Data Privacy Notice
Download a copy of this privacy notice
Irish Life Group:
Irish Life Group Companies offer a broad range of life assurance, health insurance, pensions and investments products, as well as financial advice and wellness services. Our companies collect, use and share personal information so that we can provide you with products and services as data controllers and also in some circumstances as joint data controllers. What personal data is collected, how your personal data is used and shared and your rights in relation to that data is explained in the Privacy Notice of the relevant Irish Life Group data controller or joint data controllers. We will direct you to the relevant Privacy Notices when we collect personal information from you, for example when you ask for a quote or apply for one of our products. Please read these Privacy Notices carefully, as they will explain which Irish Life Group company or companies are responsible for managing your personal data and specific information about how we will use your personal data in relation to products and services that we provide to you.
All Irish Life Privacy Notices are available here www.irishlife.ie/privacy-notices
This is the Privacy Notice for Irish Life Health DAC.
What is a privacy notice & why is it important?
We know your personal information is important to you and it is important to Irish Life Health too. Irish Life Health have measures in place to protect and ensure the security of your personal and sensitive data.
This Privacy Notice tells you what we use your personal information for and explains your rights around how we use it. Please read this Privacy Notice to understand how and why we use your personal information.
If you give us personal information about someone else, please make sure you have their permission and please make them aware of this Privacy Notice, as it also applies to them.
What personal information we collect and why
We use your personal information and the personal information of other members on your plan to provide you with health insurance plans, customer service, to assess and pay claims and to provide related services.
This personal information includes but is not limited to, your name, address, date of birth and contact details. Sensitive personal information including medical information will only be collected as and when needed to provide you with the benefits of your health insurance plan. We will restrict access to and use of sensitive personal information.
Where you have additional adult members insured on your health plan, please note that claims related correspondence in respect of these members will be sent to them at the Policyholder’s address.
The Policyholder will also be notified of any claims, (at benefit level) for Day to Day expenses submitted.
Please note that if you give us false information or fail to disclose information, we will record this.
We must have a lawful basis to collect and use personal information which is set out below:
Needed for your contract
Personal information about you and other members on your plan is needed to:
- recommend the most suitable plan for your needs
- process your application and issue your plan
- provide you with information about your plan
- make and receive payments to you and from you
- provide customer care and service
- contact you to inform you of any relevant actions you may need to take
- administer your plan and pay claims.
We have an automated system in place for Online Day to Day claiming which allows you to submit your claims online, payment will be made into the bank account nominated by the Policyholder. You can however, request that a person make the decision on your claim.
We may in certain circumstances share your personal information with other health insurers for the purposes of confirming the level of cover available to you.
Required by law
We use your personal information to comply with law and regulations for example:
- reporting to regulators
- keeping proper books and records
- actuarial claims analysis and risk management to ensure the company stays financially sound
We may in certain circumstances share your personal information with other health insurers for the purposes of verifying your lifetime community rating loading information and determining waiting periods to the extent permitted by law.
We are also required to screen all customers against Financial Sanctions lists and to do this we will use your name, date of birth and address.
If we provide you with advice we are required to complete an analysis of your health insurance needs to recommend a health insurance plan that is suitable for you.
We carry out internal reporting, quality checking, compliance controls and audits to help meet our legal obligations.
The type of personal information that is required by law may vary in the future and depends on the type of service we provide.
Irish Life Health’s legitimate interest
We use your personal information for our legitimate interests as shown below. We have taken account of any privacy risks and ensured that your data protection rights are not affected. We believe these uses benefit our customers. You can contact us if you have any questions using the details in section 10 of this Privacy Notice.
For customer service, training and verification purposes, we record and monitor calls. This includes recording the caller ID and calls through landline, internet or mobile. We let you know if a call or webchat is being recorded at the start of the interaction so you can decide whether to continue or not.
Sharing with your Insurance Broker:
If you choose to take your health insurance out through an insurance broker, we will share your personal information with your insurance broker only as required and this will not include sensitive personal information. This is to keep them up to date on your plan, which allows them to give you a better service.
To help improve the level of service we provide, we may on occasions contact you for participation in consumer satisfaction or research surveys. Your details may be used for these purposes after your policy has ceased for a maximum of 1 year.
We may on occasion look for information from your GP, consultant, hospital or other medical provider regarding any treatment provided to you or other members of the insurance policy for the purpose of a clinical audit. A clinical audit is undertaken to understand the appropriate use of resources and the resulting outcome and quality of life for patients.
Customer Queries and Service Requests:
When you send us a query or request a service, such as a call back or webchat, we will collect and use the personal details needed to respond to your request.
Customer Verification with Other Companies in the Irish Life Group:
We maintain a record of plans you hold with certain Irish Life Group companies using personal information such as your name and contact details in order to provide Irish Life joint services to you.
We combine and group personal information for statistical analysis to help us understand our customers, to develop better products and services and to help promote our products and services.
Personal information from other Irish Life Group companies may also be used for this purpose. Statistical analysis uses aggregate information and individuals are not identifiable.
We perform data analytics on our products and customers across the Irish Life Group companies to allow us to understand how our customers interact with us, what products and services customers avail of across the group and to develop new products and services.
Data analytics will include personal data, but not special category data such as medical information. Aggregate reports are used for these purposes where individuals are not identifiable
Safety and Security:
We capture and hold data from email, web and network traffic to monitor and protect information security and to support investigation around cyber or data loss events (e.g. a malicious act – virus or hacking).
If you visit our offices we will record CCTV footage for safety and security reasons. We only hold these recordings temporarily and for longer if we need to for safety and security investigations.
With your consent
You need to give consent for us to collect and use personal information classed as sensitive for certain uses. You are given the choice to provide consent, or not. When we collect your consent, we will explain what we need it for and how you can change your mind in the future.
We would like to be able to contact you about offers and services from companies across the Irish Life Group, separately from your plan communications. We will only send you direct marketing content where we have your consent.
Where you have already indicated a preference, this will remain unless you subsequently contact us to change this.
Mobile App Software Development Kits (SDK):
When you register and use one of our mobile apps, we may use third-party software development kits (“SDKs”) to collect information about how you are using the app. We use information on how you interact with the app to improve the usability of the app and to enable us to track the performance of our advertising. We will ask for your consent to use these when you register for one of our Apps.
Consent and how to withdraw consent?
If we process your personal information based on consent, you have the right to withdraw that consent at any time. The opt-out methods will depend on how the consent was collected and will be explained when you give us your consent, e.g. you can change your mind using the opt-out link in any direct marketing emails sent to you.
You will also be able to withdraw consent by contacting us directly using the details in section 10 of this Privacy Notice.
How and where do we get your personal information from?
You provide us with your personal information (and the personal information of other members on your policy) directly when you contact us, complete our forms, speak with us or visit our website, social media accounts and mobile apps. For more information on what personal information is collected and used on our website please see our Cookies Policy at www.irishlifehealth.ie/privacy-and-legal/cookie-policy and our website policy at www.irishlifehealth.ie/privacy-and-legal/website-use-policy.
If you use a service provided jointly by Irish Life Group companies, we will receive the personal information collected through that service.
We also get personal information from other parties including, insurance brokers, solicitors, employers, regulators, GPs, consultants, hospitals or other medical providers as and when required.
Who do we pass your personal information to?
We pass personal information, including personal health information if necessary to:
Companies that act as service providers under contract with us and only process and store your personal information as instructed by us. Your personal information is transferred and held securely and is not used by other parties for any other reason. The categories of services that we use other Data Processors for include: document management, administration, customer services, customer surveys, marketing, financial sanctions list screening, mobile app services and clinical audits of medical providers.
Financial advisors who act as your intermediary to give service and advice on your plan.
GPs/Consultants or Hospitals:
In certain instances, we may need to share personal information, including medical or other sensitive personal information, with third parties about you and any other member named on your policy for the purposes of administrating of your plan.
Reinsurers who we have a contract with to underwrite our plans and claims. You can see our current panel of reinsurers at https://www.irishlifehealth.ie/privacy-and-legal/reinsurers
Regulators and the Revenue Commissioners or as needed to comply with regulations and laws.
Irish Life Group Companies:
We pass your personal information to other Irish Life Group companies for statistical purposes and data analytics on an aggregated basis. We also pass your contact details and product holdings to allow you to avail of Irish Life joint services.
Where your plan has been set up through your employer, we will share information with them to the extent that is required in order to administer the group scheme.
Do we transfer your personal information outside of the EU?
Your personal information is mainly processed and stored within the EU. However we do pass personal information securely to our parent company Great West LifeCo in Canada.
This is used for screening our customers against financial sanctions lists to comply with relevant legislation.
Where we, or our data processors, transfer your personal information outside the EU, we will take steps to ensure that your personal information is adequately protected and transferred in line with data protection law.
Passing your personal information to certain countries, including Canada, is allowed under an adequacy decision made by the European Commission. This means you have the same standards of protection as you have within the EU. Our parent company, Great-West Lifeco has a legal obligation to maintain a record of this screening.
We process and store data in the UK, which at the date of drafting this notice, is within the EU. When the UK leave the EU, we are likely to continue to process and store data in the UK either in line with any agreement reached between the UK and the EU for such process and storing, or under other available legal means permissible for transfer to non-EU countries.
How long do we keep your personal information for?
We keep and use your personal information for as long as you have a health insurance contract with us. We also hold it after this where we are required to do so by law, or where we have a legitimate interest, for example for system back-ups needed for disaster recovery.
We will let you know how long we keep personal information for when you avail of a specific service such as a quote.
What are your rights?
You have a number of rights over your personal information which you can exercise free of charge by contacting us using the details in section 10 of this Privacy Notice. You will need to give us information to help us identify you and we will respond to you within one month. Any restrictions to your rights will be explained in our response.
Right to Information
You have a right to the information set out in this Privacy Notice. The most recent version of our privacy notice will always be accessible on our website at https://www.irishlifehealth.ie/privacy-and-legal/data-privacy-notice
If we make changes to the type of personal information we collect and / or how we use it, we will inform you of the changes. We have controls in place to protect your personal information and minimise the risk of security breaches, however, should any breaches result in a high risk for you, we will inform you without undue delay.
Right to Restrict or Object
You can restrict or object to any unfair and unlawful collection or use of your personal information. You can object to any automated decision making that has a legal or similar significant impact for you and ask for the decision to be made by a person. Where you have previously provided consent, you can withdraw it at any time.
Right to Correct and Update
You can ask us to correct and update personal information we hold about you; to provide you with the best service it is important we have your up to date personal information, such as contact details.
Right to Delete and Be Forgotten
You can have your personal information deleted if it is incorrect or has been processed unfairly or unlawfully.
If you have withdrawn consent you can ask for your personal information to be deleted. We will keep a record of your request so we know why your personal information was deleted.
If we have provided a regulated product or service to you, we must keep your personal information for a minimum period by law.
Right to Access
You have the right to know what personal information we hold about you and to receive a copy of your personal information
We must tell you:
- why we hold it,
- who we pass it to, including whether we transfer it outside the EU,
- how long we keep it for,
- where we got it from; and
- if we carried out any automated-decisions, and if so, the logic behind it and what it means for you.
This right does not allow you access personal information about anyone else.
To access your personal information please write to us or email us using the contact details in section 10 of this Privacy Notice. To help us respond as quickly as possible please let us know if you are only looking for copies of specific personal information.
Right to Portability
You can ask for a copy of all personal information that you gave us (including through your interactions with us), and which we hold in an automated format. You can receive this in a machine readable format that allows you to keep it.
You may also request Irish Life Health to send this personal information in a machine readable format to another company. The format will depend on our ability to provide this in a secure way that protects your personal information.
How to contact us
You can contact with any questions about your personal information and this privacy notice:
PO Box 13028, Dublin 1
Irish Life Data Protection Officer
Irish Life Health also has a Data Protection Officer that you can contact directly:
Data Protection Officer
Irish Life Health
Block D, E, F
Lower Abbey Street
If you do not think that we have processed your personal information in line with this Privacy Notice, please contact us.
If you are not happy with how we have processed your personal information or handled your privacy rights, you can complain to the Data Protection Commission by contacting them below:
Data Protection Commission
21 Fitzwilliam Square South
+353 (0) 761 104 800
+353 (0) 57 868 4800
**This notice has been updated October 2020