Data Protection Summary

 

This document is a summary of the AXA Insurance Data Protection Statement. It contains a brief description of the information you need to understand how we use your data. If you would like more detailed information, please go to axa.ie or axani.co.ukor contact us using the details in Section 1 'General' below.

Notice: While all of the information in this Data Protection Summary is important, certain details have been placed in boxes to highlight them. These boxes contain information that the data protection legislation (known as the General Data Protection Regulation) specifies as being information that should be brought to your attention.

1. General

This document provides a summary of how we will use and protect the personal data we receive.

References to “AXA”, “us”, “our” and “we” mean AXA Holdings Ireland Limited and its subsidiaries, including AXA Insurance dac, and any associated companies from time to time.

It is important that you read our full Data Protection Statement and show it to anyone else who is insured under your policy of insurance, including any named drivers and anyone living at the property insured under your policy, as it also apply to them.

Please make sure that anyone else who is insured under your policy has provided you with consent to provide their personal information to us.

We reserve the right to change this Data Protection Summary and our full Data Protection Statement from time to time at our sole discretion. We encourage you to periodically review the most up to date versions of these documents at axa.ie or axani.co.uk.

Queries and Complaints

If you are unhappy with the way we have handled your personal information or if you want further information about the way your personal data will be used, please contact us by any of the following options:

Data Protection Officer

Compliance Department

AXA Insurance dac

Wolfe Tone House

Wolfe Tone Street

Dublin 1

Telephone: +353 (0)1 471 1812

Email: Compliance@AXA.ie

Alternatively you have the right to lodge a complaint with the Data Protection Commissioner. Their contact details are as follows:

Data Protection Commissioner

Canal House

Station Road

Portarlington

County Laois

Telephone: +353 (0)761 104 8000

Telephone: +353 (0)57 868 4800

Email: info@dataprotection.ie

LoCall Number: 1890 252 231

Fax: +353 57 868 4757

2. Collection

In order to gather the personal data about you (and, if applicable, other people insured under your policy of insurance) we may obtain personal data from various parties, including you, your representatives (if applicable), other insurance companies, third parties involved in an incident which may result in a claim (claimants, witnesses, solicitors, claims specialist service providers), the emergency services, such as the police or ambulance services and from searches (whether online, industry databases, media outlets or otherwise (including credit searches)).

Please do not send us the results of any genetic tests carried out on you or any other person.

3. Use of Information

We mainly use your personal information so that we can provide a quote, set up, administer and manage your policy and to assess and pay claims as part of an insurance contract. However, more specifically, we may use the personal data we gather for any or all of the following purposes:

1. to verify your (or your representative’s) identity;
2. to verify the accuracy of the information we receive;
3. to assess your insurance needs and to assess the nature and level of the risk associated with your proposed insurance policy;
4. to make or receive any payments;
5. to manage and administer your policy;
6. to manage and investigate claims;
7. to provide customer loyalty programmes and value added services;
8. for statistical analyses and the review and improvement of AXA’s products, services and processes;
9. to carry out market research and to improve our processes, products or services;
10. for marketing purposes;
11. for staff training, performance reviews and discipline;
12. for the detection and prevention of fraud, money laundering and other offences, and to assist the police;
13. to manage and investigate any complaints;
14. for reinsurance purposes;
15. AXA Group reporting purposes (where necessary);
16. for storage and to make back-ups of data.
17. for compliance with all relevant laws and regulations; and/or
18. as set out in this Data Protection Summary, our full Data Protection Statement or any other data protection statement, policy booklet, website, app terms and conditions or other documentation provided to you.

Legal Basis for processing:

The legal bases we rely on for using your personal data for each of the above purposes are as follows:

Legal Bases	Purposes (letters correspond to the table above)
The processing is necessary for compliance with a legal obligation to which the controller is subject:	a, c, d, e, f, k, l, m, p and q
The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (including a quote that is not taken up):	b, c, d, e, f, k, m, n and p
The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. AXA’s legitimate interest is:	d. to use your personal data to make certain types of payment that are not required by law or a contract; g. to add value to the AXA product offering; h. to engage in activities to improve and adapt the range of products and services we offer and to help our business grow and to ensure that our systems are effective and efficient; i. to engage in activities to improve and adapt the range of products and services we offer and to help our business grow and to ensure that our systems are effective and efficient; j. to determine the most appropriate message and how best to communicate it with you; l. to investigate and prevent potential fraudulent and other illegal activity; o. the proper running of its business.
The data subject has given consent to the processing of his or her personal data for one or more specific purposes. The sending of marketing material to you is only done in circumstances where you have provided us with your consent in advance:	j
The processing is necessary for the performance of a task carried out in the public interest:	l
Sensitive Categories of Data:	Personal data relating to criminal convictions and offences or related security measures, will only be processed for the above purposes where it is necessary for the assessment of risk or for the prevention of fraud or for the establishment, defence or enforcement of civil claims. Other special categories of data, will only be processed for any of the above purposes by way of explicit consent, where it is necessary for the establishment, exercise or defence of legal claims or where the processing is necessary to protect the vital interests of the data subject or another person where the data subject is physically or legally incapable of giving consent.

Effect of not providing information

If you do not provide the information that we need, we may not be able to offer you a quote or a policy, your premium may be higher than if you had provided it or we may not be able to handle your claim.

4. Sharing of Information

In the course of providing our services to you we may share your personal data with various third parties including:

1. Your representatives (such as a relative, another person insured under your policy or your lawyers);
2. Our representatives (such as our employees, agents and companies that we rely on to provide various services, including telecommunications, data storage, document destruction, fraud detection, credit checking, IT, risk analysis, complaints handling and telematics);
3. In a claims situation: service providers and expert witnesses (including for the assessment of liability, injuries, damage to vehicles and other property; lawyers) who are acting for us or for claimants, witnesses to incidents and, from time to time, private investigators;
4. Other third parties, such as reinsurers, other insurance companies, external advisors and auditors, anti-fraud bodies (for example anti-fraud databases), AXA Group companies and (in limited circumstances) third parties to investigate business opportunities; and
5. State or government departments, bodies or agencies.

International Transfers

On occasion we or a service provider may transmit certain aspects of your personal data outside the European Economic Area. The non-European Economic Area countries to which we currently send personal data include i) Switzerland, ii) the United States of America, iii) Malaysia and iv) Costa Rica.

AXA complies with the law regarding international transfers of data by relying on the European Commission’s standard data protection clauses, Binding Corporate Rules or the decisions of the European Commission stating that certain countries, such as Switzerland, ensure adequate levels of data protection in their law.

If you would like more information about the relevant safeguards involved in international data transfers, please see our full Data Protection Statement or contact us using the details in Section 1 'General' above.

5. Data Collected

As an insurance company we need to collect many categories of personal data (about you and other parties) for the purposes set out in our Data Protection Statement. The following category headings and types of data are a non-exhaustive list of data we collect.

Category	Type of Data Collected
Policy information	Name, address, date of birth, gender, licence details, marketing preferences, payment details, vehicle and property details, driving and claims history, relevant criminal convictions, penalty points, location information (if you have a Drivesave policy), etc.
Information obtained from sources other than you	Penalty points, address look up, geocoding information, vehicle details and history, credit score, website usage information, etc.
Claims information	The circumstances of an incident, health information (injuries and relevant health conditions), relevant criminal convictions, etc.

All of the above information is required for the purposes specified in Section 3 ‘Use of Information’.

6. Retention of Data

How long we keep data is determined by the purposes we use it for, time periods set out in law and the period we need to keep it to defend ourselves against legal action. Generally we keep information for the following periods:

Type of Information	Retention Period
Quote information (where a policy is not taken out)	15 months
Policy information	The life of the policy plus 10 years
Claims information	10 years from when the claim is finalised (settlement, court hearing, withdrawal of claim, etc.)
Claims information – where there is the potential for a child to make a claim	Up to 3 years after the child in question turns 18 years of age

However in some cases we may need to keep personal data longer than the above periods. Examples of these situations include long-running disputes and system back-ups required for disaster recovery. We also retain certain limited personal data beyond the above time periods in order to validate and handle any claims we receive after the statute of limitations has expired (late claims) and any claims we receive where the claimant was not aware of the damage until a long time after it was caused (latent claims). In these circumstances we retain information such as the policyholder’s name, the names of any named drivers, policy start and finish dates and cover details.

For late claims we will hold the data for a period of up to 25 years from the lapse or cancellation date of your policy or from the completion of a claim and for latent claims we will hold the data for up to 60 years from the lapse or cancellation date of your policy. In both cases, the data will be kept apart from our other policy and claims data so that it will only be used in the event that a new claim is made by or against you.

7. Automated Decision-Making

We use automated decisions-making, using information including customer details and claims experience, in the underwriting of your insurance policy. Underwriting is the process by which an insurance company examines, accepts or rejects risks and classifies those selected in order to charge an appropriate premium. We use an algorithm, which uses complex mathematical and actuarial methods of calculating and pooling risk, for insurance underwriting purposes. For more information, please see our full Data Protection Statement or contact us using the details in Section 1 'General' above.

Where we use automated decision making which produces legal effects for you or otherwise significantly affects you, you will have the right to obtain human intervention and to contest and make representations in relation to the decision in question.

8. Your Rights

As a ‘data subject’, you have the rights set out in this section. For more information on each of these rights, please see our full Data Protection Statement or contact us using the details in Section 1 'General' above.

Please send all requests to us (details in Section 1 ‘General’ above) in writing by post or email, together with enough information to allow us to deal with your request. It may take up to 40 days to process your request (this will be reduced to one month from 25th May 2018). If we refuse your request you are entitled to make a complaint to the Office of the Data Protection Commissioner (details in Section 1 ‘General’ above).

1. Right to Withdraw Consent

If we are processing your information on the legal basis of consent, you are entitled to withdraw your consent at any time. For details on how to withdraw your consent for marketing see Section 12 ‘Marketing Information’.

2. Right of Access

You have the right to be given details about the personal data concerning you that we hold and why and how we process that data. You also have the right to obtain a copy of the personal data we hold about you; this is known as a data access request. When you make this type of request, we would ask that you provide us with as much information as possible to assist us in identifying the personal data you want access to.

If you make a data access request please enclose payment of €6.35 / £5 (from 25th May 2018 no fee will be required, unless the request is unjustified or excessive).

3. Right of Rectification

You have the right to require AXA to correct any inaccuracies (including missing details) in the information we hold about you. We would welcome any corrections to your information and, in certain cases, it is required by the terms of your insurance policy.

THE FOLLOWING RIGHTS APPLY FROM 25TH MAY 2018:

4. Right of Erasure/Right to be Forgotten

In certain circumstances you have a right to have the personal data concerning you erased. You may only request the deletion of your data in specific situations.

5. Right not to be subject to Automated Individual Decision-Making, including Profiling

In certain circumstances you have a right not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affects you.

Where we use automated decision-making you will always be entitled to have a person review the decision. See Section 7 ‘Automated Decision-Making’ above for more details.

6. Right to Data Portability

You have a right to receive from us the personal data you have provided to us. You may also request that we send this personal data to another data controller (such as another financial services provider).

7. Right to Object

Where we state in this document that we process your personal data on the basis of a legitimate interest (see the Legal Basis table above), you are entitled to object to the processing in question on grounds relating to your particular situation. We will then stop processing the personal data in question unless we can demonstrate compelling legitimate grounds for the processing that override your right or unless we need to use it in a legal claim. For more information on the Right to Object, please see our full Data Protection Statement or contact us using the details in Section 1 'General' above.

8. Right to Restrict Processing of Your Data

You have the right to restrict us from processing your personal data where you feel that it is inaccurate, that we are processing it unlawfully or that we no longer need it or where you have invoked your Right to Object (as set out in Section 8 (vii) above).

9. Specific Service Providers

We would like to draw your attention to some additional information relating to a number of the services we use which involve the processing of your personal data (for more detailed information please, see our full Data Protection Statement or contact us using the details in Section 1 'General' above):

1. Credit searches and use of third party information

We may carry out credit searches (either internally or with third party services) during your application for insurance. We may also pass information we hold about you and your payment record to the third party credit agencies. Where automatic credit scoring is used by us, we will enable you to make representations in relation to the search. We may also carry out searches in Northern Ireland in relation to County Court Judgments, the electoral register and CIFAS anti-fraud databases.

2. Penalty Point and Criminal Conviction Information

AXA may use your driving licence number (and that of any named drivers on your policy) to obtain data on any penalty points (including the number and reasons for same) and any driving convictions you may have.

3. AXA Drivesave

Drivesave is AXA’s telematics product which monitors your driving behaviour through an app on your phone. Not all policies have this feature; please check your Policy Schedule to see if it applies to you. The Drivesave system collects and analyses certain information, including your location, driving speed, acceleration, braking severity and the time, date and duration of trips.

4. Insurance-Link in Republic of Ireland

Insurance-Link is an anti-fraud database containing details of claims made by individuals. When you get a quote, take out a policy or make a claim we may check this database. In claims situations we will also check this database and upload certain data (including name, date of birth and type of injury or loss suffered) to it. If we find any claims we may contact the relevant insurance company for further details and we may also provide details to other insurance companies if they discover a claim made against AXA.

5. Registers in Northern Ireland

The law in Northern Ireland requires that certain personal information about you, your vehicle, your policy and your claims be provided to various state bodies and registers. We and other companies may search these registers from time to time.

10. AXA Plus

AXA Plus is our customer loyalty programme. This service is available to Republic of Ireland customers only. For more information on AXA Plus, please visit axaplus.ie or email us at axaplus@axa.ie.

If you are signed up to this service, we may use personal details such as your name, email address and county of residence to manage your membership of this service, for competitions you enter and to send you our regular e-newsletter. To unsubscribe from the e-newsletter, please click the unsubscribe link in any e-newsletter or visit axaplus.ie/contact/register-unsub.

11. Communication with Customers

We may contact you from time to time in relation to the purposes set out in this Data Protection Summary, which may include policy administration, discussion of renewal terms or quotes already provided to you, claims handling and (where you have given your consent) marketing. For more information, please see our full Data Protection Statement or contact us using the details in Section 1 'General' above.