Cookie Policy
We use cookies to give you the best possible online experience and help our marketing efforts. By continuing to browse, we'll assume you're happy for your browser to receive all cookies from our website. See our cookie policy for more.

Privacy Policy Statement

Ensuring your privacy is protected

Contents


Ensuring your privacy is protected

  1. Chill Insurance
  2. Information Collection
  3. Purposes for which we hold your Information
  4. Recipients of Data
  5. Special categories of data and data on criminal convictions and offences
  6. Home and when we may contact you
  7. Automated individual decision making including profiling
  8. Retention
  9. Subject Rights
  1. Right to rectification
  2. Right to erasure
  3. Right to object
  4. Right to restrict processing
  5. Right to access
  6. Right to portability
  7. Right to withdraw consent
  8. Right to complain
  1. Marketing
  2. International Transfers
  3. Cookies
  4. Security
  5. Changes to the Website Privacy Policy
  6. Questions or Complaints

Ensuring your privacy is protected

Chill Insurance Limited (“Chill Insurance”) respects your right to privacy and complies with our obligations under relevant data protection legislation including the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

The purpose of this Privacy Policy (“Policy”) is to outline how we process personal data, including special categories of data and the basis on which personal data is obtained from you or collected about you from third parties. We do not knowingly attempt to solicit or receive information from children.

We take great care with any personal data we hold, so that we provide the highest standard of service to you, whilst taking steps to keep your data secure and to ensure it is only used for the specified, explicit and legitimate purposes stated within this Policy.

It is important that you read this Policy and show it to anyone else who is insured under your policy of insurance, including any named drivers, joint policyholders and anyone living at the property insured under your policy, as it also applies to them.

In circumstances where you provide personal data including special categories of data or sensitive data relating to persons other than you who are or will be insured under your policy of insurance, you are confirming that you have obtained the consent of such other persons to the processing of their personal and special categories of data for the purposes set out in this Policy.

Unless otherwise stated, the controller (as defined in the GDPR) of your personal data for all purposes outlined in this Policy is Chill. We can be contacted by post at Chill Insurance House Ravenscourt Business Park, Sandyford, Dublin 18, D18 K267 Ireland by telephone at 01 400 3400 or by email at care@chill.ie. Our data protection officer (“DPO”) can provide you with additional information on this Policy and your rights as outlined in Section 9. Their contact details are below:

Data Protection Officer, Chill Insurance, Ravenscourt Business Park, Sandyford, Dublin 18, D18 K267. Email: dpo@chill.ie

Where you have purchased an insurance policy through Chill, the insurance provider you have chosen also becomes the controller of your personal data for the purposes outlined in their privacy policies. This will normally be to perform their contractual obligations under, and to underwrite, your insurance policy. We will send you the detail on insurance provider’s privacy policy with your policy documentation. You can also find the insurance provider’s privacy policies on their websites.

1. Chill Insurance

We, our, us, Chill refers to Chill Insurance Limited trading as Chill Insurance. Chill Insurance Limited is a private company limited by shares incorporated in Ireland with company number 506021 and having its registered office at Chill Insurance House, Ravenscourt Business Park, Sandyford, Dublin 18, D18 K267, Ireland. We are a registered insurance intermediary and provide both Life and Non-Life Insurance services.

2. Information Collection

We collect information from you when you access our Chill.ie website, when you request a quote online or over the phone, when you speak to members of our staff or enter competitions. We also collect information from sources other than you. We will only collect information that is adequate, relevant and limited to what is necessary in relation to the purposes identified within this Policy.

The table below outlines the categories and types of data we collect along with the source of the data. The type of data we collect will depend on the product or service you are availing of. The types of data we collect may change over time; the following table is an indicative list to help you understand the types of data we collect.

   
Data Category Data Type Where we collect the data from
Identity & Individual Data Name, address, email address, phone number, gender, marital status, date of birth, Official identification documents and numbers including PPS, driver number, license number, passport number, VAT number, vehicle registration number, IP address and other technical/usage data when you visit our website.
  • You;
  • Joint policy holder;
  • Any representative nominated by you to act your on behalf such as a family member or legal representative;
  • Your insurance company.
  • Anti-fraud databases, sanctions lists, court judgements and other databases;
Policy Data

Identity data, employment status & occupation, previous insurance history, details of any previous claims and claims occurring during the term of a policy arranged by us.

Driving history (including motoring convictions, disqualifications/ penalty points, health data, vehicle details.

  • You;
  • Joint policy holder;
  • Any representative nominated by you to act your on behalf such as a family member or legal representative;
  • Your insurance company;
  • Other insurance market participants;
  • Law enforcement agencies such as An Garda Síochána & Criminal Assets Bureau;
  • Anti-fraud databases, sanctions lists, court judgements and other databases;
  • Publicly available information including social media websites, electoral register, online content, TV, radio, and other media content;
  • In the event of a claim, third parties including the other party to the claim (claimant / defendant), witnesses, experts (including medical experts), loss adjustors, solicitors, and claims handlers
Financial Data Your financial information: including bank and payment card details, payment transaction history, and information on income or turnover.
  • You;
  • Joint policy holder;
  • Any representative nominated by you to act your on behalf such as a family member or legal representative;
  • Your insurance company;
  • Your Loan Provider (For the purpose of arranging and managing premium finance with Close Brother Premium Finance through Chill Insurance)
Special Category Data – Health Data Information about your health
  • You;
  • Joint policy holder;
  • Any representative nominated by you to act your on behalf such as a family member or legal representative;
  • Your insurance company;
Criminal Convictions Data Details of any unspent motoring (including penalty points) or non-motoring convictions (if any)
  • You;
  • Joint policy holder;
  • Any representative nominated by you to act your on behalf such as a family member or legal representative;
  • Your insurance company;
  • Law enforcement agencies such as An Garda Síochána & Criminal Assets Bureau;
  • Anti-fraud databases, sanctions lists, court judgements and other databases;

3. Purposes for which we hold your Information

The main purposes for which Chill uses your personal information are to provide a quote, setup, administer and manage your policy and to carry out marketing and analytics. The following section provides more detail on the purposes for which we process your personal data and the legal basis by which we do this.

Purpose/Activity Legal basis for processing
To provide you with a quote for insurance Performance of a contract with you
To administer your insurance policy Performance of a contract with you
To respond to your queries and to provide you with the information you request from us in relation to our Services.
  • Performance of a contract with you
  • Necessary to comply with a legal obligation
  • Necessary for our legitimate interests (to respond to new or existing customer queries and grow our business)
To manage payments, fees and charges in respect of insurance premiums, and to collect and recover money owed to us.
  • Performance of a contract with you
  • Necessary for our legitimate interests (to recover debts due to us)
  • Necessary to comply with a legal obligation
Recording telephone calls (for quality and verification purposes, to assist us in the prevention of fraud) Necessary for our legitimate interests (quality and verification purposes)
To manage our relationship with you, including notifying you about changes to the Services, or our Privacy Policy.
  • Performance of a contract
  • Necessary to comply with a legal obligation
  • Necessary for our legitimate interests (to keep our records updated and to study how customers use our products and services).
To provide you with marketing communication about other services we feel may interest you.
  • For non-customers, Consent
  • For existing or past customers, Legitimate interests (to develop and grow our business) unless you have opted out.
  • See Section 10 for further information on our marketing activities.
To ensure that content is presented in the most effective manner for you and for your computer or device. Necessary for our legitimate interests (to keep our Site and the Services updated and relevant and to develop and grow our business).
To administer and protect our business, our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes. Necessary for our legitimate interests (for running our business and as part of our efforts to keep our Site and the Services safe and secure)
To use data analytics to improve or optimise our Site, marketing, customer relationships and experiences. Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Site and the Services updated and relevant, to develop and grow our business and inform our marketing strategy).
To measure or understand the effectiveness of advertising we serve to you and others, and, where applicable, to deliver relevant advertising to you.
  • Necessary for our legitimate interests (to study how customers use our products or Services, to develop them, to grow our business and to inform our marketing strategy).
  • For non-customers-consent
To prevent, detect and report fraud, money laundering and other offences to protect our business, risk management
  • Legal Obligation
  • Legitimate Interest

3.1 Change of Use

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact our data protection officer at the contact details listed in Section 1 of this Policy. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with this Policy, where this is required or permitted by law.

3.2 Consequences of not providing us with information

You can choose not to give us personal information; however this may have an effect on you. We may need to collect personal information by law, or to enter into or fulfil a contract we have with you. If you choose not to give us this personal information, it may delay or prevent us from fulfilling our contract with you, or doing what we must do by law. It may also mean that we cannot provide you with a quote or manage your policies with us which means we may need to cancel a product or service you have with us.

4. Recipients of Data

We may share your personal data with outside organisations, below is a list of the categories of recipients of organisations we share your personal data with:

Insurance companies and brokers

When you request a quote from us we will need to share your personal data with our panel of insurance providers. As outlined earlier the insurance provider you have chosen is also a controller of your personal data. Further information on how they protect your personal data may be found in their privacy policies. We may also continue to share personal data such as identity and policy data with insurance providers to manage and administer your policy and for the prevention and detection of fraud.

Your representatives

Any party you have given us permission to speak to (such as a relative, friend or legal advisor), in certain circumstances other people insured under your policy of insurance (such as a named driver) and other people or companies associated with you.

Our representatives

Our employees, agents and contractors including companies that provide services in relation to telecommunications and postage, data storage, document production and destruction, IT and IT security, customer loyalty programmes, fraud detection, making and receiving payments, data analysis and management information, credit checking, risk analysis, complaints handling, marketing and market research.

Government, Statutory and Regulatory Bodies

State regulators and authorities such as the Data Protection Commission, the Revenue Commissioners, the Central Bank of Ireland and the Financial Services & Pension Ombudsman; Law Enforcement Agencies such as An Garda Síochána & The Criminal Assets Bureau. Industry bodies such as Motor Insurers Bureau of Ireland and Personal Injuries Assessment Board.

We may also disclose your personal data to the following recipients or categories of recipients:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If Chill Insurance or substantially all of its business or assets are acquired or transferred to a third party whether in the event of a merger, reorganisation, transfer of undertakings, receivership, liquidation or other winding up or any other similar circumstances, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any law, legal obligation or court order, or in order to enforce rights under the GDPR or other agreements.
  • To protect our rights, property or safety, our customers, or others. This includes exchanging information with other companies and organisations for the maintenance and security of the site and services.

5. Special categories of data and data on criminal convictions and offences

We will process Health Data where it is necessary and proportionate for the purposes of providing a policy of insurance or to comply with a legal obligation to which we are subject. We will also process data on Criminal Convictions and offences including penalty point data where it is necessary and proportionate for the steps taken leading into or the performance of your insurance contract and to comply with our legal obligations.

6. When we may contact you

We may contact you by phone/email/sms/post for the following purposes:

  • Administration of your insurance policy
  • To provide you with renewal terms on an existing policy
  • To offer you assistance when you have requested a quote from us either over the phone or through our website
  • Handling customer service queries and complaints
  • Marketing Chill products and services (unless you have opted out of receiving marketing communications)
  • Provision of customer loyalty programme
  • Conducting market research

7. Automated individual decision making including profiling

Automated individual decision making, including profiling, takes place when you request a quote from Chill through our website. The insurance providers we provide quotes on behalf of carry out this automated individual decision making. This means that we run your personal data through algorithms and internal models set by each of the insurance providers to determine your risk profile and calculate your insurance premium. This process includes the use of information you provide to Chill in your online quote form. For example, some factors that insurance providers would use for a car insurance policy are the age of the vehicle, location where the vehicle is parked and the age of drivers. This may include special categories of data, where relevant, such as Health Data or Criminal Convictions and offences data such as penalty point data.

You have the right to human intervention to express your interests and contest automated decisions. If for any reason you are not satisfied with the quote obtained via our website please contact our office to request a quote on 01 400 3400. For further information on individual insurance provider’s automated individual decision making processes, please refer to their privacy policies.

8. Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. This means that the period of time for which we store your personal data may depend on the type of data we hold. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. For more information about our data retention policies please contact our data protection officer at the contact details listed in Section 1 of this Policy.

9. Subject Rights


a. Right to rectification

You have the right to have Chill correct any inaccurate personal data we have collected about you. You also have the right to have incomplete personal data completed; you may provide us with supplementary information to do this. To do so, please contact our customer care team by phone on 01 400 3400 or by email at care@chill.ie.

b. Right to erasure

In certain instances, you have the right to have Chill erase the personal data we have collected about you. This right will not apply where we are required to process personal data in order to comply with a legal obligation or where the processing of this information is carried out for reasons of public interest in the area of public health.

To exercise this right, please contact our data protection officer at the contact details listed in Section 1 of this Policy.

c. Right to object

You have the right to object to the processing of your personal data at any time:

  • For direct marketing purposes.
  • For profiling to the extent it relates to direct marketing.
  • Where we process your personal data for the purposes of legitimate interests pursued by us, except where we can demonstrate compelling legitimate grounds for this processing which would override your interests, rights and freedoms or in connection with the enforcement or defence of a legal claim.

Should this occur, we will no longer process your personal data for these purposes unless doing so is justified by a compelling legitimate ground as described above.

To exercise your right to object, please contact our data protection officer at the contact details listed in Section 1 of this Policy.

NOTE: We will use all reasonable efforts to communicate the fact that you have exercised your right to rectification or erasure of personal data or restriction of processing in accordance with these rights outlined above, to each recipient to whom your personal data has been disclosed in accordance with this Policy, unless this proves impossible or involves disproportionate effort.

d. Right to restrict processing

You have the right to have Chill restrict the processing of your personal data where one of the following applies:

  • You contest the accuracy of the personal data (we will restrict the processing of the personal data until we verify the accuracy of the personal data)
  • The processing is unlawful and you oppose the erasure of your personal data
  • Chill no longer requires the personal data for the purposes of the processing but the data is required by you for the establishment, exercise or defence of legal claims
  • You object to the processing of the personal data as outlined in Section 9.c above (we will restrict the processing of the personal data while we verify our legitimate grounds for the processing which may override your interests, rights and freedoms)

Where you have restricted the processing of your personal data, we will continue to store your personal data but will only process it with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of other people or for reasons of important public interest or other non-restricted purposes.

e. Right to access

You have the right to obtain from us information on the personal data we hold on you including the following:

  • Purposes of the processing
  • Type of personal data held
  • Categories of recipients of the personal data
  • Information on how long the data will be stored
  • If automated individual decision making, including profiling, takes place, as well as information on the logic involved and consequences of this
  • If data is not collected directly from you, information on the source of the data
  • The existence of the right to request from us rectification or erasure of your personal data or restriction of processing of your personal data or to object to such processing
  • The right to lodge a complaint with the Data Protection Commission

Any such request should be submitted in writing and sent for the attention of the data protection officer at the contact details listed in Section 1 of this Policy. We will need to verify your identity in such circumstances and may request more information or clarifications from you if needed to help us locate and provide you with the personal data requested. There is usually no charge applied to access your personal data (or to exercise any of the other rights). However, if your request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee. Alternatively, we may refuse to comply with your request in these circumstances.

f. Right to portability

You have the right to receive personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format. You also have the right to provide this data to another controller or have Chill transmit this data to another controller on your behalf, where technically feasible. This applies to automated data only to the extent provided by you to us. This right to portability is limited to the following situations.

  • Where the processing is based on the legal basis of consent
  • Where the processing is based on the legal basis of entering into or performance of a contract

g. Right to withdraw consent

Where we are processing your personal data on the legal basis of consent, you are entitled to withdraw your consent at any time. We rely on your consent for marketing activities only. It is your choice to receive these communications and you have the right to withdraw your consent at any time. This does not affect the legality of the processing which took place when we had your consent. For further information on our marketing activities and how to stop receiving marketing communications, please see Section 10.

Please note if you withdraw your consent, we will no longer send direct marketing communications to you.

h. Right to complain

If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights in Section 9, then you have the right to complain to the Data Protection Commission (DPC). Please see below for contact details of the DPC.

The Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois. Phone: +353 (0)761 104 8000, LoCall: 1890 25 22 31, Fax: +353 (0)57 8684757, Email: info@dataprotection.ie.

10. Marketing

For marketing purposes we may contact you in relation to special offers, competitions, products and services from Chill via email, post, SMS and phone.

For non-customers we rely on consent to contact you for marketing. Consent will always be provided in the form of a clear opt-in. You have the right to withdraw your consent at any time using the contact details listed in this section.

For existing or past customers, we rely on legitimate interest (to develop and grow our business) to contact you for marketing. We will always provide you with the option to opt-out at the point of data collection. Additionally, you can use the contact details listed in this section to opt-out of receiving future marketing communications.

If you would prefer not to receive this type of communication from us, you can do any one of the following;

  • email optout@chill.ie,
  • call 1800 845 557
  • write to Chill Insurance, Free Post, PO Box 14, Kilrush, County Clare, Ireland.

All emails and texts will also contain a link to unsubscribe or opt-out of future marketing communications from Chill.

11. International Transfers

Some of our suppliers who provide us with services such as IT security or data hosting services may process your personal data such as identity and policy data outside the European Economic Area (“EEA”) where privacy laws may not be as protective as those in your jurisdiction. There are special requirements set out under Chapter V of the GDPR to regulate such data transfers and ensure that adequate security measures are in place to safeguard and maintain the integrity of your personal data on transfer.

Where we transfer your personal data outside the EEA to our suppliers, we will make sure that it is protected to the same extent as in the EEA and we will use at least one of the following safeguards:

  • Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA
  • Put in place a contract with the recipient that means they must protect it to the same standards as the EEA.
  • Transfer it to organisations that are compliant with the EU/US Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to those used and expected within the EEA.

12. Cookies

For further details on our use of cookies, please refer to our Cookie Policy which you can view here.

13. Security

Chill Insurance will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Policy. We will use all reasonable efforts to put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, other recipients and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use reasonable procedures and security features to try to prevent unauthorised access. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

14. Changes to the Website Privacy Policy

Any changes to this Privacy Policy will be posted on this website so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.

15. Questions or Complaints

Contact us. If you have any questions or complaints relating to this Policy, please contact us at:

Data Protection Officer, Chill Insurance, Ravenscourt Business Park, Sandyford, Dublin 18, D18 K267. Email: dpo@chill.ie.

Effective date of this policy: 13th July 2018