Lejupielādē App App Pievienojies mums!

Privacy Policy

Last updated on 13.11.2025.

Who is your Personal data controller?

Your personal data controller is Balcia Insurance SE (we, Balcia, insurer), registered in Latvia with the registration number 40003159840, legal address K.Valdemara Street 63, Riga, LV-1010, Latvia.

Phone: 82222, +371 20 682222 calling abroad

E-mail: [email protected]

Please refer to the last section of this document for more information about the countries where we operate and the relevant contact details.

How to contact our Data protection officer?

If you have any questions related with personal data processing done by Balcia, you can contact our data protection officer by sending an e-mail to [email protected].

Why do we process your personal data and on what basis?

We process your personal data for the following purposes:

(a) Provision of our services (including: your identification; conclusion and performance of the insurance contract; contract administration; communication with you in relation to contract conclusion or performance; insurance risk assessment and premium calculation; assessment and calculation of insurance claims).
Legal basis: conclusion and performance of a contract.

(b) Preparation and delivery of a new insurance contract offer.
Legal basis: your consent or Balcia’s legitimate interests (depending on the specific case).

(c) Prevention of misuse of Balcia’s services (including: prevention and detection of fraud; application of enhanced risk management measures to certain client profiles).
Legal basis: Balcia’s legitimate interests, fulfilment of a legal obligation, or performance of a task carried out in the public interest (depending on the specific case).

(d) Examination and administration of client complaints.
Legal basis: fulfilment of a legal obligation.

(e) Risk management (including within internal control and governance systems).
Legal basis: fulfilment of a legal obligation or Balcia’s legitimate interests (depending on the specific case).

(f) Improvement of services, business processes, and user experience (including: elimination of technical failures; conducting market research; enhancement of pricing models).
Legal basis: Balcia’s legitimate interests.

(g) Ensuring security and digital resilience (including implementation of physical and cybersecurity measures).
Legal basis: fulfilment of a legal obligation or Balcia’s legitimate interests (depending on the specific case).

(h) Protection of Balcia’s rights and interests (including: bringing, maintaining, and enforcing claims; debt recovery (including out-of-court); enforcement activities; assignment of claims).
Legal basis: Balcia’s legitimate interests.

(i) Direct marketing and advertising purposes (for example: sending commercial communications; approaching potential clients; delivering location-based content or offers).
Legal basis: consent or Balcia’s legitimate interests (where applicable).

(j) Fulfilment of obligations established by laws and regulations.
Legal basis: fulfilment of a legal obligation or performance of a task carried out in the public interest (depending on the specific case).

(k) Quality control of client service (including: monitoring of call content; verification of information provided to clients).
Legal basis: Balcia’s legitimate interests.

What personal data do we process?

We typically process the following categories of personal data:

(a) Identification data (e.g., full name and surname, national identification number, date of birth, age).

(b) Contact data (e.g., telephone number, e-mail address, postal address).

(c) Offer data (e.g., information provided when requesting an insurance quote or before concluding an insurance contract, such as details about the object to be insured, desired coverage, and relevant risk factors needed to prepare an individual offer).

(d) Contract and policy data (e.g., policy number; insurance product type; policy period; details of the insured object; information about policyholder, insured person, beneficiary and relevant third parties; coverage limits, deductibles, premiums, discounts; history of policy offers, renewals, amendments or cancellations).

(e) Financial and payment data (e.g., bank account number, payment history and outstanding balances; information about the payer; claim payment amount, recipient, and date).

(f) Claim and event data (e.g., details of the occurred event; information about damages; evidence; limited health-related data strictly necessary for assessing the claim; data of third parties involved in the event; correspondence and supporting documents).

(g) Risk management data (i.e., information necessary for managing risks relevant for our business).

(h) Communication data (e.g., recordings of incoming and outgoing calls; correspondence via emails, letters, online chats).

(i) Technical, device and digital interaction data (e.g., activity logs; IP address; app version; OS; device info; cookies; login credentials; network connection information).

(j) Geofencing data (e.g., device location; interaction with geographic zones; hashed customer profile references; marketing response data).

(k) Marketing and profiling data (e.g., preferences; participation in campaigns; identifiers linked to marketing campaigns; statistics).

(l) Regulatory and legal compliance data (e.g., data related to complaints, regulatory investigations, audits, sanctions screening).

How do we collect your personal data?

We collect personal data mainly in two ways:

(a) Directly (i.e., from you). This occurs, for example, when you apply for or use our services; submit an insurance claim; communicate with us; participate in campaigns; use our website, mobile application, or self-service tools; or otherwise interact with us.

(b) Indirectly (i.e., from other sources). These may include brokers, agents, experts, repair shops, service providers, financial institutions, public authorities, law enforcement institutions, public registers, witnesses, medical institutions, payment providers, marketing providers, identity verification providers, fraud prevention services, and other lawful sources in line with GDPR.

Why do you have to provide your personal data to us?

In accordance with insurance regulatory enactments:

- we have the right and obligation to collect data concerning insured persons or beneficiaries included in insurance contracts or declarations submitted by policyholders prior to conclusion of an insurance contract;

- the policyholder or insured person is obliged to provide all information requested by the insurer that is necessary for assessment of insurance risk;

- we must verify the occurrence of the insured event before paying or refusing indemnity;

- the insured person must submit all documents describing the insured event, including documents with special categories of personal data.

If such information is not provided:

- the insurance contract cannot be concluded, as the insurer cannot assess the probability of insured event nor premium;

- insurance indemnity cannot be paid, as the occurrence of the insured event cannot be verified nor indemnity calculated.

With whom do we share your personal data?

- We may transfer your personal data to persons or institutions authorized by law (e.g., supervisory authorities, law enforcement).

- When necessary for contract performance, claims handling, debt collection, or legal proceedings, we may transfer your personal data to medical institutions, claim handlers, experts, lawyers, debt collectors, banks, and others according to law and our legitimate interests.

- We may use authorised processors (postal services, archiving, translators, legal consultants, claim handlers, etc.), ensuring compliance with GDPR.

- For MTPL insured risks, we may disclose your personal data to our Green Card correspondent or representative in the country where the risk occurred.

- To prepare new insurance contract offers, we may share personal data with third parties (including offer intermediaries) for market research and offer calculation.

Your personal data may be transferred to third countries (outside the EU):

(a) within the Green Card system;
(b) in travel insurance cases, such as medical expense reimbursement, repatriation of insured persons, or repatriation of remains.

For how long will we process your personal data?

Your personal data will be processed no longer than necessary, depending on contract terms, legitimate interests, and applicable law.

If you terminate the contract or stop using our services, we may continue processing data in accordance with legal requirements.

If you withdraw your consent, we may continue to process personal data obtained while your consent was valid if necessary to protect our legitimate interests.

Is there Automated decision making involved in the processing of your personal data?

Some of your personal data might be subjected to automated decision-making, for example, during assessment of insurance risk or premium calculation and to provide the most appropriate insurance proposals.

You have the right to obtain human intervention, express your point of view, and contest decisions made through automated processing.

How do we ensure security of your personal data?

We have implemented appropriate organizational and technical measures to ensure personal data security and protection against unauthorized processing, accidental loss or destruction.

What are Your rights as a data subject?

Under GDPR, you have the right to:

- request access to your personal data;

- request rectification of inaccurate personal data;

- request erasure of personal data when applicable;

- request restriction of processing in specific circumstances;

- object to processing based on consent or legitimate interests;

- data portability, when processing is based on consent or contract and carried out by automated means;

- withdraw your consent at any time (without affecting prior lawful processing).

You can exercise your rights by contacting us in writing using the contact information above.

How to submit a Complaint to supervisory authority?

If you have concerns, we encourage you to contact us first. We will review your complaint and seek a fair resolution.

If you believe your data is processed unlawfully, you may lodge a complaint with a supervisory authority.

Main supervisory authority:

Data State Inspectorate of the Republic of Latvia (Datu valsts inspekcija)
Address: Elijas iela 17, Riga, LV-1050, Latvia
Website: www.dvi.gov.lv
Email: [email protected]

A list of EU data protection authorities is available on the European Data Protection Board website: https://edpb.europa.eu

Do we use cookies on our website?

Yes, we use cookies on our website. To learn more, read our Cookie policy.

Where we operate

Lithuania — Balcia Lithuania Branch
Registration No.: 304498010
Address: Perkūnkiemio g. 5, Vilnius, LT-12129, Lithuania
Tel.: +370 5200 0630
E-mail: [email protected]

Poland — Balcia Poland Branch
National Court Register (KRS): 0000493693
NIP: 5263124162 | REGON: 147065333
Address: Al. Jerozolimskie 96, 00-807 Warsaw, Poland
Tel.: +48 222 742 222
E-mail: [email protected]

France — Balcia France Branch
Registration No.: R.C.S. Nanterre 797 882 016 | SIRET: 797 882 016 00018
Address: 86 rue Anatole France, 92300 Levallois-Perret, France
Tel.: +33 (0)1 75 33 40 89
E-mail: [email protected]

Germany — Balcia Germany Branch
Registration No.: HRB 49268
Address: Senefelder Str. 17, 63322 Rödermark, Germany
Tel.: +49 (0)6074 91765 0
E-mail: [email protected]

Spain — Operations carried out under the freedom to provide services
Tel.: +371 6703 0500
E-mail: [email protected]

Italy — Operations carried out under the freedom to provide services
Tel.: +371 6703 0500
E-mail: [email protected]