Data Privacy Notice

Download a copy of this privacy notice

1. Irish Life Group:

Irish Life Group Companies offer a broad range of life assurance, health insurance, pensions and investments products, as well as financial advice and health and wellbeing services. Our companies collect, use and share personal information so that we can provide you with products and services as data controllers and also in some circumstances as joint data controllers. What personal data is collected, how your personal data is used and shared and your rights in relation to that data is explained in the Privacy Notice of the relevant Irish Life Group data controller or joint data controllers. We will direct you to the relevant Privacy Notices when we collect personal information from you, for example when you ask for a quote or apply for one of our products. Please read these Privacy Notices carefully, as they will explain which Irish Life Group company or companies are responsible for managing your personal data and specific information about how we will use your personal data in relation to products and services that we provide to you.

All Irish Life Privacy Notices are available here https://www.irishlife.ie/privacy-notices/

This is the Privacy Notice for Irish Life Health DAC.

2. What is a privacy notice & why is it important?

We know your personal information is important to you and it is important to Irish Life Health too. Irish Life Health have measures in place to
protect and ensure the security of your personal and sensitive data.

This Privacy Notice tells you what we use your personal information for and explains your rights around how we use it. Please read this Privacy
Notice to understand how and why we use your personal information.

If you give us personal information about someone else, please make sure you have their permission and please make them aware of this
Privacy Notice, as it also applies to them.

3. What personal information we collect and why

We use your personal information and the personal information of other members on your plan to provide you with health insurance plans,
customer service, to assess and pay claims and to provide related services.

This personal information includes but is not limited to, your name, address, date of birth and contact details. Sensitive personal information
including medical information will only be collected as and when needed to provide you with the benefits of your health insurance plan. We will
restrict access to and use of sensitive personal information.

Where you have additional adult members insured on your health plan, please note that claims related correspondence in respect of inpatient
claims for these members will be sent to them at the Policyholder’s address.

In respect of Day to Day and Out-patient expenses, the Policyholder will be notified of any claims, (at benefit level) submitted by adult
members on the policy.

Please note that if you give us false information or fail to disclose information, we will record this.

We must have a lawful basis to collect and use personal information which is set out below:

Needed for your contract

Personal information about you and other members on your plan is needed to:

  • recommend the most suitable plan for your needs
  • process your application and issue your plan
  • provide you with information about your plan
  • make and receive payments to you and from you
  • provide customer care and service
  • contact you to inform you of any relevant actions you may need to take
  • administer your plan and pay claims.

We have an automated system in place for Online Day to Day claiming which allows you to submit your claims online, payment will be made
into the bank account nominated by the Policyholder. You can however, request that a person make the decision on your claim.

We may in certain circumstances share your personal information with other health insurers for the purposes of confirming the level of cover
available to you.

Required by law

We use your personal information to comply with law and regulations for example:

  • reporting to regulators
  • keeping proper books and records
  • actuarial claims analysis and risk management to ensure the company stays financially sound

We may in certain circumstances share your personal information with other health insurers for the purposes of verifying your lifetime
community rating loading information and determining waiting periods to the extent permitted by law.

We are also required to screen all customers against Financial Sanctions lists and to do this we will use your name, date of birth and address.
If we provide you with advice we are required to complete an analysis of your health insurance needs to recommend a health insurance plan
that is suitable for you.

We carry out internal reporting, quality checking, compliance controls and audits to help meet our legal obligations.

The type of personal information that is required by law may vary in the future and depends on the type of service we provide

Irish Life Health’s legitimate interest

We use your personal information for our legitimate interests as shown below. We have taken account of any privacy risks and ensured that
your data protection rights are not affected. We believe these uses benefit our customers. You can contact us if you have any questions using
the details in section 10 of this Privacy Notice.

Call Recording:

Calls are recorded for staff training and monitoring, as well as maintaining a record of customer transactions we complete over the phone.
We also save the number you’re calling from to help us handle your call and direct you to the most suitable team. This includes calls through
landline, internet or mobile. We will let you know if a call is being recorded at the start of the call so you can decide to continue or not.

Sharing with your Insurance Broker:

If you choose to take your health insurance out through an insurance broker, we will share your personal information with your insurance
broker only as required and this will not include sensitive personal information. This is to keep them up to date on your plan, which allows
them to give you a better service.

Customer Research:

To help improve the level of service we provide, we may on occasions contact you for participation in consumer satisfaction or research
surveys. Your details may be used for these purposes after your policy has ceased for a maximum of 1 year.

Clinical Audit:

We may on occasion look for information from your GP, consultant, hospital or other medical provider regarding any treatment provided to
you or other members of the insurance policy for the purpose of a clinical audit. A clinical audit is undertaken to understand the appropriate
use of resources and the resulting outcome and quality of life for patients.

Customer Queries and Service Requests:

When you send us a query or request a service, such as a call back or webchat, we will collect and use the personal details needed to respond
to your request.

Customer Verification with other Irish Life Group Companies:

We maintain a record of plans you hold with certain Irish Life Group companies using personal information such as your name and contact
details in order to provide Irish Life joint services to you.

Statistical Analysis:

We combine and group personal information for statistical analysis to help us understand our customers, to develop better products and
services and to help promote our products and services.

Personal information from other Irish Life Group companies may also be used for this purpose. Statistical analysis uses aggregate information
and individuals are not identifiable.

Data Analytics:

We perform data analytics on our products and customers across the Irish Life Group companies to allow us to understand how our customers
interact with us, what products and services customers avail of across the group and to develop new products and services.

Data analytics will include personal data, but not special category data such as medical information. Aggregate reports are used for these
purposes where individuals are not identifiable

Safety and Security:

We capture and hold data from email, web and network traffic to monitor and protect information security and to support investigation around
cyber or data loss events (e.g. a malicious act – virus or hacking).

If you visit our offices we will record CCTV footage for safety and security reasons. We only hold these recordings temporarily and for longer if
we need to for safety and security investigations.

With your consent

You need to give consent for us to collect and use personal information classed as sensitive for certain uses. You are given the choice to provide
consent, or not. When we collect your consent, we will explain what we need it for and how you can change your mind in the future.

Direct Marketing:

We would like to be able to contact you about offers and services from companies across the Irish Life Group, separately from your plan
communications. We will only send you direct marketing content where we have your consent.

Where you have already indicated a preference, this will remain unless you subsequently contact us to change this.

Cookies:

When you visit our website we will use cookies, for example; we use cookies to show you Irish Life Health advertisements where you have
visited our website before or visited other websites offering similar products and services. We will ask for your consent to use these once you
visit the website.

Mobile App Software Development Kits (SDK):

When you register and use one of our mobile apps, we may use third-party software development kits (“SDKs”) to collect information about
how you are using the app. We use information on how you interact with the app to improve the usability of the app and to enable us to track
the performance of our advertising. We will ask for your consent to use these when you register for one of our Apps.

4. Consent and how to withdraw consent?

If we process your personal information based on consent, you have the right to withdraw that consent at any time. The opt-out methods will
depend on how the consent was collected and will be explained when you give us your consent, e.g. you can change your mind using the optout
link in any direct marketing emails sent to you.

You will also be able to withdraw consent by contacting us directly using the details in section 10 of this Privacy Notice.

5. How and where do we get your personal information from?

You provide us with your personal information (and the personal information of other members on your policy) directly when you contact
us, complete our forms, speak with us or visit our website, social media accounts and mobile apps. For more information on what personal
information is collected and used on our website please see our Cookies Policy at https://www.irishlifehealth.ie/privacy-and-legal/cookie-policy 
and our website policy at https://www.irishlifehealth.ie/privacy-and-legal/website-use-policy

If you use a service provided jointly by Irish Life Group companies, we will receive the personal information collected through that service.

We also get personal information from other parties including, insurance brokers, solicitors, employers, regulators, GPs, consultants, hospitals
or other medical providers as and when required.

6. Who do we pass your personal information to?

We pass personal information, including personal health information if necessary to:

Data Processors:

Companies that act as service providers under contract with us and only process and store your personal information as instructed by us. Your
personal information is transferred and held securely and is not used by other parties for any other reason. The categories of services that we
use other Data Processors for include: document management, administration, customer services, customer surveys, marketing, financial
sanctions list screening, mobile app services and clinical audits of medical providers.

Brokers or Financial Advisers:

Brokers or financial advisers who you have chosen to act as your intermediary to give service and advice on your plan, or; who your Employer
has chosen if you are a member of a group scheme to act as an intermediary to give service and advice on the group scheme.

GPs, Consultants, Hospitals, Medical Providers and Service Providers:

In certain instances, we may need to share personal information, including medical or other sensitive personal information, with third parties
about you and any other member named on your policy for the purposes of administrating of your plan and providing you with plan benefits.

Reinsurers:

Reinsurers who we have a contract with to underwrite our plans and claims. You can see our current panel of reinsurers at 
https://www.irishlifehealth.ie/privacy-and-legal/reinsurers

Regulators:

Regulators and the Revenue Commissioners or as needed to comply with regulations and laws.

Irish Life Group Companies:

We pass your personal information to other Irish Life Group companies for statistical purposes and data analytics on an aggregated basis. We
also pass your contact details and product holdings to allow you to avail of Irish Life joint services.

Your Employer:

Where your plan has been set up through your employer, we will share information with them to the extent that is required in order to
administer the group scheme.

Third Parties in connection with digital advertising and marketing:

Your online activity will be shared with third party providers such as social media platforms where you consent to marketing cookies.

7. Do we transfer your personal information outside of the EU?

Your personal information is mainly processed and stored within the EU. However we do pass personal information securely to our parent
company Great West LifeCo in Canada. We do this for administration purposes, for recording of legal claims and for screening our customers
against Financial Sanctions lists to comply with relevant legislation.

Passing your personal information to certain countries, including Canada, is allowed under an adequacy decision made by the European
Commission.

Our parent company, Great-West Lifeco has a legal obligation to maintain a list of our identified high-risk customers.

Where we, or our data processors, transfer your personal information outside the EU, we will take steps to ensure that your personal
information is adequately protected and transferred in line with data protection law.

8. How long do we keep your personal information for?

We keep and use your personal information for as long as you have a relationship with us. We also hold it after this where we need to for
complaints handling, legal claims, for system back-ups and for as long as we have to under regulations.

Where you have availed of a regulated product or service, we will retain your personal information for 6 years after your relationship with us
has ended. In addition, we retain personal information such as your name, date of birth, address and plan detail for a period of 20 years to
meet our requirements under the Lifetime Community Rating legislation.

We will let you know how long we keep personal information for when you avail of a specific service such as a quote.

9. What are your rights?

You have a number of rights over your personal information which you can exercise free of charge by contacting us using the details in section
10 of this Privacy Notice. You will need to give us information to help us identify you and we will respond to you within one month. Any restrictions
to your rights will be explained in our response.

Right to Information

You have a right to the information set out in this Privacy Notice. The most recent version of our privacy notice will always be accessible on our website at https://www.irishlifehealth.ie/privacy-and-legal/data-privacy-notice

If we make changes to the type of personal information we collect and / or how we use it, we will inform you of the changes. We have controls in place to protect your personal information and minimise the risk of security breaches, however, should any breaches result in a high risk for you, we will inform you without undue delay.

Right to Restrict or Object

You can restrict or object to any unfair and unlawful collection or use of your personal information. You can object to any automated decision
making that has a legal or similar significant impact for you and ask for the decision to be made by a person. Where you have previously
provided consent, you can withdraw it at any time.

Right to Correct and Update

You can ask us to correct and update personal information we hold about you; to provide you with the best service it is important we have
your up to date personal information, such as contact details.

Right to Delete and Be Forgotten

You can have your personal information deleted if it is incorrect or has been processed unfairly or unlawfully.
If you have withdrawn consent you can ask for your personal information to be deleted. We will keep a record of your request so we know why
your personal information was deleted.

If we have provided a regulated product or service to you, we must keep your personal information for a minimum period by law.

Right to Access

You have the right to know what personal information we hold about you and to receive a copy of your personal information.

We must tell you:
>> why we hold it;
>> who we pass it to, including whether we transfer it outside the EU;
>> how long we keep it for;
>> where we got it from; and
>> if we carried out any automated-decisions, and if so, the logic behind it and what it means for you.

This right does not allow you access to personal information about anyone else.

To access your personal information please write to us or email us using the contact details in section 10 of this Privacy Notice. To help us
respond as quickly as possible please let us know if you are only looking for copies of specific personal information.

Right to Portability

You can ask for a copy of all personal information that you gave us (including through your interactions with us), and which we hold in an
automated format. You can receive this in a machine readable format that allows you to keep it.

You may also request Irish Life Health to send this personal information in a machine readable format to another company. The format will
depend on our ability to provide this in a secure way that protects your personal information.

10. How to contact us

You can contact with any questions about your personal information and this privacy notice:

PO Box 13028, Dublin 1

+353 01 562 5100

heretohelp@irishlifehealth.ie

www.irishlifehealth.ie

11. Data Protection Officer

Irish Life Health also has a Data Protection Officer that you can contact directly:

Data Protection Officer
Irish Life Health
Block D, E, F
Lower Abbey Street
Dublin 1

+353 01 562 5100

compliance@irishlifehealth.ie

https://www.irishlifehealth.ie/

12. Complaints

If you do not think that we have processed your personal information in line with this Privacy Notice, please contact us.

If you are not happy with how we have processed your personal information or handled your privacy rights, you can complain to the Data Protection Commission by contacting them below:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28
Ireland

+353 (0) 761 104 800
+353 (0) 57 868 4800

info@dataprotection.ie

**This Privacy Notice is effective from September 2021