Wrightway Underwriting Limited – Data Protection & Privacy Policy

This Privacy Policy describes what Personal Data we collect, how we handle it, why we need it and who we share it with. We may also supplement this Privacy Policy with Data Protection Notices where appropriate. Wrightway Underwriting Ltd (‘WUL’) processes Personal Data and Special Categories of Personal Data to distribute and administer insurance products and to provide related services. Depending on your relationship with us, we may collect different types of data relating to you. Further information is set out in this Privacy Policy.



Who are we?

We are Wrightway Underwriting Ltd (referred to as ‘WUL’), a private company limited by shares incorporated in Ireland and registered under company number 293846. Our registered office is at Zurich House, Ballsbridge Park, Dublin 4. WUL is a member of the global Zurich Insurance Group (‘Group’). WUL is ultimately owned by Zurich Insurance Company Ltd a company incorporated in Switzerland.

We are a Managing General Agent (“MGA”) regulated by the Central Bank of Ireland. We distribute insurance products on behalf of insurance companies (“Product Providers”), domiciled in Ireland and abroad through our broker network in Ireland. As an MGA, we have been granted authority by our Product Providers to bind cover on their behalf, service your policy and to handle and settle any claims thereunder.

This Privacy Policy relates to insurance products that are bound and administered in the Republic of Ireland.

DATA PROTECTION DEFINITIONS

We use certain expressions throughout this document such as Personal Data and Special Categories of Personal Data.

Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Special Categories of Personal Data includes information revealing a person's racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Data Controller means the entity which, by itself or jointly with others, determines the purposes and means of processing Personal Data. WUL is the Data Controller in respect of Personal Data and Special Categories of Personal Data covered by this Privacy Policy.

This Privacy Policy sets out the basis on which any Personal Data and Special Categories of Personal Data we collect from you, or others provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your Personal Data and Special Categories of Personal Data and how we will treat it.

If you have any queries on data protection, our Data Protection Officer may be contacted at:

  • Wrightway Customer Services on +353 (0)53 916 7100
  • Email at dpo@wrightway.ie
  • Data Protection Officer, Wrightway Underwriting Ltd, Limekiln House, Drinagh, Wexford, Co. Wexford, Ireland, Y35 KX2P




  • What personal data do we collect from you?

    You may give us Personal Data and Special Categories of Personal Data:

  • By corresponding with us in writing, by phone, email or otherwise;
  • By applying for, or purchasing, one or more of the products that we distribute, via an authorised intermediary;
  • By corresponding with us in relation to one or more of your policies (e.g. with respect to a claim);
  • By corresponding with us if you are a third party claimant or beneficiary/claimant under a policy;
  • By posting on our social media platforms, message boards, blogs and any other services to which you can post information. Please note that if you share Personal Data or Special Categories of Personal Data through these services, this information may become public information;
  • When you supply us with goods or services;
  • By applying to work with us. The type of information you may provide includes your curriculum vitae (CV), a cover letter, your name, address, email address and telephone number. CVs should include information relevant to your employment history and education (e.g. degrees obtained, places worked, positions held, relevant awards). We ask that you do not disclose Special Categories of Personal Data (e.g. medical information, religion, philosophical or political beliefs) or financial data in your application;
  • By visiting our offices your image may be captured on the closed-circuit television (CCTV) cameras located in our car park and public reception. Our CCTV policy regulates how we use Personal Data captured via CCTV.




  • Where appropriate, we may collect the following classes of Personal Data and/or Special Categories of Personal Data from and/or about you or any other person who may benefit from insurance coverage taken out or sought by you:

  • Contact and identifying information such as title, name, address (including Eircode), email address, telephone number, policy number, date and place of birth, gender, relationship status, VAT number, IP address, country of residence, years of residency and driving licence/permit details.
  • Financial information such as bank account details, credit/debit card details, credit history, records of payments and arrears and income details.
  • Employment and qualification details such as occupation, employer details, employee number, job position, membership status of any relevant bodies, employment and education history.
  • Medical and health details including information related to personal habits (such as smoking or consumption of alcohol), medical history, details of any disability, injuries sustained (including any relevant pre-existing health conditions and any subsequent injuries) and prognosis for recovery.
  • Other Personal Data such as telephone recording, CCTV recording, audio visual images and recordings, photographic images, marketing preferences, insurance history, premium and renewal dates of policies with other insurers, and website usage information.
  • Other sensitive information such as details of any criminal convictions and offences (including penalty points), civil litigation history as well as pending prosecutions. We may also, in certain cases, receive information from which it may be possible to infer your trade union membership, religious or political beliefs (for example. if you are a member of a group scheme through a professional, trade, religious, community or political organisation).
  • Information pertaining to the risk insured such as description of the risk, value of the risk, premium, renewal date, location information (including geocoding information), motor tax and National Car Test (NCT)/Certificate of Road Worthiness (CRW) status, driving history and claims history.
  • Claims data such as details of the circumstances of any incident giving rise to a claim under the policy, details of activities carried out by you and service provided to you following any such incident, details of any other claims that you have made, as well as financial, medical, health and other lawfully obtained information relevant to your claim including PPS number and social welfare information.




  • Your duty to inform us of changes

    It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.



    What personal data do we collect about you, from third parties?

    Where appropriate, we may obtain Personal Data and/or Special Categories of Personal Data about you from the following third party sources:

    1. Your broker, advisor, or any other third party acting on your behalf, other insurance companies, financial institutions or anybody else insured under your policy of insurance;
    2. Without limitation:
      • The insurance industry’s claims database known as InsuranceLink (for more information see www.inslink.ie);
      • The Integrated Information Data Service (‘IIDS’) which allows members of Insurance Ireland to verify information including penalty points and no-claims discount information provided by their customers;
      • The National Vehicle and Driver File, maintained and supported by the Department of Transport, Tourism and Sport, containing details of all registered vehicles in the State;
      • The Motor Insurance Anti-Fraud and Theft Register (MIAFTR) operated by the Association of British Insurers in the UK to log all insurance claims relating to written-off and stolen vehicles in the UK;
      • Third party vendors who provide data enrichment services (such as vehicle and claims history) to the insurance industry;
      • Geocoding databases to determine location based risk factors;
      • The Companies Registration Office and other business search tools.
    3. Distribution and affinity partners such as banks and mobile network operators through whom we distribute products or who introduce business to us;
    4. In the event of a claim or any incident that may give rise to a claim:
      • Any third parties involved in or witnesses to the incident;
      • Emergency services such as ambulance or fire services;
      • An Garda Síochána or other law enforcement agencies;
      • Experts or professionals (such as brokers, claim management companies, legal representatives, medical professionals, tradesmen, loss assessors, loss adjustors, accident investigators, other insurance companies, motor repairers, motor engineers, car hire providers and salvage providers) acting on your behalf as the claimant or on behalf of a third party entitled to indemnity under the policy;
      • The Personal Injuries Assessment Board;
      • Claims service providers and experts appointed by us during the handling of the claim (such as legal representatives, medical professionals, tradesmen, loss adjustors, accident investigators, motor repairers, motor engineers, car hire providers, salvage providers, consulting engineers, forensic engineers, architects and surveyors);
      • Private investigators in connection with the investigation of a claim;
      • The Department of Employment Affairs and Social Protection in connection with the Recovery of Benefits and Assistance scheme.
    5. From searches of publicly available information, whether obtained online or through various media outlets or State and/or industry registers.




    What personal data do we collect from you, about other people?

    Where appropriate, we may collect Personal Data and/or Special Categories of Personal Data from you that relate to people other than you, such as:

  • Employees, other persons entitled to indemnity under your policy (e.g. named drivers under a motor policy or family members covered under a travel policy), your broker or advisor, other claimants, any third parties involved in or witnesses to the incident giving rise to a claim, persons exercising a power of attorney, legal representatives, your medical professionals (e.g. GP), tradesmen, loss assessors, loss adjustors, accident investigators, motor repairers, or a referee (in the event of a job application).
  • When we receive documentary evidence from you, the documentation may contain Personal Data belonging to other people, not related to your policy or claim (e.g. a co-addressee on a bill). The Personal Data collected by us with respect to such people is not used by us but is retained as part of your records. All Personal Data on these other people will be removed from our records when we execute our retention policy to remove your Personal Data from our records.
  • Note: If you provide us with Personal Data or Special Categories of Personal Data relating to other people you must first: (a) inform the person about the content of this Privacy Policy; and (b) obtain any legally required consent from that person to the sharing of their Personal Data or Special Categories of Personal Data in this manner.



    Why do we collect this personal data?

    We collect Personal Data and, where necessary and in accordance with legal requirements, Special Categories of Personal Data, in order to distribute and administer insurance products on behalf of our Product Providers, to transact business, validate and settle any claims, to develop or enhance our online service and to recruit staff.

    Where appropriate, we will use this information:

  • To undertake a risk assessment and evaluation in line with underwriting protocols, determine the premium requirement and/or provide a quotation, to comply with our legal obligations and/or to bind cover on behalf of our Product Providers;
  • To set you up as a policyholder or record you as a party entitled to indemnity under the policy;
  • To communicate with you as required;
  • To administer and renew your policy;
  • To communicate with your broker, advisor or any third party acting on your behalf;
  • To create a candidate profile for you if you are a prospective employee so that we can take steps prior to entering into a contract with you;
  • As part of our efforts to keep our websites safe and secure which is necessary for compliance with our legal obligations and for our legitimate business interest;
  • To administer and improve our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, which is necessary for our legitimate business interests.
  • For training and security purposes which is necessary for compliance with our legal obligations and for our legitimate business interest;
  • To process your premium and other payments;
  • For claims management including investigating, assessing, processing, undertaking dispute resolution, settling claims and bringing and/or defending legal proceedings;
  • To make suggestions and recommendations to you and other users of our website about services that may interest you. This is necessary for our legitimate business interests and may be based on your consent where you have chosen to give it;
  • To deliver information about insurance products and services to you or to enter you in promotional competitions, where you have subscribed to same and in accordance with your preferences and based on your consent where you have chosen to give it;
  • To prevent, detect and investigate insurance fraud, as well as other offences including money laundering, and to assist An Garda Síochána (or other law enforcement agencies) or any other authorised investigatory body or authority with any inquiries or investigations;
  • To carry out research and analysis including analysis of policyholders and others whose Personal Data we collect as set out in this Privacy Policy in accordance with our legitimate business interests;
  • For staff training and quality assurance purposes;
  • To manage and investigate complaints;
  • To establish and defend legal rights, to protect our operations or those of our Group companies, Product Providers or business partners;
  • To comply with regulatory requirements;
  • For reinsurance purposes;
  • To check against international/economic or financial sanctions laws or regulated listings to comply with legal obligations or otherwise to protect our legitimate business interests and/or the legitimate interests of our Product Provider and others.
  • The legal bases for the processing of your Personal Data and Special Categories of Personal Data are:

  • Processing necessary for the performance of a contract which you have entered into with one of our Product Providers or to take steps at your request prior to entering into a contract;
  • Processing necessary for the purposes of the legitimate interests which we pursue prior to contract (for example, in providing you with quotations on behalf of our Product Providers) and post contract (for further details, see the section titled WHO MIGHT WE SHARE YOUR PERSONAL DATA WITH?) where such interests are not overridden by your interests or fundamental rights or freedoms which require the protection of your information;
  • Processing based on your consent where you have provided us with same, for example, if necessary in order to process a Special Category of Personal Data;
  • Processing data concerning health where necessary and proportionate for the provision of insurance policies;
  • Processing necessary for compliance with a legal obligation to which we are subject; and
  • Processing that you have provided consent for with respect to one or more specific purposes (for example, subscribing to a mailing list, entering a competition, submitting a request for information or communication).




  • Who might we share your personal data with?

    Where appropriate, we may share your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with relevant Product Providers, other companies in the Group, partners of the Group and reinsurance companies, located in Ireland and abroad, including outside the European Economic Area (’EEA’).

    When you apply for or purchase a product through a broker, or other third party, we will, as appropriate, correspond with that broker, or other third party relating to your products: this may result in us sharing your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with that broker, or other third party.

    Where appropriate, we may also share your Personal Data, and if necessary and in accordance with legal requirements, Special Categories of Personal Data, with selected third parties, including business partners, and suppliers and sub-contractors, located in Ireland and abroad, including outside the EEA. Further details of the sharing of Personal Data (including, if necessary and in accordance with legal requirements, Special Categories of Personal Data) are set out below and in Schedule One of this Privacy Policy. All our third-party service providers and other entities in the Group are required to take appropriate security measures to protect your Personal Data and/or Special Categories of Personal Data, in line with our policies. We do not allow our third-party service providers to use your Personal Data or Special Categories of Personal Data for their own purposes. We only permit them to process your Personal Data and/or Special Categories of Personal Data for specified purposes and in accordance with our instructions.

    In addition, we may disclose your Personal Data and Special Categories of Personal Data with third parties:

  • In the event that we sell or buy any business or assets, in which case we will disclose your Personal Data and Special Categories of Personal Data to the proposed seller or buyer of such business or assets, as appropriate;
  • If we, or substantially all of our assets, are acquired by a third party, in which case Personal Data and Special Categories of Personal Data held by us will be one of the transferred assets;
  • If we are under a duty to disclose or share your information in order to: comply with any legal obligation, Court Order or to co-operate with state bodies; enforce this Privacy Policy or apply our terms of use and other agreements; or protect our rights, property, safety, customers or others. This includes, without limitation, exchanging information with other companies and organisations (including private investigators, where appropriate) for the purposes of fraud protection and credit risk reduction.
  • We have set out in Schedule One of this Privacy Policy a list of third parties with whom we share your Personal Data and, where necessary and in accordance with legal requirements, Special Categories of Personal Data.

    Please note, information about claims (whether by policyholders or third-parties) is collected by us when a claim is made under a policy and may be placed on InsuranceLink. This information may be shared with other insurance companies, self-insurers or statutory authorities.

    The purpose of InsuranceLink is to help us identify incorrect information and fraudulent claims and, therefore, to protect policyholders. Under data protection legislation you have a right to know what information about you and your previous claims is held on InsuranceLink. If you wish to exercise this right, please contact us at the address below or for further information on InsuranceLink go to www.inslink.ie.

    Finally, where you have consented to our doing so, we may share information that you provide to companies within the Group and with other companies that we establish commercial links with so we and they may contact you (by email, SMS, telephone or other appropriate means) in order to tell you about carefully selected products, services or offers that we believe will be of interest to you.



    How long do we keep hold of your personal data and special categories of personal data?

    The time periods for which we retain your Personal Data and Special Categories of Personal Data depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted.

    All Personal Data and Special Categories of Personal Data will be retained for the duration of the periods set out in our Data Retention Policy. These periods of time are subject to legal, tax and regulatory requirements or to enable us to manage our business. If you would like further information, please contact us at the details provided below.

    In some circumstances we may anonymise your Personal Data and Special Categories of Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you. This anonymised data may be used for research or analytical purposes.



    Do we transfer your information outside the European Union or European Economic Area?

    Yes. Given the global nature of our Group’s business, our data is transferred to other countries.

    The Personal Data and Special Categories of Personal Data that we collect from you may be transferred to, and stored in, Switzerland, which is outside the European Economic Area (‘EEA’) and for which there is an adequacy decision relating to the safeguards for Personal Data from the European Commission.



    What are your rights with respect to your personal data and special categories of personal data?

    You have the following rights:

    A. To access the Personal Data and Special Categories of Personal Data we hold about you.

    B. To require us to rectify any inaccurate Personal Data or Special Categories of Personal Data relating to you without undue delay.

    C. To have us erase any Personal Data or Special Categories of Personal Data we hold about you in specific circumstances, e.g. where it is no longer necessary for us to hold the Personal Data or Special Categories of Personal Data (see our data retention policy).

    D. To object to us processing your Personal Data or Special Categories of Personal Data in specific circumstances.

    E. To ask us to provide your Personal Data and Special Categories of Personal Data to you in a portable format or, where technically feasible, for us to port that information to another controlller provided it does not result in a disclosure of information relating to other people.

    F. To request a restriction of the processing of your Personal Data or Special Categories of Personal Data.

    G. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data or Special Categories of Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. In that instance, any processing that we have carried out before you withdrew your consent remains lawful.

    You may exercise any of the above rights by writing to us at: Data Protection Officer, Wrightway Underwriting Ltd, Limekiln House, Drinagh, Wexford, Co. Wexford, Ireland, Y35 KX2P or by emailing us at dpo@wrightway.ie.

    In the above circumstances, we may need to request specific information from you to help us confirm your identity and ensure your right to access the Personal Data or Special Categories of Personal Data (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data or Special Categories of Personal Data is not disclosed to any person who has no right to receive it.

    You may lodge a complaint with respect to our processing of your information. In Ireland, the local Supervisory Authority is the Office of the Data Protection Commission with an address at Canal House, Station Road, Portarlington, Co. Laois.



    Automated decision making and profiling

    Automated decision-making takes place when an electronic system uses Personal Data and/or Special Categories of Personal Data to make a decision without human intervention.

    We use automated decision making, including profiling, in the following situations:

    We use the information provided by you and obtained from third party sources about you, including your claims history and other factors relating to the risk proposed such as your address, your age and the type of vehicle you drive in order to undertake a risk assessment and to determine the appropriate premium on behalf of our Product Providers.

    During the underwriting process we may send some of your Personal Data to third party contractors in order to validate and obtain additional information relevant to the risk being proposed. We may also send your address details to a third party contractor to determine information about the area in which you live in order to assess any environmental risks (such as the potential flood risk). This is done in order to properly assess your risk profile which determines your premium and the insurance cover to be provided to you.

    Underwriting is the process by which an insurance company assesses, accepts or rejects risks and classifies those selected, in order to charge an appropriate premium. The underwriting factors that must be evaluated to complete the underwriting process depend on the insurance product the customer is interested in; each product requires different categories of information to assess the risk profile of the proposer.

    Where a decision is based on solely automated decision making, you will always be entitled to have a person review the decision so that you can contest it and to elaborate on your specific circumstances and make a personal representation.



    Data security

    We have put in place measures to protect the security of your Personal Data and Special Categories of Personal Data.

    Details of these measures are available upon request.

    Third parties acting on our behalf will only process your Personal Data and Special Categories of Personal Data on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

    We have put in place appropriate security measures to prevent your Personal Data and Special Categories of Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data and Special Categories of Personal Data to those Product Providers, employees, agents, contractors and other third parties who have a business need to know.

    We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.



    What will happen if we change our privacy policy?

    This Privacy Policy may change from time to time, and any changes will be posted on our website and will be effective when posted. Please review this Privacy Policy each time you use our website or our services.





    How can you contact us about data protection?

    You can contact us:

  • Wrightway Customer Services on +353 (0)53 916 7100
  • Email at dpo@wrightway.ie
  • Data Protection Officer, Wrightway Underwriting Ltd, Limekiln House, Drinagh, Wexford, Co. Wexford, Ireland, Y35 KX2P




  • SCHEDULE ONE

      Third Parties with whom we may share your Personal Data and/or Special Categories of Personal Data.

    Product Providers

    Agents, Managing General Agents, Brokers and Advisors

    Electronic Data Interchange (EDI) Service Providers

    Actuarial Consultants

    Claims Handling Administrators

    Claims Investigators(including Private Investigators)

    Claims Service Providers (including Loss Adjustors, Motor Engineers, Motor Damage Repairers and Car Hire Providers)

    Fraud Detection Service Providers

    Law Enforcement Agencies and Fraud Prevention Agencies

    Legal Advisors

    Medical Professionals (including Doctors, Nurses and Dentists)

    Personal Representatives

    Relatives and Guardians

    Third party claimants and/or their representatives where legally required

    Credit Check Companies

    Financial Institutions

    Other companies in the Zurich Insurance Group

    Direct Marketing and Marketing Service Providers

    Archive/Shredding Companies

    Courier Delivery Service Providers

    Document Management Providers (including Web-Scanning Service Providers)

    External Printing and Posting Service Providers

    IT Cloud Hosting and Cloud Service Providers

    IT Service and Support Providers (including Back-up Providers, Data Centre Providers, Consultants, Web-Hosting Providers, Email Providers, Outsourced Service Providers)

    Operations Support Service Providers

    Outsourced Service Providers

    Industry and trade bodies

    Internal and External Auditors

    Relevant government departments and statutory bodies such as the Personal Injuries Assessment Board

    Revenue Authorities

    Motor Insurers Bureau of Ireland

    Regulators and competent authorities such as the Data Protection Commission, the Revenue Commissioners, the Central Bank of Ireland, and the Financial Services Ombudsman

    Third Party Support Providers for Regulatory, Sanctions and Anti-Money Laundering Law Compliance

    Data Enrichment services providers

    Other insurance companies and/or their agents

    Reinsurance companies