Privacy Policy

Royal London Ireland is committed to protecting and respecting your privacy

This notice describes how we collect, store, use and share personal data. It also explains your rights relating to the personal data that we hold about you. It applies to personal data provided to us directly and indirectly, both by you and by others on your behalf.

Throughout this notice, when we say ‘we’ or ‘us’ we are referring to Royal London Insurance Designated Activity Company (DAC), a company registered in Ireland (registration number: 630146). Royal London Insurance DAC, trading as Royal London Ireland, provides life insurance products to its customers in the Republic of Ireland via independent intermediaries (Financial Brokers). Royal London Insurance DAC also administers closed books of business with respect to life (investment) products in Ireland and Germany.

Royal London Insurance DAC is a wholly owned subsidiary of The Royal London Mutual Insurance Society Limited which is registered in England, number 99064, at 80 Fenchurch Street, London, EC3M 4BY.

Personal data is defined under the General Data Protection Regulation (GDPR) as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

In essence, personal data is your personal information. Please see section 3 below for the type of personal data that we collect. We collect and process personal data primarily to provide you with our products and to administer a policy you have with us. Section 4 of this privacy notice tells you what to expect us to do with your personal data when you make contact with us or use one of our services.

Depending on the type of product and service provided, we will collect and process the following data about you:
 

  • Information about you – such as your name, age, gender, date of birth, work/profession, hobbies and nationality.
  • Special category data – this is personal data that needs more protection because it is sensitive. Where it is relevant to your policy, we will collect data relating to your medical history, health or biometrics.
  • Government identifiers – data from your identification documents, such as your driving license, PPS number or passport.
  • Contact information – for example your address, Eircode, email address and phone numbers.
  • Online information – for example cookies and your IP address (your computer’s internet address), if you use our websites.
  • Financial information – such as your salary and bank account details for any payments to us or which we make to you.  If we need to verify information on your finances, we will require copies of your financial accounts.
  • Telephone calls or video recordings – for example voice recording when you contact us or CCTV footage if you visit our offices.
  • Contractual information – for example details about your products and benefits.
  • Family and beneficiaries’ information – such as your marital status, dependants, next of kin, family medical history or nominated beneficiaries. If you provide information about another individual, it’s important you ensure they are aware of the detail being provided to us on their behalf and that they have read this policy. Their data will be processed according to this Privacy Policy.

We use your data for a number of reasons:

Providing a quote and calculating your premium.

  • Underwriting and processing your application, to establish whether we can offer you insurance cover and on what terms.
  • Automated decision-making, as part of our sales process, when you receive a quote, and customer profiling if we make an assumption about you (please refer to section 11 for further information).
  • Setting up and administering your policy.
  • Completing any requests, making and receiving payments, or managing any queries or claims you make.
  • Verifying your identity and attempting to prevent fraud and other financial crime. If you make a big deposit into your pension, we ask where the money has come from to comply with money laundering laws.
  • Researching our customers’ opinions and exploring new ways to enhance the servicing experience we provide to meet your needs.
  • Assessing, developing and managing our products, systems, prices, our business and brand.
  • Fulfilling any other legal or regulatory obligations.
  • Sending you information relating to our service or your product.
  • To analyse, assess and improve our customer service, and to help with our people training.
  • Identifying vulnerable customers to help determine whether we need to take further steps to ensure these customers are not disadvantaged in any way (please refer to section 11 for further information).
  • Managing the relationship with your Financial Broker, if you have appointed one.
  • Monitoring the use of our websites. For further information please see our cookie policy.

Most of the data we get comes directly from you or your Financial Broker when you apply for one of our products or services.  We may also get personal data about you from other sources, including:

  • Medical professionals – for example if we need information for underwriting purposes or to support a claim.
  • Premium quotation services – if your Financial Broker used a quotation service to get your premium quotes, the service provider may share some of your data with us.
  • Data brokers -
    • if it’s necessary and reasonable to obtain contact information (email and phone numbers) to carry out customer research, promote brand awareness or remind you about the benefits of your plan or;
    • to help put our customers into groups for product development and assessment purposes. We use this information to create a better understanding of all our customers, and to help us to meet changing needs.
  • ‘Third party’ cookies - to collect data on how visitors use our website. Our cookie policy can give you more information.
  • Other insurance providers where you have also applied to them for cover.
  • The owner of the policy, on behalf of another person covered or a beneficiary.
  • Publicly available information - including social media websites and online content, newspaper articles, television, radio and other media content, court judgements, public registers and specialist databases (for example Companies Registration Office, Vision-net, Oracle, Dow Jones, SoloCheck) and the electoral register.

As you’d expect, our employees will access your records for the purposes mentioned above. For example, our customer service staff need access to your policy details to support you when you get in contact and our research team will need access to a subset of your data to perform their analysis. We regularly check who has access to our systems.

We will also share your personal data with these third parties:

  • Your Financial Broker, if you have appointed one. For example, you may have authorised your Financial Broker to:
    • Make changes to your policy on your behalf.
    • Obtain copies of your documentation to look after your policy.
    • Use designated online portals to manage your policy.
    • Receive reports on your policy status and the commission they earn based on this. This information helps your Financial Broker provide advice and services to you.
  • Our service providers, for instance those who perform some underwriting activities for us, translators, mailing houses for printing, market research agencies, offsite storage providers, confidential waste disposal companies and approved IT specialists who support our technology.
  • Our professional advisers, including auditors, medical professionals, legal advisers and other insurance providers where you have also applied to them for cover.
  • Our Reinsurers*, who require data including policy details, claims, medical and suspected fraud, and other financial crime data.
  • Identity authentication, law enforcement and fraud prevention agencies.
  • Legal and Regulatory bodies, for example the Revenue Commissioners, the Central Bank of Ireland, the Data Protection Commission and the Financial Services and Pensions Ombudsman.
  • Data Brokers, to source contact details for research, where appropriate.
  • Our bank, if you pay your premium by Direct Debit.
  • Trustees, if your plan is held in trust, we'll need to share limited data with the trustee(s).
  • Administrators, registered administrators, or trustees of other pension arrangements which you hold or of which you are a member.
  • Companies within The Royal London Mutual Insurance Society Limited (Royal London Group).
  • Companies you ask us to share your data with.

Furthermore, if Royal London Ireland was to merge or sell any part of its business or assets, it would be necessary to pass your personal data to the buyer/new entity.

Please note that any third parties will only process your personal data on our instructions and where they have agreed to treat the data confidentially and to keep it secure.

Where the policy owner (the party who owns and pays for the policy) and the life assured (the life covered by the policy) are different parties, all personal data provided as part of the application, including personal medical information, will
be shared with both the life assured and the policy owner.

* Reinsurance, or insurance for insurers, allows us to insure some of our risk with another company or companies.  Our Reinsurers will use your personal data for purposes such as, but not limited to, deciding whether to provide reinsurance cover to us, assessing and dealing with claims and to meet legal requirements. They’ll keep your personal data for as long as needed for the relevant purposes, in line with their obligations under GDPR, and may need to disclose it to other companies within their group, their agents, third party service providers, law enforcement or regulatory bodies. Let us know if you want further details of the Reinsurers specific to your policy by using the details in the Contact Us section.

We sometimes use third parties located in other countries to provide support services. As a result, your personal data may be processed in countries outside the European Economic Area (EEA).

These services will be carried out by experienced and reputable organisations on terms which safeguard the security of your data and comply with the European data protection requirements. Some countries have been assessed by the European Commission (EC) as being ‘adequate’, which means their legal system offers a level of protection for personal data which is equal to the EC’s protection. Where the country hasn’t been assessed as adequate, we use ‘standard contractual clauses’ within the legal agreement to safeguard the processing of your personal data.

The European Commission has recognised ‘standard contractual clauses’ as offering adequate safeguards to protect your rights. We’ll use these clauses where required, to make sure your data is sufficiently protected to the same standard prescribed by GDPR. The European Commission approved standard contractual clauses are available here.

We use ‘standard contractual clauses’ in the provision of the following services to Royal London Ireland:

  • IT support and technology development with operations based in India.
  • Reinsurance services with our global reinsurance partners who have operations based in the United States and Bermuda.
  • Services with other providers/suppliers, research partners and administrators who have operations based in India, Malaysia, Australia, South Africa and the United States.

We always ensure all personal data is provided with adequate protection and all transfers of personal data outside the EEA are done lawfully.

If you have a life (investment) policy in Germany, we will have access to your personal data in Ireland, and will transfer it to the Isle of Man. There, a company called RL360 helps us in the administration of your policy.

We have put in place security measures designed to prevent your personal data and Special Categories of Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We use industry standard solutions to encrypt and protect email traffic. If your email service doesn’t support Transport Layer Security (TLS) or if you do not want to use our managed email Security Service, we may not be able to communicate with you by email, and any emails we do send or receive will not be protected by encryption and could be intercepted.

Use of internet email is not a guaranteed secure communication channel, therefore, we recommend you don’t send anything confidential to us by email. We may also change our Email Security Service provider at any time without notice and without changing the provision in this notice. Once we receive your data, we use strict procedures and security features to protect your data from unauthorised access.

In the event of a potential data security breach, we will notify you and the Data Protection Commissioner’s Office if we are legally required to do so, or there is a risk to your rights and freedoms as a result of the breach.

We will only keep your personal data for as long as it is considered necessary for the purpose for which it was collected and to comply with our legal and regulatory requirements.

In the absence of specific legal, regulatory, or contractual requirements we will keep your personal data for seven years after your relationship with us has ended. Call recordings will be held for three months.

But there are times when, depending on the type of policy you have or specific regulations, we may keep it for a different time period. This amount of time will depend on:

  • The type of data we have about you.
    • We keep underwriting and claims information for ten years to allow us to assess whether our policy cover is appropriate. We need information for the longer period to make sure we can evaluate a large enough number of cases and make informed decisions.
  • Whether you or a regulatory authority like the Ombudsman asks us to keep the data for longer. There needs to be a valid reason for this request.
  • The relevant legal and regulatory rules that our business must follow.
  • Whether there is a dispute, legal or otherwise, between us which requires us to keep your personal data.

For those customers who bought their policy from GRE Life, Royal Liver, or Irish Life (Home Service), we are working to align the retention period for these customers to the policy outlined above.

 

Automated Decisions
Automated decisions are where a computer makes a decision about you without a person being involved.

Profiling
Profiling is when we make assumptions about you.

Underwriting
We make automated decisions about you as part of the underwriting process. We ask for relevant information about your job, interests, travel, health and family history. For example, we need to know if one of your interests is skydiving, as this would typically increase your risk of claiming under an insurance policy and potentially your premium.

You have the right to ask for a person to review the automated decision. You can also ask for the decision to be made through our manual underwriting process.

There are some cases where we won’t be able to offer a decision online and will need your application to be reviewed by our underwriting team. We may request further information from you or from your medical professional before we’ll be able to confirm whether we can offer you cover, and on what basis.

Crime Prevention
We will undertake checks for the prevention and detection of crime, as we are required by law to do so. These checks use automated means to make decisions about you. This may result in declining the services you requested and stopping services currently provided to you. Please see section 12 “What are my rights” for further information.

Vulnerability
Many people may become vulnerable at some point in their lives. When a person notifies us that they have a relevant vulnerability we may keep a record of this information to allow us to proactively accommodate their vulnerability when we’re in contact with them.

Socio-economic profiling
We may, in the future, consider analysing your personal data to create a profile so that we can contact you with information relevant to you. When building a profile, we would use Experian software to provide us with insight into our customers. The software uses a variety of publicly available and market research sources to divide the population into a series of categories. The categories are a way of grouping people who are likely to have similar social, demographic (i.e. age, location) and financial circumstances. The results are assessed and combined so we get a picture of our customers as a whole, and tailor the products and services we provide. If we were to undertake such an exercise, we would complete a Data Protection Impact Assessment and a Legitimate Interest Assessment to assess and mitigate any personal data related risks. Please see section 12 “What are my rights” for further information.

In the future, we may like to keep a note of the category you fall into so we can tailor our communications to suit you. Before we do this, we’ll assess if this is fair.

Your rights are outlined below. The easiest way to exercise any of your rights would be to contact our Data Protection Officer at the contact details provided.  We will provide a response within 30 days, if not sooner.  There is no charge for exercising any of your rights, however, we reserve the right to request a small charge for repetitive or excessive access requests. We may ask you for proof of identity when you request to exercise some of these rights to ensure we are dealing with the correct individual.

Access to your personal data
You have the right to find out what personal data we hold about you, in many circumstances.

Correcting or adding to your personal data
If any of your details are incorrect, inaccurate or incomplete you can ask us to correct them or to add data.

Withdrawing your consent
If you have provided consent for us to use your data, you have the right to withdraw your consent at any time. If you withdraw consent, then we may not be allowed to use your data going forward. However, it would not invalidate processing that was carried out before you withdrew consent. Withdrawal of consent may impact the product and services we can provide to you or the ability to administer your policy or process your claim.  In this event, we will let you know what the impact would be.

Transferring your personal data to another organisation (Data portability)
In some circumstances you can ask us to send an electronic copy of the personal data you have provided to us, either to you or to another organisation.

Objecting to the use of your personal data for legitimate interests
You also have the right to object to any processing done under legitimate interests.  We will re-assess the balance between our interests and yours, considering your particular circumstances.  If we have a compelling reason, we may still continue to use your data if that interest is not deemed to be outweighed by your privacy rights.

Objecting to direct marketing
You have a specific right to object to our use of your data for direct marketing purposes, which we will always act upon.

Objecting to automated decision making
You have a right to object if we have made an automated decision, including profiling, which has legal and significant effect against you. You also have the right to challenge the decision and ask for a human review. These rights do not apply if we are authorised by the law to make such decisions and appropriate safeguards are in place to protect your rights.

Restricting the use of your personal data
If you are uncertain about the accuracy or our use of your data, you can ask us to stop using your data until your query is resolved.  We will let you know the outcome before we take any further action in relation to this data.

Right to Erasure
You can ask us to delete your personal data in some circumstances, such as if your policy has ended and we do not need to keep your data for legal or regulatory reasons. If we are using consent to process your data and you withdraw it, you can ask us to erase your data.

If you are dissatisfied with how we are using your data, you have the right to complain to the Data Protection Commissioner. We would encourage you to contact us first, so we can deal with your concerns.

The Data Protection Commission’s office can be contacted by:

  • Visiting their website www.dataprotection.ie and using the online webform.
  • Writing to the Data Protection Commission, 21 Fitzwilliam Square, Dublin 2, D02 RD28.

Making sure that we keep you up to date with privacy information is a continuous responsibility and we keep this notice under review.  We will update our notice as changes are required.

This privacy notice was last updated on 6 November 2023.

If you have any questions, or comments regarding this privacy notice, or if you are unhappy about the way Royal London Ireland uses your data, please contact us using the details below.

Post: Data Protection Officer, Royal London Insurance DAC, 47-49 St Stephen’s Green, Dublin 2.

Email: GDPR@royallondon.ie