Privacy Notice                                   V.1.1. Effective 01.12.2024

Senna Brokers Limited is committed to protecting and respecting your privacy. We wish to be transparent on how we process your data and show you that we are accountable with the GDPR in relation to not only processing your data but ensuring you understand your rights.

For the purposes of the GDPR the data controller is Senna Brokers Limited. Our contact details are 29 Saint Mantan’s Road, Wicklow Town, A67VX28, Ireland; 00353 1 908 1818; myadviser@sennabrokers.com.

When we refer to we/us, we mean Senna Brokers Limited.

Please read this Privacy Notice carefully as this sets out the basis on which any personal data, we collect from you, or that you provide to us, will be processed by us.

Who are we?

Senna Brokers Limited is a financial services retail intermediary offering advice on all aspects of financial planning including Life & Serious Illness, Income Protection, Pensions, Mortgages, Investments and Savings advice.

Our Data Protection Officer / GDPR Owner and data protection representative on behalf of Senna Brokers Limited can be contacted directly here:

Name: Michal Kazmierczyk

Email address: michael@sennabrokers.com

Phone number: 00353 1 908 1818

How do we collect your information and what information do we collect?

The personal information we collect varies depending upon the nature of our services. We will endeavour to provide you with an overview of those categories of personal data our organisation collects and our purpose for using that data.

Our organisation processes personal data in the following ways, if you:

• request a service from us, by use of our contact, email or call forms.

• register with or use any of our websites or online applications; We operate two linked in content websites: www.sennabrokers.com and www.sennabrokers.ie;

• use our websites/apps and it installs cookies or other tracking technologies onto your device.

• engage with us on social media; visiting our Social Media pages for information and contact purposes; Social Media platforms used by us are: LinkedIn, Facebook, Instagram, TikTok, YouTube channel.

• contact us with a complaint or query;

• apply for a position with us;

What information do we collect?

The information we collect about you includes the following:

1. Contact and Identifying information, e.g., name, address, contact details; email, mobile, landline

2. Unique identifiers e.g.PPS number – the reason why we collect your PPS number is to process application for your policy with the product provider and facilitate any claims.   pension scheme reference number- the reason why we collect this is to identify the scheme and its tax exempt status and you as the member.  insurance policy numbers, the reason why we collect this is to process application for your policy with the product provider and facilitate any claims

3. Demographic details, age, gender, marital status, lifestyle, and insurance requirements; date of birth, dependents, photo ID, home address, smoker status, family health history, as well as collecting personal information about you, we may also use personal information about other people, for example family members you wish to insure on a policy. E.g., your children/spouse.

4. Family and Beneficiary Data, e.g., dependants, next of kin or nominated beneficiaries, Power of Attorney, Family health history, Enduring Power of Attorney. Details of Solicitor/Tax Advisor/Accountant.

5. Employment information e.g., role, occupation, employment status (such as full/part time, contract), salary information, income tax rate, employment benefits, and employment history, pension scheme details, net income, other income, expenses;

   This information is necessary for our Fact Find with our clients.

6. Publicly available sources: e.g., Information about you in the public domain such as Director information from the Companies Registration Office or other search engines as VisionNet.

7. Health information such as information about your health status, medical records and medical assessment outcomes; We collect medical information relating to personal habits (e.g., smoking and consumption of alcohol), medical history. We may also process certain special categories of information, for example information about your personal characteristics (biometric information) or disability information. This information is used to provide policies as life cover, health insurance, serious illness, income protection and mortgage protection and any other health information required to place a health/life cover in place.

8. Pensions and Insurance Benefits information such as current benefits, pension entitlement information, date of retirement and any relevant matters impacting your benefits such as voluntary contributions, PAO, existing and past pensions details, existing insurance policies details, Net earnings, employment benefits, bonuses and past employment details inclusive of length of service, earnings.

9. Financial details e.g., bank account details, details of your credit history and bankruptcy status, salary, tax code, third-party deductions, bonus payments, benefits and entitlement data, national insurance contributions details, future financial plans as future education for children.

10. Claims Data (From you and any relevant third parties).

11. Marketing preferences: we will only send you direct marketing if you explicitly consent. We will only publish marketing material on Social platforms used by our company. This is publicly viewable and also appear on members who follow and are subscribed to our Social Media channels/accounts. We do not send any marketing material to our customers via emails, or text messages.

12. Online information: e.g., information about your visits to our websites; This information is available and accessible in our Cookie Policy accessible on our websites www.sennabrokers.com and www.sennabrokers.ie.

13. Events information e.g., information about your interest in and attendance at our events, including provision of feedback forms;

14. Social media information (e.g., likes and posts) with our social media presence; this includes, LinkedIn, Instagram, Facebook and TikTok please. By making comments on our posts displayed on our Social Media accounts, you agree for us to use these on our platforms in online presence.

15. Criminal records information e.g., the existence of or alleged criminal offences, or confirmation of clean criminal records for motor products. We do not collect this type of data, unless required and specified by the insurance policy provider.

16. Searches that we undertake in relation to sanctions, money laundering and credit checks. We completed searches to complete your profile in line with our Anty Money Laundering and Terrorist Financing (AML/AML&TF) policy and Publicly Exposed Person (PEP). We use search providers as VisionNet, Irish Brokers (Best Advice), and any other search provider that is accessible at the time of the search.

17. Calculators on our website. We use this data to perform calculations to prepare quotations for life insurance or mortgages. Any calculators accessible on our website, gather information to perform estimate calculus for the specific product. This information is not stored in any form by us. By using calculators available on our website and provided by a third party, you agree to their terms of use.

When our organisation collects sensitive personal data as defined within the GDPR we will ensure that we require this information, and we have your explicit consent and/or authorisation prior to our collection. Please see the further information contained in this Privacy Notice that outlines special categories of personal data.

Information we automatically collect.

We sometimes automatically collect certain types of information when you visit our websites and through e-mails when we communicate with you. Automated technologies may include the use of web server logs to collect IP addresses, "cookies" and web beacons. Other cookies such as functional cookies, marketing cookies and analytical cookies will only be used with your expressed consent. Further information about our use of cookies can be found in our Cookie Notice at the footer of our web page. www.sennabrokers.com/Cookie-Policy

How do we use your personal data?

Your Personal Data will be used to enable us to fulfil our contractual obligations in relation to your request for insurance, investment, protection, pension products, mortgages, financial advice, quotes.

1. Performing services for our clients and prospective clients – when you require insurance/investment products, we use your data to enable us to provide the required product

2. Statutory and other regulatory requirements – we are required to carry out various obligations which include:

   · AML/Sanction and PEP checking

   · Knowing Your Customer “Fact Find” (KYC)

   · Adherence to the Consumer Protection Code 2012 (CPC)

   · Adherence to Investor Compensation Act 1998

   · Comply with Section 10(1) of the Investment Intermediary Act 1995 (as amended) (IIA)

   · Comply with Regulation 10 of the Insurance Intermediary under the European Union (Insurance Distribution) Regulation 2018 (IDR)

   · Comply with Regulation 30 of the European Union (Consumer Mortgage Credit Agreements) Regulations 2016 (CMCAR)

   · Comply with Section 116 of the Consumer Credit Act 1995 (CCA)

   · Adhere to Handbook of Prudential Requirements for Investment Intermediaries

   · Adhere to Fitness and Probity Standards

   · Adhere to Minimum Competency Regulations 2017 (MCR)

3. Communicate and marketing to you – our company will use medium of communication as telephone, video calls, emails and messages (Text Message – SMS and WhatsApp messages). We will use the same form of potential marketing as for our communication.

4. Process claims – we will process claims according to your policy provider’s process. We may request some additional information from you in order to facilitate the claim inclusive, but not limited to a medical information deemed to be necessary for the provider to establish the basis for and process your claim.

5. To contact you if required or to respond to any communications that you might send to us.

6. To administer our site including data analysis, testing, research, statistical and survey purposes.

7. Carry out our obligations arising from any contracts entered between you and us and to provide you with the information, products and services that you request.

8. Arranging premium finance agreements.

9. Provide professional services. These include all our services.

10. Handling complaints – our complaints procedure is available on request

11. To notify you about changes to our services.

1. Personal Date must be processed lawfully, fairly and in a transparent manner

Senna Brokers Limited will not process any personal data unless there is a legal basis to do so (under GDPR) such as consent or it is necessary for the performance of a contract[1] .

[1] The other four lawful basis are in short; 1) legitimate interest, 2) it is necessary for compliance with a legal obligation, 3) it is in the public interest and 4) to protect the vital interests of the data subject.

Therefore, processing will be lawful if:

1. The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; or

2. the data subject has given consent to the processing of his or her personal data for one or more specific purposes (e.g., for marketing purposes).

The GDPR has increased requirements about what information should be available to data subjects, which is covered in the ‘Transparency’ requirement. See GDPR Regulation (EU) 2016/679. The GDPR includes rules on giving privacy information to data subjects in Articles 12, 13 and 14. These are detailed and specific, placing an emphasis on making privacy notices understandable and accessible. Information must be communicated to the data subject in an intelligible form using, clear and plain language.

The specific information that must be provided to the data subject must, as a minimum, include:

- the identity and the contact details of the controller and, if any, of the controller's representative;

- the contact details of the Data Protection Officer/GDP Owner;

- the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;

- the period for which the personal data will be stored;

- the existence of the rights to request access, rectification, erasure or to object to the processing, and the conditions (or lack of) relating to exercising these rights, such as whether the lawfulness of previous processing will be affected;

- the categories of personal data concerned;

- the recipients or categories of recipients of the personal data, where applicable;

- also, where applicable, that the controller intends to transfer personal data to a recipient in a third country and the level of protection afforded to the data;

- any further information necessary to guarantee fair processing.

2. Personal data can only be collected for specific, explicit and legitimate purposes

Data obtained for specified purposes must not be used for a purpose that differs

3. Personal Data must be adequate, relevant and limited to what is necessary

The Data Protection Officer/GDPR Owner is responsible for ensuring that Senna Brokers Limited do not collect information that is not strictly necessary for the purpose for which it is obtained.

All data collection forms, e.g., proposal forms/application forms (electronic or paper-based), must include a fair processing statement or link to a privacy statement and be approved by the Data Protection Officer/GDPR Owner. Callers should be advised that the privacy statement is available on the website.

The Data Protection Officer/GDPR Owner will ensure that, on an annual basis all data collection methods are reviewed by senior management to ensure that collected data continues to be adequate, relevant and not excessive.

4. Personal data must be accurate and kept up to date with every effort to erase or rectify without delay

Data that is stored by the data controller must be reviewed and updated as necessary. No data should be kept unless it is reasonable to assume that it is accurate.

The Data Protection Officer/GDPR Owner is responsible for ensuring that all staff are trained in the importance of collecting accurate data and maintaining it.

It is also the responsibility of the data subject to ensure that data held by Senna Brokers Limited is accurate and up to date. Completion of a registration or application form by a data subject will include a statement that the data contained therein is accurate at the date of submission.

The Data Protection Officer/GDPR Owner is responsible for ensuring that appropriate procedures and policies are in place to keep personal data accurate and up to date taking into account, the volume of data collected, the speed with which it might change and any other relevant factors.

On at least an annual basis, the Data Protection Officer/GDPR Owner will review the retention dates of all the personal data processed by Senna Brokers Limited, by reference to the data inventory, and will identify any data that is no longer required in the context of the registered purpose.

5. Personal data must be kept in a form such that the data subject can only be identified for as long as is necessary for processing.

Where personal data is retained beyond the processing date, it will be minimised, encrypted/pseudonymised, in order to protect the identity of the data subject, in the event of a data breach.

Personal data will be retained in line with the Retention of Records Procedure/Schedule and, once its retention date has passed, it must be securely destroyed, as set out in this procedure.

The Data Protection Officer/GDPR Owner must specifically approve any data retention that exceeds the retention periods defined in the Retention of Records Procedure/Policy, and must ensure that the justification is clearly identified, and in line with the requirements of the data protection legislation. This approval must be in written format.

6. Processed in an appropriate manner to maintain security

In determining appropriateness, the Data Protection Officer/GDPR Owner, should also consider the extent of possible damage or loss that might be caused to individuals (e.g., staff or customers) if a security breach occurs, the effect of any security breach on Senna Brokers Limited itself, and any likely reputational damage, including the possible loss of customer trust.

When assessing appropriate technical measures, the Data Protection Officer/GDPR Owner will consider the following:

• Password protection;

• Automatic locking of idle terminals;

• Removal of access rights for USB and other memory media;

• Virus checking software and firewalls;

• Role-based access rights including those assigned to temporary staff;

• Encryption of devices that leave the organisations premises such as laptops;

• Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;

• Regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing;

• Security of local and wide area networks;

• Privacy enhancing technologies such as pseudonymisation and anonymisation; and

• Identifying appropriate international security standards relevant to Senna Brokers Limited.

When assessing appropriate organisational measures, the Data Protection Officer/GDPR Owner will consider the following:

• The appropriate training levels throughout Senna Brokers Limited;

• Measures that consider the reliability of employees (such as references etc.);

• The inclusion of data protection in employment contracts;

• Identification of disciplinary action measures for data breaches;

• Monitoring of staff for compliance with relevant security standards;

• Physical access controls to electronic and paper-based records;

• Adoption of a clear desk policy;

• Storing of paper-based data in lockable fire-proof cabinets;

• Restricting the use of portable electronic devices outside of the workplace;

• Restricting the use of employees own personal devices being used in the workplace;

• Adoption of clear rules about passwords;

• Making regular backups of personal data and storing the media off-site; and

• Taking appropriate security measures when transferring data outside the EEA and the imposition of contractual obligations on the importing organisations.

These controls have been selected, based on identified risks to personal data, and the potential for damage or distress to individuals whose data is being processed.

Demonstrating compliance with the GDPR’s other Principles (Accountability)

The GDPR includes provisions that promote accountability and governance. These compliment the GDPR’s transparency requirements. The accountability principle in Article 5(2) requires Senna Brokers Limited to demonstrate that we comply with the principles and states explicitly that this is our responsibility.

Legal Basis

We need to ensure that we process your personal data lawfully. We rely on the following legal grounds to collect and use your personal data.

Performance of a contract

When we enter a contract with you, we will collect and use your personal data to enable us to fulfil that service.

Legal obligation

The use of some of your personal data is necessary for us to meet our legal obligations e.g., pension contributions for Revenue Certificates, Regulatory purposes to the Central Bank.

Consent

Sometimes we may rely on consent as a legal basis for processing your information. For example, we rely on consent to collect and use personal data for any criminal convictions or alleged offences. This is used when we need to assess risk relating to an insurance policy for you. We share this information with other third parties where it is necessary to manage these services provided to you – these services include insurance underwriters, reinsurer and other insurance providers.

We may also rely on your consent to send direct marketing to you. We will ensure that we present this to you concisely. We will also ensure that we use clear and plain language and if you give us your consent you can withdraw this easily at any time.

Sometimes if you refuse to provide information that we reasonably require to provide the services, we may be unable to offer you the services and/or we may terminate the services provided with immediate effect.

Legitimate interests

Where we rely on this legal basis to collect and use your personal information, we shall take appropriate steps to ensure the processing does not infringe the rights and freedoms conferred to you under the applicable data privacy laws.

Public interest

Where processing your data has substantial public interest benefits, as equality, or preventing fraud.

If you require further information on any of the above basis for processing your data, we can provide you with further details.

How we share your data

When required, we may make your information available to third parties with whom we have a relationship, where that third party is providing services on our behalf. We will only provide those third parties (data processors) with information that is necessary for them to perform the services. We will take measures to protect your information, such as putting in place Standard Contractual Clauses and confidentiality agreements.

1. Insurance Partners where we need to manage the services provided to you such as Product Providers and insurance underwriters, reinsurers, and loss adjuster. You can refer to their privacy statements on their website for more information about their privacy practices.

2. Vetting and risk management agencies such as credit reference, criminal record, fraud prevention, data validation and other professional advisory agencies, where necessary to prevent and detect fraud in the insurance industry and take steps to assess the risk in relation to prospective or existing insurance policies and/or the services.

3. Legal advisers, loss adjusters, and claims investigators, where necessary to investigate, exercise or defend legal claims, insurance claims or other claims of a similar nature;

4. Medical professionals, e.g., where you provide health information in connection with a claim against your insurance policy; or when we are providing a quote for insurance.

5. EU Law enforcement bodies, when required to do so by law and/or regulation, or another legal request.

6. Public authorities, regulators and government bodies, where necessary for us to comply with our legal and regulatory obligations, or in connection with an investigation of suspected or actual illegal activity;

7. Third-party processors: We outsource our processing operations to suppliers that process personal information on our behalf. Examples include IT service providers who manage our IT and back-office systems and telecommunications networks, and accounting and payroll providers, CRM providers.

These processing operations remain under our control and we have data processing agreements in place with all our third party processors to ensure all processing is carried out in accordance with our security standards and the GDPR.

8. Internal and external auditors where necessary for the conduct of company audits or to investigate a complaint or security threat.

9. On the sale or reorganisation of our business whether by asset or share disposal or other transaction relating to our business.

Transferring personal data outside of Ireland

Where we transfer personal data to a country outside of the EEA (referred to in the GDPR as ‘third country,’) we will ensure it is done lawfully, i.e. there is an appropriate “level of protection for the fundamental rights of the data subjects”. We will therefore ensure that either the EU Commission has granted an adequacy decision in respect of the third country, or appropriate specified safeguards have been put in place, (e.g., Binding Corporate Rules (BCRs) or Standard Contractual Clauses (SCCs)).

We do not share data with companies located outside ROI. When we do, this document will be updated accordingly. The EU Commission adopted adequacy decisions for transfers of personal data to the EU countries and UK. This means that the EU accepts that the EU countries and UK data protection regime is substantially equivalent to the EU regime and allows personal data to be transferred freely from the EEA to the EU countries and UK. Therefore, the EU countries and UK are not deemed a third country.

Retention

Senna Brokers Limited shall not keep personal data in a form that permits identification of data subjects for a longer period than is necessary.

Senna Brokers Limited may store data for longer periods if the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, subject to the implementation of appropriate technical and organisational measures to safeguard the rights and freedoms of the data subject.

The retention period for each category of personal data will be set out in our Retention Policy along with the criteria used to determine this period, including any statutory obligations we have. Should you require further information we would be happy to provide.

Personal data will be disposed of securely.

Data Subjects Rights:

Senna Brokers Limited will facilitate your rights in line with our data protection policy and the Subject Access Request procedure. This is available on request.

Your rights as a data subject

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

· Right of access – you have the right to request a copy of the information that we hold about you.

· Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.

· Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records. (The erasure of such data will be dependent on our other legal obligations, and whether the data is subject of legal privilege).

· Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.

· Right of portability – you have the right to have the data we hold about you transferred to another organisation.

· Right to object – you have the right to object to certain types of processing such as direct marketing.

· Right to object to automated processing, including profiling.

· Right to make a complaint: if we refuse your request under rights of access, we will provide you with a reason as to why.

All the above requests will be forwarded on, should there be a third party involved, as we have indicated in the processing of your personal data.

Complaints

If you wish to make a complaint about how your personal data is being processed by Senna Brokers Limited or how your complaint has been handled, you have the right to lodge a complaint with our Data Protection Officer/GDPR Owner.

You may also lodge a complaint with the Data Protection Commission (DPC) in Ireland, whose details are:

Data Protection Commission

21 Fitzwilliam Square South,

Dublin 2.

D02RD28

Web: www.dataprotection.ie

Email: info@dataprotection.ie

See website for updated contact details to reach the appropriate section within the DPC.

Failure to provide further information.

If we are collecting your data for a contract and you cannot provide this data, the consequences of this could mean the contract cannot be completed or details are incorrect.

When you fail to provide us with information we require to fulfil our obligations to you, we may be unable to offer our services to you.

Profiling – automatic decision making.

An automated decision is when we input your personal data into a computer programme and this programme analyses your personal data to provide us with a result. There is no human involvement in the decision making. Examples include: Mortgage affordability, risk profiling, retirement calculations. If a decision is taken by automated means, you have the right to object to this and ask us to reconsider the service you have asked us to provide. Some further examples of automated decisions that we undertake are listed below e.g., ISME ratings, recruitment psychoanalytic, insurance underwriting

Financial and mortgage advisors using profiling in their business. The main categories are

a) Risk profiling.

b) Profiling for marketing purposes.

c) Establishing affordability and providing quotations for financial services and mortgage product

d) Bankruptcy check

e) PEP check

a) Risk Profiling

To establish a customer’s attitude to investment risk (relates to pensions and investments) advisors have automated calculators which calculate the customers attitude to various levels of risk having answered a series of questions.

b) Profiling for marketing purposes.

When we seek to contact you about other services, as outlined above we run automated queries on our computerised data base to establish the suitability of proposed products or services to your needs.

c) Establishing affordability and providing quotations for financial services products.

Special Categories of personal data

Special categories of data are sensitive in relation to your fundamental rights and freedoms and therefore require specific protection when processed as these could create significant risks to the rights and freedoms of individuals.

If we collect any special categories of personal data, such as health, financial, risk, employment data, we will either obtain your explicit consent or we will adhere to the Data Protection Act 2018. This Act allows us to process special categories of personal data for insurance and pension purposes. We will ensure we have suitable and specific measures in place to safeguard the rights and freedoms of you and the processing of your data. These measures relate to the below:

• a policy of insurance or life assurance,

• a policy of health insurance or health related insurance

• an occupational pension, a retirement annuity contract or any other pension arrangement

• the mortgaging of a property

Contact Us

Your privacy is important to us. If you have any comments or questions regarding this statement, please contact us on (+353) 1 908 1818 or email dataprotection@sennabrokers.com

Privacy notice/ statement changes

When we update this Privacy Notice/Statement, we will post a revised version online. Changes will be effective from the point at which they are posted. We would encourage you to review our Privacy Notice so that you are aware of updates.