Cosmos Insurance Public Company Ltd (hereinafter referred to as “the Company” or “Cosmos Insurance Public Company Ltd”) engages in insurance activities across Cyprus, having its main office at 46, Griva Digeni Avenue, Nicosia.
This text aims at providing you with intelligible, transparent and direct information about the processing of your personal data collected and processed by us in the context of fulfilling our obligations to you, as our Company is bound by the applicable legislation to secure and safeguard your right to protection against the illegal processing of personal data and your right to privacy, as well as to protect the personal data maintained by us and are of concern to you.
Your personal information may help us to better understand your insurance needs and to offer you a more comprehensive and customized service. However, we understand that maintaining the security and confidentiality of your personal data is a big responsibility which we take very seriously. For this reason we have drawn up this Policy, among other things, which aims at informing you about the kind of data we collect, why we collect them and how we use them.
This Policy is addressed to natural persons, who are current or potential customers of the Company, beneficiaries of insurance policy contracts, authorized persons, third persons, suppliers and associates. By providing your personal information or the information of some other person, such as a beneficiary of the Insurance Policy or a person who files a claim and for whom you have consented or obtained authorization towards the processing of their personal data, you accept that we will use such information in the manner analytically explained in this Policy. You should refer a person whose personal data you give to the Company, to this Policy.
Further Processing Notices may be delivered to you at a later stage underlining specific uses of your personal information.
It is also likely that certain changes will be made to this Policy in order to keep it in line with changes in the legislation as well as with operational and technological developments. You must from time to time check the website of the Company for the latest version of the Policy.
In the Policy, your data may sometimes be referred to as “personal data”, “personal information” or “data.” For the purposes of the Policy, personal data are any information concerning a natural person, whose identity may be established whether directly or indirectly, particularly by reference to an identification detail, such as full name, identity card number or one or more factors relating to the physical, physiological, genetic, psychological, financial, cultural or social identity of the said natural person.
The term personal data also includes, among other things, certain sensitive data (or special categories data), as for example the data concerning a natural person’s state of health, any penal convictions and data revealing the racial or ethnic origin of the person.
When we say that your personal data are subject to “processing”, this term includes every action undertaken in relation to these data, such as the collection, registration, organization, structure, storage, adaptation, variation, recovery, search for information, usage, transmission, diffusion, disposal, correlation, combination, limitation, erasure and destruction.
In case you require more information on how we process your personal data, you may apply to the Data Protection Officer of the Company at the address of our registered office, 46 Grivas Digenis, 1080, Nicosia, or by emailing firstname.lastname@example.org.
Personal Data Processing Principles
In collecting sensitive personal data we are bound by the General Regulation for the Protection of Personal Data (EU) 2016/679 and, taking into consideration the necessary organizational measures, we proceed to the processing stage, based on the following principles governing the processing of personal data:
•they shall be subjected to legitimate and lawful processing in a transparent manner,
•they shall be collected for specified, express and legitimate purposes and shall not be subjected to further processing in any way incompatible with the purposes for which these data are collected by the insurance company,
•only the appropriate and relevant data shall be collected, limited to the necessary purpose for which they have been collected, ,
•they shall be accurate and updated as necessary,
•they shall be retained only for as long as required and for the purposes for which they have been collected,
•they shall be subjected to processing in a manner guaranteeing their required security against non-authorised or unlawful processing and accidental loss, destruction or wear, among other things, through the use of suitable techniques and or organizational measures,
•when we transmit your personal data whether to another country or to a person who carries out the processing on behalf of the Company, the necessary measures shall be taken by us for the protection of your personal data, as for example through the conclusion of specialized contracts for data processing,.
How we Collect your Personal Data
More often than not the collection of personal data is performed directly by you or through consultants or intermediaries. The relevant information may be received through a proposition submitted to us whether directly or indirectly (via associates or/and agents) or by way of the agreement between us by telephone or any other kind of communication with you.
Nevertheless, in some cases the collection of personal data may be effected by third parties, when for example you are named by someone as party to an offer/Company contract. Your personal details may be collected either by third persons (associates, agents, lawyers, authorized individuals) or by other insurance companies or even by sources available to the public at large.
More analytically, personal data may be collected:
(a) Straight from you (directly or indirectly):
•Through the information completion form in the context of filing an application for an insurance offer
•Via a hand-written curriculum vitae, email, employees, supervisor, department Director
•In the context of submitting an inquiry or objection and filing a complaint or claim on your part
•On line by the client or through an intermediary Διαδικτυακά
•On line by the client when he chooses to pay through the JCC or an intermediary
•On line through a bank
•Personal details submission form
•By personal contact directly with the natural persons
(b) From various other/ “third” sources (indicatively):
•Through other insurance contracts in which you are named as part thereto (e.g. if you are nominated as driver in a motor vehicle insurance policy)
•Through other insurance services or branches
•Complaints Form, Insurance offer, Modification Form, Financial Ombudsman
•Through our associates, brokers or agents
•Through medical practitioners or other related health professionals (e.g. during the evaluation of a claim for damages),
•Through legal consultants (e.g. when you are not insured with us but you have a claim against a client of ours due to an accident),
•Through lawyers, agents, brokers, new associate completion form and insurance agent contract
•Through specialists and experts
•By telephone, through the Police, fax, websites, Photographs
•Through an electronic email message, ERP systems.
What kinds of Personal Data are Processed by us?
Our insurance company collects and processes various kinds of personal data, depending on the services provided in each particular case. Our policy applies to both our current and or potential customers directly or indirectly involved.
For all of the aforementioned reasons, our insurance company collects and processes personal data depending on the insurance coverage that will be provided for you as follows:
•Contact details (such as full name, Date of Birth, Identity Card Number, home address, email address, telephone, occupation, Social Insurance Number, etc.)
•Biographical details, competence statement, penal record, financial standing, social insurance number, School Leaving Certificate, Degree or/and Post Degree certificates, seminar attendance certificates, performance, grading, Name, Address, NIN, IBAN, TIN(AFT), date of birth, Telephone, Previous Salaries, clocking in and out, content of complaint.
•Data of brokers’ family members
•Details of policy offer depending on insurance class (e.g. Title deeds, third party signatures, Identity Card Number, guarantors’ data), coverages, amounts, medical record, names and addresses of health service providers
•Salary and Medical Record, Record of physical or mental diseases
•Own Medical Record and that of dependents
•Cost, Diagnosis, test results, Medical Certificates, claim details
• ΙΒΑΝ number, credit card number/account number for standing order, bank SWIFT number
•Accidents, vehicle details, Witnesses’ details
•Monitoring of insured or and third party claimant, verification of state of health, damages incurred (depending on insurance coverage)
•Identity Card Number or passport of drivers, Nationality of insured, drivers’ date of birth, drivers’ occupation, Driving Licence number (copy), previous claims, previous convictions for chargeable traffic offences or violations, previous insurance record.
How we use your Personal Data
After they have been collected by us, your personal data may be subjected to processing in our insurance company, as previously mentioned, by our employees, associates and or agents, in order to provide you with a customized service.
We use your personal data for the following purposes:
•To communicate with you
•To make assessments and decisions (automated or not automated, including individual profiling), in relation to the provision of insurance and the terms thereof, the settlement of claims and the provision of assistance and other services.
•For the provision of services stemming from the insurance policy, for the payment of damage claims and assistance, as well as for other products and insurance services offered by us, including the assessment of claims and the management and settlement of disputes.
•To improve the quality of products and of our insurance services
•For the prevention, detection and investigation of crimes, including fraud and the legalisation of the proceeds from illegal activities, as well as the appraisal and management of other trading risks.
•To conduct research and analyse data, including an examination of our client basis and other individuals, who have given us their personal details and information (for instance, third persons claiming damages), and the risks faced by our enterprise, always in accordance with the prevailing Cypriot and European legislation (including the obtaining of consent when required).
•For promotional marketing and advertising activities. We may undertake the conduct of promotional activities in accordance with your preferences and upon your consent, using email messages
•For the compliance of our company with the applicable laws and statutory obligations, European Union directives and guidelines, court decisions and other legal processes, and in order to respond to requests by public and state authorities, as stipulated in Cypriot and European legislation.
•To enforce and defend our legitimate rights and to protect our business activities, including those of our business associates, and to safeguard our rights, individual privacy, security or property assets, as well as the rights of our business associates, yours and those of other persons’ or third persons’; for the purpose of imposing our terms and conditions and pursuing all available recovery measures and containing our damages.
Sharing Your Personal Data
It might be necessary to share your personal data with our associates so that we could provide for you the required insurance, among others with Reinsurers, accident management Companies, storage companies, evaluators of other insurance companies, government services, Lawyers, Banks, car representatives, MOT, Insurance Companies Registrar, the Registrar of Companies and Official Receiver, the Social Insurance Department, Tax Department, Human Resources Development Authority, seminar/training centres organizers, Debt Collection Companies, Auditors, damage evaluators – experts, Doctors, Representatives, Travel Agencies, Hotels, Laboratories, Financial Ombudsman Office, Insurance Products Beneficiaries and Authorised Representatives.
In no case, however, are we going to share your personal data for processing for purposes contrary to those described in this Policy without your prior notification.
In each case arising from our relationship, your personal data may be transmitted to public authorities, researchers, reinsurance companies, the Registrar of Insurance Companies, who shall undertake to process them on behalf of the Company in the capacity of processors, on the basis of the agreement between us. Personal data may be transmitted abroad to associated third providers, reinsurance companies, lawyers and experts. .
In each transmission to third parties every measure shall be taken beforehand so that only the necessary data shall be transmitted for the implementation of the contract, along with the effective requirements for their legitimate and lawful processing; moreover, the organizations to which the data are being transmitted shall undertake a written commitment that they shall on their part comply with the provisions of the General Data Protection Regulation. Exempt are those cases in which the communication of the data is effected due to some legal or statutory obligation.
In cases where it is necessary to communicate your personal data to countries outside the European Union, which do not offer adequate guarantees for the protection of your personal data, our insurance company shall be obliged and hereby undertakes the responsibility to conclude contractual clauses between our Company and the Company to which the data are communicated, in order to safeguard the information transmitted.
Retention Period for your Personal Data
Our insurance Company shall retain your personal data in its records only for the time period required for the fulfillment of the insurance contract between us, unless legal or statutory obligations provide otherwise. This also applies to those cases where our agreement has for any reason been interrupted.
Due to harmonization with the Regulation, we have determined the time periods for the retention of your personal data, depending on the processing to which they are being subjected. The parameters that have been taken into consideration for the determination of the time periods are your better service, our operational needs, our legal obligations and the safeguarding of our legal interests.
In order to be accurately informed on the retention periods, please contact the Data Protection Officer of our Company.
What are your rights?
The General Data Protection Regulation defines your rights in regard to your personal data. On account of this, our insurance Company has developed a mechanism for the satisfaction of requests concerning your personal data, as follows:
I. Right to access: You have a right to access your data maintained by us and you may at any time obtain a copy thereof provided we possess them in electronic form.
II. Right to rectification: You have a right to access and rectify your personal details. You may at any stage of our relationship check and update your personal data, always presenting the necessary documentation and requesting the rectification or completion of inaccurate information. .
III. Right to be forgotten: You have the right to ask for the erasure of the whole or part of the data that concern you. We would like to underline however that our Insurance Company shall be obliged to erase only those personal data which can be erased as per our data erasure policy.
IV. Right to restriction: You hold the right to ask for the processing of your personal data to be restricted, even when the accuracy of the data is disputed or furthermore when the data are no longer useful to the insurance company but you request their retention due to legal claims.
V. Right to object: You may at any time whatsoever raise objections about the processing of your personal data. In case you make use of this right, the processing shall immediately cease, unless the Company can prove the existence of legal interest or the need to use the data in support of a legal/judicial case.
VI. Right to data portability: You have the right to portability, that is, to transfer your personal data to another organization in a legible and commonly used form. The said data shall be erased as specified in the erasure policy of the Company.
VII. Right to recall consent: You have the right any time to withdraw your consent to the processing of your personal data, without however affecting the legality on which our policy was based prior to your withdrawal. We would like to inform you that the recall of your consent may possibly lead to the termination of the relevant services. .
VIII. Right to launch complaint: You have the right to launch a complaint with the Commissioner for the Protection of Personal Data, regarding the processing of your personal data.
If in filing your complaint you feel that you have been wronged by us or if you have any doubts about the outcome of your request, you may submit it in writing to the Commissioner for the Protection of Personal Data at the below address:
Office of the Commissioner for the Protection of Personal Data
Iasonos 1, 2nd Floor
P.O. Box 23378
Τel.: 22818456 Fax No.: 22304565
In order to exercise your rights as above or in the case where you require more information concerning your rights, you may communicate with the Data Protection Officer of our Company, at the address of our registered office or through the email address email@example.com.
Changes to our Policy
Changes in the Legislation or technological developments impose corresponding modifications on our part.
You are kindly asked to keep apace with our Policy, which may at any time change in order to adapt to new developments and facts.
Our reviewed policy shall be posted on our website at the address www.cosmosinsurance.com.cy.
Finally, you may ask to be supplied with a copy of the most recent version of the Policy in printed form.