1. Introduction

We at DeCare Dental Insurance Ireland DAC, trading as DeCare and DeCare Dental, recognise the importance of your personal data and our obligations under the General Data Protection Regulation (No. 2016/679) (“GDPR”) and the Data Protection Acts 1988 to 2018 (together “Data Protection Laws”). The purpose of this Privacy Statement is to outline how we process personal data.

In this Privacy Statement “The Company”, “We”, “Us” and “Our” refers to DeCare Dental Insurance Ireland DAC. Any external links to other websites are clearly identifiable as such, and we are not responsible for the content or the privacy policies of these other websites. Personal data will be processed by or on behalf of DeCare Dental Insurance Ireland DAC, who is the ultimate data controller.

DeCare Dental Insurance Ireland DAC is a registered dental and optical insurance underwriter and administrator and is a 100% owned subsidiary of DeCare Dental LLC. Our company registered offices are at DeCare Dental Insurance Ireland DAC, IDA Business Park, Claremorris, Co Mayo – company registration number 383762. DeCare Dental Insurance Ireland DAC trading as DeCare, DeCare Dental & DeCare Vision is regulated by the Central Bank of Ireland.

If you have any queries regarding any matters relating to the processing of your personal data, please do not hesitate to contact us by posting your query to The Data Protection Officer, DeCare Dental Insurance Ireland DAC, IDA Business Park, Claremorris, Co Mayo, by calling: 1890 130 017 or +353(0)94 93 78608 (Monday – Thursday 8:30am to 5pm, Fri 8:30am to 4pm) or by emailing: query@decaredental.ie / compliance@decaredental.eu

You have the right to make a complaint in respect of our compliance with Data Protection Laws to the Data Protection Commission. While you are not obligated to, we ask that you contact us in the first instance to give us the opportunity to address your concerns.

 

2. Types of Information Collected

In the course of our dealings with you, we will collect and process personal data about you. Personal data is any information that allows you to be individually identified. We will let you know what information is required to proceed with your application or claim. The information we collect may be categorised as follows: –

Personal Information

This is data that identifies you or can be used to identify or contact you and may include your title, name, address, email address, birth date, telephone number (mobile and/or landline), occupation, and policy numbers.

Policy and Claims Data

This is information about the policies you may hold with us, and any claims made under those policies.

Payment Data

To prevent fraud and to ensure that any payments or refunds can be paid to you, we keep your bank or other payment details e.g. (debit card or credit card details) for the duration of your Policy. If you give us your credit card details, then we will process payments using Secure Sockets Layer (SSL) security, but we will not keep a record of your card details on our servers. In the event that you have opted to pay for your annual policy on a monthly basis, your card details will be stored by our payments provider (Global Payments / Realex) in order to facilitate monthly deductions, you will not pay any surcharges on instalment payments, and the prices are the same whether your pay monthly or annually.

Special Category Data: Health Data

Special Category Data means personal data that is particularly sensitive because it relates to any of:

  1. racial or ethnic origin, political opinions or religious or philosophical beliefs;
  2. membership of a trade union;
  3. genetic data;
  4. biometric data for the purpose of uniquely identifying a natural person;
  5. health; or
  6. a natural person’s sex life or sexual orientation.

Special Category Data is subject to additional protections under data protection law, including the GDPR.

In the course of administering a policy and/or any claims made under that policy, we process data about your health, such as details of visits to dental and optical practitioners, treatments received and dental and optical medical history

Website Usage Data

Like most websites, we gather statistical and other analytical information of all visitors to our website.

This personal data may include technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information (if accessing an account with us), browser type and version, time zone setting, browser plug-in types and versions, device types, hardware model, operating system, version, and any other relevant network or technical information. It may also include information about your visit to our Website, including the full Uniform Resource Locators (URL), your path (via clickstream) to, through and from our Website (including date and time), products and policies on the site that you viewed, searched for or purchased, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse our Website and any other information gathered by the use of cookies in your browser. Learn more about cookies here.

We may also use this data on an aggregate basis such that individuals cannot be identified. This Non-Personal Data comprises information that cannot be used to identify or contact you, such as demographic information regarding, for example, user IP addresses where they have been clipped or anonymised, and other anonymous statistical data involving the use of our website.

How do we collect your personal data?

Generally, we will collect personal data directly from you. You don’t have to provide us with any personal data, but if you don’t provide certain information that we need, then we may not be able to proceed with your application for one of our products or with a claim that you make.

On occasion we may also receive information about you from other people or sources. For example:

  • it was given to us by someone applying for an insurance product on your behalf (e.g., your employer);
  • from a dentist in respect of a claim or clinical information; and
  • from experts or professionals during the claims process e.g. legal representatives, dental professionals, opticians etc.

 

3. Purposes for which we hold your Information

Whenever we process your personal data, we are required to do so for a specified purpose and to identify and maintain a valid “lawful basis” (i.e. a legally compliant justification) for the processing. To help you to understand what we do with your personal data and why, we have described the purpose for which we process your personal data, the types of personal data we process for that purpose, and the lawful basis we rely upon in doing so:

Purpose of Processing Category of Personal Data Lawful Basis under GDPR
Administration purposes such as processing applications and claims and providing quotes. Personal Information
Policy and Claims Data
Payment Data
Health Data
Such processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract, for the purpose of complying with our legal obligations, and where you have consented to providing certain Special Category Data in respect of an application or claim.
Identity verification purposes, to ensure we are dealing with the correct policy holder or that the person purchasing a product is a real individual. Personal Information
Policy and Claims Data
Payment Data
Such processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract and for the purpose of complying with our legal obligations.
Administering insurance contracts including making changes to contracts, responding to queries and processing a cancellation. Personal Information
Policy and Claims Data
Payment Data
Processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract.
Enforcing and defending our rights. Personal Information
Policy and Claims Data
Payment Data
We have a legitimate interest in ensuring that our products and services and our website are used in accordance with our terms and conditions of use and policies. This interest includes where necessary, for the purpose of establishing, exercising or defending a legal claim, a prospective legal claim, legal proceedings or prospective legal proceedings; and, where necessary, for the purpose of complying with our legal obligations.
Training, quality monitoring or evaluating the services we provide, including through seeking data subjects’ views. Personal Information
Policy and Claims Data
Payment Data
Such processing is necessary for our legitimate interests. This interest is to improve our products, services and processes
For direct marketing purposes. Personal Information
Policy and Claims Data
Such processing is based on consent of data subjects.
To comply with laws and regulations. Policy and Claims Data This processing is necessary to comply with our legal obligations as a provider of insurance products, and engage with relevant regulatory bodies.
Website services, including for
troubleshooting, testing, data analysis, and statistical and survey purposes.
Website Usage Data We have a legitimate interest in operating a website and for related purposes.

Processing special category data requires an additional basis under GDPR. We process Health Data on the basis of your consent pursuant to Article 9 of the GDPR. You are free to withdraw that consent at any time and may do so by contacting us using the contact details at the bottom of this Privacy Statement. Please note that if you withdraw your consent for us to process your Health Data, we may not be able to continue providing you with the service to which the consent related.

4. Cookies

You should also be aware that when you visit our websites, we collect certain information that does not identify you personally but provides us with information such as the number of visitors we receive or what pages are visited most often. This data helps us to analyse and improve the usefulness of the information we provide at these websites.

Like most commercial website owners, we may use what is known as “cookie” technology. A “cookie” is a small text file that provides information regarding the device used by a website visitor. It is not a computer program and has no ability to instruct it to perform any step or function on your device. By assigning a unique data element to each visitor, the website is able to recognize repeat users, track usage patterns and better serve you when you return to that site. The cookie does not extract other personal information about you, such as your name or address.

We may also use what is known as “client-side page tagging”, which uses code on each page to write certain information about the page and the visitor to a log when a page is rendered by your web browser. This technique is also commonly used on commercial websites. “Tagging” does result in a JavaScript program running on your computer, but it is limited to providing information about the page that you are requesting and the configuration of your browser. It will not read any of your data files or execute any additional programs. It does not extract any personal information about you, such as your name or address. You can prevent tagging by disabling JavaScript in your browser, but that may prevent you from using all of our website’s functions.

For more information on our use of cookies and similar technologies see our Cookie Policy available on our website. https://decare.ie/cookie-policy/

5. Disclosure of Information to Third Parties

We may provide Non-Personal Data to third parties, where such information is combined with similar information of other users of our website. For example, we might inform third parties regarding the number of unique users who visit our website, the demographic breakdown of our community users of our website, or the activities that visitors to our website engage in while on our website. The third parties to whom we may provide this information may include potential or actual advertisers, providers of advertising services (including website tracking services), commercial partners, sponsors, licensees, researchers and other similar parties.

We may also share personal data with certain third parties in certain circumstances. We may share your personal data:

  • including Health Data with your dentist where necessary for the purpose of processing your claim;
  • with our bank for the purpose of processing the payment of your claim;
  • with other insurers to verify your cover;
  • with trusted third parties for the purpose of receiving services to administer our business, such as services in respect of distributing policy documentation and other communications and the management of claims.;
  • with our parent company and other group companies for the purposes of payment of your claim and efficient administration such as audit, system developments etc.; and
  • including Health Data, with our legal advisers and appropriate authorities where necessary such as the Dental Council, An Garda Síochána and the Revenue Commissioners.

Personal data (including Health Data) may be transferred to third parties outside of the EEA, including our parent company based in the USA, for the purposes of administering our corporate group business. This is only done in accordance with Data Protection Laws, including protecting any personal data transferred in accordance with the standard contractual clauses adopted by the European Commission.

We will disclose your personal data if we believe in good faith that we are required to disclose it in order to comply with any applicable law, a summons, a search warrant, a court or regulatory order or other statutory or legal requirement.

6. Sale of Business

We may buy or sell assets which may involve the transfer of your information. We will transfer such information if we are acquired by or merged with another entity. You will be notified in the event that such transfer changes the Controller of your personal data or how your personal data is processed.

7. Security

Your personal data is held on secure servers hosted by DeCare and Realex. Our internet service provider is Magnet and Airspeed. The nature of the Internet is such that we cannot guarantee or warrant the security of any information you transmit to us via the Internet. No data transmission over the Internet can be guaranteed to be 100% secure. However, we take all reasonable steps (including appropriate technical and organisational measures) to protect your personal data.

8. Data Subject Rights

Data Protection Laws provide certain rights in favour of data subjects (the “Data Subject Rights”). Data Subject Rights include the right of a data subject to:

  • receive detailed information on the processing of personal data (as per transparency obligations on controllers) which we have provided through this Privacy Statement;
  • request access to a copy of their personal data;
  • request that the Controller rectify incorrect personal data or erase personal data (i.e., right to be forgotten);
  • request the Controller to restrict the processing of your personal data;
  • request your personal data in a format that makes it easier to reuse your personal data in another context, and to request the transfer of your personal data to another party, if technically feasible;
  • object to the processing of your personal data for marketing purposes or for any purpose where processing is necessary for the purposes of our legitimate interests;
  • withdraw consent where we rely on consent for processing your personal data;
  • object to automated decision making (including profiling); and
  • to submit a complaint to the data protection supervising authority for your country, which for Ireland is the Data Protection Commission. While it is not legally required, we would ask that you contact us in the first instance to allow us the opportunity to address your concerns if you wish to make a complaint.

These Data Subject Rights will be exercisable by you in respect of personal data subject to limitations as provided for under Data Protection Laws. You may contact us or make a request to exercise any Data Subject Right by sending a written request to the Data Protection Officer, by email to compliance@decaredental.eu or by sending a letter addressed to The Data Protection Officer, DeCare Dental Insurance Ireland, Ltd. IDA Business Park, Claremorris, Co Mayo, Ireland. Your request will be dealt with in accordance with Data Protection Laws. We try to respond to all legitimate requests within one month. Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.

The Data Protection Commission may be contacted at:
Email: dpo@dataprotection.ie
Phone: +353 (0)761 104 800 or +353 (0)57 868 4800
Post: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2 D02 RD28, Ireland
Website: www.dataprotection.ie

It is important that the personal data we hold about you is accurate and up to date. Please keep us informed if your personal data changes so that our records can be updated. We are not responsible for any errors in your personal data in this regard unless where you have failed to notify us of the relevant change.

9. Data Retention

We will keep personal data only for as long as the retention of such personal data is deemed necessary for the purposes for which that personal data is processed (as described in this Privacy Statement). For personal data we have collected by reason of your purchasing a product from us, this will usually be no longer than 6 years from end of the length of time insurance cover is provided or for which claims may be made pursuant to that product, unless we are required to retain your personal data for a longer period (e.g., in the event of legal proceedings or investigations).

10. Changes to the Website Privacy Statement

This Privacy Statement is kept under regular review and therefore is subject to change. Updates will be posted here and where we hold your contact information, we will notify you of any material changes to this Privacy Statement directly.

Revised on: 16/05/2023