MPF DATA PRIVACY NOTICE


About ESB MPF

ESB Staff Medical Provident Fund (MPF) is a non-profit, contributory medical insurance scheme, founded in 1955 for ESB members and their families. It is a Restricted Membership Undertaking. We have been providing reliable, value-for-money medical insurance to ESB staff for 60 years. We are committed to safeguarding the privacy of the personal information that we gather concerning our prospective, current and former members.


We respect your privacy

This privacy notice applies to the use of Personal Data by ESB MPF. It explains what information we collect, how we use it, who we share it with and how we protect it. It also details the rights available to individuals in relation to how we hold and use their personal data, how to exercise those rights, and what to do if more information is required or a complaint is to be made.

This privacy notice applies to all personal data we hold in the context of a current or past MPF membership


Why we collect your Personal Data

We collect your personal data so that we can manage our relationships with you. Activities that we require personal data for include:

  • Management of a health insurance policy
  • Provision of health insurance services to members and former members
  • Processing health insurance claims and associated payments
  • Responding to requests and providing information
  • A range of other health insurance related activities which we are obliged to undertake, or which we have gained your consent to perform
We ensure that the information we collect is appropriate to the purposes for which it is obtained.
We are committed to safeguarding the privacy of the personal information that we gather concerning our prospective, current and former members.

What Personal Data we collect

At ESB MPF, we recognise the importance of Personal Data entrusted to us. We may collect and hold a range of information about you. Examples of the types of information we may hold include:

  • Personal identification information such as your name, address, gender, date of birth
  • Personal indentification information of any other persons currently or previously included in your policy and the relationship to you as policyholder
  • Other information which you have provided to allow us to identify and contact you
  • Details of current or former physical or mental health that you have shared with us about yourself or any other persons currently or previously included in your policy
  • Medical histories and records of treatments obtained by you or any other persons currently or previously included on your policy
  • Length of stay in a hospital by you or other persons currently or previously included on your policy
  • Financial information such as bank details or credit card details that you have provided
  • Other information relevant to a claim
Much of the information we hold will have been provided directly by you, but it may also come from external sources, such as hostpitals, general practitioners or a family member.

How we use your Personal Data

We use personal data for the management and administration of your health insurance policy. The following are the main ways that personal data may be used

  • Processing of data in relation to setting up, amending or renewing a policy
  • For claims handling purposes
  • To analyse and examine claims processes, treatments, over-night stays and convalescence options applied or utilised by medical service providers
  • To audit medical service providers
  • To examine the handling of claims by a medical service provider
  • To provide limited account information to other health insurance providers in the event of you switching provider
  • In the detection and prevention of fraud and other crime
  • For the purpose of responding to statutory obligations or requests from the courts and enforcement authorities.

Activities that require your consent

In order for us to carry out certain activities using your personal data, we may need to ask for your consent. For example, when you take part in a survey we conduct or to allow us to send you information about new products and services that we would like to tell you about. When consent is being requested, we will provide you with relevant options, such as the choice of whether we may contact you by phone, post, email, text or through other digital media. For example health or medical data may be necessary for the performance of the MPF’s insurance function, and other data categories such as dependent details might be provided on a consent basis.

Where we require consent, we will explain why and provide sufficient information to allow you to make an informed decision

When we have been provided with consent to perform such activities, that consent may be withdrawn at any time by contacting us requesting its removal.

Should there be any reason for us to collect sensitive personal information (e.g. medical data) other than as outlined in your policy terms and conditions, we ask for consent to collect it. Before consent is given, we explain what information will be collected and what we will use it for. Again, this consent can be withdrawn by contacting us.

Parties with whom we share information

We may share your personal data with, or disclose your personal data to, the following categories of third party:

  1. Hospitals and Medical Professionals : where you have submitted a claim for medical services which you, or a person included on your policy have availed of, we may share certain personal information to assist with the efficient processing of your claim
  2. Other Health Insurance Providers : In the event you switch to another insurer, we will share your information with the new insurer in accordance with the Health Insurance Act 1994 (Determination of Relevant Increase under section 7A and Provision of Information under section 7B) Regulations 2014 to confirm information that you have provided on taking out a policy with the new insurer.
  3. Agents or suppliers: these are persons or companies we have contracts with to provide products or services that we use in conducting our business, including managing our relationship with our members. In many cases, they will be within the European Economic Area (EEA) but in some cases they may be outside of the EEA. We will only share or disclose to these parties the information that they need in order to provide the products or services, and will require those parties to ensure that the information is always adequately protected.
  4. Professional advisers: we may share or disclose personal data to professional advisers we may engage for any reasonable purpose in connection with our business, including assistance in protecting our rights.
  5. Other external bodies: in certain circumstances, we may be required by law to disclose personal data to external bodies, such as government departments. We are also under a legal obligation under the Health (Provision of Information) Act 1997 to provide information to the National Cancer Registry Board, the Minister for Health or a health board, hospital or other body or agency participating in any cancer screening. In these cases, we will only disclose the minimum amount of information required to satisfy our legal obligation. However, once the information is disclosed, we will not be able to control how it is used by those bodies

How we protect it - Security of your Personal Data

We keep our computer systems, files and buildings secure by following legal requirements and international security guidance. We make sure that our staff, and anyone with access to personal data that we are responsible for, is trained on how to protect personal data. We ensure that our processes clearly identify the requirements for managing personal data and that they are up to date. We regularly audit our systems and processes to ensure that we remain compliant with our policies and legal obligations.  

Our use of Cookies

Our websites use ''cookies'' to help us provide users with a better experience each time they visit. A cookie is a small piece of text that is placed directly on a device when it is used to visit a website. This helps to give the user a better experience when using the website. The information gathered by the cookie stays on the users device.

We use information gathered from cookies to help improve users experience on our website, for security and to personalise content and advertising. For example, cookies help us to identify that the device has visited our site before, allowing us to customise the experience based on previous browsing history. It also helps us to determine the most relevant information to show that user when they are browsing. Further information about the type of cookies that we use and their purpose is available in the cookies policy on the MPF website.

We do not use cookies to gather any personal data for storage on our systems. The user can delete the cookie and the information that it gathers at any time using the settings in their Internet web browser.

How long we keep data

Information collected by us will be held for as long as it is required to fultil the purpose it was collected and to to protect our business and our rights. We are required to keep certain types of information for a specific period of time in order to comply with legal requirements. The length of time we keep any part of your personal information will depend on the type of information and the purpose for which it was obtained.

How we address your rights

Although ESB needs to capture, store and process your personal information in order to carry out a range of services, you have a range of rights available to you to give you confidence that your information is appropriately managed. Detailed information about your rights, when they apply and our responsibilities to you are available on our website.

The rights that you have available to you include:
Gaining access to and copies of your personal data: you are entitled to receive, on request and free of charge, a copy of all your personal data that we hold. There are some limitations to this right. For example, if the data also relates to another person and we do not have that persons consent, or if the data is subject to legal privilege. Where there is data that we cannot disclose, we will explain this to you.
Ensuring that your data is accurate: our aim is to ensure that the data we hold about you is correct and up to date. From time to time we may contact you to verify the information that we hold. You may also contact us to correct any errors that you notice.
Granting or Removing consent: where we require your consent for any processing, for example, to provide you with direct marketing communications, we will clearly explain what the consent is for, and any consequences of giving or refusing consent, and will provide that consent can only be given by way of a positive action by you. We will also ensure that you are able to withdraw any such consent at any time.
Restricting processing of your data: you have the right to request us to restrict the processing of your personal data in certain circumstances, for example, if there is a dispute over our rights to carry out specific processing activities, or where you do not want us to delete data. We will respond promptly to your request and will provide an explanation if we cannot fully comply.
Deletion of your data: in certain circumstances, you may have the right to have some or all of your personal data deleted from our records. This is sometimes referred to as the ''right to be forgotten''. This may occur if, for example, we retain data which is no longer required by us, or if you withdraw a consent. if you continue to have a relationship with us, we must retain the data we need to manage this relationship. We will respond promptly to your request, and provide reasons if we object to the deletion of any of your personal data.
Moving your data: where it is possible for us to provide it, you have the right to receive a digital copy of the personal data that you have provided to us.
International Transfers of Data: in certain circumstances, we may transfer your personal information internationally, including outside of the European Economic Area (EEA). Should we do this, we ensure that all transfers are made in accordance with data protection law and that your data it will be given an equivalent level of protection that it has when it is being managed in Ireland.
Gaining access to and copies of your personal data: you are entitled to receive, on request and free of charge, a copy of all your personal data that we hold. There are some limitations to this right. For example, if the data also relates to another person and we do not have that person's consent, or if the data is subject to legal privilege. Where there is data that we cannot disclose, we will explain this to you. To request a copy of your data, please complete the form at esb.ie/dataprotection.

How to contact us

The collection and use of your data by ESB MPF is overseen by the ESB Group Data Protection Officer. If you have any queries or comments about this privacy notice, or about the way we use and protect your personal data, the Data Protection Officer can be contacted by email at dpo@esb.ie or by postal mail at Data Protection Officer, ESB, Two Gateway, East Wall Road D03 A995, Dublin 3.

How to make a complaint

If for any reason you have a complaint about our use of your personal information, or you are unhappy in any way with the information we provide to you, we would like you to contact us directly so that we can address your complaint. You can contact us by email at dpo@esb.ie or by postal mail at Data Protection Officer, ESB, Two Gateway, East Wall Road D03 A995, Dublin 3. You may also contact the Data Protection Commission in Ireland about such matters on 1890 252 231, by email at info@dataprotection.ie or by postal mail at Data Protection Commission, Canal House, Station Road, Portarlington R32 AP23, Co. Laois.

Changes to our privacy notice

We will occasionally update this privacy notice. We will post a notice of any material changes on our website prior to implementing the changes, and, where appropriate, notify you using any of the contact details we hold for you for this purpose. We encourage you to periodically review this notice to be informed of how we use your information.