Personal Data Protection and Processing
Maxima pojišťovna a.s., with its registered office at Italská 1583/24, 120 00 Prague 2 Vinohrady, ID No.: 61328464, incorporated in the Companies Register kept by the Municipal Court in Prague under file No. B 3314 (hereinafter as “we” or the “Insurance Company”) processes personal data as a data controller for the purposes of insurance services provision and as an employer.
What personal data the Insurance Company processes:
Basic identification details of data subjects:
Name, surname, birth certificate number and/or the date of birth, sex, residential address and/or another address of the natural person (mailing address, address for deliveries abroad etc.), postcode, telephone number and/or telephone numbers (mobile phone, fax, landline etc.), email or another electronic address (instant messaging);
Additional information about the data subject:
Socioeconomic data on the data subject and information about the subject’s status (age, marital status, student, unemployed), copy of personal documents, if necessary to verify the identity or status of the data subject (ID card, driver´s license, passport, birth certificate, marriage certificate etc.), geolocation data, company name, ID No., VAT, business address, identification and address of the employer, the amount of average monthly income, bank details (bank account number in the national format or in the IBAN format, SWIFT code and other similar information) and/or the number from the Consolidated Bill Payment System (SIPO);
Identification details of the data subject for access into information and communication systems
User name (login), password, multifactor verification details, cookies for measuring site visits and analysis of the controller’s website; these personal data are not processed in a directly readable format but only as secured (encrypted) technical records of the respective applications;
Personal data and identification details necessary for negotiation of insurance policies and provision of insurance benefits:
Basic identification details and additional information about the data subject, records of insurance products (current and past, according to the contact number), records of insurance benefits and loss occurrences (including status information about the handling and settlement of loss; according to the insurance claim number), specific data according to the already purchased insurance product or an insurance product being purchased; namely questionnaires and information being or having been obtained by the insurance company as part of the assessment of insurance product sales for the purposes of insurance risk assessment (calculation data, surrender amount etc.), information about the prescribed and confirmed insurance premiums’ payments, information for tax confirmation for life insurance, copy of the European Accident Statement or police protocols, photographs documenting the loss occurrence, purchase documents and contracts, assessment of damage by a technician, loss adjuster, and other expert testimonials and reports, license plate number, information about the vehicle and damage thereto (e.g. the place of damage: geolocation data, speed, distance travelled in km), travel insurance data (destination, term of insurance), decision to pay/not to pay the insurance benefit by the insurance company, information about relevant lawsuits, enforcement proceedings and repayment schedules;
Special categories of personal data:
Information on health condition
To the necessary extent, the contents of medical files (diagnoses, anamneses, medical findings, list of procedures), medical reports on health condition, medical questionnaires, copies of the insured person’s death certificate, information on a loss occurrence affecting life and health (date of accident, injured body part, information about hospitalisation, report by the doctor providing treatment); medical documentation may also include genetic data, which are never subject to processing by the insurance company, unless it is necessary for determining the terms of the service provided to the data subject;
Personal data of third parties as data subject necessary for meeting of obligations:
To the necessary extent, basic identification details of third parties – data subjects, e.g. of spouses, partners, children, household members, policyholders, insured persons, the beneficiary, the person who suffered damage, participants, witnesses of loss occurrences and persons taking part in insurance claims handling (adjusters, experts and other technical professionals) or other persons, if applicable.
We process records of third party telephone calls for the prevention and detection of insurance fraud and other illegal acts. These recordings may be used as evidence in any legal or administrative proceedings. Another purpose of the processing of telephone call recordings is to manage the quality of the services provided and customer relations. The legal basis is the legitimate interest of the insurance company.
The personal data of persons from the recordings from the CCTV systems located in the client centre at Italská 1583/24 Prague 2 are processed by the insurance company for the purpose of legitimate interests to ensure the safety and security of buildings and premises used by the insurance company, protection of property and persons in these buildings, data protection, safety and interests of employees, clients and third parties, prevention, detection and investigation of crime and evidence in legal proceedings.
Third-party personal data for the prevention and detection of insurance frauds and other illegal conduct:
We process phone call recordings for the purposes of the aforementioned legitimate interests. Such recordings may be used as evidence in potential judicial or administrative proceedings.
Protection of property and individuals:
The insurance company processes individuals’ personal data from the CCTV systems installed in the client centre at Italská 1583/24, Praha 2. For the purpose of our legitimate interests, we process recordings from the CCTV systems to ensure the security and protection of the buildings and premises used by the insurance company; protect the property and persons in these buildings; protect data, security and the interests of personnel, clients and third parties; to prevent, detect and investigate criminal activities; and to have evidence for judicial proceedings.
Personal data of the Insurance Company’s employees:
Basic identification personal details and additional information about the employee as the data subject, employee’s ID, information about education, health condition and sickness, job role, salary and tax information (gross monthly salary including its structure: bonuses, extra payments, reimbursement, hours worked, hours not worked, hourly wage, information about family members for the purposes of determining tax deductions and tax credits), information on the employee’s operations-related activities (attendance, phone calls, print services), bank details (bank account number).
Information of commercial and marketing nature:
To the necessary extent, information about offers of insurance products and services of the Insurance Company for the data subject, about the requirements and needs of the data subject regarding the coverage of insurance risks (including information about trends), information about persons taking part in contracting of the insurance product with the data subject (identification of the acquirer including their personal number or the business partner of the insurance company).
For what purpose does the Insurance Company process your personal data and what entitles it to do so?
If you purchased an insurance policy from the Insurance Company, the Insurance Company may, as a personal data controller, process your personal data for the purposes of due provision of services under the insurance policy. The legal basis of processing is the execution of the insurance policy.
The Insurance Company is entitled to process your personal data also if you are not a party to the insurance policy; however, you are the insured person or you may have certain rights under such policy (e.g. you are the entitled person); alternatively, the processing of your personal data is otherwise necessary for the due performance of insurance activities. The legal basis for such processing is the Insurance Company’s legitimate interest. The legitimate interest means that, even though you are not a party to the insurance policy, the Insurance Company must process your personal data in the interest of proper performance of the insurance activities.
As a data controller, the Insurance Company may process your personal data for the purposes of due fulfilment of the Insurance Company’s obligations under applicable laws and regulations (e.g. from the act on archiving, anti-money laundering laws, and accounting and tax regulations).
Your personal data may be processed for marketing purposes by the Insurance Company. The legal basis for the processing is the legitimate interest of the Insurance Company and such processing is necessary for the purpose of promoting its own products and services. If you do not wish to receive any marketing materials, just send a message to email@example.com.
If it is necessary for assessing whether you can be accepted as a client, for assessing the insurance risk, preparing a proposal and negotiating an insurance policy, the Insurance Company may process information about your health condition. The Insurance Company may further require information about your health condition and determining your health condition, including the cause of death, if there are reasons for this in connection with the loss occurrence. The legal basis for processing the data about your health condition is that such processing is necessary to determine, exercise or defend legal claims.
For how long will the Insurance Company retain your personal data?
The Insurance Company is entitled to process your personal data from the time of negotiation of the insurance contract and further, in the case of conclusion of the contract, for the entire duration of the insurance and the following ten years from its termination, and if unsettled claims (even if disputed) between you and the Insurance Company arising in connection with the insurance persist after this period, then until their settlement.
In the case of contracts that have not been concluded, the insurance company processes personal data until the end of the second calendar year after the last communication with the client, unless the insurance has been concluded by that time or you do not exercise any of your rights before the conclusion of the contract.
The processing of personal data of persons who are not parties to the insurance contract and who have rights and obligations under the insurance contract is necessary for the proper performance of obligations under the insurance contract. This includes, in particular, the insured persons, both in the context of individual and group insurance, as well as the defendants, beneficiaries, victims and other persons whose personal data is necessary for the performance of insurance activities. For this purpose, the insurance company is entitled to process such personal data for the period of time provided for by the relevant law (e.g. Civil Code, Insurance Distribution Act, etc.) and if, even after the expiry of this period, unsettled claims (albeit disputed) between the insured and the insurance company arising in connection with the insurance remain, then until their settlement.
Who do we pass your personal data to?
All the personal data mentioned above may be disclosed to entities where we are required to do so by law or on the basis of our legitimate interests. These include, for example, the following entities: the Czech National Bank, the Czech Association of Insurance Companies, the Office of the Public Prosecutor, courts, law enforcement authorities, bailiffs, tax administrators. We also use the services of other processors who process personal data for us. Such processors include, but are not limited to: insurance intermediaries, external adjusters, assistance service providers, contract doctors, information and communication system providers, attorneys and debt collection companies, marketing agencies, other outsourcing service providers. We may also transfer your personal data to other entities that are in a controller role. These include reinsurers, co-insurers, postal service providers, recruitment agencies. In accordance with the Insurance Act, in order to prevent and detect insurance fraud and other illegal acts, we transfer personal data to other insurance companies.
Where do we get the information from?
We obtain personal data directly from insurance applicants, clients and employees at the time of conclusion, during the duration and performance of the contract. We obtain data on health status mainly through a health questionnaire (medical report). In the context of group insurance, we obtain your personal data in some cases directly from the policyholder via forms. In addition, we obtain and further process personal data from publicly available sources, which are both public records (in particular the public register and the insolvency register) and data published by you on the internet, always in accordance with legal requirements.
What are your rights in connection with processing of your personal data?
Right of access to personal data
You have the right to obtain confirmation from the Insurance Company whether the personal data which relate to you are or are not processed and if they are processed, you have the right to gain access to such personal data and right to information about:
- the purpose of personal data processing,
- categories of the personal data concerned,
- recipients or categories of recipients that have been or will be provided with access to personal data,
- planned personal data retention period,
- the existence of the right to require rectification or erasure of your personal data from the Insurance Company, restriction of their processing and the right to object against the processing of your personal data,
- the right to lodge a complaint with the Office for Personal Data Protection,
- source of personal data if the Insurance Company did not obtain the personal data directly from you,
- the existence of automated decision-making, including profiling.
You have the right to obtain a copy of the processed personal data if this does not adversely affect the rights and freedoms of other persons with the first copy being sent to you free of charge; for additional copies, the Insurance Company may charge a reasonable fee.
Right to personal data rectification
You have the right to have your inaccurate personal data rectified by the Insurance Company without undue delay or have your personal data supplemented by the Insurance Company if such data are incomplete.
Right to erasure (right to be forgotten)
You have the right to have your personal data erased by the Insurance Company in the following situations:
- o the personal data are no longer necessary for the purposes for which they were processed,
- you exercise your right to object against the personal data processing taking place based on the legitimate interests of the Insurance Company, and there are no overriding legitimate interests for processing, or you object against processing of personal data for marketing purposes,
- the personal data have been processed unlawfully.
This right, however, shall not be exercised if the processing of your personal data is still necessary for meeting the Insurance Company’s legal obligation or to determine, exercise or defend legal claims.
Right to restriction of processing
You have the right to restriction of your personal data processing by the Insurance Company, if:
- you contest the accuracy of personal data for the period necessary for the Insurance Company to verify their accuracy,
- the processing of personal data is illegal, and you request restriction of processing instead of erasure,
- The Insurance Company no longer needs the personal data for the above-mentioned processing purposes, but you require them for the determination, exercise, or defence of your legal claims,
- you objected against the processing of personal data; the Insurance Company shall restrict their processing until it has been verified whether the legitimate reasons of the Insurance Company override your legitimate reasons.
For the period of personal data processing restriction, your personal data shall not be subject to further operations.
Right to data portability
You have the right to obtain your personal data you shared with the Insurance Company in a structured, commonly used, and machine-readable format, and the right to transfer such data to another data controller. You have this right only if the processing is based on a contract and is performed in an automated manner. In such case, you also have the right to have your personal data directly transferred by the Insurance Company to another controller, if technically feasible. This right must not adversely affect rights and freedoms of other persons.
Right to object to processing of personal data
You have the right to object to the processing of your personal data done on the basis of the Insurance Company’s legitimate interest. If this concerns processing for marketing purposes, the Insurance Company shall unconditionally cease the processing of your personal data for such purpose; in other cases, your personal data shall not be processed unless the Insurance Company proves serious legitimate reasons to continue in the processing, or for the determination, exercise or defence of legal claims.
Right to lodge a complaint with the Office for Personal Data Protection
If you believe that the processing of your personal data is in conflict with generally binding laws and regulations, you will be entitled to lodge a complaint with the Office for Personal Data Protection, registered office at Pplk. Sochora 27, 170 00 Praha 7, e-mail: firstname.lastname@example.org
How can you exercise your rights?
In all matters related to the processing of your personal data and the exercise of your rights, you may contact the data protection officer at email@example.com in writing at the address Italská 1583/24, 120 00 Prague 2 or via the client line +420 273 190 400.
How are your personal data secured?
The security of your personal data is our priority. We have adopted such personal, technical and organizational measures so as to prevent unauthorized or accidental access to personal data by third parties, their alteration, destruction or loss, unauthorized transfer, other unauthorized processing as well as abuse of personal data. We ensure security of buildings and rooms where the processing of personal data takes place and security of media on which the personal data are processed through access rights, anti-virus protection and security backups.
What cookies do we use?
These are necessary to show you our website and make it work as it should for you.
Analytical cookies allow us to track visits to the website, typically traffic statistics such as Google Analytics. Preference cookies, on the other hand, allow the website to remember a user's preferences and adapt to them. This ensures a comfortable use of the website, which remembers the language settings and other preferences of users.
Marketing cookies are used to better target and personalise advertisements.We may work with technical, functional cookies on the basis of legal requirements. Without them, we would not be able to provide you with our services.
We may process analytical and Marketing cookies based on your consent. You can give us your consent via the bar when you enter our website.
You can delete or block all cookies collected on our website, but some parts of the website may not be functional if you do so.
Who processes cookies for us?
Anonymous information about how you use this website is shared with internet service providers.
Information update date: 1 May 2022.