Privacy Statement - GTL Life and Pensions
GTL Ltd is committed to protecting and respecting your privacy. We wish to be transparent on how we process your data and show you that we are accountable with the GDPR in relation to not only processing your data but ensuring you understand your rights as a client.
It is the intention of this privacy statement to explain to you the information practices of GTL Ltd in relation to the information we collect about you.
For the purposes of the GDPR the data controller is;
24 Jessop St,
You can email us at firstname.lastname@example.org
In this document “we”, “our”, or “us” refer to GTL Ltd. Please read this statement carefully as this sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Who are we?
GTL Ltd acts as a Financial Broker and is regulated by the Central Bank of Ireland as an Insurance Intermediary. Our principal business is to provide advice and arrange transactions on behalf of clients in relation to Life Assurance, Investments, Pensions & PRSA’s.
Accuracy of your personal data
Please keep us up to date with any changes to your personal data, this allows us to ensure that your personal data is kept accurate and up to date.
Purpose for processing your data
Personal data refers to any information relating to an identified or identifiable natural person (Data Subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular in reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
In order for us to provide a service to you, we require certain information about you that is classed as personal information. The following are the type of services we provide that require us to process personal data;
• Pension Services
• Financial Services
• Investment Services
• Life cover Services
• Income Protection Services
The type of personal data that we may process about you will depend on the service that you require from us. The following is an example of the type of personal data we process for different services. This list is not exhaustive.
Contact information – name, address, phone, email
Identification information – PPS number, date of birth
Employment details – occupation etc
Financial details – bank details, tax, income
Health information – illnesses, disorders
Should you apply to work at GTL Ltd, we collect personal information from you such as;
• Contact Details
• CV’s education and employment history
How we collect your data
How we get the information and why we have it
You may provide us with your personal information when you;
• Fill in a fact find via Best Advice (a financial platform we use)
• Fill in a paper-based fact find
• Fill in the query form on our website
• Correspond with us via email, phone or otherwise
• Meet with us on a one-to-one and provide us with your business card, for example.
• Send your cv to us in order to apply for work
Most of the personal information we process is provided to us directly by you, however we may also receive personal information indirectly, from the following sources in the following scenarios:
Facebook, Linkedin, Twitter, Google
From visiting these pages, or interacting with us, you are passing information on to us via the above platforms, these are known as cookies. This type of information is technical data about your computer equipment, browsing actions and preferences.
We also may have access to your publicly available details from these sources.
Why are we processing your data? Our legal basis.
We are required to determine the legal basis for which we process different categories of your personal information, and to notify you of the basis for each category.
Most of the personal information we process is provided to us directly by you for one of the following reasons:
Information we process because we have a contractual obligation with you.
GTL Ltd needs to process your data as this is necessary in relation to a contract of insurance to which you have entered into or because you have asked us for something to be done so that you can be entered into a contract.
In order to carry out our obligations under that contract we must process the information you give us. Some of this information may be personal information.
We may use it in order to:
• Setting up your account as a client with us
• Liaising with you
• provide you with our services
• provide you with suggestions and advice on products, services and how to obtain the most from using our website
• Processing and ensuring payment of invoices
We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract
Additionally, we may aggregate this information in a general way and use it to provide class information, for example to monitor our performance with respect to a particular service we provide. If we use it for this purpose, you as an individual will not be personally identifiable.
We may share this information with third parties in order to process the purchasing transaction of our services. These companies must also adhere to the same data protection legislation.
We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.
Information we process for the purposes of legitimate interests
We may process information on the basis there is a legitimate interest, either to you or to us, of doing so.
Where we process your information on this basis, we do so after having given careful consideration
• whether the same objective could be achieved through other means
• whether processing (or not processing) might cause you harm
• whether you would expect us to process your data, and whether you would consider it
reasonable to do so
For example, we may process your data on this basis for the purpose of;
• necessary administration of our business – for example, creating your client account
• responding to unsolicited communication from you which we believe you would expect a response
• Processing payments and invoices
• preparing for a job interview with you
Information we process because we have your consent
Through certain actions when otherwise there is no contractual relationship between us, such as
when you browse our website or ask us to provide with more information about our business,
including job opportunities, our products and services, you provide your consent to us to process
information that may be personal information
Wherever possible, we aim to obtain your explicit consent to process this information, for example
Sometimes you might give your consent implicitly, such as when you send us a message by email to which you would reasonably expect us to reply
You may also consent to have your data used in order to receive information on a new product offering which we think may suit you.
Except where you have consented to our use of your information for a specific purpose, we do not use your information in any way that would identify you personally.
We continue to process your information on this basis until you withdraw your consent, or it can be reasonably assumed that your consent no longer exists.
You may withdraw your consent at any time by instructing us at email@example.com
Information we process because we have a legal obligation
We may be required to give information to legal and regulatory authorities if they so request and subject to the correct authorisation
What we do with the information
• verify your identity for security purposes
• sell products to you
• provide you with our services
• keep our website safe and secure
We may share your personal data with selected business associates, suppliers and contractors to
provide you with our services. For example, these business partners may include our web hosting provider and our IT Cloud service providers.
In the event that we buy or sell any business or assets, it may be necessary to disclose personal data
to the prospective buyer or seller
How will GTL Ltd use the personal data it collects about me?
GTL Ltd will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than necessary. For information on the time periods your data is held for please contact us on firstname.lastname@example.org
Special Categories of personal data
If we collect any special categories of personal data (eg. Health, political opinions, trade union membership – financial information is not classified as special categories of personal data) we will ensure we receive your explicit consent.
Who we are sharing your data with
We may pass your personal data on to third party service providers contracted to GTL Ltd in the course of dealing with you in order to provide our services to you. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfil the service they provide on your behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with the General Data Protection Regulation.
If we wish to pass on your sensitive personal data to a third party, we will only do so once we have obtained your explicit consent, unless we are legally required to do otherwise.
The third parties we pass your personal data to are:
Insurance companies which we obtain quotes from in order to provide you with services you request (pension providers, investment firms, insurance firms)
Web hosting provider,
IT Cloud Service Providers
Selected business providers, suppliers and contractors to provide you with our services
We have issued all our third party processors with a Data Processor agreement and/or checklist to ensure they are GDPR compliant.
In some circumstances it may be necessary for us to transfer your data outside the European Economic Area (EEA). We will only transfer data to receivers that are in countries approved by the EU Commission, or where there are the appropriate safeguards in place to protect your personal data. For further information on these appropriate safeguards, please email email@example.com
GTL Ltd may, in certain circumstances use profiling in our business. The main categories are
• Risk profiling
• To establish a customer’s attitude to investment risk in relation to pensions and investments, advisors have automated calculators which calculate customers attitude to various levels of risk having answered a series of questions.
• Profiling for marketing purposes
• When we seek to contact you about suitable services, we may run automated queries on our computerised database to establish the suitability of the proposed products or services to your needs.
• Establishing affordability and providing quotations for financial services
Your data protection rights
Under data protection law, you have rights including:
• Your right of access – You have the right to ask us for copies of your personal information
• Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
• Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances
• Your right to object – You have the right to ask us to stop processing your personal data for profiling or direct marketing
• Your right to restriction of processing – You have the right to object to the processing of your personal data in certain circumstances
• Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have
one month to respond to you. Exemptions may apply if the information requested is considered excessive or repetitive.
Please contact us at firstname.lastname@example.org if you wish to make a request.
How to complain
You can also complain to the Data Protection Commission if you are unhappy with how we have
used your data.
The Data Protection Commission address:
21 Fitzwilliam Square South