skip to main content

Privacy Policy

Effective as of September 2024

Buy Health Insurance are committed to offering a range of health insurance coverage while partnering with Irish Life Health and other leading health insurance providers in Ireland

As controllers of the personal data, you entrust to us, we take our responsibility seriously. We are fully committed to safeguarding your privacy and managing your data with credible standards of transparency, integrity and security. Our practices adhere to the data protection law, ensuring that your information is only used for the purpose of delivering the services you require.

Where we process client’s information as joint controllers or processors, we will ensure that the processing is in line with the General Data Protection Regulation and the Data Protection Act 2018.

This privacy notice applies to your usage of our Website only. If you engage us for services, you should refer to the Personal Data Protection Agreement, the Privacy Notice or other privacy document that is sent to you at the time of engagement which will clearly state the purpose and legal basis of collecting your information.

Consent

In this Privacy Policy, we describe what information we collect when an individual uses, receives or has access to our website, how we use it and how we protect that information, with whom we share it and what privacy options are available to each individual.

Upon accessing our Website, you will be asked to opt-in to cookies, which is the primary method in which we collect this information. You can change your cookie preferences at any time by clicking the cookies symbol in the lower left corner. At other times, you may be asked to provide information directly. You can choose not to do so (although this choice may impact the service you receive).

Scope

This Website Privacy Policy does not apply to any subsites or third-party sites that might be linked to, or accessible from, the Website.

This Privacy Policy does not address the information practices of any third party, unless as specified otherwise.

Changes

Our Privacy Policy will always indicate the date when it was last changed. We encourage you to visit this page regularly to be aware of our current terms.

We may modify or supplement this Privacy Policy from time to time for any reason.

If we make any material changes to this Privacy Policy, we will post the updated Privacy Policy here, along with its effective date, to notify users as required by applicable law. You should review this page regularly to look for changes in this Website Privacy Policy.

Your continued use of this Website after we have posted changes to this Privacy Policy on this page with a new effective date will indicate that you agree to be bound by such changes.

If any change to this Website Privacy Policy is unacceptable to you, your only recourse is to terminate your use of the Website.

Links to Third-Party Websites

This Website may contain links to other websites. We do not control the content or privacy policies of such third-party websites or the privacy policies of such third parties. We accept no responsibility or liability for privacy or other issues related to the collection or use of your information by such other websites or third parties.

We urge you to be aware when you leave our Website, and to read the privacy statements of each website on which you land after you click on a link or social networking button located on our Website.

The inclusion of a link to a third party’s website or service does not imply endorsement of the third party’s data handling practices and does not imply that this Privacy Policy covers their practices.

Security

We seek to use reasonable technical, organizational, and administrative measures to protect data collected through this Website against unauthorized or unlawful processing and against accidental loss, destruction, or damage. We believe that these measures are reasonably adapted to the nature of the information in our custody. However, because no security system can be 100% effective, we cannot guarantee the security of any information we may have collected from or about our users.

When the circumstances require, we use encryption technology (data scrambling) and authentication tools to protect information that you may provide through our Website. In addition, our employees are instructed that such information is to be used only in accordance with the principles of this Website Privacy Policy, or other information security policies and procedures we may adopt from time to time, and the laws applicable to each specific business.

We will not ask you for any information such as your social security number, a bank or credit card account number, through the Website. If you need to send us confidential information and are concerned about the security of the Website, then you should consider sending it via another secure connection or method.

If you believe that your interaction with our Website is no longer secure, please immediately notify us of the problem in accordance with the “How to Contact Us” section below.

Information we collect.

Information Collected Directly

When you visit the Website, your browser automatically provides, and we automatically collect and store, certain information about your device (computer, tablet, smart phone etc.) and your activities. This includes:

  • Preferences and settings: time zone, language, and character size
  • Identifiers: computer IP address; unique mobile device identifier
  • Technical information: type of device, operating system, or platform (Mac, Windows), browser information (type, version)
  • Connection: Internet provider or mobile carrier name, connection speed and connection type; Internet service provider (ISP)
  • URL of the last Web page visited before visiting our Service; exit page.
  • Information about your use of the website: data stamp, pages viewed, time spent on a page, click through, clickstream data, queries made, search results selected, history, comments made.
  • Location: general geographic location

Information You Provide to Us

We will only collect information to facilitate your quoting process

Information we will collect will include:

  • Number of individuals to be covered
  • First and last name of each individual
  • Date of birth
  • Email address
  • Full home address

How We Collect Information

We (and our service providers) collect information in a variety of ways:

  • When you visit our website and provide us with information to obtain a quote
  • Through our emails and other electronic communications
  • Through your browser or device, cookies, or similar technologies

Use of Information

We use the information collected from our users and the user’s device as described above, for the following purposes:

  • Respond to questions and other requests for information made through the Website.
  • Send our newsletter or other communications that an individual has requested or that may be of interest to that individual, in accordance with the individual’s preferences.
  • Keep record of contact information, and correspondence
  • Remember the user’s preferences (e.g., language, font size), when using our Website.
  • Administer our Website, diagnose technical problems and otherwise manage our business.
  • Facilitate the user’s use of the Website
  • Allow the user to navigate or browse through our Website quickly and efficiently
  • Improve user experience, such as by personalizing content to the user’s preferences or interests or by expediting the processing and completion of a transaction.
  • Perform data analysis, audit, fraud monitoring and prevention, enhancing, improving, or modifying our Website, identifying usage trends, determining the effectiveness of our promotional campaigns, and operating and expanding our business activities
  • Perform other functions as otherwise described at the time of collection.

Sharing and Disclosure of Information

We share user information with the following entities or in the following circumstances:

  • Service providers – We share information with our service providers, suppliers, subcontractors and similar third parties who provide services to us or act on our behalf so that they can assist us with the provision, upkeep and maintenance of the Website and other related activities. We require these service providers to refrain from using or sharing with others, for other purposes than as directed by us, the information that we provide to them, or that they collect directly from our users.
  • Analytics – We use automated tools and applications, such as Google Analytics, to evaluate the use of our Website. These third-party services use cookies and other tracking technologies to perform their services.
  • Affiliates – We share information with entities that are under common ownership or control of our parent company (“affiliates”) for the purposes described in the Privacy Policy. Subject to local requirements, this information may be used to provide legal and related services offered by our affiliates and for the purposes described in this Privacy Policy.
  • Sale, merger, and corporate reorganization – We may transfer users’ information to a third party in case of the reorganization, sale, merger, joint venture, assignment, transfer or other disposition of all or any portion of our business, asset, or stocks, including in the event of corporate restructuring of our company or its affiliated entities.

  

Data Retention

We will retain your data only for as long as necessary to provide the service or as permitted by the applicable regulations. Our personal data processing is governed by the General Data protection Regulation (GDPR) and this data will benefit from the protections afforded by the GDPR. This means that data we no longer deem necessary will be regularly deleted in line with our regulatory requirements.

Compliance and Legal Requirements

There may be times when we use, share, or disclose information about our users to comply with applicable laws or to address legal concerns or liabilities, especially in the following cases:

  • Compliance with applicable laws – When we believe it is necessary or appropriate under applicable laws, including laws outside your country of residence, or to comply with legal process.
  • Fraud prevention and protection of legal rights – When we believe it is necessary to enforce our terms and conditions; to investigate, prevent or respond to suspected illegal or fraudulent activity; to protect the safety, rights or property of our company, and those of its affiliates, users or others; or to exercise or protect legal rights or defend against legal claims; to allow us to pursue available remedies or limit the damages that we may sustain.
  • Government authorities –– If law enforcement authorities, courts or regulators, or other public or government authorities with appropriate jurisdiction – including public and government authorities outside your country of residence – request that we provide user information, and such request is made using the method required by law in the applicable jurisdiction, such as a search warrant, subpoena or a court order, and we believe that such request is facially valid, we will provide any information we have about a user that responds to such request.

Aggregated, Anonymized or Statistical Information

We aggregate information regarding what portions of the Website users are visiting to develop statistics about the use of the Website. This information helps us create a better experience for users of our Website. For example, we may upgrade those parts of the Website that are heavily visited or optimize the Website to work more efficiently with certain operating systems.

We may provide such aggregated, anonymized, or statistical information to third parties, such as our advisers or consultants for research, analytical or strategic purposes. This information is not intended to allow the identification of any specific user of our Website.

 

Cookies and Web Beacons

We use cookies to recognize your device and browser. The next time you visit our Website, we may use information stored in your cookie file to facilitate your use of our Website. For example, we may use your cookie file to store a password so that you do not have to input it every time you move to a different section of a password-protected portion of our Website. A cookie does not tell us your individual identity unless you have chosen to provide it to us.

Most cookies expire after a defined period, or you can delete your cookie file at any time you choose. In addition, you can set your browser to notify you when you receive a cookie so that you can decide whether to accept or reject it. Please note that these actions apply to a specific browser.

You can always choose whether to accept cookies by changing the settings on your browser. Most browsers contain information on how to control or delete cookies. These settings will typically be found in the “Options” or “Preferences” menu of a browser. You may wish to refer to http://allaboutcookies.org/. Further, you can use the cookie icon in the lower left-hand side of the screen to change your cookie preferences with regards to our site at any time.

If you choose to delete or disable cookies, your experience at our Website may be diminished and some features may not work as they were intended. Some cookies cannot be turned off using the cookie preferences menu because they are essential to the function of the Website.

We use Web beacons. A Web beacon can help us track your activity on the Website, such as which page you are viewing or how long you are staying on that page. Some technologies will notify you of the presence of Web beacons, but browsers typically do not notify you of them.

Third Parties’ Cookies and Beacons

Third parties’ cookies and beacons are used for functionality, performance, and analytic purposes. These cookies and beacons collect and store automatically information about a user’s computer or mobile device, and the use of the Service. This information is used in aggregate form only.

The practices of these third parties are subject to the third parties’ privacy policies, some of which we have no control over. We encourage you to read their privacy policies.

Social Media and Other Areas Beyond Our Control

You may find additional information on our products and services through our social media Websites, such as Facebook, LinkedIn, and Twitter. These Websites have their own privacy policies and data handling practices, which are different from ours.

Please take the time to review these policies before disclosing or posting information on or through these Websites or any button that links to these Websites.

Please keep in mind that any information you share on social media Websites, interactive forums, message boards or chat rooms may become public information. You should exercise caution when deciding to disclose or share your personal information.

Users' Rights

Choice Regarding Marketing

By clicking submit you will have opted-into receiving our marketing materials. If you no longer wish to receive marketing-related materials, you may opt-out by following the unsubscribe instructions in our marketing messages or by contacting us as indicated in the “How to Contact Us” section. We will try to comply with your request as soon as practicable. Please note that you cannot opt-out of receiving administrative messages.

Data Subject Requests

Each user has the right to review, change, suppress or erase personal information that can reasonably be linked to, and that we have collected from that user. You may exercise this right by contacting us as indicated in the “How to Contact Us” section. For your protection, we may need to verify your identity before implementing your request. We will try to implement your request as soon as reasonably practicable, but in any event, we will carry out this request within 30 days. If we cannot fully comply with your request within 30 days, we will notify you to inform you of this, provide our reasons and inform you of what other rights you have available to you.

However, please note that we reserve the right to refuse to act on a request that is manifestly unfounded or excessive (e.g., because it is repetitive) and/or to charge a fee that takes into account the administrative costs for providing the information or the communication or taking the action requested. If you have a question, comment, or request, please contact us as explained in the “How to Contact Us” section below.

Do Not Track

Some browsers give individuals the ability to communicate that they wish not to be tracked while browsing on the Internet. The “Do Not Track” feature of these browsers sends a signal that informs operators of services online that the user does not want certain information about their online activities to be collected over time and across Websites or online services.

The internet industry has not yet agreed on a definition of what “Do Not Track” means, how compliance with “Do Not Track” would be measured or evaluated, or a common approach to responding to a “Do Not Track” signal. Consequently, due to the lack of guidance, we have not yet developed features that would recognize or respond to browser initiated “Do Not Track” signals.

  

Special Notice for EU/EEA/UK Users

The EU GDPR and Data Protection Act 2018 governs the way we handle your data. You are free to utilize your rights under the GDPR by reaching out to us using the contact details provided in the How to Contact Us section. When you choose to exercise these rights, we may require additional information from you to verify your identity before disclosing information or addressing your request. Your rights mean that you can request that NFP to:

  1. provide a copy of the personal information we hold (once requested, we have a maximum of one month to give an individual such information).
  2. Provide you with details of the collection and use of the data they collect about you.
  3. rectify information if it is inaccurate or incomplete.
  4. delete or remove your personal data where there is no compelling reason for its continued processing.
  5. suppress processing of your personal data, when processing is restricted, we are permitted to store the personal data, but not carry out further processes. We will retain sufficient information about the individual to ensure that the restriction is respected in future.
  6. object to certain uses of your personal information.
  7. under specific conditions to provide personal information to you or another designated controller in a commonly acceptable and easily readable digital format. However, this is applicable only when the processing of said information relies on either (i) your consent or (ii) the execution of a contract to which you are a party.
  8. include you in decisions made entirely by automated processes i.e., without any human involvement in which case you have a right to object to such processing.

Additional Rights

Applicable laws may give you additional rights that are not described in this Website Privacy Policy. Which may include:

  1. withdraw any permission you may have previously provided; and
  2. complain to the Information Commissioner’s Office at any time if you are not satisfied with our use of such information (please see “registering a complaint” for more information)

How To Contact Us

To write to us regarding this Privacy Policy and our personal information handling practices, please;

Email: dataprivacy@nfpireland.ie or write to us

 

Address: 2nd Floor Block, 4 The Arch, Blackrock Business Park, Blackrock, Dublin, A94 A0D0

Regarding email communications: note that email communications are not always secure. Thus, please do not include any confidential or sensitive information in any emails. We subscribe to some secure data transfer services. Please ask us about this if you would like to transfer data to us securely.

Regarding postal communications be aware that it may take us longer to route and process your request if it is made on paper than we would take with an electronic message.

Registering an Issue

If you have an issue about the way your personal data is processed, we ask that you reach out to us about this in the first instance.

In addition to reaching out to us, you also have the right to lodge a complaint with the supervisory authority for data protection if you are unhappy with how your personal data is being processed. In Ireland, the relevant supervisory authority is:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28
Ireland

Tel: (01) 765 01 00 or 1800 437 737 (calls are charged at local rates)