PRIVACY STATEMENT ABOUT THE PROCESSING OF PERSONAL DATA & DECLARATION OF CONSENT BY THE COMPANIES:
“INTERAMERICAN HELLENIC LIFE INSURANCE COMPANY S.A.”, “INTERAMERICAN HELLENIC PROPERTY & CASUALTY INSURANCE COMPANY S.A.”, and “INTERAMERICAN ASSISTANCE GENERAL INSURANCE COMPANY S.A.”
(as Data Controller, each company independently)
(Pursuant to the 2016/679 E.U. General Data Regulation)
I. Why will you process my Personal Data (PD)1 and Special Category Personal Data (SCPD)2?
- Under the insurance application that you submit to us, you declare that you wish to transfer the risk that you have selected (e.g. life, health, disability, third-party liability insurance of any kind, fire, assistance, etc.) to us, in our capacity as Insurers (Insurance Company). We, based on the information/data that you declare to use in the insurance application, should include you within a homogeneous category of risks and estimate, based on your declarations, an appropriate and proportionate insurance premium, estimating and taking into account, among others, the frequency and intensity of casualties and damages that may occur.
- In order for this to be done, it is necessary to declare to us the specific PD or/and SCPD that are listed in the relevant fields of the insurance application. These data are objectively essential for the assessment of the insurance risk and accomplishment of the purpose and operation of the insurance policy. The correct and full information about the data that we ask you, and upon which we fully rely, is your responsibility under insurance law (Law 2,496/1997), and in this way, we will be able to include you within the right risk group and estimate correctly the insurance premium that you have to pay for your coverage.
- It is possible that, any inaccurate or incomplete information about the data that we have asked you, can establish our right to even demand the cancellation or termination of your insurance policy, at any time.
- For as long as the insurance policy remains in force, we will process your data that are necessary for its operation, based on the express consent that you will provide to us at this stage through the insurance application, or at any subsequent stage.
ΙΙ. What kind of processing will you apply to my data?
- After you submit the insurance application to us, with all its fields completed, we will proceed, for the reasons that we have mentioned above, to any act or series of acts towards the processing of your data, and through the assistance of automated means, such as, for example, the collection, recording, organization, correction, storage, adjustment, change, retrieval, and search of information.
- We make use of automated means for decision making at the stage of underwriting, in health insurance and private passenger vehicle insurance policies. These automated means, in which, the underwriting rules that we apply have been largely incorporated, enable us to make decisions faster, and with higher accuracy, transparency, and consistency.
- However, in these cases, regular relevant audits are carried out by our competent employees. Therefore, a case of refusal of insurance (in health insurance and private passenger vehicle insurance policies) is always audited by a competent employee of ours.
- Within the context of protecting our legitimate interests, we often carry out audits, through accredited automated means, in order to prevent any fraud at our expense.
- Especially with regard to Life Insurance products, we perform the following forms of individual processing, in order to comply with the provisions of the European and Greek legislation:
ΙΙΙ. How long will you keep my data in record for?
- We will keep your data for as long as you maintain a contractual relationship with us, both in paper and electronic form. In case this relationship is terminated for any reason whatsoever, we will keep them for as long as it is required, until the time of writing off any relevant claims has lapsed. However, if the insurance application or application for amendment of insurance policy that you have submitted to us has not been accepted, we will keep it for a period of one (1) year from the date of submission.
IV. What are my rights regarding the processing of my data?
- You may exercise the following rights, if applicable: the right of access (in order to know what data of yours we are currently processing, as well as for what reason, and their recipients7), correction (in order to correct any incompletion or inaccuracy in your data8, deletion (right to be forgotten) (their deletion from our records, in as much as, however, their processing is no longer necessary9), limitation in processing (in case of challenging the accuracy of data, etc.10), portability (to receive your data in a structured and commonly used format11).
- These rights are exercised at no cost to you, by sending a relevant letter or e-mail message to the competent Data Protection Officer, unless they are repeated on a frequent basis and, due to volume, they incur administrative cost to us, whereat you will be charged the associated cost.
- In case you exercise any of these rights of yours, we will take any action possible to satisfy your request within thirty (30) days from the receipt of the relevant request, after we have notified you either of its satisfaction, or the objective grounds that prevent its satisfaction.
- Further to that, you may, at any time, object to the processing of your PD and SCPD for the purposes of the insurance policy, by revoking your consent. However, this will result in the termination of your insurance policy and non-coverage, because (according to the aforementioned) no insurance policy can operate without the processing of the PD or/and SCPD of the insured person (subject of the data).
V. How do you ensure the security of my data?
- We are fully committed to the security of data. In order to achieve this, we apply all modern and appropriate for the purpose of processing, technical (indicatively, encryption, anonymity) and organizational measures, the correspondence of which, we monitor in regular intervals.
VI. Where will you forward my data to?
- Your data will be forwarded to our departments that are responsible for underwriting, the proper and smooth operation of your insurance policy, as well as your compensation. Indicatively, we list the underwriting department, issuance department, compensation department, actuarial department, legal service, etc.
- Your data may also be forwarded and become accessible to legal entities or/and natural persons, with which, at times, we maintain agreements for the proper, and according to the terms and conditions of insurance policies, compensation of our insured persons, as well as for the assessment of casualty and damage. Moreover, your data, within the context of the operation of your insurance policy, can be forwarded to various hospitals and medical care establishments, physicians, public authorities, compensation investigators, etc. However, you should be aware that, in this case, these legal entities or/and natural persons will process your personal data for the sole purpose of providing services to us, and not for their own benefit, acting as parties that perform the processing.
- Your data may be forwarded, become accessible to and undergo processing by our parent company “Achmea B.V.”, with registered office in the Netherlands, as well as by other companies of the same Achmea Group, within the European Union.
- In any forwarding of data, we always take every care so that the data to be forwarded are always the minimum necessary, and that the requirements for legitimate and fair processing are met at all times.
VII. Will you also perform processing of my data for commercial purposes?
- During the processing time that is mentioned above, we will only process your PD (and not, however, the SCPD), for the purpose of promoting other or complementary to your needs, insurance products or services, either of our company, or other companies of the INTERAMERICAN Group.
- You may object at any time to this processing of your data (for commercial purposes) by sending a relevant request to the competent Data Protection Officer. In this case, your data will no longer undergo processing for commercial purposes.
VIII. How can I file a complaint/objection?
- For any issue concerning the processing of your data, you can appeal to the office of the competent Data Protection Officer (DPO) of INTERAMERICAN Group: tel. 210 946 2000/email firstname.lastname@example.org
- Moreover, you always reserve the right to appeal to the Personal Data Protection Authority, which can also accept the filing of associated complaints either in writing in its register (1-3 Kifisias Ave., P.C. 115 23, Athens) or electronically (www.dpa.gr).
------------------------------------------1Any piece of information that refers to an identified or identifiable natural person (“subject of the data”), such as identification details [name, identification card number, and physical, physiological, psychological, financial, cultural, or social identity of the natural person (Article 4 of 2016/679 EU Regulation)].
2These data refer indicatively to health, as well as racial or ethnic origin, etc. (Article 9 of 2016/679 EU Regulation).
4Law 4,170/2013, Council Directive 2011/16/EU.
5Common Reporting Standards-CRS
6Law 4,493/2017 Memorandum of Cooperation between the Greek Government and the Government of the U.S.A.
7Article 15, 2016/679 EU Regulation
8Article 16, 2016/679 EU Regulation
9Article 17, 2016/679 EU Regulation
10Article 18, 2016/679 EU Regulation
11Article 20, 2016/679 EU Regulation