Our Group of Companies (hereinafter referred to as the “Companies”) is committed to collecting and processing your personal data in accordance with the General Data Protection Regulation (EU) 679/2016 and the relevant applicable laws and regulations.
The privacy and security of your personal information is very important to us and we would like to assure you that your information will be properly managed whilst in our hands.
Types of personal data we process
- Personal Data, such as identification data, contact data, payment data, insurance data necessary for the conclusion and management of an insurance contract, a specific category of personal data such as information on health (fitness, disability, medical history, medication, etc.), information regarding your financial/ property status and your investment/ savings goals, the data concerning your driving behavior in car insurance, etc.
- Personal information collected on our website depends on the visitor/user’s request. In addition to the above, it may also be a Personal Curriculum Vitae if you are interested in cooperating with the Companies. Where appropriate and depending on the request submitted, it is optional for some of the above information to be filled in by the visitor/ user.
- Interactions with electronic services data, such as IP address, Cookies, browser information, device data, etc., which do not identify you directly.
When do we collect personal data?
- When submitting an application for insurance, application for modification or alteration, cancellation request, redemption, application for participation in group insurance, or submitting a claim.
- Through our authorized employees or co-operators (e.g. experts)
- Through contracted service providers (e.g. hospitals, diagnostic centers)
- By the visitors/ users of our website, only when they voluntarily provide them for the purpose of processing the submitted electronic requests.
Purpose of processing data
In case of applying for insurance, we process your personal data in order to assess the risk at the conclusion of the insurance contract, to determine the general and special terms of the insurance, the appropriate premium, and the overall management of the insurance contract throughout its period of validity and/ or its expiry.
In the event of a request for modification or alteration, cancellation, redemption, insurance claim (indemnity, periodic payment/ pension), or loss report, we process your personal data to examine your request and execute what is provided in the terms of the insurance contract.
In addition, we process your data, possibly using automated means, in compliance with the obligations imposed by the current legal and regulatory framework, and in particular for purposes related to the prevention and suppression of money laundering and the financing of terrorism, the offer of securities to natural persons, American citizens or residents, as well as the application of the valid domestic and international tax legislation (e.g. FATCA, CRS).
We may also frequently carry out audits (including through certified automated means) to find ways to optimize internal processes and prevent fraud against the Company, in order to protect our legitimate interests and to ensure proper service to all our insured.
The Companies may process part or all of the data sent by the visitors/ users in order to process the submitted electronic requests as well as for statistical purposes and to improve the services and information provided. The visitors/ users of our website providing the above information, give their consent to the Companies for these data to be used by the Companies, the cooperating intermediaries, companies belonging to the same Group of companies, and all the participating companies acting in their name and on their behalf, for the above purposes and as described below.
The Companies will not make available for sale or otherwise transmit or disclose personal information of visitors/ users of our website to third parties other than those mentioned above, without the consent of the visitor/ user, except for the fulfillment of relevant legal obligations and to the competent authorities only. Finally, if the visitor/ user chooses the relevant consent box for the use of his or her personal data for promotions, as provided on this website or in the relevant consensus statements, it provides its specific and free consent to be used (except sensitive personal data) by Companies for the purpose of updating it and sending promotional material, in writing or by any means of electronic communication (in accordance with applicable law) for products or services of the companies or other companies belonging to the same Group. In case of accepting the sending of advertising messages and all kinds of newsletters, the visitor/ user can freely withdraw his/ her consent by sending such a request to firstname.lastname@example.org
In the event that the visitors/ users of our website are referred to websites under the responsibility of third parties (natural or legal persons), the Companies are not responsible for the conditions of protection and management of the personal data they follow.
Who are the Recipients and/ or Performers of your data processing?
In the course of the performance of our contractual and statutory obligations, your personal data may be processed by the Underwriting and other departments of the company. Various service providers, insurance partners, and suppliers may also receive your personal data so that we may perform our obligations. Such service providers, insurance partners, and suppliers enter into contractual arrangements with us by which they observe confidentiality and data protection according to the data protection law and GDPR.
It must be noted that we may disclose data about you for any of the reasons set out hereinabove, or if we are legally required to do so, or if we are authorized under our contractual and statutory obligations. All data processors appointed by us to process personal data on our behalf are bound by contract to comply with the GDPR provisions.
Under the circumstances referred to above, recipients of personal data may be, for example:
- Service providers, we have chosen to support us in the effective provision of our products and services to you by offering technological expertise, solutions, and support
- Auditors and accountants
- External legal consultants
- File storage companies, archiving and/ or records management companies, and cloud storage companies
- Financial and business advisors
- Medical Professionals
- Claims handling experts, such as investigators, assessors, and loss adjusters
- Valuators and surveyors
- Third-Party claimants, their legal representatives, and lawyers who seek indemnification under your policy
- Card payment processing companies, such as JCC Payment Systems Ltd
- Accident care and emergency assistance service providers (in relation to motor, home, medical and travel policies) including overseas assistance
- Governmental and regulatory bodies, including law enforcement authorities, in connection with inquiries, proceedings, or investigations by such parties or in order to enable us to comply with legal and regulatory requirements
- Our insurance partners such as agents, brokers, other insurance companies, reinsurers, and reinsurance brokers
Some of the recipients of your personal data may be located in third-party countries (i.e. countries outside the European Economic Area). Processors in third countries are obligated to comply with the European data protection standards and to provide appropriate safeguards in relation to the transfer of your data in accordance with GDPR.
How long do we keep your personal data?
Companies will keep and process your personal information for as long as we have business with you, both in hard copy and in electronic form. In the event that the relationship is interrupted or terminated in any way, we will keep your data for as long as it is necessary for the revocation of the relevant claims and in any case for as long as required by the tax legislation, the current applicable corporate and regulatory framework and approved codes of conduct.
Also, the Companies will keep and process your personal data for up to five (5) years in case your application is rejected and the insurance contract is not concluded. Please note that if litigation is pending between us beyond this processing time, we will keep your data up to the end of the court case by irrevocable court order.
The Companies collect and store data for the purpose of conducting targeted marketing and sales promotion activities of the Companies for purposes of evaluating the quality of the services provided by us only subject to explicit consent from the subject of the data. Data may be transmitted to collaborating survey companies and promotional companies to achieve this goal. Under the same processing, the data subject’s right to be at all times touched upon by sending a request to email@example.com.
Security of your data
The Companies complying with the relevant provisions of the new Regulation on the Protection of Individuals with regard to the processing of personal data are bound to protect your personal data as they consider that the security of the personal data of customers and/ or prospective customers is an important and integral part of the management of corporate information. For this reason, they take all necessary measures to ensure that personal data is insured and protected against loss, misconduct, unauthorized access, modification, or disclosure.
We guarantee to keep your data up-to-date and accurate, to store and delete it safely, not to collect and maintain data that we do not need, to protect your data from loss, misuse, unauthorized access, or disclosure, and we ensure the existence of appropriate technical and organizational measures to protect them.
Your data protection rights
You have the following rights in terms of the personal data we hold about you:
- Receive access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction (rectification) of the personal data we hold about you to check that we are lawfully processing it.
- Request the erasure of your personal data. This enables you to ask us to erase or remove your personal data where there is no good reason for us continuing to process it.
- Object to the processing of your personal data where we are relying on a legitimate interest and there is such a case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interest, rights, and freedoms.
You also have the right to object where we are processing your personal data for direct marketing purposes.
- Request the restriction of processing of your personal data. This enables you to ask us to restrict the processing of your personal data if:
- it is not accurate
- it has been used unlawfully but you don’t want us to keep it for use in possible legal claims
- it is not relevant anymore, but you want us to keep it for use in possible legal claims
- you have already asked us to stop using your personal data but you are waiting for us to confirm if we have legitimate grounds to use your data
- Request to receive a copy of the personal data concerning you in a format that can be easily re-used or request the transfer of such data to other organizations
- Withdraw the consent you gave us with regard to the processing of your personal data for certain purposes, such as to allow us to promote our products and services to you and/ or to process your insurance policy or claim.
Right to complaint
To exercise any of your rights, or if you have any other questions about our use of your personal data, please visit any of your branches or contact our Data Protection Officer via email at firstname.lastname@example.org or send us a letter with the subject GDPR.
For any clarification with regards to the complaints procedure, you may contact us at 7777 4567.
Since you exercise any of your rights, we will take every possible action to examine your request within 30 calendar days of receipt of the request, after informing you either of its satisfaction or of the objective reasons that prevent it from being satisfied.
You also have the right to complain to the Office of the Commissioner for Personal Data Protection. You can visit their website to find out how to submit a complaint (www.dataprotection.gov.cy).
For any other information related to GDPR, you may address to Data Protection Officer at email@example.com