Data Privacy Notice
What is a privacy notice & why is it important?
We know your personal information is important to you and it is important to Irish Life Health too. This Privacy Notice tells you what we use your personal information for and explains your rights around how we use it. Please read this Privacy Notice to understand how and why we use your personal information.
If you give us personal information about someone else, please make sure you have their permission and please make them aware of this Privacy Notice, as it also applies to them.
What information we collect and why
We use your personal information and the personal information of other members on your plan to provide you with health insurance plans, customer service, to assess and pay claims and to provide related services.
This personal information includes but is not limited to, your name, address, date of birth and contact details. Sensitive personal information including medical information will only be collected as and when needed to provide you with the benefits of your health insurance plan. We will restrict access to and use of sensitive personal information.
Where you have additional adult members insured on your health plan, please note that claims related correspondence in respect of these members may be sent to your address as plan holder.
Please note that if you give us false information or fail to disclose information, we will record this.
We must have a lawful basis to collect and use personal information which is set out below:
Needed for your contract
Personal information about you and other members on your plan may be held and used to:
- recommend the most suitable plan for your needs
- process your application and issue your plan
- provide you with information about your plan
- make and receive payments to you and from you
- provide customer care and service
- contact you to inform you of any relevant actions you may need to take
- administer your plan and pay claims.
We have an automated system in place for Online Day to Day claiming which allows you to submit your claims online and get paid directly into your bank account. You can however, request that a person make the decision on your claim.
We may in certain circumstances share your personal information with other health insurers for the purposes of confirming the level of cover available to you.
Required by law
We use your personal information to comply with law and regulations for example:
- reporting to regulators
- keeping proper books and records
- actuarial claims analysis and risk management to ensure the company stays financially sound
We may in certain circumstances share your personal information with other health insurers for the purposes of verifying your lifetime community rating loading information and determining waiting periods to the extent permitted by law.
We are also required to screen all customers against Financial Sanctions lists and to do this we will use your name, date of birth and address.
If we provide you with advice we are required to complete an analysis of your health insurance needs to recommend a health insurance plan that is suitable for you.
We carry out internal reporting, quality checking, compliance controls and audits to help meet our legal obligations.
If you visit our offices we will record CCTV footage for safety and security reasons. We only hold these recordings temporarily and for longer if we need to for safety and security investigations.
The type of personal information that is required by law may vary in the future and depends on the type of service we provide.
Irish Life Health’s legitimate interest
We use your personal information for our legitimate interests as shown below. We have taken account of any privacy risks and ensured that your data protection rights are not affected. We believe these uses benefit our customers. You can contact us if you have any questions using the details in section 9 of this Privacy Notice.
For customer service training and compliance purposes, we record and monitor calls. We let you know if a call is being recorded at the start of the call so you can decide whether to continue with the call or not.
Sharing with your Insurance Broker
If you choose to take your health insurance out through an insurance broker, we will share your personal information with your insurance broker only as required and this will not include sensitive personal information. This is to keep them up to date on your plan, which allows them to give you a better service.
We combine and group personal information for analysis to help us understand our customers and develop better products and services. We also share this information with Irish Life Group for the same purposes. We use summary information to help promote our products and services.
To help improve the level of service we provide, we may on occasions contact you for participation in consumer satisfaction or research surveys. Your details may be used for these purposes for 12 months after your policy has ended.
We may on occasion look for information from your GP, consultant, hospital or other medical provider regarding any treatment provided to you or other members of the insurance policy. A clinical audit is undertaken to understand the appropriate use of resources and the resulting outcome and quality of life for patients.
Customer Queries and Service Requests
When you send us a query or request a service, such as a call back, we will collect and use the personal details needed to respond to your request.
Customer Verification with Other Companies in the Irish Life Group
We will share a record of plans you hold with us with certain Irish Life Group companies using personal information such as your name and contact details in order to provide real-time access to certain Irish Life Group services you agree to.
With your consent
You need to give consent for us to collect and use personal information for certain uses. You are given the choice to provide consent, or not. When we collect your consent, we will explain what we need it for and how you can change your mind in the future.
We would like to be able to contact you about offers and services from Irish Life Health and our group of companies, separately from your plan communications. We will only send you direct marketing content where we have your consent.
Where you have already indicated a preference, this will remain unless you subsequently contact us to change this.
Mobile App Software Development Kits (SDK):
When you register and use one of our mobile apps, we may use third-party software development kits (“SDKs”) to collect information about how you are using the app. We use information on how you interact with the app to improve the usability of the app and to enable us to track the performance of our advertising. We will ask for your consent to use these when you register for one of our Apps.
Sharing with Other Companies within the Group
If we wish to share your information with other Irish Life Group companies other than as set out elsewhere in section 2 of this privacy notice, we will explain why and seek your consent.
Consent and how to withdraw consent?
If we process your personal information based on consent, you have the right to withdraw that consent at any time. The opt-out methods will depend on how the consent was collected and will be explained when you give us your consent, e.g. you can change your mind using the opt-out link in any direct marketing emails sent to you.
You will also be able to withdraw consent by contacting us directly using the details in section 9 of this Privacy Notice.
How and where do we get your personal information from?
You provide us with your personal information (and the personal information of other members on your policy) directly when you contact us, complete our forms, speak with us or visit our website, social media accounts and mobile apps. For more information on what personal information is collected and used on our website please see our Cookies Policy at https://www.irishlifehealth.ie/privacy-and-legal/cookie-policy
We also get personal information from insurance brokers, solicitors, employers, regulators, GPs, consultants, hospitals or other medical providers as and when required.
Who do we pass your personal information to?
We pass personal information, including personal health information if necessary to:
Companies that act as service providers under contract with us and only process and store your personal information as instructed by us. Your personal information is transferred and held securely and is not used by other parties for any other reason. The categories of services that we use other Data Processors for include: document management, administration, customer services, customer surveys, marketing, financial sanctions list screening, mobile app services and clinical audits of medical providers.
Financial advisors who act as your intermediary to give service and advice on your plan.
GPs/Consultants or Hospitals
In certain instances, we may need to share personal information, including medical or other sensitive personal information, with third parties about you and any other member named on your policy for the purposes of administrating of your plan.
Reinsurers who we have a contract with to underwrite our plans and claims. You can see our current panel of reinsurers at https://www.irishlifehealth.ie/privacy-and-legal/reinsurers
Regulators and the Revenue Commissioners or as needed to comply with regulations and laws.
We pass your personal information to third parties, including other companies within the Irish Life Group where we have a lawful basis to do so.
Where your plan has been set up through your employer, we will share information with them to the extent that is required in order to administer the group scheme.
Do we transfer it outside of the EU?
Your personal information is mainly processed and stored within the EU. However we do pass personal information securely to our parent company Great West LifeCo in Canada.
This is used for screening our customers against financial sanctions lists to comply with relevant legislation.
Where we, or our data processors, transfer your personal information outside the EU, we will take steps to ensure that your personal information is adequately protected and transferred in line with data protection law.
Passing your personal information to certain countries, including Canada, is allowed under an adequacy decision made by the European Commission. This means you have the same standards of protection as you have within the EU. Our parent company, Great-West Lifeco has a legal obligation to maintain a record of this screening.
We process and store data in the UK, which at the date of drafting of this notice, is within the EU. Should the UK leave the EU, we are likely to continue to process and store data in the UK either in line with any agreement reached between the UK and the EU for such process and storing, or under other available legal means permissible for transfer to non-EU countries.
How long do we keep it for?
We keep and use your personal information for as long as you have a health insurance contract with us. We also hold it after this where we are required to do so by law, for example for system back-ups needed for disaster recovery. We may also hold information for longer than this where we have a legitimate basis to do so under Data Protection law.
We will let you know how long we keep personal information for when you avail of a specific service such as a quote or call-back on our website.
What are your rights?
You have a number of rights over your personal information which you can exercise free of charge by contacting us using the details in section 9 of this Privacy Notice. You will need to give us information to help us identify you and we will respond to you within one month. Any restrictions to your rights will be explained in our response.
Right to Information
You have a right to the information set out in this Privacy Notice. The most recent version of our privacy notice will always be accessible on our website at https://www.irishlifehealth.ie/privacy-and-legal/data-privacy-notice
If we make changes to the type of personal information we collect and / or how we use it, we will inform you of the changes. We have controls in place to protect your personal information and minimise the risk of security breaches, however, should any breaches result in a high risk for you, we will inform you without undue delay.
Right to Restrict or Object
You can restrict or object to any unfair and unlawful collection or use of your personal information. You can object to any automated decision making that has a legal or similar significant impact for you and ask for the decision to be made by a person. Where you have previously provided consent, you can withdraw it at any time.
Right to Correct and Update
You can ask us to correct and update personal information we hold about you; to provide you with the best service it is important we have your up to date personal information, such as contact details.
Right to Delete and Be Forgotten
You can have your personal information deleted if it is incorrect or has been processed unfairly or unlawfully.
If you have withdrawn consent you can ask for your personal information to be deleted. We will keep a record of your request so we know why your personal information was deleted.
If we have provided a regulated product or service to you, we must keep your personal information for a minimum period by law.
Right to Access
You have the right to know what personal information we hold about you and to receive a copy of your personal information.
We must tell you:
- why we hold it,
- who we pass it to, including whether we transfer it outside the EU,
- how long we keep it for,
- where we got it from; and
- if we carried out any automated-decisions, and if so, the logic behind it and what it means for you.
This right does not allow you access personal information about anyone else.
To access your personal information please write to us or email us using the contact details in section 9 of this Privacy Notice. To help us respond as quickly as possible please let us know if you are only looking for copies of specific personal information.
Right to Portability
You can ask for a copy of all personal information that you gave us (including through your interactions with us), and which we hold in an automated format. You can receive this in a machine readable format that allows you to keep it.
You may also request Irish Life Health to send this personal information in a machine readable format to another company. The format will depend on our ability to provide this in a secure way that protects your personal information.
How to contact us
You can contact with any questions about your personal information and this privacy notice:
PO Box 13028, Dublin 1
Irish Life Data Protection Officer
Irish Life Health also has a Data Protection Officer that you can contact directly:
Data Protection Officer
Irish Life Health
Block D, E, F
Lower Abbey Street
If you do not think that we have processed your personal information in line with this Privacy Notice, please contact us.
If you are not happy with how we have processed your personal information or handled your privacy rights, you can complain to the Data Protection Commission by contacting them below:
Data Protection Commission
21 Fitzwilliam Square South
+353 (0) 761 104 800
+353 (0) 57 868 4800
**This notice has been updated August 2019