W.P. O’Reilly & Associates Limited is committed to protecting and respecting your privacy. We wish to be transparent on how we process your data and show you that we are accountable with the GDPR in relation to not only processing your data but ensuring you understand your rights. 

For the purposes of the GDPR the data controller is W.P. O’Reilly & Associates Limited. Our contact details are:

W.P. O’Reilly & Associates Ltd.,
Berkeley House, Ballybin Road,
Ashbourne, Co. Meath
A84 VY66.

Phone: (01) 8498989,
email: info@wporeilly.ie,
website: www.wporeilly.ie

When we refer to we/us, we mean W.P. O’Reilly & Associates Limited. Please read this Privacy Notice carefully as this sets out the basis on which any personal data, we collect from you, or that you provide to us, will be processed by us.

Who we are

W.P. O’Reilly & Associates Ltd is authorised and regulated by the Central Bank of Ireland as an Investment Intermediary under the Investment Intermediaries Act 1995, as a Mortgage Intermediary under the Consumer Credit Act 1995, as a Mortgage Credit Intermediary under the European Union (Consumer Mortgage Credit Agreements) Regulations 2016 and as an Insurance Intermediary under the European Union (Insurance Distribution) Regulations 2018.

How do we collect your information and what information do we collect?

The personal information we collect varies depending upon the nature of our services. We will endeavour to provide you with an overview of those categories of personal data our organisation collects and our purpose for using that data. 

Our organisation collects personal data in the following ways, if you:

• request a service from us;
• use our websites or complete an online mortgage application on our website
• use our website and it installs cookies or other tracking technologies onto your device.  
• engage with us on social media; LinkedIn, Instagram and Facebook
• contact us with a complaint or query;
• apply for a position with us;

What information do we collect?

We need to collect and use your personal information to provide your plan contract. This includes, but is not limited to, your name, date of birth, PPS number, passport/driving license, demographic details, family and beneficiary data, contact details, bank account details, marketing preferences and social media information. Depending on the plan type this can include health, employment, pension and salary information. We restrict access to, and use of, any sensitive personal information. When our organisation collects sensitive personal data as defined within the GDPR we will ensure that we require this information, and we have your explicit consent and/or authorisation prior to our collection. Please see the further information contained in this Privacy Notice that outlines special categories of personal data.

We also create new personal information. Personal information needed for plan contracts is held and used to;

• process your application;
• set up and issue your plan;
• provide you with information about your plan;
• to help the administration of your plan and assist with the payment of your plan benefits;
• provide customer care and service; and
• contact you to inform you of any relevant actions you may need to take.
• To process a claim on your plan

How do we use your personal data?

Your Personal Data will be used to enable us to fulfil our contractual obligations in relation to your request for insurance, investment, protection, pension products, independent financial advice, quotes. In order to give you information and updates on your plan, we use your plan and contact details. We use our customer personal information, including yours, to identify the target market for our regulated services.

In order to receive financial advice from us, you must give personal and financial information for your current and future needs to be assessed. This enables us to recommend the most suitable financial product for you. This also involves creating new and assumed personal information about you. We complete an analysis of you using your personal information to comply with regulations. When you give us your personal information we will check to see if we already have a record of you. This helps us to comply with your Data Protection Rights.

Legal Basis

We need to ensure that we process your personal data lawfully. We rely on the following legal grounds to collect and use your personal data.

Performance of a contract – When we are engaged to provide advice or arrange a contract for you, we will collect and use your personal data to enable us to fulfil that service. 

Legal obligation – The use of some of your personal data is necessary for us to meet our legal obligations e.g., pension contributions for Revenue Certificates, Regulatory purposes to the Central Bank   

Consent – Sometimes we may rely on consent as a legal basis for processing your information. We may also rely on your consent to send direct marketing to you. We will ensure that we present this to you concisely.  We will also ensure that we use clear and plain language and if you give us your consent you can withdraw this easily at any time. Sometimes if you refuse to provide information that we reasonably require to provide the services, we may be unable to offer you the services and/or we may terminate the services provided with immediate effect.

Legitimate interests – Where we rely on this legal basis to collect and use your personal information, we shall take appropriate steps to ensure the processing does not infringe the rights and freedoms conferred to you under the applicable data privacy laws.

If you require further information on any of the above basis for processing your data, we can provide you with further details.

Special Categories of Personal Data

Special categories of data are sensitive in relation to your fundamental rights and freedoms and therefore require specific protection when processed as these could create significant risks to the rights and freedoms of individuals. If we collect any special categories of personal data, such as health data we will adhere to the Data Protection Act 2018. This Act allows us to process special categories of personal data for insurance and pension purposes. We will ensure we have suitable and specific measures in place to safeguard the rights and freedoms of you and the processing of your data. These measures relate to the below:

• A policy of life assurance,
• An occupational pension, a retirement annuity contract or any other pension arrangement 
• The mortgaging of a property

Profiling – automatic decision making:

An automated decision is when we input your personal data into a computer programme and this programme analyses your personal data to provide us with a result. There is no human involvement in the decision making. If a decision is taken by automated means, you have the right to object to this and ask us to reconsider the service you have asked us to provide. Some examples of automated decisions that we undertake are: 

• Risk profiling – To establish a customer’s attitude to investment risk (relates to pensions and investments) advisors have automated calculators which calculate the customers attitude to various levels of risk having answered a series of questions.
• Affordability Calculators – Establishing affordability and providing quotations for financial services and mortgage product
• PEP check – To establish whether a customer is a Politically exposed Person or a Relative/Close Associate (RCA) of a PEP
• Checks to identify if a client is subject to sanction under anti Money Laundering/Countering the Financing of Terrorism legislation.

Direct Marketing:

We would like to be able to contact you about offers and services from across our group of companies, separately from your plan communications. We will only send you direct marketing content where we have your consent.

Sharing with Other Companies with whom we have business arrangements

We believe it may help you if we know whether you have products and services provided by other companies or if other services may be of interest to you. We will use this to provide you with additional services with your consent.

To whom do we pass your personal information to:

Data processors:

Companies that act as service providers under contract with us and only process your personal information as instructed by us. Your personal information is transferred securely and is not used by other parties for any other reason.  

Insurance Partners – where we need to manage the services provided to you such as Product Providers and insurance underwriters. You can refer to their privacy statements on their websites for more information about their privacy practices.

Medical Professionals – e.g., where you provide health information in connection with a claim against your insurance policy; or when we are providing a quote for insurance.

Public authorities, regulators and government bodies – where necessary for us to comply with our legal and regulatory obligations, or in connection with an investigation of suspected or actual illegal activity

Third-party processors – we outsource our processing operations to suppliers that process personal information on our behalf. Our IT and Cloud Service Provider is Ortus Managed IT & Cloud Dublin. Our website is hosting by Hosting Ireland and serviced by Ashbourne PC. Our telecommunications networks are supported by Eir and Ripple. CRM MoneyAdvice is our back office system. Mailchimp (trading as Mailchimp) support the issue of our service emails. Lane Clark & Peacock Ireland Limited provide Actuarial and Consulting services to WP O’Reilly & Associates Limited.  These processing operations remain under our control and we have data processing agreements in place with all our third party processors to ensure all processing is carried out in accordance with our security standards and the GDPR. 

Trustees – appointed in connection with the plan contract.

Investment Service Providers – we pass limited personal information to investment service providers where you want to access these services through your plan e.g. Stockbroker or Online Trading Platform.

Companies – we pass your personal information to third parties, including other companies within the Group, with your consent. 

Do we transfer your personal information outside of the EU?

Your personal information is processed and stored within the EU. Where we transfer personal data to a country outside of the EEA (referred to in the GDPR as ‘third country,’) we will ensure it is done lawfully, i.e. there is an appropriate “level of protection for the fundamental rights of the data subjects”.  We will therefore ensure that either the EU Commission has granted an adequacy decision in respect of the third country, or appropriate specified safeguards have been put in place, (e.g., Binding Corporate Rules (BCRs) or Standard Contractual Clauses (SCCs)). 

We share your email address (only when your explicit consent has been given) with Mailchimp, who support the issue of our service emails. Mailchimp are located in the United States. There is no finding of adequacy of the transfer of data from Ireland to the United States. In the absence of an adequacy decision the GDPR allows the transfer if the controller or processor has provided appropriate safeguards. These safeguards include Standard Contractual Clauses (SCCs).  We, the data controller must abide by the SCCs as well as the Recommendations adopted by the European Data Protection Board on measures that supplement the SCCs which will ensure the level of protection provided for within the GDPR.  

How long to we hold your personal information for?

We keep and use your personal information for as long as you have a relationship with us. We also hold it after this where we need to for complaints handling, for system back-ups needed for disaster recovery and for as long as we have to under regulations. We will let you know how long we keep personal information for when you avail of a single or specific service such as a quote or call-back.

What are your rights? 

You have a number of rights over your personal information which you can exercise free of charge by contacting us using the details in this Privacy Notice. You will need to give us information to help us identify you and we will respond to you within one month in line with current regulations. Any restrictions to your rights will be explained in our response.

• Right to Information – You have a right to the information set out in this Privacy Notice. We will inform you of our updated Privacy Notice, if we change the type of personal information we collect and / or how we use it. We have controls in place to protect your personal information and minimize the risk of security breaches. However, should any breaches result in a high risk for you, we will inform you without delay.
• Right to Restrict or Object – You can restrict or object to any unfair and unlawful collection or use of your personal information. You can object to any automated decision making that has a legal or similar significant impact for you and ask for the decision to be made by a person. You can withdraw consent and object to, for example direct marketing.
• Right to Correct and Update – You can ask us to correct and update personal information we hold about you. Your plans are long term contracts and to provide you with the best service it is important we have your up to date personal information, such as contact details.
• Right to Delete and Be Forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records. (The erasure of such data will be dependent on our other legal obligations, and whether the data is subject of legal privilege).
• Right to Portability – you have the right to have the data we hold about you transferred to another organisation.
• Right to make a complaint: if we refuse your request under rights of access, we will provide you with a reason as to why.
• Right to Access – You have the right to know what personal information we hold about you and to receive a copy of your personal information. We must tell you:
  • why we hold it;
  • who we pass it to, including whether we transfer it outside the EU;
  • how long we keep it for;
  • where we got it from; and if we carried out any automated-decisions, and if so, the logic behind it and what it means for you.

This right does not allow you to access personal information about anyone else. To access your personal information please write to us using the contact details in this Privacy Notice. To help us respond as quickly as possible please let us know if you are only looking for copies of specific personal information.

Using our Website

The following information relates to our privacy practices in connection with our website. We are not responsible for the content of privacy practices of any other websites. Any external links to other websites are clearly identifiable as such.

WP O’Reilly & Associates Limited respects the rights of users of our website and is committed to protecting your privacy under the requirements of the General Data Protection Regulation 2018 and the Irish Data Protection Act 2018, at all times. We will not collect any personal information (also referred to as personal data) about you on our website without your permission or otherwise in accordance with the Data Protection Act.

Except in relation to certain specific features on our website, you do not have to provide us with any personal information (or personal data) to use our website. However, where you elect to give us your personal data through our website via online our online enquiry form then we will treat your personal information in accordance with this notice. 

Web Browsing

By simply visiting our website you do not disclose, nor do we collect, personal data on you. All that we may know about your visit may be limited to technical data such as;

• The logical address (or IP address) of the server you used to access this website
• The top level domain name from which you access the internet (for example .ie, .com, .org, .net)
• The previous website address from which you reached us
• The type of web-browser you used
• Web traffic data (the amount of data sent and received by visitors to a web site. This is determined by the number of visitors and the number of pages they visit.

The technical data may be used for administrative and statistical purposes and may be shared with our internet service providers; Eir and Ripple. We may use this information to help us to improve our website. This technical data does not provide us with the personal data of visitors to our website.

Cookies

We do not use cookies. Should we decide to use cookie sin the future we will not do so to collect or store personal information without notifying you. Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer’s hard drive. 

Security of Data

WP O’Reilly & Associates Limited takes seriously its security obligations in respect of your personal data under the General Data Protection Regulation 2018 and the Irish Data Protection Act 2018, to prevent unauthorised access to, or alteration or destruction of personal data in our possession.

Complaints

If you wish to make a complaint about how your personal data is being processed by WP O’Reilly & Associates Limited or how your complaint has been handled, you have the right to lodge a complaint with our Compliance Officer Niamh O’Reilly. 

You also have the right to make a complaint to the Data Protection Commission where you feel that your rights have not been appropriately served by us or how your data is being processed (www.dataprotection.ie). You can contact the Data Protection Commission by emailing info@dataprotection.ie or writing to Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2. D02RD28

Failure to provide further information. 

If we are collecting your data for a contract and you cannot provide this data, the consequences of this could mean the contract cannot be completed or details are incorrect.

When you fail to provide us with information, we require to fulfil our obligations to you, we may be unable to offer our services to you. 

Children’s Privacy

Our Service does not address anyone under the age of 16 (“Children”). We do not knowingly collect personally identifiable information from children under 16. If you are a parent or guardian and you are aware that your Children has provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from children under age 16 without verification of parental consent, we take steps to remove that information from our servers.

Contact us

Your privacy is important to us. If you have any questions about this Privacy Notice, please contact us at: W.P. O’Reilly & Associates Limited, Berkeley House, Ballybin Road, Ashbourne, Co. Meath, A84 VY66 

Phone: (01) 849 8989 

Email: info@wporeilly.ie 

Privacy notice/statement changes

When we update this Privacy Notice/Statement, we will post a revised version on our website – www.wporeilly.ie. Changes will be effective from the point at which they are posted. We would encourage you to review our Privacy Notice so that you are aware of updates.