Data Privacy Notice
Eppione Ltd t/a Eppione Ltd, HCC and HealthCareCompare is committed to respecting and protecting your privacy and would like you to feel safe when you give us your personal details. We wish to be transparent on how we process your data and show you that we are accountable with GDPR in relation to not only processing your data but ensuring you understand your rights as a client.
It is the intention of this data privacy notice to explain to you the information practices of Eppione in relation to the information we collect about you.
For the purposes of the GDPR the data controller is:
- Eppione Ltd
- Address: 2 Dublin Landings, North Wall Quay, Dublin 1, D01 V4A3.
- Website: http://www.eppionebroking.ie
- Tel: +353 1 4966666
- E-mail: dataprotection@eppione.com
- When we refer to ‘we’ it is Eppione Ltd t/a Eppione Ltd, HCC and HealthCareCompare
Please read this Data Privacy Notice carefully as this sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Who Are We?
We will always clearly identify ourselves in correspondence and on our website. Our principal business is to provide advice and arrange transactions on behalf of clients in relation to life & pensions, general insurance, health insurance and insurance-based investment products.
To provide you with relevant information and respond to your requests we sometimes request that you provide us with information about yourself.
This Data Privacy Notice will inform you of the information we gather and how it is used. Eppione Ltd maintains the same privacy practices with respect to data that is collected off – line and on-line and this notice also covers both those methods of data collection and use. Eppione Ltd complies with EU General Data Protection Directive (GDPR) for the collection, use, and retention of all personal data.
Our GDPR Owner and data protection representatives can be contacted directly here:
- David Kindlon
- dataprotection@eppione.com
- Tel: +353 1 496 6666
Why Does Eppione Collect and Store Personal Data?
In order for us to provide you life & pensions, general insurance, health insurance and insurance-based investment products, we need to collect personal data as this is necessary in relation to a contract of insurance to which you, the individual, has entered into or because you, the individual, has asked for something to be done so they can enter into a contract. This is our legal basis for processing your data under GDPR.
In any event, we are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy.
In terms of being contacted for marketing purposes Eppione Ltd will ask you for additional consent.
Types of information collected include, but are not limited to, the following (depending on policy type):
Policy Information: Name, address, phone number, email address, date of birth, gender, licence details, proof of identification, payment details, risk, vehicle and property details, driving and claims history, relevant criminal convictions, health information, telephone recordings, circumstances of an incident etc.
Information provided by others: e.g. joint policy holders, policy holder if you are named on a policy.
Information obtained from sources other than you: Penalty Points, Address Lookup, geocoding information, vehicle details and history, details regarding a claim from a Third Party or Witness etc.
How will Eppione Use the Personal Data it Collects About Me?
Eppione will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary.
Special Categories of Personal Data
If we collect any special categories of personal data, e.g. health, religious beliefs, racial, ethnic origin (financial information is not classified as special categories of personal data), we will ensure the below:
- We will obtain your explicit consent.
Who Are We Sharing Your Data With?
We may pass your personal data on to third-party service providers contracted to Eppione in the course of dealing with you. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfil the service they provide on your behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with data retention procedures.
If we wish to pass your sensitive personal data on to a third party, we will only do so once we have obtained your explicit consent, unless we are legally required to do otherwise.
If we transfer personal data or allow the transfer of personal data to a third party or outside the EU, we as the data controller will ensure the recipient (processor or another controller) has provided the appropriate safeguards and on condition that enforceable data subject rights and effective legal remedies for you, the data subject, are available.
The third parties that we pass your personal data to are:
- Insurance/Investment companies in order to provide a contract of insurance or investment services to which you, the individual, has entered into or because you, the individual, has asked for something to be done so they can enter into a contract.
- Professional Trustee Services for Pension/Risk Benefits Scheme.
- Our representatives, such as companies that provide various services (including telecommunications, data storage, document destruction, Marketing and IT such as Applied Systems, Goldfish, Smart IT, Kefron, Hubspot and Microsoft 365), lawyers and auditors.
- Finance companies in order to provide a premium finance contract to you if required.
- State or government departments, regulators, bodies or agencies.
If you hold insurance against a liability that may be incurred by you against a third party, where for whatever reason you cannot be found or you become insolvent, or the court finds it just and equitable to so order, then your rights under the contract will be transferred to and vest in the third party even though they are not a party to the contract of insurance. The third party has a right to recover from the insurer the amount of any loss suffered by them. Where the third party reasonably believes that you as policyholder have incurred a liability the third party will be entitled to seek and obtain information from the insurer or from any other person who is able to provide it concerning:
- the existence of the insurance contract,
- who the insurer is,
- the terms of the contract, and
- whether the insurer has informed the insured person that the insurer intends to refuse liability under the contract.
Data Subjects Rights
Eppione facilitate you, our clients, rights in line with our data protection policy and the subject access request procedure. This is available on request.
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have the right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.
- Right to judicial review – in the event that Eppione refuses your request under rights of access, we will provide you with a reason as to why and you have the right to lodge a complaint with the relevant supervisory authority.
All of the above requests will be forwarded on should there be a third party involved as we have indicated in the processing of your personal data.
Additional Information we are Providing You with to Ensure we are Transparent and Fair with our Processing
Retention of your personal data
Eppione is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices.
Data will not be held for longer than is necessary for the purpose(s) for which they were obtained. Eppione will process personal data in accordance with our retention schedule. This retention schedule has been governed by our regulatory body Central Bank of Ireland, Revenue and other regulatory bodies and our internal governance.
Complaints
In the event that you wish to make a complaint about how your personal data is being processed by Eppione or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority, the Data Protection Commission and Eppione’s GDPR Owner, David Kindlon, dataprotection@eppione.com
Fax: + 353 57 868 4757
Failure to provide further information
If we are collecting your data for a statutory requirement or to fulfil a contract and you cannot provide this data, the consequences of this could mean the contract cannot be completed or details are incorrect.
How we use automated processing and profiling
We may analyse your information using automated means to assist us in obtaining quotations for general insurance, health insurance, life and pensions products.
Additional Processing
If we intend to further process your personal data for a purpose other than for which the data was collected, we will provide this information prior to processing this data. We may also use profiling in the following ways.
Profiling
The main categories are
- Risk profiling.
- Profiling for marketing purposes.
- Establishing affordability and providing quotations for financial services
- Risk Profiling – To establish a customer’s attitude to investment risk (relates to pensions and investments) advisors have automated calculators which calculate the customers attitude to various levels of risk having answered a series of questions.
- Profiling for marketing purposes – When we seek to contact you about other services, as outlined above we run automated queries on our computerised data base to establish the suitability of proposed products or services to your needs.
- Establishing affordability and providing quotations for financial services products.
Contact Us
Your privacy is important to us. If you have any comments or questions regarding this statement, please contact us on dataprotection@eppione.com
Data Privacy Notice Changes
Eppione Ltd. may change this data privacy notice from time to time. When such a change is made, we will post a revised version online. Changes will be effective from the point at which they are posted. It is your responsibility to review this data privacy notice periodically, so you are aware of any changes. By using our services, you agree to this data privacy notice.
This privacy notice was last reviewed in June 2021.
Version 2.1