Privacy Policy
At Carole Nash Insurance Consultants (Ireland) DAC, the privacy and security of your information is important to us and we are committed to protecting and respecting your privacy. We wish to be transparent on how we process your data and show you that we are compliant with the relevant data protection legislation including the General Data Protection Regulation (EU) 2016/679 (GDPR) in relation to not only processing your data but ensuring you understand your rights.
For the purposes of the GDPR, the data controller is Carole Nash Insurance Consultants (Ireland) DAC. Our contact details are:
Carole Nash Insurance Consultants (Ireland) DAC
Ulysses House 22/24
Foley St
Mountjoy
Dublin 1
DO1 W2T2
When we refer to, we/us, we mean Carole Nash Insurance Consultants (Ireland) DAC.
Please read this Privacy Notice carefully as this sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. It also informs you of certain rights you have regarding your personal information under current data protection law. The terms used in this Fair Processing Notice are based on those used by the Data Protection Commission (DPC). You can find out more about the DPC on their website.
Who are we?
Carole Nash Insurance Consultants (Ireland) DAC is a subsidiary of Carole Nash Insurance Consultants Limited, a retail intermediary authorised and regulated by the Financial Conduct Authority in the UK. Carole Nash Insurance Consultants (Ireland) DAC and Carole Nash Insurance Consultants Limited are part of the Ardonagh Group who have a direct holding in our business. For more information about the group, please visit their website.
Our Data Protection Officer can be contacted directly here:
Carole Nash Insurance Consultants (Ireland) DAC
Ulysses House 22/24
Foley St
Mountjoy
Dublin 1
DO1 W2T2
Email address: [email protected]
Phone number: 01 850 8990
How we collect your information and the information we collect
In order for us to provide our services to you, it is necessary that we collect certain information from you to provide a quote for a new insurance policy, to renew your cover, or to administer your insurance policy. The personal information we collect varies depending upon the nature of our services.
We collect information from you when you access our website www.carolenash.ie, when you request a quote online or over the phone, when you contact a member of our staff to administer your insurance policy or if you have entered your data on one of our partner sites for the purposes of obtaining an insurance quotation.
Our organisation collects personal data in the following ways if you:
- request a service from us
- register with or use any of our websites or online applications
- use our website/apps and it installs cookies or other tracking technologies onto your device
- engage with us on social media
- contact us with a complaint or query
- apply for a position with us
The table below outlines the type and category of data we collect:
| Data Category | Data Type |
|---|---|
| Contact and identifying information |
Name, address, post code, contact details including email, mobile, landline
|
| Unique identifiers |
Driving Licence, PPS Number, previous insurance policy number, IP address, ID Documents, vehicle registration details
|
| Policy data |
Age, gender, marital status, insurance requirements, date of birth. Previous insurance history. Driving history, including motor convictions, disqualifications, penalty points. Vehicle details. Personal information about you, we may also use personal information about other people, for example family members, friends etc that you wish to insure on a policy. Eg, if you wish to insure your children/spouse/partner
|
| Claims data |
Details of any previous claims and claims occurring during the term of a policy arranged by us.
|
| Criminal records information |
Details of any unspent motoring or non-motoring convictions, including penalty points information
|
| Employment information |
Employment occupation, employment status (such as full/part time, contract)
|
| Financial details |
Bank account details, payment card details
|
| Health data |
Information about your health status
|
| Marketing preferences |
We will only send you direct marketing if you explicitly consent
|
| On-Line Information |
Information about your visits to our website such as your IP address, which is a unique number identifying your computer. Please see our Cookie Policy for further information
|
| Events information |
Information about your interest in and attendance at our events, including provision of feedback forms
|
Special categories of personal data
Special categories of data are sensitive in relation to your fundamental rights and freedoms and therefore require specific protection when processed as these could create significant risks to the rights and freedoms of individuals.
If
we collect any special categories of personal data, such as health, criminal convictions and offences including penalty point data, we will process this data where it is necessary for the purposes of providing a contract of insurance or to comply
with a legal obligation to which we are subject.
Section 50 of the Data Protection Act 2018 permits the processing of this data. This Act allows us to process special categories of personal data for insurance purposes. We will ensure
we have suitable and specific measures in place to safeguard the rights and freedoms of you and the processing of your data.
Information we automatically collect
We sometimes automatically collect certain types of information when you visit our websites and through e-mails when we communicate with you. Automated technologies may include the use of web server logs to collect IP addresses, ‘cookies’ and web beacons. Other cookies such as functional cookies, marketing cookies and analytical cookies will only be used with your expressed consent. Further information about our use of cookies can be found in our Cookie Notice at the footer of our web page.
How do we use your personal data?
Your personal data will be used to enable us to fulfil our contractual obligations in relation to your request to provide a quote for a new insurance policy or to renew your cover, or to administer your insurance policy.
We collect the information above in order to provide you with an insurance quote, setup, administer and manage your insurance policy. It is necessary in order to assess your application, verify your identity and arrange your insurance policy. The information may be used for the prevention and detection of financial crime. We will also use the information you provide to analyse your shopping habits and, if you buy a policy, how you use the benefits. This will help us to continue to design and offer products & services that meet our customers’ needs.
We will use call recording and the details you have given to facilitate compliance and quality monitoring.
In order that we can provide you with a quotation at new business and renewal stage we may use the information you have provided to us for analysis and profiling and to support our pricing strategy, which may involve an automated decision. If you object to an automated decision being made, please contact us and we will review your details.
We and the insurers on our panel may collect data about you from credit reference agencies to confirm your identity, assess your risk profile and offer you appropriate products. The search conducted will not impact your credit score and can only be seen by you, us, and the credit reference agency.
The below table provides more details on how we use your personal data and the legal basis by which we do this.
| Purpose | Legal Basis for Processing |
|---|---|
Provide a quote for insurance and process an insurance application
|
Processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract.
|
Administration of a contract of insurance
|
Processing is necessary for the performance of a contract and fulfil a legal obligation
|
To make and receive payments in relation to a service provided by us |
Processing is necessary for the performance of a contract
|
To verify your identity |
Processing is necessary for the performance of a contract and to comply with legal obligations
|
| To manage and investigate complaints |
Processing is necessary for the performance of a contract and necessary for the purposes of our legitimate interests
|
| To comply with all relevant legal and regulatory obligations |
Processing is necessary for compliance with a legal obligation
|
| To communicate and market you |
Processing is necessary for the purposes of our legitimate interests.
|
| For market research, customer satisfaction surveys, statistical analysis, and data analytics in order to help improve the customer journey and relationship. | Processing is necessary for the purposes of our legitimate interests. |
If you require further information on any of the above basis for processing your data, we can provide you with further details.
How we share your data
When required, we may make your information available to third parties with whom we have a relationship, where that third party is providing services on our behalf. We will only provide those third parties with information that is necessary for them to
perform the services and where there is a lawful basis to do so.
We may share relevant personal information with the following categories of third parties which are listed in the table below.
| 3rd Party | Reason |
|---|---|
Insurance partners
| In order to provide you with an insurance quote and/or administer an existing insurance policy. |
Other companies within the Ardonagh Group
| This includes our parent company Atlanta and their respective sub-contractors with whom we may share data for the administration of your policy. |
Other insurers, legal advisers, loss adjusters, and claims investigators
| Other insurance companies, reinsurers, legal advisors, loss adjusters, claims handlers and/or other organisations. In order to administer any claim, you may make. |
Law and other EU enforcement bodies
| Organisations where we have a duty to or are permitted to disclose your personal information by law (for example if we receive a valid request from the Gardai in the interest of preventing and detecting crime) |
Public authorities, regulators, and government bodies
| Where necessary for us to comply with our legal and regulatory obligations, or in connection with an investigation of suspected or actual illegal activity |
Our premium finance provider
| If you have chosen to pay by instalments your details will be passed to the lender who will arrange the credit agreement. |
Business partners
| Our business partners including our third-Party Postal Provider |
Transferring personal data outside of Ireland
We share data with the Ardonagh Group located in the UK. The EU Commission adopted adequacy decisions for transfers of personal data to the UK. This means that the EU accepts that the UK data protection regime is substantially equivalent to the EU regime
and allows personal data to be transferred freely from the EEA to the UK. Therefore, the UK is not deemed a third country.
On occasion we or a service provider may transmit certain aspects of your personal data outside of the European
Economic Area. Where we pass information to service providers such as your insurers, some may process this information overseas in countries such as the United States and Canada. Where this happens, we will ensure it is done lawfully, i.e., there
is an appropriate ‘level of protection for the fundamental rights of the data subjects’. We will therefore ensure that either the EU Commission has granted an adequacy decision in respect of the third country, or appropriate specified
safeguards have been put in place, such as Standard Contractual Clauses (SCC’s).
Security
The security of your personal data is important to us; we have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk and in line with industry practices. We have processes in place to protect your personal data from loss, unauthorised access, misuse, alteration, and destruction. All information you provide to us is stored on our secure servers.
Retention
Carole Nash Insurance Consultants (Ireland) DAC shall not keep personal data in a form that permits identification of data subjects for a longer period than is necessary.
Carole Nash Insurance Consultants (Ireland) DAC may store data for longer periods and in order to comply with an applicable statutory retention requirement. Under the Central Bank of Irelands Consumer Protection Code, 11.6, we are required to retain data
for a period of 6 years after the date of your last interaction with us.
Further details on the information we hold about you and how long we hold it for can be obtained from the Data Protection Officer at Ulysses House, 22-24 Foley Street, Mountjoy, Dublin 1 Republic of Ireland. D01 W2T2 or email [email protected]
Data subject rights
Under data protection law you have the right to change or withdraw your consent and to request details of any personal data that we hold about you.
Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records. (The erasure of such data will be dependent on our other legal obligations, and whether the data is subject to legal privilege).
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling.
- Right to make a complaint: if we refuse your request under rights of access, we will provide you with a reason as to why.
All the above requests will be forwarded on, should there be a third party involved, as we have indicated in the processing of your personal data.
Marketing
We may contact you from time to time about special offers, competitions, other products, and services that are offered by Carole Nash Insurance (Consultants) Ireland DAC and/or the wider Ardonagh Group and which we may think might be of interest to you. We may contact you by SMS, Post, Phone and Email and using the contact information you have provided us with, and where you have opted into receiving such communications from us.
You can update your marketing preferences at any time by:
- The Data Protection Officer, Carole Nash Insurance Consultants (Ireland) DAC, Ulysses House, 22 – 24 Foley Street, Dublin 1, D01 W2T2
- Email address: [email protected]
- Phone number: 01 850 8990
We will always rely on receiving your consent.
Complaints
If you wish to make a complaint about how your personal data is being processed by Carole Nash Insurance Consultants (Ireland) DAC or how your complaint has been handled, you have the right to lodge a complaint with our Data Protection Officer.
You may also lodge a complaint with the Data Protection Commission (DPC) in Ireland, whose details are:
Data Protection Commission
21 Fitzwilliam Square South,
Dublin 2.
D02RD28
Email: [email protected]
See website for updated contact details to reach the appropriate section within the DPC.
Contact Us
Your privacy is important to us. If you have any comments or questions regarding this statement, please contact us on 01 850 8990 or by email at [email protected]
Privacy notice/statement changes
When we update this Privacy Notice/Statement, we will post a revised version online. Changes will be effective from the point at which they are posted. We would encourage you to review our Privacy Notice so that you are aware of updates.
This privacy policy was last reviewed in March 2022