MENU

Privacy Notice

LHK Group cares about your privacy and wants you to feel confident about how we handle your personal information.
We promise to be open about what we do with your data and to follow GDPR rules. We also want to make sure you
know what your rights are when it comes to your information. For the purposes of the GDPR the data controller is LHK
Group.

The LHK Group includes the following regulated entities:
• LHK Insurance Ltd T/A LHK Insurance and LHK Group
• LHK Kelleher Insurance Ltd T/A LHK Kelleher Insurance, LHK Financial and LHK Group
• Finance One Ltd T/A Finance One, MortgageOne, and LHK Group

Dublin: Rosemount House, Dundrum Road, Co Dublin, D14 P924 Tel: 01-205 5600
Drogheda: 12 Trinity Street, Drogheda, Co. Louth A92 RH63 Tel: 041 983 7660

When we refer to, we/us, we mean LHK Group including the entities above.

Please read this Privacy Notice carefully, as it explains how we collect, use, and handle any personal information you
give us or that we gather from you.

Who we are

LHK Group is a Leinster-based general insurance and financial planning advisory firm serving both commercial and
personal clients across Ireland.

What personal data we collect

The personal information we collect varies depending upon the nature of our services. We will endeavour to provide
you with an overview of those categories of personal data our organisation collects and our purpose for using that
data.
The information we collect includes the following:
1. Contact and Identification Information:
This includes your name, address, and contact details such as email, mobile phone number, and landline.
2. Unique Identifiers:
Examples include your PPS number, pension scheme reference number, and insurance policy numbers. These are
necessary for fulfilling contractual obligations.
3. Demographic Details:
Information such as age, gender, marital status, lifestyle, insurance needs, date of birth, dependents, and photo
identification. We may also collect personal information about other individuals you wish to insure, such as your
children or spouse.
4. Family and Beneficiary Data:
Details about dependents, next of kin, nominated beneficiaries, Power of Attorney, Enduring Power of Attorney,
and contact information for your solicitor, tax advisor, or accountant.
5. Employment Information:
This covers your job role, employment status (e.g., full-time, part-time, contract), salary details, employment
benefits, and employment history. This information is essential for completing our Fact Find process with clients.
6. Publicly Available Sources:
Information about you that is publicly accessible, such as director details from the Companies Registration Office
or the Register of Beneficial Owners.
7. Health Information:
Data regarding your health status, medical records, and medical assessment results. This includes personal habits
like smoking and alcohol consumption, medical history, biometric data, and any disability information.
8. Pensions and Insurance Benefits Information:
Details about your current benefits, pension entitlements, retirement date, and any factors affecting your benefits,
such as voluntary contributions or Pensions Adjustment Orders.
9. Financial Details:
Information including bank account details, credit history, bankruptcy status, salary, tax code, third-party
deductions, bonus payments, benefits, entitlement data, and national insurance contributions.
10. Claims Data:
Information related to claims made by you or relevant third parties.
11. Marketing Preferences:
We will only send you direct marketing communications if you have explicitly consented.
12. Online Information:
Data about your visits to our websites. For more details, please refer to our Cookie Policy.
13. Events Information:
Information about your interest in and attendance at our events, including any feedback you provide.
14. Social Media Information:
Details such as your interactions with our social media pages (for example, likes, comments, and posts) on
platforms like LinkedIn and Facebook.
15. Criminal Records Information:
Details regarding any existing or alleged criminal offences, or confirmation of a clean criminal record, particularly
for motor insurance products.
16. Background Checks:
Information obtained from searches related to sanctions, anti-money laundering, and credit checks, including
sources such as Credit Safe, Vision Net, and the Companies Registration Office (CRO).
17. Calculation Data:
Information you provide that is used in calculators to generate quotations for life insurance or mortgage
protection policies.

 

How we collect your personal data

Our organisation collection information in the following ways.
If you:
• request a service from us.
• register for or use any of our websites or online applications.
• use our website or apps, which may install cookies or other tracking technologies on your device.
• engage with us on social media.
• contact us with a complaint or enquiry.
• apply for a position with us.

 

Sensitive Personal Data

When our organisation collects sensitive personal data, as defined by the GDPR, we will ensure that such information
is only requested with your explicit consent and/or authorisation before collection. For more details, please refer to
the relevant section of this Privacy Notice, which explains the special categories of personal data.

Information we automatically collect.

At times, we automatically collect certain information when you visit our websites or when we communicate with you
by email. This may involve technologies like web server logs that record IP addresses, as well as the use of “cookies”
and web beacons. Please note that cookies used for functionality, marketing, or analytics will only be activated if you
have given your explicit consent.

The use of cookies on our website

In most cases, you can browse our website without telling us who you are or sharing any personal details. However,
our website uses cookies that store basic information, such as whether you have visited before, which pages you have
viewed, the name of your Internet Service Provider, your IP address, and, if relevant, the website you came from. We
use this data to better understand how people use our site so we can improve its performance.
Some parts of our website may ask you to provide personal information, like your name or email address, which can
identify you.
Cookies may store both personal data (such as your name or email) and non-personal data (like your language
preference or device type). They may also include advertising IDs, user IDs, or other tracking identifiers.
By law, we can store cookies on your device if they are strictly necessary for the website to work. For all other types
of cookies, we need your consent. You can change or withdraw your consent at any time by using the ‘Manage Cookies
Consent’ option at the bottom of our website. Here, you can choose to accept or reject all cookies (except those
essential for the site to function), review which cookies we use, and select or deselect different categories.
Modern web browsers also let you control whether cookies are collected, and you can delete or clear cookies from
your browser whenever you like. For more information on managing cookies, visit www.allaboutcookies.org.

 

 

How we use your personal data

Providing Services:
We use your information to deliver the insurance and financial products or services you request.

 

Meeting Legal and Regulatory Requirements:
We are required to fulfil various legal and regulatory obligations, including:

• Anti-money laundering (AML) and sanctions checks
• Completing “Know Your Customer” (Fact Find) processes.
• Complying with the Consumer Protection Code and other regulatory standards

 

Communication and Marketing:
With your consent, we may contact you via email, our website, LinkedIn, Facebook, Engage Hub, or Circulator to
provide updates or marketing information.

 

Claims Management and Quotes:
We use your data to manage claims (including through the LHK Claims Management App) and provide quotes. Claims
history for prospective clients is only kept if they become a client.

 

Responding to You:
We may use your information to contact you or respond to any queries or communications you send us.

 

Website Administration:
Your data may be used to help us manage and improve our website.

 

Contractual Obligations:
We process your data to fulfil any contracts between you and us and to provide the information, products, or services
you have requested.

 

Arranging Premium Finance:
We may use your information to arrange premium finance agreements, including with Premium Finance and Close
Brothers Premium Finance.

 

Professional Services:
Your data may be used in the delivery of our professional services.

 

Handling Complaints:
We use your information to manage and resolve any complaints you may have.

 

Service Updates:
We may notify you about changes to our services.

 

Use of Artificial Intelligence (AI) in our business

We have begun integrating artificial intelligence (AI) tools into our business operations to enhance efficiency and
service quality. Specifically, we may use AI to assist with:
• Research and information gathering.
• Creating and designing presentations
• Managing schedules and appointments
• Supporting marketing activities, including social media content creation, and planning
• Meeting transcripts
We do not process personal information using any AI platforms. All personal data is handled securely and in accordance
with our standard procedures
All AI-generated outputs are reviewed by our team to ensure accuracy, relevance, and alignment with our company
values. We use AI as a support tool to complement our team’s expertise, not as a substitute for human judgment.
We are committed to transparency and ethical AI use. If you have questions about how we use AI, please contact us.

Legal basis for processing your personal data

We are committed to processing your personal data lawfully and rely on the following legal grounds:
Performance of a Contract
When you enter into a contract with us, we need to collect and use your personal data to provide the agreed services.
Legal Obligation
In some cases, we are required by law to use your personal data. For example, we may need to process data for pension
contributions (Revenue Certificates) or to meet regulatory requirements set by the Central Bank.

Consent
At times, we will ask for your consent to process specific information. For instance, we may need your consent to
collect and use data about criminal convictions or alleged offences when assessing risk for an insurance policy. We
may also rely on your consent to send you direct marketing communications.
We will always present consent requests clearly and in plain language. If you give your consent, you can withdraw it
at any time. Please note, if you choose not to provide certain information that we reasonably require, we may not be
able to offer or continue providing our services.

Legitimate Interests
Sometimes, we process your personal data because it is necessary for our legitimate business interests. When we do
this, we ensure that your rights and freedoms under data privacy laws are not compromised.

 

How we share your personal data

When necessary, we may share your information with trusted third parties who provide services on our behalf. We
will only share the information required for them to perform these services, and we take steps to protect your data,
such as using Standard Contractual Clauses and confidentiality agreements.

1. Insurance Partners:
We may share your information with product providers, insurance underwriters, reinsurers, and loss adjusters to
manage the services we provide to you. For details on how these partners handle your data, please refer to their
privacy statements on their respective websites.

 

2. Vetting and Risk Management Agencies:
Your data may be shared with credit reference agencies, criminal record and fraud prevention services, data
validation agencies, and other professional advisors when necessary to prevent and detect fraud or to assess risk
for new or existing insurance policies.

 

3. Legal Advisers, Loss Adjusters, and Claims Investigators:
We may provide your information to these parties when it is necessary to investigate, exercise, or defend legal,
insurance, or similar claims.

 

4. Medical Professionals:
If you provide health information in connection with an insurance claim or when obtaining a quote, we may share
relevant details with medical professionals as needed.

 

5. EU Law Enforcement Bodies:
We may disclose your information to law enforcement agencies if required by law, regulation, or legal request.

 

6. Public Authorities, Regulators, and Government Bodies:
We may share information with these entities as needed to comply with our legal and regulatory obligations or in
connection with investigations into suspected or actual illegal activity.

 

7. Third-Party Processors:
We use external suppliers to process personal data on our behalf, such as IT service providers, telecommunications
and back-office support, accounting and payroll providers, and CRM vendors. These processors operate under our
instructions and are bound by data processing agreements to ensure your data is handled securely and in line with
GDPR requirements.

 

8. Internal and External Auditors:
auditors may review your information when necessary for company audits, complaint investigations, or to address
security concerns.
We always ensure your data is protected and handled in accordance with our security standards and data
protection laws.

 

Transferring personal data outside of Ireland

If we transfer your personal data to a country outside the European Economic Area (EEA)—also known as a “third
country” under GDPR—we will ensure the transfer is carried out lawfully and that your fundamental rights are
protected. This means we will only transfer data to countries that the European Commission has recognised as
providing an adequate level of data protection, or where appropriate safeguards are in place, such as Binding
Corporate Rules (BCRs) or Standard Contractual Clauses (SCCs).
The European Commission has granted adequacy decisions for certain countries, including the UK. This means personal
data can be transferred freely between the EEA and the UK, as the UK’s data protection laws are considered equivalent
to those of the EU. As a result, the UK is not treated as a third country for data transfer purposes.
If there is no adequacy decision for a particular country, we will only transfer your data if we have put in place
appropriate safeguards, such as SCCs. As the data controller, we are committed to complying with these clauses and
following the European Data Protection Board’s recommendations to ensure your data receives the same level of
protection as required under the GDPR.

Security

Protecting your personal data is a top priority for us. We have put in place suitable technical and organisational
measures to ensure your information is kept secure and protected according to the level of risk. Our processes are
designed to safeguard your data against loss, unauthorised access, misuse, alteration, and destruction.

Record of Processing Activities (ROPA)

In line with our obligations under Article 30 of the GDPR, LHK Group maintains a comprehensive Record of Processing
Activities (ROPA). This record details the types of personal data we process, the purposes for processing, categories of
data subjects, recipients, international transfers, retention periods, and the security measures we use. Our ROPA is
regularly reviewed and is available to the Data Protection Commission upon request.

Retention

LHK Group will not retain personal data in an identifiable form for longer than necessary. The specific retention period
for each type of personal data is outlined in our Retention Schedule. When data is no longer needed, it will be securely
disposed of.

Liability Insurance

If you have liability insurance that covers claims made against you by a third party, and you cannot be located, become
insolvent, or if a court determines it is just and equitable, your rights under the insurance policy may be transferred to
the third party, even though they are not named in the contract. This means the third party can claim directly from
the insurer for any loss they have suffered.
If a third party reasonably believes you have incurred a liability, they are entitled to request and receive information
from the insurer or any relevant party, including LHK Group, about:
• The existence of the insurance policy,
• The identity of the insurer,
• The terms of the policy, and
• Whether the insurer has notified the policyholder of an intention to deny liability under the policy.

 

Your rights as a Data Subject

LHK Group will support you in exercising your rights in accordance with our data protection policy and Subject Access
Request Procedure. These documents are available upon request.
While we hold or process your personal data, you have the following rights:
• Right of Access: You can request a copy of the personal information we hold about you.
• Right of Rectification: You can ask us to correct any inaccurate or incomplete data we have about you.
• Right to Erasure (“Right to be Forgotten”): In certain situations, you can request that we erase your personal
data. Please note, this may be limited by our legal obligations or if the data is subject to legal privilege.
• Right to Restrict Processing: You can ask us to restrict how we process your data in certain circumstances.
• Right to Data Portability: You have the right to have your data transferred to another organisation.
• Right to Object: You can object to certain types of processing, such as direct marketing.
• Right to Object to Automated Processing: You can object to decisions made solely by automated means,
including profiling.
• Right to Complain: If we refuse your request regarding any of these rights, we will explain our reasons. You
also have the right to make a complaint to the Data Protection Commission.
If your request involves data shared with a third party, we will ensure your request is forwarded to them as well.

Complaints

If you have concerns about how LHK Group is processing your personal data or how we have handled your
complaint, you can contact our Head of Compliance to raise your concerns:
Email:
Phone: (01) 2055600

 

You also have the right to lodge a complaint with the Data Protection Commission (DPC) in Ireland. Their contact
details are:
Data Protection Commission
21 Fitzwilliam Square South, Dublin 2, D02 RD28
Phone: (01) 7650100
Web: www.dataprotection.ie
Email:

 

For the most up-to-date contact information or to reach the appropriate section within the DPC, please visit their
website.

Failure to provide further information

If we need to collect your data to fulfil a contract and you are unable to provide it, this may result in the contract not
being completed or the information being inaccurate. Should you fail to provide the necessary information required
for us to meet our obligations, we may be unable to offer our services to you.

 

 

Profiling and Automated Decision Making

Automated decision-making occurs when your personal data is processed by a computer program to reach a result,
without any human involvement. If a decision about you is made solely by automated means, you have the right to
object and request that we review the decision manually.
Examples of automated decisions we may make include:
• Risk assessment
• Marketing profiling
• Determining affordability and generating quotes for financial products
• Bankruptcy checks
• Politically Exposed Person (PEP) checks
If you have concerns about automated decisions, please let us know and we will be happy to review your case.

Special categories of personal data

Special categories of data are considered sensitive because they relate to your fundamental rights and freedoms and
processing them could pose significant risks to you. That is why these types of data require extra protection. If we need
to collect any special categories of personal data, we will either ask for your explicit consent or follow the rules set out
in the Data Protection Act 2018. This law allows us to process sensitive data for insurance and pension purposes, as
long as we have suitable measures in place to protect your rights and freedoms. These measures apply to:
• Insurance or life assurance policies
• Health insurance or health-related insurance policies
• Occupational pensions, retirement annuity contracts, or other pension arrangements

Contact us

Your privacy matters to us. If you have any questions or feedback about this statement, please feel free to contact
us:

Email:
Phone: (01) 2055600

Privacy Notice changes

Whenever we update this Privacy Notice, we will publish the revised version on our website. Any changes will take
effect once they are posted. We encourage you to check our Privacy Notice regularly to stay informed about any
updates.

 

This privacy notice was last reviewed in August 2025

Get in Touch

Dublin Office

Rosemount House,
Dundrum Road, Co. Dublin
D14 P924

+353 (0) 1 575 8934

9am to 5pm – Monday to Friday

Get Directions

Drogheda Office

12 Trinity Street,
Drogheda, Co. Louth
A92 RH63

+353 (0) 414141111

9am to 5pm – Monday to Friday

Get Directions

Follow Us On Social Media

Let's Talk

Send a message to: