Personal Data | Designia Insurance Brokers
Information of personal data subjects on the processing of their data based on the Regulation (EU) 2016/679 and the relevant Greek legislation.
The Designia Insurance Brokers (hereinafter the "Data Controller") which is located at 2-4, Sina St., 106 72 Athens, with contact details Tel: +30 210 930 3850, Fax: +30 210 930 3971, e-mail: info@ designiabrokres.gr, considers the protection of your data an issue of exceptional importance. As a Data Controller and in your capacity as our customers, or visitors/users of our online services, or our potential customers, we inform you that we process your personal data for the purposes and in accordance with the following:
1. What data do we collect?
• Identification data: name, father’s name, ID number, VAT number, Social Security Number, gender, date and place of birth, etc.
• Contact details: postal and e-mail address, landline and mobile phone number, etc.
• Data necessary for the conclusion of an insurance policy requested by you, depending on its object and the risks covered. Data on property or assets or investment or savings objectives or business data or information on marital status or data on your current or previous insurance contracts or specific data, such as health data or medical and/or treatment data, may be processed in this context.
2. Where doe the data come from?
Your personal data, including any specific data:
• are collected directly from you,
• are collected from any of your electronic communications with the Data Controller either during the process of your certification or during your registration with our service, or at the stage of your interaction with them, or through your browser or your device,
• are sent to the Data Controller by third parties acting on your behalf,
• are collected by cooperating service providers, e.g. hospital or medical diagnostic centers where you underwent relevant examinations, following your authorization for their transmission.
3. Why do we collect and how do we process the data?
Your personal data collected as above, will be processed by the Data Controller and/or by third parties who perform the processing on its order and behalf, for the following purposes:
• to identify you,
• to transfer them to the insurance company(ies) of your choice for the purpose of processing them in the context of the evaluation of your application to elaborate proposals for the conclusion of an insurance contract,
• to assess your needs and present to you insurance proposals by the insurance companies cooperating with us, according to such needs of yours and your requirements and wishes,
• to comply, as a Data Controller, with our statutory obligations,
• to send you questionnaires about your satisfaction and evaluation of our services or of the services of the insurance companies cooperating with us,
• to process your data in a non-personalized manner for statistical purposes,
• to manage the life cycle of your insurance products on your authorization,
• to inform you of our products and services or those of the companies or third parties associated with us and to promote them to you.
• In the case of an online service, the processing may involve your certification in the service, the provision of a personalized experience based on your choices, our protection against any attacks that could damage the confidentiality, availability and integrity of our/your data, as well as the availability and integrity of the service we provide.
4. For how long do we keep your data
• Your personal data will be kept by us as Data Controllers from the moment we are assigned the task of assessing your needs and entering into a relationship with an insurance company and until the completion of the general limitation period (20 years), unless the law or regulatory acts require the retention of personal data for a period longer or shorter than such period. If at the end of this period legal proceedings are in progress with us that concern you directly or indirectly, the above data retention period shall be extended until an irrevocable court judgment is issued.
• In the case of electronic communications, the data collected will be retained only for the time necessary to provide the service. Service interaction data may be retained for up to ten (10) years without being available for immediate processing.
5. Who are the recipients of your personal data?
• The Management and those Executives of our Company who are responsible for the fulfillment of our obligations to you.
• The insurance companies to which your data will be transmitted for the purposes described in section 3 above.
• Our partner experts, researchers, courier companies, consultants of all kinds (legal, financial services, etc.), natural or legal persons, as well as IT application development and maintenance providers, provided , who are always subject to the requirement of confidentiality.
• In special cases, either in defense of our rights, or when provided by law or judgments of judicial authorities, the Data Protection Authority or other Independent Authorities, your data may be transferred to debtor information companies of L. 3758/2009, as in force from time to time, lawyers, bailiffs, judicial and prosecutorial authorities, public services, public bodies, their officials, as well as other third parties. Any such access to data shall be made to the extent necessary to achieve the intended purpose.
6. How do we protect your data?
As Data Controllers, we implement an Information Security Management System to ensure the proper protection of your data. In addition, state-of-the-art protection measures are used, as well as appropriate organizational measures.
7. What are your rights and how can you exercise them?
a) You have the right to know what personal data concerning you we hold and process, as well as their origin.
b) You have the right to request the correction and/or completion thereof, so that they are complete and accurate by submitting any necessary document from which arises the need to complete or correct them, and stating the exact data you wish to be included in this processing (correction/completion).
c) You have the right to request the processing of your data to be restricted or to refuse any further processing.
d) You have the right to request the deletion of data concerning you, if either the above retention time has passed, or if they are data that do not relate to the fulfillment of our obligations as Data Controllers to you.
The exercise of the immediately preceding rights under points c and d shall entail our inability to present you with insurance plan proposals in accordance with section 3. Your requests may be satisfied only to the extent that the protection of our legitimate interests is not affected or restricted.
e) You also have the right to ask us to transfer your data to another data controller. Satisfaction of your above right does not necessarily imply their deletion from our files, which is subject to the conditions mentioned above.
f) You also have the right to file a complaint with the Personal Data Protection Authority (www.dpa.gr) if you consider that you and your rights are being infringed in any way.
You can notify us of the exercise of the above rights electronically at firstname.lastname@example.org. As Data Controllers, we will take every possible measure to satisfy your requests and we will respond to you within thirty (30) days. Only if this is not possible, we will inform you of the necessary extension of the above deadline, which will not exceed sixty (60) additional days. The exercise of the rights is free of charge, however, there may be a charge only in cases of proven abuse that will entail additional management costs for us.