Please read the following information carefully.
1. Which companies does this policy apply to?
White Horse Administration Services Limited is responsible for personal information that it originally collects from you and acts as data controller for the purposes of data protection law. Read on to find out more…
We provide some services to our clients as a data processor, which means that the client remains primarily responsible for your information as the data controller. Additional data controllers may include underwriters of your policy or third parties who are responsible for the sale and distribution of insurance products. These third parties will have their own privacy policies and will respond to queries about the use of your information.
2. What information we collect and how we collect it?
We are committed to protecting our customers’ privacy and ensuring that any personal information provided to us, is collected and used in full compliance with the General Data Protection Regulation (GDPR) and/or Data Protection Act 2018.
We collect personal data about our customers directly when arranging or administering a contract of insurance whether online, over the telephone or email. We may also receive your personal data via third parties who introduce you to us.
Read on to find out more…
Personal data you give to us
We will collect and use certain information which may include your name, address, e-mail address, telephone number, date of birth, bank account details or payment card details, security questions and certain other information (such as dates and destination of travel). In addition to collecting personal information about you, we may also collect personal information about other people you wish to insure on the policy. We need to collect this information in order to arrange the product.
Processing sensitive information
We may also collect “special categories of data” as defined under the GDPR, about you in relation to your medical history/health.
Your Duty to inform us of changes
To help us keep your information current, accurate and complete, please ensure you tell us if anything needs to be changed.
Personal data obtained from other sources
We may also receive your personal data from third party sources who collect information about you. This includes:
- For insurance policies where there is more than one person insured on the same policy, we may obtain personal information about you from any of the insured parties on your policy.
- From fraud prevention agencies or from other companies such as insurance undertakings where they are investigating suspected fraud.
3. Where is your data stored and who is it shared with?
Your personal data is held on a combination of our own systems and systems of the suppliers we use to provide our services. Read more here…
When you give your personal data to us, some personal data will also need to be provided to, processed and stored by relevant third parties. These third parties include:
- Underwriter of the policy (e.g. insurers), their agents such as claim handlers.
- Our distribution partners/brokers, third parties who introduce/arrange business.
- Other group companies (e.g. White Horse Insurance Ireland dac) and third parties who provide services to us to help us arrange products and services.
- Product partners and data processors (companies that act as service providers under contract with us and only process your personal information as instructed by us).
- Our card payment facilitators and other relevant third parties such as fraud investigators, that help us process customer payments or assist us in detecting and preventing fraudulent payments or claims.
- Regulatory authorities and state organisations e.g. the Central Bank of Ireland, Financial Services and Pensions Ombudsman, relevant tax authorities or law enforcement authorities/agencies.
- Reinsurers, where we are required to pass on information to arrange cover.
- Service providers acting for us such as IT suppliers, actuaries, auditors, lawyers, data storage companies.
- Anyone with authorisation or permission to act on your behalf about your insurance policy or claim (including other relevant individuals under a policy). This includes legal representatives.
Some of these third parties may be based outside of the UK, EU and European Economic Area (“EEA”). Organisations that are based outside of the UK, EU or EEA may not be subject to the same level of controls in regard to data protection as those that exist within the UK, EU and the EEA. We aim only to transfer your data to third parties outside of the UK, EU or the EEA where either:
- your personal information will be subject to one or more appropriate safeguards set out in the law; if you’d like more information about our safeguards, please contact us. These safeguards may be the use of standard contractual clauses in a form approved by regulators, or having our suppliers sign up to an independent privacy scheme approved by regulators (like the US ‘Privacy Shield’ scheme); or
- the transfer is necessary to enable your contract to be performed; or
- your consent has been obtained.
4. How do we use your information when providing our services to you?
In order to provide our services to you, we use the information we hold in a number of different ways. Read more here…
We may use and process your personal information (including special category data such as information on your health specifically for insurance purposes) where we have a specific legal basis to do so under applicable national law.
In certain jurisdictions, we rely on local Data Protection Law that allows us to use health data in connection with your insurance policy – we may need to use health data for the purposes of providing quotes, processing claims, fraud investigation and handling any complaints you may have.
The following activities are carried out by us using your personal data as it is necessary in relation to a contract which you have entered into or because you have asked for something to be done so you can enter into a contract;
- To provide you with a quotation for an insurance product;
- Providing the services internally and through our suppliers, to ensure the services you have requested are arranged, including claims-handling and related activities;
- To communicate with you regarding your insurance contract, making any changes, answering queries, providing updates, carrying out renewal of insurance policies.
We may use and process your personal information, as set out below, where it is necessary for us to carry out activities for which it is in our legitimate interests as a business to do so:
- To improve customer experience:
- To notify you about changes to our service.
- To protect our business against financial loss:
- For payment card verification;
- To obtain reinsurance;
- For preventing and detecting fraudulent or criminal activity.
- To promote our business, improve our products and services:
- For statistical analysis and actuarial reporting;
- For internal research/analysis to improve the quality of our Services or the products we offer by:
- Management information purposes including risk assessment, performance reporting and management reporting.
- To support any potential company sale or acquisition:
- In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.
We may use and process your personal information as set out below where we have your consent to do so:
- To send marketing correspondence about our products and services where we have asked for your permission to do so. See the section ‘When and how do we use your information for marketing’ for more information.
We and third parties acting on our instructions, such as external law firms and their employees, may use and process your personal information as set out below where there is a legal requirement for us to do so:
- For resolving complaints, dealing with disputes and legal proceedings. This might include contacting you proactively if we need to resolve any issues you may be experiencing or have experienced with a purchase or policy.
- To comply with relevant legal and regulatory obligations e.g. keeping proper books and records.
5. When and how do we use your information for marketing
To find out more about our marketing communications, including when and how we may contact you, and how you can opt out of marketing, please read more here…
We will only send you information and offers by e-mail or text message if you sign up (opt-in) to receive such marketing, either directly through us or by telling a third party that you would like to receive marketing from us.
6. Your rights in relation to any personal data we hold about you
You have a number of rights in relation to your personal information under data protection law. To find out more, please read here…
Your Right to Access Your Personal Information
You have the right to make a Data Subject Access Request in many circumstances. That is a request for access to the personal information that we hold about you. If we agree that we have to provide personal information to you (or someone else on your behalf), we will provide it to you, or them, free of charge.
We may ask for proof of identity and sufficient information about your interactions with us so that we can locate your personal information. This may include information about your previous purchases. If someone is acting on your behalf, they will need to provide written and signed confirmation from you that you have given your authority to that person/company to make the request. We will ask for this to be provided before we give you (or another person acting on your behalf) a copy of any of your personal information we may be holding. We may not provide you with a copy of your personal information if it includes the personal information of other individuals or we have another lawful reason to withhold that information.
Please see the section titled ‘How to Contact Us’ if you need to make a Data Subject Access Request.
Correcting and updating your personal information
The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you.
In the meantime, if you change your name or address/e-mail address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us using the details below.
Withdrawing your consent
Where we rely on your consent as the legal basis for processing your personal information, as set out in the section above titled ‘How do we use your information when providing our services to you’, you may withdraw your consent at any time.
If you would like to withdraw your consent to us processing any information concerning medical conditions, please contact us using the contact details below. Please note if you ask us to stop processing this information, it may mean we won’t be able to provide all or parts of the services you have requested.
If you withdraw your consent, our use of your personal information before you withdraw is still lawful. Please note that exceptions may apply where we may need to continue to process your data e.g. in order to fulfil other legal obligations or for legitimate business interests.
Objecting to our use of your personal information
Where we rely on our legitimate business interests as the legal basis for processing your personal information for any purpose(s), you may object to us using your personal information for these purposes by e-mailing or writing to us at the address provided at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information; we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection law, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.
Erasing your personal information or restricting its processing
In certain circumstances, you may ask for your personal information to be removed from our systems by e-mailing or writing to us at the address at the end of this policy. Provided we do not have any continuing lawful reason to continue processing or holding your personal information, we will make reasonable efforts to comply with your request. Please note that exceptions may apply where we may need to continue to process your data e.g. in order to fulfil other legal obligations or legitimate business interests.
You may also ask us to restrict processing your personal information where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending, or you require us to keep it in connection with legal proceedings. We may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company, or in connection with legal proceedings.
Transferring your personal information in a structured data file
Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out in section titled ‘How do we use your information when providing our services to you’, you may ask us to provide you with a copy of that information in a structured data file.
You can ask us to send your personal information directly to another service provider and we will do so if this is technically possible. We may not provide you with a copy of your personal information if it contains the personal information of other individuals or we have another lawful reason to withhold that information.
How to contact us
Any subject access request can be made in writing to:
Data Protection Officer, White Horse Insurance Ireland dac, First Floor, Rineanna House, Shannon Free Zone, Shannon, County Clare, V14 CA36, Ireland.
Alternatively, you can make a subject access request by e-mail to: firstname.lastname@example.org
You can also make a request when speaking to any of member of the team.
When you have made your request and provided us with the information, we need to begin a search for the data we hold on you (including proof of identity). We will have 30 days to respond.
Making a complaint
We encourage you to contact us if you have a complaint and we will seek to resolve any issues or concerns you may have.
You have the right to lodge a complaint with the data protection regulator where you believe your legal rights have been infringed, or where you have reason to believe your personal information is being or has been used in a way that doesn’t comply with the law. The contact details for the Office of the Data Protection Commissioner (DPC), the data protection regulator in Ireland, are available on the DPC’s website.
7. Keeping hold of your personal data
If you want to find out more about our data retention policy, please read more here…
Your personal information will be retained for a period of time to ensure no further liability, such as any insurance claims, exists and to comply with our regulatory retention requirements. The period will normally be 7 years from expiry of the policy.
8. What is our approach to data security
We take data security very seriously, to find out our approach to this please read more here…
The transmission of information via the internet is not completely secure, and although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us, therefore any transmission is at your own risk. Once we have received your information, we will take all reasonable steps to keep your personal data secure and to try to prevent any unauthorised access, use or loss of your data, by putting in place appropriate security measures and limiting access to those who have a business need to know. All information you provide to us is stored on secure servers.
We have a process to deal with any suspected personal data breach and will notify you and the relevant Data Protection authority of a breach where legally required to do so.
What are cookies:
Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. They are widely used in order to make websites work and to improve their efficiency, as well as to provide website usage information to the website owner.
What cookies do we use:
- Strictly necessary cookies
- Analytics and Performance cookies
Strictly necessary cookies
These are functional and required cookies, essential to enable you to move around our website and to allow the features work correctly. Without these, services you request – such as navigating between pages – cannot be provided.
Analytics and performance cookies
We make use of analytic cookies to analyse how our visitors use our websites and to monitor website performance. These enable us to collect information about how you use our website, for instance which pages are viewed by visitors most frequently. All data collected in this way is used to improve how our website works and is not associated with any of your personal information.
Consent and Control
Alternatively, you may wish to visit www.allaboutcookies.org which contains information on how to block cookies from a wide variety of browsers. You will also find details on how to delete cookies from your computer as well as more general information about cookies.
Please note that by deleting or blocking cookies, our website may not function correctly and you may not be able to access certain areas.
10. Intellectual Property Right
The content of this website may not be retrieved, displayed, modified, copied, printed, sold, downloaded, hired, reverse engaged or transmitted in any way without the prior written consent of White Horse Administration Services Limited.
You may retrieve, display, copy, print or download the content on this site for legitimate personal use only and not for commercial exploitation.
You may not link to this web site or include this web site in part or in whole within another external web site without first obtaining written permission from White Horse Administration Services Limited. We reserve the right to remove links to this site without notice at our discretion.
January 2021 Version 2.0