1. Home
  2. Privacy Policy

Privacy Policy

Royal London Ireland is committed to protecting and respecting your privacy

This notice describes how we collect, store, use and share personal data. It also explains your rights relating to the personal data that we hold about you. It applies to personal data provided to us directly and indirectly, both by you and by others on your behalf.

Download full Privacy Notice

Throughout this notice, when we say ‘we’ or ‘us’ we are referring to Royal London Insurance Designated Activity Company (DAC), a company registered in Ireland (registration number: 630146). Royal London Insurance DAC, trading as Royal London Ireland, provides life insurance products to its customers in the Republic of Ireland via independent intermediaries (Financial Brokers). Royal London Insurance DAC also administers closed books of business with respect to life (investment) products in Ireland and Germany.

Royal London Insurance DAC is a wholly owned subsidiary of The Royal London Mutual Insurance Society Limited which is registered in England, number 99064, at 80 Fenchurch Street, London, EC3M 4BY.

Personal data is defined under the General Data Protection Regulation (GDPR) as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

In essence, personal data is your personal information. Please see section 3 below for the type of personal data that we collect. We collect and process personal data primarily to provide you with our products and to administer a policy you have with us. Section 4 of this privacy notice tells you what to expect us to do with your personal data when you make contact with us or use one of our services.

Depending on the type of product and service provided, we will collect and process the following data about you:
 

  • Information about you – such as your name, age, gender, date of birth, work/profession, hobbies and nationality.
  • Special category data – this is personal data that needs more protection because it is sensitive. Where it is relevant to your policy, we will collect data relating to your medical history, health or biometrics.
  • Government identifiers – data from your identification documents, such as your driving license, PPS number or passport.
  • Contact information – for example your address, Eircode, email address and phone numbers.
  • Online information – for example cookies and your IP address (your computer’s internet address), if you use our websites.
  • Financial information – such as your salary and bank account details for any payments to us or which we make to you.  If we need to verify information on your finances, we will require copies of your financial accounts.
  • Telephone calls or video recordings – for example voice recording when you contact us or CCTV footage if you visit our offices.
  • Contractual information – for example details about your products and benefits.
  • Family and beneficiaries’ information – such as your marital status, dependants, next of kin, family medical history or nominated beneficiaries. If you provide information about another individual, it’s important you ensure they are aware of the detail being provided to us on their behalf and that they have read this policy. Their data will be processed according to this Privacy Policy.

We use your data for a number of reasons:

Providing a quote and calculating your premium.

  • Underwriting and processing your application, to establish whether we can offer you insurance cover and on what terms.
  • Automated decision-making, as part of our sales process, when you receive a quote, and customer profiling if we make an assumption about you (please refer to section 11 for further information).
  • Setting up and administering your policy.
  • Completing any requests, making and receiving payments, or managing any queries or claims you make.
  • Verifying your identity and attempting to prevent fraud and other financial crime. If you make a big deposit into your pension, we ask where the money has come from to comply with money laundering laws.
  • Researching our customers’ opinions and exploring new ways to enhance the servicing experience we provide to meet your needs.
  • Assessing, developing and managing our products, systems, prices, our business and brand.
  • Fulfilling any other legal or regulatory obligations.
  • Sending you information relating to our service or your product.
  • To analyse, assess and improve our customer service, and to help with our people training.
  • Identifying vulnerable customers to help determine whether we need to take further steps to ensure these customers are not disadvantaged in any way (please refer to section 11 for further information).
  • Managing the relationship with your Financial Broker, if you have appointed one.
  • Monitoring the use of our websites. For further information please see our cookie policy.

Most of the data we get comes directly from you or your Financial Broker when you apply for one of our products or services.  We may also get personal data about you from other sources, including:

  • Medical professionals – for example if we need information for underwriting purposes or to support a claim.
  • Premium quotation services – if your Financial Broker used a quotation service to get your premium quotes, the service provider may share some of your data with us.
  • Data brokers -
    • if it’s necessary and reasonable to obtain contact information (email and phone numbers) to carry out customer research, promote brand awareness or remind you about the benefits of your plan or;
    • to help put our customers into groups for product development and assessment purposes. We use this information to create a better understanding of all our customers, and to help us to meet changing needs.
  • ‘Third party’ cookies - to collect data on how visitors use our website. Our cookie policy can give you more information.
  • Other insurance providers where you have also applied to them for cover.
  • The owner of the policy, on behalf of another person covered or a beneficiary.
  • Publicly available information - including social media websites and online content, newspaper articles, television, radio and other media content, court judgements, public registers and specialist databases (for example Companies Registration Office, Vision-net, Oracle, Dow Jones, SoloCheck) and the electoral register.

As you’d expect, our employees will access your records for the purposes mentioned above. For example, our customer service staff need access to your policy details to support you when you get in contact and our research team will need access to a subset of your data to perform their analysis. We regularly check who has access to our systems.

We will also share your personal data with these third parties:

  • Your Financial Broker, if you have appointed one. For example, you may have authorised your Financial Broker to:
    • Make changes to your policy on your behalf.
    • Obtain copies of your documentation to look after your policy.
    • Use designated online portals to manage your policy.
    • Receive reports on your policy status and the commission they earn based on this. This information helps your Financial Broker provide advice and services to you.
  • Our service providers, for instance those who perform some underwriting activities for us, translators, mailing houses for printing, market research agencies, offsite storage providers, confidential waste disposal companies and approved IT specialists who support our technology.
  • Our professional advisers, including auditors, medical professionals, legal advisers and other insurance providers where you have also applied to them for cover.
  • Our Reinsurers*, who require data including policy details, claims, medical and suspected fraud, and other financial crime data.
  • Identity authentication, law enforcement and fraud prevention agencies.
  • Legal and Regulatory bodies, for example the Revenue Commissioners, the Central Bank of Ireland, the Data Protection Commission and the Financial Services and Pensions Ombudsman.
  • Data Brokers, to source contact details for research, where appropriate.
  • Our bank, if you pay your premium by Direct Debit.
  • Trustees, if your plan is held in trust, we'll need to share limited data with the trustee(s).
  • Administrators, registered administrators, or trustees of other pension arrangements which you hold or of which you are a member.
  • Companies within The Royal London Mutual Insurance Society Limited (Royal London Group).
  • Companies you ask us to share your data with.

Furthermore, if Royal London Ireland was to merge or sell any part of its business or assets, it would be necessary to pass your personal data to the buyer/new entity.

Please note that any third parties will only process your personal data on our instructions and where they have agreed to treat the data confidentially and to keep it secure.

Where the policy owner (the party who owns and pays for the policy) and the life assured (the life covered by the policy) are different parties, all personal data provided as part of the application, including personal medical information, will
be shared with both the life assured and the policy owner.

* Reinsurance, or insurance for insurers, allows us to insure some of our risk with another company or companies.  Our Reinsurers will use your personal data for purposes such as, but not limited to, deciding whether to provide reinsurance cover to us, assessing and dealing with claims and to meet legal requirements. They’ll keep your personal data for as long as needed for the relevant purposes, in line with their obligations under GDPR, and may need to disclose it to other companies within their group, their agents, third party service providers, law enforcement or regulatory bodies. Let us know if you want further details of the Reinsurers specific to your policy by using the details in the Contact Us section.

The General Data Protection Regulation (Articles 6 and 9(4)) and associated legislation sets outs specific bases under which your data may be processed lawfully. The legal basis for the processing of personal data by us will depend on the purpose for which the processing is being carried out.

We will only use your personal data when one of these conditions has been satisfied.  The following tables show the legal grounds for each use of your data:

Uses of your data Legal Grounds

Setting up and administering your policy

This covers all the usual activities, such as:

  • Processing your application.
  • Calculating your premium.
  • Making and receiving payments.
  • Managing any changes of personal details such as changes of address or name.
  • Servicing your policy.
  • Responding to queries or complaints.
  • Keeping you updated about your products, such as sending you yearly statements and reminders.
  • Managing your funds and deciding what your funds are invested in or what options are available.
  • Managing the relationship with your Financial Broker, if you have appointed one.
  • Managing our risks appropriately with our reinsurance partners.

Completing any requests or claims you make

This includes:

  • Changing your cover.
  • Changing the terms of your policy or who is covered.
  • Processing an ill health or death claim.
  • Paying a lump sum.
  • Paying a regular income.

For administrative, audit and reporting purposes, we share your data with Royal London Group and our service providers.  Where possible, we will make your data anonymous.

Your data will only be transmitted within the Royal London Group and to our service providers when appropriate safeguards, including contractual provisions, are in place.

If we lose touch

We may use a trusted third party to find you and reunite you with your policy.

Necessary for the performance of a contract

The personal information you provide about yourself or another person on your application or policy, may be processed when it is needed to either agree to or comply with a contract. For example, where we process your data to assess your application, calculate your premium or to provide your policy.

If you do not provide these details, we will be unable to fulfil your contract.

The medical data you, your medical practitioner or your GP provide will be used, where necessary, for underwriting your policy or for claims assessment.

In certain cases, the data provided may be for another individual or family member where it is relevant to your policy.

We’ll share your data with our reinsurers, and appropriate medical professionals, including our Chief Medical Officer, if we need another opinion or on specialist cases, or if we need further help to check whether you meet Revenue rules around accessing your pension early.

Necessary for insurance product

The 2018 Data Protection Act provides legal grounds for processing your medical data in connection with an insurance or pension product.

We use your personal data and special category data, where necessary, to comply with legal obligations including:

  • Establishing your identity, residence and tax status in order to comply with laws and regulations on taxation and the prevention of money laundering, fraud and terrorist financing.
  • Providing you with statutory and regulatory information and statements.
  • Preparing tax and other returns to regulators and the Revenue Commissioners.
  • Complying with the requirements of Legal and Regulatory bodies e.g., the Revenue Commissioners, the Central Bank of Ireland, the Data Protection Commission and the Financial Services and Pensions Ombudsman.
  • Keeping proper books and records and risk management governance to ensure the company stays financially sound.
  • Carrying out internal reporting, quality checking, compliance controls and audits to help meet these obligations.
  • Reporting to and, where relevant, conducting searches on industry registers. This includes screening all customers against sanction lists and Politically Exposed Persons lists.
  • Complying with court orders.

Necessary for compliance with a legal obligation

Your Personal data may be processed where Royal London Ireland has a legal obligation to perform such processing.

In certain cases, and where necessary, the special category data provided may be processed for the following purposes:

  • To defend legal and prospective claims.
  • To pursue legal proceedings or prospective legal proceedings.
  • To establish, exercise or defend legal rights.

Necessary to provide legal advice and legal proceedings

The 2018 Data Protection Act provides legal grounds for processing special category data for legal advice and legal proceedings.

We may disclose your information to An Garda Síochána or other authorities. For example, if we have serious concerns about your wellbeing.

Necessary to protect vital interests

Data Brokers

We may get your email address from data brokers if, for example, we’d like to use it for a research project. We will ensure the data broker has obtained your consent to the sharing of your data.

 

Medical Data

To set up your policy we may need to contact a medical professional or your GP.

In order to assess a claim, we will use your consent before we contact your medical practitioner or your GP so that they can provide the necessary information.

 

Helping Hand

If you want to use our Helping Hand service, we will need your consent to pass your contact details to RedArc, the independent company that provides the service.

 

Vulnerability Information

 You may provide us with information about a vulnerability you have. With your consent, we would keep a record of this information so that we are aware that you are a vulnerable customer and proactively accommodate your vulnerability when we’re in contact with you. Your sharing of this information is voluntary and depends on personal circumstances.

 

Cookies

On our website we use ‘third party’ cookies that collect data about how visitors use our website. Please see our cookie policy for further information.

Consent

Your personal data may be processed when we receive your consent.

The consent you provide must be freely given, informed, specific, unambiguous and given with a positive affirmative action.

Your consent can be withdrawn at any time.

Necessary for legitimate interests

We also use your data when we have a “legitimate interest” and that interest isn’t outweighed by your privacy rights. Each activity is assessed, and your rights and freedoms are considered to make sure that we’re not being intrusive or doing anything beyond your reasonable expectation. We’ll assess the information we need, so we only use the minimum.

If you want further information about processing under legitimate interests, you can contact us using the details at the end of this privacy notice.

You also have the right to object to any processing done under legitimate interests. We’ll re-assess the balance between our interests and yours, considering your particular circumstances. If we have a compelling reason, we may still continue to use your data.

We use legitimate interests for the following:

Use of your data Legitimate interest(s) 
We collect and provide service information on your policy. To manage our business:
We need to continuously improve our service quality and training.

We manage our network and information security (for example: developing, testing and auditing our websites and other systems, dealing with accidental events or unlawful or malicious actions).

We need to ensure that our systems are always secure and that your data is always protected.

We need to prevent and detect fraud, dishonesty and other crimes (for example, to prevent someone trying to steal your identity).
We use CCTV at our premises. We need to protect our staff and visitors for health and safety reasons and security purposes.

Our products are developed with a particular set of customer needs in mind. In order to make sure your policy is still suitable for you and is working as we intended, we combine your data with other customers to analyse and segment it.

 

We’ll use your underwriting responses and claims data to analyse how we can redesign products and/or make our underwriting process easier, with better outcomes for potential and existing customers and policyholders.

 

We financially assess the performance of our business; we conduct risk management exercises, and we carry out long-term statistical modelling.

To assess and develop our products, systems, prices, business and brand
We need to be able to identify groups of customers who will want new products or services that we are considering developing.

 

We need to develop our products and services, and make sure our product charges are fair.

 

We need to make sure we are treating you fairly and check your product is suitable for you.

 

We need to make sure that we are looking after your money and that we have enough money to pay our customers when the time comes.

 

We need to understand our risks, provide management information and help us to manage our business.

 

 

We may conduct research before we launch new products or before we make changes or improvements to existing products to make sure it’s the right thing to do. We might also conduct research to ask customers what they think of Royal London Ireland, our products and services.

 

Where we don’t have your contact details, we may obtain your telephone number from data brokers to contact you for a research project. However, we always take steps to check that you have not objected to such contact, e.g., by checking the National Directory Database.

To research our customers’ opinions and new ways to meet our customers’ needs
We need to make sure our products are suitable for the intended audience and to identify gaps in the market.

 

We need to see how many categories of customers we have and to tailor our products and services accordingly.

 

We need to make sure our communications are easy to understand and that our products are being sold to the correct audience.

 

We need to make sure our research is efficient and connects with the right types of people, so we can be confident of any decisions we make based on the results.

 

 

 
We don’t currently market other products to you, but we reconsider this at regular intervals and may choose to do this in the future. Where these communications are marketing and therefore optional, we will make it clear that you can opt out of these.

Marketing
We need to ensure our communications are in line with Royal London Ireland’s values
We also need to grow and sustain our business, develop our brand and effectively communicate with our customers and policyholders.

We sometimes use third parties located in other countries to provide support services. As a result, your personal data may be processed in countries outside the European Economic Area (EEA).

These services will be carried out by experienced and reputable organisations on terms which safeguard the security of your data and comply with the European data protection requirements. Some countries have been assessed by the European Commission (EC) as being ‘adequate’, which means their legal system offers a level of protection for personal data which is equal to the EC’s protection. Where the country hasn’t been assessed as adequate, we use ‘standard contractual clauses’ within the legal agreement to safeguard the processing of your personal data.

The European Commission has recognised ‘standard contractual clauses’ as offering adequate safeguards to protect your rights. We’ll use these clauses where required, to make sure your data is sufficiently protected to the same standard prescribed by GDPR. The European Commission approved standard contractual clauses are available here.

We use ‘standard contractual clauses’ in the provision of the following services to Royal London Ireland:

  • IT support and technology development with operations based in India.
  • Reinsurance services with our global reinsurance partners who have operations based in the United States and Bermuda.
  • Services with other providers/suppliers, research partners and administrators who have operations based in India, Malaysia, Australia, South Africa and the United States.

We always ensure all personal data is provided with adequate protection and all transfers of personal data outside the EEA are done lawfully.

If you have a life (investment) policy in Germany, we will have access to your personal data in Ireland, and will transfer it to the Isle of Man. There, a company called RL360 helps us in the administration of your policy.

We have put in place security measures designed to prevent your personal data and Special Categories of Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We use industry standard solutions to encrypt and protect email traffic. If your email service doesn’t support Transport Layer Security (TLS) or if you do not want to use our managed email Security Service, we may not be able to communicate with you by email, and any emails we do send or receive will not be protected by encryption and could be intercepted.

Use of internet email is not a guaranteed secure communication channel, therefore, we recommend you don’t send anything confidential to us by email. We may also change our Email Security Service provider at any time without notice and without changing the provision in this notice. Once we receive your data, we use strict procedures and security features to protect your data from unauthorised access.

In the event of a potential data security breach, we will notify you and the Data Protection Commissioner’s Office if we are legally required to do so, or there is a risk to your rights and freedoms as a result of the breach.

We will only keep your personal data for as long as it is considered necessary for the purpose for which it was collected and to comply with our legal and regulatory requirements.

In the absence of specific legal, regulatory, or contractual requirements we will keep your personal data for seven years after your relationship with us has ended. Call recordings will be held for three months.

But there are times when, depending on the type of policy you have or specific regulations, we may keep it for a different time period. This amount of time will depend on:

  • The type of data we have about you.
    • We keep underwriting and claims information for ten years to allow us to assess whether our policy cover is appropriate. We need information for the longer period to make sure we can evaluate a large enough number of cases and make informed decisions.
  • Whether you or a regulatory authority like the Ombudsman asks us to keep the data for longer. There needs to be a valid reason for this request.
  • The relevant legal and regulatory rules that our business must follow.
  • Whether there is a dispute, legal or otherwise, between us which requires us to keep your personal data.

For those customers who bought their policy from GRE Life, Royal Liver, or Irish Life (Home Service), we are working to align the retention period for these customers to the policy outlined above.

 

Automated Decisions
Automated decisions are where a computer makes a decision about you without a person being involved.

Profiling
Profiling is when we make assumptions about you.

Underwriting
We make automated decisions about you as part of the underwriting process. We ask for relevant information about your job, interests, travel, health and family history. For example, we need to know if one of your interests is skydiving, as this would typically increase your risk of claiming under an insurance policy and potentially your premium.

You have the right to ask for a person to review the automated decision. You can also ask for the decision to be made through our manual underwriting process.

There are some cases where we won’t be able to offer a decision online and will need your application to be reviewed by our underwriting team. We may request further information from you or from your medical professional before we’ll be able to confirm whether we can offer you cover, and on what basis.

Crime Prevention
We will undertake checks for the prevention and detection of crime, as we are required by law to do so. These checks use automated means to make decisions about you. This may result in declining the services you requested and stopping services currently provided to you. Please see section 12 “What are my rights” for further information.

Vulnerability
Many people may become vulnerable at some point in their lives. When a person notifies us that they have a relevant vulnerability we may keep a record of this information to allow us to proactively accommodate their vulnerability when we’re in contact with them.

Socio-economic profiling
We may, in the future, consider analysing your personal data to create a profile so that we can contact you with information relevant to you. When building a profile, we would use Experian software to provide us with insight into our customers. The software uses a variety of publicly available and market research sources to divide the population into a series of categories. The categories are a way of grouping people who are likely to have similar social, demographic (i.e. age, location) and financial circumstances. The results are assessed and combined so we get a picture of our customers as a whole, and tailor the products and services we provide. If we were to undertake such an exercise, we would complete a Data Protection Impact Assessment and a Legitimate Interest Assessment to assess and mitigate any personal data related risks. Please see section 12 “What are my rights” for further information.

In the future, we may like to keep a note of the category you fall into so we can tailor our communications to suit you. Before we do this, we’ll assess if this is fair.

Your rights are outlined below. The easiest way to exercise any of your rights would be to contact our Data Protection Officer at the contact details provided.  We will provide a response within 30 days, if not sooner.  There is no charge for exercising any of your rights, however, we reserve the right to request a small charge for repetitive or excessive access requests. We may ask you for proof of identity when you request to exercise some of these rights to ensure we are dealing with the correct individual.

Access to your personal data
You have the right to find out what personal data we hold about you, in many circumstances.

Correcting or adding to your personal data
If any of your details are incorrect, inaccurate or incomplete you can ask us to correct them or to add data.

Withdrawing your consent
If you have provided consent for us to use your data, you have the right to withdraw your consent at any time. If you withdraw consent, then we may not be allowed to use your data going forward. However, it would not invalidate processing that was carried out before you withdrew consent. Withdrawal of consent may impact the product and services we can provide to you or the ability to administer your policy or process your claim.  In this event, we will let you know what the impact would be.

Transferring your personal data to another organisation (Data portability)
In some circumstances you can ask us to send an electronic copy of the personal data you have provided to us, either to you or to another organisation.

Objecting to the use of your personal data for legitimate interests
You also have the right to object to any processing done under legitimate interests.  We will re-assess the balance between our interests and yours, considering your particular circumstances.  If we have a compelling reason, we may still continue to use your data if that interest is not deemed to be outweighed by your privacy rights.

Objecting to direct marketing
You have a specific right to object to our use of your data for direct marketing purposes, which we will always act upon.

Objecting to automated decision making
You have a right to object if we have made an automated decision, including profiling, which has legal and significant effect against you. You also have the right to challenge the decision and ask for a human review. These rights do not apply if we are authorised by the law to make such decisions and appropriate safeguards are in place to protect your rights.

Restricting the use of your personal data
If you are uncertain about the accuracy or our use of your data, you can ask us to stop using your data until your query is resolved.  We will let you know the outcome before we take any further action in relation to this data.

Right to Erasure
You can ask us to delete your personal data in some circumstances, such as if your policy has ended and we do not need to keep your data for legal or regulatory reasons. If we are using consent to process your data and you withdraw it, you can ask us to erase your data.

If you are dissatisfied with how we are using your data, you have the right to complain to the Data Protection Commissioner. We would encourage you to contact us first, so we can deal with your concerns.

The Data Protection Commission’s office can be contacted by:

  • Visiting their website www.dataprotection.ie and using the online webform.
  • Writing to the Data Protection Commission, 21 Fitzwilliam Square, Dublin 2, D02 RD28.

Making sure that we keep you up to date with privacy information is a continuous responsibility and we keep this notice under review.  We will update our notice as changes are required.

This privacy notice was last updated on 6 November 2023.

If you have any questions, or comments regarding this privacy notice, or if you are unhappy about the way Royal London Ireland uses your data, please contact us using the details below.

Post: Data Protection Officer, Royal London Insurance DAC, 47-49 St Stephen’s Green, Dublin 2.

Email: GDPR@royallondon.ie