LOCATE
 |
Agents and Brokers |
Privacy Policy
Translations:
1. Who We Are
Grawe Insurance (Cyprus) Co. Ltd (hereinafter referred to as “the Company”) conducts insurance business throughout Cyprus and has its headquarters at 55 Digeni Akrita & 1 Olympias Street, 1070 Nicosia.
This document aims to provide you with clear, transparent, and direct information regarding the processing of your personal data, which we collect and process in the course of fulfilling our obligations to you. The Company is committed, under applicable law, to safeguard and protect your right against unlawful processing of personal data, your right to privacy, and to protect the personal data it maintains relating to you.
Your personal information can help us better understand your insurance needs and provide you with a more complete and personalized service. However, we understand that keeping your data secure and confidential is a major responsibility that we take very seriously. For this reason, among other measures, we have established this Policy, which aims to inform you about which data we collect, why we collect them, and how we use them.
This Policy applies to individuals who are existing or potential customers of the Company, policy beneficiaries, authorized persons, third parties, suppliers, and partners. By providing your personal information or the information of another person (such as a beneficiary under an insurance contract, or a claimant for whom you have provided consent or obtained authorization for data processing), you accept that we will use this information as explained in detail in this Policy. You should refer any person whose personal information you provide to the Company to this Policy.
Further Data Processing Notices may be given to you at a later stage to highlight specific uses of your personal information.
From time to time, certain changes may be made to this Policy to align it with changes in legislation, operational, or technological developments. You should periodically check the Company’s website for the most recent version of the Policy.
In this Policy, your personal data may also be referred to as “personal information” or “data.” For the purposes of this Policy, personal data means any information relating to an identified or identifiable natural person, particularly by reference to an identifier such as a name, ID number, or to one or more factors specific to their physical, physiological, genetic, psychological, economic, cultural, or social identity.
Personal data also include, among others, sensitive data (special categories of data) such as health data revealing information about a person’s health condition, criminal convictions, or data disclosing racial or ethnic origin.
When we state that your personal data are subject to “processing,” this term covers any operation performed on such data, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, transmission, dissemination, disclosure, alignment, combination, restriction, erasure, and destruction.
If you need further information on how we process your personal data, you may contact the Company’s Data Protection Officer at: [email protected]
2. Principles of Personal Data Processing
When collecting sensitive personal data, we are bound by the General Data Protection Regulation (EU) 2016/679 (GDPR). Taking into account all necessary organizational measures, we proceed with processing based on the following principles:
- Processed lawfully, fairly, and transparently.
- Collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
- Adequate, relevant, and limited to what is necessary for the purposes collected.
- Accurate and, where necessary, kept up to date.
- Retained only for as long as necessary for the purposes collected.
- Processed in a manner ensuring appropriate security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, using suitable technical or organizational measures.
- When transferring your personal data to another country or to a processor on behalf of the Company, necessary measures are taken to protect your data, such as entering into specialized data processing agreements.
3. How Your Personal Data Are Collected
Most often, we collect your personal data directly from you, either via advisors or intermediaries. These may be provided through an application submitted directly or indirectly (through partners or agents), via our agreement, or through telephone or other communication with you.
However, in some cases, data may be collected from third parties—for example, if someone names you as part of an application/insurance contract. Information may also be obtained from associates, agents, lawyers, authorized persons, other insurance companies, or even public sources.
Specifically:
(a) Directly from you (directly or indirectly):
- Through insurance applications submitted via our sales network or directly by interested parties.
- Through claims submitted by the insured directly, or through roadside assistance statements, or claims from third parties, lawyers, police, or other insurance companies, concerning accidents involving our insureds.
- Through instructions for modification, renewal, or cancellation submitted via our sales network or directly by insured persons.
(b) From other/third-party sources (examples):
- Internal correspondence (emails, hard copies)
- AS400, GLIMS systems
- Directly from insurance intermediaries, customers, or branch managers
- Via email, phone, fax, or post
- Internal branch files
- External correspondence such as receiving medical tests from diagnostic centers/doctors
- From hospitals via email/fax/phone
- Written letters/emails/faxes to doctors who have treated the insured
- Lawyers, estate administrators
- Direct debit instructions, receipts, returned/postdated checks
- Payroll programs, accounting
4. What Types of Personal Data We Process
Depending on the insurance services provided, the Company may collect and process various types of personal data, including but not limited to:
Depending on the insurance services provided, the Company may collect and process various types of personal data, including but not limited to:
- Full name, ID number, home and work address, profession, vehicle registration numbers, claims history, medical declarations, medical tests and certificates, health/medical history, family medical history, income statements, ID copies, passport, purpose of accident use, phone numbers, age, date of birth, intermediary license number, marital status, dependents, nationality.
- Details of guarantors (name, address, phone numbers, ID).
- Type of insurance and premium amounts.
- Intermediary registration certificates, production volumes, commission payments, educational certificates, bankruptcy certificates, CVs, etc.
- IBAN, account number, income, invoices, credit card number, commission/fees.
- Medical exam results, diagnostic results, certificates from previous doctors, financial statements, balance sheets, accountants’ declarations.
- Reports from personal doctors, independent medical exams.
- Death certificates, birth certificates, medical histories with cause of death, tax clearance, estate administrators, additional post-mortem medical certificates.
5. How We Use Your Personal Data
Your personal data, once collected, may be processed by our employees, partners, or agents to provide personalized service or protect our legitimate interests. Uses include:
Your personal data, once collected, may be processed by our employees, partners, or agents to provide personalized service or protect our legitimate interests. Uses include:
- Communicating with you.
- Conducting assessments and decisions (including profiling) related to insurance coverage, terms, and claims.
- Fulfilling insurance contracts, paying claims, providing assistance, and other insurance services.
- Improving our products and services.
- Preventing, detecting, and investigating crimes (including fraud, money laundering) and managing risks.
- Research and data analysis, including customer base analysis and risk analysis.
- Personalizing your experience, analyzing your insurance needs, and presenting tailored offers.
- Complying with laws, regulations, EU directives, court rulings, and responding to authorities.
- Enforcing and defending our legal rights and protecting our business, partners, customers, or third parties.
6. Who We May Share Your Personal Data With
We may share your personal data with partners to provide the requested insurance.
We will never share your data for reasons contrary to this Policy without prior notice.
Your data may be transferred to public authorities, investigators, reinsurers, the Insurance Commissioner, debt collection companies, and others acting as processors on behalf of the Company. Transfers abroad may include cooperating providers, reinsurers, lawyers, and experts.
When data are transferred to third parties, only the necessary data are shared, always lawfully, and recipients must comply with GDPR obligations. Exceptions apply when disclosure is required by law.
If data are shared with countries outside the EU that do not provide adequate protection, the Company will establish contractual clauses with the receiving entity to safeguard your data.
We may share your personal data with partners to provide the requested insurance.
We will never share your data for reasons contrary to this Policy without prior notice.
Your data may be transferred to public authorities, investigators, reinsurers, the Insurance Commissioner, debt collection companies, and others acting as processors on behalf of the Company. Transfers abroad may include cooperating providers, reinsurers, lawyers, and experts.
When data are transferred to third parties, only the necessary data are shared, always lawfully, and recipients must comply with GDPR obligations. Exceptions apply when disclosure is required by law.
If data are shared with countries outside the EU that do not provide adequate protection, the Company will establish contractual clauses with the receiving entity to safeguard your data.
7. Retention of Personal Data
We retain your personal data only for the time necessary to complete our insurance contract with you, unless required otherwise by law. This also applies if the contract is terminated.
Retention periods are determined based on service, operational needs, legal obligations, and legitimate interests.
For exact retention periods, contact our Data Protection Officer, Mr. Stylianos Christoforou: [email protected]
8. Your Rights
Under GDPR, you have the following rights:
- Right to Access: You can request access to your data and receive a copy.
- Right to Rectification: You can correct or update inaccurate data.
- Right to Erasure (to be forgotten): You can request deletion of your data (subject to legal constraints).
- Right to Restriction: You can request restricted processing, e.g., in disputes.
- Right to Object: You can object at any time; processing stops unless legitimate grounds exist.
- Right to Data Portability: You can request transfer of your data to another organization.
- Right to Withdraw Consent: You may withdraw consent at any time (affecting future processing).
- Right to Lodge a Complaint: You can file a complaint with the Commissioner for Personal Data Protection.
If you feel wronged by us or doubt the outcome of your request, you may also submit a complaint in writing to:
Office of the Commissioner for Personal Data Protection
1 Iasonos Street, 2nd Floor
1082 Nicosia
P.O. Box 23378
1682 Nicosia
Tel: 22818456 | Fax: 22304565
Email: [email protected]
For exercising your rights, contact our Data Protection Officer at [email protected]
9. Changes to Our Policy
Changes in legislation or technology may require us to update this Policy.
Please check our website (www.grawe.cy) regularly for the latest version.
You may also request a printed copy of the most recent version.
April 2019
Personal Data Protection Policy