This Privacy Notice sets out the basis on which we, Doddl, gather, use, process, and disclose any personal data we collect about you, or that you provide to us. Our principal business is to provide advice and arrange transactions on behalf of clients in relation to Mortgages, Life Assurance and Pensions.

This Privacy Notice applies to you, whether you are a current, past, or prospective customer. It also applies to third parties whose data you provide to us in connection with our relationship with you (for example, the names of relatives). Please ensure that you provide a copy of this Privacy Notice to any third parties whose personal data you provide to us.

We, Doddl, are the controller of your personal data. If you have any questions or concerns about how we handle your personal data, you can contact us directly. Our Data Protection Officer can also be contacted for any questions or concerns.

Powerstown House, Guertnafleur Business Park, Clonmel, Tipperary.  +353 (1) 6624 600, [email protected]

DPO Contact details:  +353 1 678 8997 / [email protected]

To provide our services to you, we need to obtain personal data from you. This information may include your name, contact details, financial
information, and other information relevant to the services we provide. We use this information to provide you with advice and recommendations on your financial affairs, and to arrange transactions on your behalf. If you are an insurance client, this information may also be health data. The legal basis for processing your personal data is consent, to fulfil our contractual obligations to you, and to comply with legal and regulatory requirements including:

Anti-Money Laundering and Sanctions compliance.

The provision of personal data is a contractual requirement for us to provide our services to you. If you fail to provide the personal data we request, we may not be able to provide our services to you.

From the Consumer Protection Code 5.1:

A regulated entity must gather and record sufficient information from the consumer prior to offering, recommending, arranging or providing a product or service appropriate to that consumer. The level of information gathered should be appropriate to the nature and complexity of the product or service being sought by the consumer but must be to a level that allows the regulated entity to provide a professional service and must include details of consumer’s.

In order for us to give you a recommendation and information on financial products, we need to collect and process personal data about you. If you do not provide the information we need, we may not be able to offer you advice or provide our services to you. The types of personal data that are processed may include:

• Individual details – Name, address (including proof of address), other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and employment history, and family details, including their relationship to you.
• Financial detail – full details on any debts, loans assets you may own.
• Identification details – Identification numbers issued by government bodies or agencies, including your PPS Number, passport number, tax identification number.
• Claims information – information you give us with regards claims you notify us about or ask for help on.
• Policy Information – Information about the quotes you receive and policies you take out.

We may also process Special Categories of Personal Data such as Health information which has additional protection under The General Data Protection Regulation (GDPR). We do not process health information other than hold the information on application forms you have filled in. The Life Insurers process and control your health data to allow them to underwrite your policy or decide to decline cover, they may have further information they have obtained with your approval from your doctor, but we are not privy to this information.

We may collect your personal data from various sources, including:

You, your employer or representative, Life Companies we have agencies with, any other records you have or had any other contracts of insurance with or sought a quote from a us on that is under our agencies, otherwise we will need a letter of authorisation from you to allow us contact other companies on your behalf. When you visit our website and input a request for us to contact you. The sources will depend on your particular circumstances and the product or service you are interested in, or your enquiry relates to.

We will only use your Personal Data for lawful reasons. These are:-

• The use is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering a contract (such as providing a recommendation).
• The use is necessary to comply with our legal obligations.
• You have consented to us using your information in such a way.

• To give you information on and provide you with recommended financial products.
• To provide our service to you.
• To support the efficient and accurate delivery of our services, we may use automated and AI-assisted tools.
• Disclose data to policyholder, life assured, beneficiary, trustee, assignee, successors, group company or to other parties.
• To comply with legal and regulatory requirements including Anti-Money Laundering and Sanctions compliance.
• To understand how people interact with our websites.
• To carry out and determine the effectiveness of advertising, and of marketing campaigns.

We may share your personal data with the relevant company or companies (banks, solicitors, etc) we have agencies with, by way of application forms, by post, email, or through their secure websites online. We will only share your personal data with third parties for the purposes outlined in this Privacy Notice. We receive the majority of your personal data directly from you but may receive data from other sources such as your employer, banks, solicitors, or medical professionals. We may also receive data from other insurance companies/brokers (who we have an agency with) you may have a policy or contract with or sought a quote from. If you wish for us to contact another company on your behalf, we will require a letter of authorisation from you. The above will not apply to all data subjects, it will depend on the services or products you are interested in.

In order to provide our services and to comply with legal obligations imposed on us, we may share your information with:-

We do not transfer your personal data to third countries.

We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. In terms of the documentation provided, we are governed by regulations from the Central Bank which mandates we must retain all documents for six years after our relationship with you ends.

You have the right to access the personal data we hold about you, to have it corrected or deleted, to restrict or object to our processing of it (including machine processing), and to receive a copy of it in a structured, machine-readable format.

• You have the right to request erasure or deletion of data (subject to conditions).
• You have the right to withdraw your consent to our processing of your personal data at any time (where relevant) and the right to object to be subject to a decision based solely on automated processing automated processing.

To exercise any of your rights or for more information, please contact us directly at [email protected].  You also have the right to lodge a complaint with the relevant supervisory authority see below).

As per the Central Bank we are required to keep in touch with all our clients with active policies under our agencies, if the client cancels or moves to a different Broker we will flag them as such on our CRM system and the data will not be processed in any way, we are required by Central Bank to keep all files for at least 6 years after the client is no longer our client.

If you have any concerns about how we handle your personal data, you have the right to lodge a complaint with the relevant supervisory authority, the Data Protection Commissioner.

You can contact them on the link below:

https://www.dataprotection.ie/en/individuals/exercising-your-rights/raising-concern-commission

We are required to adhere to Insurance Distribution regulation (IDR), Consumer Protection Code (CPC), Central Bank Acts, Criminal Justice acts and any other Financial legislation that comes out in the future. We are also governed by the regulations of the Central Bank which mandates we retain all documents for six years.

The provision of personal data is a contractual requirement for us to provide our services to you. If you fail to provide the personal data we request, we may not be able to provide our services to you.

We may use automated and AI-assisted tools to process customer documents and communications. This includes extracting text from
documents, generating summaries for staff review, and analysing communications to support customer service. These tools assist our staff
and do not make decisions about customers without human involvement. Further information about how Doddl uses artificial intelligence is available in our Artificial Intelligence Transparency Notice.

We may update this Privacy Notice from time to time to reflect changes in our practices or in the law. We encourage you to review this Privacy Notice periodically to stay informed about how we handle your personal data.

Updated – 19th January 2026

At Doddl, we are dedicated to using artificial intelligence (AI) in a responsible, transparent, and ethical manner. This statement outlines how we incorporate AI into our services, the steps we take to ensure transparency, and how we address associated risks and ethical considerations.

Doddl uses AI-based tools in a limited and controlled manner to support the delivery of its services and to assist internal operations. These tools are used under internal governance policies and are intended to support staff efficiency and accuracy. AI tools do not replace human judgment or decision-making.

• Customer interactions: Doddl may use automated tools, including chat-based interfaces, to assist with handling customer enquiries and
  communications. Where such tools involve AI-based processing, they are used to support customer service and are subject to appropriate human oversight
• Document processing and review: AI assisted tools are used to support the processing of customer documents, including extracting text from uploaded documents, generating short summaries for staff review, formatting information, and identifying relevant content. This helps improve accuracy and turnaround times when reviewing documentation provided by customers
• Customer Service: Doddl plans to use AI-based tools to analyse customer communications to help understand sentiment and improve the quality and appropriateness of responses. These tools are intended to support service quality, time sensitive matters, and do not make decisions about customers.
• Software development: AI-assisted tools may be used internally to support software development activities, such as code assistance and testing, as part of maintaining and improving Doddl’s systems.
• Internal productivity and operations: AI-based tools may also be used internally to assist employees with tasks such as drafting, summarisation, information retrieval, and process automation to support day-to-day business operations.

Doddl is committed to providing clear and accessible information about how AI is used in our services and operations. Our approach to transparency includes:

• Internal Governance Policies: AI governance policies guide our use of AI to ensure an appropriate balance between efficiency, accuracy,
  and risk management. These policies require human oversight of AI-assisted processes.
• Clear Use Communication: Where AI-assisted tools are used as part of our services, we aim to be transparent about their role and
  purpose. AI is used to support service delivery and internal processes rather than to replace human decision-making.
• AI interaction Indicators: Recognisable AI icons and notices are used to indicate when AI systems are involved in processing information,
  helping users easily identify AI-driven services.
• Data Use Disclosure: Personal data processed using AI-assisted tools is handled in accordance with applicable data protection laws
  and our Privacy Notice. AI is used to perform specific, limited functions related to service delivery and operational support.
• Contractual Controls: Doddl’s use of AI services is subject to appropriate contractual, confidentiality, and security controls with
  relevant service providers to ensure compliance with data protection and information security requirements.
• Accountability and Oversight: Doddl maintains appropriate records relating to the use of AI systems and applies oversight measures to
  support accountability, compliance, and ongoing review of AI-assisted processing.

Doddl prioritises ethical considerations in all aspects of AI deployment. This includes:

• Consideration of Ethical Impacts: Considering the potential implications of AI use and applying appropriate safeguards in line
  with recognised ethical principles and applicable legal requirements.
• Human Oversight: Decisions that affect customers are subject to human review to ensure AI supports, rather than replaces, human
  judgment.
• Respect for Rights: Doddl’s AI systems are designed and used in ways that respect human dignity, privacy, and rights.

Doddl proactively manages risks associated with AI:

• Risk Assessments: Considering potential risks associated with AI-assisted processing and applying appropriate mitigation measures
  where relevant.
• Monitoring and Review: Monitoring the use of AI systems to support compliance, security, and effective operation, and reviewing their
  use as part of ongoing governance activities.
• Employee Awareness and Training: Providing guidance and training to employees on the appropriate use of AI tools, internal governance
  policies, and responsible practices.

We ensure that human decision-making and oversight are integral parts of all our AI systems. For high-risk systems, we apply human-in-the-loop (HITL), human-on-the-loop (HOTL), or human-in-command (HIC) frameworks to maintain control and accountability

If you have any questions, concerns, or feedback regarding Doddl’s use of AI, please contact us at:

Writing: Powerstown House, Guertnafleur Business Park, Clonmel,Tipperary. +353 (1)
Email: [email protected]

At Doddl, we strive to build trust and confidence with our clients, employees, and stakeholders by being transparent about our AI practices.
We are committed to continuous improvement and welcome your feedback to further enhance our AI governance framework.