Apeiron Insurance Project protects your personal data. The protection of your personal data is our top priority.
Please find below necessary information on the GDPR, as well as the type of personal data we collect and the processing purposes. In addition, please be informed about the recipients to whom your data may be disclosed. As part of our activity, we have set rules, policies and procedures regarding the protection of natural persons against the processing of personal data.
General Data Protection Regulation (GDPR)
What is the General Data Protection Regulation
The General Data Protection Regulation 2016/679 (GDPR) ensures personal data protection at the same level for all citizens of the European Union. In addition, it ensures new stronger rights for the subjects. The core principle of GDPR is the protection of personal data as a fundamental human right. The Regulation applies throughout the European Union since May 25th, 2018.
Identity and contact details of the Data Protection Officer
The Data Protection Officer is Ms Styliani Loukou (tel: 213 0904305, email: firstname.lastname@example.org )
Data we collect
Our company mainly collects the following personal data:
A. Identification data, for example name, surname, date of birth, identity card/passport number, SSRN, VAT No.
B. Contact data: for example email/contact address, telephone/fax numbers
C. Payment data: for example bank accounts, debit/credit cards and other cards
D. Insurance data: Data necessary for the conclusion and treatment of the insurance policy (for example in relation to the financial conditions/assets, health data and driving history data).
E. Settlement data: Data necessary for handling any claims from insurance included in the compensation/premium payment request or statutory documents or relevant documents.
Source of personal data collection
The Company collects personal data from the following sources:
A. The insurance request, the accompanying documents and any other data that may have been published or will be published by the insurance recipient/insured person to the Company in the future, either orally or in any other written or digital mean, through its employees or associated insurance agents.
B.Members that are either associated or not to the company, such as experts, researchers etc. for your proper remuneration
C. Any digital communication with our Company, wither during your certification or subscription to our service.
D. Associated companies, such as roadside/accident assistance, legal protection companies.
Purpose of collecting & processing personal data
Your personal data collected will be processed by us and/or third parties performing the processing ordered and on our behalf for the following reasons:
-The evaluation of insurance policy conclusion request, your identification, your integration to a homogenous group of risks, the (re)assessment of risk that we are called to assume or have already assumed, the decision-making for the conclusion of an insurance policy and the calculation of your premium. As part of risk assessment, the use of automated means and/or methods is possible for the decision-making as part of risk assuming.
-The fulfillment of our obligations arising from the insurance policy to be concluded with you, its smooth operation and upgrade of the services provided to you.
-Our compliance with obligations imposed by the applicable legislative and regulatory framework for the prevention and treatment of fraud of the Companies and associated companies of provision of insurance services. To prevent cases of fraud, we may use automated means and/or methods of processing your personal data.
-Your information on other products and services of the Companies or associated companies or third parties and their promotion, provided you give your consent.
-The dispatch of questionnaires to you regarding the assessment of products and services offered, as well as of the measurement of your satisfaction.
-The provision of high-quality specialized services and customer services, thus ensuring the immediacy and quality in treating your requests.
-In case of a digital service, the processing may concern your certification to the service, the provision of a personalized experience based on your selections, the protection of the Company from possible threats that might harm the confidentiality, availability and integrity of data, as well as the availability and integrity of the service itself.
-The non-personalized processing of your data for statistic purposes and purposes of improving of our services.
Minors’ personal data
We do not deliberately seek or collect personal data from people under sixteen (16) years old and the content of our website does not address to such ages. If we find out that we have accidentally collected personal data from minors, these personal data will be deleted the soonest possible. However, you may collect personal data from minors under sixteen (16) years old directly from the persons having the parental care or guardians, with their express consent, and with the purpose of supporting, promoting and conducting this relationship
Personal data processing time
The Company will keep your data for as long as you have a contractual relationship with us, both in written and digital format. In case the contractual relationship is interrupted for any reason, you will keep your data until expiration of the timeframe for such requests. However, if the request for the insurance or amendment of an insurance policy submitted is not accepted, we will keep it for one (1) year from submission, unless there is a pending litigation beyond the aforementioned processing timeframe and until its termination by an irrevocable court ruling.
Recipients of personal data
The data of an insurance recipient /person insured may be sent to:
a. The Management and employees in the Companies, who are responsible for the management of operation of the insurance policies.
b. Other (re)insurance companies upon submission of a lawful request or pursuant to a contractual obligation.
c. Insurance agents, experts, researchers, roadside insurance companies, associated companies of damage repairs, customer service companies, hospitals and diagnostic centers, courier companies, companies of storage and handling of records, consultants (legal, financial ones, treatment of insurance cases etc.), natural or legal persons, such as service providers for the development and maintenance of information technology applications associated with the Company, on condition of respecting confidentiality for the purpose of proper execution of the insurance policy.
d. Public/court Authorities
Dispatch of data in a third country
The Company, as part of its compliance with the rules of automated exchange of information in the tax sector, as arising from the country’s international obligations, ratified by the Greek law, may proceed in the dispatch of my personal data to the competent national authorities, in order to be forwarded to the corresponding authorities of third countries.
The Company, as a result of its cooperation with re-insurance companies of a third country may, pursuant to the provisions of Articles 44 of GDPR/EU 679/2016, proceed in the dispatch of data of the insurance recipient/person insured beyond Greece and/or European Union.
Automated data processing
The Company may perform data processing acts, with the support of automated processes that aim at the risk assessment and decision-making by the Company over the insurance requested. Specifically:
a) The above automated processes, which include (for example the use of an algorithm) allow the Company to assess to risk assumed in order to determine i) whether the insurance request becomes accepted or rejected, ii) in case of acceptance, the appropriate and corresponding premium and any special terms under which the program desired may be concluded.
b) The automated processes applied by the Company are based on mathematical/statistic analyzes of crucial parameters from the insurance technique point of view, that make the objective risk assessment and its integration to an homogenous group of risks possible based on the frequency and intensity of damages that may cause, as well as its proper pricing (for example history of damages caused by the person insured, categorization in an appropriate risk scale).
c) In case of rejection of the subject’s request or in case of expression of objections on its behalf or in case of challenge of any element of the result arising through the process to be followed, the subject may be opposed –requesting a control of the result or element by the competent Company department (Issuance department +30 213 0904320). You may also contact the Company for the provision of clarifications/explanations or the expression of your opinion over the result.
Furthermore, the Company may use automated processes throughout the insurance policy, in order to conduct controls for purposes of money laundering, prevention of insurance fraud and compliance of the Company with the overall legislation on automatic exchange of information related to financial accounts.
As the data subject, you maintain all the rights provided by the Regulation 679/2016 EU, as well as the other Regulations and Laws that may be in force for the protection of the individual from personal data processing.
What are your rights and how can you exercise them?
Indicatively, you have the following rights:
1) The right of correction of incorrect personal data that concern you
2) The right to request the deletion of personal data that concern you (right to be forgotten).
3) The right to ensure limitation of processing your personal data.
4) The right to be informed of the correction or deletion or limitation of the processing of your data.
5) The right to oppose at any time to the processing of personal data.
6) The right to receive your personal data in a structured, commonly used and legible type, as well as the right to send the said data to any person responsible for the processing (portability of data).
7) The right to access to personal data and receive information for all the data that concern you, as well as their origin, purposes of processing, recipients or categories of recipients and the evolution of processing from the last update.
You may exercise the aforementioned rights, upon submission of a specific written request for action, which will be sent via email at email@example.com or the dispatch of a letter to Apeiron Insurance Project offices at 40-42 Syggrou Avenue, 11742 in Athens.
In all cases, you may contact the Personal Data Authority, either in written form (1-3 Kifisias Avenue, PC 11523) or in digital form (www.dpa.gr) or in the Bank of Greece (Supervisory Authority), Directorate of Supervision of Private Insurance (21, Eleftheriou Venizelou Street, PC 10250, Athens, tel.: 210 3205222, 210 3205223, fax: 210 3205437, 210 3205438.
The provision of personal data is your lawful obligation- consequences for non-provision of these data
During conclusion of the insurance, you are obliged by the Law to declare every data or incident that you know and which is objectively essential to risk assessment, as well as reply to every relevant question. In case of breach of this obligation of yours, the Law enables Apeiron Insurance Project to terminate the insurance policy or request its amendment, depending on the type of insurance and form of breach. In case of breach of your obligation by deceit, Apeiron Insurance Project may be relieved of its obligation for payment of compensation.
Personal data protection
Apeiron Insurance Project has taken all the appropriate technical and organizational means, in order to ensure compliance with the legislation and the appropriate level of safeguarding your personal data and has appropriately trained its personnel through the Policies and Procedures for Personal Data Protection. In addition, it binds all its partners, who act on its behalf performing the processing with contracts concluded under the applicable legal framework.