This Policy is a privacy statement and aims to inform you on: how we collect, use and disclose your personal data, the purpose for processing and your legal rights as data subjects pursuant to the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Protection of the Personal Data Processing Act 2018.
In accordance to the mentioned Regulation ‘personal data’ means any information that can identify (directly or indirectly) a natural person e.g. full name and an address or an ID number.
2. WHO WE ARE
P.F.A. INSURANCE LINK AGENTS, SUB-AGENTS & CONSULTANTS LTD (also known as Insurance Link) is a licensed insurance intermediary company registered in Cyprus under registration number HE288513. Its head office is at 10, Navarinou Street, 1100 Nicosia.
3. HOW WE PROCESS YOUR PESONAL DATA
We collect and process different types of personal data which we obtain from you through the ‘Proposal Form’ and/or other insurance forms in accordance to the explicitly and freely given consent that you have given us. We may also collect personal data from other publicly available sources (e.g. the Internet) which we lawfully obtain and are permitted to use.
4. WHAT PERSONAL DATA WE COLLECT
If you are a client, a prospective client, an employee, an insured person or a beneficiary in an insurance policy, the personal data we collect may include:
Full name, home address, contact details, date of birth, ID or passport number, profession, marital status, number of family members, personal income and expenses, assets, driving license number and date of issue, bank account number, height, weight and health conditions.
5. WHY WE PROCESS YOUR PERSONAL DATA AND ON WHAT LEGAL BASIS
We are committed to protecting your privacy and handling your data in a transparent manner and as such we process your personal data in accordance with the GDPR and the data protection statute law for one or more of the following reasons:
A. Contract necessity
We process personal data on behalf of the insurance companies: A.I.G., Metlife, Trust, Eurolife and Minerva, as well as four insurance intermediary companies: A.K. Demetriou Insurance Brokers Ltd, Key Partners General Insurance Agents & Sub-Agents Ltd, Daes London Market Insurance Brokers and Soeasy Insurance Brokers Ltd, in order to enter into contract, to amend a policy, to handle a claim or any other contract performance.
B. Legal obligation
There are some legal obligations arising from relevant laws and statutory requirements. In addition there are various supervisory authorities like the Insurance Companies Control Service which may impose on us necessary personal data processing e.g. the insurance analysis.
C. Legitimate interest
We process personal data to safeguard legitimate interests pursued by us or by a third party. Legitimate interest occurs when we have a business or commercial justifiable reason to process your personal data, as long as this is necessary and is not unfair for you.
Provided you have given us your written specific consent, then the lawfulness of such processing is based on that consent. You have the right to withdraw or restrict your consent at any moment. Concerning the separate consent you may have given to the insurance company, you should contact the insurance company directly.
6. WHO RECEIVES YOUR PERSONAL DATA
As processors we share your personal data with the insurance companies that you contract with and/or the aforementioned insurance intermediaries with whom we cooperate, so that they can provide cover for you.
Each and every associate and member of our staff is committed to protect your privacy.
7. COMMERCIAL PURPOSES
Provided you have given us your specific consent, we may process your personal data in order to inform you about products, services and offers that may be of interest for you.
9. HOW LONG WE KEEP YOUR PERSONAL DATA FOR
We shall keep your personal data for as long as you remain our client. When this relationship ends we delete them, unless there is a justifiable reason not to do so.
Personal data of prospective clients (quotations) are kept for a period of 12 months.
In case you have filed a claim to your insurance company through us, we keep your personal data until the settlement of your claim.
In case you have consented to receive our newsletters, emails and/or sms for commercial purposes, we delete your contact details upon request in a very simple way, giving you the chance to do so every time we communicate with you (opt-out).
In relation to applications for employment, we erase all relevant information 6 months after submitting an employment application.
As far as employees are concerned, we erase all relevant information 6 years after termination of employment.
The video recording from CCTV is kept for one month only.
10. YOUR DATA PROTECTION RIGHTS
• Right to be informed. You have the right to be informed about the collection and use of your personal data.
• Right of access. You may ask for a free copy of your personal data that is being used.
• Right of rectification. You may ask to erase or rectify inaccurate or incomplete personal data.
• Right to erasure (right to be forgotten). You may ask us to delete your personal data, as long as there is no justifiable reason for us to continue to do so.
• Right to restrict processing. You can ask us to restrict the purposes of your personal data processing.
• Right to object to processing. You have the right to object to processing when we rely on a legitimate interest. In such a case we shall stop processing your personal data unless we can prove that compelling legitimate grounds override your rights and freedoms.
• Right to data portability. You can also ask us to transfer your personal data directly to another business.
• Right to withdraw consent. You may withdraw the consent you have given us at any time.
• Right to report a complaint. If you have concerns about the way we use your personal data, you may contact our Data Protection Officer (DPO). You also have the right to report us to the Commissioner of Personal Data Protection through the website http://www.dataprotection.gov.cy.
11. HOW TO COMMUNICATE WITH US
If you wish to exercise any of the above rights, ask any question and/or request any clarifications concerning the way we use your personal data, you may contact our Data Protection Officer by email at email@example.com or by post: 10, Navarinou Street, 1100 Nicosia.