Information and statements provided to the data subject in accordance with the Regulation on the Protection of Personal Data
(Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC)
Who are we and why do we process your data?
We are a company offering non-life insurance based on contracts concluded with insurers.
We shall endeavor, that all obligations be fulfilled, which arise to us under the legal regulations on personal data processing and we commit to protection of the data from misuse and prying to private and personal life.
In the event that you are interested in the provision of information of personal data, which of your person is handled, you may contact us at email@example.com.
We and the Insurer are joint data controllers.
Our details: DEFEND INSURANCE Sp. z o.o., ul. Ligocka 103, 40-568 Katowice, tel. (32) 797 10 41, www.defendinsurance.pl.
Your personal data are processed only in the scope of the relevant legislation with no need of a specific consent on this legal basis:
1. The data processing is required for the performance of the contract you are a party thereof
It includes particularly processing related to offer and provision of our service. It concerns your personal data (interested party/policyholder) and personal data of other parties of the contractual relationship (insured, injured party etc.) as well. Without such data we cannot offer or provide our service. That is why legislation does not require any specific consent for such procesing. If you failed to provide the necessary data we would not be able to enter into the contract at all.
2. The data processing is required for the purpose of our or your legitimate interest
The legitimate interest covers e.g. prevention and discovery of criminal offence, claim procedure and enforcement of rights from the contract. That is the reason for recording our mutual phone calls to make sure what we were talking about. We can record the phone calls, process them and later evaluate them to be able to satisfy your requests, wishes and needs in the future. We can also contact you and verify if you were satisfied with our service.
In case of documents and procedures we carry out analysis in order to develop new products and improve the customer service.
The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest according to the regulation.
You may object to processing data for direct marketing purposes. In case that you raise an objection
your personal data will not be processed for marketing purposes any more. The objection does not influence
the previous processing.
Your personal data processed for marketing purposes will not be transferred to any third party.
3. The data processing is required for compliance with a legal obligation
Legislation in some cases lays down obligations to process your personal data. Particularly
in those cases:
a. performance of information obligations and exchange of information and provision of cooperation based on legal regulations (especially Insurance Act etc.)
b. storage of data according to legal requirements etc.
What data is collected?
We process especially the data we need for offer and provision of our service. It means all the data that are included in the contract and other similar forms.
Sometimes we will connect your personal data with other information and create new data. It is important for example for compensation payment or for compliance with legal obligations (e.g. fraud prevention). If you do not object to the processing for marketing purposes we can evaluate your personal data in order to offer you only products interesting for you.
It can concern address and identification data (e.g. date of birth, identification, citizenship, tax residence),
data on contracted service and other data you provide to us or we discover during provision of our service
including the data created in relation with our obligations based on the data provided.
How do we collect data and what do we do with them?
We collect data solely directly from you during the conclusion and administration of the contract.
Recipients and processors
Personal data can be processed beside the controller, his employees and bodies participating with him by contractual processors (especially insurer, re-insurer and insurance intermediaries), in the Czech Republic as well as abroad. Every person having access to personal data in the scope of performing their job or contractual duties is bound by confidentiality and keeps sufficient data protection standards.
In the scope of a legitimate processing we are entitled to transfer personal data to other subjects (e.g.
exchange of information for the purpose of fraud prevention etc.). If there is a legal reason other third
parties may gain access to the data (e.g. police or other public authorities).
Transfer of data abroad
Your personal data may be transferred for the processing intra-EU, beyond EU countries only in case of
the insurer´s seat beyond EU borders. Our processors always keep at least the same standards for data
protection as ourselves.
How do we treat the data?
The process means
Personal data are duly protected. The process is carried out manually as well as in electronic information systems that are subject to physical, technical and procedural control. For the purpose of data protection we have settled a safeguarding mechanism including technical, organisational and personal safeguards.
Automated decision-making and profiling
We do not use any automated decision-making or profiling.
How long do we store the data?
If not stated otherwise we process and store the personal data for the term necessary for fulfillment of rights and obligations arising from the contract and further for the term arising out of generally binding legislation.
For marketing purposes the term takes 5 years after expiration of the contractual relationship, in other cases the term arises from the purpose of the data proceeding or is stipulated by the legislation.
What are your rights?
Every data subject shall have the right to obtain confirmation from the controller as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data. Where requests for information and for a copy of the data undergoing processing are of a repetitive character we have a right to charge a reasonable fee based on administrative costs or refuse to act on the request.
In the event that you discover or suspect that the personal data are processed in conflict with the protection
of your private and personal life or contrary to the law, you may:
• ask us or processor for an explanation;
• require us to correct the situation; in particular, you may require rectification, erasure, restriction of processing;
• object to processing.
We shall always inform you about the processing of your request without undue delay.
You are entitled to refer to or lodge a complaint with: Biura Urzędu Ochrony Danych Osobowych: 00-193 Warszawa ul. Stawki 2, tel. (22) 531 03 00, e-mail: firstname.lastname@example.org
List of subjects that may enter into contact with your personal data
Controllers (according to the contract concluded):
Lloyd's of London, 1 Lime Street, London, EC3M 7HA United Kingdom
DEFEND INSURANCE Sp. z o.o., ul. Ligocka 103, 40-568 Katowice, Polska
Processors who obtain personal data for the purpose of administration of the contract and other cathegories
• Insurance intermediaries entitled to intermediate products of the insurer in question
• Public authorities (Narodowy Bank Polski, Komisja Nadzoru Finansowego, Police and the like) and courts (particularly when performing our legal obligations)
• Auditors and other independent bodies ensuring the fullfilment of legal obligations
• Providers or operators of IT technologies
• Providers of service necessary for performance of our activity (administration, archivation, legal counsel, debt administration etc.)
• Providers of service (claim investigation and claim settlement)
List of companies that may gain access to your personal data:
AmTrust Syndicates Limited, Exchequer Court, 33 St Mary Axe, London, EC3A 8AA, United Kingdom.
Xchanging Ins-sure Services Ltd., Trinity Road, Folkestone, CT20 2RJ United Kingdom.
Casablanca INT, s.r.o., Plzeňská 183/181, 150 00 Praha 5, Česká republika
DEFEND INSURANCE HOLDING s.r.o., Roztylská 1860/1, 148 00 Praha 11, Česká republika
ProfiHOSTING s.r.o., Brněnská 412/59, 783 01 Olomouc – Slavonín, Česká republika