Skip to main content

Privacy Policy

How we collect, use, and protect your personal information.

1. Who We Are

GroupRisk.ie is a trading name of IFC Finance Group, registered in Ireland. Our registered address is 4 Fitzwilliam Square East, Dublin 2. We are regulated by the Central Bank of Ireland as an insurance intermediary. For the purposes of the General Data Protection Regulation (GDPR) and the Irish Data Protection Acts 1988–2018, we are the data controller of your personal information.

2. What Information We Collect

We collect and process personal data in the following contexts:

  • Enquiries via our contact form — name, email address, phone number, company name, and the content of your message.
  • Telephone enquiries — name, contact details, and information relevant to your enquiry.
  • Client onboarding — where we proceed to a formal advisory relationship, we may collect additional data including payroll information (anonymised by age/salary band) and company registration details necessary to obtain market quotations.
  • Website analytics — anonymised traffic data via cookies. See our Cookie Policy for full details.

3. How We Use Your Information

We use your personal data for the following purposes:

  • To respond to your enquiry and provide the information or advice you have requested.
  • To prepare market quotations and arrange Group Risk insurance on your behalf.
  • To administer your Group Risk scheme on an ongoing basis (where a client relationship exists).
  • To comply with our regulatory obligations under the Consumer Protection Code and Central Bank of Ireland regulations.
  • To improve the performance and user experience of our website (using anonymised analytics data only).

4. Our Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 of the GDPR:

  • Legitimate interests (Art. 6(1)(f)) — to respond to enquiries and market our services to potential clients.
  • Contract performance (Art. 6(1)(b)) — to fulfil our obligations as your Group Risk advisor.
  • Legal obligation (Art. 6(1)(c)) — to comply with Central Bank of Ireland regulations and applicable insurance legislation.
  • Consent (Art. 6(1)(a)) — for optional communications and, where applicable, cookie placement.

5. How Long We Keep Your Data

We retain personal data for the following periods:

  • General enquiries — 12 months from last contact, unless you become a client.
  • Client records — 6 years from the end of the client relationship, as required by CBI regulations and the Statute of Limitations.
  • Website analytics — as configured in your analytics cookies (typically 13 months).

6. Who We Share Your Data With

We do not sell your personal data. We may share your data with:

  • Insurance companies — strictly for the purpose of obtaining quotations or administering your Group Risk scheme. Only anonymised workforce data (age bands, salary ranges) is shared at the quoting stage.
  • Our IT service providers — where necessary to operate our website and communications infrastructure, under appropriate data processing agreements.
  • Regulatory authorities — where required by law, including the Central Bank of Ireland and Revenue Commissioners.

All third parties with whom we share personal data are required to handle it in accordance with GDPR and applicable Irish data protection law.

7. International Transfers

We do not routinely transfer personal data outside the European Economic Area (EEA). Where any transfer does occur (e.g. in connection with third-party service providers), we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR.

8. Your Rights

Under GDPR, you have the following rights in relation to your personal data:

  • Right of access — to request a copy of the personal data we hold about you.
  • Right to rectification — to request correction of inaccurate or incomplete data.
  • Right to erasure — to request deletion of your data, where no legal obligation requires us to retain it.
  • Right to restrict processing — to request that we limit how we use your data.
  • Right to data portability — to receive your data in a structured, machine-readable format.
  • Right to object — to object to processing based on legitimate interests.
  • Right to withdraw consent — where processing is based on consent, to withdraw that consent at any time.

To exercise any of these rights, please contact us at info@grouprisk.ie or by post to our registered address. We will respond within one calendar month.

9. Right to Complain

You have the right to lodge a complaint with the Data Protection Commission (DPC), Ireland's supervisory authority, if you believe your data protection rights have been infringed. The DPC can be contacted at www.dataprotection.ie or by post at 21 Fitzwilliam Square South, Dublin 2, D02 RD28.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. Our website uses HTTPS encryption. Access to personal data within our organisation is restricted on a need-to-know basis.

11. Cookies

We use cookies on this website. For full details of the cookies we use, how they are set, and how you can manage your preferences, please see our Cookie Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The "Last Updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this page periodically.

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

GroupRisk.ie
4 Fitzwilliam Square East
Dublin 2, Ireland
+353 (0)1 660 1016
info@grouprisk.ie
Call Us Get a Quote