The company " NEQUS BROKERS INSURANCE AND REINSURANCE COMPANY S.A." with the distintive title "NEQUS BROKERS S.A." located in Nea Smyrni, Attica, on Syngrou Avenue, at number 171, has a Tax# 800562232 of the Tax Office of Piraeus and legally represented, hereinafter "the Company" and acting as though special claims representative in Greece of the registered office at an insurance company abroad Gibraltar under the name « EVOLUTION INSURANCE COMPANY LIMITED », which operates in Greece with the freedom to provide services (E.P.Y.), as Controller take all appropriate technical and organizational measures to comply with national and European legislation relating to the protection of individuals from processing personal data concerning them, in particular by Regulation (EU) 2016/679 (General Data Protection Regulation), hereinafter referred to as the "Regulation" on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
The following constitute the policy we follow in our above-mentioned compliance and, in particular:
1. The general principles that we follow during processing of personal data.
2. What data may be submitted to processing by our company.
3. What the purposes of processing are.
4. Who can be the recepient of the data.
5. Coneyance of data to other countries.
6. What the time period for which the data is kept is and what happens thereafter.
7. What rights the data subjects have.
8. What the Company's obligations when processing the data are.
9. Installation of Closed TV Circuits for Security reasons.
10. Updating - modifying our Policy.
1. General rules in the processing of Personal Data
The Company ensures that data is processed in accordance with general principles laid down by law and in particular by ensuring that:
· The collection always takes place in a way fair and legal, for a definite, clear and legitimate purpose.
· To be done with the consent of their subject after each time he has been thoroughly informed about everything he is entitled to know as well as for his rights, most notably his right to be freely withdrawn, at any time, unless the law provides otherwise.
- Each processing of data is done in a lawful manner, in compliance with or with the prior consent of the subject, whether they are processed on the basis of this, or by the legal basis allowing for the processing in question.
· The data is relevant to the purpose of the processing, appropriate, precise and minimally necessary in relation to the purpose in question.
· Data to be submitted regularly updating or completing them so that they always respond in the foregoing.
· Keep data for the minimum time needed, always based on the purpose of their processing.
· Take appropriate action at all times security to protect the security and integrity of data from any risk, unauthorized access, loss, destruction, illegal use,
Especially as to the consent of the subject, we inform that according to the law, it is not required:
(a) in the case of processing carried out for binding a contract that the subject has concluded with us or in order to to satisfy his / her own request, prior to the conclusion of the policy,
(b) when made for the Company's compliance with its legal obligations,
(c) when they are done to protect vital interests of the subject,
(d) when done for the fulfillment of a duty carried out in the public interest; and
(e) when the processing is necessary for the purposes of the legal interests pursued by our Company, unless their interest or fundamental rights and freedoms of the subjects override those interests.
Data of minors are held by the Company only if they have been provided by those who exercise parental responsibility and only for the purposes of fulfillment relevant contractual relation for the benefit of minors. The Company at no case deals directly with minors.
2. What data may be processed.
The Company processes the personal data which are absolutely essential for the individual purpose of processing. We've put in place procedures to control their accuracy, along with the obligation of the subjects to inform the Company promptly about any changes.
Specifically,the processing of data by the Company includes the following categories:
a. Identification Data, e.g. name, surname, date of birth, identity card / passport number, Α.M.Κ.Α., ΑΦΜ.
b. Communication Data, e.g. address, e-mail / mail, telephone / fax numbers.
c. Payment Data, e.g. bank accounts, debit / credit and other bank cards.
d. Insurance Data, ie data necessary for the binding and handling of the insurance contract, (eg with respect to the economic / asset status, investment / savings targets, data regarding health, driving history.
e. Settlement Data, ie data necessary for the handling of the insurance claims included in the payment application indemnity / redemption / ayment of insurance or its accompanying insurance documents / supporting documents or related to it.
The data that is regarded as personal, are processed by the Company and are kept in written form and / or by electronic and magnetic means.
Regarding automated processing, upon completion of the insurance application and on the basis of the data given by the candidate recipient of the insurance, combined with the data which are lawfully kept in the archives of YSAE as implementation of Y.A. with no. Prot. Κ4-155 / 10.1.1985, the Company carries out operations processing its data with the support of automated procedures designed to assess the risk and the making a decision on the insurance application for the Company.
(a) The above automated procedures (eg use of algorithms, manuals) allow the Company to assess the degree of risk so as to determine (i) whether the application for insurance is accepted or rejected; (ii) in case of acceptance, the appropriate and the proportional scaling of the premium and any special conditions under which the desired insurance contract may be binded.
(b) Automated procedures applied by the Company are based on mathematical / statistical analysis of the critical parameters thaty make it possible for the objective risk assessment and its integration into a homogeneous risk group based on the frequency and intensity of damages it may cause as well as its correct pricing (for example, the age of the building increases premium in property insurance).
(c) If the insurance application is declined or in case there are objections or questioning of any of its elements resulting in the procedure to be followed, he / she shall be entitled to object, requesting to check the result or part thereof by the Company's responsible department. It may also communicate with the Company for the provision of clarifications / explanations and / or to express its opinion on the outcome.
3. What are the purposes of processing.
The Company may process personal data for the following purposes:
a. risk assessment in the context of binding of the insurance contract, the declaration of the general and special terms of the contract, as well as the corresponding premium.
b. managing the insurance contract for the whole duration during its duration or even after the expiration including its assessment, control and settlement of payment in the event of incurred risk or payment of the amount (insurance) stipulated in the contract,
c. compliance with the obligations imposed by the Company with each current legislative and regulatory framework and to avoid insurance fraud,
d. research that the Company may have done in relation to other past or future applications for insurance of the insured / insured person.
In addition to the above, the Company may process data because of updating the subjects for new products and / or services of the Company and of its affiliates and third parties, which are provided by the Company and match the interests and preferences of the subjects, provided they have given their consent for this purpose.
4. With whom may the data be shared with.
The data may be shared with:
a. insurance or reinsurance companies following a legal request,
b. public or judicial authorities,
c. the Statistics Office Insurance Companies (file of Y.S.A.E.) of the Association of Insurance Companies of Greece,
d. in co-operating with Provider in the context of the lawful operation of the insurance contracts, such as insurance intermediaries, custodians and file management, help services, telephone support services for clients, lawyers, doctors, researchers or experts.
5. Sharing ofinformation to other countries.
The Company if found necessary to transmit data to the insurance recipient outside of Greece or outside the EU, this will be done under the conditions of Article 44 et seq. of GCC EU. 679/2016. In any case the transfer of personal data to countries outside the European Economic Area (EEA) is only carried out only if these countries provide an adequate level of protection of personal data. In case the third country is outside the European Economic Area (EEA) it does not provide an adequate level of personal data protection personal data may be shared to that country only if the Data protection is provided by a data sharing agreement, which ensures an adequate level of protection or the conditions expressly provided by the European and national authorities have met with legislation (eg the subject of the data to which the data is related has consented expressly in the sharing). The Company ensures by appropriate procedures that the required procedures are carried out by the local authorities.
6. What is the time frame for which data is observed and what happens when that time expires.
The Company will collect, store, and generally process data for a time frame of up to twenty (20) years from the termination of the insurance contract with any way and up to five (5) years if it is not a terminated insurance contract, unless a legal dispute is pending processing and until it is completed by an irrevocable judicial decision.
In othercases, the time frame for keeping the data will be the one provided for by law, any other existing contract, any consent given by the subject and the legal interests of the Company if they do not outweigh the rights of the subjects.
In case your account data storage passes, the Company gives special attention to the way they are destroyed. Especially for this purpose, it has established and applies relative procedures, which is applied after it is considered that it is not required to keep archival material to comply with legal and regulatory requirements or for the protection of the interests of the Company and is based on the instructions of the Data Protection Authority.
The Company ensures that the above file destruction process contains personal data that binds third parties that provide services at name and on behalf of and any other person with whom they cooperate under contracts, outsourcing, or other types of agreements.
7. What are the rights of the data subjects?
Each subject has the right to the provisions of the General Regulation regarding Personal Data (EU 679/2016) and the applicable national legislation, under the conditions laid down therein. More specifically:
· Has access to his or her personal data.
· Is entitled to request the correction of inaccuracies or inadequate data which concern him or her and fill in incomplete data.
· Is entitled to request the deletion of his / her data from the records of the Company, if their processing is not necessary for the pursuit of the purposes for which it has been collected and is not justified by another legal reason.
· Is entitled to request a limitation of use of their data in case of doubt of their accuracy.
· Is entitled to receive the data he has he / she provides in a structured, commonly used format.
The exercise of these rights presupposes the submission, at no cost, of a written application to the Company. For any matter that arises, it may be addressed to the Data Protection Officer of the Company (Zigranos Efstathios Athanasios, Agios Konstantinou 6, Athens, PC 10431, e-mail: firstname.lastname@example.org) although in any case he / she is entitled to address the Personal Data Protection Authority either in writing (Kifissias 1-3, PC 115-23) or electronically (www.dpa.gr).
In the event that one of the above rights is exercised, the Company will take every possible remedy within thirty (30) calendar days of receipt of the relevant application, informing in writing of its satisfaction or the reasons for the exercise.
8. What are the Company's obligations when processing the data.
The Company is required to apply and does apply all the requirements of the legislative framework for protection of the data. The following are particularly important:
– Securing Privacy and Security of Processing. The processing of personal data is confidential and is carried out exclusively by persons which are under control of the Company. These people are selected on the basis of strict criteria, which are intended to provide sufficient guarantees in terms of knowledge and personal confidentiality commitments. In addition, audits are carried out on a regular basis in order to strictly apply the criteria and procedures which the Company has established for this purpose. The Company receives all appropriate organizational and technical measures for data security and protection against incidents of violation such as accidental or unlawful destruction, accidental loss, alteration, forbidden dissemination or access and any other form of illicit processing. The measures taken are always intended to ensure a level of safety commensurate with the risks involved in the processing; and the nature of the data being processed.
– Security Information systems. To ensure complianceof the confidentiality of all the information entered into its information systems, the Company has put in place the appropriate measures to secure the information systems, with which the protection of data moving through networks is achieved data and voice which the Company uses, effectively control user access to its information systems and ensure it protects the information that they manage, identify them in a timely manner and prevent, as far as possible, incidents of security breach of the Company's information systems.
9. Installation of Closed Circuits for Security.
In order to prevent theft of goods, the prevention of criminal acts, the security of the personnel, the Company places closed television circuits at its premises, where deemed necessary. The installation and operation of these systems is in line with the requirements of the current regulatory framework.
10. Updating - Modifying our Policy.
The Company may update, supplement and / or modify this Policy in accordance with the current legal framework. In this case, or an updated Policy will be posted on the website of the Company, to which we refer each and everyone associated with us, in order to be always informed.