Data Protection Summary
This document is a summary of the AXA Insurance Data Protection Statement. It contains a brief description of the information you need to understand how we use your data. If you would like more detailed information, please go to axa.ie or axani.co.uk or contact us using the details in Section 1 'General' below.
Notice: While all of the information in this Data Protection Summary is important, certain details have been placed in boxes to highlight them. These boxes contain information that the data protection legislation (known as the General Data Protection Regulation) specifies as being information that should be brought to your attention.
This document provides a summary of how we will use and protect the personal data we receive.
References to “AXA”, “us”, “our” and “we” mean AXA Holdings Ireland Limited and its subsidiaries, including AXA Insurance dac, and any associated companies from time to time.
It is important that you read our full Data Protection Statement and show it to anyone else who is insured under your policy of insurance, including any named drivers and anyone living at the property insured under your policy, as it also applies to them.
Please make sure that anyone else who is insured under your policy has provided you with consent to provide their personal information to us.
We reserve the right to change this Data Protection Summary and our full Data Protection Statement from time to time at our sole discretion. We encourage you to periodically review the most up to date versions of these documents at axa.ie or axani.co.uk.
Queries and Complaints
If you are unhappy with the way we have handled your personal information or if you want further information about the way your personal data will be used, please contact us by any of the following options:
Data Protection Officer
AXA Insurance dac
Wolfe Tone House
Wolfe Tone Street
Telephone: +353 (0)1 471 1812
Alternatively you have the right to lodge a complaint with the Data Protection Commission. Their contact details are as follows:
Data Protection Commission
Telephone: +353 (0)761 104 8000
Telephone: +353 (0)57 868 4800
LoCall Number: 1890 252 231
Fax: +353 57 868 4757
In order to gather the personal data about you (and, if applicable, other people insured under your policy of insurance) we may obtain personal data from various parties, including you, your representatives (if applicable), other insurance companies, third parties involved in an incident which may result in a claim (claimants, witnesses, solicitors, claims specialist service providers), the emergency services, such as the police or ambulance services and from searches (whether online, industry databases, media outlets or otherwise (including credit searches)).
Please do not send us the results of any genetic tests carried out on you or any other person.
3. Use of Information
We mainly use your personal information so that we can provide a quote, set up, administer and manage your policy and to assess and pay claims as part of an insurance contract. However, more specifically, we may use the personal data we gather for any or all of the following purposes:
to verify your (or your representative’s) identity;
to verify the accuracy of the information we receive;
to assess your insurance needs and to assess the nature and level of the risk associated with your proposed insurance policy;
to make or receive any payments;
to manage and administer your policy;
to manage and investigate claims;
to provide customer loyalty programmes and value added services;
for statistical analyses and the review and improvement of AXA’s products, services and processes;
to carry out market research and to improve our processes, products or services;
for marketing purposes;
for staff training, performance reviews and discipline;
for the detection and prevention of fraud, money laundering and other offences, and to assist the police;
to manage and investigate any complaints;
for reinsurance purposes;
AXA Group reporting purposes (where necessary);
for storage and to make back-ups of data.
for compliance with all relevant laws and regulations; and/or
as set out in this Data Protection Summary, our full Data Protection Statement or any other data protection statement, policy booklet, website, app terms and conditions or other documentation provided to you.
Legal Basis for processing:
The legal bases we rely on for using your personal data for each of the above purposes are as follows:
|Legal Bases||Purposes (letters correspond to the table above)|
|The processing is necessary for compliance with a legal obligation to which the controller is subject:||a, c, d, e, f, k, l, m, p and q|
|The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (including a quote that is not taken up):||b, c, d, e, f, k, m, n and p|
|The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. AXA’s legitimate interest is:|
|The data subject has given consent to the processing of his or her personal data for one or more specific purposes. The sending of marketing material to you is only done in circumstances where you have provided us with your consent in advance:||j|
|The processing is necessary for the performance of a task carried out in the public interest:||l|
|Sensitive Categories of Data:|
Personal data relating to criminal convictions and offences or related security measures, will only be processed for the above purposes where it is necessary for the assessment of risk or for the prevention of fraud or for the establishment, defence or enforcement of civil claims.
Other special categories of data, will only be processed for any of the above purposes by way of explicit consent, where it is necessary for the establishment, exercise or defence of legal claims or where the processing is necessary to protect the vital interests of the data subject or another person where the data subject is physically or legally incapable of giving consent.
Effect of not providing information
If you do not provide the information that we need, we may not be able to offer you a quote or a policy, your premium may be higher than if you had provided it or we may not be able to handle your claim.
4. Sharing of Information
In the course of providing our services to you we may share your personal data with various third parties including:
- Your representatives (such as a relative, another person insured under your policy or your lawyers);
- Our representatives (such as our employees, agents and companies that we rely on to provide various services, including telecommunications, data storage, document destruction, fraud detection, credit checking, IT, risk analysis, complaints handling and telematics);
- In a claims situation: service providers and expert witnesses (including for the assessment of liability, injuries, damage to vehicles and other property; lawyers) who are acting for us or for claimants, witnesses to incidents and, from time to time, private investigators;
- Other third parties, such as reinsurers, other insurance companies, external advisors and auditors, anti-fraud bodies (for example anti-fraud databases), AXA Group companies and (in limited circumstances) third parties to investigate business opportunities; and
- State or government departments, bodies or agencies.
On occasion we or a service provider may transmit certain aspects of your personal data outside the European Economic Area. The non-European Economic Area countries to which we currently send personal data include i) Switzerland, ii) the United States of America, iii) Malaysia, iv) Costa Rica, v) India and vi) AXA Group companies in non-EEA countries.
AXA complies with the law regarding international transfers of data by relying on the European Commission’s standard data protection contract clauses under Article 46.2 of the General Data Protection Regulation (in relation to items ii, iii, iv and v above), Binding Corporate Rules under Article 47 of the GDPR (in relation to item vi above) or the decisions of the European Commission stating that certain countries, such as Switzerland, ensure adequate levels of data protection in their law (Article 45 of the GDPR) (in relation to item i above).
If you would like more information about the relevant safeguards involved in international data transfers, please visit the European Commission’s website on data transfers outside the EU or contact us using the details in Section 1 'General' above.
5. Data Collected
As an insurance company we need to collect many categories of personal data (about you and other parties) for the purposes set out in our Data Protection Statement. The following category headings and types of data are a non-exhaustive list of data we collect.
|Category||Type of Data Collected|
|Policy information||Name, address, date of birth, gender, licence details, marketing preferences, payment details, vehicle and property details, driving and claims history, relevant criminal convictions, penalty points, location information (if you have a Drivesave policy), etc.|
|Information obtained from sources other than you||Penalty points, address look up, geocoding information, vehicle details and history, credit score, website usage information, etc.|
|Claims information||The circumstances of an incident, health information (injuries and relevant health conditions), relevant criminal convictions, etc.|
All of the above information is required for the purposes specified in Section 3 ‘Use of Information’.
6. Retention of Data
How long we keep data is determined by the purposes we use it for, time periods set out in law and the period we need to keep it to defend ourselves against legal action. Generally we keep information for the following periods:
|Type of Information||Retention Period|
|Quote information (where a policy is not taken out)||15 months|
|Policy information||The life of the policy plus 10 years|
|Claims information||10 years from when the claim is finalised (settlement, court hearing, withdrawal of claim, etc.)|
|Claims information – where there is the potential for a child to make a claim||Up to 3 years after the child in question turns 18 years of age|
However in some cases we may need to keep personal data longer than the above periods. Examples of these situations include long-running disputes and system back-ups required for disaster recovery. We also retain certain limited personal data beyond the above time periods in order to validate and handle any claims we receive after the statute of limitations has expired (late claims) and any claims we receive where the claimant was not aware of the damage until a long time after it was caused (latent claims). In these circumstances we retain information such as the policyholder’s name, the names of any named drivers, policy start and finish dates and cover details.
For late claims we will hold the data for a period of up to 25 years from the lapse or cancellation date of your policy or from the completion of a claim and for latent claims we will hold the data for up to 60 years from the lapse or cancellation date of your policy. In both cases, the data will be kept apart from our other policy and claims data so that it will only be used in the event that a new claim is made by or against you.
7. Automated Decision-Making
We use automated decisions-making, using information including customer details and claims experience, in the underwriting of your insurance policy. Underwriting is the process by which an insurance company examines, accepts or rejects risks and classifies those selected in order to charge an appropriate premium. We use an algorithm, which uses complex mathematical and actuarial methods of calculating and pooling risk, for insurance underwriting purposes. For more information, please see our full Data Protection Statement or contact us using the details in Section 1 'General' above.
Where we use automated decision making which produces legal effects for you or otherwise significantly affects you, you will have the right to obtain human intervention and to contest and make representations in relation to the decision in question.
8. Your Rights
As a ‘data subject’, you have the rights set out in this section. For more information on each of these rights, please see our full Data Protection Statement or contact us using the details in Section 1 'General' above.
Please send all requests to us (details in Section 1 ‘General’ above) in writing by post or email, together with enough information to allow us to deal with your request. It may take up to one month to process your request. If we refuse your request you are entitled to make a complaint to the Data Protection Commission (details in Section 1 ‘General’ above).
Right to Withdraw Consent
If we are processing your information on the legal basis of consent, you are entitled to withdraw your consent at any time. For details on how to withdraw your consent for marketing see Section 12 ‘Marketing Information’.
Right of Access
You have the right to be given details about the personal data concerning you that we hold and why and how we process that data. You also have the right to obtain a copy of the personal data we hold about you; this is known as a data access request. When you make this type of request, we would ask that you provide us with as much information as possible to assist us in identifying the personal data you want access to.
Right of Rectification
You have the right to require AXA to correct any inaccuracies (including missing details) in the information we hold about you. We would welcome any corrections to your information and, in certain cases, it is required by the terms of your insurance policy.
Right of Erasure/Right to be Forgotten
In certain circumstances you have a right to have the personal data concerning you erased. You may only request the deletion of your data in specific situations.
Right not to be subject to Automated Individual Decision-Making, including Profiling
In certain circumstances you have a right not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affects you.
Where we use automated decision-making you will always be entitled to have a person review the decision. See Section 7 ‘Automated Decision-Making’ above for more details.
Right to Data Portability
You have a right to receive from us the personal data you have provided to us. You may also request that we send this personal data to another data controller (such as another financial services provider).
Right to Object
Where we state in this document that we process your personal data in the public interest or on the basis of a legitimate interest (see the Legal Basis table above), you are entitled to object to the processing in question on grounds relating to your particular situation. We will then stop processing the personal data in question unless we can demonstrate compelling legitimate grounds for the processing that override your right or unless we need to use it in a legal claim. For more information on the Right to Object, please see our full Data Protection Statement or contact us using the details in Section 1 'General' above.
Right to Restrict Processing of Your Data
You have the right to restrict us from processing your personal data where you feel that it is inaccurate, that we are processing it unlawfully or that we no longer need it or where you have invoked your Right to Object (as set out in Section 8 (vii) above).
9. Specific Service Providers
We would like to draw your attention to some additional information relating to a number of the services we use which involve the processing of your personal data (for more detailed information please, see our full Data Protection Statement or contact us using the details in Section 1 'General' above):
Credit searches and use of third party information
We may carry out credit searches (either internally or with third party services) during your application for insurance. We may also pass information we hold about you and your payment record to the third party credit agencies. Where automatic credit scoring is used by us, we will enable you to make representations in relation to the search. We may also carry out searches in Northern Ireland in relation to County Court Judgments, the electoral register and CIFAS anti-fraud databases.
Penalty Point and Criminal Conviction Information
AXA may use your driving licence number (and that of any named drivers on your policy) to obtain data on any penalty points (including the number and reasons for same) and any driving convictions you may have.
Drivesave is AXA’s telematics product which monitors your driving behaviour through an app on your phone. Not all policies have this feature; please check your Policy Schedule to see if it applies to you. The Drivesave system collects and analyses certain information, including your location, driving speed, acceleration, braking severity and the time, date and duration of trips.
Insurance-Link in Republic of Ireland
Insurance-Link is an anti-fraud database containing details of claims made by individuals. When you get a quote, take out a policy or make a claim we may check this database. In claims situations we will also check this database and upload certain data (including name, date of birth and type of injury or loss suffered) to it. If we find any claims we may contact the relevant insurance company for further details and we may also provide details to other insurance companies if they discover a claim made against AXA.
Registers in Northern Ireland
The law in Northern Ireland requires that certain personal information about you, your vehicle, your policy and your claims be provided to various state bodies and registers. We and other companies may search these registers from time to time.
10. AXA Plus
If you are signed up to this service, we may use personal details such as your name, email address and county of residence to manage your membership of this service, for competitions you enter and to send you our regular e-newsletter. To unsubscribe from the e-newsletter, please click the unsubscribe link in any e-newsletter or visit axaplus.ie/contact/register-unsub.
11. Communication with Customers
We may contact you from time to time in relation to the purposes set out in this Data Protection Summary, which may include policy administration, discussion of renewal terms or quotes already provided to you, claims handling and (where you have given your consent) marketing. For more information, please see our full Data Protection Statement or contact us using the details in Section 1 'General' above.
12. Marketing Information
How it works
Where you have told us that you are happy to receive marketing information from us, we may contact you from time to time about other AXA products that we think may be of interest to you, including on the 12 month anniversary of a quote not taken up or your policy lapsing. To do this we may contact you by post, email and telephone (including mobile telephone) using the contact details you have provided to us.
In order to improve our customer service, we may use your data to analyse customer purchasing behaviour (such as time of day, channel used, level of cover) and customer data (such as name, address, renewal dates) to determine the most appropriate marketing offer for you.
How to change your marketing preference
If you have opted to receive marketing communications from us and you decide you no longer want to receive them anymore you can change your marketing preference by:
- going to www.outopt.me and following the instructions;
- letting us know your new preference when you receive any marketing communications, either by telling the AXA staff member during a phone call or clicking the opt out link in any message;
calling us on:
02890 020104 (Republic of Ireland customers);
0800 039 1970 (Northern Ireland customers);
- dropping in to your local branch
- emailing us at email@example.com; or
writing to us at:
Please note opting out from all contact may take up to 30 days and your choice will not affect any of the other services we provide to you, now or in the future.