Accord Insurance Brokers PCC Limited are the data controllers as defined by the General Data Protection Regulation (GDPR). We control and are responsible to keep and use personal data in paper or electronic files.
The privacy and security of your personal information is very important to us. We want to assure you that your information will be properly managed and protected whilst in our possession.
In order for us to arrange insurance cover for you, and to handle claims, we are required to collect and share personal data.
THE KIND OF INFORMATION WE HOLD ABOUT YOU
We may collect, store, and process the following categories of personal information about you (“Personal Information”):
- Basic personal details such as your name, address, e-mail address, telephone number, date of birth or age, gender, marital status, nationality ID Card or Passport Number;
- Additional information about your insurance requirements, such as details of your car, boat, home, business or travel arrangements;
- Other information relating to your insurance, such as claims history, quotation history, payment history, claims data;
- Details on your dependants/spouse/partner/family;
- Information about your current and previous employment and occupation;
We may also collect, store and use ‘special categories’ of more sensitive personal information such as health information (for example current state of health, existing conditions, family or personal history in relation to some conditions).
HOW WE WILL USE INFORMATION ABOUT YOU
We will only collect and use your personal information when the law allows us to. Most commonly, we will use your Personal Information:
- for the purpose of sourcing quotations, underwriting and administering of insurance policies;
- where we need to comply with a legal obligation
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and/or
- We may also use your personal information in the following situations, which are likely to be rare:
- Where we need to protect your interests (or someone else’s interests).
- Where it is needed in the public interest (or for official purposes].
HOW WE USE PARTICULARLY SENSITIVE PERSONAL INFORMATION
Sensitive Personal Information requires higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:
- In limited circumstances, with your explicit written consent.
- Where we need to carry out our legal obligations and in line with this Data Protection and Privacy Statement.
- Where it is needed in the public interest, such as for equal opportunities monitoring, and in line with this Data Protection and Privacy Statement.
- Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
We will not use Personal Information for any other purpose incompatible with the purposes described in this Data Protection and Privacy Statement, unless it is required or authorised by law, authorised by you, or is in your own vital interest (e.g. in the case of a medical emergency).
HOW WE SHARE YOUR INFORMATION OUTSIDE OF THE COMPANY
As Insurance brokers, we are obliged to forward any application forms or related documents, and other underwriting or claims information, to insurance companies. This can be in electronic or paper format.
Your information may be disclosed when we believe in good faith that the disclosure is required:
- by law;
- to comply with a judicial proceeding, court order or legal process; or
In order to prevent and detect fraud we may share your information with regulatory bodies in Malta or if applicable, overseas, as well as with other insurance companies, public bodies including the Police and other organisations and may undertake credit or fraud searches with relevant agencies.
WHO MAY GIVE US INFORMATION ABOUT YOU?
For the stated purposes, we may receive personal or sensitive data relating to you or your dependants/ spouse/ partner/ family from third parties such as those listed above or others such as (but not limited to) the ETARS traffic accident database, the Court Judgements database and the Registry of Companies, which are legally entitled to communicate such data and that such data may be processed for the stated purposes.
We will take appropriate measures to protect Personal Information and Sensitive Personal Information that are consistent with applicable privacy and data security laws and regulations, including requiring service providers to use appropriate measures to protect the confidentiality and security of Personal Information and Sensitive Personal Information.
DATA INTEGRITY AND RETENTION
We will take reasonable steps to ensure that the Personal Information and Sensitive Personal Information processed is reliable for its intended use, and is accurate and complete for carrying out the purposes described in this Notice. We will retain Personal Information and Sensitive Personal Information for the period necessary to fulfil the purposes outlined in this Notice unless a longer retention period is required or permitted by law. This period is normally 10 years. Upon expiry of that period, we will either delete the records from our systems entirely, or anonymise the data.
Where permitted by applicable law or regulation, you have the right to:
- Access your personal data held about you and to learn the origin of the data, the purposes and ends of the processing, the details of the data controller(s), the data processor(s) and the parties to whom the data may be disclosed;
- Withdraw your consent at any time where your personal data is processed with your consent e.g. direct marketing;
- Update or correct your personal data so that it is always accurate;
- Delete your personal data from our records if it is no longer needed for the purposes indicated above;
- Restrict the processing of your personal data in certain circumstances, for example where you have contested the accuracy of your personal data, for the period enabling us to verify its accuracy;
- Obtain your personal data in electronic format for onward transmission by you to another entity without hindrance from us; and
- File a complaint with us and/or with the competent data protection supervisory authority.
You may exercise these rights by contacting us by email or by post as follows:
The General Manager
Accord Insurance Brokers PCC Limited
141 Old Bakery Street
Tel. +356 2552 3636/7
WHAT ARE COOKIES?
Cookies are small pieces of data sent from a website and stored in your web browser, on your computer, ready for future access. On subsequent visits to a webpage these cookies can be read by the website server, to notify the website on your previous activity. Cookies allow websites to work more efficiently and provide useful information to the owner of the site.
This Data Protection and Privacy Statement was last updated on 25th May 2018.