Scaling for growth: Orvia strengthens leadership with key appointments – read more in our News & Insights
Scaling for growth: Orvia strengthens leadership with key appointments – read more in our News & Insights

Privacy Policy

Introduction

You have arrived at a website that is owned, and/or operated by Orvia Underwriting Limited  which is regulated by the Central Bank of Ireland. (collectively, “Orvia”  “we,” “our” or “us”). If you have received a notification from Orvia Underwriting Limited of a transfer of trades to it, Orvia is the data controller of your personal data.

 

This Privacy Notice tells you who we are and outlines how we process your personal data. Orvia respects your right to privacy and complies with our obligations under relevant data protection legislation including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Acts 1988 – 2018. The purpose of this Privacy Notice is to outline how we process personal data, including special categories of data and the basis on which personal data is obtained from you or collected about you from third parties. Orvia is committed to protecting and respecting your privacy.

We wish to be transparent on how we process your data and show you that we are accountable with the GDPR in relation to not only processing your data but to ensure you understand your rights.

 In this statement, we outline:

  • The types of data we collect
  • How we use your data
  • Your rights in relation to the data we hold about you
  • How long we hold your data for
  • How to contact us if you have any questions on your data or have any complaints

Legislation

All personal data we gather will be processed in accordance with all applicable data protection laws and principles, including the GDPR and the Data Protection Acts 1988 – 2018 and, any other law and regulatory requirements relating to the processing of personal data and to privacy including, Directive 2002/58/EC and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011.

Queries and Complaints

If you require further information about the way your personal data will be used, or if you are unhappy with the way we have handled your personal data, and wish to contact us, please submit your concerns by email to the Orvia Data Protection Officer at [email protected] We can be contacted by post at

9 Eastgate Avenue, Eastgate Business Park, Little Island, Cork, T45 YN92

If you are unsatisfied with our use of your personal data or our response to any requests by you to exercise any of your rights, then you have the right to complain to the Data Protection Commission. See below contact details, Data Protection Commission 21 Fitzwilliam Square

South Dublin 2 D02 RD28 Ireland Email: [email protected] Phone: +353 1 765 0100 / 1800 437 737

Information Collected

We may collect information from you when you access our Orvia.ie or, when you request a quote online or over the phone, when you speak to members of our staff or by corresponding with us by phone, email or otherwise or if you apply for a job within Orvia. We also collect information from sources other than you. This may include a joint policy holder. We will only collect information that is adequate, relevant, and limited to what is necessary in relation to the purposes identified with this notice. The table below outlines the categories and types of data we collect along with the source of data. The types of data we collect may change over time; the following table is an indicative list to help you understand the types of data we collect, data type collected will depend on the nature of our engagement with you and/or the insurance policy you have with us.

Product Types: (this may vary)

  • Financial Lines: Professional indemnity, Directors and Officers, Cyber, Crime
  • High net worth and Fine Art & Jewellery: Fine Art, Specie, Jewellers Block, High Value Home, High Value Auto/Motor, High Value Craft
  • Property and Casualty: Contractors Liability, General Liability, Excess Liability, Property
  • Specialty: Marine Cargo, Aviation Loss of licence, Political violence and terrorism, Forestry, Trade Credit, Surety

Data Category

Policy Data

Identity data, employment status & occupation, previous insurance history, details of any previous claims and claims occurring during the term of a policy arranged by us.

Identity and Individual Data

Name, date of birth, marital status, home address, contact address, email address, phone number, health details, CVs, employments details, payment details, financial details, ID documents, PPS number, driver licence number, passport number, work permission documents, IP address, and other technical/usage data when you visit our website.

Recruitment Data

Name, date of birth, address, email address, phone number, CVs, employments details, education details, payment details. Religion, ethnicity, gender identity, sexual orientation, disability.

Financial Data Bank details, payment card details, transaction history.

Technical Data

We receive technical information when your visit our websites and through email exchange. This could IP (Internet Protocol) address used to connect your computer to the internet, login information, browser type and version, time zone setting. Usage Data By interacting with our websites through social media sites, browser plug-in types and versions or other applications we may receive statistical data about your browsing actions and patterns. CCTV Images.

Purpose for which we hold your information

The main purposes for which Orvia uses your personal information are to provide a quote, setup, administer and manage your policy and to conduct marketing and analytics. The following table provides more details on the purposes for which we process your personal data and the legal basis by which we do this.

Reason for processing

  • To provide you with a quote for insurance and process your application
  • Performance of a contract or to take steps at your request prior to entering a contract
  • To administer your insurance policy
  • To respond to your queries and to provide you with the information you request from us in relation to our services and/or products
  • To comply with a legal obligation necessary for the purposes of the legitimate interests pursued by the controller
  • To manage payments, fees, and charges in respect of insurance premiums, and to collect and recover money owed to us necessary for the purposes of the legitimate interests pursued by the controller
  • Recording telephone calls (for training, quality, verification and for the prevention of fraud purposes) necessary for our legitimate interests (training, quality, and verification purposes)
  • To manage our relationship with you, including notifying you about changes to the services, or our Privacy Notice
  • To administer and protect our business, our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
  • To use data analytics to improve or optimise our site, marketing, customer relationships, and experiences
  • To assess your suitability for a particular role/ position being applied for throughout the employment recruitment and selection process.
  • To take steps upon your application prior to entering into a contract of employment with us.
  • To collect information and insights on diversity and inclusion amongst our recruitment candidates and employees. (Note: once collected, this data is then anonymised) The use of this data is done with the explicit consent of the data subject.
  • To manage the CCTV on the exterior of the building. The use of the data is in our legitimate interests to ensure building security.

Special categories of personal data and data relating to criminal convictions and offences

We will process health data where it is necessary for the purpose of providing a policy of insurance or to comply with a legal obligation to which we are subject. We will also process data on criminal convictions and offences, including motoring offences, where it is necessary and proportionate for the steps taken leading into or the performance of your insurance contract and to comply with our legal obligations. Processing for this purpose is permitted under Section 50 of the Data Protection Act 2018. We will also process diversity and inclusion survey data during the recruitment and selection process. We will collect this data on an explicit consent basis, to solely gather information and insights on diversity and inclusion amongst our candidates and employees. The data you share with us will be anonymised and will not be used to identify you or make decisions during the selection process.

Sharing information with third parties

There are various circumstances where we may share personal data with third parties. Orvia will make your information available to third parties with whom we have a relationship to provide services on our behalf. We will only provide to those third parties the information that is necessary for them to perform the services and where there is a lawful basis to do so. Orvia may share relevant personal information with the following categories of third parties:

  • Any insurer that is a party to an Orvia product that you have applied for or contracted for
  • Any co-insurers for which we act as broker
  • Credit referencing agencies to assess your credit score where this is a condition of us entering a contract with you and/or to other insurers through various databases to help us check information provided and to prevent fraudulent claims
  • Any prospective seller or buyer of any business or assets related to the site, an Orvia product or all or part of Orvia
  • Any business partners, suppliers and sub-contractors who operate as a processor on our behalf for the performance of any contract we enter with them or you.
  • Outsourced providers regulated and unregulated, such as the Central Bank of Ireland, and An Garda Síochána.
  • We have a duty to disclose or share your personal information with a third party to comply with any legal obligation, or to enforce or apply our terms of business and other agreements, or to protect the rights, property, or safety of our group of companies, Orvia  insurers related to an Orvia  product or others. This includes exchanging information with third parties including Government agencies and screening tools for the purposes of fraud protection, anti-money laundering, sanction screening, credit risk reduction, or criminal activity. If you hold insurance against a liability that may be incurred by you against a third party, where for whatever reason you cannot be found or you become insolvent, or the court finds it just and equitable to so order, then your rights under the contract will be transferred to and vest in the third party even though they are not a party to the contract of insurance. The third party has a right to recover from the insurer the amount of any loss suffered by them. Where the third party reasonably believes that you as policyholder have incurred a liability the third party will be entitled to seek and obtain information from the insurer or from any other person who is able to provide it concerning:
    • The existence of the insurance contract
    • Who the insurer is
    • The terms of the contract
    • Whether the insurer has informed the insured person that the insurer intends to refuse liability under the contract We take steps to ensure that any third-party who handles your information comply with data protection legislation and protect your information just as we do. We only disclose personal information that is necessary for them to provide the service that they are undertaking on our behalf.

Data Analytics

Part of our ongoing business strategy involves choosing the best products for our customers’ needs. We may use analytics and search engine providers that assist us in the improvement and optimisation of our site. This is to ensure that content from our site is presented in the most effective manner for you and your computer. Consequences of not providing us with information You can choose not to give us personal information; however, this may have an effect on you. We may need to collect personal information by law, or to enter or fulfil a contract we have with you. If you choose not to give us this personal information, it may delay or prevent us from fulfilling our contract with you or doing what we must do by law. It may also mean that we cannot provide you with a quote or manage your policies with us which means we may need to cancel a product or service you have with us.

Subject Rights

As a data subject you will have the following rights in relation to the processing of your personal data. You can send us a request in relation to any of the rights outlined below, and we will do our best to adhere to your request as soon as possible and within one month.

Right to Access

You have the right to know what personal data we hold on you, why we hold the data, and how we are using the data. When submitting a request, please provide us with as much information as possible to help us identify the information you wish to access (i.e. specific dates)

Right to Rectification

You have a right to request that the personal data held in relation to you is up to date and accurate. Where information is inaccurate or incomplete, we encourage you to contact us to have this information rectified. Upon receipt of your request, we will ensure that the personal data is rectified and as up to date as is reasonably possible.

Right to Erasure (right to be forgotten)

You have the right to seek the erasure of personal data relating to you in the following circumstances:

  • The personal data is no longer required for the purposes for which it was obtained.
  • Where the use of the data is only lawful based on consent, you withdraw consent to the processing, and no other lawful basis exists.
  • The personal data is being used unlawfully.
  • You object to the use of your personal data and there are no overriding legitimate grounds for the use of the data
  • Your personal data requires deletion in line with legal requirements. However, we will be unable to fulfil an erasure request if the personal data is required for any of the below activities:
  • Exercising the right of freedom of expression and information.
  • Compliance with a legal obligation, such as the performance of a contract (i.e. your insurance policy or quote) or compliance with certain legislation, for example we have a legal requirement, to keep your policy data for at least 6 years.
  • For the performance of a task carried out in public interest
  • For public health reasons.
  • Archiving, research, or statistical purposes in the public interest.
  • The establishment, exercise, or defence of legal claims.

Right to restriction of processing

You have the right to restrict the extent for which your personal data is being used by us in circumstances where:

  • You believe the personal data is not accurate (restriction period will exist until we update your information).
  • The processing of the personal data is unlawful, but you wish to restrict the use of the data rather than erase it.
  • Where the personal data is no longer required by us, but you require the retention of the data for the establishment, exercise, or defence of a legal claim.
  • You have a pending objection to the future use of your personal data. When the use of your data has been restricted, your personal data will only be further used: with your consent; for the establishment, exercise, or defence of legal claims; for the protection of the rights of other people; or for reasons important to public interest.

Right to portability

You have the right to the provision of all personal data that you have provided to Orvia  in relation to you in a structured, commonly used machine-readable format where:

  • The lawfulness of the use of your personal data by us relies on the basis of a contract
  • The lawfulness of the use of your personal data by us is reliant on the provision of your consent
  • The data is being utilised by fully automated means. We will refuse such a request if the data being requested may adversely affect the rights and freedoms of others.

Right to object

You have the right to object to the further use of your personal data where:

  • The lawful basis for the use of your personal data by us is reliant based on our legitimate interests
  • Where personal data is being processed for the purposes of direct marketing or profiling related to direct marketing Right to object to automated processing, including profiling You have the right not to be subject to a decision based solely on automated processing or profiling, where such decisions would have a legal effect or significant impact on you. Where we (or one of our third-party processors) use profiling, which produces legal effects for you otherwise significantly affect you, you will have the right to object to such processing.

Right to withdraw consent

Where we are processing your personal data on the legal basis of consent, you are entitled to withdraw your consent at any time.

How to update/amend the personal information you have provided

You are entitled to know whether we hold information about you and, if we do (subject to certain limitations), to have access to that information and have it corrected if it is inaccurate or out of date. To exercise your rights under the GDPR please contact the Data Protection Officer at Orvia  Underwriting Limited, 9 Eastgate Avenue, Eastgate Business Park, Little Island, Cork, T45 YN92 with proof of identity or email us at [email protected] You must contact us if any of your details change so that we can keep your information accurate and up to date. 12 Where do I send requests? Please send all your requests to [email protected] with as much detail as possible regarding your requirements to allow us to deal with your request efficiently. To answer your request, we may ask you to provide identification for verification purposes. All the above requests will be forwarded on should there be a third party involved as we have indicated in the processing of your personal data.

How long will a request take to complete?

Once we receive your request, we will have 30 days to provide a response, with an extension of two further months if required. If we need more time to deal with your request, we will contact you about the delay, within one month of the receipt of your request. If we refuse your request, we will let you know within one month of the receipt of your request and provide you with the reason we refused the request. You may opt to contact the Data Protection Commission if we refuse your request.

How much does it cost to submit a request?

We will not charge a fee for any requests, provided we do not consider them to be unjustified or excessive. If we do consider requests to be unjustified or excessive, we may charge a reasonable fee (also for multiple copies) or refuse the request.

Breaches

Orvia  will take care to make sure your data is both protected and safeguarded. In the unlikely event of a data breach, we will contact you in line with our legal obligations.

Retention of your personal data

Data will not be retained for longer than is necessary for the purpose(s) for which it was obtained. This means that the period for which we store your personal data may depend on the type of data we hold. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Orvia  will process personal data in accordance with our retention schedule. This retention schedule is governed by our regulatory body (Central Bank of Ireland) and our internal governance. Insurance policy data is retained for 6 years after the last transaction. Unsuccessful applicant details and CVs are retained for 12 months, and successful applicants’ details are retained for the duration of employment with Orvia  plus seven years.

Automated individual decision-making including profiling

Prior to arranging an insurance product or service we may use automated (computer based) decision making. For example, before we can arrange an insurance product or service for you, we must obtain a quotation from an Insurer’s Rating Engine which will carry out a real-time automated assessment to determine the insurance risks based on the information that you have supplied. This will be used to determine if the Insurer can provide you with a policy and to calculate the premium you will have to pay to arrange cover with them. The results of the automated decision making may limit the products or services that Orvia  can provide to you. If you do not agree with the result or if you have any concerns, you have the right to request to speak to a staff member to seek clarification.

Data security

Orvia’s intent is to strictly protect the security of your personal information, to honour your choice for its intended use and to carefully protect your data from loss, misuse, unauthorised access or disclosure, alteration, or destruction. We have taken appropriate steps to safeguard and secure information we collect online, including the use of encryption when collecting or transferring sensitive data. However, you should always take into consideration that the internet is an open forum, and that data may flow across networks with little or no security measures, and therefore such information may be accessed by other users other than those you intended to access it. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. All our staff are provided with training to ensure that your information will be used only in adherence with our privacy statement and the data protection laws applicable. Employees who misuse customer information are subject to disciplinary action.

International Transfers

It may be necessary to transfer your personal information to other group companies or service providers located in countries outside of the European Economic Area (EEA). The types of processing may include the fulfilment of your order, the processing of your payment details and the provision of support services. Orvia  will take all reasonable steps necessary to ensure that your information is treated securely and in accordance with our Privacy Notice. If we transfer personal data to a third party or outside the EEA, we, as the data controller, will ensure the recipient has the necessary protections in place, such as Standard Contractual Clauses or an Adequacy Decision.

Business relationships

This website may contain links to other websites. Orvia  is not responsible for the privacy practices or the content of such websites.

Changes to our Privacy Notice

Orvia  may modify or update this Privacy Notice from time to time without prior notice. When a change is made, we will post a revised version online. Changes will be effective from the point at which they are posted. It is your responsibility to review this Privacy Notice periodically so that you are aware of any changes. We encourage you to check this Privacy Notice often so that you can be aware of how we are protecting your personal information. Your continued use of our website constitutes your consent to the contents of this privacy notice.

User Responsibilities

Website users are reminded that they are solely responsible for maintaining the security of systems or devices used to access Orvia  websites and the secrecy of any associated login credentials which may be used to facilitate personalised access. This responsibility extends to security for files users may download during website interactions. As with access to any Internet site, Orvia  cannot guarantee the privacy and confidentiality of information submitted or accessed from unsecure user systems or passing over intermediate systems on the public Internet. As such, users are strongly advised to pay particular attention to any security warnings their computer, the website or their browser may offer.

Security Issues

In case you have any questions about your security at Orvia  or have experienced a security issue on our website, our Cyber Defence Team is contactable at: [email protected] – please include a detailed explanation of the issue, including screenshots where possible.

Effective: March 2026 (v1)