Data Protection Summary for Broker Customers

Data Protection

Summary for

Broker Customers

26th November 2019

Data

Protection

Summary

for Broker

Customers

This document is a summary of the AXA

Insurance Data Protection Statement.

It contains a brief description of the

information you need to understand

how we use your data.

If you would like more detailed information on how we

use your data, please contact your Broker and request the

full AXA Insurance Data Protection Statement or send an

email to AXA at dataprot[email protected]. We encourage

you to periodically review this document (or an updated

version of it) or our full Data Protection Statement to keep

informed about how we use your personal data.

Please note references to “AXA”, “us”, “our” and “we” mean

AXA Holdings Ireland Limited and its subsidiaries, including

AXA Insurance dac (the ‘data controller’), and any associated

companies from time to time.

1 General

Please make sure that anyone else who is

insured under your policy has provided you

with permission to provide their personal

information to us.

It is important that you show this document

or the full AXA Insurance Data Protection

Statement to anyone else who is insured

under your policy of insurance, including

any named drivers and anyone living at the

property insured under your policy, as it also

applies to them.

Queries and Complaints:

If you would like to contact us in relation to any

aspect of our use of your personal data, please

contact our Data Protection Oicer (or ‘DPO’) at

+353 (0)1 471 1812 or complianc[email protected] or write

to: DPO, AXA Insurance dac, Wolfe Tone House,

Wolfe Tone Street, Dublin 1.

Alternatively you have the right to lodge a

complaint with a data protection regulator, such

as the Data Protection Commission. Their contact

details are available at dataprotection.ie.

2 Collection

As a Broker customer, the majority of the

information we receive about you (and any other

people insured under your policy of insurance)

comes from your Broker. We may also obtain

personal data from various other parties or sources,

including you, your representatives (if applicable),

other insurance companies, third parties involved

in a claim or potential claim, the emergency

services and from searches (such as industry

databases, State or government departments,

bodies or agencies, media outlets or credit

reference agencies).

3 Use of Information

We mainly use your personal information so that

we can provide a quote, set up, administer and

manage your policy and to manage and investigate

complaints and claims. However, we may also use

the personal data we gather for any or all of the

following purposes:

■ to verify your (or your representative’s) identity;

■ to provide customer loyalty programmes and

value added services;

■ for statistical analyses and the review and

improvement of AXA’s products, services and

processes;

■ to carry out market research and to improve our

processes, products or services;

■ for the detection and prevention of fraud, money

laundering and other oences;

■ for sta training and management;

■ for storage and to make back-ups of data;

■ for reinsurance purposes and AXA Group

reporting purposes (where necessary);

■ for compliance with all relevant laws and

regulations; and/or

■ as set out in this documents and other

documents provided or made available to you.

Legal Basis for processing:

The legal bases we rely on for using your personal

data for the above purposes in the majority of

circumstances are where:

■ the processing is necessary for the performance

of a contract to which the data subject is party

or in order to take steps at the request of the

data subject prior to entering into a contract

(including a quote that is not taken up);

■ the processing is necessary for compliance with

a legal obligation to which we are subject;

■ the processing is necessary for the performance

of a task carried out in the public interest; and

■ the processing is necessary for the purposes of

the legitimate interests pursued by us. In such

cases, our legitimate interests are as follows:

‒ to use your data to make certain types of

payment that are not required by law or a

contract;

‒ to add value to the AXA product oering;

‒ to engage in activities to improve and adapt

the range of products and services we oer

and to help our business grow and to ensure

that our systems are eective and eicient;

‒ to investigate and prevent potential

fraudulent and other illegal activity; or

‒ the proper running of its business.

Sensitive data (such as criminal conviction and

health related data) will only be processed for

any of the above purposes by way of (a) explicit

consent, (b) for the assessment of risk, (c) for the

prevention of fraud, (d) for the establishment,

exercise, enforcement or defence of legal claims or

(e) to protect the vital interests of a person.

Telematics

Telematics is a system that is used to measure

your driving performance and to determine the

risk associated with your insurance policy. If your

policy has this feature (check your Policy to see if

it applies to you), we will analyse certain aspects

of your driving behaviour, such as your speed, to

determine your premium. We may cancel your

insurance policy if we determine (at our sole

discretion) that you are driving unacceptably.

If you allow someone else to drive your car,

you must inform them that the trips are being

recorded and that details of the trips will be

available to you, your Broker and your Insurer.

It is also important to note that anyone who

drives your car will aect the evaluation of the

risk associated with your policy, which may

result in a higher premium or cancellation of

your insurance policy (in addition to any other

rights we may have under your policy).

4 Sharing of Information

In providing our services to you we may share your

personal data with various third parties, including:

■ Your representatives, such as a relative, another

person insured under your policy, your Broker or

your lawyers;

■ Our representatives, such as companies

that provide various services (including

telecommunications, data storage, document

destruction, fraud detection, credit checking,

IT, risk analysis and complaints handling),

claims related service providers (including for

the assessment of liability, injuries, damage to

vehicles and other property), lawyers and, from

time to time, private investigators;

■ Other third parties, such as other individuals

involved in incidents (and their representatives),

other insurance companies, anti-fraud

databases (such as InsuranceLink, the Claims

and Underwriting Exchange Register and the

Motor Insurance Anti-Fraud and The Register),

reinsurers, external advisors and auditors and

AXA Group companies; and

■ State or government departments, bodies or

agencies (such as the police, the Department of

Transport and the Driver and Vehicle Licensing

Agency, the Motor Insurance Database, the

National Vehicle File, the Motor Insurers’ Bureau

and the Motor Insurers’ Bureau of Ireland).

International Transfers

On occasion we or a service provider may

transmit certain aspects of your personal

data outside the European Economic Area. In

such circumstances, we will ensure that such

transmissions are carried out securely and in

accordance with data protection law.

The non-European Economic Area countries to

which we send personal data include i) The UK

(in the event that the UK leaves the EU without a

deal) ii) the United States of America, iii) India, iv)

Switzerland and v) AXA Group companies in non-

EEA countries.

AXA complies with the law regarding international

transfers of data by relying on the European

Commission’s standard data protection contract

clauses under Article 46.2 of the General Data

Protection Regulation (in relation to items i, ii and iii

above), the decisions of the European Commission

stating that certain countries, such as Switzerland,

ensure adequate levels of data protection in their

law, as per Article 45 of the GDPR (in relation to item

iv above) or binding Corporate Rules under Article

47 of the GDPR (in relation to item v above).

If you would like more information about the

relevant safeguards involved in the transfer

of personal data to countries or companies

outside the European Economic Area, please

visit the European Commission’s website

on international data transfers at https://

ec.europa.eu/info/law/law-topic/dataprotection/

international-dimension-dataprotection

or contact our DPO using the details

in Section 1 ‘General’ above.

5 Data Collected

The table below contains examples of the types of data we collect for the purposes set out in this

document:

Category Type of Data Collected

Policy information Name, address, date of birth, gender, licence details, payment details,

vehicle and property details, driving and claims history, relevant

criminal convictions, penalty points, etc.

Information obtained from

sources other than you

Penalty points, address look up, geocoding information, vehicle details

and history, credit score, etc.

Claims information The circumstances of an incident, health information (injuries and

relevant pre-existing health conditions), relevant criminal convictions,

etc.

6 Retention of Data

Generally we keep personal information for the following periods:

Type of Information Retention Period

Quote information (where a

policy is not taken out)

15 months

Policy information The life of the policy plus 10 years

Claims information 10 years from when the claim is nalised (settlement, court hearing,

withdrawal of claim, etc.)

Claims information – where

there is the potential for a

child to make a claim

Up to 3 years aer the child in question turns 18 years of age

We also retain certain limited details beyond these periods to deal with any claims we receive aer the

statute of limitations has expired (late claims) and any claims we receive where the claimant was not aware

of the damage until a long time aer it was caused (latent claims). We retain these details (for example

names, policy start and nish dates and cover details) for 25 years (for late claims) and 60 years (

for latent claims).

7 Automated Decision-Making

We use automated decisions-making, using

information including customer details and

claims experience, in the underwriting of your

insurance policy.

Underwriting is the process by which an insurance

company examines, accepts or rejects risks and

classies those selected in order to charge an

appropriate premium. We use an algorithm, which

uses complex mathematical and actuarial methods

of calculating and pooling risk, for insurance

underwriting purposes. Where we use automated

decision-making, you are entitled to make

representations to a member of sta in relation to

the decision in question.

If you have a telematics device installed in your car,

we also use automated decision-making in relation

to your driving behaviour. These decisions relate to

the calculation of your premium and, if applicable,

the cancellation of your policy for unacceptable

driving.

8 Your Rights

As a ‘data subject’, you have the right:

a. to withdraw consent where we are processing

your information on the legal basis of consent;

b. of access to the personal data concerning you

that we hold and to be informed why and how

we process that data;

c. to require us to correct any inaccurate

information about you (including missing

details). In certain cases, you are required by

the terms of your insurance policy to make

such corrections.

d. of erasure/to be forgotten, which means you

have a right to have personal data concerning

you erased. However you may only request the

deletion of your data in specic situations.

e. to data portability, which means you may

request from us all personal data that you

provided to us. You may also request that we

send this data to another company or person.

f. to restrict processing of your personal data

where you feel that it is inaccurate, that we are

processing it unlawfully or that we no longer

need it or where you have invoked your right to

object (as set out in Section 8 (g) below).

g. to object to the processing of your personal

data, where we do so in the public interest

or on the basis of a ‘legitimate interest’ (see

the Legal Basis section above). We will then

stop processing the personal data in question

unless we can demonstrate compelling

legitimate grounds for the processing that

override your right or unless we need to use it

in a legal claim.

Please send all requests to us (details in Section 1

‘General’ above) in writing (by post or email).

If you have any

queries about your

insurance policy,

please contact

your Broker.

AXA Insurance dac, Wolfe Tone Street, Dublin 1. Registered in Ireland number 136155. We may record or monitor phone calls

for training, prevention of fraud, complaints and to improve customer service. AXA Insurance dac is regulated by the Central

Bank of Ireland. For business in Northern Ireland, AXA Insurance dac is authorised by Central Bank of Ireland and authorised

and subject to limited regulation by the Financial Conduct Authority. Details about the extent of our authorisation and

regulation by the Financial Conduct Authority are available from us on request.

ABG101 12/19 OMG61249