Personal Data Protection

Controller: INTERASCO SOCIETE ANONYME GENERAL INSURANCE S.A.G.I., Chalandri, Athens, Vas. Georgiou Street 44 & Kalvou Street, P.C. 15233, Tel. +30 210 2106776100, email: [email protected]

Data Protection Officer (DPO): e-mail: [email protected] or tel: +30 210 6793192.

The protection of individuals in relation to the processing of personal data is a fundamental right. Within this framework, INTERASCO S.A.G.I. informs you, according to the provisions of the General Data Protection Regulation EU 679/2016 (GDPR), for the proper and lawful use of your personal data (the data) that you provide and disclose to us, by any means, as a contractual party of our Company, through our authorized employees or our collaborating intermediaries or other partners, and which data we process solely for the purposes described below.

Data categories

The information collected according to the above, depending on your transaction purpose with our Company, may be included in your insurance application or claim for compensation, your insurance policy, and the necessary questionnaires, documents and supporting documentation accompanying your respective application, and such information may belong to the following data categories:

a) identification and contact data (e.g. name, profession, VAT number, Public Fiscal Service, social security number, ID number, passport number, date of birth, gender, address, telephone number, mobile number, email),

b) payments data (e.g. bank accounts, credit cards, etc.),

c) special categories personal data for insurance purposes, including sensitive health or non-health data, necessary for the assessment and conclusion of insurance contract and its management (e.g. insurance history, full medical history, data concerning wealth or economic situation, hobby, lifestyle),

d) data necessary for managing your request and any relative supporting document that may contain personal data, including the data for insurance and settlement purposes necessary for the management of a claim or payment of premiums.

Processing purposes

  • Any processing necessary in order to respond to your request and to provide services regarding our contractual relationship, including risk assessment, pre-contractually (e.g. pre-insurance check) and/or during the duration of your insurance contract, the determination of general and special policy conditions and of the respective premium, the management of the insurance contract, both during and after its expiry, including assessment, audit, settlement of the insurance claim in the event of an insured risk occurrence or the payment of the amount (premium) stipulated in the contract, as well as the automated risk profile assessment procedure and decision making;
  • Compliance of our Company with obligations imposed by the existing legislative and regulatory framework;
  • Legal interests of the Company, for example for prevention of insurance fraud purposes.
  • Commercial communication, information regarding the provision of insurance services and promotion of new insurance products, with your consent, as well as communication for the purpose of updating your data

Recipients:

  • the Company and its authorised personnel;
  • third persons, natural or legal, we cooperate with as part of the legal exercise of our operations and who as processors on our instructions are contractually bound with appropriate data protection provisions for taking the appropriate measures;
  • our parent company, HAREL Insurance Investments & Financial Services Ltd., for the transfer of limited data of simple and not special categories;
  • other (re)insurance companies, after submitting a legal request;
  • public / judicial authorities.

The Company does not disclose in any way your personal data to third parties that are not related to the provision of coverage and services related to your respective application or arising out of your insurance policy, unless required by law or by lawful request; or a public authority instruction.

Transfer to a third country: If transfer to a non-EEA country, and in particular to the above mentioned parent company HAREL, is required, the provisions of Article 44 et seq. of the GDPR shall apply, while the appropriate safeguards for adequate data protection level shall be provided.

Retention period: The period of time required for responding to your request or application, your insurance contract or other contractual relationship and as long as it is required for the compliance of the Company with legislative and regulatory requirements.

Subject’s rights: In accordance with GDPR and regarding the personal data concerning you, you have the following rights:

  • Right to information, concerning how your personal data is used.
  • Right of access, in order to be informed what data we process, the purpose and the recipients.
  • Right to rectification of any inaccurate personal information, including completion of incomplete data.
  • Right to erasure (“right to be forgotten”), if the personal data are no longer necessary in relation to the purposes for which they were collected, with the reservation of the company of not erasing data when the processing is necessary for compliance with a legal obligation, for the purpose of combating insurance fraud, or for the foundation or denial of claims of the Company, the subject or third parties or for archiving, research or statistical purposes, as long as data is encrypted.
  • Right to restriction of processing, e.g. in case of questioning their accuracy
  • Right to object to the processing, subject to the same reservation of the Company mentioned above, when processing is required to comply with a legal obligation imposed by law or your contract or for the purpose of combating insurance fraud or for the foundation or denial of claims of the Company, the subject or third parties.
  • Right to portability, in order to get the data you provide yourself in a structured, commonly used format.
  • Right of withdrawal, at any time, of already given consent you have provided to us by singing any Company’s form, although not affecting the legitimacy of processing your data until the time of the withdrawal request. However, if you withdraw your consent to data processing, at the pre-contractual stage or concerning data strictly necessary for the provision of the insurance contract, we are entitled to refuse the issuance or to terminate an existing contract, respectively, since we will no longer be able to provide our services.

To exercise your rights and get more information, you should use the contact details of our Company as referred above and or contact the Company’s Data Protection Officer (DPO)on the e-mail: [email protected].

In the event that you exercise any of your rights, we will take all reasonable steps to satisfy it within thirty (30) calendar days of receipt of the relevant application, informing you in writing of its satisfaction or the reasons obstructing their exercise.

In order to apply for the exercise of your rights, you can fill in and submit the relevant form.

You also have the right to file a complaint to the Hellenic Data Protection Authority (Kifissias Avenue 1-3, Athens, Zip Code 115 23, +30 210 6475600, www.dpa.gr)