Intact Insurance Data Protection Notice
At Intact Insurance, we’re committed to ensuring that your personal data is protected. This Notice explains how we use the information we collect about you and tells you about your data protection rights.
Who are we?
Where we refer to “we” “us” “our” we mean Intact Insurance Ireland DAC, a subsidiary of Intact Financial Corporation (‘Intact’). We provide personal and commercial insurance products and services, and we also provide insurance services in partnership with other companies. We’re a Data Controller in relation to your personal information. Our contact information is in Section 9 below.
What information do we collect about you and why?
We use your personal information to provide insurance services such as giving a quote, underwriting and servicing your policy and handling claims under an insurance contract. We also use your personal data for related matters such as complaints handling, prevention or detection of fraud, for reinsurance purposes and statistical analysis.
The following (non-exhaustive) categories and types of personal information that we may collect and use about you (or other people to be insured) includes:
Policy Information: name, address, Eircode, contact details, phone numbers, date of birth, occupation, policy numbers, gender, driving licence details and penalty points information, vehicle details, renewal dates of policies with other insurers, bank and payment card details, claims data, health data, images, vulnerability data (more information below), call recordings, VAT or other relevant tax numbers, customer survey responses, geo-location and driving behaviour data.
Claims Information: claim circumstances, health data (see below), criminal conviction data (see below), call recordings, voice and images (e.g. CCTV, photographs, dash cam and other video or voice recordings), details of damaged property, estimates, costs, payments, recoveries, PPS number, VAT status, details of services provided to you as part of claims.
Information from Other Sources: Penalty points, address look up, car details and history, GPS tracking (where you’ve a motor product which features this), claims history, Insurance Link information, online information. Section 3 has more detail.
Health Data: medical and health information, vulnerability data related to health (more information below).
Criminal Conviction Data: driving offences and conviction history.
Marketing Preferences: whether you want us to send you news and offers related to products and services.
Online Information: information collected through website cookies and other similar technologies (e.g. pixel trackers or ‘like’ buttons) when you visit our website or use one of our mobile Apps, such as on-line identifiers like IP addresses.
Note: You don’t have to provide us with any personal information, but if you don’t provide certain information that we need then we may not be able to proceed with your application for insurance, continue your policy or progress a claim that you make. We will let you know what information is required to proceed with your application or claim.
When looking for an insurance quote from us, you will need to provide us with information relating to what you wish to be insured (e.g., car make/model, your home, details about you or other people to be insured). When buying certain products, we may need to collect special categories of data (e.g. medical or health information) and driving offences or convictions history. If you become vulnerable, due to a life event, health issue or other matter, we will seek to identify this and decide what additional support we can provide, so we can meet your needs and fulfil our obligations to you. To provide our products, we will also need to process your payment information (e.g. bank account details, credit and debit card details) to collect payments from you and to issue any refunds to you.
We may need to contact you if you request a quote from us and/or to service your policy. This may be done via your intermediary (if applicable), through our/their website (including digital chat media), by email, SMS, mobile Apps, telephone calls and/or by post. Telephone calls and the other ways we contact you or you contact us may be recorded for quality assurance, training, verification and security purposes.
Where you have opted for a motor product involving GPS vehicle tracking, we will collect and process information from the smart sensor installed in your car including geo-location, driving behaviour and/or kilometer usage data (‘telematics’ data).
If you need to claim under your insurance policy, or if you are making a claim against an Intact Insurance policyholder, we normally need to collect information that evidences what happened in the incident. If other people are involved in the incident, we may also need to collect additional information related to them (including children) which can include special categories of data (e.g. injury and medical information).
When applying to us for an insurance policy, you may need to provide us with information relating to other people insured under the policy (or later if there’s a claim). You agree that you will bring this Notice to the attention of each person named on the policy at the earliest possible time. Ensure that anyone else who is insured under your policy or may be a beneficiary (e.g. arising from a claim settlement) has agreed to provide their personal information to us. For those customers who have taken out a telematics-based motor product, you should let all drivers of your car know about the black box or smart sensor fitted to your vehicle that collects information about where and how your car is driven.
Secondary processing of your personal information (i.e., for a purpose other than for which it was collected) may occur but only in accordance with data protection laws, e.g. where necessary and proportionate for the purposes of preventing, detecting, investigating or prosecuting criminal offences, or for the purposes of legal advice and legal proceedings.
This table describes the purposes for which we use your personal data (from Section 2) and the legal basis for doing so.
| Purpose | Legal Basis |
|---|---|
| To provide you with an insurance quote and to provide you with insurance cover if you decide to buy a product. | Processing is necessary for the performance of a contract or to take steps at your request prior to entering into a contract. |
| To assess the information you have provided and decide whether we can provide you with cover and at what price. | |
| To verify your identity and to verify the accuracy of the information we receive. | Processing is necessary for the performance of a contract or to take steps at your request prior to entering into a contract. Processing is necessary for the purposes of our legitimate interests to investigate and prevent potential fraud. Processing is necessary to comply with legal obligations e.g. Consumer Insurance Contracts Act 2019. |
| To administer your insurance contract and make any changes during its term, answer queries, provide updates and process a cancellation. | Processing is necessary for the performance of a contract or to take steps at your request prior to entering into a contract. |
| To arrange any payments in relation to your policy or a claim. | |
| To manage and investigate any claims made by you or another person under your policy of insurance, or by you as a Third Party against our policyholder including for the defence of legal proceedings. | Processing is necessary for the performance of a contract or to take steps at your request prior to entering into a contract. Processing is necessary for the purposes of our legitimate interests. The interest is to manage our business. |
| If you have opted for a telematics motor insurance product, data collected via the smart sensor installed in your car may be used to determine the circumstances surrounding any claim under your policy, your car’s location, kilometres travelled, driving behaviour (such as your car’s speed) and also to identify any unacceptable driving. | Processing is necessary for the performance of a contract or to take steps at your request prior to entering into a contract. Processing is based on your consent (to access and store data on the smart sensor only). Processing is necessary for the purposes of our legitimate interests. The interest is to manage our business. |
| To detect and prevent fraud, money laundering and other offences. To assist An Garda Siochána or any other authorised law enforcement body with their investigations. | Processing is necessary for the purposes of our legitimate interests to investigate and prevent potential fraudulent and other illegal activity. Processing is necessary to comply with legal obligations e.g. Criminal Justice Act 2011, Section 19. |
| To manage and investigate any complaints. | Processing is necessary for the performance of a contract or to take steps at your request prior to entering into a contract. Processing is necessary to comply with legal obligations e.g. Central Bank Codes of Conduct such as the Consumer Protection Code. |
| For reinsurance purposes. | Processing is necessary for the purposes of our legitimate interests in protecting ourselves from excess losses due to high exposure. |
| To comply with laws and regulations. | Processing is necessary to comply with legal obligations. |
| For statistical analysis including internal risk assessment, portfolio performance reporting or market-level research exercises or for customer satisfaction surveys. | Processing is necessary for the purposes of our legitimate interests. This interest is to improve our processes, products and services. |
| For quality assurance, training, records maintenance, security and verification purposes, for example the recording or live monitoring of telephone calls. | Processing is necessary for compliance with our legal obligations e.g. the Central Bank Minimum Competency Code and Minimum Competency Regulations 2017. Processing is necessary for the purposes of our legitimate interests. This interest is to improve our processes, products, and services. |
| For staff training, performance reviews and internal disciplinary purposes. | |
| For the ongoing development, testing and security of our IT systems; to make back-ups of data in case of emergencies and for disaster recovery purposes. | Processing is necessary for the performance of a contract or to take steps at your request prior to entering into a contract. Processing is necessary to comply with legal obligations e.g. Central Bank Guidance and Requirements. Processing is necessary for the purposes of our legitimate interests. The interest is to protect and to ensure the continuity of our business. |
| To develop and improve how our machine learning, artificial intelligence and statistical modelling tools work. | Processing is necessary for the purposes of our legitimate interests. This interest is to improve our processes, products, and services. |
| For direct marketing purposes. | Processing is based on your consent. |
| To issue service-related communications to you such as policy renewal reminders, policy cover reminders, new website and customer service features or adverse weather alerts. | Processing is necessary for our legitimate interests. This interest is to communicate important information to you to ensure continuity of cover, awareness of policy cover, new service features and to help safeguard your property. |
| Some cookies are essential to operate our websites and Apps. Other optional cookies are used by us and our thirdparty service providers to help improve our and their products and services, functionality and performance of our websites and Apps, and to support effective advertising. For further information please see our Cookie Policy. | Processing is necessary for the performance of a contract or to take steps at your request prior to entering into a contract (i.e., use of cookies which are essential or strictly necessary to provide you with the service which you have requested). Processing is based on your consent. |
How else do we collect information about you?
Where possible, we will collect your personal information directly from you. However, on occasion we may receive information about you from other sources. For example:
- It was given to us by someone who is applying for an insurance product on your behalf (your insurance broker/ intermediary, spouse or partner).
- It was supplied to us when you purchased, or sought to purchase, an insurance product or service that is provided by us in partnership with other companies.
- Other companies within the Intact Financial Corporation.
- In the event of a claim or incident it was given to us by involved third parties or by witnesses to the incident.
- From experts or professionals during the claims process e.g., legal representatives, medical professionals, loss assessors, loss adjustors, accident and private investigators, motor repairers, motor engineers, car hire providers, expert appraisers and salvage providers.
- It was lawfully collected from other sources such as the Integrated Information Data Service (‘IIDS’) which is a shared industry members database that, by arrangement with the Department of Transport, allows its users to confirm the accuracy of penalty point and no-claims discount information provided by customers.
- From vehicle history check suppliers/databases.
- Through credit history checks.
- Through geocoding databases used to determine location-based risk factors (for example using your Eircode).
- From searches of open source and publicly available information (e.g. social media platforms and on-line content, court judgements etc).
- From the Insurance Link claims anti-fraud database (for more information see www.inslink.ie), from insurance companies and from other fraud prevention databases and data enrichment services available in the insurance industry. The aim of this is to help us to check information for fraud and to check against misrepresentation.
- Personal data collected through website cookies processing e.g. IP address.
Will we share your personal information with anyone else?
We may share your details with other third parties (e.g., service providers, data processors, other data controllers) to administer your policy, handle and validate claims, prevent and detect fraud, provide marketing and advertising services, comply with laws and regulations and to conduct internal or market level research analysis. For example, with:
- Your Intermediary and anyone authorised by you to act on your behalf.
- Our third-party service providers such as our information technology suppliers, cloud service providers, data storage providers, payment services providers, documentation fulfilment providers and companies that deliver policy benefits, such as breakdown assistance.
- Other companies within the Intact Financial Corporation.
- The Insurance Link claims anti-fraud database (for more information see www.inslink.ie), with other insurance companies and with industry bodies such as Insurance Ireland.
- Loss adjusters, motor repairers, car hire providers, medical practitioners, solicitors, expert appraisers and other firms as part of the claims handling process.
- Private Investigators and Claims Investigators when we need to further investigate certain claims.
- Property and Risk Surveyors.
- Other fraud prevention databases and data enrichment service providers available in the insurance industry.
- In the event that we may be taken over, or sell any business or assets, in which case we will disclose your personal information to the prospective buyer of such business or assets.
- Reinsurers (and brokers of reinsurers) who provide reinsurance services to us.
- Third party claimants or their legal representatives during the administration of a claim being made against you.
- Law enforcement agencies and government departments including the Central Bank of Ireland, the Financial Services and Pensions Ombudsman, the Revenue Commissioners/Inspector of Taxes, An Garda Siochána, the Criminal Assets Bureau, the Data Protection Commission - as a result of our legal and regulatory obligations or on order of a Court Order or Subpoena.
- We add details of your motor policy to the Irish Motor Insurance Database (‘IMID’) consisting of the Motor Third Party Liability Database (‘MTPLD’) and National Fleet Database (‘NFD’) maintained by the Motor Insurers Bureau of Ireland (‘MIBI’), to comply with our legal obligations under section 78A of the Road Traffic Act 1961 (as amended). This information can be used by government bodies such as An Garda Síochána and the MIBI for purposes permitted by law, including electronic licensing and law enforcement. For more information see www.mibi.ie.
- The Injuries Resolution Board, Ireland's state body which assesses personal injury compensation.
- Our trusted partners, and with third parties where personal data is processed via the use of cookies or other similar technologies for specific purposes. For more information about how and why we use cookies, please visit our Cookie Policy on our website (www.intactinsurance.ie).
Sometimes the parties we share information with (including transfers within the Intact Financial Corporation) may be located outside of the European Economic Area (‘EEA’). We will only do this by reliance on an approved ‘transfer mechanism’ such as European Commission adopted Standard Contractual Clauses, (typically Module 1 and 2, which allow for transfers from Controllers in the EEA to Controllers or Processors outside the EEA), such as to India and the United States of America. We also rely on Adequacy decisions of the European Commission (including the United Kingdom and Canada). If you want more detail, please get in touch using the contact information below. You can also find out more on the European Commission’s website.
Profiling, automated decision making and data analytics
We may conduct the following activities, which involve profiling and automated (computer based) decision-making:
- Insurance involves assessing risks, making determinations as to whether to accept or reject risks and charging the correct premium for each risk. When you apply for insurance, we may use Pricing and Underwriting engines and algorithms to create risk profiles about you and to make fully automated decisions – this involves processes which calculate the insurance risk based on the information you have supplied or that we have collected about you.
- The use of Telematics/ Smart Sensor data analytics – where you have opted for an insurance product that collects information using smart sensors (e.g., in-car “black box”) and this is used to calculate your insurance risk.
The results of these processes will be used to assess your individual risk and to determine if we can provide, or continue to provide, you with a policy, to decide its terms and to calculate the premium you have to pay. If you do not agree with the result, you have the right to request human intervention to allow you to express your point of view, to obtain an explanation of the decision reached and to contest the decision.
In respect of Claims, we may use profiling or automated processing to identify if your claim presents a higher risk of fraud (but these processes do not involve decisions being made solely based on automated decision-making).
We may also use your personal information to develop and improve our machine learning, artificial intelligence, statistical modelling and to develop or improve our products, services and processes.
How long will we keep your personal information?
In general, we will retain your personal information for 7 years from the date of cancellation of your policy or the closure/settlement of your claim. Quote information (where a policy is not taken out) is generally retained for 6 months. We generally retain call recordings for 7 years from the date of the recording to comply with our regulatory obligations. There may be reasons why we need to retain your personal information for longer periods, for example in the case of employer’s liability insurance and subsidence matters, or to comply with our legal and regulatory obligations.
What are your Rights?
You have legal rights under data protection law in relation to your personal information:
- Right to Rectification: Correct any information we hold about you if you think it’s incorrect or incomplete.
- Right to Erasure: Request your personal information be deleted where you believe it’s no longer required. We may not always be able to do this, for example, while you’re still insured with us or where we need to keep your personal data to meet legal or regulatory obligations.
- Right of Access: Provide you with a copy of the personal information we hold about you.
- Right to Portability: Request that we transfer a machine-readable copy of the personal information you have given us, to another company.
- Right to Restriction: Request that we restrict our use of your personal information in certain circumstances.
- Right to Object: Object to the processing of your personal data for marketing purposes or for any purpose where processing (including profiling) is necessary for the purposes of our legitimate interests (see table above).
- Right to Withdraw Consent: To withdraw your consent at any time, where your consent is our basis for using your data (see table Section 2 table) without affecting the lawfulness of processing before consent is withdrawn.
- Right to Contest Decisions: To contest decisions based solely on automated decision making, obtain an explanation of the decision reached, express your point of view, and ask for human intervention.
Please note that requests to object to or restrict the use of your personal information may lead to us being unable to continue to service your policy and lead to cancellation of your policy.
If you would like to request any of these Rights, please email us at ie_dataprotection@intactinsurance.ie or write to us at the address in Section 9 of this Notice. When you’re making the request please provide us with your name, address, date of birth and any policy numbers that you have. You may need to provide us with a copy of your photo identification to ensure we do not provide your personal information to anyone that is not entitled to it.
All requests are free, unless we think your request is manifestly unfounded or excessive in nature. We aim to respond within one month from receipt of your request. If we cannot, due to the complexity or repeated nature of a request, we will let you know as soon as possible and explain the reason for this.
Submitting a request does not mean we will be able to complete it or complete it fully. We are often bound by legal and regulatory obligations or may rely on a lawful exemption which restricts the scope of our obligations as a Data Controller. When this is the case, we will explain this to you in our response, and that you can lodge a complaint with the Data Protection Commission or bring the matter to Court.
Changes to our Data Protection Notice
This Notice will be updated from time to time so please check it each time you submit information to us or renew your policy.
How do you ask a question about this Data Protection Notice?
If you have any questions, contact: The Data Protection Officer, Intact Insurance Ireland DAC, Dundrum Town Centre, Sandyford Road, Dundrum, Dublin 16, D16 FC92. You may also email us at ie_dataprotection@intactinsurance.ie.
How do you Complain?
If you’re unhappy and want to complain, please contact us at ie_dataprotection@intactinsurance.ieor write to us using the address provided in Section 9. Our Data Protection Officer will investigate your complaint and will give you additional information about the complaint process. We aim to respond in a reasonable timeframe, normally within one month.
If you’re not satisfied with our response, you can contact the Data Protection Commission:
Post: Data Protection Commission, 6 Pembroke Row, Dublin 2, D02 X963
Phone: 01 7650100 / 1800 437 737
Email: info@dataprotection.ie
Representatives
The General Data Protection Regulation (‘GDPR’) requires organisations not established in the European Union (‘EU’) to designate an EU representative if they’re subject to the GDPR, for example offering products/services to EU citizens.
Intact may undertake processing activities to which the GDPR applies, and as they do not have an establishment in the EU they have appointed an EU Representative, Intact Insurance Luxembourg S.A, to act on their behalf. The EU representative can be contacted at the following address dp@intactinsurance.eu. The EU Representative will address any issues and/or queries you may have relating to Intact Insurance’s processing of your personal data. The EU representative will also deal with data subject rights requests for EU citizens and enquiries by EU supervisory authorities on Intact Insurance’s behalf.
UK Representative
We have appointed a representative based in the UK who may address any issues and/or queries you may have as a UK citizen (to the extent this applies) relating to our processing of your personal data in line with the UK GDPR and/or with this Notice more generally. Our UK representative will also deal with data subject rights requests for UK citizens and enquiries by the UK supervisory authority (the Information Commissioner’s Office) on our behalf. Our UK representative is Intact Insurance Ireland DAC, UK Branch and can be contacted directly by email at the following address ni_dataprotection@intactinsurance.ie.
This Notice is effective from October 2025.
Intact Insurance Ireland DAC trading as Intact Insurance is regulated by the Central Bank of Ireland and is a private company limited by shares registered in Ireland under number 148094 with registered office at Intact House, Dundrum Town Centre, Sandyford Road, Dundrum, Dublin 16, D16 FC92.