Data Protection Policy

1. Overview & Objectives

Overview

Gollogly Insurances Ltd  respects each individual’s privacy and data protection rights

and complies with its obligations under the Data Protection Acts 1988 and 2003.

The Data Protection Acts 1988 and 2003 (the “Data Protection Acts”) lay down strict rules

about the way in which personal data and sensitive personal data are collected, accessed,

used and disclosed. The Data Protection Acts also permit individuals to access their personal

data on request, and confer on individuals the right to have their personal data amended if

found to be incorrect.

This document outlines  Gollogly Insurances Ltd  policy to help ensure that we comply with the Data

Protection Acts.

Objective

This policy is a statement of Gollogly Insurances Ltd commitment to protect the rights and privacy of

individuals in accordance with the Data Protection Acts.

2. Scope

This policy applies to all employees (including contractors and temporary personnel) of

Gollogly Insurances Ltd and its subsidiaries who process personal data/sensitive personal data of individuals including clients.

3. Definitions

Unless defined otherwise, the following definitions are used for this policy:

Data: means automated and manual data

Data Protection: Is the safeguarding of the privacy rights of individuals in

relation to the processing of personal data, in both paper

and electronic format.

Personal Data: means data relating to a living individual who is or can be

identified either from the data or from the data in

conjunction with other information that is in, or is likely to

come into, the possession of the data controller.

Processing of or in relation to information or data, means

performing any operation or set of operations on the

information or data, whether or not by automatic means,

including:

(a) obtaining, recording or keeping the information, or

(b) collecting, recording, organising, storing, altering or

adapting the information or data,

(c) retrieving, consulting or using the information or data

(d) disclosing the information or data by transmitting,

disseminating or otherwise making it available, or

(e) aligning, combining, blocking, erasing or destroying the

information or data

Sensitive Personal Data means personal data as to –

(a) the racial or ethnic origin,  the political opinions or the

religious or philosophical beliefs of the data subject,

(b) whether the data subject is a member of a trade union Public document by Gollogly Insurances Ltd

(c) the physical or mental health or condition or sexual life

of the data subject

(d) the commission or alleged commission of any offence

by the data subject, or

(e) any proceedings for an offence committed or alleged to

have been committed by the data subject, the disposal

of such proceedings or the sentence of any court in

such proceedings.

4. Data Protection Policy

Collecting information about individuals, including clients

We collect and use information to provide the following services:

¨       to provide credit and investment services;

¨       to undertake advertising, marketing, direct marketing and public relation exercises;

¨       to perform accounting and other record-keeping functions;

¨       to provide personnel, payroll and pension administration services.

¨       to provide clients with online services.

¨       to comply with our legal obligations.

Data Protection Principles

We shall perform our responsibilities under the Data Protection Acts in accordance with the

following eight Data Protection principles:

1. Obtain and process information fairly

We shall obtain and process personal data fairly and in accordance with statutory and

other legal obligations.

2. Keep it only for one or more specified, explicit and lawful purposes

We shall keep personal data for purposes that are specific, lawful and clearly stated.

Personal data will only be processed in a manner compatible with these purposes.

3. Use and disclose only in ways compatible with these purposes

We shall use and disclose personal data only in circumstances that are necessary for

the purposes for which we collected the data. Where we wish to use personal data for

marketing purposes, appropriate consents must be obtained from the clients/potential

clients.

4. Keep it safe and secure

We shall take appropriate security measures against unauthorised access to, or

alteration, disclosure or destruction of personal data and against its accidental loss or

destruction. This includes adopting enhanced security measures where personal data is

being stored or processed outside of a secure KBCBI office location (e.g. encryption of

laptops etc).

5. Keep it accurate, complete and up-to-date

We adopt procedures that ensure high levels of data accuracy, completeness and

ensure that personal data is up-to-date.

6. Ensure it is adequate, relevant and not excessive

We shall only request and retain personal data to the extent that it is adequate, relevant

and not excessive. Public document by KBCI

7. Retain for no longer than is necessary

We have a retention policy for personal data.

8. Give a copy of his/ her personal data to that individual, on request

We adopt procedures to ensure that data subjects can exercise their rights under the

Data Protection Acts to access their data.

Sensitive Personal Data

Sensitive personal data will be held, only where necessary, in order to process

mortgage/credit/ investment/savings business. It may also be held for employment purposes if

employed by Gollogly Insurances Ltd.  Except in the narrow exceptional cases set out in the Data Protection Acts, explicit consent will be obtained from the client in line with the Data Protection Acts in order to process such data.

Responsibility

All employees and contractors of Gollogly Insurances Ltd who separately collect, control or process the content and use of personal data are individually responsible for compliance with the Data

Protection Acts. The Compliance Department co-ordinates the provision of support,

assistance, advice, and training throughout  Gollogly Insurances Ltd and its subsidiaries to ensure

compliance with the legislation.

Procedures and Guidelines

Gollogly Insurances Ltd is firmly committed to ensuring personal privacy and compliance with the Data

Protection Acts, including the provision of best practice guidelines and procedures in  relation to all aspects of Data Protection.

Access Requests

Gollogly Insurances Personal Data Access can be obtained by sending a request in writing to Gollogly Insurances, Drumgoan, Carrickmacross. Co. Monaghan.

Privacy Statement

Gollogly Insurances Ltd Privacy Statement can be found on our website at www.golloglyinsurances.ie

Enforcement

This policy applies to all employees (including contractors and temporary personnel) of

Gollogly Insurances Ltd.  In the event that any change is made to Data Protection legislation or regulation, this policy will be reviewed, updated and ratified.

Adherence to this policy is the responsibility of line management and will be subject to review

by the Compliance and Internal Audit Departments of Gollogly Insurances Ltd

References

For further information relating to Data Protection and Access Request requirements please

refer to:

¨      The Data Protection Acts 1988 and 2003 (available at the Data Protection Commissioner’s website www dataprotection.ie)

¨      The Central Bank of Ireland.