At laya life, we are committed to protecting and respecting your data protection and privacy rights. Please take a moment to read this Privacy Policy to find out more about why and how we process your Personal Information. Personal Information (data) is the information we hold in relation to you and others on your policy. You should show this notice to anyone who may be covered by your insurance policy with laya life and (where possible) get their permission to share their Personal Information with us.
Our aim is the responsible and secure handling of Personal Information, balancing the benefits of activities like research and data analytics to improve our products and service delivery, with our other commitments, including fairness, transparency and non-discrimination. We do so in accordance with the Data Protection Act 1988 and 2003 and the General Data Protection Regulation (GDPR) (EU) 2016/679.
This Privacy Policy will be supplemented by additional privacy notices tailored to our specific relationships with you where this is useful to provide you with a full picture of how we collect and use your Personal Information.
In this Privacy Policy, we refer to the Site, the Apps and Social Media Content together as laya life digital services.
Unless otherwise indicated, the laya life digital services are not intended for use by individuals under the age of eighteen (18), and we request that if you are under eighteen (18) you do not provide Personal Information through the laya life digital services.
Personal Information may be provided to us by you directly or by a third party. Before providing us with Personal Information about another individual you must (unless we agree otherwise): (a) inform the individual about the content of this Privacy Policy and any other applicable privacy notices provided to you; and (b) obtain their permission (where possible) to share their Personal Information with us in accordance with this Privacy Policy and other applicable privacy notices.
Laya Life and iptiQ Life S.A both act as act data controllers in relation to all information held about you for the purposes of the Data Protection Acts.
The Personal Information we collect, and hold depends on our relationship with you. We process the identification and contact information and the data you input into our online forms or provide to us over the phone when you request a quote or when you join laya life.
This may include:
We collect information about you, to include all necessary information as Laya Life, iptiQ Life S.A. or its authorised agents may obtain a medical report or contact any medical practitioner than has attended to the life assured.
The above sensitive information/special categories of information are not used to offer or determine any products for you or any other members of your insurance policy and are only used to administer claims on that policy.
Other sensitive information we collect to provide you with products and services you require may include:
We also collect and record certain information about you when you browse our website. For more information, please see our Cookies Policy.
|
Type of personal information |
Examples |
|---|---|
|
Contact Information |
Name, address, email and telephone number |
|
General information |
Gender, marital and family status, date and place of birth |
|
Insurance and claim information |
Policy and claim numbers, relationship to policyholder, insured, claimant or other relevant individual date of death |
|
Financial information and account details |
Bank account number, or other financial account number and account details, assets, income, and other financial information, account log-in information and passwords for accessing insurance policy, claim and other accounts, and laya life digital services |
|
Medical condition and health status |
Current or previous physical, mental or medical condition, health status, injury or disability information, medical diagnosis, medical procedures performed, and treatment given, personal habits (for example, smoking or consumption of alcohol), prescription information, and medical history |
|
Other sensitive information |
Genetic or biometric information |
|
Telephone recordings |
Recordings of telephone calls with our representatives and call centres |
|
Photographs and video recordings |
Images (including photographs and pictures) or video recordings created in connection with our insurance or other business activities, including for claims assessment, administration and settlement, claim disputes, or for other relevant purposes as permitted by law, as well as CCTV recordings captured by equipment on our premises |
|
Information to detect, investigate or prevent crime, including fraud and money laundering |
Insurers commonly collect, hold and share information about their previous dealings with policyholders and claimants with the intention of the detection, investigation and prevention of fraud, money laundering and other criminal activities |
|
Marketing preferences, marketing activities and customer feedback |
Marketing preferences, information relating to competitions, prize draws or other promotion entry, or responses to voluntary customer satisfaction surveys. To improve our marketing communications, we may collect information about interaction with, and responses to, our marketing communications |
|
Online activity information |
When you visit our website, or interact with us online (by computer, tablet or smartphone), you may provide us with your personal information (and the personal information of others on your policy). This may be shared directly by you when you contact us (via website or social media), when you complete our online forms, or when you go through the online quote process. When you visit our website, we may record information about this visit, including an anonymised view of how you interacted with our website or online services, the type of device you are using, and its IP address. Full information about what is tracked, how it is tracked, and how you can manage these permissions can be found in our Cookie Policy. |
|
Supplemental information from other sources |
We and our service providers may supplement the Personal Information we collect with information obtained from other sources (for example, publicly available information from online social media services and other information resources, third party commercial information sources. We will use any such supplemental information in accordance with applicable law (including obtaining your consent where required). |
We collect and use the information you disclose to us, to provide you with your chosen products and services. Without collecting and using your Personal Information, it would not be possible for us to offer you a quote, help you choose the best cover for you, manage and administer your policy nor to underwrite or handle your claims.
More specifically, we use the information about you (both personal and sensitive personal data/ special categories of personal data) that we hold for the following purposes:
We also process your information in order to comply with legal obligations to which we are subject and for the purposes of our legitimate interests such as to prevent fraud, for marketing and audit purposes and for managing and improving our services.
From time to time we would like to contact you to:
We use Personal Information for different purposes depending on our relationship with you.
The main purposes are to:
We may also share your Personal Information with GP/Doctor to aid the efficient processing of claims.
Our insurer iptiQ S.A. will also have access to your data on a strictly confidential basis.
In order to provide you with products and services, this information will be held in the data systems of laya life and / or by our insurer iptiQ S.A.
When you request a quote from us, you may receive a phone call or text message and/or email in relation to that quote. If you would prefer not to receive such communications, please contact us to let us know.
We may use Personal Information to detect, investigate and prevent fraud, and this may include sharing Personal Information with other insurers and law enforcement agencies. We are committed to detecting and preventing fraud, and other financial crime. We take this commitment very seriously and use Personal Information in a number of ways for this purpose.
In connection with your application for insurance, iptiQ use an 'automated decision-making tool' to screen against pre-existing medical conditions. An 'automated decision-making tool' doesn't involve human input and the tool will use information you provide, relating to the medical history and health of you, other people insured under the policy and family medical history. The software and systems apply pre-defined logic programming and criteria to make a decision and assess whether we are able to provide you with an insurance policy and on what terms.
You have the right not to be subject to a decision which is based solely on an 'automated decision-making tool', to express your point of view and contest the automated decision. Please see the section below 'What are your Personal Information rights?' for further details of this right.
Laya life, proudly part of AIG is responsible for looking after the Personal Information we collect, hold and use. Laya Healthcare Limited trading as laya life is underwritten by iptiQ Life S.A.
All personal data entered as part of the customer journey will be accessible by iptiQ for the purposes of providing a life insurance policy quote and underwriting the policy.
The AIG group comprises a number of companies, including, but not limited to, the AIG parent company American International Group, Inc., AIG Europe S.A. and American International Group UK Limited, Laya Healthcare Limited and AIG Life Limited.
Each AIG group company that processes your Personal Information is responsible for looking after it in accordance with the AIG Privacy Policy, their internal standards and procedures, and the requirements of data protection law.
For more precise information about the specific company or companies in the AIG group that have access to and are responsible for your Personal Information (including the identity of the relevant AIG companies that are the data controller(s) for your Personal Information), please contact us. Stuart Anderson is the GDPR Data Protection Officer (DPO) for Laya Healthcare.
We may also share your information with third parties. Those third parties will assume certain responsibilities under data protection law for looking after the Personal Information that they receive from us:
Personal Information may also be shared by you on message boards, chat, profile pages and blogs, and other laya life digital services to which you are able to post information and materials (including, our Social Media Content).
Please note that any information you post or disclose through these services will become public information and may be available to visitors and users of the laya life digital services and to the general public. We urge you to be very careful when deciding to disclose your Personal Information, or any other information, when using the laya life digital services.
We may process Personal Information both nationally and internationally. This may include transferring Personal Information outside the European Economic Area (EEA). Rest assured, we are committed to protecting and respecting your data protection and privacy rights. We take additional steps to ensure the security of Personal Information when we transfer it outside the EEA.
Depending on the nature of our relationship with you, we will transfer Personal Information to parties located in other countries in the EU and EEA.
For example, in the event of a death occurring outside of the EU and EEA. We may transfer information internationally to our group companies, service providers, business partners, government or public authorities, and other third parties.
When making these transfers, we will take steps to ensure that your Personal Information is adequately protected and transferred in accordance with the requirements of data protection law.
This typically involves the use of data transfer agreements in the form approved by the European Commission and permitted under Article 46 of the EU General Data Protection Regulation (GDPR) (the relevant data protection law). If there is no data transfer agreement in place, we may use other mechanisms recognised by the GDPR as ensuring an adequate level of protection for Personal Information transferred outside the EEA (for example, the US Privacy Shield framework or any framework that replaces it).
Information security is extremely important to us. Laya life uses appropriate technical, physical, legal and organisational measures, which comply with data protection laws to keep Personal Information secure. If, despite our efforts, you believe that Personal Information is no longer secure, please tell us so that we can resolve any security issue.
As most of the Personal Information we hold is stored electronically we have implemented appropriate IT security measures to ensure this Personal Information is kept secure. For example, we may use anti-virus protection systems, firewalls, and data encryption technologies. We have procedures in place at our premises to keep any hard copy records physically secure. Our team receive regular training on data protection and information security.
When laya life engages a third party (including our service providers) to collect or otherwise process Personal Information on our behalf, the third party will be selected carefully and required to use appropriate security measures to protect the confidentiality and security of Personal Information.
Unfortunately, no data transmission over the Internet or electronic data storage system can be guaranteed to be 100% secure.
If you believe that your interaction with us is no longer secure (for example, if you feel that the security of any Personal Information you might have sent to us has been compromised), please contact us immediately.
We are obliged to advise you on the legal justification we rely on for using your Personal Information.
Data protection law seeks to ensure that the way Personal Information is used is fair. We may be required to obtain Personal Information from you to comply with applicable legal requirements, and certain data may be needed to enable us to fulfil the terms of our contract with you (or someone else), or in preparation of entering into a contract with you (or someone else). We may inform you of this at the time that we are obtaining the data from you. In these circumstances, if you do not provide the relevant data to us, we may not be able to provide our products and benefits to you.
Laya Life, would like to keep you informed about products and services they provide to you where Laya Life have a regulatory requirement to ensure you have the appreciate cover for your needs by post, e-mail and sms text message.
For more sensitive special categories of Personal Information we will rely on either your consent or one or more of the other legal justifications set out in the table below and typically one of the following one additional justification (however other legal justifications may be available):
the use is necessary for the establishment, exercise or defence of legal claims, or whenever courts are acting in their judicial capacity (for example, when a court issues a court order requiring the processing of Personal Information).
These more sensitive special categories of Personal Information include Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning an individual’s sex life or sexual orientation.
Additional legal justifications may also be available in the country in which you are based and we may also rely on these justifications from time to time.
Processing of Personal Information relating to criminal convictions and offences is subject to the relevant legal requirements.
Where we rely on our legitimate business interests or the legitimate interests of a third party to justify the purposes for using your Personal Information, those legitimate interests will be set out in a supplemental privacy notice (which is tailored to our relationship with you where this is useful to provide you with a full picture of how we collect and use Personal Information). In any event our legitimate interests will usually be:
We may need to collect, use and disclose Personal Information in connection with matters of important public interest, for instance when complying with our obligations under anti-money laundering and terrorist financing laws and regulations, and other laws and regulations aimed at preventing financial crime. In these cases, the legal justification for our use of Personal Information is that the use is necessary for matters of public interest. Additional justifications may also apply depending on the circumstances.
To ensure that we can meet the needs of our members we may record telephone calls in an effort to:
We may also monitor electronic communications between us (for example, emails) to protect you, our business and IT infrastructure, and third parties including by:
We will typically keep your Personal Information for a period of ten years after the expiration date of your policy.
Any data relating to policies that do not proceed to a sale will be retained for six months.
As a regulated financial services institution, there are laws and regulations that apply to us which set minimum periods for retention of Personal Information.
For example:
The number of years varies depending on the nature of the product or service provided – for example, for certain insurance policies it may be necessary to keep the Personal Information for several years after the expiry of the policy. Among other reasons, we retain the information in order to respond to any queries or concerns that may be raised at a later date with respect to the policy or the handling of a claim.
For further information about the period of time for which we retain your Personal Information, please contact us.
You have a number of rights in relation to your data, all of which apply in different circumstances:
Examples of when this right applies to Personal Information we hold include (subject to certain exemptions):
3.1 when we no longer need the Personal Information for the purpose we collected it
3.2 if you withdraw consent to our use of your information and no other legal justification supports our continued use of your information
3.3 if you object to the way we use your information and we have no overriding grounds to continue using it
3.4 if we have used your Personal Information unlawfully
3.5 if the Personal Information needs to be erased for compliance with law.
4. Right to restrict processing of Personal Information - you have the right to request that we suspend our use of your Personal Information. However, this right only applies in certain circumstances. Where we suspend our use of your Personal Information we will still be obliged to store your Personal Information, but any other use of this information while (subject to certain exemptions) our use is suspended will require your consent.
You can exercise this right if:
4.1 you think that the Personal Information we hold about you is not accurate, but this only applies for a period of time that allows us to consider if your Personal Information is in fact inaccurate
4.2 the processing is unlawful and you oppose the erasure of your Personal Information and request the restriction of its use instead
4.3 we no longer need the Personal Information for the purposes we have used it to date, but the Personal Information is required by you in connection with legal claims
4.4 you have objected to our processing of the Personal Information and we are considering whether our reasons for processing override your objection.
5. Right to data portability - this right allows you to obtain your Personal Information in a format which enables you to transfer that Personal Information to another organisation. However, this right only applies in certain circumstances. You may have the right to have your Personal Information transferred by us directly to the other organisation, if this is technically feasible
This right will only apply:
5.1 to Personal Information you provided to us
5.2 where we have justified our use of your Personal Information based on your consent
5.3 the fulfilment by us of a contract with you
5.4 if our use of your Personal Information is by electronic means.
6. Right to object to processing of Personal Information - you have the right to object to our use of your Personal Information in certain circumstances.
You can object to our use of your Personal Information where you have grounds relating to your particular situation and the legal justification we rely on for using your Personal Information is our (or a third party's) legitimate interests. However, we may continue to use your Personal Information, despite your objection, where there are compelling legitimate grounds to do so or we need to use your Personal Information in connection with any legal claims.
This right is different where it relates to direct marketing and you can read about how to exercise your right to opt-out of receiving any direct marketing in the 'How can you tell us about your marketing preferences?' section of this Privacy Policy.
You can also object to the use of your Personal Information for direct marketing purposes at any time (including if we are carrying out profiling related to direct marketing).
7. Rights relating to automated decision making and profiling - you have the right not to be subject to a decision which is based solely on automated processing (without human involvement) where that decision produces a legal effect or otherwise significantly affects you. However, this right only applies in certain circumstances.
This right is not applicable if:
8. Right to withdraw consent to processing of Personal Information - where we have relied upon your consent to process your Personal Information, you have the right to withdraw that consent. This right only applies where we process Personal Information based upon your consent.
9. Right to complain to the relevant data protection authority - if you think that we have processed your Personal Information in a manner that is not in accordance with data protection law, you can make a complaint to the data protection regulator. If you live or work in an EEA member state, you may complain to the regulator in that state. This right applies at any time.
10. Right to provide instructions regarding the management of your Personal Information after your death (only where such right applies under applicable law)
You may have the right to inform us of instructions on how we manage the Personal Information we hold about you after your death. This right is applicable at all times when we hold your Personal Information (only where such right applies under applicable law).
If you wish to exercise any of your rights, please contact us.
Summary:
If you have any questions or concerns about the way your Personal Information is used by us, you can contact us by email or post.
In detail:
If you have any questions, concerns or complaints about the way your Personal Information is used by us, you can contact us by email or post using the details below.
Writing: Data Protection Lead, Laya Healthcare, Eastgate Road, Eastgate Business Park, Little Island, Co Cork, T45 E181
Email: dataprotection@layahealthcare.ie
Along with our third-party service providers we may collect user and device data in a variety of ways when you use laya life digitals services including:
This information may not reveal your specific identity and therefore may not be Personal Information which is used as described in the earlier sections of this Privacy Policy.
Method of Data Collection and Details
|
Method of Data Collection |
Examples |
|---|---|
|
Through your internet browser or electronic device |
Certain information is collected by most websites or automatically through your electronic device, such as your IP address (i.e. your computer’s address on the internet), screen resolution, operating system type (Windows or Mac) and version, internet browser type and version, electronic device manufacturer and model, language, time of the visit, pages visited, and the name and version of the Laya life services (such as the App) you are using. We use this information to ensure that the Laya life services function properly. |
|
Through your use of an App |
When you download and use an App, we and our service providers may track and collect App usage data, such as the date and time the App on your electronic device accesses our servers and what information and files have been downloaded to the App based on your device number. |
|
Using cookies and online tracking |
We may use cookies and other online tracking tools (with your consent where required by applicable law). Cookies are pieces of information stored directly on the device you are using. Cookies allow us to recognize your device and to collect information such as internet browser type, time spent using Laya life services, pages visited, language preferences and relevant country website. We may use the information for security purposes, to facilitate navigation, to display information more effectively, and to personalize your experience while using the Laya life services. In addition, we may use the information to gather statistical information about the usage of the Laya life services in order to understand how they are used, continually improve their design and functionality, and assist us with resolving questions about them. Cookies further allow us to present to you the advertisements or offers that are most likely to appeal to you. We may also use cookies to track your responses to our advertisements and we may use cookies or other files to track your use of other websites. You can refuse to accept the cookies we use by adjusting your browser settings. However, if you do not accept these cookies, you may experience some inconvenience in your use of the Site and some online products. We do not respond to browser do not track signals at this time. Please see our Cookies Policy for information on how you can control the cookies used by our website. Third parties may collect information about your use of Laya life services and your use of other websites or online services. For more detailed information about the cookies we use on our laya life site, see below. |
|
Using pixel tags, web beacons, clear GIFs or other similar technologies |
We may use pixel tags, web beacons, clear GIFs and other similar technologies with your consent (where required by applicable law). These may be used in connection with some Laya life services and HTML-formatted email messages to, among other things, track the actions of users of Laya life services and email recipients, measure the success of our marketing campaigns and compile statistics about usage of laya life digital services and response rates. We may use interest-based advertising service providers to customize, target, serve and report on AIG advertisements served across the web and mobile applications, based on information relating to our offline interactions with you, our online interactions with you (on any of your devices) and information received from third parties. To do this, these service providers may use cookies, pixel tags and other technologies to collect information about your and other users’ use of the Laya life services and third-party sites and mobile applications. They may also use these technologies along with information they collect about your online use, to recognise you across the devices you use, such as a mobile phone and a laptop. Our service providers may also match Personal Information we provide to them with your IP address and serve Laya life advertisements to you across the web, based on your IP address. For information on how you can change your preferences in relation to the cookies used for this purpose, please see our Cookies Policy. |
|
Physical location |
Subject to applicable law (and your consent where required by applicable law), we may collect the physical location of your electronic device by, for example, using satellite, mobile/cell phone tower or WiFi signals. We may use your device’s physical location to provide you with personalized location-based services and content. Subject to your marketing preferences and applicable law, we may also share your device’s physical location, combined with information about what advertisements you viewed and other information we collect, with our marketing partners to enable them to provide you with more personalized content and to study the effectiveness of advertising campaigns. In some instances, you may be permitted to allow or deny such uses and/or sharing of your device’s location, but if you choose to deny such uses and/or sharing, we and/or our marketing partners may not be able to provide you with the applicable personalized services and content. You may opt-out of our collection and sharing of precise geolocation information by deleting the mobile application from your device, by disallowing the mobile application to access location services through the permission system used by your device’s operating system, or by following any additional opt-out instructions provided in the privacy notice available within the mobile application. In some circumstances, physical location information may become your Personal Information if you are identifiable in relation to the physical location information. In such cases, the physical location information will be handled as Personal Information as described in the earlier sections of this Privacy Policy. |
|
Using information provided by you |
Some information (for example, your location or preferred means of communication) is collected when you voluntarily provide it. Unless combined with Personal Information, this information does not personally identify you. |
|
By aggregating information |
We may group information together so that it does not link to a specific individual, i.e. aggregate, and use that information (for example, we may aggregate information to calculate the percentage of our users who have a particular telephone area code). |
For more information on how cookies are used on our website, please see our Cookies Policy here.
We are not responsible for the privacy, information or other practices of any third parties, including any third party operating any site or service to which the laya life digital services link.
This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any site or service to which laya life digital services link. The inclusion of a link on laya life digital services does not imply endorsement of the linked site or service by us or by our group companies.
Please note that we are not responsible for the collection, usage and disclosure policies and practices (including the information security practices) of other organizations, such as Facebook®, Twitter®, Apple®, Google®, Microsoft® or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or electronic device manufacturer, including any Personal Information you disclose to other organizations through or in connection with laya life digital services.
Security issues should be disclosed to security@layahealthcare.ie. Please note we cannot respond to individual policy queries on this address and these should be raised through our contact us page. We will investigate legitimate security reports and respond within 1-2 business days, and make every effort to quickly correct any issues, while following Data Protection guidelines and responsibilities. If you identify a security issue you should not modify or access data that does not belong to you.
This Privacy Policy was last updated in June 2020. We review this Privacy Policy regularly and reserve the right to make changes at any time to take account of changes in our business activities, legal requirements, and the manner in which we process Personal Information. We will place updates on this website and where appropriate we will give reasonable notice of any changes.