Last Updated 15th March 2021
LHK Group is committed to respecting and protecting your privacy and would like you to feel safe when you give us your personal details. We will always clearly identify ourselves in correspondence and on our website.
The data controller is LHK Group referred to as “we”, “us”, “our” or LHK in this policy.
What personal data we collect
Personal data means any information relating to you which allows us to identify you, such as your name, date of birth, contact details, payment details and information about your access to our website.
In general, you may visit our website without identifying yourself or revealing any personal information. LHK Group collects domain information from your visit to customise and improve your experience on our website. Our website may collect certain information from your visit, including the date and time of your access, the pages you have accessed, the name of the Internet Service Provider and the Internet Protocol (IP) address by which you are accessing the Internet, and the Internet address from which you linked to our site, if applicable. We use this information to better understand how our website is being used so that we can improve its performance. Some portions of this website may request that you give us information about yourself, from which we are able to identify you, such as your name, email or other address.
If we collect any special categories of personal data (e.g. health, religious beliefs, racial, ethic origin) we will ensure we will obtain your explicit consent, ensure the personal data is necessary for employment rights or obligations and/or is necessary for the legitimate activities with appropriate safeguards. The Data Protection Bill 2018 expressly allows for the processing of criminal history data for risk assessment and fraud prevention.
Why do we need to collect and store personal data?
Our principal business is to provide advice and arrange transactions on behalf of clients in relation to general insurance products. To provide you with relevant information, respond to your requests we sometimes request that you provide us with information about yourself (this can range from name, date of birth, to claims history etc). This personal data is used for legitimate business purposes. We are committed to ensuring that the information we collect and use is appropriate for this purpose, in the minimum data that is needed for the particular purpose, is not retained for any longer than required under legal requirements (Consumer Protection Code 2017) and does not constitute an invasion of your privacy. We will retain all that data on our secure client management software platform for the next annual renewal date so that you are not asked to provide the information again and at that stage the information can be updated if needs be.
Use of the information we gather
When we collect information about you, we intend to tell you why we are asking for the information and what we intend to do with it. You will have the option of not providing the information, in which case you may still be able to access other parts of this website, although you may not be able to access certain services. In certain areas of our website, we may, where appropriate, enable you to ‘opt in’ to certain uses of your information e.g. personal data and direct marketing.
The information we collect about you or your computer is used to run the website, respond to your requests or process any transactions you have requested. It may also be used to verify your identity, send you information or contact you in relation to an LHK Group product or service that you are using or that we believe may be of interest to you after you have chosen to ‘Opt in’ to receive such communications.
Retention of your personal data
Data will not be held for longer than is necessary for the purpose(s) for which they were obtained. Credit card transactions will be held for the duration of the transaction and general client details will be held while you are a customer. We will process personal data in accordance with our retention schedule. This retention schedule has been governed by our regulatory body (Central Bank, Revenue Commissioner) and our internal governance. When we no longer need your personal data, we will securely delete or destroy it. We will also consider if we can anonymise your personal data so that it can no longer be associated with you or identify you, in which case we may use tat information without further notice to you.
Sharing Information with Third Parties
In certain instances, we may make your information available to third parties with whom we have a relationship where that third party is providing services on our behalf. We will only provide those third parties with information that is necessary for them to perform the services and we take measures to protect your information. We require all third parties to have appropriate technical and operational security measures in place to protect your personal data, in line with Irish and EU law on data protection rules. When they no longer need your data to fulfil this service, they will dispose of the details in line with our procedures.
- Insurance Companies, Wholesale Brokers, loss assessors, finance providers
- Solicitors, company accountant and business consulting partners
- Our accounting software provider
- Our secure client management software provider
- Our online credit card payment provider
If we transfer your personal data to a third party or outside the EU, we as the data controller will ensure the recipient (processor or another controller) has provided the appropriate safeguards and on the condition that enforceable data subject rights and effective legal remedies for you the data subject are available.
The intent of LHK Group is to strictly protect the security of your personal information; honour your choice for its intended use; and carefully protect your data from loss, misuse, unauthorised access or disclosure, alteration or destruction. The personal data you share with us on our website is protected by an SSL (Secure Socket Layer) certificate. SSL is the industry standard method of encrypting personal information so that it can be securely transferred over the internet. We have taken appropriate steps to safeguard and secure information we collect online, including the use of encryption when collecting or transferring sensitive data such as credit card information. LHK use Worldnet’s secure online payment services. Worldnet’s SSL certificate and Payment Card Industry Data Security Standards (PCI DSS) ensure the highest level of security.
We use a complexity network password policy. Passwords are changed every 90 days, minimum 7 characters and complexity enabled. Remote Access is controlled by VPN Clients and site to site VPN from our Drogheda office. All controlled via firewall and active directory authentication.
Data Subjects Rights
We facilitate you, our clients, rights in line with the data protection policy and the subject access request procedure. This is available on request by contacting us at the contact details found at the end of this statement. A copy of our customer data access request form is available on our website.
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review: in the event that we refuse your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in below.
All of the above requests will be forwarded on should there be a third party involved as we have indicated in the processing of your personal data.
How to update and/or amend the personal information you have provided
You are entitled to know whether we hold information about you and, if we do (subject to certain limitations), to have access to that information and have it corrected if it is inaccurate or out of date. To exercise your Right of Access or to update your details under your Right of Rectification or Erasure please email your request to the contact address below with proof of identity.
If we are relying on your consent to process your data you can withdraw this at any time – this does not affect the lawfulness of processing based on your consent before its withdrawal.
In the event that you wish to make a complaint about how your personal data is being processed by LHK Group (or third parties as described above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and LHK Group data protection representatives at the contact details below.
Our website contains links to other websites. LHK Group is not responsible for the privacy practices or the content of such websites. LHK Group uses pixels, transparent GIF files and other methods to help manage online advertising.
If you have any questions or comments about our privacy notice or practices, please contact us.
Phone: (01) 2055600