Octium Group is made up of Octium Life DAC and Octium International Insurance Agent’. This Privacy Notice is issued on behalf of the Group so when we mention “Octium Group”, “we”, “us” or “our”, we are referring to the relevant company in the Octium Group responsible for processing your data.
At Octium Group, we are committed to protecting the confidentiality, integrity, and privacy of your personal data. Personal data means any information relating to a natural person which can identify that specific person.
Please take the time to read this notice carefully so that you understand how we will use your personal data and what rights you have under data protection law (including the General Data Protection Regulation (“GDPR”)).
2. How to Contact Us and/or our Data Protection Officer
We are committed to keeping your personal data safe and to processing it to provide you with the services you require. To support this commitment, we have appointed a Data Protection Officer to monitor and oversee the collection, processing and storing of your personal data.
If you have questions or requests on how we process, store and protect your personal data, you can contact our Data Protection Officer by email at DataProtectionOfficer@Octiumgroup.com or write to:
Data Protection Officer
1st Floor College Park House
South Frederick Street
3. What Personal Data We Collect from You
We collect and further process only as much personal data as is necessary for us to provide you with our products and services or to enable you to submit a question in relation to our products or our customer service.
The following is a list of the personal data we may collect and further process for you in the context of assessing your application for or executing your policy and depending on your capacity as a policy applicant or active policy holder, insured person or beneficiary:
3.1 Information to Identify You and Enable Us to Contact You
Name, date of birth, gender, marital status, photographic identification, nationality, postal address, tax residency, tax identification number, telephone number, email address, occupation, citizen status and family details (e.g. number of children, if applicable), passport/identification information, signature.
3.2 Information to determine your source of funds and source of wealth
Bank name, bank account number, IBAN, bank account statements, income details and personal assets, investment profile (e.g. conservative or aggressive).
3.3 Sensitive Categories – Medical Information for Underwriting Purposes
Personal medical history including information on mental or physical health and prescription information etc. Under no circumstances do we collect, store or further process your genetic data.
3.4 Other Information
Information relating to the execution of your policy and specifically any payments, contributions and/or profits made, any communications received including requests, queries or complaints you may have. Information relating to your potential implication as a politically exposed person, to anti-money laundering and anti-terrorist financing checks and to any FATCA tax implications you may occur.
3.5 Your duty to inform us of changes
It is important that your personal data is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
4. How We Collect Your Data
4.1 Personal Data You Provide
We collect personal data from you when:
- you complete your application form
- you use our products or services
- you contact us
- you use our website (see our Cookies Policy)
Important Note: When you send any forms by email, that contain personal data, we strongly advise that you encrypt the attachments before sending. The encryption password may then be disclosed by phone or by separate email.
4.2 Personal Data Provided by Third Parties
We also collect your personal data from:
- health professionals where medical information is strictly necessary in order to underwrite or administer a policy, including the processing of a claim and in accordance with your explicit consent
- your financial intermediary or broker
- the policy applicant, following your authorisation to the said person, as being an insured person or beneficiary
- a person otherwise connected to a policy, following your authorisation to the said person.:
5. What Personal Data We Collect from You, about Other Persons
We may collect personal data from you that relates to the following persons:
- your health professionals
- your legally appointed representatives
The personal data we collect with respect to these persons is limited to name, address and, where relevant, identifier number, and is used only for identification purposes.
We will ensure that any personal data you provide to us that relates to any person, will receive the same level of protection and privacy as described in this Data Privacy Notice.
5.1 Your Duty to Inform Other Persons that You are Releasing Their Personal Data
Before you disclose any personal data to us in connection with another person, you should:
- obtain permission from that person, to release their personal data.
6. Why We Process Your Personal Data
We collect and further process your personal data under the following lawful bases and for the following purposes:
It is necessary for us to process your personal data in order to assess your application for concluding a contract (i.e. insurance policy) with us and to execute such contract. This includes running underwriting checks and risk assessments, undertaking investment and asset management activities, communicating with you and with persons appointed by you, handling any queries, requests, complaints, payments or claims in the context of your policy and in general providing you with the services set out in your contract.
6.2 Legal Obligations
In accordance with applicable legislation, including tax and other regulatory obligations, we process your personal data in order to establish your identity, residence, and tax status for the prevention of tax evasion, money laundering and terrorist financing, to fulfill requirements by law to screening persons connected with policies for the prevention of terrorist and other criminal activities, to comply with binding requests from regulatory bodies, including the Central Bank of Ireland, Finanzmarktaufsicht Liechtenstein or tax authorities, to comply with court orders arising from civil or criminal proceedings.
6.3 Legitimate Interests
It is in our legitimate interests to process your personal data in the context of establishing and defending our legal rights and those of companies connected to us, to manage our internal administrative activities, including security of our information systems, to analyse our products and services, to host data and applications, to manage internal controls and audits, as well as in order to locate any instances of fraud. It is further in our legitimate interests to process strictly necessary personal data of persons other than the contracted parties (e.g. representative’s postal address), in order to administer and execute your policy.
As an insured person, we will request your explicit consent in order to process your health data, as provided through the Medical Questionnaire or as otherwise collected in order to clarify the said questionnaire.
Please be advised that in case you do not provide such consent, we will not be able to conclude a policy with you as an insured person, as a medical screening is a necessary industry standard before providing life insurance. You may withdraw such consent on the processing of your health data by contacting us at any time, however this may lead to the cancellation of your policy.
We also collect your personal data where you are not a policyholder but are connected to a policy, e.g. where you are a beneficiary, the representative of a policyholder, a life assured etc.
7. Persons with Whom We Share Your Personal Data
We only share your personal data with a select number of individuals and companies, as necessary.
When providing a policy to you, we share your personal data with:
- Companies that are under contract to provide services to us, including document management, administration, underwriting, payment facilitation, financial sanctions, and PEP (politically exposed person) screening
- Asset Managers and Custodians that are under contract to provide management and safekeeping services to us
- The Intermediaries that you have chosen to service and advise you on our products
- Octium Group companies that are under contract to provide support services to the Intermediaries you have chosen
- Health Professionals when this is required for underwriting purposes and for the payment of policy benefits
- Reinsurers that are under contract to provide claims and underwriting services to us
- Regulators, Tax Authorities, Revenue Commissioners, or other bodies, in order to comply with regulation and law
- Courts and court appointed persons and/or entities
- National Treasury Management Agency (NTMA) and its agents
- The Irish Police Force if required by law
- Any other administrative, judicial or public authority or generally any legal or natural person to whom, by law or court decision, Octium Group may be obliged or has a right to disclose such data
Octium Group will take all reasonable steps as required by law to ensure the privacy, confidentiality, integrity and safety of the personal data held by us.
8. Sharing Your Personal Data Outside the European Union or European Economic Area
The personal data we collect from you will be transferred to, and stored in Switzerland, which is outside the European Union (‘EU’) and the European Economic Area (‘EEA’). Switzerland is a designated secure third country which means that the European Commission has confirmed Swiss national laws provide a level of protection for personal data that is comparable with EU law.
9. How Long We Retain Your Personal Data
Your personal data is retained for the specified time periods (“retention periods”) set out in our Data Protection Policy. These retention periods are subject to legal, tax and regulatory requirements. In all cases, we retain your personal data for no longer than is required to manage our business as permitted by law.
10. How We Protect Your Personal Data
We have measures in place to protect the security of your personal data and to prevent your personal data from being lost or being processed, accessed, altered or disclosed in an unauthorised manner.
Your personal data is stored in systems in our premises, with providers of data storage in the EU and Switzerland. We take all reasonable steps to ensure that your data is protected and that any transfer of personal data is carefully managed to protect your privacy rights.
We also limit access to your personal data to those employees, agents, contractors, Data Processors and other third parties who have a legitimate business reasons to obtain it, who are subject to a duty of confidentiality and who process your personal data only on our instructions.
We have procedures in place to deal with any suspected data security breach and will notify you and any applicable regulator of any suspected breach, where we are legally required to do so.
11. Your Rights in Respect of Your Personal Data
In accordance with applicable legislation, you have the right to:
- access and receive copies of your personal data
- have inaccurate and incomplete personal data about you corrected and updated
- request the deletion of your personal data, where it is no longer necessary for us to retain it
- withdraw any consent provided for data processing, at any time and without affecting the processing that had already taken place
- require us to provide your personal data to another provider (where that does not result in a disclosure of personal data relating to other persons)
- restrict our processing of your personal data
- object to the processing of your personal data, where it is processed based on our legitimate interests.
If you wish to exercise any of these rights, you should contact our Data Protection Officer, at the contact details provided under section 2. You should be expecting a reply from us within one month or within a maximum of three months, if the request is too complex or if we have received too many requests.
If you make your request electronically, we will provide you with the relevant information electronically.
The Company reserves the right to verify your identity by requesting that you send us an identification document or different suitable documentation for this purpose (for example through the confirmation of personal data held by the Company).
The Company also reserves the right to request clarification on the request received, in order to ensure fast and targeted assistance.
If you believe we have processed your personal data incorrectly, you should contact our Data Protection Officer.
If you are dissatisfied with how our Data Protection Officer has dealt with your complaint, you can complain to the competent Supervisory Authority (in Ireland or Liechtenstein).
The contact details of the Office of the Data Protection Commissioner of Ireland are:
Data Protection Commissioner
Telephone: +353 (0) 761 104 800 or +353 57 8684 800
Fax: +353 57 868 4757
The contact details of the Data Protection Office in Liechtenstein are:
Liechstensteinische Landesverwaltung Stabstelle für Datenschutz
Telephone: + 42 32 36 60 90
Fax: + 42 32 36 60 99
13. Updating our Data Privacy Notice
We may update our Data Privacy Notice from time to time. Any updates will be made available on our Website.