Last Updated: 25 March 2018
We use the words Personal Information to describe information about you and other individuals (for example, your partner or other members of your family), and from which you or they are identifiable.
Our aim is responsible and secure handling of Personal Information, balancing the benefits of activities like research and data analytics to improve our products and service delivery, with our other commitments, including fairness, transparency and non-discrimination.
This is our main Privacy Policy which describes how we use Personal Information that we collect as part of our business activities.
This Privacy Policy will be supplemented by additional privacy notices tailored to our specific relationships with you where this is useful to provide you with a full picture of how we collect and use your Personal Information.
Personal Information is obtained from a variety of sources, including:
In this Privacy Policy, we refer to the Site, the Apps and Social Media Content together as AIG Digital Services.
Unless otherwise indicated, the AIG Digital Services are not intended for use by individuals under the age of eighteen (18), and we request that if you are under eighteen (18) you do not provide Personal Information through the AIG Digital Services.
Personal Information may be provided to us by you directly or by a third party. For example, an insurance policyholder may provide Personal Information about you so that you can benefit under their insurance policy.
Before providing us with Personal Information about another individual you must (unless we agree otherwise): (a) inform the individual about the content of this Privacy Policy and any other applicable privacy notices provided to you; and (b) obtain their permission (where possible) to share their Personal Information with us in accordance with this Privacy Policy and other applicable privacy notices.
If you have any questions about our use of your Personal Information you can e-mail: dataprotectionofficer.ie@aig.com. or write to Data Protection Officer, AIG Europe S.A., Ireland Branch, 30 North Wall Quay, International Financial Services Centre, Dublin 1.
The Personal Information we collect and hold depends on our relationship with you.
It will often include information relating to:
The Personal Information we collect and hold about you and other individuals will differ depending on our relationship, including the type of communications between us and the products and services we provide. Different types of Personal Information will be held if you are a consumer insurance policyholder or claimant, or you have enquired about our services, compared to where you benefit from insurance coverage under an insurance policy taken out by another policyholder (for example, you are insured under a corporate policy taken out by your employer).
Likewise, we will hold different Personal Information if you are a commercial insurance broker or appointed representative, a witness, or another individual with whom we have a relationship.
As we are in the business of providing insurance, claims handling, assistance and related services, the Personal Information we hold and process, depending on our relationship, includes:
We use Personal Information for different purposes depending on our relationship with you.
The main purposes are to:
We use Personal Information to carry out our business activities. The purposes for which we use your Personal Information will differ based on our relationship, including the type of communications between us and the services we provide. Personal Information will be used for different purposes if you are a policyholder, insured or claimant under an insurance policy, a commercial insurance broker or appointed representative, a witness or another individual with whom we have a relationship.
The main purposes for which we use Personal Information are to:
To comply with the law, we need to tell you the legal justification we rely on for using your Personal Information. The legal justification depends on the purpose for using your Personal Information, but it will usually be considered to be in our legitimate interests or involve your consent.
Data protection law seeks to ensure that the way Personal Information is used is fair.
To comply with the law, we need to tell you the legal justification we rely on for using your Personal Information.
While the law provides several legal justifications, the table below describes the main legal justifications that apply to our purposes for using Personal Information.
We may be required to obtain Personal Information from you to comply with applicable legal requirements, and certain Personal Information may be needed to enable us to fulfil the terms of our contract with you (or someone else), or in preparation of entering into a contract with you (or someone else). We may inform you of this at the time that we are obtaining the Personal Information from you. In these circumstances, if you do not provide the relevant Personal Information to us, we may not be able to provide our products or services to you. If you would like further information, please contact us using the details below (see section below ‘Who to contact about your Personal Information?’).
Sensitive Special Categories of Personal Information
For more sensitive special categories of Personal Information we will rely on either:
o the use is necessary for the establishment, exercise or defence of legal claims, or whenever courts are acting in their judicial capacity (for example, when a court issues a court order requiring the processing of Personal Information); or
o the use is necessary for the purposes of preventive or occupational medicine, medical diagnosis or the provision of health or social care or treatment.
These more sensitive special categories of Personal Information include Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning an individual’s sex life or sexual orientation.
Additional legal justifications may also be available in the country in which you are based and we may also rely on these justifications from time to time.
Processing of Personal Information relating to criminal convictions and offences is subject to the requirements of applicable law.
Personal Information may be shared between AIG group companies and other third parties, including:
third parties involved in legal proceedings.
In connection with the purposes described above (see section above 'How do we use Personal Information?'), we sometimes need to share your Personal Information with third parties (this can involve third parties disclosing Personal Information to us and us disclosing Personal Information to them).
These third parties may include:
Information security is extremely important to us.
We put in place technical and physical security measures to keep Personal Information safe and secure.
If, despite our efforts, you believe that Personal Information is no longer secure, please tell us so that we can resolve any security issue.
AIG uses appropriate technical, physical, legal and organisational measures, which comply with data protection laws to keep Personal Information secure.
As most of the Personal Information we hold is stored electronically we have implemented appropriate IT security measures to ensure this Personal Information is kept secure. For example, we may use anti-virus protection systems, firewalls, and data encryption technologies. We have procedures in place at our premises to keep any hard copy records physically secure. We also train our staff regularly on data protection and information security.
When AIG engages a third party (including our service providers) to collect or otherwise process Personal Information on our behalf, the third party will be selected carefully and required to use appropriate security measures to protect the confidentiality and security of Personal Information.
Unfortunately, no data transmission over the Internet or electronic data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any Personal Information you might have sent to us has been compromised), please immediately notify us (see section below ‘Who to contact about your Personal Information?’).
We will keep your Personal Information only as long as necessary for the purposes for which we collected it and to comply with applicable law.
Depending on our relationship with you, we may keep your Personal Information for a number of years after our relationship ends.
We will keep Personal Information for as long as is necessary for the purposes for which we collect it. The precise period will depend on the purpose for which we hold your information. In addition, as a regulated financial services institution, there are laws and regulations that apply to us which set minimum periods for retention of Personal Information. We will provide you with further information if appropriate to give you a full picture of how we collect and use your Personal Information.
For example:
The number of years varies depending on the nature of the product or service provided – for example, for certain insurance policies it may be necessary to keep the Personal Information for several years after the expiry of the policy. Among other reasons, we retain the information in order to respond to any queries or concerns that may be raised at a later date with respect to the policy or the handling of a claim. Typically, for consumer insurance products, the retention period is seven (7) years.
For further information about the period of time for which we retain your Personal Information, please contact us using the details below (see section below ‘Who to contact about your Personal Information?’).
To protect you, our business and third parties we may record calls and monitor communications between us.
We may record telephone calls with you so that we can:
In addition, we monitor electronic communications between us (for example, emails) to protect you, our business and IT infrastructure, and third parties including by:
You can change your marketing preferences at any time. If you would like to stop receiving marketing information from us, please:
AIG Europe S.A.,
Ireland Branch,
30 North Wall Quay, International Financial Service Centre,
Dublin 1
We will provide you with regular opportunities to tell us your marketing preferences, including in our communications to you.
To tell us your marketing preferences, and to change your preferences if required, you can contact us by email at: marketing.ie@aig.com or by writing to: AIG Europe S.A., Ireland Branch, 30 North Wall Quay, International Financial Service Centre, Dublin 1
In addition, you can also opt-out of receiving marketing communications as follows:
We aim to comply with your opt-out requests within a reasonable time period and in any event within any period prescribed by law. Please note that if you opt-out as described above, we will not be able to remove your Personal Information from the databases of third parties with whom we have already shared your Personal Information (i.e. to those to whom we have already provided your Personal Information as of the date on which we respond to your opt-out request).
Please also note that if you do opt-out of receiving marketing communications from us, we may still send you other important service and administration communications relating to the services which we provide to you, and you cannot opt-out from these service and administration communications.
We may use Personal Information to detect, investigate and prevent fraud, and this may include sharing Personal Information with other insurers, fraud prevention agencies and databases, and law enforcement agencies.
We are committed to detecting and preventing fraud, and other financial crime. We take this commitment very seriously and use Personal Information in a number of ways for this purpose.
For example, if relevant to our relationship with you we will (where permitted by applicable law):
For further details, please see the section below ‘Who is Personal Information shared with?' or please contact us using the details provided below (see section below ‘Who to contact about your Personal Information?’).
In addition to Personal Information, we may collect other information about your use of AIG Digital Services, and the devices you use to interact with us, from which you may not be identifiable, including:
User and device data is collected when you use AIG Digital Services. This information may not reveal your specific identity and therefore may not be Personal Information which is used as described in the earlier sections of this Privacy Policy.
Examples of this type of user and device data are:
We and our third party service providers may collect user and device data in a variety of ways when you use AIG Digital Services, including:
Please note that, where user and device data is not Personal Information, we may use and disclose that data for any purpose to the extent we are allowed to by law. If we are required to treat user and device data as Personal Information under applicable law, or if we combine use and device data with identifiable Personal Information, then, in addition to the uses listed in this section, we may use and disclose user and device data for all the purposes for which we use and disclose Personal Information.
Cookies are pieces of information stored directly on the device you are using.
We use a number of cookies and tracking technologies on our website (UK). Among other things, cookies help us to understand user behaviour, make our website work better and target online advertising.
The cookies we use on our website are as follows:
Type of cookie |
What it does |
What data it collects |
What we use the data for |
Geolocation cookies
|
When a visitor visits one of our sites for the first time we read their location from their IP address and use this information to assume the country site that they want to visit. This method is not entirely accurate, however, so when they navigate to a particular country site we use this cookie to store this information and to store the language that they chose to view the site in. |
Information relating to which country site and language you have chosen to view.
|
To ensure that you are presented with the same country site and language as you chose on your last visit to our site without needing to re-select these options. |
Site catalyst cookies (by Adobe)
|
This cookie enables us to collect and analyse data about how visitors arrive at our site and then how they interact with our site. The cookie is placed on a visitor’s device on a temporary basis only. |
Information relating to how you arrived at our site and how you interact with it (e.g. content you view, products you search for and steps taken towards a sale).
|
To adapt our sites to better serve users’ needs and provide more relevant information. To allow us to undertake anonymous statistical analysis. |
DoubleClick cookies
|
A form of tracking pixel cookie which is stored on site visitors’ devices and tells us whether you have previously visited our site. |
The fact that you have previously visited one of our sites.
|
We use these cookies to know that a visitor has been on our site before which allows us to display an appropriate banner ad on an affiliated network website. One of the advertisement companies that we use is Google, Inc., trading as DoubleClick. For more information on the DoubleClick cookie, or to opt-out from the DoubleClick advertisement cookie please visit: http://www.google.com/privacy/ads/. |
Affiliate cookies
|
A form of tracking pixel cookie which tells us which affiliate website you used in order to get to our site. |
The transaction ID (which identifies which affiliate website you came through) and a date/time stamp. |
To ensure that affiliates who refer sales to us are credited for this. |
Optimost cookies
|
Optimost is a service provided by Hewlett-Packard to analyse customer behaviour when visiting our site.
|
The cookie has an anonymous “visitor ID” which is a random number generated to identify a visitor and to distinguish between unique and/or repeat visitors. |
To analyse visitors’ interaction with our sites to enable us to test and implement improvements to them. To view the Optimost privacy policy, please visit: https://asp.optimost.com/avatar/privacy-policy. |
Oracle cookies
|
We use the services of Oracle (www.oracle.com) to serve a persistent cookie on visitors’ browsers when they first visit our web pages. This will not be served if you already have an Oracle cookie on your browser through your use of a third party site. |
The fact that you have visited our site for the first time and your browsing activity Your browsing activity on our sites will not be combined with your activity on third party sites which also use Oracle cookies. |
To understand which pages of our sites visitors use or do not use so that we can improve the user experience. For further information, please read the Oracle privacy policy available at www.oracle.com |
SessionCam
|
We also use the SessionCam web site recording service. SessionCam is a product that has been developed by www.servicetick.com
|
Information relating to mouse clicks/movement, page scrolls and text typed into forms. Information is for internal use only. No bank details or sensitive information is collected. |
Information collected is used to improve our website usability and is stored and used for aggregated and statistical reporting. |
You can refuse to accept the cookies we use by adjusting your browser settings. However, if you do not accept these cookies, you may experience some inconvenience in your use of the Site and some online products.
In addition to the cookies mentioned above, cookies may also be placed on your electronic device when you open emails we send to you. We use these emails to track the effectiveness of our advertising.
We are not responsible for the privacy, information or other practices of any third parties, including any third party operating any site or service to which the AIG Digital Services link.
This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any site or service to which AIG Digital Services link. The inclusion of a link on AIG Digital Services does not imply endorsement of the linked site or service by us or by our group companies.
Please note that we are not responsible for the collection, usage and disclosure policies and practices (including the information security practices) of other organizations, such as Facebook®, Twitter®, Apple®, Google®, Microsoft®, RIM/Blackberry® or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or electronic device manufacturer, including any Personal Information you disclose to other organizations through or in connection with AIG Digital Services.
Individuals in the European Economic Area (EEA) have a number of rights in connection with their Personal Information. These rights only apply in certain circumstances and are subject to certain exemptions. These rights include a right to request a copy of the Personal Information we hold about you.
If you wish to exercise these rights, please contact us using the details below (see section below 'Who to contact about your Personal Information?')
The following is a summary of the data protection rights available to individuals in the European Economic Area (EEA) in connection with their Personal Information. These rights may only apply in certain circumstances and are subject to certain legal exemptions.
If you wish to exercise your rights, please contact us using the details below (see section below ‘Who to contact about your Personal Information?’).
Description |
When is this right applicable? |
Right of access to Personal Information
You have the right to receive a copy of the Personal Information we hold about you and information about how we use it.
|
This right is applicable at all times when we hold your Personal Information (subject to certain exemptions). |
Right to rectification of Personal Information
You have the right to ask us to correct Personal Information we hold about you where it is incorrect or incomplete. |
This right is applicable at all times when we hold your Personal Information (subject to certain exemptions). |
Right to erasure of Personal Information
This right is sometimes referred to as 'the right to be forgotten'. This right entitles you to request that your Personal Information be deleted or removed from our systems and records. However, this right only applies in certain circumstances. |
Examples of when this right applies to Personal Information we hold include (subject to certain exemptions):
|
Right to restrict processing of Personal Information
You have the right to request that we suspend our use of your Personal Information. However, this right only applies in certain circumstances.
Where we suspend our use of your Personal Information we will still be permitted to store your Personal Information, but any other use of this information while our use is suspended will require your consent, subject to certain exemptions.
|
You can exercise this right if:
|
Right to data portability
This right allows you to obtain your Personal Information in a format which enables you to transfer that Personal Information to another organisation. However, this right only applies in certain circumstances.
You may have the right to have your Personal Information transferred by us directly to the other organisation, if this is technically feasible. |
This right will only apply:
o your consent; or o the fulfilment by us of a contract with you; and
|
Right to object to processing of Personal Information
You have the right to object to our use of your Personal Information in certain circumstances.
|
You can object to our use of your Personal Information where you have grounds relating to your particular situation and the legal justification we rely on for using your Personal Information is our (or a third party's) legitimate interests.
However, we may continue to use your Personal Information, despite your objection, where there are compelling legitimate grounds to do so or we need to use your Personal Information in connection with any legal claims. |
This right is different where it relates to direct marketing and you can read about how to exercise your right to opt-out of receiving any direct marketing in the 'How can you tell us about your marketing preferences?' section of this Privacy Policy.
|
You can also object to the use of your Personal Information for direct marketing purposes at any time (including if we are carrying out profiling related to direct marketing).
|
Rights relating to automated decision making and profiling
You have the right not to be subject to a decision which is based solely on automated processing (without human involvement) where that decision produces a legal effect or otherwise significantly affects you. However, this right only applies in certain circumstances.
|
This right is not applicable if:
· we need to make the automated decision in order to enter into or fulfil a contract with you; · we are authorised by law to take the automated decision; or · you have provided your explicit consent to the decision being taken in this way using your Personal Information.
|
Right to withdraw consent to processing of Personal Information
Where we have relied upon your consent to process your Personal Information, you have the right to withdraw that consent.
|
This right only applies where we process Personal Information based upon your consent. |
Right to complain to the relevant data protection authority
If you think that we have processed your Personal Information in a manner that is not in accordance with data protection law, you can make a complaint to the data protection regulator. If you live or work in an EEA member state, you may complain to the regulator in that state.
|
This right applies at any time. |
Right to provide instructions regarding the management of your Personal Information after your death (only where such right applies under applicable law)
You may have the right to inform us of instructions on how we manage the Personal Information we hold about you after your death. |
This right is applicable at all times when we hold your Personal Information (only where such right applies under applicable law). |
Sometimes we use automated decision making tools (i.e. where a person is not involved in the decision).
We typically use these tools when making straightforward decisions about you (for example, in certain claims handling and medical screening processes).
Where this is the case we provide you with more information so you understand what is involved.
Sometimes, as part of our business operations, decisions about you are taken using automated computer software and systems. These decisions do not involve human input, and the software and systems apply pre-defined logic programming and criteria to make a decision and assess how we deal with you in connection with the provision of services.
For example, we sometimes use automated decision making as part of a process to:
We provide you with more information in relation to any automated decision processes before or at the time that we intend to make decisions in this way. You have the right in certain circumstances not to be subject to a decision which is based solely on automated processing. Please see the section below 'What are your Personal Information rights?' below for further details of this right.
This Privacy Policy was last updated on 25/03/2018.
We review this Privacy Policy regularly and reserve the right to make changes at any time to take account of changes in our business activities, legal requirements, and the manner in which we process Personal Information. We will place updates on this website and where appropriate we will give reasonable notice of any changes.
Please take a look at the "LAST UPDATED" date at the top of this Privacy Statement to see when it was last revised.