Data Protection Company Policy
ROYAL CROWN INSURANCE COMPANY LTD. (henceforth referred to as “The Company”), is a legally registered and licensed insurance Company transacting non-Life insurance business in all areas of the Republic of Cyprus.
Within the scope of the Company’s activities, the Company collects and processes absolutely essential personal data as defined by the General Data Protection Regulation (EU) 2016/679 of the European Parliament and the Council of 17 April 2016, the local Cyprus Law 125(1)/2018, as well as any relevant regulation/ opinion/ decision/ order/ directive issued or to be issued by the Personal Data Protection Commissioner of Cyprus.
The Company is not directly or indirectly active in any other activity, and its clientele amounts to its most significant asset. It is committed to high professional standards. The quality of the provided services is assured through its certification by an International Certification Organisation in 2004 which carries out frequent continuing compliance controls. This is evidence of the Company’s ability to consistently provide insurance products and services, which satisfy its clients’ requirements, while complying with applicable legal and regulatory requirements.
This document’s purpose is to provide comprehensible, transparent and direct information regarding the processing and protection of your personal data which is collected by the Company, and processed and protected, in the context of fulfilling its obligations to yourselves. It is directed towards physical entities, currently clients of this company or potential clients, insurance policy beneficiaries, authorised third parties, suppliers and associates. Any personal data provided that relates to yourselves of or any other person to be included in the insurance contract or, such data that is provided during a claims procedure, is utilised solely for the purpose of issuing or fulfilling the insurance contract, in the manner described in this Company Policy.
This Company Data Protection Policy may be amended, in the event it is deemed necessary for compliance with legal or regulatory changes, recommendations by the Supervisory Authority or the Personal Data Protection Commissioner, or any operational or technological developments. Any such amendments shall be published on the Company’s website.
PERSONAL DATA PROCESSING
The term “Personal Data Processing” includes any act carried out relating to the personal data, such as collection, filing, organisation, arrangement, storage, adjustment, modification, recovery, data search, use, notification, dissemination, disposal, interconnection, correlation, restriction, elimination and erasure.
Personal Data means any information relating to any physical entity, whose identity can be directly or indirectly verified, mainly through referring to an identifying recognisable element, such as name and surname, identity card number, or one or more factors matching the physical entity’s bodily, natural, genetic, psychological, financial, cultural or social identity. The term “Personal Data” includes, amongst others, certain sensitive data (or specially categorised data), such as data relating to a person’s health, prior criminal convictions or data revealing ethnicity.
The Company processes communication and payment-related data, as well as insurance-related data, which are essential for the purpose of issuing an insurance policy and for the administration of a specific insurance or other contract, including, when required, sensitive data. In spite of the fact that that collection and processing of the said data is directly related to the fulfilment of the contractual obligations created by the insurance contract, or the handling of a court, or out-of-court procedure, involving its clients, or the handling of its clients legal rights (such as complaints handling), it pursues the collection of an initial written consent form from its clients, as well as additional consent forms, for the processing of personal data, if deemed necessary.
Such data include:
• Full name/ surname, residential address, electronic mail address, telephone number, occupation, identity/ passport no., date of birth, nationality etc.
• Information and communication details regarding named third parties, that are included in any way, in the insurance contract (e.g. named authorised vehicle drivers for Motor Insurance)
• Banking details (e.g. IBAN no.)
• Personal data regarding the state of your health, medical or mental, as well as information on prior accidents, diseases and treatments.
• Information regarding prior motor-related matters, such as penalty points, prior claims, pending court procedures against you
• Information regarding the nature of your occupation, your insurance history, as well as of all named person, in order for the Company to fully undertake risk assessment within its vital insurance practices.
• Information regarding the item for which the Company provides or may provide insurance cover (such as your vehicle, your yacht, your house, your company turnover – depending on the insurance product required).
• Information regarding your property (movable and immovable), its contents and any encumbrances such as mortgages
• Any other information required for the purposes of risk assessment, depending on your insurance requirements
• Any information provided by yourselves for the purpose of collaboration and cooperation with, or employment by the Company.
PERSONAL DATA COLLECTION
Company collects all absolutely essential personal data, mainly via the Insurance Proposal Forms, submitted directly or indirectly (by agents and/or associates) to the Company, or, through communication with yourselves, via phone, email or otherwise.
Further, Data collection may be provided by third parties (lawyers, doctors or other authorized entities), or by other insurance companies, or, for example, in the event that you are named in a Proposal Form or any document or contract. Data may also be collected through the Company website (for more information, click Terms and Conditions).
Comprehensively, personal data may be collected:
• Through the completion of the Insurance Proposal Form and other documents submitted to the Company
• Through telephone, fax, sms and email communication
• In the context of a complaint or claim submission
• In the context of a curriculum vitae submission for the purpose of employment or associateship
• By the Company’s intermediaries
• By the Company’s suppliers and other associates
• By persons authorized by yourselves (family members, co-workers, employers or insured persons for the purpose of provision of insurance cover to third parties)
• By lawyers, doctors/ medical centres
• By experts, specialists, loss adjusters/ assessors
• From the Police, the Transport Department or other state authorities or services
• From published information.
PERSONAL DATA PROCESSING
Personal data collected are processed for the following purposes:
• The contractual fulfilment of the insurance contract between the Company and the clients, including assessment/ evaluation of the client’s and third parties’ requirements and/or claims, compensation remittance, dispute resolution, substantiation, exercise and application of any legal demands, complaints handling, insurance cover confirmation declarations, assistance provision.
• Written, electronic (including email and phone messaging) and oral communication for the purpose of service provision
• Prevention, detection and investigation of crime, including fraud and income legalisation through illegal means (anti-bribery/ money laundering activities etc.) and the review and management of any commercial risks, in compliance with legal and regulatory requirements
• Provision of information in matters regarding each client’s insurance cover (e.g. statements of account, end of insurance periods, legal requirements etc.), or their obligations arising out of the terms and conditions of the insurance contract.
• Assessments of insurance needs and risk evaluations
• Improvement of insurance products and services provided by the Company
• Handling of clients’ demands, requests and complaints.
• Compliance by the Company to applicable laws and regulatory obligations, European directives and guidelines, court decisions and other legal procedures, enabling the Company to respond to any demand by public and state authorities, according to Cyprus and European legislation.
• Carrying out reports and data analysis, including the Company’s clientele profile, as well as of other parties that have provided their personal data and information (e.g. third parties demanding compensation), any risks the Company is exposed to, always according to the applicable Cyprus and European legislation (including securing any written consent forms, when deemed necessary).
• The protection, preservation and defence of the Company’s legal rights and interests, and for the protection of its commercial activities, its corporate associates, and for ensuring its interests, any confidential information or privilege, its security and assets, as well as those of its corporate associates, its clients or other persons and third parties.
The Company does not use or process any collected personal data for the purposes of adverting or marketing promotion of its products and services, or other parties’ products and services.
COMMUNICATION OF PERSONAL DATA TO THIRD PARTIES
The Company does not communicate any personal data to third parties, for any purpose that is in conflict for the reasons for collection. In the event that such a matter arises, the Company shall notify you accordingly and shall request a specific written consent form, outlining the purposes of such a communication.
All of the parties which receive data by the Company, are studied, and the Company ascertains professionalism and reliability demonstrated by them, and also demands for assurances and/or confidentiality and/or protection agreements, regarding the data communicated, before any information is given.
For the purposes of enabling the reasons (as described above) for which the Company collects said data, these may be communicated, depending on each particular case, to the following:
• Software Suppliers / Computer Programmers
• Loss assessors/ adjusters
• Road Assistance/ Accident Care Services
• Operators of Electronic Payments/ Credit Card management (e.g. JCC)
• Insurance companies for the purpose of co-insurance
• Lawyers and Doctors
• Public Services and Supervisory Authorities
PERSONAL DATA SECURITY
The Company applies appropriate technical and organizational measures for securing a safe level of physical and electronic protection of personal date, for the purpose of hindering loss or damage, modification, unauthorized access, dissemination or communication to non-authorised person or organization in any manner or form. The Company attaches the utmost significance to its operational continuity and disaster recovery, and in the context of its continuing improvement policy, develops and applies further and better practices and procedures for the security and protection of data collected processed, and the management of evolving threats.
The Company’s staff is being constantly trained, and is absolutely committed to the Principles and the Code of Ethics and Conduct of the Company, acting as guardians for their clients’ personal data. This Company has a reputation for minimum employee “recycling” and the excellent relationships between the employees and management.
RETENTION OF PERSONAL DATA
The Company shall reserve and process your personal data for the period of the contractual relationship between the parties, in written and electronic form. In the event that the contractual relationship lapses or is cut-off for any reason, the Company shall retain all the data, until the applicable limitation period for exercising legal rights ends, and in any event, for any period required by tax legislations, the applicable legal and regulatory framework and approved codes of conduct.
It is noted that in the event that a court procedure is in place, the personal data shall be retained until the completion of the said procedure resulting in an irreversible court decision.
PERSONAL DATA SUBJECTS’ RIGHTS
For the purpose of full compliance with the General Data Protection Regulation, the subject’s rights regarding collection and processing of data by the Company, a mechanism for the satisfaction of your rights and requests has been put into place.
You may exercise:
i) Your right of access, so that you can become informed, further to a request, regarding your personal data is being processed and further, obtain a copy and any information requested regarding the type of processing
ii) The right of correction of any imprecise data, or completion of any lacking data
iii) The right of deletion (“right to oblivion”) of your personal data, assuming its processing is not necessary for the completion of the purposes for it had been collected
iv) The right of restriction to processing, in the event of a dispute regarding its accuracy
v) The right of portability of your data, which means receiving your personal data in a structured and legible form, as generated by a technical system, as well as the right to communicated the said data to another data processing responsible person.
vi) The right of objection to the data processing, as well as the right of securing human intervention to automated procedures.
Regarding any issue relating to the collection and processing of your personal data or the exercise of your rights as above, kindly contact Mr Savvas Zachariades (22885555, or via email at firstname.lastname@example.org. For the submission of a written request, click here
In the event that during the submission of your request or demand or complaint, you believe that you are being treated unfairly by the Company, or are in any way uncertain regarding the outcome of your request, you may submit your position in writing to the Personal Data Protection Commissioner at the following address:
The Office of the Personal Data Protection Commissioner
Iasonos 1, 2nd floor
P.O Box 23378
Tel: 22818456 Fax: 22304565