John F. Loughrey & Associates Ltd Privacy Statement
Data privacy is taken very seriously at John F. Loughrey & Associates Limited. It is important that you know exactly what we do with the personal information you and others provide to us, why we gather it and what it means to you. This document outlines our approach to Data Privacy to fulfil our obligations under the General Data Protection Regulation (GDPR). We also welcome it as an opportunity to reassure you of the importance we place on keeping your personal data secure, and of the strict guidelines we apply to its use. We want you to be clear on:
- Who we are
- The information we collect about you
- When and how we collect information about you
- The purpose and legal basis for processing your data
- Profiling – automatic decision making
- Implications of not providing information
- How long we hold your information for
- Who we share your information with
- Your information rights
- Additional Processing
- How to contact us and/or our Data Representative
- Changes to this notice
John F. Loughrey & Associates Ltd complies with the requirements of the General Data Protection Regulation 2018 and the Irish Data Protection Act 2018. The data which you provide to us will be held on a computer database and paper files for the purpose of arranging transactions on your behalf. The data will be processed only in ways compatible with the purposes for which it was given and as within this Privacy Notice.
John F. Loughrey & Associates Ltd. t/a John F. Loughrey Financial Services is committed to protecting and respecting your privacy. Throughout this document “the Company”, “we”, “us” or “our” refers to John F. Loughrey Financial Services. We wish to be transparent on how we process your data and show you that we are accountable with the GDPR in relation to not only processing your data but ensuring you understand your rights as a client.
It is the intention of this Privacy Statement to explain to you the practices of the Company in relation to the information we collect about you.
Please read this Statement carefully as it sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Who Are We?
John F. Loughrey Financial Services is an insurance brokerage and provide financial advice on various products, including protection, savings, investments, deposits and pensions. We are located at Crossview House, Letterkenny, Co. Donegal, Ireland.
For the purposes of GDPR the individual in the Company responsible for data protection is:
- Stephen Walsh, Compliance Officer
- Contact details are firstname.lastname@example.orgTel: 074 91-24002
What Information Do We Collect About You?
- For prospective clients we collect personal data necessary to help make recommendations suitable to your needs and circumstances and which may be required for future transactions. The personal data we gather initially includes contact details, address, date of birth, employment details, financial information and an assessment of risk profile, if applicable.
- For existing clients we collect personal data necessary to communicate with you in regard to your existing business and also to advise you of other products we deem suitable for you.
- We may hold information about you which includes sensitive personal data, such as medical information where for example you apply for a protection policy. We will only hold this information when we need to for the purposes of the services we provide or where we have a legal obligation to do so.
When and How We Collect Your Information
The following are the different sources we may collect personal data about you from:
- Directly from you – this is the personal data you provide to us during meetings, telephone calls, etc.
- We may source personal data from an agent/third party acting on your behalf; e.g. Accountant; however, we will secure your permission to request this.
- Companies Registration Office online. This can be used to confirm Company Directors, year-end date, Company Registration Number, etc.
- By reference or word of mouth; e.g. you may be recommended by a friend, former employer, family member or some other 3rd party who has disclosed personal information about you and/or your circumstances.
- Our website - you may visit our website without identifying yourself or revealing any personal information. We collect domain information from your visit to customise and improve your experience on our website. The website may collect certain information from your visit, including the date and time of your access, the pages you have accessed, the name of the Internet Service Provider and the Internet Protocol (IP) address by which you are accessing the internet and the internet address from which you linked to our site, if applicable. We use this information to better understand how our website is being used so that we can improve it’s performance. Some portions of this website may request that you give us information about yourself, from which we are able to identify you, such as your name, email or other information.
The Purpose & Legal Basis For Processing Your Information
We use your personal data for the following purposes:
- To establish your eligibility for our products and services
- To ensure we provide you with the best advice and most suitable products
- To verify your identity and prevent fraud
- To complete applications with third parties on your behalf
- To help manage and administer the business you hold through our office
- To keep in touch with you regarding your existing business
- To advise you on products we deem may be suitable for you
- To manage and respond to a complaint or appeal
- To comply with our legal and regulatory obligations
In any event, the Company is committed to ensuring that the information we collect and use is appropriate for these purposes, is compatible with the EU’s GDPR and most importantly does not constitute an invasion of your privacy. We will endeavour to keep your information accurate and up to date and not keep it for longer than is necessary.
Sometimes we may collect and use your information even though you are not a customer of ours. For example, you may be a beneficiary, guarantor, director or representative of one of our customers, or you may be in the process of making an application through John F. Loughrey Financial Services.
If you give us information about someone else (for example, information about a spouse or financial associate provided during the course of a joint application with that person), or someone gives us information about you, we may add it to any personal information we already hold and we will use it in the ways described in this Data Privacy Notice. Before you disclose information to us about another person, you should be sure that you have their agreement to do so. You should also show them this Data Privacy Notice. You need to ensure they confirm that they know you are sharing their personal information with us for the purposes described in this Data Privacy Notice.
Profiling – Automatic Decision Making
We may use profiling to make decisions in regard to recommendations we intend to make to you.
The main categories of profiling are:
- Risk profiling for investment purposes
To establish a customer’s attitude to investment risk, in regard to pensions and investments, we complete an online risk questionnaire which identifies a customer’s attitude to and tolerance for risk having answered a series of questions.
- Profiling for marketing purposes
When we seek to contact you about other services, we may run automated queries on our CRM system to establish the suitability of proposed products or services to your needs.
You can object to the use of your data for profiling purposes.
What Happens If You Do Not Provide Us With The Personal Data We Request Or Ask That We Stop Processing Your Personal Data?
If you do not provide the personal data necessary or withdraw your consent for the processing of your personal data, we may not be able to adequately assess your needs and recommend suitable products to you.
If you have omitted or failed to provide the personal data necessary during your application process it may constitute non-disclosure in the event of a claim. If you withdraw your consent for the processing of your personal data, we may be unable to communicate with you to update you on your business.
How Long Do We Keep Your Personal Data For?
Your personal data will be held on our CRM system and in a paper file for 6 years after the last piece of business you held with our office matured, expired or was surrendered. The paper file will be shredded at that time and your details deleted from the CRM system.
We will retain your details for up to 18 months after the last date of contact, unless it is agreed with you that you would like us to contact you around the time of a specific event outside of this timeframe.
Data will not be held for longer than is necessary for the purpose(s) for which it was obtained. We will process personal data in accordance with our Retention Schedule. This Retention Schedule has been governed by our regulatory body, The Central Bank of Ireland and our internal governance.
Who Are We Sharing Your Data With?
Your personal information will be shared with any financial institution you agree to do business with; e.g. bank, insurance company, etc and may also be shared with any financial institution that we obtain quotes from on your behalf. However, only the information they require will be shared. Any third parties we share your data with are obliged to keep your details securely and to use them only to fulfil the service they provide on your behalf. When they no longer need your data to fulfil this service, they are required to dispose of your information in line with the relevant procedures.
We may need to share your information with companies that provide support services for the purpose of protecting our legitimate business interests for example in the case of a complaint our insurers and reinsurers would need to be notified.
Where obliged we may have to share information about you with statutory and regulatory bodiesincluding but not limited to central and local government, the Data Protection Commission, the Financial Service and Pensions Ombudsman and Revenue Commissioners and also to law enforcement authorities such as An Garda Siochana, the Criminal Assets Bureau, US, EU and other designated authorities in connection with combating financial and other serious crime.
If we transfer personal data to a third party or outside the EU, we as the Data Controller, will ensure the recipient (processor or another controller) has provided the appropriate safeguards and on condition that enforceable data subject rights and effective legal remedies for you the data subject are available.
Providing and holding personal information comes with significant rights on your part and significant obligations on ours.
At any point while we are in possession of, or processing your personal data, you have the following rights:
- Right of access – you have the right to request a copy of the information we hold about you. We are obliged to respond without undue delay and facilitate your request within 30 days. More details are available in our Subject Access Request Procedure which is available on request.
- Right of rectification – you have the right to correct data we hold about you if it is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to
request that this does not take place.
- Right to judicial review: in the event that we refuse your request under rights of access, we will provide you with a reason for the refusal.
- Right to lodge a complaint: you have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator and/or the Company’s Data Protection representative.
- Right to withdraw consent: if you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although, if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.
All of the above requests will be forwarded on should there be a third party involved as we have indicated in the processing of your personal data.
If we intend to further process your personal data for a purpose other than for which the data was collected, we will provide you with this information prior to processing the data.
Your privacy is important to us. If you have any comments or questions regarding this Privacy Statement, please contact us on 074 9124002 or e-mail Stephen@jfl.ie.
- When such a change is made, we will post a revised version of the Privacy Statement on our website: www.jfl.ie.
- Changes will be effective from the point at which they are posted.