Data Protection Statement for International Private Medical Insurance and Travel Customers

This document is the full AXA Insurance dac Data Protection Statement for International Private Medical Insurance and Travel Customers. It contains all the information you need to understand how we use your data. We encourage you to periodically review our Data Protection Statement to keep informed about how we use your personal data and how we keep it protected.

AXA Insurance dac has appointed AGH Global Healthcare (EU) Limited (“AGH EU”), a fellow AXA Group company, as its Managing General Agent (“MGA”) for the sale of our International Private Medical Insurance and Travel policies. You can view their data protection statement at axaglobalhealthcare.com.

Contents of this document:

  1. General
  2. Collection
  3. Use of information
  4. Legal basis for processing
  5. Sharing of information
  6. Data collected
  7. Retention of data
  8. Your rights
  9. Appendix

Notice: While all of the information in this Data Protection Statement is important, certain details have been placed in boxes to highlight them. These boxes contain information that the data protection legislation (known as the General Data Protection Regulation) specifies as being information that should be brought to your attention.

1. General

AXA recognises that protecting personal information, including special categories of data (sometimes referred to as sensitive personal data), is very important to you and that you have an interest in how we collect, use, store and share such information. This Data Protection Statement sets out how we will use and protect your information and information provided by other parties (such as a named party on your insurance policy).

It is important that you read this Data Protection Statement and show it to anyone else who is insured under your policy of insurance, including a named party on your insurance policy, as it also applies to them.

Please make sure that anyone else who is insured under your policy has provided you with permission to provide their personal information to us.

Company Information

References to “AXA”, “us”, “our” and “we” mean AXA Holdings Ireland Limited and its subsidiaries, including AXA Insurance dac, and any associated companies from time to time.

Legislation

Rest assured that all personal data we gather will be processed in accordance with all applicable data protection laws and principles, in particular the EU General Data Protection Regulation and the Data Protection Acts.

Queries and Complaints

If you are unhappy with the way we have handled your personal information and wish to complain or if you simply want further information about the way your personal data will be used, please contact us, by any of the options below.

Data Protection Officer,

Compliance Department,

AXA Insurance dac,

Wolfe Tone House,

Wolfe Tone Street,

Dublin 1

Telephone: +353 (0)1 471 1812

Email: Compliance@AXA.ie

You also have the right to lodge a complaint with a supervisory authority (which is a regulator in charge of data protection). Our Lead Supervisory Authority is the Data Protection Commission (“DPC”) in Ireland. Details of the various supervisory authorities may be found in the Appendix to this Data Protection Statement.

Please note that we will take all appropriate steps to keep your personal data safe. In the unlikely event that we have a security breach, we will notify you without undue delay about the circumstances of the incident in accordance with our legal obligations.

2. Collection

The personal data we require about you (and, if applicable, other people insured under your policy of insurance) will be gathered and stored as set out in this Data Protection Statement. This will usually be done either directly by AGH EU (as MGA,) or, where you choose to use them, the various AXA websites and apps, or indirectly through one of our service providers on our behalf. The categories of personal data that we gather are listed in Section 6 ‘Data Collected’ below.

There are two main ways in which we might collect personal information about you, from things you tell us yourself and from things we ask other people or organisations to share with us. Things you tell us could include conversations we have on the phone, what you’ve written on an application form or if you post something on one of our websites. We might also collect information about you from other people and organisations, such as medical professionals or by checking databases such as the electoral register. Please see below for a list of ways we may collect your personal information.

We may collect personal information directly from you:

  • via enquiry, registration and claim forms;
  • via feedback forms and forums;
  • when you purchase any of our products or services;
  • when you fill out a survey or vote in a poll;
  • through quotes and application forms;
  • via cookies;
  • via our telephone calls with you, which may be recorded;
  • when you provide your details to us either online or offline;

We may also collect your personal information from a number of different sources including:

  • directly from an individual who has a policy with us under which you are insured, for example if you are a named dependant on your spouse’s health insurance policy;
  • where you are a member of a group arrangement, the sponsor of the arrangement e.g. your employer;
  • from internet searches where fraud is suspected;
  • via third parties including:
    • your family members, where you may be incapacitated or unable to provide information relevant to your policy;
    • medical professionals and hospitals;
    • aggregators;
    • third parties who assist us with claims management.

It is important that the information you give us is correct. You have a legal obligation to take reasonable care not to provide us with inaccurate, incorrect or incomplete information. If this happens AXA has certain legal rights which may include the avoidance of the contract of insurance and refusal of all claims. As a result, you may also find it difficult to arrange this type of insurance in the future.

3. Use of Information

The personal information collected from you will be used mainly to provide you with an insurance policy or benefits or to administer your Trust on behalf of the Trustees and to provide you with the right services based on your situation. This includes ensuring that the right network of providers and specialists are in place, being able to update you quickly on the progress and cost of your claim and keep you safe from fraud. However, there are a number of other reasons why we use your personal information, please see below.

The administration of your insurance policy and/or your Trust including assessing your eligibility for and the handling and paying of claims

We use the personal information that you and others provide to us about you, your family, where you live, your policy claims history and other non-personal information such as hospital costs to determine you premium and eligibility. The price also depends on what options you have chosen to purchase. We also use information about how long you have been a customer, how many claims you have made and how much you pay in premiums to determine that terms you are offered at renewal.

We use your personal information for the ongoing management of any claims you have, and paying your medical bills. We will sometimes need to clarify information with your doctor or hospital, such as what treatment you have received if a bill is unclear. If you are a member of a Trust scheme we will always gain your consent before discussing your health information with a third party. We will also need to use your personal information to deal with any complaints that may arise during the term of your policy. As we reinsure all International Private Medical Insurance and Travel policies, we may need to share some of your personal information with our reinsurer.

Management Information

We use your personal information to help us understand our business and monitor our performance, for example, to help determine how much insurance premiums should be.

If you are a member of a group scheme, we may provide reports to your employer or a parent company on the performance of the scheme and on the health of the workforce. The information we provide is anonymised which means you cannot be identified from the information.

Analytical purposes and to improve our products and services

We may use your personal information for research and statistical analysis including general research into health-related areas and research about the products and services we provide. By analysing information provided we can tailor and improve our products to better suit our customer's needs.

To provide staff training, performance reviews and discipline

We may process your personal information to review our staff’s performance and to ensure that they are trained to the level we require for the processing of customer data. Where necessary, we may also process your personal information for the purpose of disciplining our staff. Generally, these circumstances will involve the use of anonymous information, so you won’t be identifiable from the information. However occasionally we will need to train, review or discipline individual staff members in relation to specific incidents they are involved in and therefore may need to use personal information.

To report to Group

Occasionally we may need to make reports to other companies in the AXA Group in relation to our International Private Medical Insurance and Travel business. Generally, this will involve the use of anonymous information, so you won’t be identifiable from the information.

To prevent, detect and investigate fraud

To help keep premiums and costs down we work with other insurers, healthcare providers, anti-fraud bodies and law enforcement agencies to protect ourselves, the local healthcare providers and our policyholders from fraudulent behaviour and medical malpractice. This may mean disclosing personal information, including health information, to these bodies. In some cases, we provide your personal information to insurance fraud databases, which are accessible by some or all of these bodies.

We also monitor the services you are being provided by healthcare providers for these purposes and to ensure accurate billing.

In some cases, we are required by law to report crime and suspected crime and other matters to law enforcement and government agencies. We are also obliged to report suspicions of medical malpractice to relevant regulatory bodies.

If false or inaccurate information is provided to us and fraud is suspected, details may be passed to fraud prevention agencies to prevent fraud and money laundering and we will periodically search records held by fraud prevention agencies to:

  • help make decisions on insurance policies and claims for you and your dependants;
  • trace people who owe money, recover debt, prevent fraud and to manage insurance policies;
  • check the identity of policyholders to prevent money laundering;
  • carry out electoral roll searches and further searches to search for and prevent potential fraud.

We use automated anti-fraud filters that check against lists of people known to have undertaken fraudulent transactions and will reject those applicants under our risk acceptance criteria.

Effect of not providing information

If you do not provide the information that is needed to give you a quote, the result will be either that we will not be able to offer you a quote or your premium will be higher than if you had provided the information. Also, some categories of information are required for us to administer your policy and we would not be able to offer you a contract without them.

If you do not provide the information that is needed to handle your claim, we may not be able to handle the claim. Also, the terms of your policy require you to notify us of any circumstances that may give rise to a claim against your policy and assist us in dealing with any claim that does arise.

Call Recording

We may record or monitor telephone calls in order to ensure accuracy in the recording of instructions communicated to us, to facilitate staff training, performance reviews and discipline, for the prevention of fraud, for management of complaints and to improve customer satisfaction.

In accordance with EU data protection regulations we must have good reason to use and process your personal information. This is called a legal basis. The table below sets out the legal basis we rely on for each use of your personal information.

Why we need your personal informationPersonal information we may process (may include but is not be limited to):Legal Basis for Processing
To review your insurance application and/or provide you with cover.

To administer, provide and service your insurance policy or your Trust, to verify your no claims discount entitlement, assess eligibility for and handling and paying claims.

To communicate with you and resolve any complaints you may have.

To reinsure your insurance policy with our reinsurer(s).

For our own management information purposes including managing our business operations such as accounting records, analysis of financial results, internal audit requirements, receiving professional advice. We also undertake measures to secure our system and to ensure the effective operation of our systems.

Providing improved quality, training and security.

Your contact details, your age and gender, and the age and gender of other person(s) included on the policy (family members, business partners, employees).

Information about your travel plans, destination, planned activities, dates of travel.

Special categories of personal data such as personal information about your health or family members' health.

Legal basis: such use is necessary in order to provide your insurance policy.

Special condition for processing special categories of personal data: for the provision of a policy of health insurance or health related insurance.

Special condition for processing special categories of personal data: For Trust business – you have provided your consent (please note that if you do not provide your consent, in some cases, we may not be able to administer your Trust or pay claims) and/or it is in your vital interests.

To prevent, detect and investigate fraud. Information about you, your name, address, email address and contact details, your age and the age of other person(s) included on the policy (family members, business partners, employees).

Information about your travel plans, destination, planned activities, dates of travel.

Special categories of personal data such as personal information about your health or family members' health.

Legal basis: such use is necessary in order to provide your insurance policy and we have a legitimate business need to prevent fraud.

Special condition for processing special categories of personal information: we need to use your personal information for reasons of substantial public interest to prevent and detect fraud.

For the purposes of debt recovery (where you have not paid for your insurance policy).Information about you, your name, address, email address, contact details and bank account details. Legal basis: we have a legitimate business need to recover any debt.

Special condition for processing special categories of personal information: such use is necessary for the purposes of establishing, exercising or defending our legal rights.

For analytical purposes and to improve our products and services. Information about you, your name, address, email address and contact details, your age and the age of other person(s) included on the policy (family members, business partners, employees).

Information about your travel plans, destination, planned activities, dates of travel.

Legal basis we have a legitimate business need to use your personal information for services improvement.
Providing staff training, performance reviews and discipline. Your contact details, your age and gender, and the age and gender of other person(s) included on the policy (family members, business partners, employees).

Information about your travel plans, destination, planned activities, dates of travel.

Special categories of personal data such as personal information about your health or family members' health.

Legal basis: such use is necessary for us to comply with our legal or regulatory obligations.

Legal basis: such use is necessary for the provision of your insurance policy.

Special condition for processing special categories of personal data: for the provision of a policy of health insurance or health related insurance.

Complying with our legal or regulatory obligations.Details about you, other related parties, your product, service or benefit, depending on the nature of the obligation.Legal basis: such use is necessary for us to comply with our legal or regulatory obligations.
Sharing your personal data with other AXA Group companies for general business administration purposes.Information about you and other person(s) included on the policy (such as name, address and date of birth), policy details and travel plans, planned activities and dates of travel.Legal basis: such use is necessary for our legitimate business need to administrate our business.

5. Sharing of information

We might share your personal information with two types of organisation – companies inside the AXA Group, and other third parties. For further details of all disclosures, please see below. We will not share any of your personal information other than for the purposes described in this Data Protection Statement. If we share anything outside the AXA Group, it will be kept strictly confidential and will only be shared for reasons that we have agreed with you in advance.

Disclosures within the AXA Group

In order to provide our services your personal information is shared with other companies in the AXA Group including, but not limited to AXA PPP healthcare Ltd, AXA Assistance, AXA Business Services and AXA PPP healthcare Administration Services Ltd. Your personal information might be shared for our general business administration purposes.

Disclosures to third parties

We may also disclose your information to the third parties listed below for the purposes described in this Data Protection Statement. This might include:

  • Your relatives, guardians (on your behalf where you are incapacitated or unable) or other people or organisations connected to you such as your insurance broker, your patients (if you are a healthcare practitioner) or your lawyer;
  • Your current, past or prospective employers;
  • Your medical social and welfare advisers, or practitioners;
  • Our insurance partners such as brokers, insurers, reinsurers or other companies who act as insurance distributors;
  • Our third-party services providers such as claims handling, IT suppliers, actuaries, auditors, lawyers, document management providers and tax advisers;
  • Our suppliers and providers of goods or services that we make available to you;
  • Financial organisations and advisers;
  • Central and local Government (for example if they are investigating fraud or because we need to contact them regarding international sanctions);
  • Regulatory authorities such as, in the Republic of Ireland, the Central Bank of Ireland or the Data Protection Commission;
  • Complaint arbitration services such as, in the Republic of Ireland, the Financial Services and Pensions Ombudsman;
  • Other insurance companies, healthcare provider fraud teams, the UK General Medical Council, the police or other law enforcement agencies and organisations that maintain anti-fraud or other crime databases where reasonably necessary for the prevention or detection of crime;
  • Selected third parties in connection with the sale, transfer or disposal of our business.

Disclosure of your personal information to a third party outside of the AXA Group will only be made where the third party has agreed to keep your information strictly confidential.

We may also disclose your personal information to other third parties where:

  • we are required or permitted to do so by law or by regulatory bodies, such as where there is a court order, statutory obligation or a relevant request from a regulator (for example, in Ireland, the Central Bank of Ireland); or
  • we believe that such disclosure is necessary in order to assist in the prevention or detection of any criminal action (including fraud) or is otherwise in the overriding public interest.

Please feel free to contact either us (details in Section 1 'General' above) or AGH EU if you would like more details about the parties with whom we share your information.

Where we choose to have certain services provided by carefully selected third parties, we take precautions regarding the practices employed by the service provider to ensure your personal data is stored and processed legally and securely.

International Transfers

We provide International Private Medical Insurance and Travel policies on a pan-European basis, which also includes covers which might require services on a global scale. Therefore, customer data can be accessed in various national jurisdictions in order to service the policy or process a claim. We ensure that the organisations and individuals accessing the data comply with our security standards and are subject to contractual obligations for non-disclosure and data protection. Where required to do so we will obtain your consent prior to granting access to your data across international borders.

The collection of information and its processing prior to transfer are subject to national laws where it is collected and/or where the data subject is located and conditions for or restrictions on its transfer according to those laws are respected by us. We aim to comply with several local and international laws and regulations, such as the EU’s General Data Protection Regulation, US-EU Privacy Shield, etc.

If you would like more information about the relevant safeguards involved in the transfer of personal data to countries or companies outside the European Economic Area, please visit the European Commission’s website on international data transfers at ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu or contact our DPO using the details in Section 1 'General' above.

6. Data collected

As an insurance company we need to collect many categories of personal data (about you and other parties) for the purposes set out in this Data Protection Statement.

The exact categories may change from time to time. However, we feel that it is important that you know what types of information that we gather and use. Therefore, the category headings and types of data collected set out below are non-exhaustive and only indicative of the data we may hold about you and information listed under one heading may be used in relation to activities carried out under another heading. You will note that we have obtained the majority of the data directly from you.

The information we collect depends on which product or service you’re interested in. For medical insurance we may ask you about you or your families' medical history. Please note, in certain circumstances we may request and/or receive special categories of personal information about you. For example, we may need access to health records for the purposes of providing you with a policy or processing claims.

Where other people are named on your policy, we may also ask you to provide the information detailed below in relation to those people.

We may collect the following information about you:

  • Personal information:
    • contact details such as name, email address, postal address and telephone number;
    • details of any other persons included on your policy and the relationship to you as policyholder;
    • lifestyle and social circumstances, for example your interests, whether you play a sport and number of dependents;
    • identification information such as your date of birth, national insurance number, passport and driving licence;
    • financial information such as bank details and credit card details;
    • information obtained through our use of cookies. You can find out more about this in our cookie policy;
    • information relevant to your claim;
    • details of any financial sanction that may apply to you;
    • your marketing preferences;
    • travel details such as travel plans, dates, destination.
  • Special categories of personal information:
    • details of your current or former physical or mental health;
    • details regarding any relevant criminal offences, including alleged offences, criminal proceedings, outcomes and sentences (previous criminal convictions, bankruptcies and other financial sanctions such as County Court Judgements).
  • Children’s personal and sensitive information:
    • We do not collect and record personal and sensitive information about children without the permission of the child’s parent/guardian.

7. Retention of data

We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Data Protection Statement and in order to comply with our legal and regulatory obligations. The time period we retain your personal information for will differ depending on the nature of the personal information and what we do with it. How long we keep personal information is primarily determined by our regulatory obligations. We typically keep quote information for up to 15 months, and policy and claims records for up to 7 years from the end of our relationship with you. In some cases, such as if there is a dispute or a legal action we may be required to keep personal information for longer.

8. Your Rights

As a ‘data subject’, you have the rights set out in this section. However certain restrictions may apply in some cases.

You can make any of the requests set out below using the contact details set out in Section 1 ‘General’ above. Please provide enough information with your request to allow us to deal with it (such as your name, date of birth, policy number, details of the matter you want us to deal with).

Please note that it may take up to one month to process your request, with the possibility of an extension of another two months. If we need the extra time to deal with your request, we will notify you of the fact that there will be a delay and the reasons for it within a month of your request being made. Likewise, if we have reason to refuse your request, we will notify you within a month of the refusal and the reason for it. If we refuse your request you are entitled to make a complaint to the Data Protection Commission (details in Section 1 ‘General’ above).

We need to be certain who you are when you make a request. As a result, we may require you to provide identification in order to deal with your request, for verification purposes.

There is no fee for any of requests under this section, provided that we do not consider them to be unjustified or excessive. However, if we consider a request to be unjustified or excessive we may either deal with the request and charge a fee or refuse the request. We may also charge a fee if you ask us to send you further copies of the information in an access request.

You should be aware that in some cases we may not be able to comply with your request for reasons such as our own obligations to comply with other legal or regulatory requirements. We will always respond to any request you make and if we can’t comply with your request we will tell you why.

  1. Right to withdraw consent

    If we are processing your information on the legal basis of consent, you are entitled to withdraw your consent at any time. Therefore, if we are relying on your consent to allow us to carry out an activity and then you withdraw your consent, we would not be allowed to use your personal data for that activity from that point forward. However, it would not invalidate any processing we carried out prior to your withdrawal of consent. More details on the legal bases on which we rely are set out in Sections 3 ‘Use of Information’ and 4 ‘Legal Basis for Processing’.

  2. Right of access

    You have the right to be given details about the personal data concerning you that we hold and why and how we process that data.

    You also have the right to obtain a copy of the personal data we hold about you. This is known as a data access request.

    When you make a request, we would ask that you provide us with as much information as possible to assist us in identifying you (such as your name, address and policy or claim number) and the information you want access to. If you do not provide us with enough information, we may need to contact you for clarification.

  3. Right of rectification

    You have the right to require AXA to correct any inaccuracies (including missing details) in the information we hold about you. We would welcome any corrections to your information and, in certain cases, it is required by the terms of your insurance policy.

  4. Right of erasure/right to be forgotten

    In certain circumstances you have a right to have the personal data concerning you erased. However if we are in the middle of your policy then it may affect our ability to provide certain services under your insurance policy.

    You may only request the deletion of your data where one of the following situations applies:

    1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    2. where the data is processed on the legal basis of consent (see Section 3 ‘Use of Information’ for the legal bases of processing), you withdraw consent and no other legal ground permits the processing;
    3. the data subject objects to the processing and there are no overriding legitimate grounds for the processing (see the Right to Object at paragraph (vii) below);
    4. the personal data have been unlawfully processed; or
    5. the personal data must be erased for compliance with a legal obligation.

    However, this right shall not apply in certain situations, including where the processing of data is necessary for one of the following reasons:

    1. for exercising the right of freedom of expression and information;
    2. for compliance with a legal obligation, such as the performance of a contract (i.e. your insurance policy or a quote) or compliance with legislation;
    3. for statistical purposes, where the Right of Erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
    4. for the establishment, exercise or defence of legal claims.

    Where you request the erasure of personal data, we will need to keep a record of your request so we know that the deletion has happened and why. This is because we are required by our regulator, the Central Bank of Ireland, to retain records of what we do in relation to our regulated activities. However we will keep the record in such a way as to remove as much of the information you have asked us to delete as possible, while accurately reflecting the activity.

  5. Right to data portability

    You have a right to receive from us, in a structured, commonly used and machine-readable format, the personal data you have provided to us. You may also request that we send this personal data to another data controller (such as another financial service provider) where technically feasible. Where we do so we will not be responsible for any action of the other data controller in respect of the transferred data.

    This right of data portability only applies to personal data that we process on the legal basis of consent or for the purpose of entering or performing a contract (i.e. providing your insurance policy) and where the processing is carried out by automated means (in other words, the processing is carried out on a computer). See Section 3 ‘Use of Information’ for more information on the legal bases on which we process your data. The type of data you may request includes details such as your name, address, other contact details and vehicle details.

    If you are planning to exercise this right to transfer your personal data to us from another company, please note the contents of this Data Protection Statement before doing so, in order to make sure you do not provide us with excessive data. We will not be responsible for the quality or accuracy of the data transferred to us. Where we do receive your personal data from you (or directly from another company at your request) we will review the contents of the transferred file and delete any information that is inappropriate, excessive, incorrect or otherwise not required. We may use any remaining information for the purposes set out in this document.

    In circumstances where you either transfer your data directly to us or you arrange for another company to transfer your data to us on your behalf, we will only hold your data for 10 business days before deleting it, unless you contact us during that period.

  6. Right to object

    Where we state in this document that we process your personal data in the public interest or on the basis of a legitimate interest, you are entitled to object to the processing in question on grounds relating to your particular situation (see the legal bases for processing set out in Sections 3 ‘Use of Information’ and 4 ‘Legal Basis for Processing’). We will then stop processing the personal data in question unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or unless we need to use it in relation to legal claims.

    Therefore, if you wish to exercise this right, please contact us (details in Section 1 ‘General’ above) setting out the reason why you want us to stop processing your personal data based on your particular situation. We will then evaluate whether your rights outweigh the necessity of our purpose(s).

    However, please note that if you object to us processing your data, we may not be able to provide certain services or benefits you would otherwise be entitled to under your insurance policy.

  7. Right to restrict processing of your data

    In the following circumstances you have the right to restrict the processing of the personal data concerning you that we hold:

    1. where you feel that the personal data we hold is not accurate. This restriction will be for a period to enable us to verify the accuracy of your personal data;
    2. where the processing is unlawful and you do not want the personal data to be erased and request the restriction of its use instead;
    3. where we no longer need the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of a legal claim;
    4. where you have objected to processing under the Right to Object (as set out in (vi) above), pending the evaluation of whether your rights outweigh the necessity of our purpose(s).

    When processing is restricted your personal data will only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of other people or for reasons of important public interest.

    Depending on the scope of your request, please note that if your insurance policy is current, then it may need to be suspended or terminated. Also, if you are coming near to the end of your policy, we may not be allowed to process your data in order to prepare and send you a renewal notice to invite you to renew your insurance policy.

    We will only lift the restriction of processing after we have informed you that we are doing so.

  8. Right to lodge a complaint

    If you object to the way in which we use your personal information, you have a right to make a complaint to a supervisory authority (i.e. a data protection regulator). As mentioned above, the Data Protection Commission in Ireland is AXA’s Lead Supervisory Authority. You may also contact the relevant Data Protection government body in the country in which you reside at any time. More information can be found on the Data Protection Commission’s website: www.dataprotection.ie, or at the websites set out in the Appendix below.

9. Appendix

National Data Protection Authorities
Ireland
Data Protection Commissioner Canal House
Station Road
Portarlington
Co. Laois

Lo-Call: 1890 25 22 31
Tel: +353 57 868 4800
Fax: +353 57 868 4757
Email: info@dataprotection.ie
Website: http://www.dataprotection.ie
Bulgaria
Commission for Personal Data Protection 2, Prof. Tsvetan Lazarov blvd.
Sofia 1592

Tel: +359 2 915 3523
Email: kzld@cpdp.bg
Website: http://www.cpdp.bg
Cyprus
Commissioner for Personal Data Protection 1 Iasonos Street,
1082 Nicosia P.O. Box 23378,
CY-1682 Nicosia

Tel: +357 22 818 456
Fax: +357 22 304 565
Email: commissioner@dataprotection.gov.cy
Website: http://www.dataprotection.gov.cy
Denmark
Datatilsynet Borgergade 28, 5
1300 Copenhagen K

Tel: +45 33 1932 00
Fax: +45 33 19 32 18
Email: dt@datatilsynet.dk
Website: http://www.datatilsynet.dk
EU
European Data Protection Supervisor Rue Wiertz 60
1047 Bruxelles/Brussel
Office: Rue Montoyer 63, 6th floor

Tel: +32 2 283 19 00
Fax: +32 2 283 19 50
Email: edps@edps.europa.eu
Website: http://www.edps.europa.eu/EDPSWEB
France
CNIL Commission Nationale de l'Informatique et des Libertes 8 rue Vivienne, CS 30223
F-75002 Paris, Cedex 02

Tel: +33 1 53 73 22 22
Fax: +33 1 53 73 22 00
Website: http://www.cnil.fr
Germany
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit Husarenstraße 30
53117 Bonn

Tel: +49 228 997799 0; +49 228 81995 0
Fax: +49 228 997799 550; +49 228 81995 550 Email: poststelle@bfdi.bund.de
Website: http://www.bfdi.bund.de
Greece
Hellenic Data Protection Authority Kifisias Av. 1-3, PC 11523
Ampelokipi Athens

Tel: +30 210 6475 600
Fax: +30 210 6475 628
Email: contact@dpa.gr
Website: http://www.dpa.gr
Italy
Garante per la protezione dei dati personali Piazza di Monte Citorio, 121
00186 Roma

Tel: +39 06 69677 1
Fax: +39 06 69677 785
Email: garante@garanteprivacy.it
Website: http://www.garanteprivacy.it
Malta
Office of the Data Protection Commissioner Data Protection Commissioner: Mr Joseph Ebejer
2, Airways House High Street, Sliema SLM 1549

Tel: +356 2328 7100
Fax: +356 2328 7198
Email: commissioner.dataprotection@gov.mt
Website: http: www.dataprotection.gov.mt
Netherlands
Autoriteit Persoonsgegevens Prins Clauslaan 60
P.O. Box 93374
2509 AJ Den Haag/The Hague

Tel: +31 70 888 8500
Fax: +31 70 888 8501
Email: info@autoriteitpersoonsgegevens.nl
Website: https://autoriteitpersoonsgegevens.nl/nl
Spain
Agencia de Protección de Datos C/Jorge Juan, 6
28001 Madrid

Tel: +34 91399 6200
Fax: +34 91455 5699
Email: internacional@agpd.es
Website: https://www.agpd.es
United Kingdom
Information Commissioner's Office Water Lane, Wycliffe House Wilmslow - Cheshire SK9 5AF

Tel: +44 1625 545 745
Email: international.team@ico.org.uk
Website: https://ico.org.uk