INTRODUCTION

Welcome to the Minerva Insurance Company Public Privacy Statement (hereinafter referred to as "the Company", "Minerva", "we" or "us" in this Privacy Statement). The Company respects your personal data and is committed to protecting your personal data. This Privacy Statement will inform you about the way we handle your personal data when you visit our website (regardless of where you visit our website) and inform you about how your personal data is protected by law.

This Privacy Statement is provided in numbered form below so that you can select the specific sections listed. Alternatively, you can download a copy of the policy in pdf format by clicking here. Please use the Glossary in order to understand the meaning of the terms used in this Privacy Statement.

  1. IMPORTANT INFORMATION AND WHO WE ARE
  2. THE DATA WE COLLECT FROM YOU
  3. HOW YOUR PERSONAL DATA IS COLLECTED
  4. HOW WE USE YOUR PERSONAL DATA
  5. TRANSMISSION OF YOUR PERSONAL DATA
  6. INTERNATIONAL TRANSFERS
  7. DATA SECURITY
  8. DATA MAINTENANCE
  9. YOUR LEGAL RIGHTS
  10. GLOSSARY
  11. IMPORTANT INFORMATION AND WHO WE ARE

PURPOSE OF THIS PRIVACY DECLARATION

This privacy statement is intended to inform you about how we collect and process your personal data while you use our website, including any information you may provide when you contact us through our website.

This website is not intended for children and we do not knowingly collect data on children.

It is important to read this privacy statement along with any other privacy statements or fair processing statements that we may provide in certain cases in which we collect or process your personal information, so that you are fully aware of how and why we use it. your data. This privacy statement supports and reinforces the other statements and is not intended to circumvent them.

DATA PROCESSING MANAGER

Minerva is responsible for processing your personal data and is responsible for safeguarding it.

We have designated a responsible person responsible for overseeing and answering your questions about this privacy statement. If you have any questions about this Privacy Statement, including any requests to exercise your legal rights, please contact the Data Protection Officer using the information below.

CONTACT INFO

Our full details are:

Name of legal entity: Minerva Insurance Company Public Ltd

Name or title of responsible person: Data Protection Officer

Email: dpo@minervacy.com

Postal address: 165 Athalassas Avenue, 2024 Strovolos, Nicosia

Phone: 77771414

You have the right to submit a complaint at any time to the Commissioner for Personal Data Protection in Cyprus. However, we would greatly appreciate it if you would give us the opportunity to address your concerns before contacting the Personal Data Protection Commissioner, so we would ask you to contact us in the first instance.

IT IS YOUR DUTY TO INFORM US ABOUT CHANGE OR AMENDMENT TO YOUR PERSONAL DATA

This Statement was last updated in September 2019.

It is important that the personal data we hold about you is accurate and up to date. Please let us know if your personal information changes during your relationship with us.

LINKS TO THIRD PARTY WEBSITES

This website may contain links to websites, plugins and third party applications. Selecting these links or enabling these links may allow third parties to collect or share your personal data. We do not control the websites of third parties and we do not have any responsibility for their privacy statements. Upon leaving our website, we recommend that you read the privacy statement for each website you visit.

  1. THE DATA WE COLLECT FROM YOU

Personal data or personal information, means any information that concerns a natural person with whose identity can be verified. It does not contain identifiable data (anonymous data).

We may collect, use, store and transfer your personal data which we have categorized as follows:

  • Identity Data: includes first name, last name, last name, username or similar ID, marital status, title, date of birth and gender.
  • Contact Information: include mailing address, delivery address, email address and telephone numbers.
  • Transaction Data: includes payment details to and from you and other information related to products and services you have purchased from us.
  • Technical Data: includes the Internet Protocol (IP) address, your login details, browser type and version, time zone and location setting, types and versions of browser plug-ins, the operating system and platform and other technologies for the devices you use to access this website.
  • Profile Data: includes your username and password, your purchases or instructions, your interests, preferences, comments as well as your survey responses.
  • Usage Data: includes information about how you use our website, products and services.
  • Product / Service Promotion and Communication Data: includes your preferences regarding the marketing of our products, either by us or third parties, and your preference for how we communicate.

Also, we collect, use and share Aggregate Data such as statistics or demographics for any purpose. Aggregate Data may be derived from your personal data, but are not considered legal data as this data does not disclose your identity directly or indirectly. For example, we may collect your usage data to calculate the percentage of users who have access to a particular feature of our website. However, if we combine or link Aggregate Data with your personal data so that they can identify you directly or indirectly, we consider the combined data to be personal data that will be used in accordance with this privacy statement.

Except in the case of health insurance, we do not collect Special Categories of Personal Data about you (including information about your race or nationality, religious or philosophical beliefs, sex life, sexual orientation, political affiliation, your health and your genetic and biometric data). We also do not collect information about criminal convictions and offenses.

If you have a health insurance policy with us, we may also collect specific categories of personal data, including your height, weight, occupation and medical history.

IF YOU FAIL TO GIVE PERSONAL DETAILS

In the event that we are required to collect personal data due to a legal obligation or under the terms of a contract we have with you and fail to provide this data when requested, we may not be able to perform the contract we have entered into or are about to enter into. with you (for example, to provide you with our services). In this case, we may need to cancel a service we provide to you, but if that happens, we will notify you within a reasonable time.

  1. HOW YOUR PERSONAL DATA IS COLLECTED

We use different methods to collect data from and for you, including through:

  • Direct communication. You can provide us with your Identity, Contact Information and Financial Information by filling out forms or contacting us by post, telephone, email or otherwise. This includes personal data you provide when:
    • submit a statement for the provision of our products or services,
    • subscribe to our service or posts,
    • you ask to be informed in relation to the promotion of our products or services,
    • participate in a competition, submit a complaint or complaint or take part in a market research,
    • submit your comments / remarks to us.
  • Automated technologies or interactions. As you use our website, we may automatically collect technical data about your equipment and your navigation actions. We collect this personal data using cookies, server logs and other similar technologies. We may also receive technical information about you if you visit other websites that use our cookies. See our cookie policy for more details.
  • Third parties or sources available to the public. We may receive personal information about you from various third parties and public sources as listed below:
  • Technical data from the following parts:

(a) Analytics service providers, such as Google based outside Ή within the EU;

(b) Advertising networks located within Ή outside the EU, and

(c) Providers of search information located within Ή outside the EU.

  • Communication data, financial and transaction data from technical, payment and delivery service providers based in or outside the EU.
  • Identity and communication data from intermediaries or data collectors based in or outside the EU.
  • Identification and communication data from publicly available sources, within Ή outside the EU.
  1. HOW WE USE YOUR PERSONAL DATA

We will only use your personal data when permitted by law. As a rule, we will use your personal data in the following cases:

  • When we have to perform the contract that we are going to sign or have concluded with you.
  • When necessary to safeguard our legitimate interests (or those of a third party) and your interests and fundamental rights do not outweigh our own.
  • When we have to comply with a law or regulation.

In general, we do not rely on consent as the legal basis for the processing of your personal data, other than sending / promoting promotional material via email or cell phone messages. You have the right to withdraw your consent to promote promotional material at any time by contacting us .

PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA

Below we present, in the form of a table, a description of all the ways in which we may process your personal data as well as the legal basis on which we base this processing. We also list our legitimate interests where required.

Please note that we may process your personal data for more than one legitimate purpose, depending on the specific purpose for which we use your data. Please Contact us if you need details about the legal basis on which we base the processing of your personal data, in case it is used in addition to a legal basis in the processing and are described in the table below:

Purpose / Activity

Data type

Legal basis for processing, including legitimate interest

To register as our new customer

(a) Identity

(b) Communication

Execution of a contract with you

To process and provide you with our services, which include:

(a) Management of payments, fees and charges

(b) Collection and recovery of money owed to us

(a) Identity

(b) Communication

(c) Financially

(d) Transactions

(e) Promotion of Advertising material and communication

(a) Execution of a contract with you

(b) Necessary for our legitimate interests (for the recovery of debts owed to us)

To manage our relationship with you, which will include:

(a) Notice of changes to our terms or our privacy policy

(b) Asking you to leave a review or complete a survey

(a) Identity

(b) Communication

(c) Profile

(d) Advertising and communication

(a) Execution of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to update our records and study how customers use our products / services)

To be able to enter a draw, a contest or complete a survey

(a) Identity

(b) Communication

(c) Profile

(d) Use

(e) Advertising and communication

(a) Execution of a contract with you

(b) Necessary for our legitimate interests (to study how customers use our products / services and to develop them)

For the management and protection of our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and data hosting)

(a) Identity

(b) Communication

(c) Technically

(a) Necessary for our legitimate interests (for the operation of our business, the provision of administrative and IT services, network security, fraud prevention and in the context of a business reorganization or restructuring of the complex)

(b) Necessary to comply with a legal obligation

To provide relevant content and ads on our website and to evaluate or understand the effectiveness of the advertising we offer you

(a) Identity

(b) Communication

(c) Profile

(d) Use

(e) Advertising and communication

(f) Technical

Necessary for our legitimate interests (to study how customers use our products / services and to develop them)

To use data analytics to improve our website, products / services, advertising, relationships and customer experience

(a) Technical

(b) Use

Necessary for our legitimate interests (to define customer types for our products and services, to keep our website up to date and relevant, to grow our business and to update our advertising strategy)

To suggest or recommend products or services that may interest you

(a) Identity

(b) Communication

(c) Technical

(d) Use

(e) Profile

Necessary for our legitimate interests (development of our products / services)

PROMOTION OF PRODUCTS AND SERVICES

We provide you with options regarding the use of your personal data, in particular regarding the promotion of our products / services and advertising:

ADVERTISING OFFERS

We may use Identity Data, Communication Data, Technical Data, Usage Data and Profile Data to form an opinion about your interests and needs. This is how we decide which products, services and promotions may be relevant to you (we call this product and service promotion).

We will contact you to promote our products and services if you have requested information or purchased services from us and you have not chosen to opt out of this promotion.

PROMOTION OF THIRD PARTY PRODUCTS AND SERVICES

We may share your personal data with third party professionals who provide us with services in relation to product and service promotion strategies. You reserve the right to withdraw your consent at any time by contacting us .

OPTION OF WITHDRAWAL OF CONSENT

You can withdraw your consent to send product and service promotional messages at any time by logging in to our website and checking or disabling the relevant checkpoints to set your product and service promotion preferences or by following the consent withdrawal links in each message promoting products and services sent to you or Contacting us at any time.

When you choose to withdraw your consent to receive these product or service promotional messages, this will not apply to the personal data provided to us as a result of a product / service purchase or other transaction.

COOKIES

You can set your browser to reject all or some of the browser cookies or to notify you when the web pages you visit set or access cookies. If you disable or reject cookies, please note that some parts of this website may not be accessible or may not work properly. For more information about the cookies we use, please see the LINK IN OUR COOKIES POLICY .

CHANGE OF PURPOSE

We will use your personal data only for the purposes for which we collected it, unless we reasonably believe that we should use it for another purpose as it is compatible with the original purpose. If you would like to receive an explanation of how the editing for the new purpose is compatible with the original purpose, please contact us .

If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.

Please note that we may process your personal data without your order or consent, for our compliance with the above rules, when required or permitted by law.

  1. TRANSMISSION OF YOUR PERSONAL DATA

We may need to share your personal information with the parties listed below for the purposes set out in the table in paragraph 4 above.

  • Internal Third Parties, as set out below.
  • External Third Parties as listed below.
  • Special third parties with whom we work to provide our services
  • Third parties in which we can choose to sell, transfer or merge parts of our business or assets. Alternatively, we may seek to acquire other companies or merge with them. If a change occurs in our business, then the new owners can use your personal information in the same way as stated in this privacy statement.

We require all third parties to respect the security of your personal data and to be treated in accordance with the law. We do not allow third parties who provide our services to use your personal data for their own purposes unless specifically authorized to process your personal data for specified purposes and in accordance with our instructions.

  1. INTERNATIONAL TRANSFERS

We share your personal data with entities outside the European Economic Area (EEA). This will involve the transfer of your personal data outside the European Economic Area (EEA).

Many of our external third parties are located outside the European Economic Area (EEA), and the processing of your personal data will therefore involve the transfer of data outside the EEA.

Whenever we transfer your personal data from the EEA, we ensure that you are given a similar degree of protection by securing at least one of the following safeguards:

  • We will only transfer your personal data to countries that are considered to provide an adequate level of personal data protection by the European Commission.
  • If we use certain service providers, we can use specific contracts approved by the European Commission, which give personal data the same protection as in Europe.
  • When using providers based in Israel and Switzerland, we can transfer data to them, without prejudice to the European Commission's Adequacy Decisions, which confirm that they offer data protection levels substantially equivalent to those of the EU.

Please contact us if you would like more information on the specific mechanism used by us when transferring your personal data outside the EEA.

  1. DATA SECURITY

We have established appropriate security measures to prevent any loss, use or access to your personal data in an unauthorized manner, modification or disclosure. In addition, we restrict access to your personal data to those employees, agents, contractors and other business third parties who are aware of it. Only your personal data will be processed according to our instructions and will be subject to a confidentiality commitment.

We have put in place procedures to deal with any possible breach of your personal data and we will notify you as well as the supervisory authority of any breach where we will be legally obliged to do so.

  1. DATA MAINTENANCE

FOR WHICH TIME WILL YOU USE MY PERSONAL INFORMATION

We will retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including the fulfillment of any legal and accounting requirements or reporting requirements.

To determine the appropriate period of retention of personal data, we examine the extent, nature and sensitivity of personal data, the potential risk of damage from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and how much we can achieve these goals by other means as well as the current provisions of the legislation.

In some cases you can request the deletion of your data: see the " Your legal rights" section below for more information.

In some cases, we may collect your personal data which is unrecognizable (so that they can no longer be associated with you) for research or statistical purposes, in which case we may use it indefinitely without further notice to you. .

  1. YOUR LEGAL RIGHTS

Under certain conditions regarding your personal data, you have rights under the General Privacy Policy (GPD).

You have the right:

Request access to your personal data (commonly known as " subject rights request "). This allows you to obtain a copy of the personal data we hold about you and verify that the processing is legal.

Request the correction of the personal data we hold about you. This enables you to correct or update any incomplete or inaccurate data we hold about you, although we may need to verify the accuracy of the new data you provide to us.

Request deletion of the data concerning you. This allows you to request that we delete your personal data which is no longer necessary in relation to the purposes for which it was collected and there is no other legal basis for the processing. You also have the right to ask us to delete your personal data in case you have exercised your right to object to the processing (see below), where your personal data may have been processed illegally or where we are required to delete your personal data to comply with domestic law. Please note, however, that we may not always be able to comply with your request for deletion due to any legal or regulatory obligation,

Oppose the processing of your personal data on which we rely for reasons related to your particular situation as you feel that it affects your fundamental rights and freedoms (or the fundamental rights of a third party). You also have the right to object to the processing of your personal data for the purpose of direct marketing. If you claim your right to object, the processing stops unless we are able to demonstrate that we have a legitimate interest in processing your personal data which may infringe on your rights and freedoms.

Request a restriction on the processing of your personal data. This allows you to ask us to restrict the processing of your personal data in the following cases: (a) if you want us to verify the accuracy of your personal data; (b) if the processing is illegal but you do not wish to delete it ( c) where we no longer need your personal data for processing purposes but this data is required by you to establish, exercise or support your legal claims; or (d) you have objected to the processing of your data by us pending its processing. verification that we have a legitimate interest in processing them.

Request to receive your personal data or transfer it to third parties. We will provide you or third parties of your choice with your personal data in a structured, commonly used and machine-readable format. We will satisfy your request if the processing is automated and based on the consent you originally provided or to process a contract with you.

Revoke your consent at any time, which you provided to us for the processing of your personal data. However, please note that revoking your consent does not affect the legality of any processing that was based on consent prior to its revocation. If you withdraw your consent, we may not be able to offer you some of our products or services. We will advise you accordingly the moment you withdraw your consent.

If you wish to exercise any of the rights listed above, please contact us .

NO CHARGE IS NORMALLY REQUIRED

There will be no charge for accessing your personal data (or exercising any of your other rights). However, there may be a reasonable charge if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

WHAT WE MAY NEED FROM YOU

We may need to ask you for specific information to help us verify your identity and secure your right to access your personal data (or to exercise any of your other rights). This is a security measure that ensures that your personal data is not disclosed to anyone who does not have access to it. We may also contact you to request further information to expedite our response to your request.

TIME LIMIT FOR ANSWER

We strive to respond to all your legitimate requests within one month. In some cases we may need more than a month if your request is too complex or you have made a number of requests. In this case, we will notify you and keep you informed.

  1. GLOSSARY

LEGAL BASIS

Legitimate interest is the importance that our Company gives for the conduct and management of the operations of our business, so that we can offer you the best service / product as well as the maximum possible service. We certify that we consider and balance any potential impact on you (positive and negative) and your rights before processing your personal data for our legitimate interests. We do not use your personal data for activities that will benefit us in violation of your own interests (unless we have your consent or if required or permitted by law). You can get more information about how we evaluate our legitimate interests from any potential impact on you in relation to specific activities contacting us .

Execution of the Contract means the processing of your data, when necessary for the execution of a contract to which you are a party or to take action when submitting your application before the conclusion of such a contract.

Compliance with a legal or regulatory obligation means the processing of your personal data, when this is necessary to comply with a legal or regulatory obligation to which our Company is subject.

THIRD PARTIES

EXTERNAL THIRD PARTIES

  • Service providers acting as controllers based in the following countries and providing claims management.
  • Professional consultants acting as regulators, including lawyers, bankers, auditors and insurers based in Switzerland and Greece and providing consulting, banking, legal, insurance and accounting services.