Personal Data Policy
Who Are We?
Eurosure Insurance Company Limited (hereinafter "the Company" or "Eurosure") conducts insurance operations throughout Cyprus and has its headquarters at 5 Limassol Ave., 2112 Aglantzia, Nicosia.
The present text is intended to provide you with understandable, transparent, and direct information regarding the processing of your personal data which we collect and process in the context of the implementation of our obligations to you, because our Company is committed under the applicable law to ensure and safeguard your right to protection against the unlawful processing of personal data and your right to privacy and to protect the personal data which it retains, and which concerns you.
Your personal information can help us better understand your insurance needs and offer you a more complete and personalised service. However, we understand that maintaining the security and confidentiality of your personal data is a great responsibility which we take very seriously. For this reason, we have developed, among other measures, this Policy, which aims to inform you about what data we collect, why we collect it and how we use it.
This Policy is addressed to natural persons who are existing customers or potential customers of the Company, beneficiaries of insurance policies, authorised persons, third parties, suppliers and partners. By providing your personal information or the information of another person such as a beneficiary of the Insurance Contract, or a claimant, for whom you have given consent or received authorisation to process his data, you agree that we will use it in the manner explained in detail in this Policy. You must refer the person whose personal information you provide to the Company, to this Policy.
You may be given further Processing Notices at a later stage which will emphasize specific uses of your personal information.
Furthermore, from time-to-time various changes may be made to the Policy in order to be in line with changes made to the legislation, operational and technological developments. You should periodically check the Companys website for the latest version of the Policy.
In the Policy, your personal data is sometimes referred to as "personal data", "personal information" or "data". For the purposes of this Policy, personal data is any information relating to a natural person whose identity can be ascertained either directly or indirectly, in particular by reference to an identifying element such as name, identity number, or one or more factors which identify physical, physiological, genetic, psychological, economic, cultural or social identity of said natural person.
The term personal data also includes, inter alia, various sensitive data (or special categories of personal data) such as data relating to the health of a natural person which disclose information about the state of his health, any criminal convictions and data which disclose racial or ethnic origin.
When we state that your personal data is subject to "processing", this term includes any action performed in connection with these data such as the collection, registration, organisation, structure, storage, adaptation, modification, retrieval, search for information, use, transmission, dissemination, disposal, association, combination, restriction, deletion, and destruction.
In case you need more information about how we process your personal data, you may contact the Companys Data Protection Officer at the address of our registered office at 5, Limassol Ave., 2112 Aglantzia, Nicosia or via email at [email protected] .
Principles Of Personal Data Processing
When collecting sensitive personal data, we are bound by the General Data Protection Regulation (EU) 2016/679 and taking into account all the necessary organizational measures, we proceed to the processing stage based on the following principles of personal data processing, whereby the data are:
- processed legally and fairly in a transparent manner;
- collected for specified, express and lawful purposes and are not further processed in a manner incompatible with the purposes for which the insurance company collects such data;
- only the appropriate, relevant are collected and are limited to the necessary purpose for which they were collected;
- accurate and updated when necessary;
- kept only for the period required for the purposes for which they were collected;
- processed in such a way as to guarantee their proper safety, inter alia, from unauthorized or illegal processing and accidental loss, destruction or deterioration, using appropriate technical or organizational measures;
- when we transfer your personal data either to another country, or to a person who performs processing on behalf of the Company, we take the necessary measures to protect your data, such as the conclusion of specialised data processing agreements.
How Is The Collection Of Personal Data Performed?
The collection of personal data is most often done by you directly, either through consultants or through intermediaries. This information can be obtained through a proposal, which is submitted directly or indirectly (through associates and/or agents) to us or through the agreement between us, by phone or any other type of communication with you.
However, in some cases, the collection of personal data may be done by third parties, when for example someone names you as part of a proposal/Company contract. Your personal information can be obtained either from third parties (associates, agents, lawyers, authorised persons) or from other insurance companies or even sources available to the general public.
More specifically, personal information can be collected:
- Directly from you (directly or indirectly):
- Through the information completion form within the framework of applying for an insurance proposal,
- Within the framework of submitting a query, objection, complaint or claim on your part
- Online by the client or through an intermediary
- In person by natural persons
- Via email, or in person, or through the website
- From various other/"third party" sources (indicative):
- From agents, collectors,
- Agreement form
- Banks, Bank forms
- Telephone, fax, mail, Websites,
- Via email, ERP systems
What Type Of Personal Data Do We Process?
Our Company collects and processes various types of personal data depending on the services provided, which it offers in each individual case. Our policy applies to both our directly and indirectly involved, existing or potential clients.
For all the reasons mentioned above, our Company collects and processes personal data depending on the insurance it will provide you as follows:
- Contact details (such as name, Date of Birth, ID number, home address, email address, telephone, occupation, Social Security Number, etc.) and other information depending on the insurance class
- Curriculum vitae, name, home address, telephone, Social Security Number, ID number, Date of Birth, Bank Account Information, Previous Employers, Letters of Recommendation, Degrees
- Vehicle Description and Value, Additional Driver Details, Policy Number, Associate’s Name, Add / Remove Drivers (ID Numbers, claims, Driving License Type), vehicle Ddtails
- Claims history
- Medical Information
- Description of premises and values
- Medical data in the case of employment insurance of domestic workers and employer
- Changes in amounts, use of property, insured risks, change of address and telephone numbers
- Associate’s specialty, qualifications and fees, Criminal record, degrees
- Policy details
- Credit card number, IBAN number, Account number
How Do We Use Your Personal Data?
After your personal data are collected by us, they may be processed within our Company, as already mentioned above, by our employees, our associates or our representatives in order to provide you with a personalized service.
We use your personal data for the following purposes:
- To communicate with you.
- To carry out assessments and decisions (automated and non-automated, including the definition of an individual’s profile) regarding the provision and terms of insurance and the settlement of claims and the provision of assistance and other services.
- For the provision of services arising from the insurance contract, for the payment of claim compensation and assistance, as well as other products and insurance services we offer, including the assessment of claims, management, settlement and dispute resolution.
- To improve the quality of our products and insurance services.
- To prevent, detect and investigate crimes, including fraud and money laundering, and to analyze and manage other commercial risks.
- To conduct research and data analysis, including the analysis of our client base and other individuals who have provided us with their personal data and information (e.g., third parties seeking compensation), the risks faced by our business, always in accordance with current Cyprus and European legislation (including obtaining consent, where required).
- For promotional commercial and advertising actions (marketing). We can conduct promotional activities according to your preferences and upon your consent, via email.
- For the compliance of our Company with the applicable laws and regulatory obligations, European directives and guiding principles, court decisions and other legal procedures, to respond to requests from public and state authorities, in accordance with the provisions of the Cyprus and European legislation.
- To enforce and defend our legal rights and to protect our business activities, our business associates and to safeguard our rights, privacy, security or assets, as well as those of our business associates, you or other persons or third parties
- To enforce our terms and conditions and seek available remedial action and limit our damages.
To Whom May We Disclosure Your Personal Data?
We may need to share your personal data with our associates in order to be able to provide you with the requested insurance (e.g. experts, appraisers etc.), with another insurance company, Reinsurers, Banks, Lawyers, agents, loss adjusters, CSTC (e.g. architects - professional indemnity), Immigration (MedicalMaids), system provider, lawyers of clients and involved parties, insurance companies of involved parties, doctors, assessors, auditors, road assistance, the Superintendent of Insurance, the Board of Directors, Public Authorities, Governmental Departments, RescueLine, Social Insurance Services, Web provider, Web Host, with Omnium Secretary.
However, under no circumstances will we share your personal data for processing, for reasons contrary to those described in this Policy and without informing you in advance.
In any case due to our relationship, your personal data may be transferred to public authorities, researchers, reinsurance companies, the Superintendent of Insurance, who as processors will process them on behalf of the Company, based on the agreement between us. Transfer of personal data from the Company, abroad, may be done towards associated third party providers and reinsurance companies, lawyers, experts.
In every transfer to third parties, every measure is taken in advance so that the data to be transmitted are necessary for the execution of the contract, the conditions for their legal and fair processing are always met, and the organizations to which they are transmitted have committed in writing to us that they in turn comply with the provisions of the General Data Protection Regulation. Exceptions are cases in which the disclosure of data occurs due to a legal or regulatory obligation.
In cases where your personal data need to be disclosed to countries outside the European Union, and which do not sufficiently secure your personal data, then our Company is responsible and is obliged to conclude contractual clauses between our insurance Company and the company, to which the data is disclosed, in order to secure and protect the information which is disclosed.
Retention Period of Your Personal Data
Our insurance Company retains your personal data in its records only for the period required for the completion of the insurance contract between us, unless required by legal or regulatory obligations. This also applies in cases where the agreement between us is terminated for any reason.
Due to our harmonization with the GDPR, we have concluded on the retention periods of your personal data depending on the processing they undergo. The parameters that have been taken into account in order to calculate the time periods, are your better service, our operational needs, our legal obligations and the safeguarding of our legitimate interests.
Regarding the precise information on the retention periods, please contact our Company’s the Data Protection Officer.
What Are Your Rights
The General Data Protection Regulation sets out your rights in relation to your personal data. Due to this, our insurance Company has developed a mechanism for satisfying requests regarding your personal data, as follows:
- Right of access:You have the right to access the data we hold about you and to which you can at any time receive a copy, provided we hold such in electronic form.
- Right to rectification:You have the right to access and rectify your personal information. At any stage of the relationship between us, you have the right to check and update your personal information, displaying the necessary supporting documents, requesting the correction or completion of inaccurate information. to check and update your personal data, always displaying the necessary supporting documents, requesting the correction or completion of inaccurate information.
- Right to erasure (right to be forgotten):You have the right to request the deletion of part of or all the data that concerns you. However, we emphasize that our Insurance Company is obliged to delete only those personal data which can be deleted as per our data deletion policy.
- Right to restriction of processing:You reserve the right to request the restriction of the processing of your personal data, even when the accuracy of the data is disputed or even when the data is no longer useful to the insurance Company, but you request their protection due to legal claims.
- Right to object:You can at any time object to the processing of your personal data. In the event where you exercise this right, the processing automatically ceases unless the Company demonstrates a legitimate interest or if the data is required to support a legal/judicial case.
- Right to data portability:You reserve the right to portability, i.e. the transfer of your personal data to another organization in a recognizable and commonly used form. These data will be deleted as defined by the deletion policy of our Company.
- Right to withdraw consent:You reserve the right, at any time, to withdraw your consent to the processing of your personal data, without, however, affecting the legality on which our insurance Company was based before your withdrawal. We inform you that the revocation of your consent may lead to the termination of the relevant services.
- Right to lodge a complaint: You reserve the right to lodge a complaint regarding the processing of your personal data with the Commissioner for Personal Data Protection.
If during the submission of your complaint you feel that you have been wronged by us or if you have doubts about the outcome of your request, you can also submit it in writing to the Commissioner for Personal Data Protection at the following address:
Office of the Commissioner for Personal Data Protection:
Iasonos 1, 2nd floor
Tel .: 22818456 Fax: 22304565
Email: [email protected]
For the exercise of your aforementioned rights or in case you need further information regarding your rights, you may contact our Company’s Data Protection Officer, at the address of our registered office or via the email address [email protected]
Changes to Our Policy
Changes in the Legislation or technological developments impose the corresponding amendments from our side also.Please keep in touch with our Policy, which can be changed at any time and adapted to new developments and data. Our revised policy will be posted on our website at www.eurosure.com.
Finally, you can request a copy of the latest version of the Policy in hard copy.