Data Protection Policy
1. Overview & Objectives
Overview
Gollogly Insurances Ltd respects each individual’s privacy and data protection rights
and complies with its obligations under the Data Protection Acts 1988 and 2003.
The Data Protection Acts 1988 and 2003 (the “Data Protection Acts”) lay down strict rules
about the way in which personal data and sensitive personal data are collected, accessed,
used and disclosed. The Data Protection Acts also permit individuals to access their personal
data on request, and confer on individuals the right to have their personal data amended if
found to be incorrect.
This document outlines Gollogly Insurances Ltd policy to help ensure that we comply with the Data
Protection Acts.
Objective
This policy is a statement of Gollogly Insurances Ltd commitment to protect the rights and privacy of
individuals in accordance with the Data Protection Acts.
2. Scope
This policy applies to all employees (including contractors and temporary personnel) of
Gollogly Insurances Ltd and its subsidiaries who process personal data/sensitive personal data of individuals including clients.
3. Definitions
Unless defined otherwise, the following definitions are used for this policy:
Data: means automated and manual data
Data Protection: Is the safeguarding of the privacy rights of individuals in
relation to the processing of personal data, in both paper
and electronic format.
Personal Data: means data relating to a living individual who is or can be
identified either from the data or from the data in
conjunction with other information that is in, or is likely to
come into, the possession of the data controller.
Processing of or in relation to information or data, means
performing any operation or set of operations on the
information or data, whether or not by automatic means,
including:
(a) obtaining, recording or keeping the information, or
(b) collecting, recording, organising, storing, altering or
adapting the information or data,
(c) retrieving, consulting or using the information or data
(d) disclosing the information or data by transmitting,
disseminating or otherwise making it available, or
(e) aligning, combining, blocking, erasing or destroying the
information or data
Sensitive Personal Data means personal data as to –
(a) the racial or ethnic origin, the political opinions or the
religious or philosophical beliefs of the data subject,
(b) whether the data subject is a member of a trade union Public document by Gollogly Insurances Ltd
(c) the physical or mental health or condition or sexual life
of the data subject
(d) the commission or alleged commission of any offence
by the data subject, or
(e) any proceedings for an offence committed or alleged to
have been committed by the data subject, the disposal
of such proceedings or the sentence of any court in
such proceedings.
4. Data Protection Policy
Collecting information about individuals, including clients
We collect and use information to provide the following services:
¨ to provide credit and investment services;
¨ to undertake advertising, marketing, direct marketing and public relation exercises;
¨ to perform accounting and other record-keeping functions;
¨ to provide personnel, payroll and pension administration services.
¨ to provide clients with online services.
¨ to comply with our legal obligations.
Data Protection Principles
We shall perform our responsibilities under the Data Protection Acts in accordance with the
following eight Data Protection principles:
1. Obtain and process information fairly
We shall obtain and process personal data fairly and in accordance with statutory and
other legal obligations.
2. Keep it only for one or more specified, explicit and lawful purposes
We shall keep personal data for purposes that are specific, lawful and clearly stated.
Personal data will only be processed in a manner compatible with these purposes.
3. Use and disclose only in ways compatible with these purposes
We shall use and disclose personal data only in circumstances that are necessary for
the purposes for which we collected the data. Where we wish to use personal data for
marketing purposes, appropriate consents must be obtained from the clients/potential
clients.
4. Keep it safe and secure
We shall take appropriate security measures against unauthorised access to, or
alteration, disclosure or destruction of personal data and against its accidental loss or
destruction. This includes adopting enhanced security measures where personal data is
being stored or processed outside of a secure KBCBI office location (e.g. encryption of
laptops etc).
5. Keep it accurate, complete and up-to-date
We adopt procedures that ensure high levels of data accuracy, completeness and
ensure that personal data is up-to-date.
6. Ensure it is adequate, relevant and not excessive
We shall only request and retain personal data to the extent that it is adequate, relevant
and not excessive. Public document by KBCI
7. Retain for no longer than is necessary
We have a retention policy for personal data.
8. Give a copy of his/ her personal data to that individual, on request
We adopt procedures to ensure that data subjects can exercise their rights under the
Data Protection Acts to access their data.
Sensitive Personal Data
Sensitive personal data will be held, only where necessary, in order to process
mortgage/credit/ investment/savings business. It may also be held for employment purposes if
employed by Gollogly Insurances Ltd. Except in the narrow exceptional cases set out in the Data Protection Acts, explicit consent will be obtained from the client in line with the Data Protection Acts in order to process such data.
Responsibility
All employees and contractors of Gollogly Insurances Ltd who separately collect, control or process the content and use of personal data are individually responsible for compliance with the Data
Protection Acts. The Compliance Department co-ordinates the provision of support,
assistance, advice, and training throughout Gollogly Insurances Ltd and its subsidiaries to ensure
compliance with the legislation.
Procedures and Guidelines
Gollogly Insurances Ltd is firmly committed to ensuring personal privacy and compliance with the Data
Protection Acts, including the provision of best practice guidelines and procedures in relation to all aspects of Data Protection.
Access Requests
Gollogly Insurances Personal Data Access can be obtained by sending a request in writing to Gollogly Insurances, Drumgoan, Carrickmacross. Co. Monaghan.
Privacy Statement
Gollogly Insurances Ltd Privacy Statement can be found on our website at www.golloglyinsurances.ie
Enforcement
This policy applies to all employees (including contractors and temporary personnel) of
Gollogly Insurances Ltd. In the event that any change is made to Data Protection legislation or regulation, this policy will be reviewed, updated and ratified.
Adherence to this policy is the responsibility of line management and will be subject to review
by the Compliance and Internal Audit Departments of Gollogly Insurances Ltd
References
For further information relating to Data Protection and Access Request requirements please
refer to:
¨ The Data Protection Acts 1988 and 2003 (available at the Data Protection Commissioner’s website www dataprotection.ie)
¨ The Central Bank of Ireland.