AXA Data Protection statement

This document is the full AXA Insurance Data Protection Statement. It contains all the information you need to understand how we use your data. If you would prefer to read a summary of this document, please see our Terms of Business booklet or go to axa.ie or axani.co.uk.

Notice: While all of the information in this Data Protection Statement is important, certain details have been placed in boxes to highlight them. These boxes contain information that the data protection legislation (known as the General Data Protection Regulation) specifies as being information that should be brought to your attention.

Contents of this document:

  1. General
  2. Data Collection
  3. Use of Information
  4. Sharing of Information
  5. Data Collected
  6. Retention of Data
  7. Automated Decision Making
  8. Your Rights
  9. Specific Service Providers
  10. AXA Plus
  11. Communication with Customers
  12. Marketing Information
  13. Cookie Policy

1. General

AXA recognises that protecting personal information, including special categories of data (sometimes referred to as sensitive personal data), is very important to you and that you have an interest in how we collect, use, store and share such information. This Data Protection Statement sets out how we will use and protect your information and information provided by other parties (such as your named driver(s) and people who live with you in an insured property).

It is important that you read this Data Protection Statement and show it to anyone else who is insured under your policy of insurance, including any named drivers and/or anyone living at the property insured under your policy, as it also applies to them.

Please make sure that anyone else who is insured under your policy has provided you with permission to provide their personal information to us.

Also, please make sure you have their permission to receive their penalty point information. In order to add them to your insurance policy, we will need to share their penalty point information with you, both during the quotation process and during the lifetime of the policy.

We reserve the right to change this Data Protection Statement from time to time at our sole discretion. The most up to date version of this document can be found on AXA.ie or AXANI.co.uk. We encourage you to periodically review this statement to keep informed about how we use your personal data and how we keep it protected.

Company Information

References to “AXA”, “us”, “our” and “we” mean AXA Holdings Ireland Limited and its subsidiaries, including AXA Insurance dac, and any associated companies from time to time. More information about AXA can be found at either www.axa.ie or www.axani.co.uk.

Legislation

Rest assured that all personal data we gather will be processed in accordance with all applicable data protection laws and principles, in particular the EU General Data Protection Regulation and the Data Protection Acts.

Queries and Complaints

If you are unhappy with the way we have handled your personal information and wish to complain or if you simply want further information about the way your personal data will be used, please contact us by any of the following options:

Data Protection Officer,
Compliance Department,
AXA Insurance dac,
Wolfe Tone House,
Wolfe Tone Street,
Dublin 1
Telephone: +353 (0)1 471 1812
Email: compliance@axa.ie

You have the right to lodge a complaint with the Data Protection Commission. To contact the Data Protection Commission, please use the following details:

Data Protection Commission
Canal House
Station Road
Portarlington
County Laois
Telephone: +353 (0)761 104 8000
Telephone: +353 (0)57 868 4800
Email: info@dataprotection.ie
Fax: +353 57 868 4757

Please note that we will take all appropriate steps to keep your personal data safe. In the unlikely event that we have a security breach, we will notify you without undue delay about the circumstances of the incident in accordance with our legal obligations.

2. Collection

The personal data we require about you (and, if applicable, other people insured under your policy of insurance) will be gathered and stored as set out in this Data Protection Statement. This will be done either directly by AXA staff or, where you choose to use them, the various AXA websites and apps, or indirectly, through one of our service providers on our behalf. The categories of personal data that we gather are listed in Section 5 ‘Data Collected’ below.

In order to gather the personal data we need to provide you with a policy, we may:

  1. obtain personal information directly from you, your broker (or other representative), other insurance companies or anybody else insured under your policy of insurance;
  2. obtain personal information from third parties involved in an incident in which you and/or anybody insured under your policy of insurance are involved, including (without limitation) other drivers, passengers of your or any other vehicle, pedestrians, witnesses (whether independent or otherwise), neighbours, other insurance companies, solicitors representing any third party (whether in civil or, where applicable, criminal proceedings), any other expert appointed by a third party, any person at any relevant trial, inquest or any other hearing, or any other relevant person involved in the claims process;
  3. carry out credit searches internally or with one or more credit checking or credit reference agencies;
  4. carry out searches, whether online (via websites with publicly available information and various industry websites), through various media outlets (including, without limitation, newspapers, television and radio) or otherwise (including, without limitation, State and/or industry registers); and/or
  5. obtain personal data from the emergency services, such as the police, ambulance and fire services, and any other relevant investigatory body or authority (in limited, mainly claims related, circumstances).

We may request details about you or anybody else insured under your policy of insurance (including named drivers or people who live at the insured property) regarding your or their health, any medical conditions which may affect your or their ability to drive and/or the commission of, alleged commission of or conviction for any relevant offence by you or anybody else insured under your policy of insurance.

If you or anybody insured under your policy of insurance is asked to provide medical information during the sales process, in the course of dealing with a claim or at any other time, please do not send us the results of any genetic tests carried out on you or such other person.

At various times during the quotation or claims process, AXA will conduct a search of third-party databases. These may include (without limitation) the National Vehicle and Driver File (managed by the Department of Transport), the Driver and Vehicle Licensing Agency database, Insurance–Link (managed by Insurance Ireland) and the Claims and Underwriting Exchange Register (managed by the Motor Insurers’ Bureau (“MIB”)) and the Motor Insurance Anti-Fraud and Theft Register (also managed by the MIB).

These searches will return information relating to you, your named drivers and your vehicle, including (without limitation) current penalty points, previous claims, vehicle write off history, NCT/MOT, vehicle modifications and vehicle taxation and import status.

By supplying an eircode, postcode and/or an address of a property when you are taking out an insurance policy, AXA will carry out a search of a third party database to determine location based risk factors (called geocoding). This search will return information relating to the topographical nature of the area in which your property is located as part of the normal insurance quotation process. This information is used to support us in rating your risk level when providing you with a quotation.

It is important that the information you give us is correct. You have a legal obligation to take reasonable care not to provide us with inaccurate, incorrect or incomplete information. If this happens AXA has certain legal rights which may include avoidance of the contract of insurance and refusal of all claims. As a result, you may also find it difficult to arrange this type of insurance in the future.

3. Use of Information

We mainly use your personal information so that we can provide a quote, set up, administer and manage your policy and to assess and pay claims as part of an insurance contract. However, more specifically, we may use the personal data we gather for any or all of the following purposes:

  1. to verify your (or your authorised representative’s) identity in any interactions between AXA and you (or your authorised representative), whether in person, on the telephone, online, in an AXA app or where necessary in any other circumstances;

    Legal Basis:

    • the processing is necessary for compliance with a legal obligation to which the controller is subject.

  2. to verify the accuracy of the information we receive;

    Legal Basis:

    • the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (including a quote that is not taken up).

  3. to assess your insurance needs and to assess the nature and level of the risk associated with your proposed insurance policy to determine your eligibility and (if you are eligible) your premium. This may include carrying out credit rating searches and making decisions about you in that regard;

    Legal Basis:

    • the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
    • the processing is necessary for compliance with a legal obligation to which the controller is subject.

  4. to make or receive any payments, whether in relation to your policy, a claim or any other reason and to make decisions regarding deferred payment arrangements, including without limitation whether to continue or to extend an existing deferred payment arrangement;

    Legal Basis:

    • the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
    • the processing is necessary for compliance with a legal obligation to which the controller is subject;
    • the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. AXA’s legitimate interest is to use your personal data to make certain types of payment that are not required by law or a contract.

  5. to manage and administer any products and services you have obtained from us, including by making contact with you (see Section 11 ‘Communication with Customers’ below);

    Legal Basis:

    • the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
    • the processing is necessary for compliance with a legal obligation to which the controller is subject.

  6. to manage and investigate any claim made by or against you or anybody insured under your policy of insurance, or where you (or anybody else insured under your policy of insurance) are or may be a witness to an incident which results in a claim;

    Legal Basis:

    • the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
    • the processing is necessary for compliance with a legal obligation to which the controller is subject.

  7. for customer loyalty programmes and offerings, and value-added services (for example, the AXA Plus service – for more information about AXA Plus, see Section 10 ‘AXA Plus’ below);

    Legal Basis:

    • It depends on the situation. Generally, the legal basis would be that the processing is necessary for the purposes of the legitimate interests pursued by the controller, where AXA’s legitimate interest is to add value to the AXA product offering. However, in other circumstances, the applicable legal basis may be consent or that the processing is necessary for the performance of a contract.

  8. for statistical analyses, either by us or the AXA Group, and the review and improvement of AXA’s products, services, processes, systems, websites and apps. Where possible we will anonymise the data we analyse;

    Legal Basis:

    • the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. AXA’s legitimate interest is to engage in activities to improve and adapt the range of products and services we offer and to help our business grow and to ensure that our systems are effective and efficient.

  9. to carry out market research, to improve our processes, products or services or to investigate the possibility of new processes, products or services and to buy or sell any business or assets;

    Legal Basis:

    • the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. AXA’s legitimate interest is to engage in activities to improve and adapt the range of products and services we offer and to help our business grow and to ensure that our systems are effective and efficient.

  10. to inform you of other products and services that may be of interest to you or members of your family, unless you have advised us otherwise;

    Legal Basis:

    • the data subject has given consent to the processing of his or her personal data for one or more specific purposes. The sending of marketing material to you is only done in circumstances where you have provided us with your consent in advance.
    • the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. AXA’s legitimate interest is to determine the most appropriate message and how best to communicate it with you.

  11. for staff training, performance reviews and discipline;

    Legal Basis:

    • the processing is necessary for compliance with a legal obligation to which the controller is subject;
    • the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

  12. for the detection and prevention of fraud, money laundering and other offences and to assist the police or any other authorised investigatory body or authority with any inquiries or investigations. Where permitted by law we also work with and share data with various bodies including other insurers, anti-fraud bodies (for example fraud whistleblowing services) and law enforcement agencies to help prevent fraudulent behaviour. In some cases we are required by law to report details of certain criminal activities and suspected criminal activities to the appropriate authorities;

    Legal Basis:

    • the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. AXA’s legitimate interest is to investigate and prevent potential fraudulent and other illegal activity;
    • the processing is necessary for compliance with a legal obligation to which the controller is subject;
    • the processing is necessary for the performance of a task carried out in the public interest.

  13. to manage and investigate any complaints;

    Legal Basis:

    • the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
    • the processing is necessary for compliance with a legal obligation to which the controller is subject.

  14. for reinsurance purposes;

    Legal Basis:

    • the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

  15. AXA Group reporting purposes (where necessary);

    Legal Basis:

    • the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. AXA’s legitimate interest is the proper running of its business.

  16. in order to store personal data and make back-ups of that data in case of emergencies and for disaster recovery purposes.

    Legal Basis:

    • the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
    • the processing is necessary for compliance with a legal obligation to which the controller is subject.

  17. for compliance with all relevant laws and regulations; and/or

    Legal Basis:

    • the processing is necessary for compliance with a legal obligation to which the controller is subject.

  18. as otherwise set out in this Data Protection Statement or any other data protection notice, policy booklet, website, app terms and conditions or other documentation provided to you by AXA or your broker.

Sensitive Categories of Data

Where we process personal data relating to criminal convictions and offences or related security measures for any of the above purposes, we will only do so where it is necessary for the assessment of risk or for the prevention of fraud or for the establishment, defence or enforcement of civil law claims.

Where we process other special categories of data (also known as sensitive personal data) for any of the above purposes, we will only do so by way of explicit consent, where it is necessary for the establishment, exercise or defence of legal claims or where the processing is necessary to protect the vital interests of the data subject or another person where the data subject is physically or legally incapable of giving consent.

Effect of not providing information

If you do not provide the information that is needed to give you a quote, the result will be either that we will not be able to offer you a quote or your premium will be higher than if you had provided the information. Also, some categories of information are required for us to administer your policy and we would not be able to offer you a contract without them.

If you do not provide the information that is needed to handle your claim, we may not be able to handle the claim. Also, the terms of your policy require you to notify us of any circumstances that may give rise to a claim against your policy and assist us in dealing with any claim that does arise.

Call Recording

We may record or monitor telephone calls in order to ensure accuracy in the recording of instructions communicated to us, to facilitate staff training, for the prevention of fraud, for management of complaints and to improve customer satisfaction.

4. Sharing of Information

There are various circumstances where we may share personal data with other parties. Generally this includes your representatives, our representatives and, if a claim is made, various claims related parties.

While the exact list of third parties changes from time to time, we feel that it is important that you have an idea of the types of third party that we share data with. The category headings and types of third party set out below are a non-exhaustive list and are only indicative of the companies, agencies and individuals with whom we share data where we need to do so.

  1. Your representatives:

    any party you have given us permission to speak to (such as a relative or friend), in certain circumstances other people insured under your policy of insurance (such as a named driver) and other people or companies associated with you (for example your broker, including the software providers that facilitate the transfer of data to and from them, or lawyer);

  2. Our representatives:

    our employees, agents and contractors including companies that provide services in relation to telecommunications and postage, data storage, document production and destruction, IT and IT security, customer loyalty programmes, fraud detection, making and receiving payments, data analysis and management information, credit checking, risk analysis, complaints handling, telematics (see Section 9 (iii) below), marketing and market research;

  3. In a claims situation:

    1. our service providers and expert witnesses (including but not limited to those relating to the assessment of liability; the assessment, repair and replacement of vehicles; the assessment and repair of property (including buildings, land and personal effects); medical and functional assessment of individuals; solicitors and barristers; private investigators; and translators);
    2. the agents, service providers and claims experts of people making claims against the policies of our customers (including but not limited to those relating to the assessment of liability; the assessment, repair and replacement of vehicles; the assessment and repair of property (including buildings, land and personal effects); medical and functional assessment of individuals; and solicitors and barristers);
    3. witnesses to any incident(s) (whether or not resulting in a claim);

  4. Other third parties:

    reinsurers, other insurance companies, external advisors (such as solicitors and accountants) and auditors, other AXA Group companies, third parties with which we may choose to improve our processes, products or services or to investigate the possibility of new processes, products or services and prospective sellers or buyers in the event that we decide to sell or buy any business or assets; and

  5. State or government departments, bodies or agencies and industry bodies:

    The Department of Transport, the Driver and Vehicle Licensing Agency, the Motor Insurers’ Bureau, Insurance Ireland.

Please feel free to contact us (details in Section 1 'General' above) if you would like more details about the parties with whom we share your information.

Where we choose to have certain services provided by carefully selected third parties, we take precautions regarding the practices employed by the service provider to ensure your personal data is stored and processed legally and securely.

AXA, as Data Controller, will use every effort to protect your personal data and we will not sell your personal information to any third party companies.

Sharing Certain Data with a Claimant

Where a claimant is making a claim against you for which AXA is providing an indemnity, AXA shall be entitled, where we feel it is necessary, to release such information to the claimant, their solicitor or any other appropriate representative of the claimant to allow them to make an application to the Injuries Board or to issue legal proceedings. Such information shall generally (but not exclusively) be limited to your name, address, vehicle registration number and insurance policy details and the name and address of any relevant people who are insured under your policy of insurance (including, without limitation, any other driver insured under your insurance policy). The legal basis for this process is the legitimate interest of AXA in processing claims quickly, efficiently, fairly and cost effectively.

Sharing Between AXA Departments

During any of the activities set out above, a department of AXA may become aware of information which should have been disclosed at inception of your policy/policies or at a previous renewal which relates to you and/or anybody else insured under your policy of insurance. Where this occurs, the department in question shall be entitled to share such information with:

  1. the Sales and/or Underwriting Departments for the purpose of providing your next quotation and/or deciding whether or not to cancel your policy/policies; and/or
  2. the Claims Department (and any other relevant department) for the purposes of deciding how to deal with a claim; and/or
  3. any other department in AXA for the purpose of handling a complaint
International Transfers

On occasion we or a service provider may transmit certain aspects of your personal data outside the European Economic Area (the “EEA”) to other members of the AXA Group or to other recipients. In such circumstances, we will ensure that such transmissions are carried out securely and in accordance with data protection law.

The non-European Economic Area countries to which personal data is sent include the United States of America, Malaysia, Costa Rica, India, Switzerland and AXA Group companies based outside the EEA. Personal data is also processed in the EU (Ireland and France) and the United Kingdom.

AXA complies with the law regarding international transfers of data by various means, including by relying on adequacy decisions of the European Commission, which state that certain countries ensure adequate levels of data protection in their law, the European Commission’s standard data protection contract clauses or Binding Corporate Rules.

If you would like more information about the relevant safeguards involved in the transfer of personal data to countries or companies outside the European Economic Area, please visit the European Commission’s website on data transfers outside the EU or contact us using the details in Section 1 'General' above.

The Consumer Insurance Contracts Act

Where another person (the “third party”) suffers injury or damage and you are responsible or may be responsible for it, your rights under your insurance policy may be transferred to the third party in certain circumstances (which are set out in the Consumer Insurance Contracts Act) and, if that happens, we are required to deal with the third party as if he or she were the policyholder.

If this happens, the third party is entitled to receive certain information from us, including (a) confirmation of your identity, (b) details of your insurance policy, including its terms and conditions and whether or not it was in effect on the date the alleged injury or damage was caused, (c) whether or not we have received a notification of the incident in question from you and, if we have, how far our investigation has progressed, (d) information about the events that resulted in the third party making a claim, (e) whether we have informed you that we intend to accept or refuse the claim against your insurance policy, and (f) any other information that becomes relevant in the handling of the claim.

5. Data Collected

As an insurance company we need to collect many categories of personal data (about you and other parties) for the purposes set out in this Data Protection Statement.

The exact categories may change from time to time. However we feel that it is important that you know what types of information that we gather and use. Therefore the category headings and types of data collected set out below are non-exhaustive and only indicative of the data we may hold about you and information listed under one heading may be used in relation to activities carried out under another heading. You will note that we have obtained the majority of the data directly from you.

Data may be gathered in relation to both you and other people who are insured under your policy (such as named drivers or others who live with you at an insured property).

CategoryType of Data Collected
Policy informationName, address (including Eircode), date of birth, policy numbers and party ID, contact details, employment details, gender, years of residency in Ireland or the UK, each driver’s licence details, telephone recordings, location information (if you use the AXA Drivesave system), marketing preferences and renewal dates of policies with other insurers, bank and payment card details, records of payments and arrears, VAT and other relevant tax numbers, CCTV footage from our branch network and offices, membership status of any relevant bodies, policy information (including your vehicle and property details, premium, renewal date), driving history, claims history and details of any relevant claims, details of any criminal convictions, disqualifications, penalty point information (number of penalty points, the date of the incident leading to the points being applied, the date on which the points became effective), etc.
Information obtained from sources other than youPenalty point information (number of penalty points, the date of the incident leading to the points being applied, the date on which the points became effective), precise address look up, geocoding information, claims history, vehicle details and history, credit score etc.
Claims informationThe circumstances of an incident, health information (any injuries resulting from incidents, any relevant pre-existing health conditions and any subsequent injuries), criminal conviction information (where it results from or exists prior to an incident), CCTV footage, details of damaged property, estimates, costs, payments, recoveries, PPS number, details of services provided to you (car hire, vehicle repair, home repair, etc.), etc.

Please feel free to contact us (details in Section 1 'General' above) if you would like more information about the precise information we gather and use.

All of the above information is required for the purposes specified in Section 3 ‘Use of Information’.

6. Retention of Data

We have a comprehensive record retention schedule. The retention periods differ depending on the purpose of the processing and the nature of the information. How long we keep data is primarily determined by how long we need it for the purposes we told you we were going to use it for, time periods set out in law and the period we need to keep it to defend ourselves against legal action.

Generally we keep information for the periods set out in the table below:

Type of InformationRetention Period
Quote information (where a policy is not taken out)15 months
Policy informationThe life of the policy plus 10 years
Claims information10 years from when the claim is finalised (settlement, court hearing, withdrawal of claim, etc.)
Claims information – where there is the potential for a child to make a claimUp to 3 years after the child in question turns 18 years of age

However in some cases we may need to keep personal data longer than the above periods. Examples of these situations include long-running disputes and system back-ups required for disaster recovery.

We also retain certain limited details beyond the above time periods in order to validate and handle any claims we receive after the statute of limitations has expired (late claims) and any claims we receive where the claimant was not aware of the damage until a long time after it was caused (latent claims). In these circumstances we retain information such as the policyholder’s name, the names of any named drivers, policy start and finish dates and cover details.

For late claims we will hold the data for a period of up to 25 years from the lapse or cancellation date of your policy or from the completion of a claim and for latent claims we will hold the data for up to 60 years from the lapse or cancellation date of your policy. In both cases, the data will be kept apart from our other policy and claims data so that it will only be used in the event that a new claim is made by or against you.

After the periods set out above, we will de-personalise or delete the personal data. De-personalisation means that we will delete certain aspects of the information we hold (such as name and street address) so that we can no longer determine who it relates to. This results in the data no longer being considered personal data.

Please feel free to contact us (details in Section 1 'General' above) if you would like more information about retention periods.

7. Automated Decision-Making

We use automated decisions-making, including profiling, in the following situations:

We use the information that you provide to us, including your claims history and other factors such as your age, your address and the type of vehicle you drive to determine your premium.

During the sales and underwriting process we may send some of your personal data to third party contractors in order to obtain a credit score for you. This is done in order to properly estimate your risk profile and therefore your premium.

We may also send your address details to a third party contractor to determine information about the area in which you live in order to determine any environmental risks (such as a flood risk near your home). This information will be used to determine a risk rating and will be applied to your risk profile to determine your premium.

Underwriting is the process by which an insurance company examines, accepts or rejects risks and classifies those selected, in order to charge an appropriate premium for each. The underwriting factors that must be evaluated to complete the underwriting process depend on the insurance product the customer is interested in; each product requires different categories of information to assess the risk profile of the applicant. We analyse an applicant’s data to assess the risk they wish to cover, and we charge a fair insurance premium based on that analysis. We use an algorithm or internal model, which use complex mathematical and actuarial methods of calculating and pooling risk, for insurance underwriting purposes. The algorithm and internal models are AXA confidential intellectual property and business know-how. As a result we cannot provide any further details of how they work.

Where we use automated decision making which produces legal effects for you or otherwise significantly affects you, you will have the right to obtain human intervention and to contest and make representations in relation to the decision in question. For more information, please see Section 8 ‘Your Rights’ below.

8. Your Rights

As a ‘data subject’, you have the rights set out in this section. However certain restrictions may apply in some cases.

Please send all requests in writing to our postal address or to our email address set out at Section 1 ‘General’ above, together with enough information to allow us to deal with your request.

Please note that it may take up to one month to process your request, with the possibility of an extension of another two months. If we need the extra time to deal with your request, we will notify you of the fact that there will be a delay and the reasons for it within a month of your request being made. Likewise, if we have reason to refuse your request, we will notify you within a month of the refusal and the reason for it. If we refuse your request you are entitled to make a complaint to the Data Protection Commission (details in Section 1 ‘General’ above).

We need to be certain who you are when you make a request. As a result, we may require you to provide identification in order to deal with your request, for verification purposes.

There is no fee for any of requests under this section, provided that we do not consider them to be unjustified or excessive. If we consider a request to be unjustified or excessive we may either deal with the request and charge a fee or refuse the request. We may also charge a fee if you ask us to send you further copies of the information in an access request.

  1. Right to Withdraw Consent

    If we are processing your information on the legal basis of consent, you are entitled to withdraw your consent at any time. Therefore, if we are relying on your consent to allow us to carry out an activity and then you withdraw your consent, we would not be allowed to use your personal data for that activity from that point forward. However it would not invalidate any processing we carried out prior to your withdrawal of consent.

    We do not generally rely on consent for processing personal data in relation to insurance contracts; we generally rely on other legal bases, such as the basis that the processing is required for the purpose of entering into and performing a contract with you. More details on the legal bases on which we rely are set out in Section 3 ‘Use of Information’.

    For details on how to withdraw your consent for marketing see Section 12 ‘Marketing Information’.

  2. Right of Access

    You have the right to be given details about the personal data concerning you that we hold and why and how we process that data.

    You also have the right to obtain a copy of the personal data we hold about you. This is known as a data access request.

    When you make a request, we would ask that you provide us with as much information as possible to assist us in identifying you (such as your name, address and policy or claim number) and the information you want access to. If you do not provide us with enough information, we may need to contact you for clarification.

  3. Right of Rectification

    You have the right to require AXA to correct any inaccuracies (including missing details) in the information we hold about you. We would welcome any corrections to your information and, in certain cases, it is required by the terms of your insurance policy.

  4. Right of Erasure/Right to be Forgotten

    In certain circumstances you have a right to have the personal data concerning you erased. However if we are in the middle of your policy then it may affect our ability to provide certain services under your insurance policy.

    You may only request the deletion of your data where one of the following situations applies:

    1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    2. where the data is processed on the legal basis of consent (see Section 3 ‘Use of Information’ for the legal bases of processing), you withdraw consent and no other legal ground permits the processing;
    3. the data subject objects to the processing and there are no overriding legitimate grounds for the processing (see the Right to Object at paragraph (vii) below);
    4. the personal data have been unlawfully processed; or
    5. the personal data must be erased for compliance with a legal obligation.

    However this right shall not apply in certain situations, including where the processing of data is necessary for one of the following reasons:

    1. for exercising the right of freedom of expression and information;
    2. for compliance with a legal obligation, such as the performance of a contract (i.e. your insurance policy or a quote) or compliance with legislation (for example the Consumer Protection Code 2012, which requires us to retain data for at least 6 years);
    3. for statistical purposes, where the Right of Erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
    4. for the establishment, exercise or defence of legal claims.

    Where you request the erasure of personal data, we will need to keep a record of your request so we know that the deletion has happened and why. This is because we are required by our regulator, the Central Bank of Ireland, to retain records of what we do in relation to our regulated activities. However we will keep the record in such a way as to remove as much of the information you have asked us to delete as possible, while accurately reflecting the activity.

    In certain circumstances we may need to retain some information to ensure all of your preferences are properly respected. For example, we cannot erase all information about you where you have also asked us not to send you marketing material. Otherwise, we would delete your preference not to receive marketing material.

  5. Right not to be subject to Automated Individual Decision-Making, including Profiling

    You have a right not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affects you.

    However in certain circumstances we are entitled to use automated decision-making and profiling. These circumstances are restricted to situations where the decision is necessary for entering into a contract, or for performing that contract (i.e. your policy of insurance or quote), where it is authorised by law or where you have provided your explicit consent.

    Where we use automated decision-making you will always be entitled to have a person review the decision so that you can contest it and put your point of view and circumstances forward. See Section 7 ‘Automated Decision-Making’ above.

  6. Right to Data Portability

    You have a right to receive from us, in a structured, commonly used and machine-readable format, the personal data you have provided to us. You may also request that we send this personal data to another data controller (such as another financial service provider) where technically feasible. Where we do so we will not be responsible for any action of the other data controller in respect of the transferred data.

    This right of data portability only applies to personal data that we process on the legal basis of consent or for the purpose of entering or performing a contract (i.e. providing your insurance policy) and where the processing is carried out by automated means (in other words, the processing is carried out on a computer). See Section 3 ‘Use of Information’ for more information on the legal bases on which we process your data. The type of data you may request includes details such as your name, address, other contact details and vehicle details.

    If you are planning to exercise this right to transfer your personal data to us from another company, please note the contents of this Data Protection Statement before doing so, in order to make sure you do not provide us with excessive data. We will not be responsible for the quality or accuracy of the data transferred to us. Where we do receive your personal data from you (or directly from another company at your request) we will review the contents of the transferred file and delete any information that is inappropriate, excessive, incorrect or otherwise not required. We may use any remaining information for the purposes set out in this document.

    In circumstances where you either transfer your data directly to us or you arrange for another company to transfer your data to us on your behalf, we will only hold your data for 10 business days before deleting it, unless you contact us during that period.

  7. Right to Object

    Where we state in this document that we process your personal data in the public interest or on the basis of a legitimate interest, you are entitled to object to the processing in question on grounds relating to your particular situation (see the legal bases for processing set out in Section 3 ‘Use of Information’). We will then stop processing the personal data in question unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or unless we need to use it in relation to legal claims.

    Therefore, if you wish to exercise this right, please contact us (details in Section 1 ‘General’ above) setting out the reason why you want us to stop processing your personal data based on your particular situation. We will then evaluate whether your rights outweigh the necessity of our purpose(s).

    However, please note that if you object to us processing your data, we may not be able to provide certain services or benefits you would otherwise be entitled to under your insurance policy.

  8. Right to Restrict Processing of Your Data

    In the following circumstances you have the right to restrict the processing of the personal data concerning you that we hold:

    1. where you feel that the personal data we hold is not accurate. This restriction will be for a period to enable us to verify the accuracy of your personal data;
    2. where the processing is unlawful and you do not want the personal data to be erased and request the restriction of its use instead;
    3. where we no longer need the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of a legal claim;
    4. where you have objected to processing under the Right to Object (as set out in (vii) above), pending the evaluation of whether your rights outweigh the necessity of our purpose(s).

    When processing is restricted your personal data will only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of other people or for reasons of important public interest.

    Depending on the scope of your request, please note that if your insurance policy is current, then it may need to be suspended or terminated. Also, if you are coming near to the end of your policy, we may not be allowed to process your data in order to prepare and send you a renewal notice to invite you to renew your insurance policy.

    We will only lift the restriction of processing after we have informed you that we are doing so.

9. Specific Service Providers

In addition to the information set out above, we would also like to draw your attention to some additional information relating to a number of the services we use which involve the processing of your personal data:

  1. Credit searches and use of third party information

    In assessing your application for insurance we may search files made available to AXA by credit checking or credit reference agencies (including but not limited to County Court Judgments in Northern Ireland, details from the electoral register and information from CIFAS, which is a UK database on fraud). We may also pass credit reference agencies information about you and your payment record. The information will be used by other credit lenders for making credit decisions about you and the people with whom you are financially associated for reasons including, without limitation, fraud prevention, money laundering prevention and for tracing debtors.

    We may ask credit reference agencies to provide credit scoring computations. Credit scoring uses a number of factors to work out risks involved in any application. A score is given to each factor and a total score obtained.

    Where automated credit scoring is used by us, acceptance or rejection of your application will not depend only on the results of the credit scoring process but may impact your premium and we will enable you to make representations in relation to the result of the search. See Section 7 ‘Automated Decision-Making’ for more information.

  2. Penalty Point Information

    AXA may obtain data on any penalty points (which includes the number and relevant dates for same) that you or any other driver covered by your policy may have. We may obtain this information for a new policy of insurance, for your current policy of insurance, for the renewal of your policy in every subsequent year for which you are an AXA policyholder and where there is a change of permitted drivers on your policy.

    Where you request a quotation AXA may use your details and those of other drivers covered by your policy (if any) to obtain penalty point information from the Department of Transport (in the Republic of Ireland) and the Driver and Vehicle Licensing Agency (in Northern Ireland) for the purpose of determining your eligibility and (if you are eligible) your premium.

    Where these checks are used by us, acceptance or rejection of your application will not depend only on the results of this process but may impact your premium. We will enable you to make representations in relation to the result of the search.

  3. Anti-Fraud Databases

    Various anti-fraud databases, including InsuranceLink, the Claims and Underwriting Exchange Register (“CUE”) and the Motor Insurance Anti-Fraud and Theft Register (“MIAFTR”), have been created to assist in the detection and defence of exaggerated and fraudulent claims. They contain details of claims made by individuals in relation to personal injuries and damage to property.

    On various occasions during the term of your insurance policy (such as when you take out your policy or if there is a claim against your policy), we may check these databases for information on any previous claims made by or against you or your named drivers (where applicable, we will also check any third-parties claiming against your policy). In the event that we find any claims, we may then contact the relevant insurance company for further details about the claims.

    If we find that any claims have not been disclosed at the appropriate time, AXA may rely on certain legal rights set out in our insurance policy. These may include the cancellation of your contract of insurance and refusal of any claims. If this happens, you may find it difficult to arrange insurance in the future.

    We will also pass details of claims made against you (including name, address, date of birth and type of injury or loss suffered) to the organisations that manage the databases. This information will then be available to other insurers. If we receive a request from another insurance company in relation to a claim we have uploaded to the databases, we may provide certain limited information in relation to the claim to that insurance company.

    The InsuranceLink database contains details of claims made by individuals against insurance policies in the Republic of Ireland. CUE and MIAFTR are UK databases: CUE is a database of motor, home and personal injury incidents reported to insurance companies and MIAFTR is a database containing records of written off and stolen vehicles.

    In circumstances where you are involved in an incident (such as accident or theft), it is a condition of your policy that you must tell us about such an incident, whether you feel it may give rise to a claim or not. When you tell us about such an incident, we will pass relevant information relating to the incident to the relevant database.

  4. Insurance Registers

    Both Irish and Northern Irish law require that certain information relating to insured vehicles must be entered on motor insurance databases. In the Republic of Ireland the relevant database is the National Vehicle and Driver File, which is managed by the Motor Insurers’ Bureau of Ireland for the Department of Transport, and in Northern Ireland the relevant database is the Motor Insurance Database (“MID”), which is managed by the UK’s Motor Insurers’ Bureau.

    When you take out an insurance policy with AXA, we will provide the required information relating to you and your vehicle to the relevant bodies. The data may be used by the police for the purposes of establishing whether a driver’s use of the vehicle is likely to be covered by a motor insurance policy and/or for preventing and detecting crime. In Northern Ireland it will also be used for the purpose of Electronic Vehicle Licensing.

    If you are based in Northern Ireland and are involved in an accident (in the UK or elsewhere), other insurers and the Motor Insurers’ Bureau may search the MID to obtain relevant information relating to you and your insurance policy. People pursuing a claim in respect of a road traffic accident may also obtain relevant information held on the MID.

  5. Insurance-Link in Republic of Ireland

    What is Insurance-Link?

    The Insurance-Link database was created to assist in the detection and defence of exaggerated and fraudulent claims. It contains details of claims made by individuals. For further information on Insurance-Link go to www.inslink.ie.

    How does AXA use the Insurance-Link database?

    When you get a quotation or take out an insurance policy with us, we may check the Insurance-Link database to verify the information you provide us in relation any prior claims you may have been involved in.

    We will check the Insurance-Link database for information on any previous claims made by you and, if applicable, any third party claimants. In the event that we find any claims we may then contact the relevant insurance company to obtain further details of such claims.

    If we find that any claims have not been disclosed at the appropriate time, AXA may rely on certain legal rights. These may include the cancellation of your contract of insurance and refusal of all claims. If this happens, you may find it difficult to arrange insurance in the future.

    We will also pass details of claims made against you (including name, address, date of birth and type of injury or loss suffered) to Insurance-Link. This information will then be available to other insurers. If we receive a request from another insurance company in relation to a claim we have uploaded to Insurance-Link, we may provide certain limited information in relation to the claim to that insurance company.

  6. Registers in Northern Ireland

    In Northern Ireland Insurers pass information to the Claims and Underwriting Exchange Register and the Motor Insurance Anti-Fraud and Theft Register (“MIAFTR”). The main aims are to help insurers to verify information provided and to prevent fraudulent claims. When we deal with your request for insurance or any claims made by or against you, we may search these registers.

    MIAFTR logs all insurance claims relating to written-off and stolen vehicles in the UK and the service is used to prevent vehicle fraud and assist with the location of stolen vehicles.

    In circumstances where you are involved in an incident (such as accident or theft), it is a condition of your policy that you must tell us about such an incident, whether you feel it may give rise to a claim or not. When you tell us about such an incident, we will pass relevant information relating to the incident to the Claims and Underwriting Exchange Register, MIAFTR and any other official register set up for the purpose of checking information and preventing fraud.

    Northern Irish law requires that certain information relating to insured vehicles must be entered on the Motor Insurance Database (“MID”). It is also a condition of your policy that you supply AXA with such details of the vehicles whose use is covered by the insurance policy so that we may enter the relevant information on the database.

    The policy details of customers in Northern Ireland will be added to the MID. MID data may be used by the Driver and Vehicle Licensing Agency for the purpose of Electronic Vehicle Licensing and by the Police for the purposes of establishing whether a driver’s use of the vehicle is likely to be covered by a motor insurance policy and/or for preventing and detecting crime. If you are involved in an accident (in the UK or abroad), other insurers and the Motor Insurers’ Bureau may search the MID to obtain relevant information relating to you and your insurance policy. People pursuing a claim in respect of a road traffic accident may also obtain relevant information which is held on the MID.

10. AXA Plus

AXA Plus, our customer loyalty programme, is a value-added service for existing AXA customers. It allows you to save money with leading retailers on various products and services such as electrical items, DIY goods, car accessories, travel and more (our offers may change from time to time without notice).

For more information on AXA Plus, please visit https://www.axa.ie/data-protection/axaplus/.

11. Communication with Customers

It is envisaged that we may contact you from time to time in relation to various aspects of your dealings with AXA. This contact will relate to the purposes set out in or referred to in this Data Protection Statement and may include (without limitation):

  1. administration of your insurance policies;
  2. discussion of renewal terms of existing policies;
  3. discussion of quotations already provided to you;
  4. handling claims and complaints;
  5. marketing products and services and making offers (where you have consented to such contact);
  6. provision of customer loyalty programmes and value added services; or
  7. conducting market research.

As part of the quotation process (point iii above) we may contact you shortly after you get a quote in order to assist you with any questions you may have in relation to the product, to discuss your premium with you and to ensure that you have the level of cover that you require. However if we do not contact you, please feel free to contact us on 0818 7 365 24 and we will deal with any queries you may have.

Other than at your request, we will not make calls to you before 9am or later than 9pm Monday to Saturday, or at all on Sundays, bank holidays or public holidays.

12. Marketing Information

How it works

Where you have told us that you are happy to receive marketing information from us, we may contact you from time to time about other AXA products that we think may be of interest to you, including on the 12 month anniversary of a quote not taken up or your policy lapsing.

To do this we may contact you by post, email and telephone (including mobile telephone) using the contact details you have provided to us.

In order to improve our customer service, we may use your data to analyse customer purchasing behaviour (such as time of day, channel used, level of cover) and customer data (such as name, address, renewal dates) to determine the most appropriate marketing offer for you.

How to change your marketing preference

If you have opted to receive marketing communications from us and you decide you no longer want to receive them anymore you can change your marketing preference by:

  • going to www.outopt.me and following the instructions;
  • letting us know your new preference when you receive any marketing communications, either by telling the AXA staff member during a phone call or clicking the opt out link in any message;

  • calling us on:

    0818 7 365 24 (Republic of Ireland customers);

    0800 039 1970 (Northern Ireland customers);

  • dropping in to your local branch
  • emailing us at compliance@axa.ie; or

  • writing to us at:

    Compliance Department
    AXA Insurance
    FREEPOST
    Dublin 1

    or

    Compliance Department
    AXA Insurance
    FREEPOST
    BEL 2531
    Belfast
    BT1 1BR

Please note opting out from all contact may take up to 30 days and your choice will not affect any of the other services we provide to you, now or in the future.

For information on the cookies we use and how to manage them, please see our cookie policy at www.axa.ie/data-protection/cookie-policy/ or www.axani.co.uk/axa-direct-insurance-cookie-policy.