Who is your Personal data controller?
Your personal data controller is Balcia Insurance SE (we, Balcia, insurer), registered in Latvia with the registration number 40003159840, legal address K.Valdemara Street 63, Riga, LV-1142, Latvia.
How to contact our Data protection officer?
If you have any questions related with personal data processing done by Balcia, you can contact our data protection officer by sending an e-mail to firstname.lastname@example.org.
Why do we process your personal data?
We process your personal data when it is necessary for:
- your identification;
- the performance of an insurance contract to which you are a party or in order to take steps at your request for the conclusion of the insurance contract, for example, provision of insurance proposals, concluding an insurance contract, administration of the concluded insurance contract, assessing the insurance risk and calculating the insurance premium, handling insurance claims, calculating the insurance indemnity etc.;
- compliance with a legal obligation to which Balcia is subject, for example, compliance with the requirements of supervisory authority, law enforcement institutions, tax authorities etc.;
- the purposes of the legitimate interests of Balcia, for example, legal proceedings, debt collecting, provision of insurance services etc.;
- specific purposes you have given your consent to, for example, for direct marketing purposes, improvement of our services and website, recording phone calls, evaluating of our services, preventing insurance fraud and other illegal actions, as well as for other legal purposes etc.
What personal data do we process?
By personal data we understand any information that allows us to directly or indirectly identify you (the data subject), for example, name, identification number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
We might process the following categories of personal data (the list is not exhaustive):
- information which identifies you as a client (name, surname, personal identification code or date of birth, address, email, phone number);
- data about your insurance contracts, insurance proposals, and insured objects (vehicle, property etc.) and persons (policyholder, insured person, beneficiary, injured third party etc.);
- data about insured events and claims;
- financial data (bank account number, insurance premiums, information about the payer etc.);
- communication (phone call records, correspondence with Balcia, chat records, etc.);
- information about using the website, self-service portal, application (login details, information about your activity in self-service portal, website and application, links you have clicked etc.);
- health data (only the data that is related with insurance contract and insured events).
How do we collect your personal data?
Usually we receive personal data directly from you (our client or potential client) when you submit your application for our insurance services or apply for an insurance indemnity.
When we need to assess the insurance risk, investigate and to identify the insured event, to calculate the insurance indemnity, we receive your personal data from other sources, for example, state registries (Residents’ Register Service, State Enterprise Register, Motor Insurers’ Bureau of the Republic of Lithuania), health and medical expertise institutions, experts, law enforcement authorities and other natural or legal persons.
Why do you have to provide your personal data to us?
In accordance with insurance regulatory enactments:
- we have the right and obligation to collect data concerning insured persons or beneficiaries included in insurance contracts or declarations submitted by policyholders prior to conclusion of an insurance contract, for the purpose of insurance risk assessment or for the performance of an insurance contract, for example, claims handling process;
- by entering into a contract, a policyholder or an insured person is obliged to provide all the information regarding the circumstances the insurer has requested and that is necessary for the insurer, in order to assess the probability of the occurrence of insurance risk and is important for entering into an insurance contract;
- we have an obligation to verify the occurrence of the insured event prior to the payment of the indemnity or refusal to pay the indemnity;
- the insured person is obliged to submit to the insurer all documents describing the occurrence of the insured event, including documents containing special categories of personal data (such as personal data concerning health condition) as well as other information requested by the insurer.
If the policyholder or an insured person does not provide the information requested by the insurer:
- the insurance proposal cannot be provided, and the insurance contract cannot be concluded, as the insurer is unable to assess the probability of the occurrence of the insured event nor the payable insurance premium;
- insurance indemnity cannot be paid as the insurer is unable to verify the occurrence of the insured event nor assess the amount of the indemnity.
With whom do we share your personal data?
- In cases and to the extent specified by law we might transfer your personal to persons or institutions duly authorized by law, for example, supervisory authority, law enforcement institutions etc.
- In cases when it is necessary for the performance of the insurance contract, claims handling, debt collection, legal proceedings, for example, to obtain information from state registries or other public or private institutions, to assess the possibility of insurance risk occurrence, the amount of payable insurance premium, to recover debts, we might transfer your personal data to third parties, such as medical institutions, claim handlers, experts, lawyers, debt collectors, banks etc. in accordance with regulatory enactments and our legitimate interests.
- We might use authorised processors for processing of your personal data related to provision of our services, for example, postal services, services of archiving, translators, legal consultants, claim handlers etc. In such cases, we ensure that such processors provide sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing meets the requirements of the applicable law, including General Data Protection Regulation, and ensure the protection of the rights of the data subjects.
- In case of occurrence of the insured event, in accordance with the Internal Regulations of the Council of Bureaux we might transfer your personal data to our Green Card correspondent or in accordance with the Codified motor insurance directive to our representative that is responsible for handling and settling claims in the name of Balcia in the country the insured event has occurred.
- List of our correspondents and representatives as well as the main claim handlers is available here (a link).
- Your personal data might be transferred to third countries (Russia, Belarus etc. outside the EU) in case of handling the claims under Green Card system.
- Your personal data might be transferred to third countries (Russia, Belarus etc. outside the EU) in cases specified in insurance terms and conditions, for example, for the reimbursement of medical expenses, transportation of insured to the country of residence, repatriation of remains.
For how long will we process your personal data?
Your personal data will be processed no longer than necessary. The data storing period may depend on the concluded insurance contract, the legitimate interest of Balcia or the applicable law (for example, claims limitation period specified in insurance regulatory enactments, civil law, bookkeeping regulatory enactments etc.).
In cases, when you terminate the insurance contract, delete your profile from self-service portal, refuse from our services, we will have to continue storing your personal data for the reason that in the future some claims might arise, therefore we will still store your personal data until the data storage period expires.
In cases when you withdraw your consent where you have provided it, in cases where it is necessary for our legitimate interests, we will still be processing your personal data we have collected during the period when your consent was valid until the data storage period expires.
Is there Automated decision making involved in the processing of your personal data?
Some of your personal data might be subjected to the automated decision making, for example, when evaluating the possibility of the insurance risk occurrence or evaluating the amount of the payable premium and for Balcia to ensure the best and the most appropriate insurance proposals. You have the right to obtain human intervention on the part of Balcia, to express your point of view and to contest the decision made based on automated decision-making process.
How do we ensure security of your personal data?
In order to process your personal data, we have implemented appropriate organizational and technical measures to guarantee personal data security, including protection against unauthorized or unlawful personal data processing, accidental loss or destruction of personal data.
What are Your rights as a data subject?
In accordance with the General Data Protection Regulation, as a data subject you have the right to:
- request from Balcia access to personal data. This means that you can request for us to inform you whether we process your personal data, provide you with a copy of your personal data we process, provide information about your personal data processed by us (for example, what data about you and for what purposes we collect, to whom we disclose your personal data, whether we transfer this data outside the European Union and other information);
- request from Balcia rectification or erasure of personal data. This means that if you see that personal data we collect about you is incorrect or inaccurate, you can request us to rectify or supplement such data;
- request from Balcia rectification or erasure of personal data. This means that you can request from us to delete your personal data in cases when this data is no longer necessary for the purposes it was collected for, when you have withdrawn your consent, when you object to processing of your personal data by us, when you believe we process your personal data unlawfully, and other cases. In some cases, we will not be obliged to delete your personal data, for example, when such processing is required by the applicable regulatory enactments or for the purposes for defending legal claims.
- request from Balcia restriction of processing concerning your personal data. This means that you can request us to restrict the processing of your personal data, except for storage, in cases you contest the accuracy of your personal data, you believe your personal data is being processed unlawfully, your personal data is no longer necessary for the purposes it was collected for, you object to processing of your personal data until it is checked, whether our legitimate reasons override your reasons. During the period of the restriction of processing of your personal data, we might not be able to provide you with our services;
- object to processing of your personal data. This means that you can object on grounds relating to your particular situation, at any time to to the processing of your personal data which is based on your consent or our legitimate interests. In such cases, we might not be able to provide you with our services;
- data portability. This means that you can request us to provide you personal data related to you which you have provided to us in a systematized, normally used and machine readable format, you can also request us to transfer your personal data to another data controller where it is technically feasible if the processing has been based on your consent or the contract and processing is carried out by automated means.
You can exercise your rights as a data subject by contacting us in writing using contact information mentioned above.
How to submit a Complaint to supervisory authority?
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes requirements of General Data Protection Regulation. The list of supervisory authorities in the countries where Balcia provides services is available here (a link).