The Companies process:

Personal data, such as identification data, contact information, payment data, insurance data necessary for the conclusion and handling of the insurance or other contract, special category personal data such as information regarding health (e.g. physical condition, disabilities, medical history, medication, etc.), information related to your financial / property status and investment / savings goals, data in respect of your driving behavior for car insurance, etc.

Personal information collected on our website and dependent on the request of each visitor / user. In addition to the above, it can also be a CV, in case of expression of interest for cooperation with the Companies. On a case-by-case basis and depending on the submitted request, optional completion of some of the above-mentioned data is provided by the visitor / user.

Interaction data through electronic services: IP address, Cookies, Browser information, device data etc., which do not identify you in a direct way.

We collect personal data:

 

• When you submit a quotation or an insurance application, an application for modification / reinstatement / cancellation / redemption, an insurance claim, an application for participation in group insurance, an announcement of damage.
• From our authorised employees / associates (e.g. experts).
• From our contracted service providers (e.g. hospitals, diagnostic centers).
• From the visitors / users of our website, only when they voluntarily provide them in order to process the submitted electronic requests.
• • From the visitors of the Company’s offices, for the provision of their personal data to the Ministry of Health, in the context of taking preventive measures to limit the spread of the coronavirus (Covid-19).
• Before or during the submission of an application for employment or cooperation.

Below you can see a description of the cases in which we intend to use your personal data and on what legal basis the processing is based on. You can also see a description of what our legitimate interests are, on a case-by-case basis.

We reserve the right to process your personal data for more than one legal ground. If you wish to receive clarifications on the respective legal ground on which we rely on for the processing of your personal data, in cases where the following table describes more than one reason, you can contact us.

 

Purpose/Activity	To issue an insurance quote or to participate in an insurance tender
Data Type(s)	a) Identification b) Communication c) Insurance, including health data
Legal basis	Necessary for the conclusion of a contract
Purpose/Activity	In order to carry out a pre-insurance audit, to assess the risk of an insurance contract (underwriting process), to determine the general and special terms, the proportional premium and to manage the insurance contract in general
Data Type(s)	a) Identification b) communication c) general information d) insurance, including health data in the Life Sector, Health Sector and other sectors that receive health data
Legal basis	a) Necessary for the purpose of satisfaction of a legal interest b) By consent
Purpose/Activity	To conclude an insurance or other contract
Data Type (s)	(a) Identification (b) communication (c) insurance data, including health data in the Life Sector, Health Sector and other sectors that receive health data
Legal basis	(a) Necessary for the conclusion of the contract (b) By consent
Purpose / Activity	To satisfy a request for modification / reinstatement / cancellation / redemption of the insurance, an insurance claim (compensation, periodic payment / pension)
Data Type (s)	(a) Identification (b) communication (c) insurance, including health data in the Life Sector, Health Sector and other sectors that receive health data (d) payment
Legal basis	(a) Necessary for the process/examination of an insurance claim and the performance of the insurance contract (b) By consent
Purpose / Activity	To issue a green card on your behalf
Data Type (s)	(a) Identification (b) communication (c) insurance
Legal basis	Necessary for the performance of the insurance contract
Purpose / Activity	To process and deliver your contract, including: (a) management of premium payments (b) collecting and recovering money owed to us (c) repayment of insurance premiums
Data Type (s)	(a) Identification (b) communication (c) financial (d) transaction
Legal basis	(a) Necessary for the conclusion or performance of a contract (b) Necessary for the satisfaction of legal interests (recovery of debt to us)
Purpose / Activity	To process/examine your insurance claim
Data Type (s)	(a) Identification (b) communication (c) insurance, including health data in the event of personal injury (d) insurance claim
Legal basis	(a) Necessary for the performance of the contract (b) Necessary to satisfy a legitimate interest (c) Based on consent for the above purpose (d) Necessary to prevent fraud
Purpose / Activity	To carry out an expert or medical examination, following a declaration of damage
Data Type	(a) identity of those involved (b) identity of witnesses (c) health data, in cases of personal injury (d) insurance (e) insurance claim
Legal basis	(a) Necessary for the satisfaction of a legal interest (b) By consent
Purpose / Activity	To process/manage a request/complaint
Data Type (s)	(a) Identification (b) communication (c) insurance (d) CV
Legal basis	(a) Necessary for the satisfaction of a legal interest (b) Necessary for the performance of a contract (c) Necessary for the satisfaction of a legal obligation to the competent authorities
Purpose / Activity	For the promotion of our products to you, only if you have explicitly stated that you wish to receive such promotion, by filling in the appropriate box on our website or in the consent form.
Data Type (s)	(a) Identification (b) communication (c) recording of telephone calls (in case where a recording will take place, you will be informed at the beginning of the call) (d) marketing preferences
Legal basis	(a) Necessary to comply with the Law on Consumer Protection, the Law on Regulation of Electronic Communications and Postal Services of 2004 (Law 112(I)/2004) as amended, or the applicable legislation. (b) By consent (You can withdraw your consent at any time, by sending the relevant request to info@ethnikiinsurance.com)
Purpose / Activity	To manage our relationship with you, including: (a) Notifications of changes to the terms and conditions or to the privacy statement (b) Ask you to submit a review or take part in a survey
Data Type (s)	(a) Identification (b) communication (c) insurance (d) recording of telephone calls (in case where a recording will take place, you will be informed at the beginning of the call)
Legal basis	(a) Necessary for the conclusion of the contract (b) Necessary to comply with a legal obligation (c) Necessary to satisfy our legal interests (updating our records and examining how customers use our products / services)
Purpose / Activity	To give you the opportunity to participate in a draw, a contest or to complete a questionnaire
Data Type (s)	(a) Identification (b) communication
Legal basis	(a) Necessary for concluding contracts with you (b) Necessary for the satisfaction of our legal interests (examining how customers use our products / services in order to develop them) (c) Based on consent
Purpose / Activity	To manage and protect our business and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and data retention)
Data Type (s)	(a) Identification (b) communication (c) interacting with electronic services
Legal basis	(a) Necessary for the satisfaction of our legal interests (management of our business, provision of management services and information technology, network security, fraud prevention and in the context of reorganisation of companies or reorganisation of the group to which the Companies belong) (b) Necessary to comply with a legal obligation
Purpose / Activity	To ensure proper service to all of our policyholders, to find ways to optimize the Company’s internal procedures and prevent fraud against the Company.
Data Type (s)	(a) Identification (b) communication (c) insurance
Legal basis	Necessary for the satisfaction of our legal interests
Purpose / Activity	To personalise the insurance product that we will recommend to you
Data Type (s)	(a) Identification (b) communication (c) general information (d) financial (e) insurance, including health data in the Life Sector, Health Sector and other sectors that receive health data
Legal basis	(a) Necessary for the satisfaction of our legal interests (b) Necessary to comply with the obligations arising from the legislation regarding the distribution of (re) insurance products
Purpose / Activity	To prevent and suppress money laundering and terrorist financing
Data Type (s)	(a) Identification (b) communication (c) financial
Legal basis	Necessary to comply with the obligations under the current legal and regulatory framework for the prevention and suppression of money laundering and terrorist financing
Purpose / Activity	For the exchange of information on financial accounts in the tax sector in order to combat tax evasion
Data Type (s)	(a) Identification (b) communication (c) financially
Legal basis	(a) Compliance with the obligations arising from the legislation regarding the exchange of information on financial accounts in the tax sector (b) By consent
Purpose / Activity	For the processing of submitted electronic requests as well as for statistical purposes and to improve the services and information provided
Data Type	Identification
Legal basis	Necessary for the satisfaction of a legal interest
Purpose / Activity	To satisfy a request from public / judicial / independent authorities, insurance funds or the supervisory authority (Insurance Companies Control Service) etc.
Data Type (s)	(a) Identification (b) general information (c) insurance, including health data
Legal basis	(a) Necessary for the defense of legal rights, satisfaction of legal obligations (b) By consent
Purpose / Activity	To manage the submission of a collaboration application that you submit to our website
Data Type (s)	(a) Identification (b) communication (c) CV (d) other information accompanying the CV application form
Legal basis	(a) Based on consent (b) Necessary for the conclusion of an agreement (c) Necessary for the satisfaction of legal obligations

In case of redirection of the visitors / users of our website to websites which are under the responsibility of third parties (natural or legal persons), the Companies are not responsible for the terms of protection and management of personal data which they follow.

Your data, in the context of the operation of your insurance contract, will be processed by the departments responsible for underwriting, for the operation of your contract, for the examination/process of your claims and for your compensation, as well as by other departments in the context of exercising their legal functions (for example: Actuaries, Legal Department, Internal Audit, Risk Management, Regulatory Compliance). Also your data, within the operation of the insurance contract to the extent that it is necessary to provide to you better service and the services / coverages provided by the insurance contract can be transferred to the parent company or to affiliated companies of the group to which the Companies belong to, cooperating with service provider companies such as insurance intermediaries, banks acting as insurance intermediaries, reinsurers, cooperating insurance companies for the provision of coverage, collectors or insurance collection companies, cooperating companies for the information of debtors, experts, investigators, advocates, cooperating hospitals, clinics, nursing homes, diagnostic centers and laboratories, health care companies, health consulting and auditing companies, doctors, emergency transport / air transport companies, second medical advice companies, any cooperating companies for file storage and management, cooperating IT companies, cooperating companies providing printing services, organisation and delivery of forms.

In all of the above cases, the collaborators with the Companies must act only on the Companies’ behalf and have been specifically authorised for this purpose as they are fully committed to the confidentiality and the obligations provided in the legislation regarding the collection and processing of the above data.

Also, as provided by law, to public services, insurance funds, judicial, public and independent authorities upon their legal request, if this is absolutely necessary for the protection of legal rights or the fulfillment of obligations of the Companies.

In addition, the Companies in the context of their compliance with the applicable tax legislation (e.g., FATCA, CRS, etc.) are obliged, only if you fall within its scope, to collect and process your personal data in the context of your identification as a person subject to U.S. law. for the “Foreign Account Tax Compliance Act” (FATCA) or the above international, European and Cypriot legislative and regulatory acts in order to comply with the obligations arising from the above legislation, which is addressed to the competent authority.

Especially in car insurance, your personal data may be passed on to partner roadside assistance companies, emergency technical assistance companies and their associates, to car accident investigators, to vehicle maintenance companies, to liability insurance companies, to Motor Insurers’ Fund (MIF), in the Cyprus Hire Risks Pool, in the Department of Road Transport, in the Police, in the Insurance Association of Cyprus (IAC) for statistical purposes and for the protection of the insurance market and prevention of insurance fraud.

In the case of non-sensitive personal data in fire industry contracts, they may be disclosed to cooperating emergency technical assistance companies.

In case the transfer of personal data outside the EEA is required for the performance of the contract, then appropriate guarantees will be obtained, based on articles 44-50 of the General Data Protection Regulation. In particular, in case of transfer of sensitive personal data, then the additional requirements of article 17 of Law 125(I)/2018 will be fulfilled.

The Companies will keep and process your personal data for the duration of our contractual relationship, both in paper and electronic form. In the event where the relationship is terminated in any way, we will keep your data for as long as required until the expiry of the limitation period to bring proceedings / claims and in any case for as long as required by tax law, the applicable legal and regulatory framework and the approved codes of conduct.

Also, the Company will keep and process your personal data for up to five (5) years in case of rejection of your application and non-conclusion of the insurance contract. It is pointed out that if there is a court dispute between us beyond the above processing times, we will keep your data until the end of the court case with an irrevocable court decision.

Especially regarding the retention period of personal data related to the health of the data subject, this will not exceed 15 years after his death or 15 years after the last entry of data concerning him/her in the archiving system of our Companies. This period is valid as, there are no financial / legal or other pending issues or differences between the data subject and our Companies.

The Companies collect, store and process data for the performance of targeted marketing activities or commercial promotion of products of the Company and the companies of the Group to which they belong, or for research purposes on the quality of the services provided by them, only with the explicit consent of the data subjects. To achieve this, data may be transferred to cooperating research companies and promotional companies. The data subject has the right to object at any time to the processing of his/her personal data for marketing purposes by filling in and sending to us the “Request Submission Form” below.

The Companies, complying with the relevant provisions of the GDPR regarding the protection of individuals from the processing of personal data, are committed to protecting your personal data as they consider the security of personal data of their customers and/or potential customers to be important and an integral part of management of corporate information. They therefore take all the necessary measures to ensure that personal data is secured and protected against loss, mishandling, unauthorised access or unlawful processing, modification or disclosure.

We are committed to keeping your data up to date and accurate, to storing and deleting it securely, to collecting and maintaining data that we do not need, to protect your data from loss, misuse, unauthorised access or disclosure, and generally we ensure the existence of appropriate technical and organisational measures for their protection.

You have the following rights in terms of your personal data we hold about you:

(i) the right of access, in order to be informed, at your request, as to whether or not your personal data is being processed and, in addition, to receive a copy and further information about the processing being carried out;
ii) the right to rectification of your inaccurate personal data or to have your incomplete personal data completed;
(iii) the right to erasure (‘right to be forgotten’) of your personal data, provided that their processing is not necessary for the purposes for which they were collected;
(iv) the right to restriction of processing in the event where the accuracy of the personal data is contested by the data subject;
(v) the right to portability of your data, i.e. to receive your data in a structured and commonly used and machine-readable format, as well as the right to transmit such data to another controller.
(vi) the right to object to their processing, as well as the right to ensure human intervention in automated procedures..

For the exercise of your above rights and for any question or complaint concerning personal data, you can contact the Data Protection Officer:

• • By sending an email to dpo@ethnikiinsurance.com ή
  • By filling in and submitting electronically the “Request Submission Form” that you will find here.

The rights are exercised by the data subject free of charge, unless due to their repetitive character they incur administrative costs for the Company.

For any clarification regarding the process of the submission of a request, you can call at 22841000.

If you exercise any of the rights above, we will take all possible measures to consider your request within 30 calendar days of receiving the request, after informing you of either its satisfaction or the objective reasons that prevent its satisfaction.

You can at any time revoke your consent to the processing of your personal data and the specific categories of your personal data collected for the purposes of the insurance contract. However, we declare that the revocation of your consent as well as the exercise of the right to object to the processing of your data, is equivalent to the termination of the contract on your part and will result in the termination of the insurance contract between us and the non-coverage as no insurance contract can exist without the processing of the personal data of the policyholder and / or the insured and / or the beneficiary.

Finally, in the event that you believe that the protection of your personal data is in any way affected, you have the right to complain to the Office of the Commissioner for Personal Data Protection:

Website: www.dataprotection.gov.cy
Postal Address: 1 Iasonos Street, 1082 Nicosia
Mailbox: 23378, 1682 Nicosia
Call Center: +357 22818456
Fax: +357 22304565
Email: commissioner@dataprotection.gov.cy