Processing of personal data
PZU Insurance processes personal data under the law or in accordance with the consent given by the person. The consent is needed primarily for the processing of data for marketing reasons, otherwise the personal data is processed on the basis of law.
Without persons consent we have the right to process personal data for the performance of the contract, primarily if it is needed for:
- assessment of the insurance risk or other activities carried out prior to the entry into the insurance contract, incl. for making individual decisions based on automatic processing;,
- determination of the performance of the obligations arising from the contract and the scope of their performance;
- exercising the right of recourse.
We collect information containing personal data about the persons (clients) to whom we provide services related to insurance activities, including policyholders, persons equalised with the policyholder in the insurance contract, persons related to the policyholder, insured persons, beneficiaries, injured persons or persons with whom we hold negotiations about entering into a insurance contract. We also collect information containing personal data about the persons who caused insured events and witnesses and also data concerning commission of an offence or falling victim to an offence.
Upon the collection of personal data, we send queries to stage or local government agencies, health service providers or other third parties.
Collected personal information includes, but is not limited to the person’s name, personal identification code, date of birth, address and contact details, age, place of work, position, business activity, insurance and loss history, also special kind of personal data (health data).
The aim of collecting the information is to guarantee the transparency of the performance of insurance contracts and their compliance with the requirements of legislation.
Security and retention
The processing of personal data and data protection is based on the provisions of the General Terms and Conditions of Insurance Contracts, the Personal Data Protection Act, the Insurance Activities Act, the General Data Protection Regulation of the European Parliament and the Council and other relevant regulations and the internal regulations of PZU Insurance.
We have enacted the security and confidentiality rules required by law and have adopted appropriate security measures to protect the personal data we collect. We rely on the principle of minimality in processing of personal data, and we delete inaccurate personal data or correct errors immediately after we have discovered inaccurate data.
We will only allow our employees to access personal data if it is necessary for the performance of their duties and the relevant permission has been applied and granted.
The processor may process the personal data transferred to him only for the purposes and to the extent necessary for the performance of the services specified in the contract.
According to the Insurance Activities Act and the contracts entered into, our employees and our personal data processors are required to keep personal data confidential for an indefinite period of time. Processing of personal data for purposes not related to the performance of tasks or the provision of services shall be prohibited.
We save and store information transmitted through PZU Insurance means of communication (e.g phone, e-mail, home page), incl. recording phone conversations with customers. We use the stored information for the performance of the insurance contract and / or for ensuring the performance of the insurance contract, for verifying the declarations of intent or for the transactions made and for servicing the client.
We retain personal data until the purposes of processing or the obligations arising from legislation are met, taking into account the statutory term of limitation and retention of data.
Assessing the insurance risk
When assessing the risk of natural persons PZU Kindlustus takes into account, among other things, the policyholder’s previous losses and payment behavior. In property insurance, for example, when assessing the risks associated with an insured vehicle, the vehicle’s age, engine power and policyholder address data are taken into account, for example in assessing of buildings, the building’s fire resistance and technical protection. In assessing the insurance risk of legal persons, PZU Kindlustus takes into account amongst the risks related to the insured object, also the company’s financial position, organizational and management structure.
If you have provided incorrect information to PZU Kindlustus in the course of the pre-contractual negotiations or during the occurrence of an insured event about the material circumstances required by PZU Kindlustus, we may take this fact into account in the subsequent assessment of the insurance risk and when determining the performance of the obligations arising from the contract and the scope of the performance. The purpose of taking this fact into account is to exclude a situation in which you have a desire to knowingly create a false impression to PZU Insurance about the actual circumstances by hiding important circumstances or presenting the facts incorrectly, as a result of which you, as a policyholder, have the opportunity to gain unfair proprietary benefits. If PZU Insurance has become aware of the submission of incorrect data that is relevant to the assessment of the insurance risk or to the handling of the insured event in PZU Insurance, we assess the relevance of the respective information on a case-by-case basis and take the result of the assessment into account when making decisions.
Transfer of personal data
We forward personal data to third parties only if we are obliged to do so by the law or if PZU Kindlustus has signed personal data processing agreement with the third party.
We provide personal data under the law:
- to the mortgagee and to the commercial pledgee;
- supervisory authorities;
- investigative bodies, prosecutors, courts and Estonian Financial Intelligence Unit;
- a trustee in bankruptcy, a notary and a bailiff.
A state or local government agency, health care provider, or other third party has the right, without your consent, to forward your personal data to PZU Insurance, or to grant access to your personal data if your personal data is necessary for PZU Insurance to perform and enforce the insurance contract or to submit claims, unless transferring or providing access to data is not permitted for the insurer.
Pursuant to the Insurance Activities Act, PZU Insurance has the right to forward your personal data related to an insured event to your reinsurer to determine the performance of the reinsurance contract and its scope.
PZU Insurance also has the right, in addition to the assessment of creditworthiness, to forward to another insurer, at his request, your personal data for the assessment of the insurance risk and the obligation to fulfill the insurance contract and to determine its scope if you have:
- provided incorrect information on material circumstances required by the insurer during the pre-contractual negotiations;
- deliberately caused the occurrence of an insured event or provided inaccurate information on the material circumstances of the insured event.
For this purpose, PZU Kindlustus does not collect or transmit to third parties a specific type of personal data, information concerning the commission of an offense or its victimization before a public hearing or decision on an offense or termination of the proceedings, or if it damages the rights or freedoms of the data subject.
We also forward personal data to financial companies belonging to the same consolidation group as PZU Kindlustus at the request of the latter, in particular as regards reporting and auditing by the PZU Group and relating to other intra-group reporting and procedures.
In other cases, we forward personal data to third parties with the written consent of the person whose data is forwarded.
Once you have agreed to receive email with the information about our offers, we will provide you information about special offers and campaigns concerning our products and services. In order to send such offers, we make inquiries in the collected personal data, analyze the data, sort them, and sample them to get the right messages to the right customers.
If you have received information about offers from PZU Insurance, you have the right to withdraw your consent at any time by prohibiting the processing of your personal data for making of offers. To withdraw your consent, please contact info [ät] pzu.ee
We also offer our clients the opportunity to participate in our customer surveys to get feedback to our services and to examine the customer’s habits. We record, organize, and analyze the data we receive in the course of our research, and use them to develop our insurance services and to offer the services to our customers.
Without prior consent, we will provide you with non-marketing information concerning specific product related to you, such as invoices and reminders for payment of insurance premiums, as well as information about how you can conveniently order a green card through our website.
Our website has links to the social media network (e.g Facebook), as we also use social media channels to communicate information about PZU Kindlustus. In social media, the provision of information is subject to the privacy provisions of the respective service providers who collect, use and maintain the personal data of the users based on their privacy provisions. If you click on the social media Facebook link on the PZU Kindlustus website, and if you are logged in to Facebook when clicking on the link, the service provider can associate the visit with the link you clicked. Through this, you give Facebook your consent to transfer and store your data. If you do not wish to give consent to process personal data in this way, you first must log out from the relevant social media channel before clicking on the social media link in the PZU Kindlustus website or simply do not click on the link in the PZU Kindlustus home page.
As a client, you have the right to review your personal data at any time in the office of PZU Kindlustus or by sending the relevant request to info[ät]pzu.ee. The personal data cannot be reviewed if this right is restricted by legislation. If you find that your personal data are not processed in compliance with the contract, the general terms and conditions and/or legislation, you have the right to demand that PZU Kindlustus terminates the processing of your personal data and/or allowing access to them and/or the deletion of the collected data.
You have the right to withdraw your consent to the processing of personal data at any time, except for the cases where personal data processing is permitted without your consent pursuant to law. The withdrawal of consent does not influence the lawfulness of the data processing that took place on the basis of your consent before it was withdrawn.
If you find that the requirements for processing your personal data have been breached, you can demand the termination of the breach by contacting the person responsible for personal data protection at PZU Kindlustus ( isikuandmed[ät]pzu.ee ) or send a complaint to the Data Protection Inspectorate ( http://www.aki.ee/ ).
Person responsible for personal data protection
PZU Kindlustus has appointed the Lawyer of Legal Department, Risk Manager and Head of IT and Change Department as persons responsible for the protection of personal data (Data Protection Officer), who´s responsibility is to:
- inform, advise and educate PZU Kindlustus employees and processors of personal data concerning the requirements related to the processing of personal data;
- monitor and control compliance with personal data protection principles by PZU Kindlustus and by processors of personal data;
- cooperate with the supervisory authority and to be the primary point of contact for the supervisory authority on the processing of personal data in PZU Kindlustus.
PZU Kindlustus does not give instructions to persons responsible for the protection of personal data to perform the above named tasks.
You have the opportunity to contact the persons responsible for the protection of personal data on all matters related to the processing of your personal data in PZU Insurance by sending request to isikuandmed[ät]pzu.ee.
PZU is AB "Lietuvos draudimas" Estonian Branch trademark in Estonia. AB "Lietuvos draudimas" is Lithuanian insurance company, that is part of the international PZU Group. Before entering into an insurance contract, please examine the terms and conditions or dial +372 622 4599 for additional information.