Privacy Policy

Effective Date: January 1, 2025

Last Updated: January 1, 2025

Cross Insurances ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://crossinsurances.com and use our insurance intermediary services.

We are registered in Ireland under Registration Number 24742842 and operate in compliance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and all applicable Irish and European Union data protection laws.

1. Information We Collect

1.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us when you:

• Request insurance quotes or consultations
• Fill out contact forms on our website
• Subscribe to our newsletters or marketing communications
• Apply for insurance products through our intermediary services
• Communicate with us via email, phone, or other channels
• Create an account or client profile with us

This information may include:

• Full name and contact details (email address, phone number, postal address)
• Date of birth and age
• Business information (company name, registration number, industry type)
• Financial information relevant to insurance applications
• Details about assets, properties, or risks you wish to insure
• Claims history and previous insurance coverage details
• Any other information necessary to provide our insurance intermediary services

1.2 Automatically Collected Information

When you visit our website, we automatically collect certain technical information, including:

• IP address and geographic location
• Browser type and version
• Operating system
• Referring website addresses
• Pages visited and time spent on our site
• Device identifiers and mobile network information
• Cookies and similar tracking technologies data

1.3 Information from Third Parties

We may receive information about you from third parties, including:

• Insurance companies and reinsurance providers we work with
• Credit reference agencies (with your consent)
• Publicly available sources and business databases
• Other intermediaries or advisors involved in your insurance arrangements
• Claims management services and loss adjusters

2. How We Use Your Information

We process your personal information for the following purposes, based on legitimate legal grounds:

2.1 Service Delivery (Contractual Necessity)

• Providing insurance intermediary services and obtaining quotes
• Processing insurance applications and policy placements
• Managing your insurance policies and renewals
• Handling claims and disputes
• Communicating with you about your insurance needs and services
• Facilitating reinsurance arrangements

2.2 Legal Obligations

• Complying with regulatory requirements under Irish insurance law
• Meeting anti-money laundering and know-your-customer obligations
• Maintaining records as required by financial regulations
• Responding to legal processes and government requests
• Preventing fraud and financial crimes

2.3 Legitimate Business Interests

• Improving our website functionality and user experience
• Analyzing business performance and market trends
• Developing new products and services
• Conducting risk assessments and underwriting analysis
• Protecting our systems and information security
• Managing business operations and administration

2.4 Consent-Based Processing

• Sending marketing communications and newsletters (you may opt out at any time)
• Using cookies and tracking technologies for analytics
• Sharing information with third parties beyond service provision requirements

3. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyze site usage. Cookies are small data files stored on your device.

3.1 Types of Cookies We Use

• Essential Cookies: Necessary for website functionality and security
• Analytics Cookies: Help us understand how visitors interact with our website (Google Analytics)
• Marketing Cookies: Used to deliver relevant advertisements (Facebook Pixel)
• Preference Cookies: Remember your settings and choices

3.2 Managing Cookies

You can control cookies through your browser settings and our cookie consent banner. Blocking certain cookies may affect website functionality. To opt out of Google Analytics, visit https://tools.google.com/dlpage/gaoptout.

4. How We Share Your Information

We may share your personal information with the following categories of recipients:

4.1 Insurance Market Participants

• Insurance companies and underwriters for quote generation and policy placement
• Reinsurance companies for risk transfer arrangements
• Other insurance intermediaries involved in placement or claims
• Loss adjusters and claims administrators

4.2 Service Providers

• IT service providers and website hosting companies
• Payment processors and financial institutions
• Professional advisors (lawyers, accountants, auditors)
• Marketing and communications service providers
• Data analytics and business intelligence providers

4.3 Legal and Regulatory Bodies

• Regulatory authorities (Central Bank of Ireland, Data Protection Commission)
• Law enforcement agencies when legally required
• Courts and dispute resolution bodies
• Tax authorities and government agencies

4.4 Business Transfers

If Cross Insurances is involved in a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity, subject to this Privacy Policy's protections.

We do not sell your personal information to third parties for their marketing purposes.

5. International Data Transfers

As an insurance intermediary operating in global markets, we may transfer your personal information to countries outside the European Economic Area (EEA), including insurance markets in the United Kingdom, United States, Bermuda, and Switzerland.

When transferring data internationally, we ensure appropriate safeguards are in place, including:

• European Commission-approved Standard Contractual Clauses
• Adequacy decisions confirming recipient countries have adequate data protection
• Binding Corporate Rules for multinational organizations
• Your explicit consent where required

6. Data Security

We implement robust technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security practices include:

• Encryption of data in transit and at rest using industry-standard protocols
• Regular security assessments and vulnerability testing
• Access controls limiting data access to authorized personnel only
• Secure data centers with physical security measures
• Employee training on data protection and confidentiality
• Incident response procedures for data breaches
• Regular backups and disaster recovery planning

While we strive to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but continuously work to maintain the highest protection standards.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods:

• Active Client Data: Duration of business relationship plus 7 years (regulatory requirement)
• Insurance Policy Records: Life of policy plus 7 years after expiration
• Claims Information: Until claim resolution plus 7 years
• Financial Records: 7 years from transaction date
• Marketing Communications: Until you unsubscribe or 3 years of inactivity
• Website Analytics: 26 months (Google Analytics default)

After retention periods expire, we securely delete or anonymize your personal information in accordance with data protection requirements.

8. Your Data Protection Rights

Under GDPR and Irish data protection law, you have the following rights regarding your personal information:

8.1 Right of Access

You can request a copy of the personal information we hold about you, along with information about how we process it.

8.2 Right to Rectification

You can request correction of inaccurate or incomplete personal information.

8.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal information in certain circumstances, subject to legal retention requirements.

8.4 Right to Restriction of Processing

You can request that we limit how we use your personal information in specific situations.

8.5 Right to Data Portability

You can request your personal information in a structured, commonly used, machine-readable format and transmit it to another controller.

8.6 Right to Object

You can object to processing of your personal information based on legitimate interests or for direct marketing purposes.

8.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

8.8 Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.

Exercising Your Rights

To exercise any of these rights, please contact us using the details in Section 12. We will respond to your request within one month, though this may be extended by two additional months for complex requests.

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately, and we will take steps to delete such information.

10. Third-Party Websites

Our website may contain links to third-party websites, including insurance companies, industry associations, and service providers. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. We will post the updated policy on our website with a revised "Last Updated" date. For material changes, we will provide prominent notice or obtain consent where required by law.

We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information.

12. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our data processing practices, please contact us using the information above. We are committed to resolving any privacy concerns promptly and fairly.

13. Supervisory Authority

You have the right to lodge a complaint with the Irish Data Protection Commission if you believe we have not handled your personal information in accordance with data protection law: