1. GENERAL This Policy is a privacy statement and aims to inform you on: how I collect, use and disclose your personal data, the purpose for processing and your legal rights as data subjects pursuant to the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Protection of the Personal Data Processing Act 2018. In accordance to the mentioned Regulation ‘personal data’ means any information that can identify (directly or indirectly) a natural person e.g. full name and an address or an ID number.
2. WHO AM I Alexandros Demetriou Insurances is a licensed insurance individual registered in the Registers of Insurance Intermediaries of Cyprus under license number 5113. Its office is at 1 Salaminos Avenue, 1045, Nicosia, Cyprus.
3. HOW WE PROCESS YOUR PERSONAL DATA We collect and process different types of personal data which we obtain from you through the ‘Proposal Form’ and/or other insurance forms in accordance to the explicitly and freely given consent that you have given us. We may also collect personal data from other publicly available sources (e.g. the Internet) which I lawfully obtain and are permitted to use.
4. WHAT PERSONAL DATA WE COLLECT If you are a client, a prospective client, an insured person or a beneficiary in an insurance policy, the personal data we collect may include: Full name, home address, contact details, date of birth, ID or passport number, profession, email, telephone number, marital status, number of family members, personal income and expenses, assets, bank account number, height, weight and health conditions.
5. WHY WE PROCESS YOUR PERSONAL DATA AND ON WHAT LEGAL BASIS We are committed to protecting your privacy and handling your data in a transparent manner and as such we process your personal data in accordance with the GDPR and the data protection statute law for one or more of the following reasons: A. Contract necessity We process personal data on behalf of insurance companies in order to enter into contract, to amend a policy, to handle a claim or any other contract performance. B. Legal obligation There are some legal obligations arising from relevant laws and statutory requirements. In addition there are various supervisory authorities like the Insurance Companies Control Service which may impose on us necessary personal data processing e.g. the insurance analysis. C. Legitimate interest We process personal data to safeguard legitimate interests pursued by ourselves or by a third party. Legitimate interest occurs when we have a business or commercial justifiable reason to process your personal data, as long as this is necessary and is not unfair for your Consent Provided you have given us your written specific consent, then the lawfulness of such processing is based on that consent. You have the right to withdraw or restrict your consent at any moment. Concerning the separate consent, you may have given to the insurance company, you should contact the insurance company directly.
6. WHO RECEIVES YOUR PERSONAL DATA As processor we share your personal data with the insurance companies we cooperate with, so that they can provide cover for you.
7. COMMERCIAL PURPOSES Provided you have given us your specific consent, we may process your personal data in order to inform you about products, services and offers that may be of interest for you.
8. HOW LONG WE KEEP YOUR PERSONAL DATA FOR We shall keep your personal data for as long as you remain our client. When this relationship ends, we erase all relevant information within 12 months, unless there is a justifiable reason not to do so. In case you have filed a claim to your insurance company through us, we keep your personal data until the settlement of your claim. Personal data of prospective clients are kept for a period of 6 months.
9. YOUR DATA PROTECTION RIGHTS • Right to be informed. You have the right to be informed about the collection and use of your personal data. • Right of access. You may ask for a free copy of your personal data that is being used. • Right of rectification. You may ask to erase or rectify inaccurate or incomplete personal data. • Right to erasure (right to be forgotten). You may ask us to erase your personal data, as long as there is no justifiable reason for us to continue to do so. • Right to restrict processing. You can ask us to restrict the purposes of your personal data processing. • Right to object to processing. You have the right to object to processing when we rely on a legitimate interest. In such a case we shall stop processing your personal data unless we prove that compelling legitimate grounds override your rights and freedoms. • Right to data portability. You can also ask us to transfer your personal data directly to another • business. • Right to withdraw consent. You may withdraw the consent you have given us at any time. • Right to report a complaint. If you have concerns about the way we use your personal data, you may contact our Data Protection Officer (DPO). You also have the right to report us to the Commissioner of Personal Data Protection through the website http://www.dataprotection.gov.cy
10. HOW TO COMMUNICATE WITH US If you wish to exercise any of the above rights, ask any question and/or request any clarifications concerning the way, we use your personal data, you may contact our DPO by email at [email protected] or by post: 1 Salaminos Avenue, 1045, Nicosia, Cyprus.
We will provide you with a quotation based on the information you have provided to us. It is essential that all information and answers are true and accurate and that you also disclose all relevant facts. If you do not provide accurate information and disclose all relevant facts this could lead to your insurance being invalid and claims may not be paid. Alexandros Demetriou Insurances complies with the principles of GDPR (purpose limitation, data minimisation, accuracy, storage limitation). Your privacy and security is of the utmost importance to us. We will always follow these principles and ask you how you would like us to communicate with you.