AXA Data Protection summary

This document is a summary of the AXA Insurance Data Protection Statement. It contains a brief description of the information you need to understand how we use your data. If you would like more detailed information, please go to axa.ie or axani.co.uk or contact us using the details in Section 1 'General' below.

Notice: While all of the information in this Data Protection Summary is important, certain details have been placed in boxes to highlight them. These boxes contain information that the data protection legislation (known as the General Data Protection Regulation) specifies as being information that should be brought to your attention.

1. General

This document provides a summary of how we will use and protect the personal data we receive.

References to “AXA”, “us”, “our” and “we” mean AXA Holdings Ireland Limited and its subsidiaries, including AXA Insurance dac, and any associated companies from time to time.

It is important that you read our full Data Protection Statement and show it to anyone else who is insured under your policy of insurance, including any named drivers and anyone living at the property insured under your policy, as it also applies to them.

Please make sure that anyone else who is insured under your policy has provided you with permission to provide their personal information to us.

Also, please make sure you have their permission to receive their penalty point information. In order to add them to your insurance policy, we will need to share their penalty point information with you, both during the quotation process and during the lifetime of the policy.

We reserve the right to change this Data Protection Summary and our full Data Protection Statement from time to time at our sole discretion. We encourage you to periodically review the most up to date versions of these documents at axa.ie or axani.co.uk.

Queries and Complaints

If you are unhappy with the way we have handled your personal information or if you want further information about the way your personal data will be used, please contact us by any of the following options:

Data Protection Officer,
Compliance Department,
AXA Insurance dac,
Wolfe Tone House,
Wolfe Tone Street,
Dublin 1
Telephone: +353 (0)1 471 1812
Email: compliance@axa.ie

Alternatively you have the right to lodge a complaint with the Data Protection Commission. Their contact details are as follows:

Data Protection Commission
Canal House
Station Road
Portarlington
County Laois
Telephone: +353 (0)761 104 8000
Telephone: +353 (0)57 868 4800
Email: info@dataprotection.ie
Fax: +353 57 868 4757

2. Collection

In order to gather the personal data about you that we require (and, if applicable, other people insured under your policy of insurance) we may obtain personal data from various parties, including you, your representatives (if applicable), other insurance companies, third parties involved in an incident which may result in a claim (claimants, witnesses, solicitors, claims specialist service providers), the emergency services, such as the police or ambulance services and from searches (whether online, industry databases, media outlets or otherwise (including credit searches)).

Please do not send us the results of any genetic tests carried out on you or any other person.

3. Use of Information

We mainly use your personal information so that we can provide a quote, set up, administer and manage your policy and to assess and pay claims as part of an insurance contract. However, more specifically, we may use the personal data we gather for any or all of the following purposes:

  1. to verify your (or your representative’s) identity;

  2. to verify the accuracy of the information we receive;

  3. to assess your insurance needs and to assess the nature and level of the risk associated with your proposed insurance policy;

  4. to make or receive any payments;

  5. to manage and administer your policy;

  6. to manage and investigate claims;

  7. for customer loyalty programmes and offerings, and value-added services;

  8. for statistical analyses and the review and improvement of AXA’s products, services and processes;

  9. to carry out market research and to improve our processes, products or services;

  10. for marketing purposes;

  11. for staff training, performance reviews and discipline;

  12. for the detection and prevention of fraud, money laundering and other offences, and to assist the police;

  13. to manage and investigate any complaints;

  14. for reinsurance purposes;

  15. AXA Group reporting purposes (where necessary);

  16. for storage and to make back-ups of data.

  17. for compliance with all relevant laws and regulations; and/or

  18. as set out in this Data Protection Summary, our full Data Protection Statement or any other data protection statement, policy booklet, website, app terms and conditions or other documentation provided to you.

Legal Basis for processing:

The legal bases we rely on for using your personal data for each of the above purposes are as follows:

Legal BasesPurposes (letters correspond to the table above)
The processing is necessary for compliance with a legal obligation to which the controller is subject:a, c, d, e, f, k, l, m, p and q
The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (including a quote that is not taken up):b, c, d, e, f, k, m, n and p
The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. AXA’s legitimate interest is:
  • d. to use your personal data to make certain types of payment that are not required by law or a contract;
  • g. to add value to the AXA product offering (we may also rely on consent or that the processing is necessary for the performance of a contract, depending on the situation);
  • h and i. to engage in activities to improve and adapt the range of products and services we offer and to help our business grow and to ensure that our systems are effective and efficient;
  • j. to determine the most appropriate message and how best to communicate it with you;
  • l. to investigate and prevent potential fraudulent and other illegal activity;
  • o. the proper running of its business.
The data subject has given consent to the processing of his or her personal data for one or more specific purposes. The sending of marketing material to you is only done in circumstances where you have provided us with your consent in advance:j
The processing is necessary for the performance of a task carried out in the public interest:l
Sensitive Categories of Data:

Personal data relating to criminal convictions and offences or related security measures, will only be processed for the above purposes where it is necessary for the assessment of risk or for the prevention of fraud or for the establishment, defence or enforcement of civil claims.

Other special categories of data, will only be processed for any of the above purposes by way of explicit consent, where it is necessary for the establishment, exercise or defence of legal claims or where the processing is necessary to protect the vital interests of the data subject or another person where the data subject is physically or legally incapable of giving consent.

Effect of not providing information

If you do not provide the information that we need, we may not be able to offer you a quote or a policy, your premium may be higher than if you had provided it or we may not be able to handle your claim.

4. Sharing of Information

In the course of providing our services to you we may share your personal data with various third parties including:

  1. Your representatives (such as a relative, another person insured under your policy or your lawyers);
  2. Our representatives (such as our employees, agents and companies that we rely on to provide various services, including telecommunications, data storage, document destruction, fraud detection, credit checking, IT, risk analysis, complaints handling and telematics);
  3. In a claims situation: service providers and expert witnesses (including for the assessment of liability, injuries, damage to vehicles and other property; lawyers) who are acting for us or for claimants, witnesses to incidents and, from time to time, private investigators;
  4. Other third parties, such as reinsurers, other insurance companies, external advisors and auditors, anti-fraud bodies (for example anti-fraud databases), AXA Group companies and (in limited circumstances) third parties to investigate business opportunities; and
  5. State or government departments, bodies or agencies and industry bodies, such as the Department of Transport, the Driver and Vehicle Licensing Agency, the Motor Insurers’ Bureau and Insurance Ireland.
International Transfers

On occasion we or a service provider may transmit certain aspects of your personal data outside the European Economic Area (the “EEA”). The non-EEA countries to which personal data is sent include the United States of America, Malaysia, Costa Rica, India, Switzerland and AXA Group companies in non-EEA countries. Personal data is also processed in the EU (Ireland and France) and the United Kingdom.

AXA complies with the law regarding international transfers of data by various means, including by relying on adequacy decisions of the European Commission, which state that certain countries ensure adequate levels of data protection in their law, the European Commission’s standard data protection contract clauses or Binding Corporate Rules.

If you would like more information about the relevant safeguards involved in international data transfers, please visit the European Commission’s website on data transfers outside the EU or contact us using the details in Section 1 'General' above.

The Consumer Insurance Contracts Act

Where another person (the “third party”) suffers injury or damage and you are responsible or may be responsible for it, your rights under your insurance policy may be transferred to the third party in certain circumstances (which are set out in the Consumer Insurance Contracts Act) and, if that happens, we are required to deal with the third party as if he or she were the policyholder.

If this happens, the third party is entitled to receive certain information from us, including (a) confirmation of your identity, (b) details of your insurance policy, including its terms and conditions and whether or not it was in effect on the date the alleged injury or damage was caused, (c) whether or not we have received a notification of the incident in question from you and, if we have, how far our investigation has progressed, (d) information about the events that resulted in the third party making a claim, (e) whether we have informed you that we intend to accept or refuse the claim against your insurance policy, and (f) any other information that becomes relevant in the handling of the claim.

5. Data Collected

As an insurance company we need to collect many categories of personal data (about you and other parties) for the purposes set out in our Data Protection Statement. The following category headings and types of data are a non-exhaustive list of data we collect.

CategoryType of Data Collected
Policy informationName, address, date of birth, gender, each driver’s licence details, marketing preferences, payment details, vehicle and property details, driving and claims history, relevant criminal convictions, penalty points, location information (if you have a Drivesave policy), etc.
Information obtained from sources other than youPenalty points, address look up, geocoding information, vehicle details and history, credit score, etc.
Claims informationThe circumstances of an incident, health information (injuries and relevant health conditions), relevant criminal convictions, etc.

All of the above information is required for the purposes specified in Section 3 ‘Use of Information’.

6. Retention of Data

How long we keep data is determined by the purposes we use it for, time periods set out in law and the period we need to keep it to defend ourselves against legal action. Generally we keep information for the following periods:

Type of InformationRetention Period
Quote information (where a policy is not taken out)15 months
Policy informationThe life of the policy plus 10 years
Claims information10 years from when the claim is finalised (settlement, court hearing, withdrawal of claim, etc.)
Claims information – where there is the potential for a child to make a claimUp to 3 years after the child in question turns 18 years of age

However in some cases we may need to keep personal data longer than the above periods. Examples of these situations include long-running disputes and system back-ups required for disaster recovery. We also retain certain limited personal data beyond the above time periods in order to validate and handle any claims we receive after the statute of limitations has expired (late claims) and any claims we receive where the claimant was not aware of the damage until a long time after it was caused (latent claims). In these circumstances we retain information such as the policyholder’s name, the names of any named drivers, policy start and finish dates and cover details.

For late claims we will hold the data for a period of up to 25 years from the lapse or cancellation date of your policy or from the completion of a claim and for latent claims we will hold the data for up to 60 years from the lapse or cancellation date of your policy. In both cases, the data will be kept apart from our other policy and claims data so that it will only be used in the event that a new claim is made by or against you.

7. Automated Decision-Making

We use automated decisions-making, using information including customer details and claims experience, in the underwriting of your insurance policy. Underwriting is the process by which an insurance company examines, accepts or rejects risks and classifies those selected in order to charge an appropriate premium. We use an algorithm, which uses complex mathematical and actuarial methods of calculating and pooling risk, for insurance underwriting purposes. For more information, please see our full Data Protection Statement or contact us using the details in Section 1 'General' above.

Where we use automated decision making which produces legal effects for you or otherwise significantly affects you, you will have the right to obtain human intervention and to contest and make representations in relation to the decision in question.

8. Your Rights

As a ‘data subject’, you have the rights set out in this section. For more information on each of these rights, please see our full Data Protection Statement or contact us using the details in Section 1 'General' above.

Please send all requests to us (details in Section 1 ‘General’ above) in writing by post or email, together with enough information to allow us to deal with your request. It may take up to one month to process your request. If we refuse your request you are entitled to make a complaint to the Data Protection Commission (details in Section 1 ‘General’ above).

  1. Right to Withdraw Consent

    If we are processing your information on the legal basis of consent, you are entitled to withdraw your consent at any time. For details on how to withdraw your consent for marketing see Section 12 ‘Marketing Information’.

  2. Right of Access

    You have the right to be given details about the personal data concerning you that we hold and why and how we process that data. You also have the right to obtain a copy of the personal data we hold about you; this is known as a data access request. When you make this type of request, we would ask that you provide us with as much information as possible to assist us in identifying the personal data you want access to.

  3. Right of Rectification

    You have the right to require AXA to correct any inaccuracies (including missing details) in the information we hold about you. We would welcome any corrections to your information and, in certain cases, it is required by the terms of your insurance policy.

  4. Right of Erasure/Right to be Forgotten

    In certain circumstances you have a right to have the personal data concerning you erased. You may only request the deletion of your data in specific situations.

  5. Right not to be subject to Automated Individual Decision-Making, including Profiling

    In certain circumstances you have a right not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affects you.

    Where we use automated decision-making you will always be entitled to have a person review the decision. See Section 7 ‘Automated Decision-Making’ above for more details.

  6. Right to Data Portability

    You have a right to receive from us the personal data you have provided to us. You may also request that we send this personal data to another data controller (such as another financial services provider).

  7. Right to Object

    Where we state in this document that we process your personal data in the public interest or on the basis of a legitimate interest (see the Legal Basis table above), you are entitled to object to the processing in question on grounds relating to your particular situation. We will then stop processing the personal data in question unless we can demonstrate compelling legitimate grounds for the processing that override your right or unless we need to use it in a legal claim. For more information on the Right to Object, please see our full Data Protection Statement or contact us using the details in Section 1 'General' above.

  8. Right to Restrict Processing of Your Data

    You have the right to restrict us from processing your personal data where you feel that it is inaccurate, that we are processing it unlawfully or that we no longer need it or where you have invoked your Right to Object (as set out in Section 8 (vii) above).

9. Specific Service Providers

We would like to draw your attention to some additional information relating to a number of the services we use which involve the processing of your personal data (for more detailed information please, see our full Data Protection Statement or contact us using the details in Section 1 'General' above):

  1. Credit searches and use of third party information

    We may carry out credit searches (either internally or with third party services) during your application for insurance. We may also pass information we hold about you and your payment record to the third party credit agencies. Where automatic credit scoring is used by us, we will enable you to make representations in relation to the search. We may also carry out searches in Northern Ireland in relation to County Court Judgments, the electoral register and CIFAS anti-fraud databases.

  2. Penalty Point Information

    AXA may use your driver number (and that of any named drivers on your policy) to obtain data on any penalty points you may have. Each person's driver number can be found on their driving licence.

  3. Anti-Fraud Databases

    Various anti-fraud databases have been created in the Republic of Ireland and Northern Ireland to assist in the detection and defence of exaggerated and fraudulent claims.

    On various occasions during the term of your insurance policy, we will check these databases for information on any previous claims made by or against you or your named drivers (we will also check any third parties claiming against your policy). If we find that any claims have not been disclosed at the appropriate time, we may rely on certain legal rights set out in our insurance policy, including the cancellation of your contract of insurance and refusal of any claims.

    We will also pass details of claims made against you to the organisations that manage these databases. This information will then be available to other insurers.

  4. Insurance Registers

    The law in both Ireland and Northern Ireland require that certain personal information about insured vehicles be provided to various state bodies and registers. We and other companies may search these registers from time to time.

  5. Insurance-Link in Republic of Ireland

    Insurance-Link is an anti-fraud database containing details of claims made by individuals. When you get a quote, take out a policy or make a claim we may check this database. In claims situations we will also check this database and upload certain data (including name, date of birth and type of injury or loss suffered) to it. If we find any claims we may contact the relevant insurance company for further details and we may also provide details to other insurance companies if they discover a claim made against AXA.

  6. Registers in Northern Ireland

    The law in Northern Ireland requires that certain personal information about you, your vehicle, your policy and your claims be provided to various state bodies and registers. We and other companies may search these registers from time to time.

10. AXA Plus

AXA Plus is our customer loyalty programme. For more information, please visit https://www.axa.ie/data-protection/axaplus/.

11. Communication with Customers

We may contact you from time to time in relation to the purposes set out in this Data Protection Summary, which may include policy administration, discussion of renewal terms or quotes already provided to you, claims handling and (where you have given your consent) marketing. For more information, please see our full Data Protection Statement or contact us using the details in Section 1 'General' above.

12. Marketing Information

How it works

Where you have told us that you are happy to receive marketing information from us, we may contact you from time to time about other AXA products that we think may be of interest to you, including on the 12 month anniversary of a quote not taken up or your policy lapsing. To do this we may contact you by post, email and telephone (including mobile telephone) using the contact details you have provided to us.

In order to improve our customer service, we may use your data to analyse customer purchasing behaviour (such as time of day, channel used, level of cover) and customer data (such as name, address, renewal dates) to determine the most appropriate marketing offer for you.

How to change your marketing preference

If you have opted to receive marketing communications from us and you decide you no longer want to receive them anymore you can change your marketing preference by:

  • going to www.outopt.me and following the instructions;
  • letting us know your new preference when you receive any marketing communications, either by telling the AXA staff member during a phone call or clicking the opt out link in any message;

  • calling us on:

    0818 7 365 24 (Republic of Ireland customers);

    0800 039 1970 (Northern Ireland customers);

  • dropping in to your local branch
  • emailing us at compliance@axa.ie; or

  • writing to us at:

    Compliance Department
    AXA Insurance
    FREEPOST
    Dublin 1

    or

    Compliance Department
    AXA Insurance
    FREEPOST
    BEL 2531
    Belfast
    BT1 1BR

Please note opting out from all contact may take up to 30 days and your choice will not affect any of the other services we provide to you, now or in the future.

For information on the cookies we use and how to manage them, please see our cookie policy at www.axa.ie or www.axani.co.uk.