Privacy Policy


The purposes of data processing

ELESTIA LTD, as an insurance brokerage company, acts on behalf of the client. We collect, process and maintain the necessary personal data required in order to provide our services. The purposes for which your data is processed are the following:
• Pricing of insurance products, risk assessment and bidding
• Issuing of insurance contract
• Insurance contract management
• Claims management
• Company’s compliance with applicable law.

Privacy

The personal and sensitive data we manage can be:
• Name, phone number postal address and e-mail
• Tax ID, Tax Office, Social Security Number
• Bank Account Number
• Vehicle registration number
• Photos
• Copies of identity card, passport, driving license, vehicle registration certificate, civil status registration
• Data necessary for issuing insurance contracts, the operation, the maintenance and the implementation of the terms of the contracts
• Legal data
• A special category of personal information, such as health, family, work information.


Personal data for marketing purposes

Given your consent, we may use your personal data for marketing and promotional purposes. More specifically:
• We may send you updates and promotional material for insurance products and insurance services
• We may use your data in statistical research analysis.
In case you want to withdraw your consent and stop using your data for marketing purposes, please contact us by sending an email to: info@helestia.eu


Data transfer

Your personal data is disclosed to the following third parties in order to effectuate our pre-contractual and / or contractual relationship as well as the Company’s compliance with applicable legislation:
• Insurance Companies or Insurance Companies Representatives with whom our Company maintains legal contracts and agreements;
• The external accountant to whom some of the above data is transmitted in order to fulfill the company’s tax obligations;
• Public authorities, insurance funds, banks, legal and other authorities as required by legislation.
Your personal data is not disclosed to countries outside the European Union.

Data retention

• Your personal data is retained by our Company in accordance with the provisions of the applicable law for the period required to fulfill the performance of the contract, the reciprocal claims procedures and our compliance with legislative and regulatory requirements.
• In the event that you decline receiving our services, your personal data is deleted within 2 years.


Your rights

You have the following rights regarding your personal data that we hold about you:
• The right to be informed  about the collection and use of your personal data (who, for what purpose, recipients, retention period, etc.) and the right to have access to this data,
• The right to rectification, in case of any inaccurate or incomplete personal data
• The right to restrict processing of your personal data under certain conditions
• The right to erasure (“the right to be forgotten”) of your personal data, provided that data is not obligatory to fulfill the purposes for which it was collected
• The right to data portability. You have the right to receive your personal data as well as the right to request that such data be passed on to another controller.
• The right to object to the processing of your personal data, and the right to obtain human intervention in automated processing.

In order to exercise any of these rights you must send us your request by email at info@helestia.eu. Our Company will evaluate your request within 30 days and will inform you accordingly. In any case, you can contact the Hellenic Data Protection Authority (www.dpa.gr).


Our commitments

Our Company is committed to protecting your privacy and take all necessary measures to ensure that it is secure from loss, disclosure, leaking, mishandling or unauthorized access.


More specifically, the General Principles of Processing governing ELESTIA LTD are:

• Legality Objectivity and Transparency Principle. Personal data is subject to lawful and legitimate processing in a transparent manner in relation to the subject.
• Principle of Purpose Limitation. Personal data is collected for specified, explicit, and legitimate purposes and is not further processed in a manner incompatible with these purposes. (further processing may be done for archiving purposes in the public interest, legal interest, claims, lis pendens, historical research purposes or statistical purposes) • Data Minimisation Principle. We process adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed personal data.
• Principle of Accuracy. We process only accurate and up-to-dated personal data and we directly erase or rectify inaccurate data in relation to the purposes of the processing.
• Restrict Storage Period Principle. Data is kept for no longer than is necessary for the purposes for which it is processed. (Personal data may by stored for longer periods for archiving purposes in the public interest, legal interest, claims, lis pendens, historical research purposes or statistical purposes)
• Principle of Integrity and Confidentiality. Personal data is processed in a manner that ensures its appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.