Privacy Notice

PRIVACY NOTICE

This privacy notice has been issued by Utmost PanEurope dac, Harcourt Life Ireland dac, Utmost Ireland dac, Utmost Bermuda Limited, Utmost Services Ireland Limited, together the Companies.

We recognise that protecting personal information, including special categories of data (sometimes referred to as sensitive personal data), is very important to you and that you have an interest in how we collect, use, store and share such information. This data protection privacy notice sets out how we will collect, use and protect your information and any information provided by other parties about you. 

If you have any questions, please contact us using the details provided at the end of this document

Contents

Who we are
Definitions
How we collect your personal data
Cookies
Personal data we may collect
Special categories of data
What your information is used for
Marketing and profiling by us
Legal basis for using your information
Who we share your information with
Security Processing
Where we use your information
How long we keep your information for
What if you don’t provide information to us?
Your rights
How to update the information we hold about you
General
Changing and updating this privacy notice
Our Data Protection Officer contact details
Complaints

Who we are

Utmost Pan Europe dac, trading as Utmost Wealth Solutions and Utmost Corporate Solutions, became part of the Utmost group of companies in 2018.  Utmost Pan Europe dac provides wealth management, savings, investments and employee benefit solutions to individuals, corporates and institutions across Europe and is regulated by the Central Bank of Ireland.

Harcourt Life Ireland dac, trading as Harcourt Life, is a specialist life book consolidator within the Life Company Consolidation Group (“LCCG”), with a primary focus on acquiring portfolios of international bond businesses.  Following an Insurance Portfolio Transfer approved by the High Court of Ireland, the entire life assurance businesses of Harcourt Life International (formerly Harcourt Life Assurance dac), Scottish Mutual International dac, Augura Life Ireland dac and Union Heritage Life Assurance Company dac transferred to Harcourt Life Ireland dac with effect 31st March 2018, all are closed to new business.  Harcourt Life Ireland dac is regulated by the Central Bank of Ireland.

Harcourt Life has a wholly owned subsidiary Utmost Bermuda Limited which also operates a closed life book. Utmost Bermuda Limited is regulated by the Bermuda Monetary Authority.

Utmost Ireland dac became the new name for Harcourt Life International dac on 30th June 2017 and is regulated by the Central Bank of Ireland.  Utmost Ireland dac, trading as Utmost Wealth Solutions, is a sister undertaking of Harcourt Life and specialises in life assurance and capital redemption bonds for high net worth UK residents.

Utmost Services Ireland Limited is part of the Utmost group of companies and provides ancillary services for insurance and pensions.

Definitions

This notice is based on the terms within the GDPR but for ease of reference and understanding the following terms apply:

Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by the Union or Member State law.

Personal Data: any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data Subject: an identified or identifiable natural person, whose personal data is processes by the controller responsible for the processing.

Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

Third Party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available alignment or combination, restriction, erasure or destruction.

Restriction of Processing: the marking of stored personal data with the aim of limiting their processing in the future.

Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

How we collect your personal data

Your personal data (and, if applicable, that of other people insured under your policy of insurance or people making a claim on the policy or beneficiaries you designate for your policy) will be gathered and processed by our staff or, where you choose to use them, our online services. 

In order to gather the personal data that we need in order to provide you with a policy we may:

  • obtain personal information directly from you, your broker (or other representative) or anybody else insured under your policy of insurance;
  • obtain personal information from third parties with whom you and/or anybody insured under your policy of insurance have engaged in accordance with the terms and conditions of the policy, including medical practitioners;
  • carry out credit searches internally or with one or more credit checking or credit reference agencies.
  • refer your information to the relevant law enforcement agencies

We may request details about you or anybody else insured under your policy of insurance regarding your or their health and in particular any medical conditions affecting you or them.

When you use our online services, we gather certain information automatically and store it in files. This information includes IP addresses, browser type, internet service provider, referring/exit pages, date timestamp and click stream path. This data does not contain any personal identifiable information and is used to analyse trends, to administer the site and to track users’ movements around the website during a particular session and to gather demographic data.

It is important that the information you give us is correct. You have a legal obligation to take reasonable care not to provide us with inaccurate, incorrect or incomplete information when taking out an insurance policy. If this happens the Companies has certain legal rights which may include the avoidance of the contract of insurance and the possibility of refusing any claims made by you or others in respect of your policy. 

Cookies

Cookies are small text files stored by your browser. They are created when your browser loads our website. Every time you visit our website, the browser you are using e.g. Internet Explorer, Firefox etc. retrieves and sends the file to our server. They help us to track information on our systems and identify categories of visitors by using information such as your IP address, domain, browser type and pages visited. If you require further information please click this link: https://www.utmost.ie/cookie-policy/ 

Personal data we may collect

We need to collect many categories of personal data (about you and other parties) for the purposes listed below under ‘What your information is used for’. The following category headings and types of data are a non-exhaustive list of data we may collect:

Policy information: Information such as name, address, date of birth, gender, driving licence details, passport details, payment details, tax identification number, employment details, location information, life assured details, beneficiary details, source of funds etc.

Claims information: Identity of a beneficiary including name, address, passport details, proof of relationship with the life assured, evidence that the insured event has occurred including certificate of death etc.

Special categories of data

In addition to the categories of data detailed above the Companies may be obliged to collect the following categories of data in certain circumstances:

Sensitive categories of data or Personal Sensitive Data such as health information, trade union membership or criminal convictions will only be collected and processed by us in line with the GDPR and the Irish Data Protection Act 2018.

Information in respect of a minor – Personal data in respect of a minor will be processed with the consent of a parent or legal guardian only. A minor for the purposes of this privacy notice shall be taken to be a reference to a person under 18 years of age.

Please note the processing of data concerning health is necessary in order to enter into a contract of insurance with you and to manage claims that may arise under this insurance contract.  

What your information is used for

You have provided or intend to provide us with certain information. Below are some examples of how we may use your information:

(1) (a) If you are a policyholder we will use your information as follows:

  • Reviewing transactions and correspondence to enable us to deal with your queries;
  • Managing and administering your policy in accordance with the terms and conditions;
  • Processing transactions you request with respect to your policy including applications for new business, top-ups and surrenders;
  • Managing our relationship with you (for example, updating you on changes to our business or updating your record with us if you change your address and otherwise contacting you);
  • Taking steps to recover unpaid premiums and debts;
  • Responding to any complaints you make;
  • Providing your information to third parties who we may appoint in accordance with the terms and conditions of your policy;
  • Assessing any potential business risks from your application details.

(b) If you are a claimant we will use your information as follows:

  • Managing and administering your claim in accordance with the policy’s terms and conditions;
  • Responding to any complaints you make.

(2) To meet legal and regulatory obligations

As a regulated life insurance company we are required to comply with a range of different legal obligations such as tax reporting, data protection and financial crime prevention. Sometimes we have to share your information with regulatory authorities, for example:

  • Sharing information with Financial Services and Pensions Ombudsman in relation to complaints you make;
  • Reporting information to tax authorities including, for example, reporting under the Foreign Account Tax Compliance Act (“FATCA”) and Common Reporting Standard (“CRS”) requirements;
  • Meeting obligations we have in relation to the prevention and detection of crime such as money laundering, the reporting of suspicious transactions and requirements to check our records against financial sanctions lists and to report any matches.
  • Meeting our legal obligations for example Consumer Protection Code and the Money Laundering Acts.

(3) To improve our business

  • From time to time we may request feedback from our customers in order to improve the service we offer, for example by conducting customer satisfaction surveys.  
  • We may also use your personal data when we are testing enhancements to our IT systems or websites to help ensure that the changes we make are tested in as real an environment as possible, thereby minimizing the impact on our customers. 
  • For customer service and quality control purposes, we may record and monitor calls in order to assess the quality our staff’s customer service, to verify your identity, to administer your policy and to improve our services to you. 

Marketing and Profiling by us

We will communicate with you only to share important information about your policy or changes to our business. We will not conduct any marketing activity with you without your explicit consent to do so. 

Legal basis for using your information

We will only collect, use and share your information where we have a valid reason to do so under data protection legislation. We have three main reasons for collecting and using your information which are set out below. Often we will need your information for more than one reason, for example, in order to perform our contractual and legal obligations. 

 

  • 1. Contractual obligations – We need to process your personal details and in some cases sensitive data before we can enter into an insurance contract with you as part of the application process. Once the contract is in place, the processing of your personal information is necessary for the performance of this contract including but not limited to:
    • using your bank account details to process payments
    • verifying the accuracy of the personal information that we receive from you and for verifying your identity
    • underwriting your policy
    • administering and processing your insurance policy and handling any claims
    • managing complaints
    • maintaining and storing records on our systems. 

If you do not provide us with your personal data for the above purposes, we may not be able to provide services to you or process any claims that you may make. 

  1. Legal obligations – we may need certain information from you in order to meet our legal obligations; for example, we require proof of identity (e.g. certified copy of a passport) to meet our anti-money-laundering obligations. We may also need to use your personal data for reporting to supervisory authorities, for actuarial analysis and risk management purposes.   
  2. Our legitimate business interests – we strive continually to improve how we do business with you and how to develop our service to you; for example, we may undertake a survey of our policyholders to determine how we can improve our relationship with you. Furthermore, we may process your personal data for preventing fraud, for internal administrative purposes and for reporting potential criminal acts to a competent authority. 

Before using your personal data to pursue our legitimate interests, the impact of our processing activities is carefully considered against the fundamental rights and freedoms of individuals. 

On balance, Utmost have determined that the legitimate interest processing of your personal data which is conducted by us is necessary and does not override your rights and freedoms.

Who we share your information with

We sometimes need to share the personal information that we process with individuals themselves and also with other groups as listed below.  Where this is necessary we are required to comply with all aspects Data Protection Regulation (both local and European) and in some instances the Electronic Communication Regulation.

 

  1. Group companies

We may share your data with other companies in our corporate group in order to meet our legal obligations and for policy administration purposes including but not limited to underwriting, claims handling, customer service and investment administration.

  1. Service Providers

We use third party companies to provide services so we can administer your policy and deliver a service to you. For example:

  • an asset manager we appoint to manage the assets linked to your policy;
  • service providers to perform underwriting, claims or customer service;
  • medical practitioners that are used by us to assess your health when taking out an insurance policy with us and for medical opinions and expertise in respect of claims arising on your policy
  • IT system companies that hold or analyse your information
  1. Reinsurers

A reinsurer is another insurance company who takes on the risk of when and how much we have to pay customers on their policy. Like other insurance companies, we use reinsurers to help us manage our risk.

  1. Anyone you ask us to share your information with

If you ask us to share your information with a third party such as a financial advisor or solicitor, we will. If a third party asks for your information, in these circumstances we will check with you to confirm that it is at your request and we have your authority to release it.

  1. Other parties

As outlined above, under “What your information is used for” we have a legal obligation to provide information from time to time to regulatory bodies such as tax authorities, law enforcement agencies and Ombudsman Services.

  1. Professional advisers

We use professional advisers to provide services to us, for example legal advice, accountancy services and consultancy services. We will only share your personal information with such advisers where it is necessary for them to provide their services. 

  1. Courts and those involved in any legal process

If a court requires us to disclose your information or if it needs to be disclosed as part of a legal process.

  1. Anyone in the future who may buy or merge with our business

If we merge with another company or are sold to another organisation then we may need to share your information with them.

  1. Other Insurers

We may share your information with other insurers for the purposes of assessing claims if we accepted your cover based on a proposal and underwriting with another insurer. Equally, we may provide these details to another insurer for the same purposes. 

Security Processing

As the data  controller, the Companies have implemented technical and organisational measures to ensure personal data processed remains secure however absolute security cannot be guaranteed.   Should you have any question in respect of our security arrangements please contact us using the Data Protection Officer “(DPO)” contact details at the end of this notice.

Where we use your information

It may sometimes be necessary to transfer personal information overseas.  When transfers are needed, personal information may be transferred to countries outside the European Economic Area (EEA). Any transfers made will be in full compliance with all aspects of the General Data Protection Regulation and in accordance with the country-specific legislation applicable to us.

How long we keep your information for

The criteria used to determine the retention period of personal data is the statutory retention periods as stipulated within each Member State. We do not keep your information for longer than is necessary. Different information will need to be held for different periods of time; this may be due to a variety of reasons including legal obligations and to enable us to provide you with a good level of service. We have outlined the retention period in the table below:

PRODUCT TYPE OF INFORMATION RETENTION PERIOD
Savings & Investments Quote information where a policy is not taken out 3 years from issuance of the quote
Policy information  The life of the policy plus 10 years
Claims information  10 years from the date the claim is finalised or declined
Employee Benefits Quote information where a policy is not taken out 3 years from issuance of the quote
Policy information & Claims Information Personal data and any sensitive personal data will be retained by us for as long as you have a relationship with us. We also hold it after this where we need to for complaints handling, legal claims, for system back-ups and for as long as we are required to under regulations.

What if you don’t provide information to us?

We try not to ask you for personal information that we don’t need. If we ask you for personal information that seems unnecessary to you, please contact our Data Protection Officer for an explanation.

If you do not provide certain information we may not be able to provide our service to you; for example, if you don’t provide the information requested on a surrender form we may not be able to process your surrender. 

Your rights

We have set out a summary of your key rights below, but have not included all the circumstances or conditions which apply to them. If you have any questions on your rights, you can contact our Data Protection Officer for help. 

If you do not provide certain information we may not be able to provide our service to you; for example, if you don’t provide the information requested on a surrender form we may not be able to process your surrender.

Right to stop us using your information – if you don’t want us to use your information for administering policies you can ask us to stop and we will do so unless there is an important reason why we need to continue using it.  If you ask us to stop using your information we will still keep it where we are legally obliged to, but we will not use it for other purposes. However, if we are unable to process your personal data, this may prevent us from providing a service to you which is governed by the terms and conditions of the policy that has been issued. 

Right to access your information – you have the right to ask for a copy of the information that we hold about you and this will usually be provided free of charge. For your security, we will take reasonable steps to confirm your identity before providing you with any personal information we may hold about you. 

Right to transfer your information – you can request that we transfer certain information we hold about you to you or to a third party in electronic form.

Right to ask us to delete your information – in certain circumstances, for example if the personal information we process is incorrect, you can ask us to stop using or holding your information until it has been corrected. If your relationship with us has ended and you request us to delete your personal information we will where possible, but sometimes we have to maintain records as per our data retention timeframes as outlined above and including but not limited to the reasons outlined below:

  • for legal reasons such as compliance with a legal obligation i.e. the Consumer Protection Code which requires Utmost to retain data for at least 6 years. 
  • where the deletion of your personal data is likely to render impossible or seriously impair the achievement of the objectives of that processing
  • for the establishment, exercise or defence of legal claims. 

 

If we cannot comply with your request, then we will contact you and explain why.

Right regarding Consentwe do not rely on ‘Consent’ to process your personal data, our processing is lawful as we require your personal and health information for the purposes of entering into an insurance contract with you and / or to assess and administer any claims made by you.  

Automated decision making and your right to object – We may use customer details for automated decision-making when choosing whether to accept the risk. 

Where we use automated decision making which produces legal effects for you or otherwise significantly affects you, you will have the right to obtain human intervention and to contest and make representations in relation to the decision in question.

Right to Complain to the Supervisory Authority – You have a right to complain to the Supervisory Authority.  Details of the Authority are included at the end of this Notice.

How to update the information we hold about you?

It is important that the information we hold about you is accurate and up to date. Please let us know if your information changes, or if the information we hold about you is incorrect. You can ask our customer services team to update or correct your information.

If we have disclosed the personal information in question to another company (including another company within the group), we will also let them know about the changes unless it is very difficult or not possible for us to do so. 

General

You may not transfer any of your rights under this privacy notice to any other person. We may transfer our rights under this privacy notice where we reasonably believe your rights will not be affected.

If any court or competent authority finds that any provision of this privacy notice (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this privacy notice will not be affected.

Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.

This notice will be governed by and interpreted according to the law of the Republic of Ireland.  All disputes arising under this will be subject to the exclusive jurisdiction of the Irish Courts.

Changing and updating this privacy notice

We may change this privacy notice from time to time to keep it up to date, or to comply with legal requirements. In that case a revised version of this privacy notice will be published on our website.

Our Data Protection Officer contact details

If you have any questions or concerns about our use of your information or would like a copy of the information we hold about you or want to action your rights as described above, please contact our customer services team or alternatively our Data Protection Officer: 

Name: Sarah McCormack

Data Protection Officer
Utmost Group Companies

Address: Navan Business Park
Athlumney, Navan
Co. Meath C15 CCW8
Ireland
Email: Dataprotection@Utmost.ie
Phone: +353 (0) 46 909 9700

Complaints

If you are unhappy with any aspect of the way we handle your personal data, you can make a complaint using the email address below or alternatively contact our Data Protection Office as indicated above.

Email: complaints@Utmost.ie

You also have the right to complain to the Data Protection Commissioner, contact details as follows: 

Postal
Address
Data Protection Commissioner
Canal House
Station Road
Portarlington
R32 AP23 Co. Laois
E-mail info@dataprotection.ie
Telephone +353 57 8684800
Lo-Call
Number
1890 252 231
Website www.dataprotection.ie

 

https://www.utmost.ie/privacy-notice/