InsuranceLink Online Privacy Notice

Insurance Ireland takes its responsibility to protect your personal data seriously. This Online Privacy Notice (“Notice”) applies to personal data we process in connection with the InsuranceLink database (“InsuranceLink”). This Notice describes the types of personal data we obtain, how we use that personal data, and with whom we share it. We also describe the rights you may have and how you can contact us.

The General Data Protection Regulation and Irish Data Protection Act apply to the processing of your personal data (“Data Protection Laws”). “Personal data” has a broad meaning and includes any information which can be used to identify you.

What is InsuranceLink?

InsuranceLink is a database which parties eligible to access it (“Users”) use to help them identify and combat fraud in the insurance industry at the underwriting stage. Users can include insurers, managed general agents, and intermediaries but all Users must all meet the Eligibility Requirements (available here) before they can access InsuranceLink. Governance of and access to InsuranceLink is the responsibility of the InsuranceLink Oversight Committee (“ILOC”). ILOC is independent from Insurance Ireland and ensures that only eligible parties access your personal data on InsuranceLink.

A list of Users of InsuranceLink can be found here.

Whose personal data is processed?

Individuals who have submitted insurance claims to a User or have had insurance claims submitted to a User on their behalf (for example, a parent on behalf of a child). In other words, if you have submitted an insurance claim to a User, that User may have uploaded the details of that claim to InsuranceLink.

We also process your personal data when you make a data subject rights request via the Data Subject Rights Request Form.

What is Insurance Ireland’s role in InsuranceLink?

Insurance Ireland is a controller of your personal data because of our historical role in facilitating the existence of the InsuranceLink database via contract with an IT service provider. Insurance Ireland contracts with an IT service provider to provide the infrastructure for the InsuranceLink database.

General Description of how your personal data is used in InsuranceLink

InsuranceLink is a claims-matching computer database which helps Users identify possibly fraudulent claims. The database can also be used as a check against non-disclosure at proposal stage (e.g. where a proposer does not provide details of previous claims).

Details of claims are entered into the system and a programme is run to identify any “matches” – for example if the claimant has made multiple claims or if there are any similarities between claims. While matches do not necessarily imply that fraud has taken place, they will alert the User to take a closer look at the claims involved.

All claims involving personal injury in motor accidents, employer’s and public liability insurance as well as vehicle damage, household, commercial property, personal accident and travel insurance are run through the InsuranceLink system.

No automated decisions are made on InsuranceLink. If a “match” is generated on InsuranceLink following a query from a User, and that User determined that such a match merits further investigation, that User (“Requesting User”) will then contact the User who uploaded the matching claim (“Providing User”) via the “Request Additional Information Facility” on InsuranceLink. Access to the Request Additional Information Facility is limited to nominated individuals who authorised by each User. The Providing User can then respond to the query with the required information. The information requested by the Requesting User and provided by the Providing User is at the discretion of those Users, who are the controllers of that additional information.  The User will have provided you with notice of collection and use of your personal data for this purpose at the time they collected this personal data from you. As such, please refer to the relevant User’s privacy notice for more information about how they process your personal data.

What personal data is processed and why?

The table below sets out what personal data we process and for which purposes.

Where your personal data is processed	Types of personal data processed	Purposes of Processing
InsuranceLink	Identifiers and biographical information: full name, date of birth, address	Fraud detection and prevention at policy underwriting stage.
	Claim information: type of claim, date of incident, claim number
	Vehicle details (for motor damage and motor injury claims only): vehicle registration number, VIN and / make and model
	Physical or mental health condition or medical information: a record on InsuranceLink may contain details concerning motor vehicle injury suffered by the claimant, subcategorised as follows: ·                     Whiplash ·                     Soft tissue injury ·                     Neck injury ·                     Back injury ·                     Fractures / breakages ·                     Multiple injuries ·                     Other injuries ·                     Psychological ·                     Disease
Data Subject Rights Request Procedure	Identifiers and biographical information: full name, date of birth, current address, and previous addresses (if relevant)	To fulfil our obligations under Data Protection Laws and give effect to your data subject rights / respond to your queries
	Vehicle details (for motor damage and motor injury claims only): vehicle registration number, VIN and / make and model
	Supporting documents: proof of address document and proof of ID document

 

Legal basis for processing

Your personal data is processed in InsuranceLink for the legitimate interests of Insurance Ireland to prevent and detect fraud in the insurance industry. The use of a centralized database like InsuranceLink to provide the required personal data to Users is necessary since it is the only way this legitimate interest can be effectively achieved on a uniform basis in accordance with Data Protection Laws. The processing is proportionate because the personal data available on InsuranceLink is limited to the amount of information required to assist Users with flagging suspicious claims or activity via “matches” for further independent investigation, as described above. If you would like more information on a particular Users’ legitimate interest in processing your personal data, please contact that User directly.

We process your personal data you provide to us when making a data subject rights request to comply with our legal obligations under Data Protection Laws.

If any special categories of personal data (like health data) about you is processed on InsuranceLink, this personal data is processed based on your explicit consent. It is the responsibility of the relevant User to obtain your explicit consent at the time of collection of any special category personal data. Please contact the relevant User should you have any questions or concerns about your special category personal data or your explicit consent.

How long do we keep your personal data?

When we receive identity verification documents with a data subject rights request, we retain these only for so long as is necessary to deal with your request.

Your personal data is retained on InsuranceLink for a period of ten years after the last activity was logged on a claim.

In practice, this means that once a claim is uploaded to InsuranceLink but has no activity after 10 years, it will be removed from InsuranceLink by default. However, if a claim arises within that period the data will be retained for 10 years after the last activity on that claim. For example:

·                     Claim uploaded to InsuranceLink: 1 January 2018.

·                     Claim closed: 1 January 2023

·                     Claim will remain on InsuranceLink until end of 2032.

The ten-year period has been selected on the basis of evidence provided by Users that in many cases insurance fraud is only identified by comparing claims data over a longer period. Rather than holding data indefinitely however, the ten-year period was identified as striking the correct balance between the need to manage fraud risks while ensuring that personal data that is not relevant to this purpose is deleted within an appropriate timeframe.

 

Your rights

Data Protection Laws provide you with certain rights (which are subject to limitations under Data Protection Laws).  These rights include the right to:

·                     receive detailed information on how Insurance Ireland processes your personal data (right of access);

·                     request a copy of personal data Insurance Ireland holds about you (right of access);

·                     rectify (incorrect) personal data;

·                     delete personal data, in certain situations;

·                     request Insurance Ireland to restrict processing of personal data;

·                     object to Insurance Ireland processing of personal data where our processing is based on legitimate interests. We may continue processing your personal data where your objection is overridden by our compelling legitimate grounds for processing; and

·                     complain to the local data protection authority, which in Ireland is the Data Protection Commission (website here).

To exercise your rights of access, please complete the Data Subject Rights Request Form (available here). This will enable us to validate your request against the relevant records (if any) on InsuranceLink. Your request will be dealt with in accordance with Data Protection Laws.

To exercise any of the other rights listed above, please contact Insurance Ireland at dp@insuranceireland.eu. Your request will be dealt with in accordance with Data Protection Laws.

Do we share your personal data?

“Matches” data is shared between Users as described above. In addition, Insurance Ireland engages third parties to perform tasks on our behalf (i.e. processors) and we may need to share your data with them, including our database service provider.

Insurance Ireland may be required to disclose personal data in some circumstances such as if you violate applicable policies or laws.  Insurance Ireland may disclose such personal data, at our sole discretion, if we believe it is necessary or appropriate in connection with investigation, prevention or detection of fraud, IP infringement, piracy, other unlawful activity and / or to protect our rights or the rights or vital interests of third parties and / or prevent physical and / or other harm and / or financial loss.

How do we protect your personal data?

We take steps with our database service provider to ensure that appropriate technical and organisational security measures are in place to protect your personal data. For example, our Terms of Access and associated security measures limit the access of your personal data to those who have a business need to view it and such processing is subject to a duty of confidentiality.  We have procedures in place regarding security breaches and we will notify you and the appropriate regulator of a suspected data breach where we are legally obligated to do so.

Data transfers outside the EEA

InsuranceLink is hosted on servers in the EU and Insurance Ireland does not transfer your personal data outside of the European Economic Area.

Contact us

You can email your queries to our Data Protection Officer at dp@insuranceireland.eu.

You can send your query via post to: InsuranceLink, c/o Verisk Insurance Solutions Ltd

Level 1, Unit 1A

3 Custom House Plaza

Harbour Master Place

I.F.S.C

Dublin 1

Ireland

Individuals have the right to complain to the Data Protection Commission if they believe their personal data rights have been infringed by InsuranceLink. See www.dataprotection.ie.

Updates to this Notice

This Notice was last updated on 19 August 2024. We may update this Notice from time to time to reflect changing practices and we will post our updated Notice on our website.