Personal Data Protection and Processing
Maxima pojišťovna a.s., with its registered office at Italská 1583/24, 120 00 Prague 2 Vinohrady, ID No.: 61328464, incorporated in the Companies Register kept by the Municipal Court in Prague under file No. B 3314 (hereinafter as “we” or the “Insurance Company”) processes personal data as a data controller for the purposes of insurance services provision and as an employer.
What personal data the Insurance Company processes:
Basic identification details of data subjects:
Name, surname, birth certificate number and/or the date of birth, sex, residential address and/or another address of the natural person (mailing address, address for deliveries abroad etc.), postcode, telephone number and/or telephone numbers (mobile phone, fax, landline etc.), email or another electronic address (instant messaging);
Additional information about the data subject:
Socioeconomic data on the data subject and information about the subject’s status (age, marital status, student, unemployed), copy of personal documents, if necessary to verify the identity or status of the data subject (ID card, driver´s license, passport, birth certificate, marriage certificate etc.), geolocation data, company name, ID No., VAT, business address, identification and address of the employer, the amount of average monthly income, bank details (bank account number in the national format or in the IBAN format, SWIFT code and other similar information) and/or the number from the Consolidated Bill Payment System (SIPO);
Identification details of the data subject for access into information and communication systems
User name (login), password, multifactor verification details, cookies for measuring site visits and analysis of the controller’s website; these personal data are not processed in a directly readable format but only as secured (encrypted) technical records of the respective applications;
Personal data and identification details necessary for negotiation of insurance policies and provision of insurance benefits:
Basic identification details and additional information about the data subject, records of insurance products (current and past, according to the contact number), records of insurance benefits and loss occurrences (including status information about the handling and settlement of loss; according to the insurance claim number), specific data according to the already purchased insurance product or an insurance product being purchased; namely questionnaires and information being or having been obtained by the insurance company as part of the assessment of insurance product sales for the purposes of insurance risk assessment (calculation data, surrender amount etc.), information about the prescribed and confirmed insurance premiums’ payments, information for tax confirmation for life insurance, copy of the European Accident Statement or police protocols, photographs documenting the loss occurrence, purchase documents and contracts, assessment of damage by a technician, loss adjuster, and other expert testimonials and reports, license plate number, information about the vehicle and damage thereto (e.g. the place of damage: geolocation data, speed, distance travelled in km), travel insurance data (destination, term of insurance), decision to pay/not to pay the insurance benefit by the insurance company, information about relevant lawsuits, enforcement proceedings and repayment schedules;
Special categories of personal data:
Information on health condition
To the necessary extent, the contents of medical files (diagnoses, anamneses, medical findings, list of procedures), medical reports on health condition, medical questionnaires, copies of the insured person’s death certificate, information on a loss occurrence affecting life and health (date of accident, injured body part, information about hospitalisation, report by the doctor providing treatment); medical documentation may also include genetic data, which are never subject to processing by the insurance company, unless it is necessary for determining the terms of the service provided to the data subject;
Personal data of third parties as data subject necessary for meeting of obligations:
To the necessary extent, basic identification details of third parties – data subjects, e.g. of spouses, partners, children, household members, policyholders, insured persons, the beneficiary, the person who suffered damage, participants, witnesses of loss occurrences and persons taking part in insurance claims handling (adjusters, experts and other technical professionals) or other persons, if applicable.
We process phone call recordings in order to improve the quality of the services provided and to fulfil contractual obligations. These recordings may also serve as evidence in potential court or administrative proceedings on the basis of our legitimate interest.
Personal data of the Insurance Company’s employees:
Basic identification personal details and additional information about the employee as the data subject, employee’s ID, information about education, health condition and sickness, job role, salary and tax information (gross monthly salary including its structure: bonuses, extra payments, reimbursement, hours worked, hours not worked, hourly wage, information about family members for the purposes of determining tax deductions and tax credits), information on the employee’s operations-related activities (attendance, phone calls, print services), bank details (bank account number).
Information of commercial and marketing nature:
To the necessary extent, information about offers of insurance products and services of the Insurance Company for the data subject, about the requirements and needs of the data subject regarding the coverage of insurance risks (including information about trends), information about persons taking part in contracting of the insurance product with the data subject (identification of the acquirer including their personal number or the business partner of the insurance company).
For what purpose does the Insurance Company process your personal data and what entitles it to do so?
If you purchased an insurance policy from the Insurance Company, the Insurance Company may, as a personal data controller, process your personal data for the purposes of due provision of services under the insurance policy. The legal basis of processing is the execution of the insurance policy.
The Insurance Company is entitled to process your personal data also if you are not a party to the insurance policy; however, you are the insured person or you may have certain rights under such policy (e.g. you are the entitled person); alternatively, the processing of your personal data is otherwise necessary for the due performance of insurance activities. The legal basis for such processing is the Insurance Company’s legitimate interest. The legitimate interest means that, even though you are not a party to the insurance policy, the Insurance Company must process your personal data in the interest of proper performance of the insurance activities.
As a data controller, the Insurance Company may process your personal data for the purposes of due fulfilment of the Insurance Company’s obligations under applicable laws and regulations (e.g. from the act on archiving, anti-money laundering laws, and accounting and tax regulations).
Your personal data may be processed for marketing purposes by the Insurance Company. The legal basis for the processing is the legitimate interest of the Insurance Company and such processing is necessary for the purpose of promoting its own products and services. If you do not wish to receive any marketing materials, just send a message to firstname.lastname@example.org.
If it is necessary for assessing whether you can be accepted as a client, for assessing the insurance risk, preparing a proposal and negotiating an insurance policy, the Insurance Company may process information about your health condition. The Insurance Company may further require information about your health condition and determining your health condition, including the cause of death, if there are reasons for this in connection with the loss occurrence. The legal basis for processing the data about your health condition is that such processing is necessary to determine, exercise or defend legal claims.
For how long will the Insurance Company retain your personal data?
The Insurance Company is entitled to process the personal data for the term of the insurance policy and the following ten (10) years after its termination and if the claims (even disputed) between you and the Insurance Company arising in connection with the insurance persist after this period, then until their settlement.
What are your rights in connection with processing of your personal data?
Right of access to personal data
You have the right to obtain confirmation from the Insurance Company whether the personal data which relate to you are or are not processed and if they are processed, you have the right to gain access to such personal data and right to information about:
- the purpose of personal data processing,
- categories of the personal data concerned,
- recipients or categories of recipients that have been or will be provided with access to personal data,
- planned personal data retention period,
- the existence of the right to require rectification or erasure of your personal data from the Insurance Company, restriction of their processing and the right to object against the processing of your personal data,
- the right to lodge a complaint with the Office for Personal Data Protection,
- source of personal data if the Insurance Company did not obtain the personal data directly from you,
- the existence of automated decision-making, including profiling.
You have the right to obtain a copy of the processed personal data if this does not adversely affect the rights and freedoms of other persons with the first copy being sent to you free of charge; for additional copies, the Insurance Company may charge a reasonable fee.
Right to personal data rectification
You have the right to have your inaccurate personal data rectified by the Insurance Company without undue delay or have your personal data supplemented by the Insurance Company if such data are incomplete.
Right to erasure (right to be forgotten)
You have the right to have your personal data erased by the Insurance Company in the following situations:
- o the personal data are no longer necessary for the purposes for which they were processed,
- you exercise your right to object against the personal data processing taking place based on the legitimate interests of the Insurance Company, and there are no overriding legitimate interests for processing, or you object against processing of personal data for marketing purposes,
- the personal data have been processed unlawfully.
This right, however, shall not be exercised if the processing of your personal data is still necessary for meeting the Insurance Company’s legal obligation or to determine, exercise or defend legal claims.
Right to restriction of processing
You have the right to restriction of your personal data processing by the Insurance Company, if:
- you contest the accuracy of personal data for the period necessary for the Insurance Company to verify their accuracy,
- the processing of personal data is illegal, and you request restriction of processing instead of erasure,
- The Insurance Company no longer needs the personal data for the above-mentioned processing purposes, but you require them for the determination, exercise, or defence of your legal claims,
- you objected against the processing of personal data; the Insurance Company shall restrict their processing until it has been verified whether the legitimate reasons of the Insurance Company override your legitimate reasons.
For the period of personal data processing restriction, your personal data shall not be subject to further operations.
Right to data portability
You have the right to obtain your personal data you shared with the Insurance Company in a structured, commonly used, and machine-readable format, and the right to transfer such data to another data controller. You have this right only if the processing is based on a contract and is performed in an automated manner. In such case, you also have the right to have your personal data directly transferred by the Insurance Company to another controller, if technically feasible. This right must not adversely affect rights and freedoms of other persons.
Right to object to processing of personal data
You have the right to object to the processing of your personal data done on the basis of the Insurance Company’s legitimate interest. If this concerns processing for marketing purposes, the Insurance Company shall unconditionally cease the processing of your personal data for such purpose; in other cases, your personal data shall not be processed unless the Insurance Company proves serious legitimate reasons to continue in the processing, or for the determination, exercise or defence of legal claims.
Right to lodge a complaint with the Office for Personal Data Protection
If you believe that the processing of your personal data is in conflict with generally binding laws and regulations, you will be entitled to lodge a complaint with the Office for Personal Data Protection, registered office at Pplk. Sochora 27, 170 00 Praha 7, e-mail: email@example.com
How can you exercise your rights?
In all matters related to the processing of your personal data and the exercise of your rights, you may contact the data protection officer at firstname.lastname@example.org
How are your personal data secured?
The security of your personal data is our priority. We have adopted such personal, technical and organizational measures so as to prevent unauthorized or accidental access to personal data by third parties, their alteration, destruction or loss, unauthorized transfer, other unauthorized processing as well as abuse of personal data. We ensure security of buildings and rooms where the processing of personal data takes place and security of media on which the personal data are processed through access rights, anti-virus protection and security backups.
You may access the legal framework and definition of terms here.