Eurosure Insurance Company Limited (hereinafter "we", "us" or "our") is the controller of the information collected or provided directly.

We respect your privacy and your personal data and are committed to protecting it through our compliance with applicable privacy and data protection laws and regulations. Please read this privacy policy carefully to understand our policies and practices regarding your information and how we will treat it.

If you have any questions about our privacy practices, please refer to the end of this privacy policy for information on how to contact us.

This privacy notice applies to anyone who interacts with us about our products and services ('you', 'your'), in any way (for example, by email, through our website, by phone). We will give you further privacy information if necessary for specific contact methods or in relation to specific products or services.

This privacy notice applies to you if you ask us about, buy or use our products and services. It describes how we handle your information, regardless of the way you contact us (for example, by email, through our website, by phone and so on). The policy also applies to information we collect through third parties in the standard course of the business we do in order to provide you with the service you requested.

We will provide you with further information or notices if necessary, depending on the way we interact with each other, for example if you use our apps we may give you privacy notices which apply just to a particular type of information which we collected through that app.

We collect and use several types of information the individuals we co-operate with, including information by which you may be personally identified and that is defined as personal data or personally identifiable information under applicable law ("Personal Information"), such as your first and last name, e-mail address, billing information, demographics, telephone number, or other (online) contact information, personal details, health related information.

• Information that you provide by filling in forms, in particular at the time of first contact with us.
• Records and copies of your correspondence (including e-mail addresses), if you contact us.
• Details of insurance payment claims you perform including the supporting evidence you submit.

In general, we use information that we collect about you or that you provide to us, including General Personal Information and Special Personal Information (sensitive), for following purposes:

• Provision of services: to provide you with information on our insurance products, on the products or services that you request from us and for fulfilling our obligations in order to provide you the service you requested and we agreed to provide;
• Customer management: to manage your account to process your claims and to provide you with the necessary support and insurance coverage. Further we will provide you with notices about your account, including notices, notices about changes to any products or services we offer or provide through it;
• Advertising: following explicit consent to communicate with you about products or services that may be of interest to you either from us, our affiliates or other third parties;
• Functionality and security: to detect, prevent, and respond to actual or potential fraud, illegal activities, or intellectual property infringement;
• Compliance: to enforce our terms and conditions and to comply with our legal obligations as these derive from the applicable laws or our regulators;
• in any other way we may describe when you provide the information; or for any other purpose with your consent provided separately from this privacy policy.

We want you to understand when and to whom we disclose Personal Information and other information we have collected about you or your activities on the Website. We do not share your Personal Information with third parties except as indicated below:

• We share above categories of Personal Information with our subsidiaries and affiliates to the extent this is necessary for the purposes of provision of services, customer management, customization of content, advertising (if you have consented) and security, and compliance, or to the extent you have provided your consent provided separately from this privacy policy.
• Service Providers. To our authorized service providers that perform certain services on our behalf, including for purposes of provision of the services you requested from us, customer management and security. These services may include fulfilling orders, processing credit card payments, risk and fraud detection and mitigation, providing customer service and marketing assistance. These service providers may have access to Personal Information needed to perform their functions but are not permitted to share or use such information for any other purposes. We have taken all reasonable steps to ensure that they comply with the current data protection regulations.
• Legal successors. To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by is among the assets transferred. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal information uses it in a manner that is consistent with this privacy policy.
• To the extent this is necessary to fulfill any other purpose not mentioned above for which you provided Personal Information and, if applicable, your consent separately from this privacy policy.

We also disclose your Personal Information to other third parties, including official authorities, courts, or other public bodies:

• In response to a subpoena or similar investigative demand, a court order or other judicial or administrative order, or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; to comply with applicable law or cooperate with law enforcement, government or regulatory agencies; or to enforce our Website terms and conditions or other agreements or policies; or as otherwise required by law (including responding to any government or regulatory request). In such cases, we may raise or waive any legal objection or right available to us, in our sole discretion.
• To the extent a disclosure is necessary in connection with efforts to investigate, prevent, report or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to maintain and protect the security and integrity of our Website or infrastructure.

Third parties to whom we may disclose Personal Information may have their own privacy policies which describe how they use and protect Personal Information. If you want to learn more about their privacy practices, we encourage you to visit the websites of those third parties.

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction. In particular, we may transfer non-Personal Information and process it outside your country of residence, wherever the Website, its affiliates and service providers operate. We may combine non-Personal Information we collect with additional non-Personal Information collected from other sources. We also may share aggregated information with third parties, including advisors, advertisers and investors, for the purpose of conducting general business analysis.

The information that we collect about you, including Personal Information, will be stored and processed in Cyprus and/or in remote cases in the Countries in which we and the third parties mentioned above maintain facilities. If you are located in the European Union or other regions with laws governing data collection and use that may differ from European data protection laws, please note that in the course of providing you with the service you requested we may transfer Personal Information to some of these countries and jurisdictions that have data protection laws that do not provide the exact same level of protection as in your jurisdiction, however we make every effort possible to verify and audit that the processor and sub processors provide the best level of protection of personal data.

We keep your personal information in line with set periods calculated using the following criteria.

• How long you have been a customer with us, the types of products or services you have with us, and when you will stop being our customer.
• How long it is reasonable to keep records to show we have met the obligations we have to you and by law.
• Any time limits for making a claim.
• Any periods for keeping information which are set by law or recommended by regulators, professional bodies or associations.
• Any relevant proceedings that apply.

If you would like more information about how long we will keep your information for, please contact us at info@eurosure.com.

There are different legal bases that we rely on to collect, use and disclose your Personal Information, namely:

• Consent: We will rely on your consent to use (i) your Personal Information for marketing and advertising purposes; (ii) your Personal Information for other purposes when we ask for your consent separately from this privacy policy and for which the purpose of the process does not relate to the services we offer to you.
• Performance of contract: The use of your Personal Information for purposes of providing the services, customer management and functionality and security as described above is necessary to perform the services provided to you under our term and conditions and any other contract that you have with us.
• Compliance with legal obligation: We are permitted to use your Personal Information in to the extent this is required to comply with a legal obligation to which we are subject.

We take appropriate security measures (including physical, electronic and procedural measures) to safeguard your Personal Information from unauthorized access and disclosure. For example, only authorized employees are permitted to access Personal Information, and they may do so only for permitted business functions. In addition we have trained our employees on how to handle, manage and process personal data, applied upgraded technical measures and transformed our policies and procedures in a way that will comply with the General Data Protection Regulation.

Users should also take care with how they handle and disclose their Personal Information and should avoid sending Personal Information through insecure email. We are not responsible for circumventions of any privacy settings or security measures contained on the Website.

We strive to provide you with choices regarding the Personal Information you provide to us.

• You can choose not to provide us with certain Personal Information, but depending on the information you may choose not to provide us with, that may result in assessing you in a different and potentially worse way.
• When you register with us, you may be given a choice as to whether you want to receive email messages, newsletters or advertising material about product updates, improvements, special offers, or containing special distributions of content by us. If consented yet later on you decide you no longer want to receive commercial or promotional emails or newsletters from us, you will need to avail yourself by contacting the Company directly either via email or phone at the information mentioned at the end of this document. It may take up to seven days for us to process an opt-out request. We may send you other types of transactional and relationship e-mail communications, without offering you the opportunity to opt out of receiving them as these will related directly to your relationship with us.
• If you provided Personal Information, you may terminate your relationship with us at any time as per the provision of the between us agreement or engagement. If you choose to do so, your Personal Information will be deleted in accordance with our retention policy.

You have the right to access your information and to ask us to correct any mistakes and delete and restrict the use of your information. You also have the right to object to us using your information, to ask us to transfer of information you have provided, to withdraw permission you have given us to use your information and to ask us not to use automated decision-making which will affect you. For more information, see below.

You have the following rights (certain exceptions apply).

• Right of access: the right to make a written request for details of your personal information and a copy of that personal information
• Right to rectification: the right to have inaccurate information about you corrected or removed
• Right to erasure ('right to be forgotten'): the right to have certain personal information about you erased
• Right to restriction of processing: the right to request that your personal information is only used for restricted purposes
• Right to object: the right to object to processing of your personal information in cases where our processing is based on the performance of a task carried out in the public interest or we have let you know the processing is necessary for our or a third party's legitimate interests. You can object to our use of your information for profiling purposes where it is in relation to direct marketing
• Right to data portability: the right to ask for the personal information you have made available to us to be transferred to you or a third party in machine-readable formats
• Right to withdraw consent: the right to withdraw any consent you have previously given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of Company's use of your personal information prior to the withdrawal of your consent and we will let you know if we will no longer be able to provide you your chosen product or service
• Right in relation to automated decisions: you have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you, unless it is necessary for entering into a contract with you, it is authorised by law or you have given your explicit consent. We will let you know when such decisions are made, the lawful grounds we rely on and the rights you have.

Please note: Other than your right to object to the use of your data for direct marketing (and profiling to the extent used for the purposes of direct marketing), your rights are not absolute: they do not always apply in all cases and we will let you know in our correspondence with you how we will be able to comply with your request.

You may, at any time, send us an e-mail at info@eurosure.com to exercise your above rights in accordance with the applicable legal requirements and limitations. If you are located in the European Economic Area, you have a right to lodge a complaint with the local data protection authority being the Office of the Commissioner for the Protection of Personal Data.

Also note that it is possible that we require additional information from you in order to verify your authorization to make the request and to honor your request.

We may modify or revise our privacy policy from time to time. Although we may attempt to notify you when major changes are made to this privacy policy, you are expected to periodically review the most up-to-date version found at our website www.eurosure.com so you are aware of any changes, as they are binding on you.

If we change anything in our privacy policy, the date of change will be reflected in the "last modified date". You agree that you will periodically review this privacy policy and refresh the page when doing so. You agree to note the date of the last revision to our privacy policy. If the "last modified" date is unchanged from the last time you reviewed our privacy policy, then it is unchanged. On the other hand, if the date has changed, then there have been changes, and you agree to re-review our privacy policy, and you agree to the new ones. By continuing to use the Website subsequent to us making available an amended version of our privacy policy in a way that you can easily take notice of it, you thereby consent to such amendment.

We regularly review our compliance with this privacy policy. Please feel free to direct any questions or concerns regarding this privacy policy or our treatment of Personal Information by contacting us through this Website at www.eurosure.com. When we receive a formal written complaint, it is our policy to contact the complaining party regarding his or her concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the collection, use and disclosure of Personal Information that cannot be resolved by an individual and us.

This privacy policy does not create rights enforceable by third parties or require disclosure of any Personal Information relating to users of the Website.

We do not guarantee error-free performance under this privacy policy. We will use reasonable efforts to comply with this privacy policy and will take prompt corrective action when we learn of any failure to comply with our privacy policy. We shall not be liable for any incidental, consequential or punitive damages relating to this privacy policy.

If you have any questions about this privacy policy or our information-handling practices, please contact us at www.eurosure.com.

You may also contact us at Eurosure Tower, 5 Limassol Avenue, 2112 Aglantzia, Nicosia, PO Box 21961, 1515 Nicosia, Cyprus, telephone +357 22882500