Privacy Notice for Doddl

This Privacy Notice sets out the basis on which we, Doddl, gather, use, process, and disclose any personal data we collect about you, or that you provide to us. Our principal business is to provide advice and arrange transactions on behalf of clients in relation to Mortgages, Life Assurance and Pensions.

This Privacy Notice applies to you, whether you are a current, past, or prospective customer. It also applies to third parties whose data you provide to us in connection with our relationship with you (for example, the names of relatives). Please ensure that you provide a copy of this Privacy Notice to any third parties whose personal data you provide to us.

How to contact us

We, Doddl, are the controller of your personal data. If you have any questions or concerns about how we handle your personal data, you can contact us directly. Our Data Protection Officer can also be contacted for any questions or concerns.

Powerstown House, Guertnafleur Business Park, Clonmel, Tipperary.  +353 (1) 6624 600, [email protected]

DPO Contact details:  +353 1 678 8997 / [email protected]

Why we process your personal data?

To provide our services to you, we need to obtain personal data from you. This information may include your name, contact details, financial information, and other information relevant to the services we provide. We use this information to provide you with advice and recommendations on your financial affairs, and to arrange transactions on your behalf. If you are an insurance client, this information may also be health data.  The legal basis for processing your personal data is consent, to fulfill our contractual obligations to you, and to comply with legal and regulatory requirements including:

Anti-Money Laundering and Sanctions compliance.

The provision of personal data is a contractual requirement for us to provide our services to you. If you fail to provide the personal data we request, we may not be able to provide our services to you.

From the Consumer Protection Code 5.1:

A regulated entity must gather and record sufficient information from the consumer prior to offering, recommending, arranging or providing a product or service appropriate to that consumer. The level of information gathered should be appropriate to the nature and complexity of the product or service being sought by the consumer but must be to a level that allows the regulated entity to provide a professional service and must include details of consumer’s.

What types of personal data do we collect?

In order for us to give you a recommendation and information on financial products, we need to collect and process personal data about you. If you do not provide the information we need, we may not be able to offer you advice or provide our services to you. The types of personal data that are processed may include:

  • Individual details – Name, address (including proof of address), other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and employment history, and family details, including their relationship to you.
  • Financial detail – full details on any debts, loans assets you may own.
  • Identification details – Identification numbers issued by government bodies or agencies, including your PPS Number, passport number, tax identification number.
  • Claims information – information you give us with regards claims you notify us about or ask for help on.
  • Policy Information – Information about the quotes you receive and policies you take out.

We may also process Special Categories of Personal Data such as Health information which has additional protection under The General Data Protection Regulation (GDPR). We do not process health information other than hold the information on application forms you have filled in. The Life Insurers process and control your health data to allow them to underwrite your policy or decide to decline cover, they may have further information they have obtained with your approval from your doctor, but we are not privy to this information.

Where We May Collect Your Personal Data From

We may collect your personal data from various sources, including:

You, your employer or representative, Life Companies we have agencies with, any other records you have or had any other contracts of insurance with or sought a quote from a us on that is under our agencies, otherwise we will need a letter of authorisation from you to allow us contact other companies on your behalf. When you visit our website and input a request for us to contact you. The sources will depend on your particular circumstances and the product or service you are interested in, or your enquiry relates to.

Legal Bases for Processing Your Information

We will only use your Personal Data for lawful reasons. These are:-

  • The use is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering a contract (such as providing a recommendation).
  • The use is necessary to comply with our legal obligations.
  • You have consented to us using your information in such a way.

The Purpose of Processing Your Information

  • To give you information on and provide you with recommended financial products.
  • To provide our service to you.
  • Disclose data to policyholder, life assured, beneficiary, trustee, assignee, successors, group company or to other parties.
  • To comply with legal and regulatory requirements including Anti-Money Laundering and Sanctions compliance.
  • To understand how people interact with our websites.
  • To carry out and determine the effectiveness of advertising, and of marketing campaigns.

Who we share your personal data with

We may share your personal data with the relevant company or companies (banks, solicitors, etc) we have agencies with, by way of application forms, by post, email, or through their secure websites online. We will only share your personal data with third parties for the purposes outlined in this Privacy Notice. We receive the majority of your personal data directly from you but may receive data from other sources such as your employer, banks, solicitors, or medical professionals. We may also receive data from other insurance companies/brokers (who we have an agency with) you may have a policy or contract with or sought a quote from. If you wish for us to contact another company on your behalf, we will require a letter of authorisation from you. The above will not apply to all data subjects, it will depend on the services or products you are interested in.

In order to provide our services and to comply with legal obligations imposed on us, we may share your information with:-

  • Pension Trustees, & beneficiaries of Pensions & other Financial Products, Relatives & guardians, (in certain circumstances such as death claim, retirement etc.)
  • Employers – past, present and prospective eg. with regards deferred and current pension options.
  • Legal, financial, investment, medical, & other professional advisors in the process of submitting your application to the various companies and lenders for the business you are transacting.
  • Companies we may outsource our printing and posting to.
  • Businesses that refer your business to us. Eg. Solicitors, Accountants.
  • Database provider all data encrypted eg. holds client data.
  • The Pensions Authority. Re your pension plan approval.
  • Insurers and Lenders we have agencies with to allow your policy/Mortgage to be transacted.
  • Anti Money Laundering reporting to – An Garda Síochána, Revenue.
  • Central Bank of Ireland. We are authorised by Central Bank, and they have the right to inspect our files and our business.
  • The Financial Services Ombudsman. In the event of a complaint by a client.

 
  • The Revenue Commissioners. Re pensions and Dirt tax.

 

Do we transfer your personal data outside of the EEC

We do not transfer your personal data to third countries.

How long do we retain your personal data?

We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. In terms of the documentation provided, we are governed by regulations from the Central Bank which mandates we must retain all documents for six years after our relationship with you ends.

What rights do I have as a data subject/individual?

You have the right to access the personal data we hold about you, to have it corrected or deleted, to restrict or object to our processing of it (including machine processing), and to receive a copy of it in a structured, machine-readable format.

  • You have the right to request erasure or deletion of data (subject to conditions).
  • You have the right to withdraw your consent to our processing of your personal data at any time (where relevant) and the right to object to be subject to a decision based solely on automated processing automated processing.

To exercise any of your rights or for more information, please contact us directly at [email protected]You also have the right to lodge a complaint with the relevant supervisory authority see below).

 

As per the Central Bank we are required to keep in touch with all our clients with active policies under our agencies, if the client cancels or moves to a different Broker we will flag them as such on our CRM system and the data will not be processed in any way, we are required by Central Bank to keep all files for at least 6 years after the client is no longer our client.

How do I complain?

If you have any concerns about how we handle your personal data, you have the right to lodge a complaint with the relevant supervisory authority, the Data Protection Commissioner.

You can contact them on the link below:

https://www.dataprotection.ie/en/individuals/exercising-your-rights/raising-concern-commission

Do you need my personal data for statutory or contractual requirement or obligation and the possible consequences of failing to provide the personal data?

We are required to adhere to Insurance Distribution regulation (IDR), Consumer Protection Code (CPC), Central Bank Acts, Criminal Justice acts and any other Financial legislation that comes out in the future. We are also governed by the regulations of the Central Bank which mandates we retain all documents for six years.

The provision of personal data is a contractual requirement for us to provide our services to you. If you fail to provide the personal data we request, we may not be able to provide our services to you.

Do we use any automated decision-making system, including profiling on your personal data?

Where we use automated decision-making, you will always be informed & you will be entitled to have a person review the decision so that you can contest it and put your point of view and circumstances forward. E.g. When we produce customised or specific quotes for your particular circumstances or for the business you are contacting us about. When we want to market to you, we strive to only provide the most relevant marketing to our customers so may use a program filter for our communications by various criteria e.g. by age for pension campaigns etc.

Changes to this Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices or in the law. We encourage you to review this Privacy Notice periodically to stay informed about how we handle your personal data.

Updated – 24th May 2024