Privacy Statement

 

John A. O’Sullivan Insurances Ltd T/A O’Sullivan Insurances is committed to protecting and respecting your privacy.

 

It is the intention of this privacy statement to explain to you the information practices of John A. O’Sullivan Insurances Ltd T/A O’Sullivan Insurances in relation to the information we collect about you and other users.

 

For the purposes of the GDPR the data controller is:

  • John A. O’Sullivan Insurances Ltd T/A O’Sullivan Insurances
  • 39 Mitchell Street, Clonmel Co. Tipperary. Phone no: 052 6121644. Email: info@osib.ie

Please read this Statement carefully as this sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

 

Who are we?

John A. O’Sullivan Insurances Ltd T/A O’Sullivan Insurances, 39 Mitchel St, Clonmel, Co. Tipperary was formed in 1978 by John O’Sullivan LLB QFA RPA. Our aim is to provide our customers with a professional and personal service at all times.

 

We provide insurance in the following areas: 

  • Car Insurance
  • House Insurance
  • Business Insurance
  • Commercial Vehicle Insurance
  • Van Insurance
  • Farm Insurance
  • Life Insurance
  • Pensions and Retirement Planning
  • Property Insurance
  • Personal Accident
  • Public Liability
  • Employers Liability

We are a long standing member of Brokers Ireland and Life Insurance Association and Brokerline Direct. We are regulated by The Central Bank of Ireland.

Our Data Protection Officer / GDPR Owner and data protection representatives can be contacted directly here:

  • Donna O’Sullivan
  • dosullivan@osib.ie
  • 052 6121644

 

PURPOSE FOR PROCESSING YOUR DATA

 

Why do O’Sullivan Insurances need to collect and store personal data?

We collect your personal details in order to provide the highest standard of service to you. Your data is required in order for us to provide you with insurance products and financial services. We also need to collect personal data to obtain correct quotations and to ensure that we provide you with accurate advice and that the most appropriate insurance cover is put in place. We will only keep your data for as long is necessary as per our retention policy. We take great care with the information provided; taking steps to keep it secure and to ensure it is used only for legitimate purposes.  It is your responsibility to obtain consent from the other people named on your policy before sharing their sensitive information with us.

To fulfil these objectives we may share information with other affiliated professionals. The information and other data provided to our office may be used to advise you of products and services we may offer from time to time. We will get your explicit consent for this prior to send any marketing materials to you.

Our firm endeavours to comply with the requirements of the General Data Protection Regulation 2018 and the Irish Data Protection Act 2018.

Our firm is committed to protecting and respecting your privacy. We wish to be transparent on how we process your data and show you that we are accountable with the GDPR in relation to not only processing your data but ensuring you understand your rights as a client.

The data will be processed only in ways compatible with the purposes for which it was given and as outlined in our Privacy Policy, this is readily available to all our clients.

Our customers have the right at any time to request a copy of any ‘personal data’ within the meaning of the Data Protection Act 1988 (as amended or re-enacted from time to time) that our office holds about them and to have any inaccuracies in that information corrected.

In any event, we are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy.

In terms of being contacted for marketing purposes O’Sullivan Insurances will contact you for additional consent.

 

How will O’Sullivan Insurances use the personal data it collects about me?

O’Sullivan Insurances will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary.

O’Sullivan Insurances is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.

 

Under what circumstances will O’Sullivan Insurances contact me?

Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure. We will contact you at your renewal date for your general insurance policies. We will contact you for financial reviews for your financial services policies. We will not be excessive in contacting you, our contact will be strictly legitimate and not intrusive.

 

Why we are processing your data? Our legal basis.

Our reason and purpose for processing your personal data is:

  • We have your consent
  • We collect Personal Information from you when you obtain a quotation or apply online for one of the products which we offer.
  • We use your Personal Information to generate quotations for the products which we offer.
  • We use your Personal Information to prepare applications and proposals for the products which we offer.
  • We record visits to our website and use browser cookies in order to monitor your progress through our site although we do not store your personal data in browser cookies.
  • If you give us your credit card details then we will process payments using SSL security but we will not keep a record of your card details on our servers.
  • We use your Personal Information to send you offers for products, assuming you have given us your permission to do so.
  • We need to process your data to complete the performance of a contract where you, the data subject is a party.  O’Sullivan Insurances processes data without consent in order to fulfil contractual obligations [such as bank details to process salaries, postal address in order to supply products and services, etc.].
  • When there is a legal obligation that needs to be met.
  • To protect the vital interests of the data subject, including the protection of rights and freedoms
  • For processing reasons that are in the public interest
  • When necessary for the legitimate interests of the data controller or third party, unless the processing is overridden by the vital interests, including rights and freedoms
  • When it is a requirement of national law.

 

Special Categories of personal data

If we collect any special categories of personal data (e.g. health, religious beliefs, racial, ethic origin – financial information is not classified as special categories of personal data) – we will ensure the below

  • we will obtain your explicit consent
  • ensure the personal data is necessary for employment rights or obligations;
  • protect the vital interests of the data subject, including the protection of rights and freedoms;
  • necessary for the legitimate activities with appropriate safeguards;
  • personal data made public by the data subject;
  • legal claims;
  • substantial public interest;
  • preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, provision of health or social care treatment, or management of health and social care systems and services, under the basis that appropriate contracts with health professionals and safeguards are in place;
  • public health, ensuring appropriate safeguards are in place for the protection of rights and freedoms of the data subject, or professional secrecy;
  • national laws in terms of processing genetic, biometric or health data.

 

Who are we sharing your data with?

We may pass your personal data on to third-party service providers contracted to O’Sullivan Insurances in the course of dealing with you. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfill the service they provide on your behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with the correct regulatory procedures. If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your consent, unless we are legally required to do otherwise.

When providing our services to you, we can share your information with:

  • your authorised representatives e.g. persons making an enquiry with your approval or a complaint
  • third parties (with whom we need to share your information to facilitate payments you have requested, or those you ask us to share your information with)
  • Insurance Companies to enable us better manage our business
  • service providers who provide us with support services
  • statutory and regulatory bodies police forces and security organisations, ombudsmen and regulatory authorities
  • business partners, auditors and joint ventures
  • trade associations and professional bodies, non-statutory bodies
  • employers
  • pension fund administrators, trustees of collective investment undertakings, pension trustees, re-insurers, and insurance intermediaries
  • healthcare professionals and medical consultants

 

Where your information is stored

Your information is stored on systems within O’Sullivan Insurances and our  premises and with providers of information storage. In some cases, we transfer information about you and your products and services with us to our service providers and other organisations outside the European Economic Area (EEA). We always take steps to ensure that any transfer of information outside of the EEA is carefully managed to protect your privacy rights. Further details are available in our Data Privacy Notice, which you can access in our office or by telephone.

 

Data Subjects Rights:

We at O’Sullivan Insurances facilitate the data subject’s rights in line with our data protection policy and our subject access request procedure. This is available on request, please contact dosullivan@osib.ie. 

 

  • Right of access– you have the right to request a copy of the information that we hold about you.
  • Right of rectification– you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten– in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing– where certain conditions apply to have a right to restrict the processing.
  • Right of portability– you have the right to have the data we hold about you transferred to another organisation.
  • Right to object– you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling– you also have the right to be subject to the legal effects of automated processing or profiling.
  • Right to judicial review:in the event that Organisation Name refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain.

All of the above requests will be forwarded on should there be a third party involved as we have indicated in the processing of your personal data.

 

Additional information we are providing you with to ensure we are transparent and fair with our processing

 

Retention of your personal data

Data will not be held for longer than is necessary for the purpose(s) for which they were obtained. O’Sullivan Insurances will process personal data in accordance with our retention schedule. This retention schedule has been governed by our regulatory body  (Central Bank, Revenue ) and our internal governance.

In the event that you wish to make a complaint about how your personal data is being processed by O’Sullivan Insurances, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and O’Sullivan Insurance’s data protection representatives Data Protection Officer / GDPR Owner

If we are collecting your data for a statutory requirement (payroll) or to fulfill a contract (life policy or motor insurance policy) and you cannot provide this data the consequences of this could mean the contract cannot be completed or details are incorrect.

 

Profiling – automatic decision making

O’Sullivan Insurances used automated decision making in order to process insurances quotations on our customers behalf. We also use automated profiling when assessing risk appetite for our customers for investment policies.

The scope of the definition of Profiling is wide enough to capture almost any analysis of an individual carried out by automated (electronic) means and in the insurance industry, this includes any underwriting processes which are performed electronically, rather than by a human being.  Underwriting will also constitute Automated-Decision Making given that it results in a quote being decided. An individual has the right to know that its automated, i.e. that there’s no human involvement, to know in general terms the logic used and how this affects the outcome and has the right to have the quote reviewed by a sufficiently senior staff member.

A customer when looking for a quote or an indicative quote on-line has the right to the following:-

(i) To be informed that an Automated Decision-Making process is involved;

(ii) To be informed that the quote is generated using the data provided by that individual and applied to an internal logic or set of criteria;

(iii) To be informed in general terms of how that internal logic or set of criteria determines the quote, so for example the more penalty points on the individual’s driving licence the higher the premium quoted for motor insurance; and

(iv) Following the quote, the right to have that quote reviewed by a sufficiently senior member of staff.

 

Automated decision making and profiling are two separate, but often interlinked concepts.

  • Profilingis a form of automated processing of personal data used to analyse or predict matters relating to an individual. For example analysing an individual’s performance at work, financial status, health, interests or location.
  • Automated decision makingis the ability to make decisions without human involvement. In practice, profiling can often be a precursor to automated decision making.

Profiling and automated decision making can be used in three ways:

  • General profiling– where individuals are segmented into different groups, based on data analysis
  • Decision-making based on profiling– where a human makes a decision based on profiling
  • Solely automated decision making– where an algorithm makes a decision, with no human intervention

 

General prohibition on certain types of automated decision making

Under Article 22(1) of the GDPR, decisions based solely on automated decision making which produces legal effects or similarly significantly affects an individual are prohibited unless:

  • It is necessary for the performance of or entering into a contract;
  • It is authorised by law; or
  • It is based on the data subject’s explicit consent

Automated decision making that involves special categories of personal data, such as information about health, sexuality, and religious beliefs, is only permitted where it is carried out on the basis of explicit consent or where it is necessary for reasons of substantial public interest, such as fraud prevention and operating an insurance business.

Necessity is interpreted narrowly, and organisations must be able to show that it is not possible to use less intrusive means to achieve the same goal.

Further regulatory guidance on what constitutes “explicit” consent is expected in due course. As with general consent under the GDPR, any consent must be freely given, unambiguous, specific and informed.

 

Additional Processing

If we intend to further process your personal data for a purpose other than for which the data was collected, we will provide this information prior to processing this data.

 

 

Responsibilities

The Data Protection Officer/GDPR Owner is responsible for ensuring that the privacy notice(s) is correct and that mechanisms exist such as having the Privacy Notice(s) on O’Sullivan Insurances website to make all data subjects aware of the contents of this notice prior O’Sullivan Insurances commencing collection of their data.

We take the security of your personal information seriously.  We have taken all reasonable steps, including appropriate security and technical measures, to protect your data.  However, the nature of the Internet is such that we cannot guarantee or warrant the security of any information you transmit to us via the Internet, and you acknowledge this in your access and use of the internet.

We train our employees with access to your information that it is to be used only in adherence with our Privacy Statement and the Data Protection laws applicable.  Employees who contravene this will be subject to disciplinary action.

 

Questions Regarding the Privacy Statement and Conditions of Use

If you have any questions about our Privacy Statement and Conditions of Use, or any concern about privacy at O’Sullivan Insurances or the use of this Site in general, please contact us by e-mail at  dosullivan@osib.ie

 

Changes to this Statement

We reserve the right to modify this Privacy Statement at any time.  If we make any material change, we will update our website to include such change.