Privacy Policy

Privacy Policy

Information on the processing of personal data

We refer to articles 13 and 14 of regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (hereinafter referred to as „GDPR„)


In relation to the processing of personal data of data subjects the processor hereby provides the relevant information pursuant to Articles 13 and 14 of GDPR.

Controller: Colonnade Insurance S.A., registered seat Rue Jean Piret 1, L-2350 Luxembourg, The Grand Duchy of Luxembourg, company ID No. B 61605, acting through Colonnade Insurance S.A., pobočka poisťovne z iného členského štátu (Slovak branch), with its registered office Moldavská cesta 8 B, 042 80 Košice – mestská časť Juh, the Slovak Republic, ID: 500 13 602, VAT ID: SK 4120026471, incorporated under the Trade Register of the District Court of Košice I, Section: Po, File No.: 591/V

Controller Contact Details:
Postal address:
Colonnade Insurance S.A., Rue Jean Piret 1, L-2350 Luxembourg, Luxembourg
or
Colonnade Insurance S.A., pobočka poisťovne z iného členského štátu
Moldavská cesta 8 B, 042 80 Košice, the Slovak Republic
phone contact: + 421 55 6826 222, email contact: info@colonnade.sk

Data Protection Officer Contact Details:
Postal address:
Colonnade Insurance S.A., pobočka poisťovne z iného členského štátu
Moldavská cesta 8 B, 042 80 Košice, the Slovak Republic
phone contact: + 421 55 6826 222, email contact: dpo@colonnade.sk

Purposes and legal bases of processing:
I. The controller processes personal data of clients, potential clients, their representatives, persons who caused damages, beneficiaries and witnesses of loss events for the following purposes:

  1. Identification of clients and their representatives and preservation of the possibility of future control of this identification, for the purpose of the conclusion of insurance contracts and management of insurance; handling of claims or loss events; the protection and seeking of the rights of the controller; documenting the controller’s activity; supervision of the controller and its activities; to fulfil the obligations and tasks of the controller under the Act No. 39/2015 Col. on insurance as amended (Act on Insurance) or special regulations; the management of reinsurance contracts between the controller and the reinsurance undertaking, a reinsurance undertaking from another Member State or a foreign reinsurance undertaking; handling of claims from reinsurance contracts and for the purpose of checking indemnities from the insurance contracts for which the reinsurance undertaking, the subsidiary of the reinsurance undertaking from another Member State and the branch of the foreign reinsurance undertaking provides reinsurance – the controller processes personal data on the legal basis of Article 6 point 1. (c) of GDPR – processing is necessary for compliance with a legal obligation of the controller under the Act on Insurance and on the legal basis of Article 6 point 1. (b) of GDPR – processing is necessary for the performance of a contract.
  2. Fulfilment of obligations in respect of international sanctions – on the legal basis of Article 6 point 1. (c) of GDPR – processing is necessary for compliance with a legal obligation of the controller under the Act No. 289/2019 Col. on the pursuance of international sanctions as amended.
  3. Verification of the identification of a natural person and its occurrence on sanctions lists – on the legal basis of Article 6 point 1. (f) of GDPR – processing is necessary for the purposes of the legitimate interests pursued by the controller.
    The legitimate interest of the controller or its owners for the purpose of verifying of the identification of a natural person and its occurrence on sanction lists is the fulfilment of the obligations arising out of the laws governing the controller, its owners, or their statutory bodies.

II. The controller processes through processors also a special category of personal data of clients and their representatives – biometric data contained in the biometric signature for the purpose of concluding a contractual relationship using biometric signature and subsequent management (storage) of the corresponding contractual documentation containing biometric signature – on the legal basis of Article 6 point 1. (a) of GDPR – consent to the processing of personal data.

Categories of personal data concerned:

  1. normal personal data as referred to in Article 6 of GDPR (points I. (a), (b) and (c));
  2. specific category of personal data – health data (point I. (a)) and biometric signature (point II.).

Categories of recipients of personal data: financial agents, financial advisers, financial intermediaries from another Member State in the insurance or reinsurance sector, experts, providers of assistance services, providers of health / medical services, physicians preparing opinions and expert opinions, reinsurers, companies providing out-of-court debt recovery services, companies providing postal and related services, companies providing services for the administration and storage of documents and data, their shredding and disposal, backup and data recovery, providers of IT services, law enforcement authorities, judicial authorities, National Bank of Slovakia, persons providing services in claims handling area, persons operating a register of selected information on claims or damage incidents.

Transfer of personal data to third countries: the processor transfers personal data to the United States of America. The transfer is carried out on the basis of a decision by the European Commission on the adequacy of such transfer of personal data and on the basis of the international Privacy Shield agreement.

Retention period of personal data: personal data shall be processed for a maximum period of 10 years from the end of the purpose of processing.

Profiling: The processor performs the profiling of the data subjects for the purpose of concluding the insurance contract and calculating the amount of premiums.

Rights of the data subject:

  1. The right of access to personal data relating to it;
  2. The right to rectify the incorrect personal data relating to it;
  3. The right of erasure of personal data relating to it;
  4. The right to restrict the processing of personal data;
  5. The right to object to the processing of personal data relating to it;
  6. The right to the portability of personal data;
  7. The right to revoke his consent to the processing of personal data at any time;
  8. The right to lodge a complaint with the supervisory authority.

The data subject has the rights referred to above to the extent defined in Articles 15 to 21 and Article 77 of GDPR. The data subject may exercise her or his rights verbally, in writing or electronically, through the above-mentioned contact details. If the data subject requests the verbal provision of information, the information shall be provided upon proof of her/his identity.

Failure to provide the necessary personal data by the data subject may result in non-conclusion of the insurance contract in question, non-payment of insurance claims.

Information on the source of personal data: personal data relating to the data subject have been obtained from the following sources: client, client representative, financial agent, financial advisor, financial intermediary from another Member State in the insurance or reinsurance sector, reinsured, processor pursuant to Article 28 of GDPR, Commercial register, law enforcement authorities, judicial authorities.