UNIQA Insurance Plc, UIC 040451865 and UNIQA Life Insurance Plc, UIC 831626729 (UNIQA), in their role as personal data controllers, hereby provide information on how the personal data provided by you is collected, used, shared, and protected in compliance with the requirements of Article 12-14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals about the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
If this notice is amended in the future, we will post information accordingly on our website in a timely manner.
How do we use your personal data?
UNIQA processes your personal data lawfully, fairly, and in a transparent manner. It is collected for specific, explicit, and legitimate purposes and not further processed in a way incompatible with these purposes. Personal data is relevant and related to and limited to what is necessary about the purposes for which it is processed (‘data minimization’), accurate and kept up to date. Personal data is kept in good faith and in accordance with statutory time limits, which are subject to periodic review and, in the event of a change, is updated accordingly.
UNIQA, taking into account state of the art, maintains appropriate administrative, technical, and organizational measures intended to help protect the security and privacy of your personal data and to protect it from any accidental or unlawful destruction, accidental loss, unauthorized correction, disclosure or access, misuse and any other illegal form of processing. In order to fulfill these data protection obligations, UNIQA conducts training for its employees on data security and data protection policies and standards.
Your personal data is necessary for us to be able to provide you with the products and services you have requested and to allow us to fulfil our contractual and legal obligations. In the event that you do not wish us to provide and/or use your personal data, this will result in our inability to provide the requested services.
UNIQA collects your personal data in its official offices, with the help of insurance intermediaries and partners with whom UNIQA has entered into contracts, via the official UNIQA corporate website or specially developed UNIQA web applications, as well as when you contact us via our call center and email.
To fulfill some of the purposes described below, we may obtain your personal data from third-party sources, for example, public databases such as trade register, insurance intermediaries, insurers, partners and third-party stakeholders, other insurers, experts, correspondents, assessors and lawyers, courts, supervisory and controlling authorities.
In specific cases, UNIQA may process personal data in an unstructured form. We assure you that this data is processed lawfully and by applying the necessary protection measures for your rights.
What personal data do we process?
- First name, surname, and last name;
- ID number, number of ID card/another identity document;
- Email and phone number;
- Address: permanent or current;
- Bank information: bank account number, card number, and CVV code (in case of online payment of policy installment);
- Policy number/damage number, customer number, and health insurance card number;
- Financial information and other additional details of the insurance applicant needed for risk assessment;
- Details of the origin of funds and other additional information relevant to the prevention of money laundering and terrorist financing;
- Other data related to the subject matter of the insurance contract or necessary for the processing of an insurance claim or for servicing any other request or enquiry from you;
- Information about your health in the form of completed questionnaires and proposals, diagnoses, epicrises, and other health status documents provided for the purpose of insurance contracting or processing an insurance claim;
For what purposes do we collect and process your personal data?
- Entering into, administering, and servicing insurance contracts, fulfilling contractual and legal obligations, including but not limited to:
– determining the requirements and needs of users of insurance services;
– risk assessment;
– preparation of an individual insurance proposal;
– processing your payment in the event that you make a policy installment;
– communicating with you, including sending notices on forthcoming installments, expiring policies, and the current status of claims by telephone or email;
– registering and processing claims concerning an insurance event and paying compensation upon damage liquidation;
– providing assistance in booking appointments for medical examinations or other healthcare services;
– compliance with legislative requirements, including but not limited to avoiding conflicts of interest, corrupt practices, and obligations under the Insurance Code and the Anti-Money Laundering Act.
- Prevention of insurance fraud or other crimes;
- Resolving litigation and out-of-court disputes;
- To enable us to respond fully to your request, complaint, application, or other enquiry;
- To enable us to provide online services intended to make it easier for us to serve our customers, for example, checking premiums on current quotes, insurance contracting, checking all your policies, including policy installments and the option for payment, filing damage notices, and checking claim status, making complaints and enquiries, providing information on the office, repair shop or healthcare institution located closest to you.
To improve the quality of the service we provide, including by monitoring the employees you speak to, and to defend you in litigation or other disputes, we may record telephone conversations with you.
UNIQA may process data for statistical purposes, applying appropriate technical and organizational measures, such as pseudonymizing, to ensure the subjects’ rights.
Please note that your personal data may be subject to profiling by information processing systems while preparing offers for specific insurances. Depending on the specifics of the particular type of insurance, UNIQA may use information systems to calculate the likelihood of an insurance event. The information systems work based on preset criteria developed by expert actuaries. Your personal data is profiled on the basis of UNIQA’s legitimate interest to assess the risk and undertake contractual obligations in accordance with the provisions of the Insurance Code. You may object to the profiling of your personal data. More information on the terms and conditions under which you can object can be found in UNIQA’s Policy on Exercising the Rights of Personal Data Subjects on our website, www.uniqa.bg, as well as at any of our offices countrywide.
On what legal basis do we process your personal data?
- Performance of an insurance contract, including when taking steps to satisfy your pre-contractual requests;
- Compliance with legal obligations applicable to UNIQA;
- Performing tasks in the public interest, such as the prevention of money laundering and terrorist financing;
- Data related to your health (diagnosis, health status, medical records) may be processed for the establishment, exercise, or defense of legal claims and based on the provisions of the Insurance Code, which constitute an additional condition for lawful processing within the meaning of Art. 9, Par. 4 of the General Data Protection Regulation (EU)2016/679;
- In connection with our legitimate interest to use the collected data to analyze and evaluate the target market and the requirements and needs of insurance service users, to develop our products and services, reallocate risk through co-insurance and reinsurance, identify and authenticate identity, remind about expiring policies and upcoming installments, collect claims, improve the quality of service provided by our employees, update and test changes to the functionalities of our systems, prevent and analyze security-related incidents, fraud attempts or other crimes, and protect ourselves in case of litigations or other disputes;
- UNIQA may ask for your consent, for example, when we process your data for direct marketing purposes or collect cookies while you are using our online services. For UNIQA, “consent” shall mean any freely given, specific, informed, and unambiguous indication of your will through a statement or explicit affirmative action. “consent” UNIQA will understand any freely given, specific, informed, and clear indication of your choice, by means of a statement or explicit affirmative action. You may withdraw your consent as quickly as you have given it, without prejudice to the lawfulness of processing based on consent prior to its withdrawal.
For how long do we keep your personal data?
Your personal data will only be kept in relation to the purposes for which it was collected, including in order to perform our contractual and legal obligations. The periods we comply with are:
- Insurance contracts – in accordance with the limitation periods of the Insurance Code;
- Records relating to insurance claims – 5 years from the date of insurance contract termination, excluding those with pending lawsuits and ones that have not been resolved;
- Case files – 3 to 10 years, depending on the type of the pertaining case;
- Data collected and prepared under the Anti-Money Laundering Measures Act – 5 years;
- Accounting records, documents for tax control, audit, and subsequent financial inspections – 10 years from 1 January of the accounting period following the accounting period they relate to;
- Case records – 5 years.
To whom may we share your personal data?
For a good reason and based on a written agreement with the third parties listed below, we may share your personal data with:
- Service providers (including consultants, experts, appraisers, trusted service providers, assistance companies, attorneys, etc.);
- Healthcare institutions either being in partnership with UNIQA and/or designated by you.
- IT companies that support UNIQA’s information systems and applications;
- Software companies responsible for the maintenance of our website or online applications and/or their individual functionalities;
- Payment service providers, postal operators, telecommunications companies;
- Other companies within the UNIQA Group;
- Other insurers, co-insurers, reinsurers, reinsurance brokers, and their representatives;
- Insurance agents and brokers;
- National Health Insurance Fund, Regional Health Inspectorates, National Insurance Institute, and other non-financial institutions;
- State supervisory and control bodies, judicial and investigative authorities;
- Registered auditors;
In certain lawful cases, we may transfer data to recipients in third countries, for example, when the insurance event occurs outside the European Union. Such data transfer occurs in countries with an adequate level of protection or organizations implementing appropriate safeguards for your rights, such as standard contractual protection clauses. Data transfers may be based on derogations in specific cases, for example:
- Your explicit consent;
- Implementation of an insurance contract with you or a contract in your interest;
- Establishment, exercise, or defense of legal claims.
Your rights regarding your personal data?
In accordance with Bulgarian law, you may exercise the following rights relating to the personal data processed by UNIQA:
- to have access to your personal data processed by UNIQA and obtain a copy of it;
- to have your personal data corrected if it is inaccurate or incomplete;
- to request that your personal data be erased when the pertaining conditions are met;
- to request that the processing of your personal data be restricted in the cases specified by law;
- to object to the processing of your personal data, in the cases specified by law;
- to exercise your right to data portability and to request that your data be provided in a structured, commonly used, and machine-readable format;
- where processing is based on your consent, to withdraw that consent at any time and without payment of any fees; and;
- to lodge a complaint with the Data Protection Commission.
Detailed information on the conditions and procedures under which you can exercise your rights can be found in UNIQA’s Policy on Exercising the Rights of Personal Data Subjects on our website, www.uniqa.bg, as well as at any of our offices countrywide.
How can you contact us?
You can contact us at the following address: 1000 Sofia, 18 Todor Alexandrov Blvd., email: email@example.com
You can also contact our Data Protection Officer at email: firstname.lastname@example.org
Mailing address: 1000 Sofia, 18 Todor Alexandrov Blvd.