This Policy is a privacy statement and aims to inform you on: how I collect, use and disclose your personal data, the purpose for processing and your legal rights as data subjects pursuant to the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Protection of the Personal Data Processing Act 2018.
In accordance to the mentioned Regulation ‘personal data’ means any information that can identify (directly or indirectly) a natural person e.g. full name and an address or an ID number.
2. WHO AM I
Panayiotis Tsiolis is a licensed insurance intermediary, under the trade mark Ideal Insurance, registered in the Registers of Insurance Intermediaries (license number 5079). His office address is at 61, Acropoleos Avenue, 2012 Strovolos.
3. HOW I PROCESS YOUR PERSONAL DATA
I collect and process different types of personal data which I obtain from you through the ‘Proposal Form’ and/or other insurance forms in accordance to the explicitly and freely given consent that you have given me. I may also collect personal data from other publicly available sources (e.g. the Internet) which I lawfully obtain and are permitted to use.
4. WHAT PERSONAL DATA WE COLLECT
If you are a client, a prospective client, an employee, an insured person or a beneficiary in an insurance policy, the personal data I collect may include: Full name, home address, contact details, date of birth, ID or passport number, profession, marital status, number of family members, personal income and expenses, assets, bank account number, driving license details, height, weight and health conditions.
5. WHY I PROCESS YOUR PERSONAL DATA AND ON WHAT LEGAL BASIS
I am committed to protecting your privacy and handling your data in a transparent manner and as such I process your personal data in accordance with the GDPR and the data protection statute law for one or more of the following reasons:
A. Contract necessity
I process personal data on behalf of insurance companies in order to enter into contract, to amend a policy, to handle a claim or any other contract performance.
B. Legal obligation
There are some legal obligations arising from relevant laws and statutory requirements. In addition, there are various supervisory authorities like the Insurance Companies Control Service which may impose on me necessary personal data processing e.g. the insurance analysis.
C. Legitimate interest
I process personal data to safeguard legitimate interests pursued by me or by a third party. Legitimate interest occurs when I have a business or commercial justifiable reason to process your personal data, as long as this is necessary and is not unfair for you.
Provided you have given me your written specific consent, then the lawfulness of such processing is based on that consent. You have the right to withdraw or restrict your consent at any moment. Concerning the separate consent you may have given to the insurance company, you should contact the insurance company directly.
6. WHO RECEIVES YOUR PERSONAL DATA
As Data Processor I share your personal data with the insurance companies or insurance agents so that they can provide cover for you.
As Data Controller I share your personal data with Aquila Informatica B.V. which is the company that is running my software.
Aquila Informatica B.V., the insurance agents and members of my staff are bound by a separate Confidentiality and Data Processing Agreement in accordance with the law and the GDPR.
7. COMMERCIAL PURPOSES
Provided you have given me your specific consent, I may process your personal data in order to inform you about products, services and offers that may be of interest for you.
8.HOW LONG I KEEP YOUR PERSONAL DATA FOR
I shall keep your personal data for as long as you remain my client. When this relationship is terminated then I delete them, unless there is a justifiable reason not to do so.
Personal data of prospective clients (quotations) are kept for a period of 12 months.
In case you have filed a claim to your insurance company through me, I keep your personal data until the settlement of your claim.
9. YOUR DATA PROTECTION RIGHTS
- Right to be informed. You have the right to be informed about the collection and use of your personal data.
- Right of access. You may ask for a free copy of your personal data that is being used.
- Right of rectification. You may ask to erase or rectify inaccurate or incomplete personal data.
- Right to erasure (right to be forgotten). You may ask me to delete your personal data, as long as there is no justifiable reason for me to continue to do so.
- Right to restrict processing. You can ask me to restrict the purposes of your personal data processing.
- Right to object to processing. You have the right to object to processing when I rely on a legitimate interest. In such a case I shall stop processing your personal data unless I can prove that compelling legitimate grounds override your rights and freedoms.
- Right to data portability. You can also ask me to transfer your personal data directly to another business.
- Right to withdraw consent. You may withdraw the consent you have given me at any time.
- Right to report a complaint. If you have concerns about the way I use your personal data, you may contact my Data Protection Officer (DPO). You also have the right to report me to the Commissioner of Personal Data Protection through the website http://www.dataprotection.gov.cy.
10. HOW TO COMMUNICATE WITH US
If you wish to exercise any of the above rights, ask any question and/or request any clarifications concerning the way I use your personal data, you may contact my Data Protection Officer by email at email@example.com or by post: 61, Acropoleos Avenue, 2012 Strovolos.