You have arrived at a website that is owned and/or operated by Arachas Corporate Brokers Limited t/a Arachas, Capital IM, Capital Insurance Markets, Covercentre, Study & Protect, BJP Taxi and its subsidiaries/related companies Arachas, Capital IM, Capital Insurance Markets, Covercentre (collectively, “Arachas”, “we”, “our” or “us”).
If you have received a notification from Arachas Corporate Brokers Ltd of a transfer of trades to it, Arachas Corporate Brokers Ltd is the data controller of your personal data. All Arachas companies are subject to this privacy notice.
This Privacy Notice tells you who we are and outlines how we process your personal data. Arachas respects your right to privacy and complies with our obligations under relevant data protection legislation including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Acts 1988 – 2018.
The purpose of this Privacy Notice is to outline how we process personal data, including special categories of data and the basis on which personal data is obtained from you or collected about you from third parties.
Arachas are committed to protecting and respecting your privacy. We wish to be transparent on how we process your data and show you that we are accountable with the GDPR in relation to not only processing your data but to ensure you understand your rights.
In this statement, we outline:
- The types of data we collect
- How we use your data
- Your rights in relation to the data we hold about you
- How long we hold your data for
- How to contact us if you have any questions on your data or you have any complaints
All personal data we gather will be processed in accordance with all applicable data protection laws and principles, including the GDPR and the Data Protection Acts 1988 – 2018 and, any other law and regulatory requirements relating to the processing of personal data and to privacy including, Directive 2002/58/EC and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011.
Queries and Complaints
If you require further information about the way your personal data will be used, or if you are unhappy with the way we have handled your personal data, and wish to contact us, please submit your concerns by email to the Arachas Data Protection Officer at email@example.com
We can be contacted by post at:
Sandyford Business Estate,
By telephone: 01 213 5000
If you are unsatisfied with our use of your personal data or our response to any requests by you to exercise any of your rights, then you have the right to complain to the Data Protection Commission. See below contact details,
Data Protection Commission 21 Fitzwilliam Square South Dublin 2
Phone: +353 57 868 4800 / +353 761 104 800
We collect information from you when you access our arachas.ie website, when you request a quote online or over the phone, when you speak to members of our staff, to enter competitions or by corresponding with us by phone, email or otherwise. We also collect information from sources other than you. We will only collect information that is adequate, relevant and limited to what is necessary in relation to the purposes identified with this notice.
The table below outlines the categories and types of data we collect along with the source of data. The types of data we collect may change over time; the following table is an indicative list to help you understand the types of data we collect
Identity data, employment status & occupation, previous insurance history, details of any previous claims and claims occurring during the term of a policy arranged by us.
Driving history (including motor convictions, disqualifications/penalty points, health data, vehicle details
Identity and Individual Data
|Name, date of birth, martial status, home address, contact address, email address, phone number, dependents, health, details, employments details, payment details, financial details, ID documents, vehicle registration details, PPS number, driver license number, passport number, IP address and other technical/usage data when you visit our website|
|Financial Data||Bank details, payment card details, transaction history|
|Special Category Data – Health Data||Information about your health|
|Criminal Convictions Data||Details of any unspent motoring, including penalty points or non-motoring convictions (if any)|
We receive technical information when your visit our websites and through email exchange. This could IP (Internet Protocol) address used to connect your computer to the internet, login information, browser type and version, time zone setting.
By interacting with our websites through social media sites, browser plug-in types and versions or other applications we may receive statistical data about your browsing actions and patterns.
Purpose for which we hold your information
The main purposes for which Arachas uses your personal information are to provide a quote, setup, administer and manage your policy and to carry out marketing and analytics. The following table provides more details on the purposes for which we process your personal data and the legal basis by which we do this.
To provide you with a quote for insurance and Performance of a contract process your application
To administer your insurance policy Performance of a contract
|Purpose/Activity||Legal basis for processing|
|To respond to your queries and to provide you with the information you request from us in relation to our services and/or products||Performance of a contract
To comply with a legal obligation Necessary for the purposes of the legitimate interests pursued by the controller
|To manage payments, fees and charges in respect of insurance premiums, and to collect and recover money owed to us||Performance of a contract Necessary for the purposes of the legitimate interests pursued by the controller
To comply with a legal obligation
|To manage our relationship with you, including notifying you about changes to the services, or our Privacy Notice||Performance of a contract
To comply with a legal obligation
|To provide you with marketing communication||Consent
Necessary for the purposes of the legitimate interest pursued by the controller
|To administer and protect our business, our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes||Necessary for the purposes of the legitimate interests pursued by the controller|
|To record or monitor calls for regulatory, training and quality purposes||Performance of a contract
To comply with a legal obligation
|To use data analytics to improve or optimise our site, marketing, customer relationships and experiences||Necessary for the purposes of the legitimate interests pursued by the controller|
Special categories of personal data and data relating to criminal convictions and offences
We will process health data where it is necessary for the purpose of providing a policy of insurance or to comply with a legal obligation to which we are subject. We will also process data on criminal convictions and offences including penalty point data where it is necessary and proportionate for the steps taken leading into or the performance of your insurance contract and to comply with our legal obligations. Processing for this purpose is permitted under Section 50 of the Data Protection Act 2018.
Sharing information with third parties
There are various circumstances where we may share personal data with third parties. Arachas will make your information available to third parties with whom we have a relationship to provide services on our behalf. We will only provide to those third parties the information that is necessary for them to perform the services and where there is a lawful basis to do so.
Arachas may share relevant personal information with the following categories of third parties:
- Any insurer that is a party to an Arachas product that you have applied for or contracted for
- Any co-insurers for which we act as brokers
- Credit referencing agencies to assess your credit score where this is a condition ofus entering into a contract with you and/or to other insurers through various databases to help us check information provided and also to prevent fraudulent claims
- Any prospective seller or buyer of any business or assets related to the site, an Arachas product or all or part of Arachas
- Any business partners, suppliers and sub-contractors who operate as a processor on our behalf. for the performance of any contract we enter into with them or you.
- Selected third parties to provide you with information about goods and services that may interest you. You may opt out of receiving such offers or change your preferences at any time.
- Outsourced providers regulated and unregulated
We have a duty to disclose or share your personal information with a third party in order to comply with any legal obligation, or in order to enforce or apply our terms of business and other agreements, or to protect the rights, property or safety of our group of companies, Arachas insurers related to an Arachas product or others. This includes exchanging information with third parties such as Government agencies for the purposes of fraud protection, anti-money laundering, credit risk reduction or criminal activity.
If you hold insurance against a liability that may be incurred by you against a third party, where for whatever reason you cannot be found or you become insolvent, or the court finds it just and equitable to so order, then your rights under the contract will be transferred to and vest in the third party even though they are not a party to the contract of insurance. The third party has a right to recover from the insurer the amount of any loss suffered by them. Where the third party reasonably believes that you as policyholder have incurred a liability the third party will be entitled to seek and obtain information from the insurer or from any other person who is able to provide it concerning:
- The existence of the insurance contract,
- Who the insurer is
- The terms of the contract, and
- Whether the insurer has informed the insured person that the insurer intends to refuseliability under the contract
We take steps to ensure that any third-party who handles your information comply with data protection legislation and protect your information just as we do. We only disclose personal information that is necessary for them to provide the service that they are undertaking on our behalf.
For marketing purposes, we may contact you in relation to special offers, competitions, products and services from Arachas via email, post, SMS and phone.We process information you give to us and information we receive about you from other sources,
- To provide you with the information about other goods and services that we offer which are similar to those that you have already purchased or enquired about
- For occasional market research and statistical purposes. You may ‘opt out’ ofparticipating in such market research at any time.
- To provide or permit selected third parties to provide you with information aboutgoods and services that may interest you. If you do not wish us to use your information in this way, or to pass your details on to third parties for marketing purposes please tick the relevant box on the form on which we collect your information
- To send you offers, with your consent, for products which we feel relevant to your needs
- To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
Where we rely on consent for marketing purposes, consent will always be provided in the form of a clear opt-in. You have the right to withdraw your consent at any time using the unsubscribe link on emails/ text messages, alternatively you can contact us using the contact details listed in this Privacy Notice to opt-out of future marketing communications from Arachas.
Where we rely on Legitimate Interest (to develop and grow our business) to communicate with you for marketing purposes. We will always provide you with an option to opt-out at the point of data collection and within each communication thereafter. Additionally, you can use the contact details listed in this Privacy Notice to opt-out of receiving future marketing communications.
Part of our ongoing business strategy involves choosing the best products for our customers’ needs.
We may use analytics and search engine providers that assist us in the improvement and optimisation of our site. This is to ensure that content from our site is presented in the most effective manner for you and your computer.
Consequences of not providing us with information
You can choose not to give us personal information, however this may have an effect on you. We may need to collect personal information by law, or to enter into or fulfil a contract we have with you. If you choose not to give us this personal information, it may delay or prevent us from fulfilling our contract with you or doing what we must do by law. It may also mean that we cannot provide you with a quote or manage your policies with us which means we may need to cancel a product or service you have with us.
As a data subject you will have the following rights in relation to the processing of your personal data. You can send us a request in relation to any of the rights outlined below, and we will do our best to adhere to your request as soon as possible and within one month.
Right to Access
You have the right to know what personal data we hold on you, why we hold the data, and how we are using the data.
When submitting a request, please provide us with as much information as possible to help us identify the information you wish to access (i.e. specific dates)
Right to Rectification
You have a right to request that the personal data held in relation to you is up to date and accurate.
Where information is inaccurate or incomplete, we encourage you to contact us to have this information rectified. Upon receipt of your request, we will ensure that the personal data is rectified and as up to date as is reasonably possible.
Right to Erasure (right to be forgotten)
You have the right to seek the erasure of personal data relating to you in the following circumstances:
- The personal data is no longer required for the purposes for which it was obtained.
- Where the use of the data is only lawful on the basis of consent, you withdraw consentto the processing and no other lawful basis exists.
- The personal data is being used unlawfully.
- You object to the use of your personal data and there are no overriding legitimategrounds for the use of the data
- Your personal data requires deletion in line with legal requirements.
However, we will be unable to fulfil an erasure request if the personal data is required for any of the below activities:
- Exercising the right of freedom of expression and information.
- Compliance with a legal obligation, such as the performance of a contract (i.e. yourinsurance policy or quote) or compliance with certain legislation, for example we have alegal requirement, to keep your policy data for at least 6 years.
- For the performance of a task carried out in public interest
- For public health reasons.
- Archiving, research, or statistical purposes in the public interest.
- The establishment, exercise or defence of legal claims.
Right to restriction of processing
You have the right to restrict the extent for which your personal data is being used by us in circumstances where:
- You believe the personal data is not accurate (restriction period will exist until we update your information).
- The processing of the personal data is unlawful, but you wish to restrict the use of the data rather than erase it.
- Where the personal data is no longer required by us, but you require the retention of the data for the establishment, exercise, or defence of a legal claim.
- You have a pending objection to the future use of your personal data.
When the use of your data has been restricted, your personal data will only be further used: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of other people; or for reasons important to public interest.
Right to portability
You have the right to the provision of all personal data that you have provided to Arachas in relation to you in a structured, commonly used machine-readable format where:
- The lawfulness of the use of your personal data by us is reliant on the basis of a contract/li>
- The lawfulness of the use of your personal data by us is reliant on the provision of your consent
- The data is being utilised by fully automated means.
We will refuse such a request if the data being requested may adversely affect the rights andfreedoms of others.
Right to object
You have the right to object to the further use of your personal data where:
- The lawful basis for the use of your personal data by us is reliant on the basis of our legitimate interests
- Where personal data is being processed for the purposes of direct marketing or profiling related to direct marketing
Right to object to automated processing, including profiling
You have the right not to be subject to a decision based solely on automated processing or profiling, where such decisions would have a legal effect or significant impact on you.
Where we (or one of our third-party processors) use profiling, which produces legal effects for you otherwise significantly affect you, you will have the right to object to such processing.
Right to withdraw consent
Where we are processing your personal data on the legal basis of consent, you are entitled to withdraw your consent at any time.
How to update/amend the personal information you have provided
You are entitled to know whether we hold information about you and, if we do (subject to certain limitations), to have access to that information and have it corrected if it is inaccurate or out of date.
To exercise your rights under the GDPR please contact the Data Protection Officer at Arachas Corporate Brokers Limited, The Courtyard, Carmanhall Road, Sandyford Industrial Estate, Dublin 18 with proof of identity or email us at firstname.lastname@example.org
You must contact us if any of your details change so that we can keep your information accurate and up to date.
Where do I send requests?
Please send all your requests to email@example.com with as much details as possible regarding your requirements to allow us to deal with your request efficiently. To answer your request, we may ask you to provide identification for verification purposes. All the above requests will be forwarded on should there be a third party involved as we have indicated in the processing of your personal data.
How long will a request take to complete?
Once we receive your request, we will have 30 days to provide a response, with an extension of two further months if required. If we need more time to deal with your request, we will contact you about the delay, within one month of the receipt of your request. If we refuse your request, we will let you know within one month of the receipt of your request and provide you with the reason we refused the request.
You are entitled to contact the Data Protection Commission if we refuse your request.
How much does it cost to submit a request?
We will not charge a fee for any requests, provided we do not consider them to be unjustified or excessive. If we do consider requests to be unjustified or excessive, we may charge a reasonable fee (also for multiple copies) or refuse the request.
Arachas will take care to make sure your data is protected and safeguarded. In the unlikely event of a data breach, we will contact you in line with our legal obligations.
Retention of your personal data
Data will not be held for longer than is necessary for the purpose(s) for which it was obtained. This means that the period of time for which we store your personal data may depend on the type of data we hold. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Arachas will process personal data in accordance with our retention schedule. This retention schedule has been governed by our regulatory body (Central Bank of Ireland) and our internal governance.
Retention of Legacy data from acquired companies
Arachas has acquired a number of companies, as a result of this we are deemed the data controller of any lapsed policy data. We retain legacy data for a minimum of six years in line with our obligations as set out by the Central Bank of Ireland. We may also be required to retain data for more than 6 years by the insurer or underwriter of the policy in certain circumstances, for example in cases where there’s a claim in progress or reported. Below is a list of companies for which we securely store legacy data;
- Hooper Dolan Insurance Group
- Brian J Pierce Ltd
- MCM Insurance Brokers Ltd
- O’Driscoll O’Neil Insurance Brokers Ltd
- Murray & Spelman Ltd
- Murray & Spelman (Kildare) Ltd
- Alan B Kidd & CoLtd
- Cover Centre Insurance Ltd
- Capital IM
- Fitzgerald Insurance Ltd
Automated individual decision-making including profiling
Prior to arranging an insurance product or service we may use automated (computer based) decision making. For example, before we can arrange an insurance product or service for you, we must obtain a quotation from an Insurer’s Rating Engine which will carry out a real-time automated assessment to determine the insurance risks based on the information that you have supplied. This will be used to determine if the Insurer can provide you with a policy and to calculate the premium you will have to pay to arrange cover with them. The results of the automated decision making may limit the products or services that Arachas can provide to you. If you do not agree with the result or if you have any concerns, you have the right to request to speak to a staff member to seek clarification.
Arachas’ intent is to strictly protect the security of your personal information, to honour your choice for its intended use and to carefully protect your data from loss, misuse, unauthorised access or disclosure, alteration or destruction. We have taken appropriate steps to safeguard and secure information we collect online, including the use of encryption when collecting or transferring sensitive data. However, you should always take into consideration that the internet is an open forum and that data may flow across networks with little or no security measures, and therefore such information may be accessed by other users other than those you intended to access it.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. All of our staff are provided with training to ensure that your information will be used only in adherence with our privacy statement and the data protection laws applicable. Employees who misuse customer information are subject to disciplinary action.
Data saved on our digital platform will be saved on our existing back office software systems. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
It may be necessary to transfer your personal information to other group companies or service providers located in countries outside of the European Economic Area (EEA). The types of processing may include, the fulfilment of your order, the processing of your payment details and the provision of support services. Arachas will take all reasonable steps necessary to ensure that your information is treated securely and in accordance with our Privacy Notice.
If we transfer personal data to a third party or outside the EEA we, as the data controller, will ensure the recipient has the necessary protections in place, such as Standard Contractual Clauses or an Adequacy Decision.
This website may contain links to other websites. Arachas is not responsible for the privacy practices or the content of such websites.
Changes to our Privacy Notice
Arachas may modify or update this Privacy Notice from time to time without prior notice. When a change is made, we will post a revised version online. Changes will be effective from the point at which they are posted. It is your responsibility to review this Privacy Notice periodically so that you are aware of any changes. We encourage you to check this Privacy Notice often so that you can be aware of how we are protecting your personal information. Your continued use of our website constitutes your consent to the contents of this privacy notice.
This privacy notice was last reviewed on 1st March 2023.