Briefing of Natural Persons on Personal Data Processing
1. General Information
European Reliance General Insurance Co. S.A. (hereinafter "European Reliance") is a comprehensive insurance company, active in all modern sectors of insurance, providing full insurance coverage to individuals and companies. The Company is registered in Greece and its headquarters are in Chalandri, 274 Kifisias Avenue, telephone number +30 2106829601, email email@example.com.
European Reliance Group of Companies owns the subsidiaries “European Reliance Asset Management M.F.M.S.A.” and “Alter Ego S.A.”. Within the framework of its activities, European Reliance maintains and processes Personal Data and Special Categories of Personal Data, in order to support, promote and enforce contractual relationships with its customers, to protect transactions and inform customers on the provided services. European Reliance acts mainly as a Data Controller or Joint Controller and, where appropriate, as Data Processor, according to the General Regulation (EU) 2016/679.
2. Purpose of Personal Data Processing
Within the framework of your insurance coverage, European Reliance requires from you to declare the Personal Data / Special Categories of Personal Data included in the relative fields of your Insurance Application Form (in printed or electronic form), in any future Application Form (i.e. Form for Amendments, Compensation, Purchase, etc.), as well as application forms related to your insurance coverage or briefing on the insurance products of European Reliance. These data are disclosed to European Reliance by you or via your Insurance Intermediary and any Insurance Agent that is involved in the issuance of your insurance policy or the third parties that are delegated by you and must be true, accurate and clear. These data are maintained and processed by European Reliance, as they are objectively essential for: a) the estimate of the underwriting risk, b) the calculation of premiums, c) the determination of general and special terms of the insurance policy and d) the fulfillment of the objective and function of the insurance policy. Moreover, this processing contributes to the estimate, audit and settlement of the insurance claim in case of occurrence of the underwriting risk or payment of the provided sum insured (compensation) according to the terms of the insurance policy. Regarding the Products of the Life Insurance Sector, we perform additional individual procedures for the purpose of compliance of European Reliance with the provisions of the European and Greek legislation:
- Audits for the prevention of the use of the products of European Union for purposes of “money laundering” and or terrorist financing, (L. 4557/2018).
- Audits and dispatch of data for the purpose of compliance of European Reliance with the national and international regulatory framework for the automatic exchange of financial information in tax matters (L. 4428/2016 and L. 4378/2016).
- Any relevant processing for the purpose of compliance of European Reliance with FATCA relates only to natural persons with indication of American citizenship / residence for tax purposes (L. 4493/2017). European Reliance requires and collects for the fulfillment of the objectives mentioned above, the data of its insured and/or third parties involved in the case of occurrence of the underwriting risk (i.e. injured third parties, witnesses etc.) from third parties that cooperate or not with the Company, such as: Insurance intermediaries, claims adjusters, car service stations, road assistance companies, other insurance companies, clinics, diagnostic centers, the IT Division of the Hellenic Association of Insurance Companies, etc. In any case, we would like to inform you that European Reliance applies a strict Personal Data Protection Policy for the processing of personal data, which has been communicated to the personnel and insurance agents and its implementation is audited regularly.
3. The legal Basis of the Processing
The processing of Personal Data / Special Categories of Personal Data, other data and information, collected by European Reliance, within the framework of its operations and for the above purposes, is based on:
- the performance of the contract (insurance policy) and the actions required in the pre-contractual stage (i.e. filling in the application form, submission of an offer, etc.)
- your consent (i.e. in case of processing of special categories of personal data, promotional acts, etc.)
- the compliance of the Company with its legal obligations, that are enforced by the applicable legislative and regulatory framework (i.e. the private insurance legislation, management of complaints,etc.) and
- service of its legal interests (i.e. the establishment and exercise of its legal rights, the prevention of insurance fraud, the research on the customer satisfaction level, management of its business functions, the operation of the IT systems, the internal audit procedures, etc).
4. Type of processing
Upon receipt of the filled-in application forms, accompanying documents and any other information received by European Reliance within the framework of its operations, the Company proceeds, for the aforementioned purposes, to an act or series of acts of personal data processing (with or without the use of automated means), such as, the collection, registration, organization, correction, storage, adjustment, modification, retrieval, search for information, use, erasure, or destruction of data. European Reliance may use these automated means at the stage of preparation of the application form, i.e. for the estimate of the underwriting risk, determination of fair premiums, etc. Moreover, within the framework of protecting its legitimate interests, European Reliance often performs quality audits and analysis of the losses, through automated means, for the prevention of fraud. In cases of automated processing, the results arising are always audited by the competent employees or insurance agents of European Reliance and therefore no decision is taken exclusively based on the automated processing.
5. Time period for the Retention of the Personal Data.
European Reliance will retain (in hard copy and/or electronic form) and will process your personal data for the entire policy period of your contract. If the insurance policy is terminated for any reason, European Reliance will retain your data for as long as it is required under the current legislation or up to the time of expiration of any relevant claim with maximum time period twenty (20) years. In case of non-conclusion of an insurance policy, European Reliance may retain the personal data that you declared in the pre-contractual stage for a time period up to five (5) years after their submission, depending on the applicable data destruction policy. All of the above are valid, provided that no legal dispute is pending for a time period longer than the aforementioned and up to its finalization with an irrevocable judicial decision.
6. Rights of Natural Persons
According to the General Regulation (EU) 2016/679, you retain the following rights:
- The right of access, namely the right to receive a confirmation from European Reliance as to whether or not your data are processed and, if so, for which purpose, duration and the name of the recipients.
- The right to correct any deficiencies or inaccuracies in your data.
- The right to erasure ("right to be forgotten") of your data from the folders of European Reliance, provided that the processing is no longer necessary, according to the provisions in paragraph 4, above.
- The right to restrict the processing, in the event of proven inaccuracy of the personal data, etc.
- The right of portability, that is the right to receive your data from European Reliance in a structured and commonly used format, when this is technically possible, so that you may forward it to another data controller.
You may, at any moment, oppose the processing of your Personal Data / Special Category of Personal Data, for the purposes of the insurance policy, by withdrawing your consent. However, this will lead to termination of the insurance policy for a significant reason and to non-coverage in the case of occurrence of the risk, since no insurance policy applies without the processing of the above data of the insured. If the withdrawal of the consent takes place in a pre-contractual stage, then European Reliance has the right to deny the conclusion of the policy. The above rights are exercised free of charge, by sending a relevant letter or via email to the Data Protection Officer (see paragraph 11 of the present document). In case of request of additional actions and copies, European Reliance may impose the payment of a reasonable fee for administrative expenses. If you exercise any of your aforementioned rights, European Reliance will forward every possible measure to respond to your request, the latest within thirty (30) days since its receipt, providing you information on its fulfillment, either for objective and legal purposes that prevent its fulfillment. Upon your notification by European Reliance, this deadline may extend for a time period of two months, if necessary, taking into account the complexity and the number of the requests.
7. Processing of the Personal Data of Children
For minors under 18 years old that participate in the insurance policy with the capacity of the insured or the beneficiary, the processing of the personal data is lawful, only if and to the extent that the consent (when required) is provided or approved by the person with the parental responsibility of the minor. When the minor fills in the 18th year of age, the consent, (when required) for the processing of the personal data by European Reliance is provided by the adult itself.
8. Transmission of Data to Third Parties
Your data may be transmitted to any business unit of European Reliance for the proper and smooth operation of the insurance policy. Your data may be forwarded to third parties (legal entities or natural persons) with which European Reliance retains policies for your proper compensation, according to the terms of the insurance policy, as well as for the estimate of the claim.
Transmission of data depending on your insurance scheme
Within the context of the proper function of your insurance policy and for the purpose of fulfilling its legal obligations, European Reliance may, in cases needed, depending on your insurance scheme, transmit data to legal entities and/or natural persons, as indicatively:
- Your Insurance Intermediary and any other insurance agent that acts as an interface for the issuance of your insurance policy.
- Insurance Companies (for the needs of the Amicable Settlement System -SAP)
- In Reinsurance Companies, inside and outside the European Union.
- In Nursing Facilities, Diagnostic Coordination Centers, Doctors, etc.
- Claims Investigators, Loss Adjusters, International Loss Adjusters, Lawyers, etc.
- In Road Assistance Companies, Courier companies, Archive and File Management companies, Telephone Service Providers etc.
- The IT Division of the Hellenic Association of Insurance Policy Companies, the Information Center and the International Insurance Bureau.
- In Car Service Stations.
- In cooperating Banking Institutions (etc. in case of issuance of credit cards for the insurance product, for payment of claims, etc.).
- In Public and Judicial Authorities, Public Organizations and Supervisory Authorities, based on special legislative provisions with which European Reliance must comply.
- In subsidiaries of European Reliance.
However, the legal entities and/or natural persons will process your personal data exclusively for the purpose of the provision of services to European Reliance, acting as data controllers/ joint controllers and having been bound in writing to confidentiality, protection of personal data and information security.
In every transmission, European Reliance shall take all necessary measures, so that the data transmitted will always be the minimum required and shall ensure that all requirements for legal and appropriate processing are met.
9. Processing of Personal Data for commercial or research purposes
European Reliance may process the personal data that are submitted by you, (i.e. telephone number, email, etc.), only upon your discrete consent and in every case for the following purposes:
- To receive, according to the method of your preference, updates on new offers of products or services throughout your policy period and up to 36 months after its expiry. In case of non-conclusion of the insurance policy, European Reliance will keep your personal data based on your consent for 12 months.
- To receive updates for the promotion of products or the services of European Reliance or its subsidiaries.
- To perform customer satisfaction surveys for products and services that are provided by European Reliance and for your insurance intermediary.
Moreover, for the achievement of this purpose, your data may be transferred to cooperating companies for market research and promotional acts.
You may modify and/or revoke at any time, ) your consent on the collection and use of your Personal Data for this purpose in writing or via the Customer Service Department (tel.: +30 210-8119670, email firstname.lastname@example.org.
10. Data Security
The security of your personal data is extremely important to us and for this reason we take and implement all appropriate organizational and technical measures to ensure that the data we collect are adequately protected and processed in accordance with the requirements of the applicable legislation. European Reliance applies an Information Security Management System according to the international standard ISO/IEC 27001:2013 and since 01/11/2017 it has been certified by the Certification Body TUV HELLAS (TUV NORD) S.A. According to this System, in addition to the technical security measures, European Reliance has adopted Information Security Policies and Procedures for the protection of your personal data. The adopted Information Security Policy consists of a set of rules that determine the way with which European Reliance administers and protects its Information Assets. These rules determine the role of any person involved with European Reliance, its competences, responsibilities and duties.
The Primary Objectives of the Security Policy are:
- The assurance of the confidentiality, availability and integrity of the information of European Reliance.
- The assurance of the rights of the natural persons that cooperate with European Reliance of the employees and the insurance agents.
- The immediate detection of Information Security risks and their effective management.
- The immediate management of the Information Security incidents
- The assurance of the proper function of the information assets
- The constant improvement of the level of Information Security
- The satisfaction of the regulatory and legislative requirements
- The increase in the degree of awareness of the personnel for possible risks that could threaten the Information Security and the constant update of the best practices that must be implemented for their minimization.
The entire text of the Information Security Policy can be found here.
11. How to file a Complaint
For any matter pertinent to the processing of Personal Data, you may contact the Data Protection Officer (DPO) of European Reliance at +30 210-8119670, or in the email address email@example.com). Moreover, you maintain the right to contact the Personal Data Protection Authority, that receives relevant complaints submitted in written form in its Protocol Department (1-3 Kifisias Avenue, P.C. 115 23, Athens, tel.: +30 210-6475600 / fax: +30 210-6475628), or via email at firstname.lastname@example.org. Furthermore, you always maintain the right to appeal to the Greek Courts.