Insurance & Reinsurance Brokers at Lloyd’s
+353 (0) 61 544 422

Privacy Policy

The purpose of this Privacy Policy is to provide to those who are party or may become party to a contract of insurance with White Horse Administration Services Limited, information on how their data is processed and their rights in relation to that data. White Horse Administration Services Limited understands and respects the importance of protecting any personal data provided to us. We will take all reasonably necessary steps to ensure that your data is treated securely and in accordance with this Privacy Policy.

Please read the following information carefully.

Please Note: You are responsible for ensuring that any other people that you are acting on behalf of (such as those included with you on an insurance policy), are aware of the content of this Privacy Policy and you have checked with them that they agree to their personal data being provided to us, on their behalf.

1. Which companies does this policy apply to?

White Horse Administration Services Limited is responsible for personal information that it originally collects from you and acts as data controller for the purposes of data protection law. Read on to find out more…

This Privacy Policy applies to the insurance and associated services provided by White Horse Administration Services Limited and its branch (also referred to as “we”, “us”, or “our”).

We provide some services to our clients as a data processor, which means that the client remains primarily responsible for your information as the data controller. Additional data controllers may include underwriters of your policy or third parties who are responsible for the sale and distribution of insurance products. These third parties will have their own privacy policies and will respond to queries about the use of your information.

2. What information we collect and how we collect it?

We are committed to protecting our customers’ privacy and ensuring that any personal information provided to us, is collected and used in full compliance with the General Data Protection Regulation (GDPR) and/or Data Protection Act 2018.

We collect personal data about our customers directly when arranging or administering a contract of insurance whether online, over the telephone or email. We may also receive your personal data via third parties who introduce you to us.

Read on to find out more…

Personal data you give to us

We will collect and use certain information which may include your name, address, e-mail address, telephone number, date of birth, bank account details or payment card details, security questions and certain other information (such as dates and destination of travel). In addition to collecting personal information about you, we may also collect personal information about other people you wish to insure on the policy. We need to collect this information in order to arrange the product.

Processing sensitive information

We may also collect “special categories of data” as defined under the GDPR, about you in relation to your medical history/health.

We may ask you for information about medical or other health conditions and disabilities about the person who is being insured, their family members and other persons to be insured on the policy. We need to collect this information in order to provide you with a quote for insurance, to arrange the insurance contract and to deal with claims. We may have to share that data with our third-party suppliers and transfer it outside the UK, EU or European Economic Area (EEA), as described in this Privacy Policy. When we do this, we will ensure that we transfer the data securely and according to regulatory requirements. If you do not want to provide this information to us, or after you have provided us with this information, you ask us, or our compliance department, to stop processing this information, it may mean we will not be able to provide all, or parts, of the services you have requested.

Your Duty to inform us of changes

To help us keep your information current, accurate and complete, please ensure you tell us if anything needs to be changed.

Personal data obtained from other sources

We may also receive your personal data from third party sources who collect information about you. This includes:

3. Where is your data stored and who is it shared with?

Your personal data is held on a combination of our own systems and systems of the suppliers we use to provide our services. Read more here…

When you give your personal data to us, some personal data will also need to be provided to, processed and stored by relevant third parties. These third parties include:

Some of these third parties may be based outside of the UK, EU and European Economic Area (“EEA”). Organisations that are based outside of the UK, EU or EEA may not be subject to the same level of controls in regard to data protection as those that exist within the UK, EU and the EEA. We aim only to transfer your data to third parties outside of the UK, EU or the EEA where either:

  1. your personal information will be subject to one or more appropriate safeguards set out in the law; if you’d like more information about our safeguards, please contact us. These safeguards may be the use of standard contractual clauses in a form approved by regulators, or having our suppliers sign up to an independent privacy scheme approved by regulators (like the US ‘Privacy Shield’ scheme); or
  2. the transfer is necessary to enable your contract to be performed; or
  3. your consent has been obtained.

4. How do we use your information when providing our services to you?

In order to provide our services to you, we use the information we hold in a number of different ways. Read more here…

We may use and process your personal information (including special category data such as information on your health specifically for insurance purposes) where we have a specific legal basis to do so under applicable national law.

In certain jurisdictions, we rely on local Data Protection Law that allows us to use health data in connection with your insurance policy – we may need to use health data for the purposes of providing quotes, processing claims, fraud investigation and handling any complaints you may have.

The following activities are carried out by us using your personal data as it is necessary in relation to a contract which you have entered into or because you have asked for something to be done so you can enter into a contract;

We may use and process your personal information, as set out below, where it is necessary for us to carry out activities for which it is in our legitimate interests as a business to do so:

We may use and process your personal information as set out below where we have your consent to do so:

We and third parties acting on our instructions, such as external law firms and their employees, may use and process your personal information as set out below where there is a legal requirement for us to do so:

5. When and how do we use your information for marketing

To find out more about our marketing communications, including when and how we may contact you, and how you can opt out of marketing, please read more here…

We will only send you information and offers by e-mail or text message if you sign up (opt-in) to receive such marketing, either directly through us or by telling a third party that you would like to receive marketing from us.

6. Your rights in relation to any personal data we hold about you

You have a number of rights in relation to your personal information under data protection law. To find out more, please read here…

Your Right to Access Your Personal Information

You have the right to make a Data Subject Access Request in many circumstances. That is a request for access to the personal information that we hold about you. If we agree that we have to provide personal information to you (or someone else on your behalf), we will provide it to you, or them, free of charge.

We may ask for proof of identity and sufficient information about your interactions with us so that we can locate your personal information. This may include information about your previous purchases. If someone is acting on your behalf, they will need to provide written and signed confirmation from you that you have given your authority to that person/company to make the request. We will ask for this to be provided before we give you (or another person acting on your behalf) a copy of any of your personal information we may be holding. We may not provide you with a copy of your personal information if it includes the personal information of other individuals or we have another lawful reason to withhold that information.

Please see the section titled How to Contact Us’ if you need to make a Data Subject Access Request.

Correcting and updating your personal information

The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you.

In the meantime, if you change your name or address/e-mail address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us using the details below.

Withdrawing your consent

Where we rely on your consent as the legal basis for processing your personal information, as set out in the section above titled How do we use your information when providing our services to you’, you may withdraw your consent at any time.

If you would like to withdraw your consent to us processing any information concerning medical conditions, please contact us using the contact details below. Please note if you ask us to stop processing this information, it may mean we won’t be able to provide all or parts of the services you have requested.

If you withdraw your consent, our use of your personal information before you withdraw is still lawful. Please note that exceptions may apply where we may need to continue to process your data e.g. in order to fulfil other legal obligations or for legitimate business interests.

Objecting to our use of your personal information

Where we rely on our legitimate business interests as the legal basis for processing your personal information for any purpose(s), you may object to us using your personal information for these purposes by e-mailing or writing to us at the address provided at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information; we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection law, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.

Erasing your personal information or restricting its processing

In certain circumstances, you may ask for your personal information to be removed from our systems by e-mailing or writing to us at the address at the end of this policy. Provided we do not have any continuing lawful reason to continue processing or holding your personal information, we will make reasonable efforts to comply with your request. Please note that exceptions may apply where we may need to continue to process your data e.g. in order to fulfil other legal obligations or legitimate business interests.

You may also ask us to restrict processing your personal information where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending, or you require us to keep it in connection with legal proceedings. We may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company, or in connection with legal proceedings.

Transferring your personal information in a structured data file

Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out in section titled How do we use your information when providing our services to you’, you may ask us to provide you with a copy of that information in a structured data file.

You can ask us to send your personal information directly to another service provider and we will do so if this is technically possible. We may not provide you with a copy of your personal information if it contains the personal information of other individuals or we have another lawful reason to withhold that information.

How to contact us

Any subject access request can be made in writing to:

Data Protection Officer, White Horse Insurance Ireland dac, Rineanna House, Shannon Free Zone, Shannon, County Clare, V14 CA36, Ireland.

Alternatively, you can make a subject access request by e-mail to: enquiries@cspeu.com

You can also make a request when speaking to any of member of the team.

When you have made your request and provided us with the information, we need to begin a search for the data we hold on you (including proof of identity). We will have 30 days to respond.

Making a complaint

We encourage you to contact us if you have a complaint and we will seek to resolve any issues or concerns you may have.

You have the right to lodge a complaint with the data protection regulator where you believe your legal rights have been infringed, or where you have reason to believe your personal information is being or has been used in a way that doesn’t comply with the law. The contact details for the Office of the Data Protection Commissioner (DPC), the data protection regulator in Ireland, are available on the DPC’s website.

If you wish to contact us about this Privacy Policy, you can e-mail or write to the Data Protection Officer using the contact details above.

7. Keeping hold of your personal data

If you want to find out more about our data retention policy, please read more here…

Your personal information will be retained for a period of time to ensure no further liability, such as any insurance claims, exists and to comply with our regulatory retention requirements. The period will normally be 7 years from expiry of the policy.

8. What is our approach to data security

We take data security very seriously, to find out our approach to this please read more here…

The transmission of information via the internet is not completely secure, and although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us, therefore any transmission is at your own risk. Once we have received your information, we will take all reasonable steps to keep your personal data secure and to try to prevent any unauthorised access, use or loss of your data, by putting in place appropriate security measures and limiting access to those who have a business need to know. All information you provide to us is stored on secure servers.

We have a process to deal with any suspected personal data breach and will notify you and the relevant Data Protection authority of a breach where legally required to do so.

9. Cookies

What are cookies:  

Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. They are widely used in order to make websites work and to improve their efficiency, as well as to provide website usage information to the website owner.

Why do we use cookies:

Our website uses cookies to distinguish you from other users to help us to improve your experience when you browse our website. Cookies allow you to navigate between pages efficiently, remember preferences and generally improve the user experience.

What cookies do we use:  

Strictly necessary cookies

These are functional and required cookies, essential to enable you to move around our website and to allow the features work correctly. Without these, services you request – such as navigating between pages – cannot be provided.

Analytics and performance cookies

We make use of analytic cookies to analyse how our visitors use our websites and to monitor website performance. These enable us to collect information about how you use our website, for instance which pages are viewed by visitors most frequently. All data collected in this way is used to improve how our website works and is not associated with any of your personal information.

Consent and Control

By using our website you consent to the use of cookies in accordance with this Privacy Policy. If you wish to restrict, block or delete the cookies which are set by any website, you can generally do this through your browser settings. The “Help” function within your browser should tell you how.

Alternatively, you may wish to visit www.allaboutcookies.org which contains information on how to block cookies from a wide variety of browsers. You will also find details on how to delete cookies from your computer as well as more general information about cookies.

Please note that by deleting or blocking cookies, our website may not function correctly and you may not be able to access certain areas.

10. Intellectual Property Right

The content of this website may not be retrieved, displayed, modified, copied, printed, sold, downloaded, hired, reverse engaged or transmitted in any way without the prior written consent of White Horse Administration Services Limited.

You may retrieve, display, copy, print or download the content on this site for legitimate personal use only and not for commercial exploitation.

You may not link to this web site or include this web site in part or in whole within another external web site without first obtaining written permission from White Horse Administration Services Limited. We reserve the right to remove links to this site without notice at our discretion.

11. Changes to this Privacy Policy

Please check this page regularly for changes to our privacy policy, which we may change from time to time. You can request a copy of a previous version of our Privacy Policy by following the ‘How to contact us’ section as detailed above.

January 2021 Version 2.0