Hastings Life & Pensions Ltdtrading asHastings Insurance & Hastings Financial
thereafter referred to as ‘Hastings,’ is committed to respecting and protecting your privacy.
Hastings recognises that protecting personal informationis very important to you.It is the intention of this privacynoticestatement to explain to you the information practices of Hastings in relation to the information we collect, use and storeabout you.It is supplemental to the Data Protection Notice provided to you in our Terms of Business. It sets out in more detail how we handle and manage your personal information including sensitive data we may process. Personal data relates to you, anyone insured under your policy or anyone whose personal data we process in connection with your policy/portfolio and applies to all your dealings with us.
For the purposes of the General Data Protection Regulations(GDPR) the data controller is:
‘Hastings’
Contactdetails for GDPR Queries at Hastings are: The Octagon, Westport, Co Mayo Tel. 098 27227 or Email: Dataprotection@hastings.ie.
When we refer to ‘we’we meanHastings.
It is important that you read this document and show it to anyone else who is insured or named under your policy of insurance. Please make sure anyone else insured or named under your policy has provided you with consent to provide their personal information to us.
Who are we? Our principal businessas Insurance Brokeris to provide advice and arrange transactionson your behalfin relation to life & pensions/savings & investments/mortgages and general insurance productsincluding personaland commercial lines.Hastings has8 branches located in Westport, Claremorris, Ballina, Castlebar,Sligo,Tuam,Galwayand Dublin.
Purpose forcollecting andprocessing your data As an Insurance Broker, thepersonal data we collect from you ispassedonto an insurance company in order toobtain a premiumand provide you withaquotationin relation to a service you have requested,arrange a transaction on your behalf,administer, manage your policy, provide premium renewal detailsand assist with claims as part of our service.We may also collect your personal data to verify your identityorto compile and process your information for audit, statistical or research purposes, for compliance with regulatory and legal requirements, for internal record keeping andtoprotect your vital interests. We may also process your personal data where we have a legitimate interest to do so, subject to those interests notover-riding your fundamental rights and freedoms. This includes:market research and statistical analysis to improve our services and products, to protect our business, reputation, resources and equipment, manage network and information security and prevent and detect fraud, dishonesty and other crimes, investigating complaints,training and monitoring staff. Thepersonal data we require about you (and, if applicable, other people insuredor namedunder your policy of insurance) will be gathered and storedsafelyas set outbelow.Where personal data is provided relating to a third party to us, you confirm that you have explained to them that you have provided their personal data to us and that we will process such personal data in accordancewith and for the purposes outlined below.
We receive personal information about you, when you contact Hastings through various channels ie, by requesting a quotation, using anyof our website’s or the live online chat facility, submitting a claim, telephone, post, email or by visiting any one of our branches.
The personal data we willcollectfrom you and process,whererelevant,isdependent on the type of product you are seeking,thisis not a limited list andmay include:
Personal, such as title, full name,address, landline telephone number, mobile number,work number,email address
Your date of birth, gender and/or age, PRSI number,
Your nationality,residency and/or citizenship status,if needed for the product or service
Details of beneficiaries, such as joint policy holders, named drivers, beneficiaries of our products or services
Family members(ifrelevant to the product or service)
Your marital status, family, lifestyle or social circumstances, if relevant to the product (for example, the number of dependentsyou have or if you are a widow or widower)
Records of your contact with ussuch as via phone,if you get in touch with us online using our online‘contact us’services ordetails such as your mobile phone location data, IP address, records of landline telephone recordings
Products and servicesyou hold with us, as well as have been interested in and have held and the associated payment methods used, including existing policy number, client identification number, renewal dates of policies with us and other insurers, premium details, details of excesses, images/surveys
The usage of our services, any claims and whether those claims were paid out or not (and details related to this)
Bankand payment carddetails,in order to reimburse any premium owed to you, records of payments and arrears
Marketing to you and analyzing data, including history of those communications, whether you open them or click on links, and information about products or services we think you may be interested in, and analyzing data to help target offers to you that we think are of interest or relevance to you. Offers may include our car, insurance, financial services, connected car, travel and any of our other products and services
Vehicle& Driver(s)information, such as make and model,registration number, year of manufacture, value, purchase date, fuel type, engine size,vehicle licensingcert, who uses the vehicle, carrying capacity, weight, distance travelled per year, type of use of vehicleie,business use orsocial/domestic use, right/left-hand drive, details of insurance cover, change in insurance cover and modifications if any,connectedvehicles insured. Driving history, no claims bonus, gap in cover, claims history, disqualifications and penalty points incurred
Information about your use of products or services held withthe firm, such asotherinsurance policies, mortgage, savings or financial services and products
Information we obtained from third parties, including information about insurance risk, pricing, claims history, instances of suspect fraud and usage history
Fraud, debt and theft information, including details of money you owe, suspected instances of fraud or theft, and details of any devices used for fraud
Criminal records information, including alleged offences, for example if you apply for car insurance
Information about your health or if you are avulnerable customer.Injuries/illnesses suffered by you or anyone insured on the policy either prior to taking out an insurance or during policy coverage
Information about your property, such as location, value, number of rooms, property type and building work you’ve had done
Financial details about you,source ofincome,source of wealth,details of your expenditure, and payment method(s), if relevant
Details about all of your existing borrowings and loans, if relevant
Information about your employment status, if relevant
Information about your property occupier status, such as whether you are a tenant, live with parents or are an owner occupier of the property where you live at the time of your application
Information weobtainfrom third parties, includingvehicle details, details of outstanding finance, vehicle claims/history, publicly available information, and information to help improve the relevance of our products and services
Where relevant,information about any guarantorwhich you provide in anyapplication
Tax information, if relevant (for example, fortax planning purposes)
Images,in connection with the risk being insured or for other business use including claims processing.
Note:Some personal data is mandatory in order for the performanceof the contract.In the event you decide not to provide the mandatory personal data we will be unable to provide you with a certain service or product.We will indicate to you where any personal data required is mandatory or optional.
Why we are processing your data? OurLegalBasis. In order forHastingsto provide youwith any of the insurance services listed above, Hastings needsto collect personaldatato be able to provide a quotation,arrange a transactions onyour behalf,administer, manage your policy and assist with claimsas part of our service.
Our reason (lawful reason) for processing your data underthe EU’s General Data Protection Regulation (GDPR)is:
Legal basis–Hastings needs tocollect andprocess your dataon the basis that itis necessary to do so to enter into and/or to perform acontractwith you.
Weare committed to ensuring that the information we collect andyou giveus is appropriate for this purpose, and does not constitute an invasion of your privacy.
How will Hastings use the personal data is collects about me? Wewill process (collect, store and use) the information you provide in amanner compatible with the EU’s General Data Protection Regulations(GDPR). We will endeavour to keep your information accurate andup to date, and not keep it for longer than is necessary.
Special Categories of personal data.
Where we collect any special categories of personal data, known as ‘sensitive data’ ie data about your health or information in relation
to your criminal convictions such as penalty points/driving convictions, this will only be requested and processed where it is necessary
for the performance of an insurance contract and will only be processed by way of a) explicit consent b) assessment of risk c) for the
prevention of fraud d) for the establishment, exercise, enforcement or defence of legal claims or e) to protect the vital interests of a
person.
Who we are sharing your data with?
As an Insurance Broker we share your data with the insurance companies we deal with in order to obtain a quotation, issue renewal
terms and provide alternative quotations for you. We may also be required to share your data for example, with the National Vehicle
and Driver File, Personal Injuries Assessment Board or other third parties involved in administering your insurance contract including
any loss assessors/adjustors, witnesses to any incidents/accidents you are involved in, claimants and their legal or medical
representatives. These third parties are obliged to keep your details secure, and use them only to fulfil the service they provide on your
behalf. In order to fulfil our legal and regulatory obligations we may also share your personal data with any authorities for example:
The Data Protection Commission, Revenue Commissioners, Central Bank of Ireland, Financial Services and Pensions Ombudsman, our
legal advisors or the Garda Siochana. When we believe we have been given false or misleading information, or we suspect criminal
activity we must record this and inform the relevant authorities. Your data is held within the Hastings branch network and may be
shared with any providers or suppliers where the firm outsources the processing of certain functions, for example:Auditors, Legal
advisors, IT/Software providers, Payment Processes or other third parties involved in administering your contract. Your data may also
be shared with any party where you have given us permission to speak with them ie, a relative or friend, any party named under your
insurance.
In the instance where we have to transfer data outside the European Economic Area (EEA) to help provide you with products and
services, we will do so in compliance with obligations under Data Protection Legislation and would expect the same standard of data
protection is applied outside of the EEA to these transfers and the use of the information, to ensure your rights are protected.
In certain contracts of insurance where, for whatever reason, you cannot be found or you become insolvent, or the court finds it just
and equitable to so order, then your rights under the contract may be transferred to and vested in the third party even though they are
not a party to the contract of insurance. The third party has a right to recover from the insurer the amount of any loss suffered by
them. Where the third party reasonably believes that you as policyholder have incurred a liability the third party may be entitled to
seek and obtain information from the insurer or from any other person who is able to provide it concerning:
the existence of the insurance contract,
who the insurer is,
the terms of the contract, and
whether the insurer has informed the insured person that the insurer intends to refuse liability under the contract.
Data Subjects Rights:
Hastings facilitate your rights under Data Protection Legislation to address any concerns or queries about the processing of your
personal data. At any point while we are in possession of or processing your personal data, you, the data subject, have the following
rights:
Right of access – you have the right to request a copy of the information that we hold about you;
Rights of Rectification – you have a right to correct data that we hold about you that is inaccurate. In certain cases you are obliged in the terms of your insurance contract to inform us of any changes ie, change of address;
Right to Withdraw Consent –you have the right to withdraw your consent to your data being processed where we use consent as the legal basis;
Right to be forgotten – you have the right to have your personal data deleted or to be forgotten. However we can only delete your data in certain circumstances and there may be instances where we cannot provide a deletion ie, an ongoing claim;
Right to restriction of processing – where certain conditions apply you have a right to restrict the processing of your data;
Right of portability – you have the right to have the data we hold about you transferred to another organisation;
Right to object – you have the right to object to certain types of processing such as direct marketing;
Right to be excluded from profiling or automated processing; you also have the right to be subject to the legal effects of automated processing or profiling;
All of the above requests will be forwarded on should there be a third party involved as we have indicated in the processing of your
personal data.
Data security
Hastings intent is to strictly protect the security of your personal information; honour your choice for its intended use; and carefully
protect your data from loss, misuse, unauthorised access or disclosure, alteration or destruction. We have taken appropriate steps to
safeguard and secure information we collect online, including the use of encryption when collecting or transferring sensitive data such
as credit card information.However, you should always take into consideration that the internet is an open forum and that data may
flow across networks with little or no security measures, and therefore such information may be accessed by people other than those
you intended to access it.
Additional information we are providing you with to ensure we are transparent and fair with our processing.
Retention of your Personal Data
Data will not be held for longer than is necessary for the purpose(s) for which it was obtained. Hastings will process personal data in
accordance with our retention schedule. For the majority of Policy Data, this is 7 years after the relationship ends. If you do not incept
cover for an insurance policy, your data will be kept for 18months and processed in line with this statement. In certain cases we are
obliged to hold onto records for longer periods, examples of which are public liability insurance and pension details. We do so in line
with our regulatory obligations.
Failure to provide further information
If we are collecting your data for a contract and you cannot provide this data the consequences of this could mean the contract cannot
be completed or details are incorrect.
Profiling & Automated Decision Making
We use automated decision-making, including profiling, in the following situations:
a)Risk Profiling –To establish a customer’s attitude to investment risk (relating to pensions and investments);
b)Establishing affordability and providing quotations for financial services products;
c)Providing quotes through our quote providers based on the information provided to us. The Quote generated is based on the logic
and criteria set by insurers.An example of this would be in the case of penalty points on an individuals driving licence, the more
points the higher the premium would be quoted;
d)Profiling for Marketing purposes –When we seek to contact you about other services, as outlined above, we run automated
queries on our computerised database to establish the suitability of proposed products or services to your needs. An example
would be the identification of customers who hold motor insurance but do not hold household insurance.
e)Any form of risk assessments for Fraud Prevention/Anti-Money Laundering purpose or other Legal/Regulatory reasons.
You have the right to object to profiling in certain cases only ie, where it is not required for the performance of the contract or not
required for any legal or regulatory reason.
Additional Processing
If we intend to further process your personal data for a purpose other than for which the data was collected, we will provide this
information prior to processing this data.Where we have your consent to send you information about any other products, services or
offers which Hastings would like to communicate to you, we may contact you through a variety of means such as mobile phone,
landline, email, SMS (text) and post. This can include you being contacted on or about the anniversary of your policy lapsing or your
quote request. It is always your choice whether you want to receive any marketing based information. You can also change your
preferences of how we contact you or amend how you receive any marketing at any time by calling your local branch or emailing
Dataprotection@hastings.ie. If you choose not to receive this type of information, it will not affect any of the services provided to you,
now or in the future.
Complaints
In the event that you are unhappy with the way Hastings has handled your personal data, we encourage you to email us in the first
instance at Dataprotection@hastings.ieor write to Data Protection, Hastings Insurance Brokers, The Octagon, Westport, Co Mayo.
You also have a right to lodge a complaint with the Protection Commission - info@dataprotection.ie.
Contact Us
Your privacy is important to us. If you have any comments or questions regarding this statement, please contact data protection on
We may change this privacy policy from time to time. When such a change is made, we will post a revised version on our website.
Changes will be effective from the point at which they are posted. It is your responsibility to review this privacy policy periodically so
you are aware of any changes. By using our services you agree to this privacy policy.
Cookies used
Controlling your cookies
Any cookie that is not Strictly Necessary is not active by default and does not send information to the resource it is called from. Accepting all cookies, makes all cookies active. You can modify your cookie preferences for the website at any time by clicking on the ‘Cookie Settings’ button below.