Trust International Insurance Company (Cyprus) Limited («Trust Cyprus», «we», «us», «our») is a limited liability company with shares, with registration number HE 42182, and has its registered office at 284 Archiepiskopou Makariou III, 3105 Limassol, Cyprus. However, its main operations are conducted at the premises located in Nicosia, specifically at 79 Limassol Avenue, 1&3 Kosti Palama Corner, 2121 Aglantzia.
Being a member of a diversified international business group operating across more than 20 countries in North America, Europe, Africa, Middle East and Asia Pacific, Trust Cyprus is active in the General Sector of Insurance in Cyprus since 2009 offering a full range of personal and corporate insurance products.
Trust Cyprus is committed to protecting the privacy and security of the personal information of its clients, potential clients, insurance policy holders, authorised parties, vendors, business associates, third party claimants, third parties (non-claimants) and guarantors (the «data subjects», «you»).
This data protection policy describes how we collect and use personal information about you during and after the contractual, commercial or any other relationship you have with us, in accordance with the General Data Protection Regulation («GDPR»), any national implementing laws, regulations and secondary legislation.
Trust Cyprus is a «data controller». This means that we are responsible for deciding how we hold and use personal information about you. In compliance with data protection legislation, we are providing you with the information outlined in this data protection policy.
This data protection policy applies to current and former clients, potential clients, insurance policy holders, authorised parties, vendors, business associates, third party claimants, third parties (non-claimants) and guarantors. We may update this data protection policy at any time.
It is important that you carefully go through and review this data protection policy, along with any other data protection policy or notice we may provide on specific occasions when collecting or processing personal information about you, in order for you to be informed on how and why we are using such information.
In accordance with data protection legislation the personal information we hold about you must be:
Personal data, or personal information, refers to any information about an individual through which that person can be identified. This does not include data through which the identity cannot be determined (anonymous data).
We will collect, store, and process the following categories of personal information about you, ensuring appropriate access levels to the competent department and personnel:
Contact Information: Name, Surname, Email, Address, Telephone Number, Fax
Other Information: Age, Marital Status, Gender, Date of Birth, Occupation, Country of Residence, Vehicle Registration Number, Telephone Recordings, Nationality
Identification Information: ID, Passport Number, Driving License Details (i.e. Number, License Category, etc.) Photograph, Signature Specimen, Social Insurance Number, National Tax ID
Insurance Policy related Information: Policy and claim identifiers, insured items, travel plans, date and cause of event relevant to the insurance claim (traffic accident, fire, theft etc.), previous insurance claims (prior disputes, prior accidents, traffic records etc.), valuation report
Financial and Credit Information: Bank Account Number and IBAN Certificate, Assets (movable and immovable), Income/Gross Earnings, Fees for Services, Financial Turnover Credit Reference information and Credit Score
We will hold certain sensitive personal information about you, specifically:
Medical Information and Health Condition: health (physical and mental) status, current and previous injuries, disabilities, medical diagnoses, medical and medicinal treatments, unhealthy personal habits that may expose you to increased health risks (such as alcohol consumption or smoking) and any other information related to medical history
Other Sensitive Information: certificate of clean criminal record where necessary, pending criminal or civil litigation against you, history of bankruptcy, Police Reports and Governmental Authorities Reports and any other reports, such as accident reports
We understand the importance of protecting children’s privacy. We may collect personal data in relation to children provided that we have first obtained their parents’ or legal guardian’s consent or unless otherwise provided by law. Our website is not designed for use by children nor do we provide any online services to children. For the purposes of this privacy policy, “children” refer to individuals under the age of sixteen (16).
We collect personal information about the data subjects:
We will only use personal information about you as permitted by law. Most commonly, we will use personal information about you in the following circumstances:
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you and for instance we may not be able to satisfy your claim, or we may be prevented from complying with our legal obligations or otherwise not be able to enter into or carry out any contractual relationship with you.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
«Special categories» of particularly sensitive personal information require a higher level of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy and safeguards which we are required by law to maintain when processing such data. We may process special categories of personal information in the following circumstances:
Our Marketing Department may use your personal information to communicate via direct marketing channels and update you about our services that we feel you may be interested in. Our direct marketing channels involve: telephone calls, SMS, email, postal mail, or display advertising that you may view on our website, third party websites or social media.
In particular this is done:
Our Marketing Department may use your personal information to communicate via direct marketing channels and update you about our services that we feel you may be interested. Our direct marketing channels involve: telephone calls, SMS, email, post or display advertising that you may see on our website, third party websites or social media.
In many occasions we will seek your prior consent, either when requesting an insurance quotation from us or when entering into an insurance-related contract with us, in order to allow us to communicate with you in order to promote our services and send you offers that we think you might be interested in based on the information we hold about you. When consent is required and obtained, then in every direct marketing communication you will always be given the right to ‘opt out’ of receiving future direct marketing information via unsubscribe links in emails or stop instructions in text messages, or you can choose to ‘opt-out’ by contacting us directly.
Moreover, and only with your consent, we may share your personal information with our group companies or third-party partners for their own marketing purposes. In case you no longer wish for your personal information to be shared within our group or with our business partners, you may ‘opt-out’ by contacting us.
Any requests to unsubscribe, stop instructions, or general ‘opt-outs’ will be handled within a reasonable time.
It must be noted that even if you choose to ‘opt-out’ of receiving direct marketing communications from us, we may still communicate with you regarding information ancillary to the insurance service we are providing to you.
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are using automated decision-making in the following circumstances:
In order to make an automated decision on the basis of any particularly sensitive personal information, we must first ensure that we have obtained your explicit written consent or that the decision is taken for the public interest, and in addition to this that we have put in place the appropriate measures to safeguard your rights.
You will not be subjected to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis to do so and we have informed you accordingly.
In such cases, you have the right to contact us and request:
(a) to provide you with information about the processing of your personal data (please refer to the section below regarding your rights); and/or
(b) that one of our employees review your application and provide you with an explanation for the automated decision made. You also have the right to challenge such a decision. Upon receiving such a request, we will reassess your application, taking into consideration, both the reasoning behind the automated decision and your perspective.
We may have to share your data with third parties, including third-party service providers and other entities in the business group we belong to as a company.
We require third parties to respect the security of your data and to treat them in accordance with the law.
We may transfer your personal information outside the EEA. Please refer to the section “Transferring information outside the EU” below to review the instances in which we proceed to such action.
If we do, you can expect a similar degree of protection with respect to your personal information through contractual arrangements for the adherence to confidentiality and data protection ensuring that third parties comply with data protection law and the GDPR.
We will share your personal information with third parties when required by law, when necessary for administering the commercial relationship with you or when we have any other legitimate interest in doing so.
«Third parties» includes third-party service providers and other entities within the group we belong to.
The following third-party service providers process personal information about you so that we perform our obligations or when we are legally required to do so, or when we are authorized under our contractual and statutory obligations:
All our third-party service providers and all other third-party entities, other than those to whom we are required under the law to disclose your personal information, are required to take appropriate security measures to protect your personal information in line with our policies and relevant contractual data sharing obligations. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions as per the GDPR.
We will share your personal information with other entities in the group we belong to, for:
1. Reinsurance purposes/arrangements
2. IT technical development
We may share your personal information with other third parties, for example in the context of a possible sale or restructuring of the business. We may also be required to share your personal information with a supervisory regulatory authority or in any other case in order to be in compliance with the law.
We may transfer the personal information we collect about you to countries outside the EU in order to perform our contract with you, protect our legitimate interests or those of third parties and in particular share them with:
(a) Reinsurance companies / reinsurance brokers
(b) Foreign insurance companies/agents
(c) Foreign lawyers
(d) File storage/archiving companies and record management companies
(e) Accident care and assistance service providers (i.e. in relation to motor, home, travel, medical)
(f) Government Agencies & Bodies
(g) Risk surveyors/loss adjusters/valuators
(h) Doctors and other medical service providers
(i) Internal group IT service providers
Where there is not an adequacy decision by the European Commission regarding the secure transmission of personal data to a specific country outside the EU, which means that your personal information is not deemed to have an adequate level of protection in that country, we ensure that your personal information does receive an adequate level of protection by implementing appropriate measures, such as Standard Contractual Clauses or Binding Corporate Rules, in order to safeguard that your personal information is treated by the named third parties in a way that is consistent with and respectful of EU and Cyprus laws on data protection.
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Where our contractual relationship is terminated, we will retain your personal information until at least all related limitation periods have elapsed, in order to safeguard our interests from any potential legal claims that may arise within these periods. However, we may keep them for a longer period if deemed necessary.
It is noted that when you provide any personal information for the purposes of obtaining an insurance policy quotation and a contract has not been concluded for any reason whatsoever, then we will keep your personal information for a period of 12 months after the collection of your data, unless you have provided consent for keeping your data for direct marketing purposes. In such a case, we will only retain your contact details.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you. In such cases, we may use this information without further obligation to adhere to our data protection policy. Once you are no longer in a commercial relationship with us, we will securely destroy your personal information in accordance with our data retention and destruction policy.
It is important that the personal information we hold about you is accurate and updated. Please keep us informed if your personal information changes during your business relationship with us.
Subject to certain legal conditions, you have the right to:
It is noted that, in accordance with the legislation in force, your right to request for the erasure of your personal data or to object to the processing of your personal data by Trust Cyprus is not applicable or may be limited in the following instances where the processing of the data is carried out for the purpose of:
a) establishing, exercising or supporting legal claims, and
b) fulfilling a legal obligation that necessitates the processing based on Cyprus or European Law, to which Trust Cyprus is subject.
If you want to review, verify, rectify or request erasure of your personal information, or to object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact dpo@trustcyprusinsurance.com. dpo@trustcyprusinsurance.com.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to respond to the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This constitutes a security measure appropriate to prevent the disclosure of personal information to unauthorized individuals.
If you have provided your consent for the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact dpo@trustcyprusinsurance.com. Upon receiving notification of your withdrawal of consent, we will cease processing your information for the purpose or purposes you originally agreed to, unless we have any other legitimate basis for doing so in accordance with the law. It is also noted that any processing based on consent carried out prior to the withdrawal will remain lawful.
In some occasions, withdrawing or not providing your consent may impact our ability to continue performing an insurance policy, especially those requiring the disclosure of sensitive personal information (e.g. medical insurance policies), or the processing of claims if you are a third-party claimant, given that your consent may be inextricably linked with the provision of insurance services.
Έχουμε ορίσει έναν υπεύθυνο προστασίας δεδομένων για να επιβλέπει τη συμμόρφωση της παρούσας πολιτικής προστασίας δεδομένων. Σε περίπτωση που έχετε οποιεσδήποτε ερωτήσεις σχετικά με την παρούσα πολιτική προστασίας δεδομένων ή τον τρόπο με τον οποίο χειριζόμαστε τις προσωπικές σας πληροφορίες, παρακαλείστε όπως επικοινωνήσετε με τον υπεύθυνο προστασίας δεδομένων:
Kostas Anastasiades | Data Protection Officer
T: 22050240
Ε: dpo@trustcyprusinsurance.com
You have the right to lodge a complaint at any time with the Office of the Commissioner for Personal Data Protection, the supervisory authority in the Republic of Cyprus for data protection issues.
Kypranoros 15, Nicosia 1061, Cyprus
Tel.: +357 22 818 456
Fax: +357 22 304565
E-mail: commissioner@dataprotection.gov.cy
We reserve the right to update this data protection policy at any time, and we will provide you with a new version of the policy when we make any substantial updates. Additionally, we may notify you through other means from time to time regarding the processing of your personal information.