Privacy Notice

Brian Curran, trading as Dublin Bay Financial (“the Firm”, “we”, “us”), is committed to protecting and respecting your privacy. This Data Protection & Privacy Notice (“Privacy Notice”) explains how we collect, use, store, share and protect your personal data in accordance with the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018.  

Please read this document carefully as it sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.   

1. Background 

Brian Curran, trading as Dublin Bay Financial (Central Bank of Ireland reference number C569481), is regulated by the Central Bank of Ireland as:  

• an Insurance Intermediary under the European Union (Insurance Distribution) Regulations 2018; and  
• a Mortgage Credit Intermediary under the European Union (Consumer Mortgage Credit Agreements) Regulations 2016. 

We are a member of Brokers Ireland, and our principal business is to provide advice on, and arrange transactions for clients in relation to:  

• pensions;  
• insurance-based investment products (IBIPs);  
• life assurance products; and  
• mortgage products. 

For the purposes of data protection legislation, the Data Controller is Brian Curran, trading as Dublin Bay Financial. Our contact details are as follows: 

• Email: brian.curran@dbf.ie 
• Phone: 087 978 0595 

2. How we collect personal data 

We collect personal data directly from you when you engage our services, complete application forms, fact finds or other documentation, contact us by phone or email, or interact with our website.

We may also collect personal data from third parties where necessary, including product providers, lenders, medical professionals, employers, public bodies, credit reference agencies and regulatory databases. 

If we are collecting your data for a contract and you cannot provide this data, the consequences of this could mean the contract cannot be completed or details are incorrect. When you fail to provide us with information we require to fulfil our obligations to you, we may be unable to offer our services to you.  

3. Categories of personal data we collect and process 

The information about you that we may collect and process include: 

• Contact, identity and demographic data (e.g. name, address, email address, telephone number, date of birth, gender, marital status, health status) 
• Unique identifiers (e.g. PPS number where required to populate provider application forms, copies of identification documents) 
• Financial and economic data (e.g. income, expenditure, assets, liabilities, bank account details, and details of existing pensions and/or insurance arrangements) 
• Employment data (e.g. occupation, role, employment status, salary and benefits, employment history) 
• Family and beneficiary data (e.g. dependants, spouse, next of kin, beneficiaries, Power of Attorney) 
• Mortgage and credit data (e.g. loan details, repayment history, affordability assessments) 
• Regulatory and compliance data (e.g. anti-money laundering checks, sanctions screening, Politically Exposed Person checks, criminal records information) 
• Special category personal data, including health and medical information (including information relating to personal habits like smoking and drinking alcohol), where required for underwriting or claims 
• Website and technical data (IP address, browser type, cookies and website usage data) 

When we collect sensitive personal data, as defined within the GDPR, we will ensure that we require this information, and we have your explicit consent and/or authorisation prior to our collection. Please see the further information contained in this Privacy Notice that outlines Special Categories of Personal Data. 

We sometimes automatically collect certain types of information when you visit our websites and through e-mails when we communicate with you. Automated technologies may include the use of web server logs to collect IP addresses, "cookies" and web beacons. Other cookies such as functional cookies, marketing cookies and analytical cookies will only be used with your expressed consent. Further information about our use of cookies can be found in our Cookie Notice on our website www.dublinbayfinancial.ie 

4. Legal bases for collecting and processing data 

We need to ensure that we process your personal data lawfully. We rely on the following legal grounds to collect and use your personal data. 

• Performance of a contract: when we enter a contract with you, we will collect and use your personal data to enable us to fulfil that service. 
• Legal obligation: the use of some of your personal data is necessary for us to meet our legal obligations (e.g. pension contributions for Revenue Certificates, Regulatory purposes to the Central Bank etc). 
• Consent: sometimes we may rely on consent as a legal basis for processing your information. For example, we rely on consent to collect and use personal data for any criminal convictions or alleged offences. This is used when we need to assess risk relating to an insurance policy for you. We share this information with other third parties where it is necessary to manage these services provided to you – these services include insurance underwriters, reinsurer and other insurance providers. We may also rely on your consent to send direct marketing to you. We will ensure that we present this to you concisely. We will also ensure that we use clear and plain language and if you give us your consent you can withdraw this easily at any time. Sometimes if you refuse to provide information that we reasonably require to provide services, we may be unable to offer you the services and/or we may terminate the services provided with immediate effect. 
• Legitimate Interests: where we rely on this legal basis to collect and use your personal information, we shall take appropriate steps to ensure the processing does not infringe the rights and freedoms conferred to you under the applicable data privacy laws.   

5. How we use your personal data 

Your personal data will be used to enable us to fulfil our contractual obligations in relation to the services provided to you. 

• Providing financial advice and arranging financial products 
• Categories of data: Identity and contact data, financial and economic data, employment data, family and beneficiary data, and special category personal data (including health data where required)
• Legal basis: Performance of a contract
• Assessing suitability and affordability 
• Categories of data: Financial and economic data, employment data, mortgage and credit data 
• Legal basis: Performance of a contract and compliance with a legal obligation 
• Meeting regulatory, legal and supervisory requirements 
• Categories of data: Identification data, regulatory and compliance data, anti-money laundering data, sanctions and Politically Exposed Person (PEP) checks 
• Legal basis: Compliance with a legal obligation 
• Processing applications, renewals, amendments and claims 
• Categories of data: All relevant client personal data, including special category data where applicable 
• Legal basis: Performance of a contract and compliance with a legal obligation 
• Handling complaints, client queries and notifying you about changes to our services 
• Categories of data: Identity and contact data and records of communications 
• Legal basis: Compliance with a legal obligation and legitimate interests 
• Fraud prevention, financial crime and risk management 
• Categories of data: Identification data, compliance and verification data 
• Legal basis: Compliance with a legal obligation and legitimate interests 
• Website administration, analytics and security 
• Categories of data: Technical data, usage data, IP address, cookies and similar technologies 
• Legal basis: Legitimate interests and consent (where required) 

6. Special category personal data 

Special categories of data are sensitive in relation to your fundamental rights and freedoms and, therefore, require specific protection when processed as these could create significant risks to the rights and freedoms of individuals.   

If we collect any special categories of personal data, such as health and medical information, we will either obtain your explicit consent or we will adhere to the Data Protection Act 2018. This Act allows us to process special categories of personal data for insurance and pension purposes. We will ensure we have suitable and specific measures in place to safeguard the rights and freedoms of you and the processing of your data. These measures relate to the below:  

• a policy of insurance or life assurance; 
• a policy of health insurance or health related insurance;  
• an occupational pension, a retirement annuity contract or any other pension arrangement; and 
• the mortgaging of a property. 

7. Sharing of personal data 

We may share your personal data with third parties where necessary, including insurance companies, pension providers, mortgage lenders, medical professionals, compliance and anti-fraud service providers, IT service providers, professional advisers and regulators or public authorities where required by law. 

Where third parties process personal data on our behalf, they do so as ‘Data Processors’ under written contracts which impose GDPR-compliant confidentiality and security obligations. We will only provide those third parties with information that is necessary for them to perform the required services. Some examples of third parties we may share your data with are as follows: 

• Product Providers, underwriters, reinsurers - where we need to manage the services provided to you. 
• Vetting and risk management agencies such as credit reference, criminal record, fraud prevention, data validation and other professional advisory agencies - where necessary to prevent and detect fraud in the insurance industry and take steps to assess the risk in relation to prospective or existing insurance policies and/or the services. 
• Legal advisers and claims investigators - where necessary to investigate, exercise or defend legal claims, insurance claims or other claims of a similar nature. 
• Medical professionals - where you provide health information in connection with a claim against your insurance policy, or when we are providing a quote for insurance. 
• EU Law Enforcement bodies - when required to do so by law and/or regulation, or another legal request. 
• Public authorities, regulators and government bodies -  where necessary for us to comply with our legal and regulatory obligations, or in connection with an investigation of suspected or actual illegal activity. 
• Internal and external auditors - where necessary for the conduct of company audits or to investigate a complaint or security threat.  
• On the sale or reorganisation of our business whether by asset or share disposal or other transaction relating to our business. 

If you hold insurance against a liability that may be incurred by you against a third party, where for whatever reason you cannot be found or you become insolvent, or the court finds it just and equitable to so order, then your rights under the contract will be transferred to and vest in the third party even though they are not a party to the contract of insurance. The third party has a right to recover from the insurer the amount of any loss suffered by them. Where the third party reasonably believes that you as policyholder have incurred a liability, the third party will be entitled to seek and obtain information from the insurer or from any other person, who is able to provide it, including our Firm, concerning:  

• the existence of the insurance contract,  
• who the insurer is,  
• the terms of the contract, and   
• whether the insurer has informed the insured person that the insurer intends to refuse liability under the contract.    

8. International Transfers 

Where we transfer personal data to a country outside of the EEA (referred to in the GDPR as ‘third country,’) we will ensure it is done lawfully (i.e. there is an appropriate “level of protection for the fundamental rights of the data subjects”).  

We will therefore ensure that either the EU Commission has granted an adequacy decision in respect of the third country, or appropriate specified safeguards have been put in place (e.g. Binding Corporate Rules (BCRs) or Standard Contractual Clauses (SCCs)).    

9. Data Security 

The security of your personal data is important to us, and we have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk. We have processes in place to protect your personal data from loss, unauthorised access, misuse, alteration and destruction. 

10. Data Retention 

We shall not keep personal data in a form that permits identification of data subjects for a longer period than is necessary. 

We may store data for longer periods if the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, subject to the implementation of appropriate technical and organisational measures to safeguard the rights and freedoms of the data subject.  

The retention period for each category of personal data will be set out in our Retention Schedule along with the criteria used to determine this period, including any statutory obligations we have.

Personal data will be disposed of securely. 

11. Your rights as a data subject 

We will facilitate your rights in line with our data protection policy and the Subject Access Request procedure. This is available on request. 

At any point while we are in possession of or processing your personal data, you, the ‘Data Subject’, have the following rights:  

• Right of access – you have the right to request a copy of the information that we hold about you.  
• Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.  
• Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records. The erasure of such data will be dependent on our other legal obligations, and whether the data is subject of legal privilege. 
• Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.  
• Right of portability – you have the right to have the data we hold about you transferred to another organisation.  
• Right to object – you have the right to object to certain types of processing such as direct marketing.  
• Right to object to automated processing, including profiling.   
• Right to make a complaint: if we refuse your request under rights of access, we will provide you with a reason as to why. 

All the above requests will be forwarded on, should there be a third party involved, as we have indicated in the processing of your personal data. 

12. Complaints 

If you have concerns about how your personal data is processed, please contact us. You also have the right to lodge a complaint with the Data Protection Commission. 

• Address: 21 Fitzwilliam Square South, Dublin 2, D02RD28.   
• Website: www.dataprotection.ie. 
• Email: info@dataprotection.ie 

13. Changes to this Privacy Notice 

We may update this Privacy Notice from time to time. The most recent version will always be available on our website. 

Last updated: January 2026