Privacy Policy
Introduction
Penny Life Limited T/A This is Penny (“This is Penny ”) is committed to protecting and respecting your privacy. We wish to be transparent on how we process your data and show you that we are accountable with the General Data Protection Regulation 2016 (GDPR) in relation to not only processing your data but ensuring you understand your rights as a client.
This Privacy Policy explains when and why This is Penny collects personal data, how it is used, the condition under which it may be disclosed to others and how it is kept secure.
Who we are
We are Penny Life Limited T/A This is Penny is a private company limited by shares incorporated in Ireland with company number 707559 having a registered office at Herbert House, 22 Pembroke Road, Ballsbridge, Dublin 4, DO4 TT68.
We are regulated by the Central Bank of Ireland as an insurance intermediary registered under the European Union (Insurance Distribution) Regulations, 2018. We provide advice and arrange pension transactions services through our website (https://www.thisispenny.com)(“our Site” or “the Site”) and/or Penny app (the “App”)(together, the ”Services”).
For the purposes of GDPR Penny Life Limited is the data controller and our contact details are:
GDPR Owner
Lesley Tully
Address
Herbert House
22 Pembroke Road
Ballsbridge
Dublin 4, DO4 TT68
Telephone
About our Privacy Policy
We respect your right to privacy and take seriously our responsibilities in relation to the processing of personal data. We do not collect or process personal data unnecessarily. This privacy policy (the “Policy”) sets out important information about your rights in relation to the processing of your personal data, and the basis on which any personal data we collect from you, or that you provide to us, will be processed in connection with your use of the Services.
What personal information do we collect and why?
We advise on and arrange pension products with life insurance companies. We collect personal data about you when you apply for our services and for products provided by life insurance companies we have an agency agreement with.
Information you give us.
Your Data. This is information about you that you give us by filling in forms on our Site or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you use our Site, or the Services, or report a problem with our Site and/or the App.
The information you give us may include:
Identity Data: your full name, address, e-mail address, gender, phone number, age, date of birth, title, photograph, PPS number, identification details (e.g., passport details, driving licence details).
Financial Data: your financial, including your Occupation, Job Title, Total Remuneration, Employment Details, Existing Pension Benefits, Employer Name, Bank Details, your Income, Assets and Liabilities, VAT number.
Health Data: health insurance details (including health and retirement benefit contributions) such as information about your health status, medical records and medical assessment outcomes.
Pensions Benefits information: such as current benefits, pension entitlement information, date of retirement and any relevant matters impacting your benefits such as voluntary contributions.
Information we collect about you.
Automatically Collected Information. With regard to each of your visits to our Site we will automatically collect the following information:
Technical Data: technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, operating system and platform, how often you use the application and other performance data; and
Usage Data: information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page).
When we collect sensitive personal data as defined within the GDPR, such as health information, we will ensure that we require this information, and that we have your explicit consent and/or authorisation prior to our collection.
In the context of providing Services relating to pensions, verify your identity
We may collect Identity Data and Biometric Data - to match your face with your passport - in order to comply with our legal obligations, such as Anti-Money Laundering and KYC rules, when providing certain financial services such as investment products such as pensions and to use this to facilitate the creation of a membership in a either a private pension or of an occupational or group scheme.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at hey@thisispenny.com If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with this Policy, where this is required or permitted by law.
What are cookies and why do we use them?
The Site may use cookies from time to time. “Cookies” are small text files which are stored by your browser on your computer and are normally used to gather statistical information and to analyse trends of use or access to a website. Cookies cannot be used to run programs or deliver viruses to your computer.
Cookies may be used to save your personal preferences so you do not have to re-enter them each time you access the Site. For more about our use of cookies and how you can disable them, please see our Cookie Policy.
What we do with your information?
We will only use your personal information when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interest (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
We have set out below, in table format, a description of the ways we plan to use your personal data and the legal basis we rely only to do so. We have also identified our legitimate interests where appropriate to:
Provide the Services to you - We may use Identity Data, Health Data, Technical Data and Usage Data to provide the core Penny Services to you such as enrolling you in various financial services, providing you updates about said services as well as securing, troubleshooting and otherwise supporting our core services
Process transactions - We may use Identity Data and Financial Data to carry out our role in processing transactions for our core Services. Examples of this would be warning you of entering into arrangements that don't appear financially prudent, informing you about upcoming charges or renewals or attempting to recover monies owed to us.
Provide updates - We may use Identity Data, Technical Data and Usage Data to manage our relationship with you, including notifying you about changes to the Services, or our policies, or security updates on our App.
Communicate and reply to requests - We may use Identity Data, Technical Data and Usage Data to communicate with you, response to requests and repose to requests seeking information.
Administer, protect and improve our Services - We may use Identity Data, Technical Data, Usage Data (for the purposes of verifying your identity) to administer our business, protect our services and operations, comply with legal obligations and better understand usage of our services and apply these learnings to better those services in order to offer an improved service, reliability and/or experience to you.
Our lawful basis
We need to ensure that we process your personal data lawfully. We rely on the following legal
basis to collect and use your personal data:
Special Categories of Personal Data
Where we collect sensitive personal data such as health information we can only do so on receipt of your explicit consent. Where we rely on your consent to process data we will ensure that we present this to you concisely. We will also ensure that we use clear and plain language and if you give us your consent you can withdraw this easily at any time.
Sharing your data
We will keep your personal data confidential but may pass it on to:
Insurance companies we have contracts with to arrange pension products on your behalf.
Third parties who provide services to This is Penny including IT service providers, auditors and marketing agencies. We are careful in our choice of third party providers and any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfil the service they provide on your behalf.
Regulatory and other governmental bodies where required by or under any enactment or rule of law or court order, including, but not limited to, the Revenue Commissioners, An Garda Siochana, the Companies Registration Office, the Financial Services & Pensions Ombudsman or the Central Bank of Ireland.
If we transfer personal data to a third party or outside the EEA, we as the data controller will ensure the recipient (processor or another controller) has provided the appropriate safeguards and on condition that enforceable data subject rights and effective legal remedies are available for you the data subject. We do not currently transfer personal data outside of the EEA.
What are your rights around data?
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
Right of access – you have the right to request details of the data that we hold about you including what we hold, why we hold it and how it will be processed, how long it will be held for and whether automated decision making/profiling applies. You also have a right to request a copy of the data we hold about you.
Right of rectification – you have a right to request This is Penny to correct data that we hold about you that is inaccurate or to complete data that is incomplete.
Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records. These circumstances include when you withdraw consent and when we no longer need the data. We cannot agree to a request erase data if we are required to retain it to comply with a legal of regulatory obligation.
Right to restriction of processing – where certain conditions apply to have a right to restrict the processing. These conditions include where you context the accuracy of data; where the processing is unlawful; you have objected to the processing of your data.
Right of portability – you have the right to have certain data we hold about you provided to you or transferred to another organisation in a structured, commonly used and machine-readable format. This right applies to automated data provided to us on the basis of your consent or on the basis that it is required to perform a contract we have entered into with you.
Right to withdraw consent – where we are processing your data because you have consented us to doing so you have the right to withdraw that consent at any time
Right to object – you have the right to object to certain types of processing including direct marketing, profiling for the purposes of direct marketing and processing for the purposes of our legitimate interests unless we can demonstrate that our legitimate interests override yours.
Right to judicial review – In the event that Garrison Financial Planning Limited refuses your request under rights of access, we will provide you with a reason as to why.
All of the above requests will be forwarded on should there be a third party involved as we have indicated in the processing of your personal data.
How long do we hold personal information for?
We retain personal information for only as long as we are required to either/or to provide the service(s) you have asked us to provide or to comply with regulatory or legal obligations. Our default retention period, in line with regulations and statutory requirements, is a minimum of 6 years following the cessation of a client relationship.
Personal data will be disposed of securely.
Disclosure of your information
We do not sell your personal information to third parties for marketing purposes. We may disclose information to third parties if you consent to us doing so as well as in the following circumstances:
You agree that we have the right to share your personal information with the following recipients or categories of recipients:
Any department or authorised person within our company or any member company within our group, which means any subsidiary or holding company within the meaning of sections 7 and 8 of the Companies Act 2014.
Selected third parties including:
Business and insurance partners, suppliers and subcontractors, including (to the extent applicable to your plan or policies) insurance brokers, agents and underwriters, pension administrators and pension providers, for the performance of any contract we enter into with them or you in relation to the Services;
Third-party processors that process personal information on our behalf, such as IT service providers who manage our IT and back-office systems and telecommunications networks, accounting and payroll providers, and CRM providers.
Analytics and search engine providers (e.g Google Analytics, Plausible, Intercom) that provide us with other analytics information and assist us in the improvement and optimisation of our Site and services. You can find out more information about what information Google collects and how it uses and discloses that information here: http://www.google.com/policies/privacy You can opt out of Google’s collection and processing of data generated by your use of the Services by going to http://tools.google.com/dlpage/gaoptout
Credit reference agencies for the purpose of assessing your credit score to the extent this is a condition of us entering into a contract with you.
We will disclose your personal information to third party recipients:
in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of our business or assets.
if This is Penny or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
if we are under a duty to disclose or share your personal data in order to comply with any law, legal obligation or court order, or in order to enforce rights under the GDPR or other agreements.
to protect our rights, property or safety, our customers, or others. This includes
exchanging information with other companies and organisations for the maintenance and security of the Site and Services.
International Transfers
Where the privacy and data protection laws may not be as protective as those in your jurisdiction.
This is only for the purposes of providing, and to the extent necessary to provide, the Services to you. There are special requirements set out under Chapter V of the GDPR (with which we would comply) to regulate such data transfers and ensure that adequate security measures are in place to safeguard and maintain the integrity of your personal data on transfer.
For more information about this and the safeguards in place relating to the transfer, please contact us by email at hey@thisispenny.com
Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Contacting You
This is Penny may contact existing customers by email, text or telephone to discuss your pension arranged by us. We may also contact existing customers by email to provide details of new products or services that may be of interest to you. We do so on the bass that we have a legitimate to promote and grow This is Penny. If you have registered with a database/mailing list operate by This Is Penny but are not a customer we may contact you to provide details of new products or services that may be of interest to you on if you have consented to be contacted by us for this purpose.
If you have a complaint
If you wish to make a complaint about how your personal data is being processed by This is Penny or how your complaint has been handled, you have the right to lodge a complaint with our GDPR Owner whose contact details are provide above.
You also have the right to complain to the Office of the Data Protection Commissioner at:
Data Protection Commission
21 Fitzwilliam Square South,
Dublin 2.
D02RD28
Web: www.dataprotection.ie
Email: info@dataprotection.ie
Privacy policy statement changes
Penny Life Limited may change this privacy policy from time to time. When such a change is made, we will post a revised version online. Changes will be effective from the point at which they are posted. It is your responsibility to review this privacy policy periodically so you’re aware of any changes. By using our services you agree to this privacy policy.
Effective Date of this Policy: July 2024