Personal Data Protection and Processing

 

Personal data protection and data processing

MAXIMA pojišt'ovna, a.s., with its registered office at Italská 1583/24, 120 00 Praha 2 - Vinohrady, ID No.: 61328464, registered in the Commercial Register maintained by the Municipal Court in Prague under file number B 3314 (hereinafter referred to as "we" or "Insurance Company"), processes personal data in the capacity of a data controller, in particular for the purpose of providing insurance services and as an employer.

What personal data do we process?

We process the following categories of personal data for the purposes of providing insurance services to the Insurance Company's clients. 

Basic identification data: in particular name, surname, birth number and/or date of birth, permanent address, nationality, copies of personal documents, for entrepreneurs also company name, company registration number, VAT number, address of registered office and/or place of business, etc.
 
Contact details: mailing address, address for delivery abroad, etc., telephone number and/or telephone numbers (mobile, fax, landline, etc.), e-mail and/or other electronic address (instant messaging).
Socio-demographic data and status information: age, sex, marital status by heritage, occupation, employer's address, average monthly income, payment details. 

Personal data necessary for the negotiation of insurance contracts and the provision of insurance benefits:
In particular, additional information about the subject, records of insurance products (current, previously granted and negotiated; by contract number), records of insurance claims and claims (including status information on the settlement and/or handling of claims; by claim number), specific data according to the insurance product negotiated and/or being negotiated, namely questionnaires and information obtained and/or obtained by the insurance company in the framework of the evaluation of the negotiation of insurance products for the purpose of determining the insurance risk (calculation data, amount of the surrender value, etc.). ), information on regulations and confirmation of premium payments, information for the life insurance tax certificate, copies of the European accident record or police reports, documentation of the claim, acquisition documents and contracts, damage assessment by a technician, adjuster, expert and other professional certificates and reports, geolocation data of the damage, travel insurance data (destination, period of insurance), decisions on the insurance company's performance/non-performance of the damage, information on relevant lawsuits, executions and payment schedules.  


Special categories of personal data: in particular, information on the state of health to the extent necessary for the subject of the medical documentation disclosed and/or requested by the insurer (diagnoses, medical history, medical findings, lists of procedures), medical reports on the state of health, health questionnaires, copies of the insured's death certificate, information on a life and health damage event (date of injury, injured body part, details of hospitalisation, attending physician's report). The medical records may also include genetic data, which are never processed by the insurance company unless it is necessary to establish the conditions of the service provided to the subject.

Personal data of third parties as data subjects necessary for the fulfilment of contractual obligations: to the extent necessary, basic identification data of third parties - data subjects, e.g. the insured, the insured person, the injured party, participants, witnesses to insurance claims and persons involved in the handling of insurance claims (adjusters, experts and other technical persons), or other persons.

We process records of telephone calls of persons for the prevention and detection of insurance fraud and other illegal acts. These recordings may be used as evidence in any judicial or administrative proceedings. Another purpose of the processing of telephone call recordings is to manage the quality of service and customer relations. The legal basis is the legitimate interest of the insurance company.

We process personal data of persons from recordings from CCTV systems located in the client centre in Italská 1583/24 Prague 2 for the purpose of legitimate interests to ensure the safety and security of buildings and premises used by the insurance company, protection of property and persons in these buildings, protection of data, safety and interests of employees, clients and third parties, prevention, detection and investigation of crime and evidence in legal proceedings.

Information of a commercial and marketing nature: to the extent necessary, we process information about the insurance company's offers of insurance products and services about the data subject, about the subject's requirements and needs for insurance risk coverage (including information about trends), information about the persons involved in negotiating the insurance product with the subject (identification of the acquirer, including his/her personal number and/or the insurance company's business partner).

Geolocation data and identification data of the data subject for access to information and communication systems: cookies for measuring traffic and analysing the use of the controller's website, these personal data are not processed in directly readable form, only as secure (encrypted) technical records of the respective applications; username (login), password, data for multi-factor authentication.
The MAXIMA insurance company uses the storage of cookies, for example, to offer services, personalize advertisements and analyze traffic in order to best customize the content 
website to your needs and improve its functionality and features. 

What cookies do we use? 

Technical cookies are necessary for us to display our website to you and for it to function as it should.
Analytical cookies allow us to track visits to the website, typically traffic statistics such as Google Analytics. Preference cookies, on the other hand, allow the website to remember a user's preferences and adapt to them. This ensures a comfortable use of the website, which remembers the language settings and other preferences of users.
Marketing cookies are used to better target and personalise advertisements. We may work with technical, functional cookies on the basis of legal regulations. They help us to provide you with a personalised and quality service.
For purposes related to the performance of work for the insurance company, we process the following categories of employee personal data. 

Identification data and additional information:
In particular, first name, surname, title, date of birth and gender, photograph (if the applicant attaches it to the professional CV), employee ID, information on education, health and sickness, job title, payroll and tax information, information on family members for the purpose of determining tax deductions and discounts, information on the employee's operational activities, bank connection, etc. 

Contact details: in particular contact address, telephone number and e-mail address.

Data relating to job performance and evaluation and training: this includes information on education, training received, incentive programmes, previous experience, references, evaluation results, qualifications obtained, professional evaluation, skills, competence and credibility assessments, job evaluations, assessment centre results, etc.

For what purpose does the Insurance Company process your personal data and what authorizes it to do so?

The personal data of insurance applicants are processed by the Insurance Company for the purpose of negotiating the conclusion of an insurance contract. In case you have concluded an insurance contract with the Insurance Company, the Insurance Company, as a personal data controller, may process your personal data for the purpose of proper provision of services resulting from the insurance. The legal basis for this processing is the performance of the insurance contract.

The Insurance Company is also entitled to process your personal data if you are not you are a party to the insurance contract, but you are the insured or you may have rights under the contract (e.g. you are a beneficiary, defendant, victim), or the processing of your personal data is otherwise necessary for the proper performance of insurance business. The legal basis for such processing is the legitimate interest of the Insurance Company. The legitimate interest consists in the fact that, although you are not a party to the insurance contract, the Insurance Company must process your personal data in the interest of the proper performance of its insurance business.

The Insurance Company, as a personal data controller, may also process your personal data for the purpose of the proper performance of the Insurance Company's obligations arising from legal regulations (e.g. the Law on Archiving, the Law against the Legalization of Proceeds of Crime, accounting and tax regulations).
Your personal data may also be processed by the Insurance Company for marketing purposes. The legal basis for this processing is the legitimate interest of the Insurance Company and this processing is necessary for the purposes of promoting its own products and services. You have the right to object to such processing at any time. If you do not wish to receive marketing materials, simply send a communication to dpo@maxima-as.cz.

If it is necessary to assess whether you can be accepted for insurance, the insurance risk, the preparation of the offer and the arrangement of insurance, the Insurance Company may process data about your health. The Insurance Company may also request data about your health and the determination of your health status, including the cause of death, if there are reasons for this related to the investigation of the claim. The legal basis for processing your health data is that it is necessary for the establishment, exercise or defence of legal claims.

The personal data of job applicants are processed by the Insurance Company for the purpose of organising and evaluating the selection procedure for the recruitment of new employees, i.e. for the purpose of negotiating the conclusion of an employment contract.

In case you have concluded an employment contract with the Insurance Company, the Insurance Company, as a data controller, may process your personal data for the purpose of proper performance of the contract. Further information on the processing of employees' personal data is provided in the Insurance Company's internal regulations. 

We may process analytical and marketing cookies on the basis of your consent. You can give us your consent via the bar when you enter our website. You can delete or block all cookies collected on our website, but some parts of the website may not be functional in this case.

Is there automated decision making, including profiling?
We use automated processing of personal data in our processes, which involves the use of automated information systems (software, electronic calculators, etc.). However, these processes do not involve fully automated decision-making. 

How long will the Insurance Company keep your personal data?

The Insurance Company is entitled to process your personal data as a prospective insured person from the time of negotiation of the insurance contract and, in the case of conclusion of the contract, for the entire duration of the insurance and for the following ten years from its termination, and if there are outstanding claims (even if disputed) between you and the Insurance Company arising in connection with the insurance even after this period, then until their settlement.
In the case of insurance contracts that have not been concluded, the Insurance Company processes personal data until the end of the second calendar year from the last communication with the client, unless the insurance has been concluded by that time or you do not exercise any of your rights before the conclusion of the contract.

The processing of personal data of persons who are not a party to the insurance contract and who have rights and obligations under the insurance contract is necessary in order to properly perform their obligations under the insurance contract. This includes, in particular, the insured persons, both in the context of individual and group insurance, as well as the defendants, beneficiaries, victims and other persons whose personal data is necessary for the performance of insurance activities. For this purpose, the insurance company is entitled to process such personal data for the period of time provided for by the relevant law (e.g. Civil Code, Insurance Distribution Act, etc.) and if, even after the expiry of this period, unsettled claims (albeit disputed) between the insured and the insurance company arising in connection with the insurance remain, then until they are settled.

CCTV data and call records are stored in accordance with the principle of minimisation and processed only for the time necessary to fulfil the intended purposes of the processing. We base the determination of the processing period on the applicable legal regulations.

The personal data of job applicants are kept for the duration of the selection procedure and, in the case of your consent to further processing, for a maximum of five years after the end of the selection procedure. 

Personal data of employees are kept for the duration of the employment relationship (employment relationship) or other contractual relationship, for the period provided for by the applicable legislation, or until the expiry of the relevant time limits provided for the exercise or protection of the employer's rights.

We keep whistleblowing-related notifications and documents for 5 years from the date of receipt of the notification.


Information on the expiry date of individual cookies is provided in the "Cookie settings" section.

Who do we pass your personal data to?

All the personal data mentioned above may be provided to entities where we are required to do so by law or on the basis of our legitimate interests. These include, for example, the following entities: the Czech National Bank, the Czech Insurance Association, the Office of the Public Prosecutor, courts, law enforcement authorities, bailiffs, tax administrators. 
We also use the services of other processors who process personal data for us. Such processors include, but are not limited to: insurance intermediaries, external adjusters, assistance service providers, contract doctors, information and communication system providers, attorneys and debt collection companies, marketing agencies, other outsourcing service providers. We may also transfer your personal data to other entities that are in a controller role. These include reinsurers, co-insurers, postal service providers, recruitment agencies. In accordance with the Insurance Act, in order to prevent and detect insurance fraud and other illegal acts, we transfer personal data to other insurance companies.
Anonymised information about your use of the insurance company's website is shared with internet service providers. We use third party analytics and marketing cookies, specifically Google Analytics for traffic analysis and Facebook. 

Google Analytics Terms of Use.
Facebook Terms of Use.
Where do we get the information from?

We obtain personal data directly from prospective customers, clients, employees during the negotiation of the conclusion, duration and performance of the contract. We obtain health data primarily through a health questionnaire (medical report). In the context of group insurance, we obtain your personal data in some cases directly from the policyholder via forms. In addition, we obtain and further process personal data from publicly available sources, which are both public records (in particular the public register and the insolvency register) and data published by you on the internet, always in accordance with legal requirements.

How is your personal data secured? 

The security of your personal data is our priority. We have taken personnel, technical and organisational measures to ensure that no unauthorized or accidental disclosure of personal data to third parties, their alteration, destruction or loss, unauthorized transfers, other unauthorized processing, as well as other misuse of personal data. We ensure the security of the premises and rooms where personal data is processed and the security of the media in which personal data is processed through access rights, virus protection and security backups. 

What rights do you have in relation to the processing of your personal data?

Right of access to personal data
You have the right to obtain confirmation from the Insurance Company as to whether or not personal data relating to you is being processed and, if it is, you have the right to access that personal data and to be informed about: 
the purposes of the processing of personal data,
the categories of personal data concerned,
the recipients or categories of recipients to whom the personal data have been or will be disclosed,
the intended retention period of the personal data,
the existence of the right to request from the Insurance Company the rectification or erasure of your personal data, the restriction of their processing and the right to object to the processing of your personal data, 
the right to lodge a complaint with the Office for Personal Data Protection, 
the source of the personal data if the Insurance Company did not obtain the personal data directly from you,
the fact that automated decision-making, including profiling, takes place.
You have the right to obtain a copy of the personal data processed, provided that the rights and freedoms of other persons are not adversely affected, whereby the first copy will be provided free of charge, for further copies the Insurance Company may charge a reasonable fee.
Right to rectification of personal data
You have the right to have your inaccurate personal data corrected by the Insurance Company without undue delay or to have your personal data completed if it is incomplete.
Right to erasure (right to be forgotten)
You have the right to have your personal data erased by the Insurance Company in the following situations:
the personal data are no longer necessary for the purposes for which they were processed,
you exercise your right to object to the processing of personal data which is based on the legitimate interests of the Insurance Company and there are no overriding legitimate grounds for the processing, or you object to the processing of personal data for marketing purposes,
the personal data has been unlawfully processed.
However, this right does not apply if the processing of your personal data is still necessary for the fulfilment of a legal obligation of the Insurance Company or for the establishment, exercise or defence of legal claims.

Right to restriction of processing
You have the right to have the Insurance Company restrict the processing of your personal data if: 
You contest the accuracy of the personal data for the time necessary for the Insurance Company to verify its accuracy,
the processing of the personal data is unlawful and you request a restriction of processing instead of erasure,
The Insurance Company no longer needs the personal data for the above-mentioned processing purposes, but you require it for the establishment, exercise or defence of your legal claims,  
you have objected to the processing of personal data, the Insurance Company will restrict the processing of the personal data until it is verified whether the legitimate grounds of the Insurance Company outweigh your legitimate grounds.
For the duration of the restriction of processing, your personal data will not be subject to further operations.
Right to data portability
You have the right to obtain your personal data that you have provided to the Insurance Company in a structured, commonly used and machine-readable format and the right to transfer that data to another controller. This right only applies if the processing is based on a contract and is carried out by automated means. In this case, you also have the right to have the Insurance Company transmit your personal data directly to the other controller, if technically feasible. This right must not adversely affect the rights and freedoms of other persons.

Right to object to the processing of personal data
You have the right to object to the processing of your personal data on the basis of a legitimate interest of the Insurance Company. 

Right to lodge a complaint with the Office for Personal Data Protection
If you believe that the processing of your personal data is in violation of generally binding legal regulations, you have the right to file a complaint with the Office for Personal Data Protection, located at Pplk. Sochor 27, 170 00 Prague 7, e-mail: posta@uoou.cz

How can you exercise your rights?

 

In all matters related to the processing of your personal data and the exercise of your rights, you can contact the Data Protection Officer at: dpo@maxima-as.cz, in writing at Italská 1583/24, 120 00 Prague 2 or via the client line +420 273 190 400.

 

 
Date of information update: 15 December 2023

! The information in this section is a translation of the original Czech text. In case of lack of comprehensibility or inaccuracy of the translation, the original version in Czech takes precedence.