At Acorn Insurance the privacy and data protection rights of our customers is very important to us.

Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data, in both paper and electronic format. EU General Data Protection Regulation, or 'GDPR', lays down strict rules about the way in which personal data and sensitive personal data are collected, accessed, used and disclosed. GDPR also permits individuals to access their personal data on request, and confers on individuals the right to have their personal data amended if found to be incorrect, or erased upon request.

This document outlines the Acorn Insurance policy to help ensure that we comply with GDPR.

Enquiries about this Data Protection Policy should be made to Data Protection Officer, Acorn Insurance, NZI Plaza, St Augustine Street, Galway, Ireland or to dataprotection@acorninsurance.ie

Data Protection Policy

Collecting information about you.

We collect and use information to provide the following:

provision of general insurance products

provision of renewal services in respect of general insurance products

provision of administration of general insurance products, its associated companies and agents, by customers' intermediaries

to undertake advertising, marketing, direct marketing and public relation exercises

to perform accounting and other record-keeping functions

to undertake research and statistical analysis in relation to products offered and customers serviced

to help detect and prevent crime

disclosure to regulatory bodies for the purposes of monitoring and/or enforcing Acorn Insurance's compliance with any regulatory rules/codes

to keep customers' information secure

to enhance or improve our customers' experience of our website

Data Protection Principles

We shall perform our responsibilities under GDPR in accordance with the following Data Protection principles:

1.  Obtain and process information lawfully, fairly and in a transparent manner

We shall, in a transparent manner, obtain and process personal data fairly and in accordance with statutory and other legal obligations.

2.  Keep it only for one or more specified, explicit and legitimate purposes

We shall keep personal data for purposes that are specific, legitimate and clearly stated. Personal data will only be processed in a manner compatible with these purposes.

3.  Process the minimum amount necessary

We shall ensure that we limit the amount of data processed for our purposes to that which is adequate, relevant and limited to what is necessary.

4.  Keep it accurate, complete and up-to-date

We adopt procedures that ensure high levels of data accuracy, completeness and that personal data is up-to- date.

5.  Retain for no longer than is necessary

We have a retention policy for personal data.

6.  Keep it safe and secure

We shall take appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of personal data and against its accidental loss or destruction.

7.  Give a copy of his/ her personal data to that individual, on request

We adopt procedures to ensure that data subjects can exercise their rights under Article 15 GDPR to access their data.

Responsibility

Overall responsibility for ensuring compliance with GDPR rests with Acorn Insurance. However our responsibility varies depending upon whether we are acting as either a Data Controller or a Data Processor. All employees, agents and contractors of Acorn Insurance who separately collect, control or process the content and use of personal data are individually responsible for compliance with the Data Protection Legislation.

The Data Protection Officer co-ordinates the provision of support, assistance, advice and training throughout Acorn Insurance to ensure that Acorn Insurance, its agents and contractors are in a position to comply with the legislation.

Procedures and Guidelines

Acorn Insurance is firmly committed to ensuring personal privacy and compliance with Data Protection Legislation, including the provision of best practice guidelines and procedures in relation to all aspects of Data Protection.

This Data Protection Policy is supplemented (and may be amended) by specific policies and procedures adopted by Acorn Insurance.

Please refer to our Privacy Statement, 'Right of Access' section for procedures and guidelines on accessing your personal data.

Review

This Data Protection Policy will be reviewed regularly in light of any legislative or other relevant developments