PROTECTION OF PERSONAL DATA
HELESTIA INSURANCE BROKERS AND ESTATE AGENTS LIMITED with trading name Helestia Limited (also referred to as “the Company” or “us” or “we” or “our”) www.helestia.com (Website) is operating in the context of its business activity, as insurance intermediary (Services). We take the privacy of data protection very seriously and acknowledge the importance of maintaining user privacy while you browse our website or use our Services. We ensure that the processing of your personal data is carried out in compliance with applicable data protection laws including the General Data Protection Regulation 2018, both by the Company itself and by our third parties who may process your personal data on our behalf.
Controller identification & Contact Details
HELESTIA INSURANCE BROKERS AND ESTATE AGENTS LIMITED, El. Venizelou (Panepistimiou) 39, 10564 Athens, (firstname.lastname@example.org, tel: 210.32 33 067, https://helestia.com/el/) is the data controller and responsible for processing your Personal Information for the purposes of data protection law
For any matter relating to the processing of your personal data, or if you would like to exercise any of your rights or file a complaint regarding your personal data, you can contact our Data Protection Officer, tel: 210.3233067, e-mail: email@example.com, fax: 210.3233505, or contact us by post to the above address with the indication of the Data Protection Officer.
Purposes of processing Personal Data
HELESTIA LTD, which acts on behalf of the customer, collects, processes, stores and maintains only necessary personal data required for the provision of its services to its customers. We may process your persona data for the following purposes:
- to verify your identity,
- to communicate with you in connection with our services, or in case of a vacancy in our company,
- to share your information with our insurance partners in order to analyse, issue and manage your insurance policies according to your requirements,
- to manage claims, complaints and requests for access to your data
- to provide you high level of quality services, education and security
- to comply as a Controller with applicable laws and regulations and public and governmental authorities,
- to prevent and detect fraud and money laundering
- to facilitate the functionality of the use of social media
- to conduct market research and analysis including customer satisfaction surveys,
- to promote third party products and services that relate to your insurance policy,
- to create statistics based on anonymous and aggregated data
Personal Data we may process
In order to provide you with the services you, as a customer, require, you are requested to provide us accurate and necessary information that enables us to respond to your request, such as name, contact details, date of birth, marital status, financial and employment details. We may also collect, where appropriate, only the absolutely necessary sensitive data about you such as health, compensation insurance or employee benefit programs sponsored by your employers, criminal convictions, etc.
If you provide us with sensitive personal information, you understand and you give us your explicit consent to collect, use and disclose this information to our third parties in order to obtain insurance quotes on your behalf.
In the event of a claim, our company may request additional information and supporting documents that will relate to the event.
If you are a natural person working for a client of our Company, your personal data which we process in order to provide insurance services to your employer, is provided to us by the client company which is responsible for obtaining the necessary consent from you to provide us with your data.
We also collect data (such as name, e-mail, telephone contact details) which you give us directly through our company’s social media in order to inform you about the best insurance proposals that concern you.
More specifically, our company collects and processes the following data:
- Individual Details: First Name, Last Name, mailing address (proof of address), Email and Telephone details, gender, marital status, family details, date and place of birth, employer, job title, and employment history, relationship to the policy holder, insured, beneficiary or claimant, and level of education.
- Identification Details: police ID and passport number, tax identification number, social security or national insurance number, Tax Office, Specializations and certificates, driver’s licence number or any other identification numbers issued by government bodies or agencies, depending on the country you are in.
- Financial Information: Bank accounts number & details, debit or credit cards
- Electronic identification details: e-mail, account usernames, account login time / duration, security logs, antivirus logs permissions, ip address, cookies, browser, activity on applications, browsing history
- Special category of personal data, such as health information (current or former medical condition, injury or disability information, medical surgeries or diagnostic tests performed, relevant personal habits (smoke, alcohol), prescription information, family medical history), racial or ethnic origin, sexual orientation, biometric data.
- Credit history and credit score, information about fraud convictions, allegations of crimes and sanctions details received from various anti-fraud and sanctions databases or regulators or law enforcement agencies
- Previous claims (which may include personal health data)
This website is not addressed to users under the age of eighteen (18) and we ask these users not to provide personal information through the website or social media. We do not collect or process children’s data through our Website.
We only process data of minors subject to parental consent.
Sources of Personal Data
“Personal data” is information that directly or indirectly identifies you as a natural living person, or persons related to you (General Protection Regulation Data 2016/679 / EU). We collect your personal data from various sources (depending on the country you are in), such as:
- individuals and their family members (insurance application form, claims form, compensation form, insurance policies) and other third parties (including the other party to the claim, claimant or defendant, witnesses, loss adjustors, lawyers and claims handlers)
- telephone calls, e-mails and CVs submission,
- other insurance market participants such as insurers and other intermediaries, experts, technical consultants, health professionals, employers
- Public / governmental and judicial authorities,
- our website e.g., IP address, cookies, etc. and our social networking pages
- anti-fraud databases and sanctions lists
- other sources to the extent permitted by applicable law and in particular the EU General Data Protection Regulation 679/2016.
Lawful Basis of Processing
The processing of your personal data is always based on the legal grounds set out in the General Data Protection Regulation (GDPR) 2016/679 EE and specifically on the written consent you provide to us, which is necessary for the execution of a contract between our company and the data subject. This consent allows us to share the information with other partners (such as insurers, intermediaries) that may need to process your information in order to provide you with the services you requested.
Furthermore, the processing is performed in order for our Company to fulfil its own legal obligations.
We will obtain your consent for commercial and marketing purposes (informative e-mails, telephone communication) through a separate notice which will be presented to you when appropriate.
Recipients of Personal Data
Due to our business activity, as insurance intermediaries, we operate professionally outside the Greek borders and we may transfer your personal data:
- in parts of our company that are responsible for taking the risk, for the correct and smooth operation of your insurance policy, as well as for your compensation.
- to companies and / or natural persons, associates of our company, with whom there are legal contracts and agreements, with the sole purpose of serving our pre-contractual and / or contractual relationship.
- in public services, insurance funds, judicial, public and other authorities as provided by law.
- to experts, cooperating postal service companies, consultants of all kinds (legal, financial services, etc.)
- to companies located in countries in EU and outside the European Economic Area (EEA). We will ensure that we have appropriate safeguards in place when transferring data to companies located outside EEA which are not deemed adequate by the EU Commission by adopting EU Model Contract Clauses and other guarantees applicable from time to time. We always take every measure so that the data transfers are always the minimum necessary and that the conditions for legal and fair processing are always met and provided that the consent of the natural person has been provided.
Your data processed by our Company is stored through i-cloud servers. The traders with our company, by providing their data in any of the above ways, consent to this transfer in order to store their personal data abroad.
Refusal or Withdrawal of your Consent
You may withdraw your consent to the processing of your personal data at any time.
However, please note that if you refuse to provide your personal data that is absolutely necessary for the insurance policy requested, our Company may not be able to provide the services of an insurance contract.
If you choose to object to the processing of your data, we are given the right to terminate the insurance policy issued on the basis of this processing, with immediate effect.
Your rights regarding Personal Data
Every natural person whose data is processed has certain rights. You can at any time exercise those rights, free of charge (unless it is proven that your request is manifestly unfounded or excessive):
- The right to access, your personal data we hold about you and be informed on how and why we process it
- The right to correct, update or modify your personal data to ensure your details are accurate and up to date
- The right to limit the processing of certain data in the following cases: (a) when you dispute the accuracy of the data and until we verify such data, (b) when, instead of deleting, you request the limitation on processing, (c) when such data are no longer needed for processing purposes, but are however indispensable for the foundation, exercise or support of legal claims; and (d) when you oppose to the processing and until it is verified that there are legitimate grounds that concern us and supersede the reasons for which you are opposed to the processing
- The right of erasure (“right to be forgetten”) your personal data, provided that its processing is no longer necessary to pursue the purposes for which they were collected, or in order to protect our legitimate interests
- The right of data portability, ie you may receive your personal data in a format that allows you to access, use and edit them with commonly used editing methods. Satisfaction of this right does not imply their deletion from our files, if there are reasons of legal interest of our company
- The right to object to the processing of personal data, unless there are compelling and legal reasons for processing that outweigh your interests, rights and freedoms or to establish, exercise or support legal claims by our company.
- The right to ensure human intervention in automated procedures, including automated decision-making and profiling (decision-making exclusively using an electronic system without human involvement (in certain circumstances)
- The right to revoke your consent to the processing at any time without affecting the legality of consent-based processing prior to said revocation.
- The right to file a complaint to Personal Data Protection Authority (www.dpa.gr, 1-3 Kifissias Ave., 11523 Athens, tel: 210.6475600, e-mail: firstname.lastname@example.org), in case that you consider that the protection of your personal data is in any way affected
You also have the right to appeal to the competent judicial authorities for the protection of your personal data.
For more information regarding your rights, you can send us your request by e-mail to email@example.com, or by registered letter to the address Helestia Ltd, El. Venizelou (Panepistimiou) 39, 10564 Athens.
Our Company will make every reasonable effort to evaluate your request within one calendar month and will inform you accordingly. In case this is not possible we will inform you about the necessary extension which will not exceed two calendar months.
Retention time of your personal data
We ensure that your personal data is maintained and processed by our Company for a period necessary for the processing purposes for which the information was collected or as required by law.
In case you do not proceed doing business with our company, your personal data will be deleted within 5 years.
The security of your personal information is very important to us and we use all the state-of-the-art technical, physical, legal and procedural safeguards, in accordance with the applicable laws on privacy and security of personal data appropriate to protect and secure your data from loss, disclosure, leakage, misuse, incorrect manipulation or unauthorized access. However, it is not possible to guarantee that data transfer and storage over the Internet is completely secure. If you have reasons to believe that your data is no longer secure (eg if you feel that the security of any of your Personal Information you may have with us is compromised), please notify our Company Privacy Officer.
In our company, only authorised individuals have access to your personal data and they receive training about the importance of protecting personal information.
Our business partners are contractually bound to maintain the confidentiality and security of personal information and may not use the information for any unauthorised purpose.
This policy was updated on March 2021.