Data Protection Notice

 

Insurance Ireland is the trading name of Insurance Ireland (Member Association) Company Limited by Guarantee. Insurance Ireland is the data controller of “personal data” as defined by Data Protection legislation, which includes the General Data Protection Regulation and the Data Protection Acts 1988 to 2018 (“Data Protection Law”).  The purpose of this notice is to advise you what this means in practice and for the processing of your personal data by Insurance Ireland. This notice applies to www.insuranceireland.eu and all other public facing websites owned and managed by Insurance Ireland, unless a site specific privacy notice states otherwise.

If you are a director or employee of one of our member companies or a member of an Insurance Ireland committee (i.e. the Insurance Link Oversight Committee or the Membership Appeals Committee), we will hold the contact details provided by you or your employer in order to fulfil our obligations as a membership organisation (which we consider to be a “legitimate interest” as provided for in Data Protection Law and on which we rely as a legal basis for processing your personal data). These purposes of processing include:

  • Sending you copies of our newsletters and publications or updates on topics such as Insurance Ireland’s advocacy activity, regulatory matters and other industry issues to keep you up to date on industry developments;

  • Contacting you in relation to any committees or working groups you have asked to join;

  • Informing you of events and processing any bookings you wish to make;

  • Recording your attendance at events for the purpose of issuing you with a Certificate of Attendance;

  • Responding to your queries; and

  • Ensuring oversight through committees of the InsuranceLink database used by our members (as described further below) and membership of Insurance Ireland.

The information that you provide to us will be kept secure by us and not disclosed to third parties.  However, on occasion, we may host a joint event with other members of the Insurance Ireland network and we may share your personal data, including your Name, Company Name, Title and Email, for the purposes of hosting the joint event. This will be highlighted to you in the event invite. To the extent that our event partners process your personal data for purposes beyond the hosting of a joint event, they do so as an independent controller and this processing will be subject to their privacy policy, which will be made available to you in the event invite.  Your contact details will be kept until we are advised that you are no longer an employee of that organisation.  You can unsubscribe from specific services at any time by contacting us or following the unsubscribe option on relevant emails.  This is also the case if you are not an employee of a member company but are interacting with us on a professional basis.

If you are a member of the media, you may contact us to seek an industry response on insurance matters or to arrange media interviews.  Where you provide personal information to us in the course of making a media enquiry we will process this information on the basis that by requesting us to deal with your query you are giving us explicit consent.

Social Media Platforms (including Instagram)

Insurance Ireland maintains official social media accounts, including an Instagram Business account, for the purpose of public awareness, industry communications and the provision of financial literacy and educational content. These accounts are managed by a limited number of authorised employees who are responsible for posting content and reviewing incoming comments. Any personal data that you choose to provide to us through these platforms (for example, by commenting, sending messages or interacting with our posts) will be processed in accordance with this Data Protection Notice and the privacy policy of the relevant platform provider. We advise you not to submit sensitive, confidential or special category data through social media channels. Where a query requires engagement beyond general interaction, we may redirect you to a secure and appropriate communication channel (for example feedback@insuranceireland.eu)

We process personal data received via our social media platforms on the basis of our legitimate interests in communicating with the public and promoting awareness of insurance matters.

‍ ‍

If you are a member of the public, you may contact us for a number of reasons:

  • To avail of the provisions of the Declined Cases Agreement which operates to ensure that members of the public are not denied motor insurance;

  • To ask our Information Service to answer a query or complaint relating to insurance;

  • To pass information to our Insurance Confidential anti-fraud hotline.

Insurance Skillnet

Insurance Ireland operates the Insurance Skillnet programme and manages the associated website here, as part of our role in supporting skills development within the insurance sector. In delivering this programme and in collaboration with Skillnet Ireland here, we process personal data information collected from you under Insurance Ireland’s information security and IT controls. The personal data processed is data that identifies you or can be used to identify or contact you and may include your name, job title, employer, business address, home address, email address and contact number.

This data is collected through training programme bookings, membership enquiries, newsletter subscriptions and other related administrative processes. Personal data is only collected where you voluntarily provide it to us. Personal data collected in connection with the Insurance Skillnet programme will be shared with Skillnet Ireland, which provides funding for the programme through the Department of Further and Higher Education, Research, Innovation and Science (DFHERIS) and with relevant training course providers, in accordance with Skillnet Ireland. From time to time, Skillnet Ireland will perform compliance reviews, evaluations of the training programmes and quality assurance and attendance for training verifications.

Further detail on Skillnet Ireland’s data protection practices are available here

Insurance Ireland Recruitment:

If you apply for a role with Insurance Ireland, your personal data will be processed through HireHive platform, a recruitment platform provided as part of the HR Locker software system within Insurance Ireland. When you apply for a position, HireHive enables you to review the job description and submit your CV and any supporting documentation. Your application data will be accessible to authorised Insurance Ireland personnel involved in the recruitment process and will be used solely for the purpose of assessing your suitability for the role, communicating with you and progressing the hiring process. HireHive acts as our data processor and processes your information on our behalf in accordance with Data Protection Law. Link to HireHive’s Data Protection Notice is available here. Personal data submitted as part of a recruitment process will be retained only for as long as necessary in line with our retention policy and legal obligations.

Legal basis for processing

We process your personal data for the purposes described above based on our legitimate interests as a membership organisation, which are contacting our members, conducting advocacy work, coordinating events for our members and administering the work of Insurance Ireland in an orderly fashion.  We also process your personal data as necessary to comply with legal obligations (as described further below in respect of the Declined Cases Agreement and Insurance Confidential) and for the purpose of performing certain contracts.

Declined Cases Agreement

In relation to the Declined Cases Agreement, personal information such as your contact details and motor insurance history will be processed by us in order to comply with our obligation to administer the agreement.  This information may be disclosed by us to motor insurers operating under the Declined Cases Agreement. This information will be kept by us for a period of 3 years.  

If you provide us with information in relation to a third party (e.g. a named driver on your policy) you should provide this notice to that person. If the person is under the age of 18, you should obtain the consent of the holder of parental responsibility.

We process personal data in connection with the Declined Cases Agreement as it is necessary to do so to identify an alternative contract of insurance for you. Where it is necessary to share your personal data with other insurers to identify possible providers of cover, we rely on the legitimate interests of those participating in the Declined Cases Agreement in doing so. In these cases, participating insurers will only process your data for the purposes of performing the Declined Cases Agreement. 

Where a declined case involves any suspected fraud or other offence, the basis of processing of this information is compliance with a legal obligation contained in Section 55 of the Data Protection Act as it applies to the processing of personal data for prospective legal proceedings or establishing, exercising or defending legal rights (such as the prevention of fraud against insurance companies).   

Other Queries/complaints

Where you provide personal information to our Information Service in the course of making a query or complaint we will process this information on the basis that by requesting us to deal with your query or complaint you are giving us explicit consent.  This information will be kept secure by us and may be disclosed by us to the insurer to which your query or complaint relates.  This information will be kept by us for a period of 3 years.

If the information you provide includes health information which is considered as “special” data under the legislation, this will be processed by us under Section 50 of the Data Protection Act 2018 which relates to the processing of health data in relation to a policy of insurance. Any further use of special data by us will be subject to you providing us with your explicit consent which you may withdraw at any time.

Insurance Confidential

Information provided to Insurance Confidential will be treated in strictest confidence and shared only with insurance companies and An Garda Siochana.  The basis of processing of this information is compliance with a legal obligation contained in Section 55 of the Data Protection Act) as it applies to the processing of personal data for prospective legal proceedings or establishing, exercising or defending legal rights (such as the prevention of fraud against insurance companies).

Insurance Ireland databases

InsuranceLink which is a database of insurance claims operated on our behalf by Verisk. For more information see www.inslink.ie

Integrated Information Data Service (“IIDS”)

  • Integrated Information Data Service (“IIDS”) operated on our behalf by Accadian.

  • Insurers using IIDS may share No Claims Discount (NCD) information, but only with the person’s explicit consent. Within renewal letters for car insurance is a PIN number. Only when the individual shares this information with a new insurer, will they have access to the person’s NCD. This is required to validate any discounts insurers may apply to a premium. NCD data is only held in the system for up to three years and, as part of insurers’ renewal process, it is uploaded by an insurer shortly before the person’s current policy expires. If a PIN number does not appear on a renewal letter, it means that the person’s data has not been uploaded into the IIDS.

  • Queries in relation to the IIDS can be emailed to dp@insuranceireland.eu

Retention

We will retain personal data on our files to the extent such retention is adequate, relevant and limited to what is necessary for the purposes for which they are processed.  We will not retain personal data for any longer than is necessary for the performing the purposes of processing outlined in this notice.  We apply retention periods to different categories of personal data in accordance with applicable laws relating to the retention of data.  We retain data for the duration of the relevant purpose plus a short period thereafter for evidential, legal compliance or audit purposes. This period may be up to 6 years or longer in exceptional cases.

Rights under Data Protection Law

Under data protection law, you have the right to:

  • access a copy of your personal data;

  • request rectification of your Personal Data if it is inaccurate or inappropriate;

  • request deletion of your Personal Data;

  • restrict or object our use of your Personal Data in certain circumstances;

  • move (or port) personal data which is automated in certain circumstances; and

  • lodge a complaint with the appropriate regulator (if you are unhappy with how your personal data is being handled).  

The Data Protection Commission 6 Pembroke Row Dublin 2 DO2X963 or email info@dataprotection.ie Phone: Mon – Fri 930am – 1pm 01 7650100

If you wish to exercise any of these rights, the request should be sent to dp@insuranceireland.eu or Subject Access Requests, Insurance Ireland, Insurance Centre, 5 Harbourmaster Place, IFSC, Dublin 1. If you are requesting a copy of your personal data please complete a copy of our Subject Access Request (SAR) form, which is available on request from dp@insuranceireland.eu and outlines the information necessary for us to check our records.  We may require proof of identity where we cannot otherwise authenticate your identity. 

April 2026