal effects of automated processing or profiling;
All of the above requests will be forwarded on should there be a third party involved as we have indicated in the processing of your personal data.
Hastings intent is to strictly protect the security of your personal information; honour your choice for its intended use; and carefully protect your data from loss, misuse, unauthorised access or disclosure, alteration or destruction. We have taken appropriate steps to safeguard and secure information we collect online, including the use of encryption when collecting or transferring sensitive data such as credit card information. However, you should always take into consideration that the internet is an open forum and that data may flow across networks with little or no security measures, and therefore such information may be accessed by people other than those you intended to access it.
Additional information we are providing you with to ensure we are transparent and fair with our processing.
Retention of your Personal Data
Data will not be held for longer than is necessary for the purpose(s) for which it was obtained. Hastings will process personal data in accordance with our retention schedule. For the majority of Policy Data, this is 7 years after the relationship ends. If you do not incept cover for an insurance policy, your data will be kept for 18 months and processed in line with this statement. In certain cases we are obliged to hold onto records for longer periods, examples of which are public liability insurance and pension details. We do so in line with our regulatory obligations.
Failure to provide further information
If we are collecting your data for a contract and you cannot provide this data the consequences of this could mean the contract cannot be completed or details are incorrect.
Profiling & Automated Decision Making
We use automated decision-making, including profiling, in the following situations:
- Risk Profiling – To establish a customer’s attitude to investment risk (relating to pensions and investments);
- Establishing affordability and providing quotations for financial services products;
- Providing quotes through our quote providers based on the information provided to us. The Quote generated is based on the logic and criteria set by insurers. An example of this would be in the case of penalty points on an individuals driving licence, the more points the higher the premium would be quoted;
- Profiling for Marketing purposes – When we seek to contact you about other services, as outlined above, we run automated queries on our computerised database to establish the suitability of proposed products or services to your needs. An example would be the identification of customers who hold motor insurance but do not hold household insurance.
- Any form of risk assessments for Fraud Prevention/Anti-Money Laundering purpose or other Legal/Regulatory reasons.
You have the right to object to profiling in certain cases only ie, where it is not required for the performance of the contract or not required for any legal or regulatory reason.
If we intend to further process your personal data for a purpose other than for which the data was collected, we will provide this information prior to processing this data. Where we have your consent to send you information about any other products, services or offers which Hastings would like to communicate to you, we may contact you through a variety of means such as mobile phone, landline, email, SMS (text) and post. This can include you being contacted on or about the anniversary of your policy lapsing or your quote request. It is always your choice whether you want to receive any marketing based information. You can also change your preferences of how we contact you or amend how you receive any marketing at any time by calling your local branch or emailing Dataprotection@hastings.ie. If you choose not to receive this type of information, it will not affect any of the services provided to you, now or in the future.
In the event that you are unhappy with the way Hastings has handled your personal data, we encourage you to email us in the first instance at Dataprotection@hastings.ie or write to Data Protection, Hastings Insurance Brokers, The Octagon, Westport, Co Mayo. You also have a right to lodge a complaint with the Protection Commission – email@example.com.
Your privacy is important to us. If you have any comments or questions regarding this statement, please contact data protection on 098 27227 or email Dataprotection@hastings.ie.
Last Updated : 1st September 2020