For you to be confident using our services, we want you to know and trust that we’re committed to ensuring your privacy is protected.
We realise insurance can be complicated, and there’s a lot of information we need to provide to you, so we’ve provided a table of contents with links to the relevant sections and please do contact us customercare@ie.wrisk.co with any questions.
We are Wrisk Europe GmbH, incorporated in Germany (Commercial Register: Munich District Court HRB 288871), with registered office Karlstraße 19, 80333 Munich, authorised/licensed or registered by the Chamber of Industry and Commerce for Munich and Upper Bavaria in Germany under the registration number D-GVLJ-HO5AR-23. For business in Ireland, Wrisk Europe GmbH operates on a freedom of services basis and is regulated by the Central Bank of Ireland for conduct of business rules.
As Wrisk Europe GmbH is established in Germany, our lead supervisory authority under GDPR is the Bavarian Data Protection Authority (BayLDA). However, the Irish Data Protection Commission (DPC) also has jurisdiction where data subjects in Ireland are affected. You may therefore raise any concerns with either authority.
Please do read this Privacy Policy as, together with our Cookie Policy, it explains how we process your personal data, for example when you visit any other website (‘Website’) owned or provided by us, or when you use or buy our insurance services and other products (‘Services’).
We always seek to comply with the data protection laws applicable to our processing of personal data (‘DP Laws’).
For example, the EU General Data Protection Regulation 2016/679 (‘GDPR’) and the ePrivacy Directive (as implemented in Ireland and Germany) apply directly to all our processing.
‘Personal data’ is a defined term in EU law. We also use it here to cover ‘personally identifiable information’ as defined in UK and US law, and other similar legal definitions. Essentially ‘personal data’ means any information relating to an identified or identifiable natural person, namely one who can be identified, directly or indirectly from that information alone or in conjunction with other information.
As data protection law and practice are constantly developing, we’ll need to update this policy from time to time, which we’ll do by posting a new policy on the Website that takes effect from the date stated. It is your responsibility to return to the Website from time to time and check for changes.
You clearly do not have to provide personal data to us. However, if you would like us, for example, to respond to a query, provide a quotation, issue an insurance policy or manage a claim, we may not be able to do so without personal data from you and failing to provide certain personal data, for example for a quotation, may invalidate any resulting policy.
You’ll see we’ve identified the legal basis for our processing throughout this Policy. The legal bases we rely on are:
‘Special categories of personal data’ is defined by GDPR to include personal data revealing racial or ethnic origin, religious or philosophical beliefs or trade union membership, genetic data or data concerning health. We may need to ask for some special categories of personal data, in particular, health data.
We may also need to ask for personal data relating to criminal convictions and offences, for the same reasons.
Without this information, we may not be able to provide Services to you. For example, we may not be able to give you a quote or issue an insurance policy, and it may affect the outcome of any claims you make.
The legal basis for any processing by us of special categories of personal data or personal data relating to criminal convictions and offences is Article 9(2)(g) GDPR (substantial public interest, insurance sector), Article 9(2)(f) GDPR (legal claims) and Article 10 GDPR (criminal convictions).
Our Services are not directed at children under the age of 18. We do not knowingly collect or process personal data relating to children except where required to administer an insurance policy (for example, if a named driver is under 18). In such cases, we will process this data strictly in accordance with GDPR and with appropriate safeguards.
We collect or are provided your personal data in the normal course of our business, including:
We will process your personal data for expected purposes related to the business of marketing, administering and managing insurance. We have set out details of these purposes below, together with information on the data processed, the appropriate legal basis, whether it is shared and how long it is retained.
We will collect and process your personal data to provide you with a quotation, before you become a customer and for renewal.
In this process, we will also perform industry-standard checks and share the results with insurers and other necessary parties as set out below.
As part of the quotation process and ongoing administration of any insurance policy, we will perform certain checks to inform the risk of providing you with insurance.
Once we’ve provided you with a quotation and the risk checks are passed, you may decide to take out your insurance policy with us (that may be through a partner-branded offering but the insurance contract will still be with us). We will have collected most of the information in the quotation process, but we will ask you to confirm it.
In this process, we will also perform industry-standard checks and share details with insurers and other necessary parties as set out in this Privacy Policy.
You may contact us with queries from time to time, and we will always respond as quickly and helpfully as possible.
Should you have a claim under your policy with us, we will need to process personal data necessary to administer that claim. We will have some of that data from the quotation and contracting processes.
From time to time, we will send you service messages, which are generally transactional in nature and related to the Services you have with us. These messages may be a reminder of the expiry of a quotation, the timing of your anniversary, invoices and payments, and about any changes to your policy.
Where you have explicitly opted in, we may send marketing communications relating to similar products or services. You can withdraw your consent or opt out of these communications at any time by contacting us at customercare@ie.wrisk.co.
We may collect statistics to help us improve the features and performance of our Website and online Services.
We may record telephone calls between you and Wrisk for the purposes of staff training and ensuring service quality.
We may need to record telephone calls between you and Wrisk to comply with a legal obligation, such as compliance monitoring or fraud detection and prevention. This is a separate purpose to recording for training and quality assurance purposes.
Under the laws relevant to insurance, including the Central Bank of Ireland and BaFin rules relevant to us, we have to share certain of your personal data with:
You will appreciate that, because we are authorised by the Central Bank of Ireland and BaFin, we are subject to Central Bank of Ireland and the BaFin rules on retention of certain personal data, for the period(s) set out in the Central Bank of Ireland and BaFin rules. We may also be subject to other legal obligations as an administrator and manager of insurance, which may require us to retain personal data for a set period.
We need to ensure that our Services, and the underlying network, infrastructure and systems we use to provide those Services, are secure, resilient and free from fraudulent and other illegal activity.
We may anonymise your personal data and may aggregate it with other anonymised data, so that we can analyse it, for example, to improve our question sets and pricing models for the benefit of all our customers.
We use automated decision-making, including profiling, to prepare your quotation and for quoting for in-policy changes and any anniversary.
As you’ve already seen, we may share personal data in the limited circumstances necessary for operating our business and issuing quotations and insurance policies both under our name and partner brands. Here is more detail on those third parties, who may be separate controllers given their own regulatory obligations.
As above, under applicable insurance regulations, we have to share certain personal data with our regulators, the Central Bank of Ireland and BaFin, and the Motor Insurers’ Bureau of Ireland (MIBI).
Given the nature of insurance and the typical context of claims, we may receive requests or legal orders from the Garda Síochána and other Irish authorities to disclose your personal data to them (‘Legal Request’). If we receive a Legal Request, we will review it to ensure that it complies with the applicable law: if it does not, we will inform the issuing party and we will not comply with it; if it does, we will disclose your personal data only to the extent necessary to comply with the Legal Request, and the legal basis for our compliance will be Legal Obligation. Unless the Legal Request and applicable law prevents us doing so, we will notify you about any such disclosure.
Wrisk partners with Toyota in Ireland to power the Toyota Motor Insurance and Lexus Motor Insurance products. Wrisk and Toyota are separate controllers. You may direct your questions and exercise your rights directly with the relevant party. Our contact details are privacy@wrisk.co and Toyota’s are in their Privacy Policy.
Wrisk partners with Sedgwick in Ireland to provide customer support services. Wrisk and Sedgwick are separate controllers. You may direct your questions and exercise your rights directly with the relevant party. Our contact details are privacy@wrisk.co and Sedgwick’s are in their Privacy Policy.
We do not collect or process any bank or debit, or credit card data ourselves. Any such data is collected and processed by our payment processors to process the relevant payments. Our payment processors generally act as independent controllers, given their own regulatory requirements, although they may act as our processors in terms of when payments are taken and reporting information to us. We will at all times comply and choose payment providers who comply with the applicable industry codes and laws regarding security and retention of such data, for example, the Payment Card Industry Data Security Standard.
Our payment processors are:
When you make a payment by card, our payment processor (for example, Stripe) may securely store your card details on our behalf using tokenisation technology that complies with the Payment Card Industry Data Security Standard (PCI DSS).
We do this to enable smoother renewals or mid-term adjustments, even if you have not opted into auto-renewal. Your payment method will not be charged again without your explicit confirmation (for example, through an updated renewal or mid-term adjustment transaction).
The legal basis for this processing is our Legitimate Interests in maintaining continuity of your insurance cover and preventing failed renewals, balanced against your rights and interests. You may request that we delete any stored payment information at any time by contacting us at privacy@wrisk.co.
Stripe acts as our payment processor and complies with applicable PCI DSS and data protection laws.
Helvetia acts as insurer for the Toyota Motor Insurance and Lexus Motor Insurance policies that we issue to our customers. Helvetia Global Solutions Ltd is a subsidiary of Helvetia Group, whose registered address is Aeulestrasse 60, 9490 Vaduz, Liechtenstein. They act as a separate controller, and their Privacy Policy, including contact information, can be found here.
Wrisk partners with Van Ameyde in Ireland to offer First Notification of Loss (FNOL) for insurance products and claims services for all our insurance offerings. Their registered address is The Lennox, 50 Richmond Street South, Dublin 2, Saint Kevin's. They act as a separate controller, and their Privacy Policy, including contact information, can be found here.
We will share your information with other insurance companies and intermediaries in the distribution chain to enable us to arrange and administer a policy for you and to enable their Services.
For example, if you are introduced to us by a placing broker, your personal information (e.g. policy details, contact details, claims and any other data you share with us) will be shared between us and them as part of your relationship with us.
For the provision of the Services, and for our own disaster recovery and business continuity purposes, we may store or transmit personal data to or through third party providers, such as with our contractors and advisors, to help us operate, secure and analyse our business. The lawful basis will be Legitimate Interests or Contract.
We may be obliged to disclose your personal data to comply with a law, order or request of a court, government authority, other competent legal or regulatory authority or any applicable code of practice or guideline. The lawful basis will be Legal Obligation.
If we enter negotiations with a third party for the sale or purchase of all or part of our business, we will only disclose personal data to that third party to the extent it relates to that business and only under conditions of confidentiality requiring the third party to be bound by the privacy policy that applies to that data. The lawful basis will be Legitimate Interests.
In each case, we share the minimum personal data necessary and we have written contracts in place incorporating relevant wording to safeguard that personal data and comply with applicable laws, and we will only share such data as is necessary for the purpose in question.
Our starting position is always to keep personal data within the European Economic Area (EEA) where the EU GDPR applies. However, in order to carry out the above purposes, we may use third parties and their facilities outside the EEA. Where personal data is transferred outside the EEA, we will ensure a valid legal safeguard applies. These include;
In all cases, we will implement appropriate technical and organisational measures to protect your personal data. Where we transfer personal data outside the EEA, you may obtain a copy of the relevant safeguards by contacting privacy@wrisk.co
Our websites use cookies and/or similar technologies. Please review our Cookie Policy for more information, including on how to refuse or selectively accept cookies and/or similar technologies and update your preferences.
If no retention period is specified above, our default position is to only retain personal data for any statutory retention period, then a reasonable period (if any) necessary for the above purposes. This is subject, for example, to any valid opt-out or withdrawal of consent where processing is based on consent, or other valid exercise of your data subject rights.
The security of data is very important to Wrisk. In accordance with our legal obligations, we take appropriate technical and organisational measures to protect your personal data and keep those measures under review. However, we can only be responsible for systems that we control, and we would note that the internet itself is not inherently a secure environment.
If you access the services of another provider through our websites or services, for example through a link on the Website, your use of those services is entirely at your risk and governed by the terms and privacy policy of that third party provider. If we resell a service delivered or provided by a third party (‘Third Party Service’), including any software that is delivered or owned by a third party (‘Third Party Software’), it is that third party’s separate privacy policy that will apply to your personal data and your use of the Third Party Service and Third Party Software. Your use of a Third Party Service is not covered by this Privacy Policy. Please therefore review the privacy policy for any Third Party Service and Third Party Software before using it.
Under the EU GDPR, you have the following rights (some of which may be subject to conditions set out in the GDPR):
You have the right, at any time, to object to the processing of your personal data for direct marketing.
Where processing is based on Consent, you may withdraw consent at any time.
You have the right to notify a complaint to any regulator, such as the Irish Data Protection Commission (DPC) or the Bavarian Data Protection Authority (BayLDA). We always welcome the opportunity to discuss and resolve any complaint with you first.
You may contact the relevant supervisory authorities as follows:
The Website does not use technologies that respond to ‘Do-Not-Track’ signals communicated by your internet browser.
If you have any questions, you can always contact us by email at privacy@wrisk.co, or you can also contact our Data Protection Officer at dpo@wrisk.co.