LHK Group Privacy Notice

LHK Group is committed to protecting and respecting your privacy. We wish to be transparent on how we process your data and show you that we are accountable with the GDPR in relation to not only processing your data but ensuring you understand your rights.

For the purposes of the GDPR the data controller is LHK Group. The LHK Group includes the following regulated entities:

LHK Insurance Ltd T/A LHK Insurance and LHK Group

LHK Kelleher Insurance Ltd T/A LHK Kelleher Insurance, LHK Financial and LHK Group

Mortgage One

Dublin: Rosemount House, Dundrum Road, Co Dublin, D14 P924 Tel: 01-205 5600 Drogheda: 12 Trinity Street, Drogheda, Co. Louth A92 RH63 Tel: 041 983 7660

When we refer to, we/us, we mean LHK Group including the entities above.

Please read this Privacy Notice carefully as this sets out the basis on which any personal data, we collect from you, or that you provide to us, will be processed by us.

Who are we? 

LHK Group is a Leinster-based general insurance and financial planning advisory firm serving commercial and personal clients, nationally.

How do we collect your information and what information do we collect? 

The personal information we collect varies depending upon the nature of our services. We will endeavour to provide you with an overview of those categories of personal data our organisation collects and our purpose for using that data.

Our organisation collects personal data in the following ways, if you: 

  • request a service from us;
  • register with or use any of our websites or online applications;
  • use our website/apps and it installs cookies or other tracking technologies onto your device.
  • engage with us on social media;
  • contact us with a complaint or query;
  • apply for a position with us;

What information do we collect?

The information we collect about you includes the following:

  1. Contact and Identifying information, e.g., name, address, contact details; email, mobile, landline
  2. Unique identifiers e.g.
    • PPS number – necessary for performance of a contract
    • Pension scheme reference number- necessary for performance of a contract
    • Insurance policy numbers- necessary for performance of a contract
  3. Demographic details, age, gender, marital status, lifestyle, and insurance requirements; date of birth, dependents, photo ID, as well as collecting personal information about you, we may also use personal information about other people, for example family members you wish to insure on a policy. E.g., your children/spouse
  4. Family and Beneficiary Data, e.g., dependants, next of kin or nominated beneficiaries, Power of Attorney, Enduring Power of Attorney. Details of Solicitor/Tax Advisor/Accountant.
  5. Employment information e.g., role, employment status (such as full/part time, contract), salary information, employment benefits, and employment history; This information is necessary for our Fact Find with our clients.
  6. Publicly available sources: e.g., Information about you in the public domain such as Director information from the Companies Registration Office, Register of Beneficial Owners.
  7. Health information such as information about your health status, medical records and medical assessment outcomes; We collect medical information relating to personal habits (e.g., smoking and consumption of alcohol), medical history. We may also process certain special categories of information, for example information about your personal characteristics (biometric information) or disability information.
  8. Pensions and Insurance Benefits information such as current benefits, pension entitlement information, date of retirement and any relevant matters impacting your benefits such as voluntary contributions, Pensions Adjustment Order.
  9. Financial details e.g., bank account details, details of your credit history and bankruptcy status, salary, tax code, third-party deductions, bonus payments, benefits and entitlement data, national insurance contributions details.
  10. Claims Data (From you and any relevant third parties).
  11. Marketing preferences: we will only send you direct marketing if you explicitly consent.
  12. Online information: e.g., information about your visits to our websites; please refer to your Cookie policy
  13. Events information e.g., information about your interest in and attendance at our events, including provision of feedback forms;
  14. Social media information (e.g., likes and posts) with our social media presence; this includes, LinkedIn, Facebook
  15. Criminal records information e.g., the existence of or alleged criminal offences, or confirmation of clean criminal records for motor products.
  16. Searches that we undertake in relation to sanctions, money laundering and credit checks. Wealthtrack; Vision Net; CRO
  17. Calculators: We use this data to perform calculations to prepare quotations for life insurance or mortgage protection policies

When our organisation collects sensitive personal data as defined within the GDPR we will ensure that we require this information, and we have your explicit consent and/or authorisation prior to our collection. Please see the further information contained in this Privacy Notice that outlines special categories of personal data.

Information we automatically collect. 

We sometimes automatically collect certain types of information when you visit our websites and through e-mails when we communicate with you. Automated technologies may include the use of web server logs to collect IP addresses, “cookies” and web beacons. Other cookies such as functional cookies, marketing cookies and analytical cookies will only be used with your expressed consent.

The use of cookies on our website 

In general, you may visit our website without identifying yourself or revealing any personal information. However, our website uses cookies which hold basic information that shows us if you have visited our website previously, which pages you visited, the name of the Internet Service Provider and the Internet Protocol (IP) address by which you are accessing the Internet, and the Internet address from which you linked to our site, if applicable. We use this information to better understand how our website is being used so that we can improve its performance. Some portions of our website may request that you give us information about yourself, from which we are able to identify you, such as your name, email or other address.

The information stored in cookies can include personal data, such as that listed above, but it may also contain non-personal data such as language settings or information about the type of device a person is using to browse the site. Advertising IDs, user IDs and other tracking IDs may also be contained in cookies.

Under current regulations, we are permitted to store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your permission. You can, at any time, change or withdraw your consent by accessing the ‘Manage Cookies Consent’ function provided on the footer of our website. Here you can Accept All or Reject All cookies (except ‘necessary cookies’ that enable the website to function correctly), review the cookies we use, and select or deselect categories of cookies. Today, web browsers provide you with control over whether you allow cookies to be collected. You can also delete or clear cookies from your browser at any time. www.allaboutcookies.org shows you how to see what cookies have been set on your browser and how you can manage them.

How do we use your personal data? 

Your Personal Data will be used to enable us to fulfil our contractual obligations in relation to your request for insurance, investment, protection, pension products, financial advice, quotes.

  1. Performing services for our clients and prospective clients – when you require insurance/financial products, we use your data to enable us to provide the required product
  2. Statutory and other regulatory requirements – we are required to carry out various obligations which include:
    • AML/Sanction checking
    • Knowing your customer “Fact Find”
    • Adherence to the Consumer Protection Code and other regulatory codes and regulatory requirements
  3. Communicate and marketing to you – Circulator; email where consent has been given; Website ; LinkedIn; Facebook; Engage Hub.
  4. Process claims – LHK Claims Management App
  5. To contact you if required or to respond to any communications that you might send to us
  6. To administer our website
  7. Carry out our obligations arising from any contracts entered between you and us and to provide you with the information, products, and services that you request
  8. Arranging premium finance agreements with Premium Finance and Close Brothers Premium Finance
  9. Provide professional services
  10. Handling complaints
  11. To notify you about changes to our service(s)

Legal Basis  

We need to ensure that we process your personal data lawfully. We rely on the following legal grounds to collect and use your personal data.     

Performance of a contract – When we enter a contract with you, we will collect and use your personal data to enable us to fulfil that service.

Legal obligation – The use of some of your personal data is necessary for us to meet our legal obligations e.g., pension contributions for Revenue Certificates, Regulatory purposes to the Central Bank. Sometimes we may rely on consent as a legal basis for processing your information.

For example, we rely on consent to collect and use personal data for any criminal convictions or alleged offences. This is used when we need to assess risk relating to an insurance policy for you. We share this information with other third parties where it is necessary to manage these services provided to you – these services include insurance underwriters, reinsurer and other insurance providers.

Consent – We may also rely on your consent to send direct marketing to you. We will ensure that we present this to you concisely. We will also ensure that we use clear and plain language and if you give us your consent you can withdraw this easily at any time.

Sometimes if you refuse to provide information that we reasonably require to provide the services, we may be unable to offer you the services and/or we may terminate the services provided with immediate effect.

Legitimate interests – Where we rely on this legal basis to collect and use your personal information, we shall take appropriate steps to ensure the processing does not infringe the rights and freedoms conferred to you under the applicable data privacy laws.

How we share your data

When  required,  we  may  make  your  information  available  to  third  parties  with  whom  we  have  a relationship, where that third party is providing services on our behalf. We will only provide those third parties (data processors) with information that is necessary for them to perform the services.  We will take measures to protect your information, such as putting in place Standard Contractual Clauses and confidentiality agreements.  

  1. Insurance Partners where we need to manage the services provided to you such as Product Providers and insurance underwriters, reinsurers, and loss adjuster. You can refer to their privacy statements on their website for more information about their privacy practices.
  2. Vetting and risk management agencies such as credit reference, criminal record, fraud prevention, data validation and other professional advisory agencies, where necessary to prevent and detect fraud in the insurance industry and take steps to assess the risk in relation to prospective or existing insurance policies and/or the services.
  3. Legal advisers, loss adjusters, and claims investigators, where necessary to investigate, exercise or defend legal claims, insurance claims or other claims of a similar nature.
  4. Medical professionals, e.g., where you provide health information in connection with a claim against your insurance policy; or when we are providing a quote for insurance.
  5. EU Law enforcement bodies, when required to do so by law and/or regulation, or another legal request.
  6. Public authorities, regulators and government bodies, where necessary for us to comply with our legal and regulatory obligations, or in connection with an investigation of suspected or actual illegal activity.
  7. Third-party processors: We outsource our processing operations to suppliers that process personal information on our behalf. Examples include IT service providers who manage our IT and back-office systems and telecommunications networks, and accounting and payroll providers, CRM providers. These processing operations remain under our control and we have data processing agreements in place with all our third party processors to ensure all processing is carried out in accordance with our security standards and the GDPR.
  8. Internal and external auditors where necessary for the conduct of company audits or to investigate a complaint or security threat.

Transferring personal data outside of Ireland 

Where we transfer personal data to a country outside of the EEA (referred to in the GDPR as ‘third country,’) we will ensure it is done lawfully, i.e. there is an appropriate “level of protection for the fundamental rights of the data subjects”.  We will therefore ensure that either the EU Commission has granted an adequacy decision in respect of the third country, or appropriate specified safeguards have been put in place, (e.g., Binding Corporate Rules (BCRs) or Standard Contractual Clauses (SCCs)).

The EU Commission adopted adequacy decisions for transfers of personal data to the UK. This means that the EU accepts that the UK data protection regime is substantially equivalent to the EU regime and allows personal data to be transferred freely from the EEA to the UK.  Therefore, the UK is not deemed a third country.

In the absence of an adequacy decision the GDPR allows the transfer if the controller or processor has provided appropriate safeguards. These safeguards include Standard Contractual Clauses (SCCs). We, the data controller must abide by the SCCs as well as the Recommendations adopted by the European Data Protection Board on measures that supplement the SCCs which will ensure the level of protection provided for within the GDPR.

Security 

The security of your personal data is important to us, we have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk. We have processes in place to protect your personal data from loss, unauthorised access, misuse, alteration and destruction.   

Retention 

LHK Group shall not keep personal data in a form that permits identification of data subjects for a longer period than is necessary. The retention period for each category of personal data will be set out in our Retention Schedule. Personal data will be disposed of securely.

Liability insurance 

If you hold insurance against a liability that may be incurred by you against a third party, where for whatever reason you cannot be found or you become insolvent, or the court finds it just and equitable to so order, then your rights under the contract will be transferred to and vested in the third party even though they are not a party to the contract of insurance.  The third party has a right to recover from the insurer the amount of any loss suffered by them.  Where the third party reasonably believes that you as policyholder have incurred a liability, the third party will be entitled to seek and obtain information from the insurer or from any other person who is able to provide it, including LHK Group concerning:

  • the existence of the insurance contract,
  • who the insurer is,
  • the terms of the contract, and
  • whether the insurer has informed the insured person that the insurer intends to refuse liability under the contract.

Data Subjects Rights: 

LHK Group will facilitate your rights in line with our data protection policy and the Subject Access Request procedure. This is available on request.   

Your rights as a data subject 

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

  • Right of access – you have the right to request a copy of the information that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records. (The erasure of such data will be dependent on our other legal obligations, and whether the data is subject of legal privilege).
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling.
  • Right to make a complaint: if we refuse your request under rights of access, we will provide you with a reason as to why.

All the above requests will be forwarded on, should there be a third party involved, as we have indicated in the processing of your personal data.

Complaints 

If you wish to make a complaint about how your personal data is being processed by LHK Group or how your complaint has been handled, you have the right to lodge a complaint with our Head of Compliance.

Email: dataprotection@lhkgroup.ie Phone: (01) 2055600

You may also lodge a complaint with the Data Protection Commission (DPC) in Ireland, whose details are:

Data Protection Commission  21 Fitzwilliam Square South,  Dublin 2 D02RD28

Phone: (01) 765 0100

Web: www.dataprotection.ie  Email: info@dataprotection.ie

See website for updated contact details to reach the appropriate section within the DPC.

Failure to provide further information  

If we are collecting your data for a contract and you cannot provide this data, the consequences of this could mean the contract cannot be completed or details are incorrect. When you fail to provide us with information we require to fulfil our obligations to you, we may be unable to offer our services to you.

Profiling – automatic decision making 

An automated decision is when we input your personal data into a computer programme and this programme analyses your personal data to provide us with a result.  There is no human involvement in the decision making. If a decision is taken by automated means, you have the right to object to this and ask us to reconsider the service you have asked us to provide. Some further examples of automated decisions that we undertake are; 

Financial advisors using profiling in their business. The main categories are:

  1. Risk Profiling.
  2. Profiling for marketing purposes.
  3. Establishing affordability and providing quotations for financial services products.
  4. Bankruptcy check.
  5. PEP check.

Special Categories of personal data 

Special categories of data are sensitive in relation to your fundamental rights and freedoms and therefore require specific protection when processed as these could create significant risks to the rights and freedoms of individuals.

If we collect any special categories of personal data, we will either obtain your explicit consent or we will adhere to the Data Protection Act 2018. This Act allows us to process special categories of personal data  for insurance and pension purposes. We will ensure we have suitable and specific measures in place to  safeguard the rights and freedoms of you and the processing of your data. These measures relate to the  below:

  • a policy of insurance or life assurance,
  • a policy of health insurance or health related insurance
  • an occupational pension, a retirement annuity contract or any other pension arrangement

Contact Us 

Your privacy is important to us. If you have any comments or questions regarding this statement, please contact us: 

Email: dataprotection@lhkgroup.ie 

Phone: (01) 205 5600

Privacy notice/ statement changes 

When we update this Privacy Notice/Statement, we will post a revised version online. Changes will be effective from the point at which they are posted. We would encourage you to review our Privacy Notice so that you are aware of updates.