Privacy & Cookie Notice - Martin Insurance Brokers

Privacy and Cookie Notice – Effective from 11 September 2023

Martin Insurance Brokers is a trading name of Crotty Insurance Brokers Ltd (“CIB”) collectively referred to as ‘we’, ‘us’ and ‘our’ in this Privacy and Cookie Notice. CIB is committed to respecting and protecting your privacy and would like you to feel safe when giving your details. To provide you with relevant information and respond to your requests, we sometimes request that you provide us with information about yourself.

Please read this Privacy and Cookie Notice carefully as it will inform you of how we collect and process your personal information. Our activities are compliant with the provisions of the Data Protection Acts 1988 & 2003, the EU General Data Protection regulation (‘GDPR’), the UK Data Protection Act 2018 and any other Data Protection legislation/Acts passed as a result of the GDPR.

Your continued use of the website constitutes your consent to the contents of this notice.

We are part of the Brown & Brown (Europe) Ltd (Brown & Brown) Group of Companies, for a full list of Brown & Brown trading companies please visit our website www.bbrown.com/eu

Personal Information We Collect

We will receive personal information about you when you contact us, for example, by requesting or obtaining a quote, purchasing a product from us or from one of our partners or using our website. The information may include:

Individual details	Name, address (including proof of address), other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and employment history, and family details, including their relationship to you.
Identification details	Identification numbers issued by government bodies or agencies, including your PPS number, passport number, tax identification number and driving licence number.
Financial information	Payment card number (credit or debit card), bank account number, or other financial account number and account details, credit history, credit reference information and credit score, assets, income, and other financial information, account log-in information and passwords for accessing insurance policy, claim and other accounts.
Risk details	Information about you (and others insured under the policy) which we need to collect in order to assess the risk to be insured and provide a quote. This may include data relating to health, criminal convictions, or other special categories of personal data (see below). For certain types of policy, this could also include telematics data.
Policy information	Information about the quotes you receive and policies you take out.
Credit and anti-fraud data	Credit history, credit score, sanctions and criminal offences, and information received from various anti-fraud databases relating to you.
Medical condition and health status	Current or previous physical, mental or medical condition, health status, injury or disability information, medical diagnosis, medical procedures performed and treatment given, personal habits (for example, smoking or consumption of alcohol), prescription information, and medical history.
Previous and current claims	Information about previous and current claims (including other unrelated insurances), which may include data relating to your health, criminal convictions, or other special categories of personal data (see below) and in some cases, surveillance reports.
Other sensitive information	Information about religious beliefs, ethnicity, political opinions or trade union membership, sexual life and orientation, or genetic or biometric information. We may obtain information about criminal records or civil litigation history (for example, for preventing, detecting and investigating fraud).
Telephone recordings	Recordings of telephone calls with our representatives and call centres.
Photographs and video recordings	Images (including photographs and pictures) or video recordings created in connection with our insurance or other business activities, including for claims assessment, administration and settlement, claim disputes, or for other relevant purposes as permitted by law, as well as CCTV recordings captured by equipment on our premises.
Marketing preferences and marketing activities	Marketing preferences including preferences for our method of contact. To improve our marketing communications, we may collect information about interaction with, and responses to, our marketing communications.

How and why we use this information

We will process any personal data lawfully under one or more of the following bases:

Performance of a contract	the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
Compliance with a legal obligation	the processing is necessary for us to comply with the law (not including contractual obligations).
Legitimate interests	the processing is necessary for our legitimate interests pursued by us. In such cases our legitimate interests are as follows: – To add value to your product by offering you other general insurance products – To provide high standards of service to our customers by ensuring they are fully informed about all of our products – To engage in activities to improve and adapt the range of products and services we offer and to help our business grow – To investigate and prevent potential fraudulent and other illegal activity.
Consent	where you have given clear consent for us to process your personal data for a specific purpose, such as marketing activities. If we need consent to process personal information, we’ll ask for this first. This consent can be withdrawn at any time.
Necessary for reasons of substantial public interest	under GDPR and the UK Data Protection Act 2018 processing for an insurance purpose is included within this basis when processing special category and conviction data.

We will use personal information about you primarily in connection with the provision of insurance, namely:

Arranging insurance cover (issuing quotations, renewals, policy administration)
Establishing and maintaining communications with you
Comply with applicable legal, regulatory and professional obligations, including cooperating with regulatory bodies and government authorities, to comply with law enforcement and to manage legal claims
Make assessments and take decisions, including whether to pay your claim or pursue any losses against you or a third party, provide you with our products and services, on what terms and whether you are eligible for a payment plan
Handling claims
Undertaking anti-fraud, sanction, anti-money laundering and other checks to protect against fraud, suspicious or other illegal activities
Process payments when you purchase a product or service and any refunds
Collecting, forwarding and refunding premiums
Facilitating premium finance arrangements
Processing transactions through service providers
Credit assessments and other background checks
Where we believe it is necessary to meet legal, security, processing and regulatory requirements
Business transfers where we sell whole or part of our business and/or assets to a third party purchaser to allow the purchaser to administer your insurances
Marketing and client profiling
Allowing our group and associated companies to notify you of certain products or services offered by them
Research and statistical analysis
Building databases for use by us and others we may share information with
Manage relationships with third parties, e.g. brokers and service providers
Improve our products and services, provide staff training and maintain information security, including by recording and monitoring telephone calls
Conduct customer analysis, market research and focus groups, including customer segmentation, campaign planning, creating promotional materials, gathering customer feedback and customer satisfaction surveys
Manage complaints, including to allow us to respond to any current complaints, or challenges you or others might raise later, for internal training and monitoring purposes and to help us to improve our complaints handling processes. We may be obliged to forward details about your complaints, including your personal information, to the appropriate authorities, e.g. the relevant ombudsman.

We may monitor calls, emails, text messages and other communications with you. When you contact us, we may keep a record of that correspondence and any information provided to us during that or any subsequent communication.

We may use your purchase history to tell you about our offers and products that we think you will be most interested in. If you prefer not to receive these messages, you can opt out at any time.

If you’ve chosen to receive marketing information from us, profiling and automated decision making may be used to make our marketing more relevant, for example, by personalising the methods we use to market to you, the marketing messages you receive and the offers you are sent.

Where we obtain your information

We will collect personal information about you from you directly but also potentially from your family members, employer or representative, other insurance market participants, credit reference agencies, anti-fraud databases, sanctions lists, court judgements and other judicial databases, government agencies, open electoral register and any other publicly available data sources. In addition, in the event of a claim, we will receive information from third parties including the other party to the claim (claimant / defendant), witnesses, experts (including medical experts), loss adjustors, solicitors, and claims handlers.

How we share this information

In using personal data for the above purposes, we may disclose personal data to third parties including (but not limited to) insurers, reinsurers, intermediaries or other brokers; outsourcers, sub-contractors, agents and service providers; claim handlers; premium finance providers; professional advisers and auditors. Third parties to whom we disclose personal data are required by law and contractual undertakings to keep personal data confidential and secure, and to use and disclose it for purposes that a reasonable person would consider appropriate in the circumstances and in compliance with all applicable legislation.

We may share and aggregate information about you from across the Brown & Brown Group of companies, including personal information held within the Brown & Brown Group relating to other policies held with us, quotes or claims details and we may use this information to:

help us identify products and services that could be of interest to you, to tailor and package our products and services;
to determine pricing and/or offer available discounts; and
conduct customer research and develop marketing campaigns.

Retention of your personal data

We keep personal information for as long as is reasonably required for the purposes explained in this Privacy Notice. We also keep records, which may include personal information, to meet legal, regulatory, tax or accounting needs. For example, we are required to retain an accurate record of your dealings with us, so we can respond to any complaints or challenges you or others might raise later. We’ll also retain files if we reasonably believe there is a prospect of litigation. The specific retention period for your personal information will depend on your relationship with us and the reasons we hold your personal information.

To support us in managing how long we hold your data and our record management, we maintain a data retention policy which includes clear guidelines on data retention and deletion.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. We may need to transfer your information outside Ireland to other service providers and business partners. We will only transfer your personal information in this way where there is an adequate level of protection that is the same as the level of protection required under the Irish data protection legislation.

International Data Transfers

If the information you provide to us is transferred to countries outside the European Economic Area (EEA) or the UK by us or our suppliers, steps will be taken to make sure appropriate security measures are in place with the aim of ensuring your privacy rights continue to be protected.

Your rights

Data protection laws provide you with a number of rights as set out below.

We may ask you for proof of identity when you make a request to exercise any of these rights. We do this to ensure we only disclose information to the right individual.

We aim to respond to all valid requests within one calendar month. It may take us longer if the request is particularly complicated or you have made several requests. We’ll always let you know if we think a response will take longer than one calendar month. We may also ask you to provide more detail about what you want to receive or are concerned about.

We may not always be able to do what you have asked. This is because your rights will not always apply, for example, if it would impact the duty of confidentiality we owe to others, or if the law allows us to deal with the request in a different way. We will always explain to you how we are dealing with your request.

Right to access your personal data

You may request confirmation that we hold personal data about you, as well as access to a copy of any such data.

Right to rectification

You may ask us to rectify any inaccurate information we hold about you.

Right to erasure

You may ask us to erase your personal information, but this right only applies in certain circumstances, e.g. where:

– it is no longer necessary for us to use your personal information for the original purpose;

– our lawful basis for using your personal information is consent and you withdraw your consent; or

– our lawful basis is legitimate interests and there is no overriding legitimate interest to continue using your personal information if you object.

This isn’t an absolute right and we have to balance your request against other factors such as legal or regulatory requirements, which may mean we cannot erase your personal information.

Right to restriction

You may ask us to stop using your personal information in certain circumstances such as:

– where you have contacted us about the accuracy of your personal information and we are checking the accuracy;

– if you have objected to your personal information being used based on legitimate interests.

This isn’t an absolute right and we may not be able to comply with your request.

Right to portability

In some cases, you can ask us to transfer personal information that you have provided to us, to another third party of your choice. This right only applies where:

– we have justified our use of your personal information based on your consent or the performance of a contract with you; and

– our use of your personal information is by electronic means.

Right to object

You can object if you no longer wish to receive direct marketing from us.

You may also object where you have grounds relating to your particular situation and the lawful basis we rely on for using your personal information is our (or a third party’s) legitimate interests. However, we may continue to use your personal information where there are compelling legitimate grounds to do so.

Automated decision making

You have the right not to be subject to a decision using your personal information which is based solely on automated processing (without human involvement) where that decision produces a legal effect or otherwise significantly affects you. This right does not apply if the decision is:

– necessary for the purposes of a contract between us and you;

– authorised by law (e.g. to prevent fraud); or

– based on your explicit consent.

You do however have a right to request human intervention, express your view and challenge the decision.

Right to make a complaint

You have the right to lodge a complaint with the supervisory authority (although we would encourage you to contact us in the first instance).

The Data Protection Commission can be contacted at 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Cookies and similar technologies

Cookies are small text files that can be used by websites to make a user’s experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages. You can at any time change or withdraw your consent from the Cookie Declaration on our website.

Learn more about what cookies we are using and the purpose of their use in our Cookie Policy.

Who to contact about your Personal Data

Use the contact details below for any questions or concerns relating to this Privacy Notice or our data protection practices, or to make a request relating to your rights such as a subject access request.

Our Brown & Brown Group Data Protection Officer can be contacted at:

data.protection@grpgroup.co.uk

Brown & Brown (Europe) Ltd

7th Floor

Corn Exchange

55 Mark Lane

London

EC3R 7NE

Changes to our privacy notice

We review this Privacy Notice regularly and reserve the right to make changes at any time to take account of changes in our business activities, legal requirements, and the manner in which we process personal information. We will place updates on this website and where appropriate we will give reasonable notice of any changes.