Safeguarding your Information
Privacy Policy
Introduction
- 1.1 At AA Ireland we respect the trust you place in us when you share your personal information with us. We are committed to protecting the privacy of your data. This Policy tells you how we do this as well as informing you about your rights in relation to that data.
- 1.2 This Privacy Policy is issued on behalf of AA Ireland Limited (AA Ireland). When we say “we”, “us” or “our” we are referring to AA Ireland.
- 1.3 The information in this Privacy Policy is important, so we have tried to make it very easy to navigate. You can click on the links to find the information you want easily. A summary of this Privacy Policy can be found in our current Terms of Business, available at the following webpage: Terms of Business
Contents
- Who’s responsible for your personal data?
- How you can contact us
- What personal data do we collect or receive?
- How do we get your information?
- How we use your personal data and our legal basis for doing so
- Who do we share your personal data with?
- Direct marketing
- Using personal data to create profiles and make automated decisions
- Cookies and other tracking technologies
- International transfers of personal data
- Data retention
- Your rights
- How to make a complaint
- Changes to this Privacy Policy
3. Who’s responsible for your personal data?
- 3.1 We are responsible for the personal data you provide to us and will only share such personal data with the AA group of companies and our suppliers and business partners if we are permitted to by law.
4. How you can contact us
- 4.1 If you wish to speak to us regarding your personal data, or if you have any queries in relation to this Policy, please contact our Data Protection Officer:
- Email: compliance@theaa.ie
- Post: AA Ireland, 3rd floor, 80 Harcourt Street, Dublin 2, D02 F449
5. What personal data do we collect or receive?
-
- 5.1 We are committed to collecting and using personal information in accordance with applicable law.
- 5.2 Wherever we collect or use personal information, we will make sure we do this for a valid legal reason, as set out in Section 7 of this Policy.
- 5.3 Where appropriate, we may collect the following categories of personal data about you or any other person who may benefit from one of our products or services which is taken out or sought by you.
- 5.3.1 Contact and identifying information: title; name; address; email address; telephone number; policy number; date and place of birth; gender; relationship status; country of residence; years of residency; driving licence details.
- 5.3.2 Financial information: bank account details; credit/debit card details.
- 5.3.3 Employment details: occupation; employer details; membership status of any relevant bodies.
- 5.3.4 Information relating to the risk insured: description of the risk; value of the risk; premium; renewal date; location information (including geocoding information); motor tax and National Car Test (NCT)/ Certificate of Road Worthiness (CRW) status; driving history and claims history; including information relating to the alleged commission of, commission of or conviction for any relevant offence(s); and information regarding medical conditions.
- 5.3.5 Information relating to other AA products and services such as AA membership: product/membership registration details which may include motor vehicle and driving history details and roadside assistance information such as breakdown information.
- 5.3.6 Claims data: such as details of the circumstances of any incident giving rise to a claim under the policy, details of activities carried out by you and service provided to you following any such incident, details of any other claims that you have made, as well as financial, medical, health and other lawfully obtained information relevant to your claim including PPS number and social welfare information.
Other: call recording, audio visual images and recordings, photographic images, marketing preferences, and website usage information.
6. How do we get your information?
- 6.1 The majority of the personal data we collect is received directly from you when you purchase one of our products or services or when you request an insurance quotation from us.
- 6.2 Sometimes we obtain information about you from another individual who is taking out one of our products or services on your behalf. Where information is provided to us about you from another individual, we expect that you know they are providing this information on your behalf and are content that your information is being provided to us.
- 6.3 We may also receive information about you indirectly via the following:
- When you take out insurance with us, we will collect information about the driving licence number provided. We do this by validating details against the Integrated Information Data Service (IIDS) Hub and the National Vehicle and Driver File (NVDF). We need this information to confirm the licence status of each driver of a vehicle, including their entitlements, relevant restriction information, associated penalty points, endorsement and conviction details.
- When you supply us with an Eircode and/or property address when taking out an insurance policy, we will carry out a search of a public database to determine address-based risk factors (known as geocoding). This search returns information relating to the area where your property is located and forms part of the insurance rating, so that insurers cans provide you with an accurate quotation.
- Publicly available information, including social media websites and online content, news articles, court judgements, public registers and specialist databases (for example Companies Registration Office, SoloCheck, InsuranceLink). If we use information from online sources such as websites, social media and information sharing platforms, we will respect any permissions you have set about how you would like your personal information to be used.
- Your insurer, after the contract of insurance is in place e.g. in the event of a claim.
- We may obtain personal data such as your name and contact details from an AA Approved Car Dealer, where you purchase an AA approved vehicle, as is necessary in order to verify your identity and enable you to avail of complimentary AA Roadside Assistance services
7. How we use your personal data and our legal basis for doing so
- 7.1 AA Ireland will use your personal information primarily for the provision of our products and services to you. We will also use your personal information to transact business; validate and settle any claims; to detect fraud; to develop or enhance our online service; and to personalise information provided to you.
- 7.2 If you are providing us with information for any other person named on your quotation or policy, it is important that they have agreed to their personal information being provided to us.
- 7.3 The table below describes the purpose of using your personal data and the legal basis for doing this.
Purpose for Processing | Legal Basis for Processing |
---|---|
To provide you with a quote for a product we sell or service we provide. | Processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract. |
To verify your identity | Processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract. To comply with legal obligations (for example money laundering requirements). |
To manage and administer your contract with us if you choose to purchase one of our products or services, including communication with you via MyAA or the AA (Ireland) App | Processing is necessary for the performance of a contract. |
To make and receive payments in relation to a product or service which you have purchased from us. | Processing is necessary for the performance of a contract. |
To validate, investigate and/or process any claims you or another person makes in relation to an insurance product you have purchased from us. |
Processing is necessary for the performance of a contract. |
To detect and prevent fraud and assist An Garda Siochana with investigations. | Processing is necessary for compliance with a legal obligation. Processing is necessary for the purposes of our legitimate interests. |
To manage and investigate complaints. | Processing is necessary for the performance of a contract. Processing is necessary for the purposes of our legitimate interests. |
To comply with all relevant legal and regulatory obligations. An example of this is when we contact you in writing with a notification of renewal of the policy of insurance, in accordance with the Non-Life Insurance (Provision of Information)(Renewal of Policy of Insurance) Regulations 2007. |
Processing is necessary for compliance with a legal obligation. |
For statistical analysis, market research, customer satisfaction surveys and data analytics including profiling (see more information on this in Section 10 of this Policy). | Processing is necessary for the purposes of our legitimate interests. This is for the improvement of our processes, products and services. |
To store and make back-ups of your data for disaster recovery purposes. | Processing is necessary for compliance with a legal obligation. |
To inform you of other AA products or services that may be interest to you, where you have opted to receive these. | Processing is carried out with your consent. Processing is necessary for the purposes of our legitimate interests. Our legitimate interest is to tell you about our other products or services which might be of interest to you. |
To deliver and suggest tailored content to personalise your experience with us. | Processing is necessary for the purposes of our legitimate interests. Our legitimate interest is to determine how to communicate the most appropriate message to you. |
To manage our business, including incident management, staff training and to enable us to conduct reporting and improve the quality of the products/services we provide. | Processing is necessary for the purpose of our legitimate interests. Our legitimate interests are to ensure we meet customer expectations and identifying and pursuing new ways to develop and grow our business. Processing is necessary for compliance with a legal obligation. |
- 7.4 We will only process personal information regarding your health where you have provided us with your consent to do so, where processing such data is necessary and proportionate in the provision of an insurance product to you, or in connection with a current or prospective legal claim, or legal proceedings.
- 7.5 We will only process data regarding your criminal convictions and / or offences for the purposes of providing quotes and underwriting where necessary and proportionate for the performance of a contract or in order to take steps at your request prior to entering into a contract, or to process any current / prospective claims or legal proceedings.
8. Who do we share your personal data with?
- 8.1 We may share your personal data, if necessary and in accordance with legal requirements, with the following third parties.
- 8.1.1 Insurers in order to provide you with an insurance quote and the ongoing management of your insurance contract.
- 8.1.2 Our business suppliers including hosting/storage providers, payment providers, customer research partners, and data storage providers.
- 8.1.3 With other AA Branded entities such as Automobile Association Developments Limited (United Kingdom) where they assist us in providing products or services to you
- 8.1.4 With other breakdown organisations in other countries if you have European Breakdown Cover and need assistance abroad
- 8.1.5 With business partners who are a part of providing products and services to you (e.g. AA approved Garages and Car Dealerships)
- 8.1.6 An Garda Siochana and other law enforcement bodies in accordance with legal claims or proceedings, or as required by law.
- 8.1.7 Regulatory and industry bodies including Insurance Ireland, the Motor Insurers Bureau of Ireland, and the Data Protection Commission, as required by law.
- 8.1.8 Our debt collection agency in the event that payments are outstanding on an insurance product.
- 8.1.9 Third Party claimants or their legal representatives in the course of dealing with the administration of a claim.
- 8.2 When you use our AA Approved Car Site and make an enquiry about a particular car using the “Make an Enquiry” button, we will not process this personal data as it is collected directly by CarsIreland. This personal data will be processed by CarsIreland in accordance with its privacy policy which is available here.
9. Direct marketing
- 9.1 If you are a customer of AA Ireland, we may contact you from time to time about our other products or services that we think may be of interest to you. We may contact you by post, email, telephone and text message using the contact information you have given us, where you have opted to receive such communications.
- 9.2 You are in control of the letter mail, emails and texts that you receive, and you can update your preferences or opt out at any time by:
- Emailing us: compliance@theaa.ie
- Calling us: Calling us: 01 617 9950
- Writing to us: Compliance, AA Ireland, 3rd floor, 80 Harcourt Street, Dublin 2, D02 F449
10. Using personal data to create profiles and make automated decisions
- 10.1 When you apply for or take out products or services with us, we may use profiling in order to evaluate, analyse or predict the performance of your contract with us. Profiling is a form of automated processing of the personal data that we hold about you.
- 10.2 The results of this profiling may be a factor in fees or charges set by AA Ireland. If you are an insurance customer, the use of profiling has no implication on the price of your insurance premium as this is determined by the insurer.
- 10.3 The use of automated decision making and profiling are restricted to situations where the decision is necessary for entering into, or performance of, a contract between you and us (e.g. your insurance policy or AA Membership policy), where it is authorised by law or where you have provided explicit consent.
- 10.4 You have the right to object to our profiling using your personal data. This includes your right to have an AA employee review the outcome of any profiling or automated decision that affects you, and to express your point of view and to contest the decision. Please refer to Section 14 of this Policy for further details of your data protection rights.
- 10.5 To understand the logic involved in our use of profiling and why we do this, you may wish to consider the following examples:
- Example – AA Insurance Broker Services
If you are applying to take out an insurance policy through The AA with one of our insurance underwriters, our systems will use categories of personal data relevant to the risk insured (e.g. vehicle details and driving history for motor insurance customers, or destination details for travel insurance customers).
These factors will be used to assess how competitive our insurance prices are, relative to your risk category and may impact on the fees and charges we set. For example, if our profiling model predicts that our prices are uncompetitive for your risk category, our system may automatically apply a discount to your price quotation. - Example – AA Membership
If you are applying to take out an AA membership policy with us, or renewing an existing AA membership policy, our systems will use categories of personal data such as; your vehicle age, make, model, annual kilometres driven, your breakdown call-out history, the price you paid for our products and services in prior years, the payment method you use for our products and services and the county at which your address is located in.
These factors will be used to assess the probability of future breakdowns occurring to your vehicle, as well as your expected propensity to renew your policy and therefore may impact upon the price of your AA Membership policy.
11. Cookies and other tracking technologies
- 11.1 We use necessary cookies to make our site work. Where you have opted in, we may also use cookies and other online technologies for website functional purposes (e.g. online chat function), analytics purposes (e.g. reporting on website usage) and marketing purposes (e.g. tailored online advertising).
- 11.2 You can review and adjust your cookie preferences on our website at any time, by clicking on the ‘C’ icon, in the bottom left hand corner of our website. If you turn cookies off (or refuse to accept a request to place a cookie), you may not have access to some features on our websites and some of our services. For more information on our use of cookies, please read our Cookie Policy.
12. International transfers of personal data
- 12.1 We may need to share your personal data with other members in the AA group of companies, or third parties for the purposes as outlined in this Policy. This means that we may transfer your personal data outside of the European Economic Area (EEA). Sometimes transferring your personal data outside the EEA will be necessary for us to perform our contract with you. We use the European Commission’s standard data protection clauses to provide safeguards for your personal data that is transferred outside the EEA and you can rest assured that we seek to adhere to strict European standards of data security and usage.
- 12.2 The non-EEA countries to which we currently send personal data include Canada and the United States of America.
- 12.3 If you would like more information about the relevant safeguards involved in the transfer of personal data please contact us, using the contact details in Section 4 of this Policy.
13. Data retention
- 13.1 Data will be stored for as long as required to satisfy the purposes for which the data was obtained, unless we are required to keep it for a longer period to comply with an applicable statutory retention requirement, or in connection with potential litigation. For instance, under the Consumer Protection Code, we are required to retain an accurate record of dealings with us for at least six years after your last interaction with us, so that we can respond to any complaint or challenge that you or others might raise at later date.
- 13.2 Quote information may be retained by us for up to 15 months from the date of the quotation (where a policy is not taken out). Call recordings and all policy information will be held for up to 6 years following the end of the policy or relationship with you to ensure we meet our regulatory requirements.
- 13.3 Data will be destroyed in accordance with our legal obligations.
- 13.4 If you require any further information regarding our retention policies, please contact: compliance@theaa.ie. Our retention practices are reviewed and updated from time to time in line with legal requirements and best practice.
14. Your rights
- 14.1 You have several rights in relation to your personal data. You may ask us to:
- (a) provide you with access to the personal data that we hold about you;
- (b) correct your personal data if it is inaccurate or incomplete;
- (c) erase your personal data;
- (d) restrict our processing of your personal data;
- (e) object to our processing of your personal data where our legal basis for processing your data is our legitimate interests;
- (f) request that we move your personal data to another organisation;
- (g) object specifically to us using your personal data for profiling for direct marketing purposes; or
- (h) where you have specifically consented to Our use of your personal data, you have the right to withdraw that consent at any time.
- 14.2 If you would like to exercise any of these rights, please email your request to compliance@theaa.ie or write to AA Ireland, 3rd floor, 80 Harcourt Street, Dublin 2, D02 F449.
- 14.3 We may ask you for proof of identity to verify your request. We do this to ensure we only disclose information where we know we are dealing with the right individual.
15. How to make a complaint
- 15.1 You may contact us for all issues arising from this privacy policy, including requests to exercise your rights, by contacting our Data Protection Officer:
- Email: compliance@theaa.ie
- Post:AA Ireland, 3rd floor, 80 Harcourt Street, Dublin 2, D02 F449
- 15.2 You have a right to make a complaint about how we process your personal data to your data protection supervisory authority. In Ireland this is the Data Protection Commission, which can be contacted by:
- Email: info@dataprotection.ie
- Post: 21 Fitzwilliam Square South, Dublin 2, D02 RD28
- 15.3 We ask that you please attempt to resolve any issues with us before contacting the Data Protection Commission.
16. Changes to this Privacy Policy
- 16.1 We keep our Privacy Policy under regular review to make sure it is up to date and accurate. Updates to our Privacy Policy will be made available on our website, or reissued to you where we need to in order to comply with a legal obligation.