Data Protection

We are committed to ensuring that your data is protected. To keep you informed, we have created this notice which will explain how we use the information we collect about you and how you can exercise your data protection rights.

1. Who are we?

We are RSA Insurance Ireland DAC (RSA) and we provide commercial and personal insurance products and services. We also provide insurance in partnership with other companies.


2. Why do we collect and use your personal information?

RSA will use your personal information for the provision of insurance services such as providing a quotation, underwriting a policy and handling claims under an insurance contract. We will also use your data for other related matters such as complaint handling, prevention or detection of fraud, reinsurance and statistical analyses.

When looking for a quote for a product from us, you will need to provide us with information relating to what you wish to be covered by the insurance (e.g. car make and model, your home, etc.). When buying certain products, we will on occasion need to collect special categories of data (e.g. medical history for motor insurance) and convictions history (e.g. driving offences).

We will need to process your payment information (e.g. direct debit, credit and debit card information, etc.) in order to provide your cover. To service your policy, we may communicate with you via your intermediary, if applicable, and via our website, emails, telephone calls or post. Call with RSA may be recorded for training and verification purposes.

If you need to claim against your insurance policy, we normally need to collect information that evidences what happened in the incident. If other people are involved in the incident, we may also need to collect additional information related to them (including children) which can include special categories of data (e.g. injury and medical data, etc).

In submitting an application to us, you may provide us with equivalent or substantially similar information relating to other proposed beneficiaries under the policy. You agree that you will bring this Privacy Notice to the attention of each beneficiary at the earliest possible opportunity. Please also ensure that anyone else who is insured under your policy has agreed to provide their personal information to us.

Data protection laws require us to meet certain conditions before we are allowed to use your personal information in the manner described in this Notice. We take our responsibilities under data protection laws very seriously, including meeting these conditions.

In order to provide you with this detail we have prepared the following which describes the purpose to which we are using your data and the legal basis for doing so.


Legal Basis

To provide you with a quote for an insurance product and to provide you with insurance cover if you decide to purchase a product.

Processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract

To assess the information you have provided and make a decision as to whether we can provide you with cover and at what price

Processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract;

To verify your identity and to verify the accuracy of the information we receive.

Processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract;

To comply with legal obligations (eg. money laundering require­ments)

To administer your insurance contract and make any changes during its term, answer queries, provide updates and process a cancellation.

Processing is necessary for the performance of a contract

To make and receive any payments whether in relation to your policy or a claim.

Processing is necessary for the performance of a contract

To manage and investigate any claims made by you or another person under your policy of insurance.

Processing is necessary for the performance of a contract

To detect and prevent fraud, money laundering and other offences. To assist An Garda Siochana or any other autho­rised body with investigations.

Processing is necessary for the purposes of our legitimate inter­ests. This interest is to investigate and prevent potential fraudulent and other illegal activity.

To manage and investigate any complaints

Processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract;

Processing is necessary to comply with legal obligations

For reinsurance purposes

Processing is necessary for the performance of a contract

To comply with laws and regulations

Processing is necessary to comply with legal obligations

For statistical analyses

Processing is necessary for the purposes of our legitimate interests. This interest is to improve our processes, products and services.

To make back-ups of your data in case of emergencies and for disaster recovery purposes

Processing is necessary to comply with legal obligations


3. How else do we collect information about you?

Where possible, we will collect your personal information directly from you. However, on occasion we may receive information about you from other people or companies. For example:

  • It was given to us by someone who is applying for an insurance product on your behalf (e.g. insurance brokers)
  • It was supplied to us when you have purchased an insurance product or service that is provided by us in partnership with other companies
  • It was lawfully collected from other sources (e.g. the Integrated Information Data System (‘IIDS’)) to validate information you have submitted to us such as driver number and penalty points
  • Vehicle history check suppliers/ databases
  • Through credit checks
  • Through a database to determine address based risk factors (known as geocoding)
  • Searches of publicly available information (e.g. online)
  • The Insurance Link Anti-Fraud register (for more information see and other insurers
  • Other fraud prevention databases available in the insurance industry


4. Will RSA share your personal information with anyone else?

We may share your details with a number of external parties in order to administer your policy, handle claims and to prevent and detect fraud. For example:

  • Your Intermediary & anyone authorised by you to act on your behalf
  • Our Third Party Service Providers such as technology suppliers, hosting/storage providers, payment providers and document providers
  • With other companies within the RSA Insurance Group
  • The Insurance Link Anti-Fraud register (for more info see and other insurance companies
  • Loss Adjusters, claims investigators, repairers, medical practitioners, solicitors and other firms as part of the claims handling process
  • Surveyors
  • Private Investigators when we need to further investigate certain claims
  • Other fraud prevention databases available in the insurance industry
  • With prospective sellers or buyers in the event that we decide to sell or buy any business or assets
  • Our reinsurers

We may also share your personal information as a result of our legal and regulatory obligations. This can include with An Garda Siochana, other official agencies and on foot of a Court Order or Subpoena.

In order to provide you with the insurance policy, we may share your information with our service providers and on occasions, some of your personal information may be sent to other parties outside of the European Economic Area (EEA). We would only do this in compliance with the appropriate legal and technical safeguards such as the standard data protection clauses adopted by the European Commission, Binding Corporate Rules or as a result of an adequacy decision of the European Commission


5. Which decisions made about you will be automated?

Before we can sell you an insurance product or service, we may conduct the following activities, which involve automated (computer based) decision-making:

  • Pricing and Underwriting – the process calculates the insurance risks based on the information that you have supplied. This will be used to determine if we can provide you with a policy and to calculate the premium you will have to pay.

The results of these automated decision-making processes will limit the products and services we may be able to provide you. If you do not agree with the result, you have the right to request human intervention to allow you to express your point of view and contest the decision.


6. For how long will RSA keep your information?

Information submitted for a quotation may be retained by us for a period of up to 15 months from the date of the quotation. All information in respect of a policy (to include claims on the policy) will be held for 8 years after the ending of the client/insurer relationship to ensure we meet our regulatory obligations. We will retain call recordings for 8 years from the date of the call.

There are certain policies where we need to keep data for longer than the normal periods where we may receive claims where the claimant was not aware of the injuries until a long time after it was caused.


7. What should you do if your information is incorrect?

If you think that the information we hold about you is incorrect or incomplete, please contact your intermediary or contact us and we will be happy to rectify it for you.


8. What are your rights over the information that is held by RSA?

We understand your information is important to you, therefore you may request us to undertake any of the following actions:

  1. Provide you with a copy of the personal information we hold about you, in a commonly used electronic format (or hard copy if you wish).
  2. Request your personal information to be deleted where you believe it is no longer required. Please note however, this request will not be valid while you are still insured with us and where we are subject to legal or regulatory obligations.
  3. Request that we supply a copy of the personal information you have supplied to us, to another company. We would provide the information in a commonly used electronic format.
  4. Request that we restrict the use of your information by us.
  5. Object to the processing of your data.
    If you would like to request any of the above, please email us a request to or write to us at the address contained in Section 10.To ensure that we do not disclose your personal information to a party who is not entitled to it, when you are making the request please provide us with:
    • Your name;
    • Address(es);
    • Date of birth;
    • Any policy IDs or reference numbers that you have along with a copy of your photo identification and proof of address.

All requests are free of charge although we reserve the right to charge an administrative fee for subsequent requests (such as when the request is part of a series of repeated requests over a short period of time). We endeavour to respond within one month from receipt of the request. If we do not meet this time frame, we will explain why this was in our response.

Please note that simply submitting a request does not mean we will be able to fulfil it – we are often bound by legal and legislative law which can prevent us fulfilling some requests in their entirety, but when this is the case we will explain this to you in our response.

Requests to restrict the use of your information or to object to the processing of your data may lead to RSA being unable to continue to service your policy and therefore lead to cancellation of your policy.


9. Changes to our Data Protection Notice.

This notice will be updated from time to time so please check it each time you submit personal information to us or renew your insurance policy.


10. How do you ask a question about this Data Protection Notice?

If you have any questions or comments about this privacy notice please contact:

The Data Protection Officer, RSA Insurance Ireland DAC, Dundrum Town Centre, Sandyford Road, Dundrum,

Dublin 16, D16 FC92

You may also email us at


11. How can you lodge a complaint?

If you wish to raise a complaint on how we have handled your personal information, please send an email to or write to us using the address provided in Section 10. Our Data Protection Officer will investigate your complaint and will give you additional information about how it will be handled. We aim to respond in a reasonable time, normally 30 days.

If you are not satisfied with our response you can lodge a complaint to the Office of the Data Protection Commissioner, Canal House, Station Road, Portarlington, Co Laois, R32 AP23.