Legal Notice-Data Protection
Legal Information to subjects of Personal Data in accordance with the E.U. General Data Protection Regulation no 2016/679 and the Greek Legislation
Aegean Insurance S.A., hereinafter referred to as “Aegean or Company”, is the Tax & Special Claims Representative of the foreign insurance company Accredited Insurance (Europe) Limited.
Aegean acts as Data Controller of all personal data required and processed in its normal course of business for existing and/or prospective clients, claimants and users, all hereinafter referred to as “user”, of all Company’s electronic/web services.
As a reminder, Aegean respects privacy and ensures that all personal data processed is done with confidentiality and in accordance with applicable laws on Data Privacy.
Aegean is likely to collect the following personal data in its normal course of business:
o Last Name
o ID Number
o Number of V.A.T.
o Date of Birth
o Place of Birth
o Mail Address
o Home Address
o e-mail Address
o Phone Number
o Fax Number
Insurance Policy Data:
Required information (documents) for the issuance of an insurance policy through risk-based (underwriting) rules
(e.g. Road Behaviour, Claims History, Profession/Occupation, Medical History e.tc.).
o Bank account
o Debit/Credit card details, either for the payment of premiums or other financial obligations to Aegean
Required information for claim handling, including all supporting documents on the basis of contractual requirement for assessing and closing a claim file.
Personal information published in the internet, social media or other public databases.
The data you provide will be mainly used by Aegean for the following purposes:
- Quotation: Your data will be used to provide you with a quote in relation to the insurance services you are requesting a quotation for. Aegean will ensure having the necessary facts to assess your insurance risk, calculate an accurate premium, issue the insurance policy, determine policy amendments of the “Terms & Conditions” and for administrating a claim under an insurance policy, upon occurrence.
Risk assessment may be performed by automated methods by authorized personnel:
- Ensuring the fulfilment of Aegean’s contractual obligations of managing your account and/or in the event of a claim.
- Meeting any compliance, legal or regulatory obligations, in accordance with Greek and European Law.
Personal data is obtained from your insurance application and the supporting documents submitted, your details passed on in the event of a claim, your claim compensation and the supporting documents disclosed, through any methods, including direct interactions, oral and/or written, electronically, affiliate Road Assistance-Interamerican, through third bodies, i.e. associated insurance intermediaries and brokers, lawyers and/or any party authorized by you.
Aegean collects your personal data and sensitive personal data as part of providing services to you.
Aegean may search and collect data from selected third parties i.e. experts, car repair shops, lawyers, insurance intermediaries, Public Authorities, as well as hospitals and medical diagnostic centers with your consent.
Information submitted for the issuance of an insurance policy, is retained for a period of twenty (20) years after the ending of the client/insurer relationship.
In the event of filing a claim, Aegean will process your personal information until settlement and will be stored electronically for a period of fifteen (15) years, from the date of initiating the claim.
In the event of ongoing court proceedings, which concern you directly or indirectly, the retention may be extended till the court ruling. Quotation data received is stored on the database for a period of fifteen (15) days.
The Right of Access:
This enables you to receive information on how your personal data is processed and a copy of the personal data we hold about you.
The Right to Rectification:
This enables you to have a request correction of your personal data we hold about you if it is inaccurate, incomplete and/or out of date.
The Right to Erasure:
This enables you have your personal data deleted or removed where there is no compelling reason for its continued processing. i.e. other than claims handling and compensation and legal grounds.
The Right to Data Portability:
This enables you to have your personal data transferred to a third party.
The Right to Restriction:
This enables you to request suspension of processing your personal data in case of wanting to:
o establish the accuracy of the data hold
o establish where the data is used
o establish unlawful use or processing
Nevertheless, if agreed to restrict data processing with any of the above requests, the insurance policy may be terminated, where this conflicts with your contractual obligations.
The Right of Objection:
This enables you to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority, including profiling, direct marketing and/or processing for purposes of historical research and statistics.
In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Nevertheless, if agreed to object data processing with any of the above requests, the insurance policy may be terminated, where this conflicts with your contractual obligations.
You will not have to pay a fee to exercise any of your rights. If you want to access your personal information, rectify, erase, transfer, restrict or object to processing of your personal data, you may send your request by mail or email to the appointed Data Protection Officer (DPO).
Upon receipt, the Company will take all necessary and reasonable measures to meet your requests within thirty (30) days, and if this is not feasible, you will be informed of the extent necessary and to the extent permitted by applicable legislation, which may not exceed the sixty (60) days.
The Company, acting as the Data Processor of your personal data, is obliged to notify the Supervisory Authority without undue delay, and at the latest within 72 hours, if a data breach occurs, and it is likely that the breach poses a risk to the individual’s rights and freedoms.
- Your personal data is shared with Accredited Insurance (Europe) Limited, in the context of the special and claims representation by Aegean Insurance S.A. in Greece.
- Your personal data is shared with all Company’s departments (i.e. Underwriting, Accounting, Claims, Legal and Technical)
as part of risk assessment and regular reporting activities on company performance.
- Your personal data may be disclosed with third parties, non-legal and/or legal entities (i.e. experts, investigators, road assistance affiliates, car and glass breakage repair shops, hospitals or medical diagnostic centers, postage services, file digitization and scanning services, doctors, lawyers and/or other consultants of any nature).
In such case, your personal data passed to third parties will be processed as part of the Company’s regular activities on company performance. All third-party service providers act as data processors and are required to take appropriate security measures and operate on behalf of the Data Controller.
- Your personal data will be shared with the Hellenic Information Center.
- Your personal data may be passed to other insurers and reinsurers on any legitimate interest.
- Your personal data will be shared with the Statistical Service of the Association of Greek Insurance Companies (Y.S.A.E.).
- Your personal data may be pass to any Supervisory/Regulatory Authority.
- Your personal data may be shared, in any case of need to comply with any legal and mandatory obligation (i.e. lawyers, bailiffs, judicial and prosecuting authorities, public prosecutors, public (government) services and officials or other Supervisory/Regulatory Authority).
- The Company shall not process your personal data for commercial and/or marketing purposes.
In any other case, of using your personal information for marketing purposes, Aegean will get your express opt-in consent, the event of such processing, you will be informed and asked for your written consent, retaining always the right to oppose to this processing.
The Company has put in place appropriate security measures (Personal Data Protection Procedures and Policies) and technical measures (Access Control System, Information Security Management System / Technology Protection Measures, Document Shredders) to ensure security of your personal data. This processing is always carried out in accordance with the applicable European Laws on Data Privacy.
You have the right to make a complaint at any time, including any requests to exercise your legal rights, to the appointed Data Protection Officer.
Telephone: +30 216 4004 132
If you are not satisfied with our response, you have the right to complain to the applicable Supervisory Authority, www.dpa.gr.
Please find below, the consent form for processing your personal information required for issuance and validation of your insurance policy
All forms in relation to user’s Personal Data rights are available in Greek, only here
Alternatively, please contact our Data Protection Officer at firstname.lastname@example.org to exercise your rights in relation to your personal data.