Sorry, you need to enable JavaScript to visit this website.

RSA Data Protection Notice

At RSA we are committed to ensuring that your personal data is protected. To keep you informed, we have created this notice which will explain how we use the information we collect about you and how you can exercise your data protection rights.

1. Who are we?

We are RSA Northern Ireland Insurance Limited, part of the RSA Insurance Group. We provide commercial and consumer insurance products and services on behalf of Royal & Sun Alliance Insurance plc and RSA Insurance Ireland DAC.  We also provide insurance services in partnership with other companies. RSA Northern Ireland Insurance Limited, RSA Insurance Group plc and RSA Insurance Ireland DAC (referred to throughout this statement as ‘RSA’, ‘we’, ‘us’, ‘our’) are the data controllers in relation to the personal information we hold about you.

Our EU Representative

As RSA Northern Ireland Insurance Limited does not have an establishment in the European Union, we have appointed a representative based in the Republic of Ireland who you may address any issues and/or queries you may have relating to our processing of your personal data and/or this Data Protection Notice more generally. Our EU representative will also deal with data subject rights requests for EU citizens and enquiries by EU supervisory authorities on our behalf.

Our EU representative is RSA Insurance Ireland DAC. Our EU representative can be contacted directly by email at the following address ie_dataprotection@ie.rsagroup.com

2. Why do we collect and use your personal information?

The following (non-exhaustive) types or categories of personal information that we may collect and use about you includes : name, address, date of birth, occupation, policy numbers, contact details, gender, driving licence details and penalty points information, marketing preferences and renewal dates of policies with other insurers, bank and payment card details, claims data, medical / health information, geo-location and driving behaviour data and on-line identifiers such as IP addresses. Note: You don’t have to provide us with any personal information, but if you don’t provide certain information that we need then we may not be able to proceed with your application for insurance or with a claim that you make. We will let you know what information is required to proceed with your application or claim.

RSA will use your personal information for the provision of insurance services such as providing a quotation, underwriting a policy and handling claims under an insurance contract. We will also use your personal data for other related matters such as complaints handling, prevention or detection of fraud, for reinsurance purposes and statistical analysis.

When looking for a quote for an insurance product from us, you will need to provide us with information relating to what you wish to be insured (e.g. car make and model, details about you etc.). When buying certain products, we may on occasion need to collect special categories of data (e.g. health/ medical information) and driving offences or convictions history. If you can’t provide this information we will be unable to provide certain products or services to you.

In order to provide our products or services we will also need to process your payment information (e.g. direct debit, credit and debit card information, etc.) to collect payment from you and/or to issue any refunds or premiums due to you. We may need to contact you if you request a quote from us and/or to service your policy. We may need to communicate with you via your intermediary, if applicable, and this may be done via our/their website, emails, SMS, telephone calls or by post. Calls with RSA may be recorded for training and verification purposes.  

If you need to claim against your insurance policy, we normally need to collect information that evidences what happened in the incident. If other people are involved in the incident, we may also need to collect additional information related to them (including children) which can include special categories of data (e.g. injury and medical information).

When submitting an application to us, you may need to provide us with equivalent or substantially similar information relating to other proposed beneficiaries under the policy or claim.  You agree that you will bring this Data Protection  Notice to the attention of each beneficiary at the earliest possible opportunity. Please also ensure that anyone else who is insured under your policy or may be a beneficiary (e.g. arising from a claim settlement) has agreed to provide their personal information to us.

Secondary processing of your personal information (i.e. for a purpose other than for which it was collected) may be undertaken but only in accordance with data protection laws, e.g. where necessary and proportionate for the purposes of preventing, detecting, investigating or prosecuting criminal offences, or for the purposes of legal advice and legal proceedings.

We collect information through website cookies and other similar technologies (e.g. pixel trackers or ‘like’ buttons) when you visit our website. These tools are used by RSA and our third-party service providers to help improve our and their products and services, the functionality and performance of our websites and to support more effective advertising. For more information about how and why we use cookies please visit our Cookie Policy.

Data protection laws require us to meet certain conditions before we use your personal information in the manner described in this Notice.  In order to provide you with this information we have prepared the following which describes the purposes for which we are using your personal data and the legal basis for doing so.

Purpose of Processing

Legal Basis

To provide you with a quote for an insurance product and to provide you with insurance cover if you decide to purchase a product.

Processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract.

To assess the information you have provided and make a decision as to whether we can provide you with cover and at what price.

 

Processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract.

 

To verify your identity and to verify the accuracy of the information we receive.

Processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract.

Processing is necessary for the purposes of our legitimate interests to investigate and prevent potential fraudulent activity.

Processing is necessary to comply with legal obligations (e.g. money laundering requirements).

To administer your insurance contract and make any changes during its term, answer queries, provide updates and process a cancellation.

Processing is necessary for the performance of a contract or to take steps at your request prior to entering into a contract.

To make and receive any payments whether in relation to your policy or a claim.

Processing is necessary for the performance of a contract or to take steps at your request prior to entering into a contract.

To manage and investigate any claims made by you or another person under your policy of insurance, or by you as a Third Party against our policyholder including for the defence of legal proceedings.

Processing is necessary for the performance of a contract or to take steps at your request prior to entering into a contract.

Processing is necessary for the purposes of our legitimate interests.

To detect and prevent fraud, money laundering and other offences. To assist the Police Service of Northern Ireland or any other authorised law enforcement body with their investigations.

Processing is necessary for the purposes of our legitimate interests. This interest is to investigate and prevent potential fraudulent and other illegal activity.

Processing is necessary to comply with legal obligations.

To manage and investigate any complaints.

Processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract.

Processing is necessary to comply with legal obligations.

For reinsurance purposes.

Processing is necessary for the purposes of our legitimate interests in protecting ourselves from excess losses due to high exposure.

To comply with laws and regulations.

Processing is necessary to comply with legal obligations.

For statistical analysis including internal risk assessment, portfolio performance reporting or market-level research exercises.      

Processing is necessary for the purposes of our legitimate interests. This interest is to improve our processes, products and services.

For staff training, performance reviews and internal disciplinary purposes.

Processing is necessary for the purposes of our legitimate interests. This interest is to improve our processes, products and services.

To ensure the security of our systems, to make back-ups of your data in case of emergencies and for disaster recovery purposes.

Processing is necessary to comply with legal obligations.

Processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract. 

Processing is necessary for the purposes of our legitimate interests.

To issue service related communications to you such as policy renewal reminders or adverse weather alerts to help safeguard your property.

Processing is necessary for our legitimate business interests.

To administer and improve our website. To make suggestions and recommendations to you as a user of our website about products and services that may be of interest to you. For further information please see our Cookie Policy.

Processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract (i.e. use of cookies which are essential or strictly necessary to provide you with the service which you have requested).

Processing is based on your specific consent.

 

3. How else do we collect information about you?

Where possible, we will collect your personal information directly from you. However, on occasion we may receive information about you from other people or sources. For example:  

  • It was given to us by someone who is applying for an insurance product on your behalf (e.g. your insurance broker, intermediary, spouse or partner).
  • It was supplied to us when you purchased, or sought to purchase, an insurance product or service that is provided by us in partnership with other companies.
  • It was lawfully collected from other sources (e.g. the Motor Insurers’ Bureau (MIB)).
  • Vehicle history check suppliers/databases.
  • Through credit history checks.
  • Through geocoding databases used to determine location-based risk factors.
  • Searches of open source and publicly available information (e.g. social media platforms and online content, court judgements etc).
  • Motor Insurers Anti-Fraud and Theft Register (MIAFTR), the Claims and Underwriting Exchange (CUE) and from other insurance companies.
  • Other fraud prevention databases and data enrichment services available in the insurance industry.
  • Personal data collected through website cookies processing e.g. IP address.

4. Will RSA share your personal information with anyone else?

We may share your details with other third parties (e.g. service providers, data processors, other data controllers) in order to administer your policy, handle and validate claims, to prevent and detect fraud, comply with laws and regulations and to conduct internal or market level research/ analysis. For example:

  • Your Intermediary & anyone authorised by you to act on your behalf
  • Our Third Party Service Providers such as our Information Technology suppliers, Cloud Service Providers, data hosting/storage providers, payment services providers and documentation fulfilment providers.
  • With other companies within the RSA Insurance Group
  • The Motor Insurers Anti-Fraud and Theft Register (MIAFTR), the Claims and Underwriting Exchange (CUE) and with other insurance companies and industry bodies.
  • Loss Adjusters, claims investigators, repairers, car hire providers, medical practitioners, solicitors and other firms as part of the claims handling process.
  • Property and Risk surveyors and engineers.
  • Private Investigators and Claims Investigators when we need to further investigate certain claims.
  • Other fraud prevention databases and data enrichment service providers available in the insurance industry.
  • With prospective sellers or buyers in the event that we decide to sell or buy any business or assets
  • Our reinsurers who provide reinsurance services to RSA Insurance.
  • Third party claimants or their legal representatives during the administration of a claim being made against you.
  • We may also share your personal information as a result of our legal and regulatory obligations. This can include with the Police Service of Northern Ireland (PSNI), other official government agencies (MIB) and on foot of a Court Order or Subpoena.  
  • Our trusted partners and with third parties where personal data is processed via the use of cookies or other similar technologies for specific purposes. For further information on the latter please see our Cookie Policy.

Some of the organisations we share your information with (including transfers within the RSA Group) may be located outside of the UK. At the time of writing this Notice, the UK government has stated that, after the end of the Brexit transition period, transfers of data from the UK to the EEA will be permitted. For transfers of personal data outside of the EEA we will only do this in compliance with the appropriate legal and technical safeguards such as the EC-approved standard data protection clauses adopted by the ICO, Binding Corporate Rules or as a result of an UK adequacy decision.

5. Which decisions about you will be based solely on automated means?

We may conduct the following activities, which involve automated (computer based) decision-making::

  • The use of Pricing and Underwriting engines and algorithms – these processes calculate the insurance risks based on the information that you have supplied or that we have collected about you. This will be used to determine if we can provide, or continue to provide, you with a policy and to calculate the premium you will have to pay.

The results of these automated decision-making processes will limit the products and services we may be able to provide you. If you do not agree with the result, you have the right to request human intervention to allow you to express your point of view and contest the decision.

6. For how long will RSA keep your information?

Information submitted to RSA for a quotation may be retained by us for a period of up to 15 months from the date of the quotation. All information in respect of a policy (to include claims on the policy) will be held for 8 years after the ending of the client/insurer relationship to ensure we meet our regulatory obligations. We will retain emails and call recordings for 8 years from the date of the communication.

There are certain policies that we need to keep information for longer than the normal periods, in the event we may receive claims much later due to the claimant being unaware of their injuries until a long time after it was caused. We may also be required to retain information for longer than the outlined retention periods, where we have a regulatory obligation to do so.

7. What are your rights over the personal information that is held by RSA?

You have certain legal rights under data protection laws in relation to your personal information:

  1. To correct any information we hold about you if you believe it’s incorrect or incomplete – please contact your intermediary or us directly to have this updated.
  2. To request your personal information to be deleted where you believe it is no longer required. Please note however, this request will not be valid while you are still insured with us and where we are subject to legal or regulatory obligations.
  3. To be provided with a copy of the personal information we hold about you, in a commonly used electronic format (or hard copy if you wish).
  4. To request that we provide/ transfer a copy of the personal information you have supplied to us, to another company. We would provide the information in a commonly used electronic format.
  5. To request that we restrict the use of your personal information in certain circumstances.
  6. To object to the processing of your personal data for marketing purposes or for any purpose where processing is necessary for the purposes of our legitimate interests (see table above).
  7. To withdraw consent where we rely on your consent as our legal basis for using your personal data.
  8. To contest decisions based solely on automated decision making, express your point of view and ask for human intervention.

If you would like to request any of the above, please email us a request to DPO@ni.rsagroup.com or write to us at the address contained in Section 10.To ensure that we do not disclose your personal information to a party who is not entitled to it, when you are making the request please provide us with:

·  Your name;

·  Address(es);

·  Date of birth;

·  Any policy IDs or reference numbers that you have along with a copy of your photo identification and proof of address.

Please note that requests to restrict the use of your personal information or to object to the processing of your personal data may lead to us being unable to continue to service your policy and therefore lead to cancellation of your policy.

If you would like to request any of the above Rights, please email us at ni_dataprotection@ie.rsagroup.com or write to us at the address contained in Section 9 of this notice. When you are making a request please provide us with your name, address, data of birth and any policy or claim IDs that you have. For any requests made you may need to provide us with a copy of your photo identification, to ensure that we do not disclose your personal information to a party who anyone that is not entitled to it.  

All requests are free of charge, unless we think your request is manifestly unfounded or excessive in nature. We will endeavour to respond within one month from receipt of the request. If we cannot meet this time frame due to the complexity or repeated nature of a request, we will let you know as soon as possible and explain the reason for this was in our response.

Please note that simply submitting a request does not mean we will be able to fulfil it or in its entirety – we are often bound by legal and regulatory obligations which can prevent us from fulfilling some requests, or we may rely on a lawful exemption which restricts the scope of our obligations as a Data Controller. When this is the case we will explain this to you in our response.

8. Changes to our Data Protection Notice

This notice may be updated from time to time so please check it each time you submit personal information to us or when you renew your insurance policy.

9. How do you ask a question about this Data Protection Notice?

If you have any questions or comments about this notice please contact:

The Data Protection Officer, RSA NI Insurance Limited, Law Society House, 90-106 Victoria Street, Belfast, BT1 3GN.

You may also email us at ni_dataprotection@ie.rsagroup.com.

10. How can you raise a concern?

As a responsible Data Controller, we take our data protection obligations extremely seriously. However if you are unhappy with how we have handled your personal data and wish to raise a concern about this, please contact us at ni_dataprotection@ie.rsagroup.com or write to us using the address provided in Section 9. Our Data Protection Officer will investigate your concern and will give you additional information about how it will be handled. We aim to respond in a reasonable time, normally within 30 days. If you are not satisfied with our response you can make a complaint to the Information Commissioner’s Office (ICO) Northern Ireland, 3rd Floor, 14 Cromac Place, Belfast, BT7 2JB or at www.ico.org.uk

 

Last updated: January 2021