The purposes of data processing
ELESTIA LTD, as
an insurance brokerage company, acts on behalf of the client. We collect,
process and maintain the necessary personal data required in order to provide our
services. The purposes for which your data is processed are the following:
• Pricing of insurance products, risk assessment and bidding
• Issuing of insurance contract
• Insurance contract management
• Claims management
• Company’s compliance with applicable law.
Privacy
The personal and
sensitive data we manage can be:
• Name, phone number postal address and e-mail
• Tax ID, Tax Office, Social Security Number
• Bank Account Number
• Vehicle registration number
• Photos
• Copies of identity card, passport, driving license, vehicle registration
certificate, civil status registration
• Data necessary for issuing insurance contracts, the operation, the maintenance
and the implementation of the terms of the contracts
• Legal data
• A special category of personal information, such as health, family, work
information.
Personal data for marketing purposes
Given your
consent, we may use your personal data for marketing and promotional purposes.
More specifically:
• We may send you updates and promotional material for insurance products and insurance services
• We may use your data in statistical research analysis.
In case you want to withdraw your consent and stop using your data for
marketing purposes, please contact us by sending an email to: info@helestia.eu
Data transfer
Your personal
data is disclosed to the following third parties in order to effectuate our pre-contractual and / or contractual
relationship as well as the Company’s compliance with applicable legislation:
• Insurance Companies or Insurance Companies Representatives with whom our
Company maintains legal contracts and agreements;
• The external accountant to whom some of the above data is transmitted in
order to fulfill the company’s tax obligations;
• Public authorities, insurance funds, banks, legal and other authorities as required by legislation.
Your personal data is not disclosed to countries outside the European Union.
Data retention
• Your personal
data is retained by our Company in accordance with the provisions of the
applicable law for the period required to fulfill the performance of the
contract, the reciprocal claims procedures and our compliance with legislative and regulatory requirements.
• In the event that you decline receiving our services, your personal data is
deleted within 2 years.
Your rights
You have the
following rights regarding your personal data that we hold about you:
• The right to be
informed about the collection and use of your personal data (who, for what purpose,
recipients, retention period, etc.) and the right to have access to this data,
• The right to rectification, in case of any inaccurate or incomplete personal
data
• The right to restrict processing of your personal data under certain
conditions
• The right to erasure (“the right to be forgotten”) of your personal
data, provided that data is not obligatory to fulfill the purposes for which it
was collected
• The right to data portability. You have the right to receive your personal
data as well as the right to request that such data be passed on to another
controller.
• The right to object to the processing of your personal data, and the right to
obtain human intervention in automated processing.
In order to exercise any of these rights you must send us your request by email
at info@helestia.eu. Our Company will evaluate your request within 30 days and
will inform you accordingly. In any case, you can contact the Hellenic Data
Protection Authority (www.dpa.gr).
Our commitments
Our Company is committed to protecting your privacy and take all necessary measures to ensure that it is secure from loss, disclosure, leaking, mishandling or unauthorized access.
More specifically, the General Principles of Processing governing ELESTIA LTD
are:
• Legality Objectivity and Transparency Principle.
Personal data is subject to lawful and legitimate processing in a transparent
manner in relation to the subject.
• Principle of Purpose Limitation. Personal
data is collected for specified, explicit, and legitimate purposes and is not
further processed in a manner incompatible with these purposes. (further processing may be done for
archiving purposes in the public interest, legal interest, claims, lis pendens,
historical research purposes or statistical purposes) • Data Minimisation
Principle. We process adequate, relevant and limited to
what is necessary in relation to the purposes for which they are processed
personal data.
• Principle of Accuracy. We process only accurate and up-to-dated personal data
and we directly erase or rectify inaccurate data in relation to the purposes of
the processing.
• Restrict Storage Period Principle. Data is kept for no longer than is
necessary for the purposes for which it is processed. (Personal data may by
stored for longer periods for archiving purposes in the public interest, legal interest,
claims, lis pendens, historical research purposes or
statistical purposes)
• Principle of Integrity and Confidentiality. Personal data is processed in a manner that ensures its appropriate security,
including protection against unauthorized or unlawful processing and against accidental
loss, destruction or damage, using appropriate technical or organizational
measures.