Claims Data Protection Summary

This document is a summary of the AXA Insurance Claims Data Protection Statement. If you would like more detailed information on how we use your data, please go to axa.ie or axani.co.uk and select the Data Protection link to read the full version.

1. General

References to “AXA”, “us”, “our” and “we” mean AXA Holdings Ireland Limited and its subsidiaries, including AXA Insurance dac (the ‘data controller’), and any associated companies from time to time.

For queries and complaints please contact:

Data Protection Officer

Compliance Department

AXA Insurance dac

Wolfe Tone House

Wolfe Tone Street

Dublin 1

Telephone: +353 (0)1 471 1812

Email: Compliance@AXA.ie

2. Use of Information

We mainly use your personal information to manage and investigate claims. However, we may also use the personal data we gather for any or all of the following purposes: (a) to verify your (or your representative’s) identity; (b) to manage and investigate complaints; (c) for the detection and prevention of fraud, money laundering and other offences; (d) for statistical analyses, market research and the review and improvement of AXA’s processes and systems; (e) for training, performance and discipline; (f) for reinsurance purposes and AXA Group reporting purposes; (g) for storage and to make back-ups of data; (h) for compliance with all relevant laws and regulations; and/or (i) as set out in this documents and other documents provided or made available to you.

Legal Basis for processing: The legal grounds we rely on for using your personal data are where the processing is necessary for: (a) compliance with a legal obligation to which we are subject; (b) the performance of a task carried out in the public interest; and (c) the purposes of the legitimate interests pursued by AXA. In such cases, our legitimate interests are: (1) to investigate and prevent fraud and other illegal activity; (2) to improve the services we offer and to ensure that our systems and processes are effective and efficient and appropriate; or (3) the proper running of our business.

Sensitive data (such as criminal conviction and health related data) will only be processed where it is: (a) necessary for legal claims and proceedings (whether actual or prospective), for giving or receiving legal advice or for the purposes of establishing, exercising or defending legal rights; or (b) otherwise authorised or required by law (such as relating to unlawful acts and dishonesty, fraud, terrorist financing and/or money laundering).

3. Sharing of Information

In providing our services to you we may share your personal data with various third parties, including: (1) your representatives; (2) our representatives/partners, such as companies that provide various services (including telecommunications, data storage, document destruction, fraud detection and IT); (3) claims related service providers acting for you, us or any third party involved in the incident (including for the assessment of liability, injuries, damage to vehicles and other property), lawyers and private investigators (where we feel it is necessary); and (4) State or government departments or agencies (such as the police, the Department of Employment Affairs and Social Protection and our regulators).

International Transfers: On occasion your personal data may need to be sent to the following countries outside the European Economic Area: a) Switzerland, b) the USA and c) to AXA Group companies outside the EEA. AXA complies with the law regarding international transfers of data.

4. Categories of Data Collected from sources other than you or your representatives

Including CCTV footage; health information (any injuries resulting from incidents, any relevant pre-existing health conditions and any subsequent injuries) and the verification of the categories of data we receive from claimants.

5. Retention of Data

Type of InformationType of Data Collected
Claims information10 years from the date the claim is finalised (by settlement, court hearing, withdrawal of claim, etc.).
Claims information – where there is the potential for a child to make a claimUp to 3 years after the child in question turns 18 years of age or 10 years from the date the claim is finalised, whichever is longer.
Claims validation file25 years from when the claim is finalised (by settlement, court hearing, withdrawal of claim, etc.).

6. Your Rights

As a ‘data subject’, you have the right:

  1. to withdraw consent where we are processing your information on the legal basis of consent;
  2. of access to your personal data and to be informed why and how we process that data;
  3. to require us to correct any inaccurate information about you (including missing details);
  4. to have personal data concerning you erased. However this right does not apply in specific situations (such as during a claim);
  5. to data portability, which means you may request from us all personal data that you provided to us. You may also request that we send this data to another company or person;
  6. to object to the processing of your personal data, where we do so on the basis of a ‘legitimate interest’ (see the ‘Legal Basis’ section above). We will stop processing your data unless we can show grounds for the processing that override your right or unless we need to use it for a claim;
  7. to restrict processing of your personal data where you feel that it is inaccurate, that we are processing it unlawfully or that we no longer need it or where you have invoked your right to object (as set out in Section 6 (f) above).
  8. to lodge a complaint with a data protection regulator, such as the Data Protection Commission (in ROI) or the Information Commissioner’s Office (in NI). Their contact details can be found on dataprotection.ie and ico.org.uk.

Please send all requests to us (details in Section 1 ‘General’ above) in writing (by post or email).