1. Introduction
At New Ireland we take your privacy seriously. We are committed to:
Protecting you and your information
Giving you control
Being transparent
Creating value for you
The information you provide about yourself has value. With your explicit consent, we will selectively use your information to bring services, products and offers that we believe are of genuine relevance and interest to you. This Data Privacy Notice (Notice) is an important document. Please read it carefully. If you would like a printed copy, please contact us and we will send you a copy.
This notice applies to all our products and services. We will also provide you with additional information specific to a particular product or service if we use your personal data in a different way.
You have significant rights in relation to the processing of your personal data, including the right to object to the processing of your personal data where that processing is carried out for our legitimate interests.
We are committed to managing your personal data only in a manner that complies with applicable legislation. If you want to know more about how we gather, store, share or use your personal data, or if you want to make changes to the personal data that we store on your behalf, please contact us.
We want to be clear with you about
- Introduction
- Who we are
- The information we collect about you
- When and how we collect information about you
- How we use your information
- How and when we use automated processing or “analytics”
- Who we share your information with
- How long we hold your information
- Implications of not providing information
- The legal basis for using your information
- Where your information is stored
- How to exercise your information rights including the right to object
- How to contact us and/or the Data Protection Commission
- Changes to this notice
2. Who we are
Throughout this Notice, ‘we’, ‘us’, ‘our’ and ‘ours’ refer to New Ireland which also trades under the name and style of Bank of Ireland Life. New Ireland/Bank of Ireland Life is a member of the Bank of Ireland Group.
Who we are
Registered Office: 87–89 Pembroke Road, Ballsbridge, Dublin 4, D04 X738
Registered Number: 7336
Frequently used trading names of New Ireland Assurance Company plc include “New Ireland”, “New Ireland Assurance” and “Bank of Ireland Life”.“Bank of Ireland Group” means: all members of the Bank of Ireland Group whose holding company is Bank of Ireland Group plc which is incorporated in Ireland with Limited Liability
Registered Office: 2 College Green, Dublin, D02 VR66
Registered Number: 593672
Members of the Bank of Ireland Group (the “Group”) include:
Bank of Ireland, Bank of Ireland Mortgage Bank, Bank of Ireland Insurance Services Limited and Bank of Ireland Life, which is a trading name of New Ireland Assurance Company plc. Your product or service terms and conditions will specify which member(s) of the Bank of Ireland Group is providing the relevant product or service.
3. The information we collect about you
The information we collect about you
Gathering and processing your personal data allows us to look after and to service the contract (policy) you have with us or are included in. Legislation and various codes of conduct require us to gather additional information from and about you. For example, we gather documentation to prove your identity and validate your address to comply with anti-money laundering legislation. We use this information to create a better understanding of all our customers, and to help us to meet changing needs. Having this information also allows us, where you have provided us with your explicit consent to do so, to update you about new offers or services that might be of interest.
The information we collect falls into various categories.
Identity & contact information
Financial details/circumstance
Marital status and/or financial association
Information about you provided by others
Health and Medical information
For example, where a life or income protection insurance is applied for, we request details of your health and medical data, so that we may offer a policy and calculate the premium to charge or we can require this information to assess and pay a claim. We do not request information relating to any criminal convictions or offences, however if disclosed by you in the course of a health assessment this information may be used in the context of your health and medical data, to make an underwriting decision.
Information which you have consented to us using
- Where you have explicitly consented, we and other third parties will use your information for marketing purposes.
- Information from online activities.
- We collect information about your internet activity using technology known as cookies, which can be controlled through internet browsers. Details of how and why we use cookies are provided in the Cookies section of our website.
- Your internet browser settings or otherwise Internet Protocol (IP) and other relevant information to help us identify your geographic location when providing you with our services.
Other personal information including:
- Telephone and image recordings (for example to allow us to carry out anti-moneylaundering checks, to allow you give us instructions by phone, to analyse, assess and improve our services to our customers and for training and quality purposes.
- CCTV images and facial recognition at our offices (but only for security reasons and to help prevent fraud or crime).
- Information in relation to data access, correction, restriction, deletion, porting request and complaints.
Sometimes we collect and use your information even though you are not a customer of ours.
For example you may be a beneficiary, member of an occupational pension scheme, or representative of one of our customers, or you may be in the process of applying for a New Ireland product or service. In other cases, your own circumstances will have a material impact on the ability of our customer to perform their own obligations to us, and we will need to consider these. If so, we will apply the principles outlined in this Data Privacy Notice when we are dealing with your information.
4. When and how we collect information about you
When and how we collect information about you.
We collect information you give us, information from your use of our products and services and information we get from third parties.
We collect information about you:
- When you ask us to provide you with certain products and services, or if a product is applied for where your information is necessary. For example, certain insurance products require us to collect relevant health information from and about you.
- When you use our website and online services provided by us (including mobile applications) and visit our offices.
- When you or others give us information verbally or in writing, or if you make a complaint. This information can be on application forms, in records of your transactions with us and/or if you make a complaint.
- When you use our products or services, including making transactions on your policy, we gather details about who you pay money to, how much the payments are for and when the payments are made.
- From information publicly available about you. For example, in trade directories, on online forums, websites, Facebook, Twitter, YouTube and other social media. This information helps us to better understand your financial needs and helps us find out if specific products or services are suitable for you or can be recommended to you. This information may also assist us in processing claims.
- From your online activities with third parties where you have given us your consent.
For example, by consenting to our use of certain cookies or other location tracking technologies. - From fraud prevention agencies or public agencies such as the Companies Registration Office or judgement registries.
If you apply for or hold a financial product in joint names, you should not give personal information about someone else, for example as a joint applicant or dependant, without their permission.
5. How we use your information
We use your information:
To provide our products and services to you and perform our contract with you, or in respect of you.
To provide our products and services to you, or in respect of you, and perform the contract we use your information, including where relevant special category data e.g. data relating to your health, to:
- Establish your eligibility and acceptance for our products and services.
- Manage and administer your accounts, policies, benefits or other products and services that we or, where you have consented, our partners provide you. For example, if you have a mortgage protection policy with us, we need to share information with other parties, such as your mortgage provider and your bank.
- Process the application for insurance or financial services.
- Carry out reviews, including automated decision processes (which can have a legal or similarly significant effect on you). We do this when you apply for a policy and keep a record of the review, even if the application does not go ahead.
- Process payments that are paid to you or by you. For example, if you pay by direct debit, we will share transaction details with your payment service provider (for example, Bank of Ireland, etc.).
- Contact you by post, phone, text message, email, social media, fax, using our online website or other means, but not in a way contrary to your instructions to us or contrary to law.
- Monitor and record our conversations when we speak on the telephone.
- Recover debts you have with us.
- Manage and respond to a complaint or appeal.
When you apply to us for insurance and/or make a claim.
- We will pass your details to the insurance intermediary, reinsurer, medical professional and/or claims agent.
- We can request information relating to your health for underwriting and claims administration purposes. This information can be obtained by, or shared with, medical screening companies and claims handlers, as well as medical professionals.
- We disclose your information within our Group of companies, to our agents and other insurers and third parties for administration, regulatory, customer care and service purposes and to investigate or prevent fraud.
When you take out a joint policy or product.
To manage our business for our legitimate interests, subject to us not over-riding your interests or fundamental rights and freedoms.
To manage our business we use your information to:
- Carry out credit management activities, including collecting and enforcing debts and arrears, which can involve engaging agencies to trace you (for example, where the address you have provided is no longer accurate and we need to provide you with legal documentation).
- Provide service information, to improve our service quality and for training purposes.
- Conduct marketing activities, including running competitions and promotions research, analytics and related activities where you have consented to such use.
- Gather your information to assess the quality of service we provide you.
- Risk management, strategic planning and business portfolio management.
- Compile and process your information for audit, statistical or research purposes (including, in particular instances, making your data anonymous) to help us understand trends in our customer behaviour and to understand our risks better, including for providing management information, operational and data risk management.
- Carry out long-term statistical modelling, provided that such modelling does not directly affect any decision we make about you.
- Test and maintain our systems.
- Financially assess the performance of the business in line with reporting requirements and internal business assessment metrics.
- Assist in compliance with our legal obligations in connection with the prevention of money laundering and terrorist financing. For example, to screen for suspicious transactions.
- Protect our business, reputation, resources and equipment, manage network and information security (for example, developing, testing and auditing our websites and other systems, dealing with accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services), and prevent and detect fraud, dishonesty and other crimes (for example, to prevent someone trying to steal your identity). We also use CCTV at our premises.
- Manage and administer our own and the Group’s legal and compliance affairs, including complying with regulatory guidance and mandatory or voluntary codes of practice to which we have committed.
- Enable us and Group members to share or access your information for internal administrative purposes, audit, prudential, statistical or research purposes (including making your data anonymous) to help us understand trends in customer behaviour, for helping us to understand our risks better and for the purposes set out in this Privacy Notice (but not for the purposes of marketing where you have not consented to this).
- Assist our Group to buy or sell assets. Members of the Bank of Ireland Group may in the future wish to sell, transfer or merge part or all of its business or assets or to buy a new business or the assets of another business or enter into a merger with another business. If so, we may disclose your personal information under strict duties of confidentiality to a potential buyer, transferee, merger partner or seller and their advisers, so long as they agree to keep it confidential and to use it only to consider the transaction. If the transaction goes ahead, the buyers, transferee or merger partner can use or disclose your personal information in the same way as set out in this notice.
- To facilitate potential or actual transfers of a product provided to you or in connection with a securitisation.
- To transmit your details within the Group and to third parties for internal administrative purposes, including the processing of your personal data, subject to having appropriate safeguards, including contractual provisions, in place.
To comply with our legal and regulatory obligations.
We need to use your information to comply with legal obligations including:
- Complying with your data rights.
- Providing you with statutory and regulatory information and statements.
- Establishing your identity, residence and tax status in order to comply with law and regulation concerning taxation and the prevention of money laundering, fraud and terrorist financing. We are required by law to screen applications that are made to us to ensure we are complying with the international fight against terrorism and other criminal activities. As a result, we need to disclose information to government and other statutory bodies.
- Preparing returns to regulators and relevant authorities, including preparing income tax, capital gains tax, capital acquisition tax and other Revenue returns.
- Reporting to and, where relevant, conducting searches on industry registers.
- Complying with binding requests from regulatory bodies including the Central Bank of Ireland.
- Complying with binding production orders or search warrants, orders relating to requests for mutual legal assistance in criminal matters received from foreign law enforcement agencies/ prosecutors.
- For other reasons where a statutory basis exists we do so, including use of your Personal Public Service (PPS) number.
- Complying with court orders arising in civil or criminal proceedings.
Where you have given us consent (which you can withdraw at any time).
Where you have given us your consent including explicit consent (which you can withdraw at any time) we can:
- Send electronic messages to you about product and service offers from our Group.
- Share your data with third parties for electronic messaging purposes.
- Use cookies
- Use your data for marketing purposes
- Use your data to facilitate solely automated decisions that have a legal or similarly significant effect (for example, to approve or reject an application for a policy).
- In circumstances where you purchase your policy/product through the Bank of Ireland Group share your personal data with the Bank of Ireland Group to form a single view of your entire relationship with the Group. This will enable us to better manage and develop our relationship and provide you with the best possible customer experience.
Note: Withdrawal of your consent will not affect the lawfulness of any processing carried out while it was in place.
6. How and when we use automated processing or “analytics”
How and when we use automated processing or “analytics”
When you apply for an insurance product or service from us (for example, a life assurance protection policy) we conduct the following activities which can involve automated (computer-based) decision making:
- underwriting and
- determining the applicable premiums.
The process calculates the risks based on the information you have provided. This will be used to determine whether we can provide you with an insurance policy, and if so, calculate the premium you will have to pay.
The results of these automated decision making processes can limit the products and services we are able to provide you with. If you do not agree with the result, you have the right to request human intervention to allow you to express your point of view and to contest the decision.
The types and sources of the information we use about you are listed in section 3. The information we collect about you.
Using this data in our processing helps us to determine whether or not you are eligible to take out the financial product you are applying for.
We make decisions based on our analysis of your information.
- We can decide whether or not to offer you a financial service, for example, a pension or protection policy.
- We calculate the premium rate that we need to charge on a product to reflect the risk of insuring you. For example, although your policy may be within acceptable risk guidelines, there may be a higher risk (compared to another customer) that you might suffer an illness. If this happens, our analysis of your data may tell us that a higher premium rate is appropriate compared to another customer to reflect that increased risk.
- We also use your information to decide the type of financial service suitable for you, or to decide other terms. For example, the minimum or maximum amount of life insurance you need.
The logic behind these decisions.
We need to use risk rating before we offer protection products or services you have asked for
- When you apply for a protection policy, an automated underwriting system can be used when considering whether to insure you.
- Underwriting is a method of assessing the likelihood of you claiming under the policy based on a range of data, including your age, health, lifestyle and other factors. It is a system widely used by insurance providers to help make fair and informed underwriting decisions to determine how much insurance cover can be offered and the premium payable and acceptance terms of that cover.
- Underwriting generally takes account of information from a number of sources, including the information you provide during your application, information provided by medical practitioners and information that is already held about you by New Ireland. Underwriting will consider Information from these sources, to make an overall assessment of your application.
- The underwriting rules used are regularly revised to ensure they remain fair, effective and unbiased. Underwriting helps us to insure responsibly. If you submit an application and it is declined through this automated process, you can contact us to have the decision reconsidered. You also have the right to ask that the decision is not made based solely using an automated underwriting rules engine system.
Automated Processes
These automated processes also help us to meet our legal obligations in connection to the prevention of money laundering, fraud and terrorist financing. Where you have given us your consent (which you can withdraw at any time) we can collect information about how you use our products and services. This can include information such as details of payments you made or received and/or information about your health and lifestyle you have provided us. Information you provide us in our office, on the telephone, via digital channels and/or social media can be combined with information obtained from third parties such as joint policy holders, reference agencies and fraud prevention agencies to provide us with a single view of you.
If you give us personal information about other people (such as dependants or joint policy holders), you should make sure you have their permission to do so.
Improving our services – Analytics
We constantly seek to better understand and meet your needs. We can analyse your information to:
- Improve our understanding of your needs and develop our relationship with you.
- Improve the quality of products and services we can offer you.
- Facilitate the development of personalised information and promotions
- Reward you for your business
For example, where you have given us permission to do so, we can use:
- Your information to communicate with you about products and services that we consider are relevant to you,
- Information you have made public and combine this with the activities outlined above. For example we may offer you a discount on insurance or money off vouchers from retailers or simply a cup of coffee just before payday……….when you’d appreciate it most!
You can let us know at any time and free of charge, if you would like us to stop using your data in this way by emailing us, calling in or writing to us.
7. Who we share your information with
There’s a number of individuals and companies with whom we share your information, but only as necessary and in accordance with applicable Data Protection rules.
We can share your information with:
- Your authorised representatives, including your broker/retail intermediary, attorney and any other party authorised by you to receive your personal data.
- Companies in the Bank of Ireland Group in order to enable us to better manage our business e.g. to provide us with combat money laundering services etc.
- Service providers who provide us support services. These include marketing and market research companies, analytics companies, investment companies, IT and telecommunication service providers, software development contractors, data processors, computer maintenance contractors, printing companies, property contractors, document storage and destruction companies, archiving services suppliers, debt collection and tracing agencies, reinsurance companies, medical professionals, claims handlers, consultants and advisors including legal advisors and third party administrators.
Note: We only permit service providers to use your information in accordance with our instructions, and we ensure that they have appropriate measures in place to protect your information. - Third parties with whom we share your information at your request, such as your employer, other life assurance companies and pension providers.
- Statutory and regulatory bodies. These include the courts and those appointed by the courts, government departments, statutory and regulatory bodies in all jurisdictions where New Ireland and/or the Bank of Ireland Group operates including: the Central Bank of Ireland, the Office of the Data Protection Commissioner, Financial Services and Pensions Ombudsman, Pensions Authority, An Garda Síochána/police authorities/enforcement agencies, Revenue Commissioners, Criminal Assets Bureau, US, EU and other designated authorities in connection with combating financial and other serious crime.
- Third parties in connection with a sale or purchase of assets by a member of our Group. For example parties who are interested in or participating in buying or selling, (including by way of a loan assignment/transfer and securitisation scheme, collateralisation scheme or any other funding arrangement). This also includes the transfer of information to NTMA, its agents, appointees and related entities.
- Payment facilitators and other financial institutions, such as SWIFT, MoneyGram, banks and building societies.
- Courts and court-appointed persons/entities.
- Receivers, liquidators, examiners, official Assignee for Bankruptcy and equivalent in other jurisdictions, debt collection agencies, budgeting and advice agencies and tracing agencies.
- National Treasury Management Agency (NTMA) and its agents or other parties designated by or agreed with NTMA or designated under the relevant legislation.
- Trade associations such as Insurance Ireland and professional bodies, non-statutory bodies.
- Business associates and other advisers.
- Employers.
- Pension fund administrators and pensions trustees.
- Police forces and security organisations, ombudsmen and regulatory authorities, as well as fraud-prevention agencies.
- Insurers/re-insurers and insurance intermediaries. Including, but not limited to, Swiss Re, General Reinsurance AG, Munich Reinsurance Company, Partner Reinsurance Company Ltd., SCOR, Pacific LifeCorp, Hannover, Legal & General Assurance Society Ltd., Legal & General Reinsurance Company Ltd. and Athora Re
- Healthcare professionals and medical consultants.
- Business partners, auditors, and joint ventures we, our business partners or joint ventures will tell you about any such sharing of your information.
- Policy owners (where you are the life assured), to facilitate performance of the contract.
- Lives assured (where you are the policy owner) to facilitate the performance of the contract.
8. How long we hold your information
The length of time we hold your data depends on a number of factors, such as regulatory rules and the type of financial product we have provided to you.
The factors include:
- The regulatory rules set by authorities like the Central Bank of Ireland and the Data Protection Commission, etc.
- Any statutory obligations we are subject to, including the Pensions Act 1990 and the Unclaimed Life Assurance Policies Act 2003 etc.
- The type of financial product we have provided to you.
- Whether you and/or us are in a legal or other type of dispute with another person or each other.
- The type of data we hold about you
- Whether you or a regulatory authority asks us to keep it for a valid reason.
- Whether we use your data for long term statistical modelling, provided that such modelling does not affect any decision we make about you.
As a general rule, we keep your information for a specified period of time from the date of when your contract ceases and/or you cease to be a customer. Typically this period is 7 years, however it may be held for a longer or shorter period depending on a number of factors, including
- the type data,
- the purpose for which is was collected,
- regulatory rules, and
- the type of product we have provided.
9. Implications of not providing information
We need your information in order to:
- Provide our products and services to you, or in respect of you
- Fulfil our contract with you
- Comply with our legal obligations
- Manage our business for our legitimate interests
Of course, you can choose not to share your information, but doing so will limit the services we are able to provide to you, or in respect of you. We will not be able to provide you with certain products and services that you request.
- We will not be able to provide you with certain products and services that you request.
- We will not be able to continue to provide you with or renew existing products and services.
- We will not be able to assess your suitability for a product or service, or, where relevant, give you a recommendation to provide you with a financial product or service.
When we request information, we will tell you if providing it is a contractual requirement or not, and whether or not we need it to comply with our legal obligations.
10. The legal basis for using your information
We will use your data and share that data where:
- Its use is necessary in relation to a service or a contract that you have entered into or because you have asked for something to be done so you can enter into a contract with us.
- Its use is necessary because of a legal obligation that applies to us (except an obligation imposed by a contract). An example of this would be us sharing your information with the Revenue Commissioners in the case of a pension or life assurance policy.
- You have consented or explicitly consented to the using of your data in a specific way.
- Its use is necessary to protect your “vital interests”. This will only arise in exceptional circumstances where we will use and/or disclose information about you to identify, locate and protect you, for example, if it comes to our attention that you are in imminent physical danger and this information is requested by An Garda Síochána or your relative.
- Its use is in accordance with our legitimate interests e.g. to manage our business, subject to those interests not over-riding your fundamental rights and freedoms.
- The processing is necessary and proportionate for the purposes of a policy of insurance or life assurance
11. Where your information is stored
Where your information is stored
Your information is stored on systems within New Ireland’s and the Group’s premises and with providers of information storage (Including Cloud Storage Providers). We transfer information about you and your products and services with us to our service providers and other organisations, a number of which are outside the European Economic Area (EEA), but only if they agree to act solely on our instructions and protect your information to the same standard that applies in the EEA.
For example, we process payments using third parties (including other financial institutions such as banks and worldwide payments system) if, for example, we make a foreign payment to you. Those external organisations will process and store your personal information abroad and can have to disclose it to foreign authorities to help them in their fight against crime and terrorism.
How we use companies to process your information outside the European Economic Area (EEA).
A number of our service providers, for example IT, telecommunication, payment processors, reinsurers, tracing agents and contractors are based outside of the EEA. Where we authorise the processing/transfer of your personal information outside of the EEA we require your personal information to be protected to at least Irish standards and include the following data protection transfer mechanisms.
- Copies of New Ireland’s current Model Clauses are available free of charge by contacting us. These are standard clauses in our contracts with our service providers to ensure that any personal data leaving the EEA will be transferred in compliance with EU data-protection law.
12. How to exercise your information rights including the right to object
Providing and holding personal information comes with significant rights on your part and significant obligations on ours.
You have several rights in relation to how we use your information:
- Find out if we use your information, to access your information and to receive copies of the information we have about you.
- Request that inaccurate information is corrected and incomplete information updated.
- Object to particular uses of your personal data for our legitimate business interests. However, doing so will have an impact on the services and products we can / are willing to provide.
- Object to use of your personal data for direct marketing purposes. If you object to this use we will stop using your data for direct marketing purposes.
- Have your data deleted or its use restricted – you have a right to this under certain circumstances. For example, where you withdraw consent you gave us previously and there is no other legal basis for us to retain it, or where you object to our use of your personal information for particular legitimate business interests.
- Transfer your information to another provider, known as the right to data portability.
- Withdraw consent at any time, where any processing is based on consent. If you withdraw your consent, it will not affect the lawfulness of processing based on consent before its withdrawal.
We will endeavour to respond to you as soon as we can. If we are unable to deal with your request fully within a month (due to the complexity or number of requests), we may extend this period by a further two months. Should this be necessary, we will explain the reasons why.
Note: If you make your request electronically, we will, where possible, provide the relevant information electronically unless you ask us otherwise.
You also have the right to complain to the Data Protection Commission or another supervisory authority.
13. How to contact us and/or the Data Protection Commission
You have the right to complain to the Data Protection Commission or another supervisory authority. You can find details of how to contact the Data Protection Commission below and on their website www.dataprotection.ie
Fax: +353 57 868 4757
E-mail: info@dataprotection.ie
Postal Address: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28
How to contact us and/or our Data Protection Officer
If you have questions about how your information is gathered, stored, shared or used, or if you wish to exercise any of your data rights please email dsrteam@newireland.ie.
To facilitate providing an accurate response, please provide as much detail as possible on your request, including, if applicable, the relevant policy numbers, the documentation you require, and/or the relevant period of time.
You can contact our Data Protection Officer online at dataprotection@newireland.ie or by post at:
For New Ireland customers
New Ireland Assurance
87–89 Pembroke Road, Ballsbridge, Dublin 4, D04 X738
info@newireland.ie
01 523 9810
For Bank of Ireland Life customers
Bank of Ireland Life
87–89 Pembroke Road, Ballsbridge, Dublin 4, D04 X738
info@bankofirelandlife.ie
01 703 9537
Incoming and outgoing calls may be recorded for service, verification, analysis and training purposes.
14. Changes to this Notice
We will update this Data Privacy Notice from time to time. Any changes will be made available on our website and, where appropriate, notified to you by SMS, e-mail or when you log onto our online customer portal or one of our mobile apps.
Last updated 02 January 2024.