(Personal Data Processing)
Valid from 01.10.2019
The principles on which Inpro Insurance Brokers OÜ (hereinafter Inpro Insurance) processes Customer Data are described in this Personal Data Processing Policy (hereinafter the Policy). The Policy applies when the Customer uses, has used or has expressed an interest in using the services provided by Inpro Insurance or is otherwise related to the Services, including the Customer Relationships that have arisen before the Policy enters into force.
1.1. Customer (hereinafter Customer or Client) is any natural or legal person who uses, has used or has expressed a desire to use the services provided by Inpro Insurance or is otherwise related to the Services.
1.2. Customer Data is any information, including information relating to the provision of insurance services, Personal Information, known to Inpro Insurance about the Customer or its representatives.
1.3. Personal Data is information that is directly or indirectly related to the Customer who is a natural person.
1.4. Processing is any operation with Customer Data, including collecting, storing, modifying, granting access, making inquiries, transmitting, etc.
2. GENERAL PROVISIONS
2.1. The Policy sets out the General Principles of Inpro Insurance's Customer Data Processing. Additional terms and conditions for Customer Data Processing may also be described on the website of Inpro Insurance Brokers OÜ - www.inpro.ee/terms-and-conditions
2.2. Inpro Insurance shall ensure the confidentiality of Customer Data in accordance with applicable law and shall take appropriate technical and organizational measures to protect Customer Data from unauthorized access, unauthorized processing or disclosure, accidental loss, alteration or destruction.
2.3. Inpro Insurance may use authorized processors to process Customer Data. In such cases, Inpro Insurance shall ensure that data processors process Customer Data in accordance with Inpro Insurance's instructions and in accordance with applicable law, and apply appropriate security measures.
3. CLIENT DATA CATEGORIES
3.1. Inpro Insurance may collect Customer Data directly from the Customer and from external sources such as public and private registers and other third parties.
3.2. The categories of customer data that Inpro Insurance collects and processes primarily, but not exclusively:
3.2.1. Personal identification information such as name, personal identification code, date of birth, identity document (copy of passport or ID card);
3.2.2. Contact details such as an address, telephone number, email address, the language of communication;
3.2.3. Information necessary for the provision of insurance services, such as beneficiaries, insured persons, third parties;
3.2.4. Data on the Customer's relationship with legal entities, such as data provided by the Customer or obtained from public registers or through third parties to perform transactions on behalf of such legal entity;
3.2.5. Occupational data, such as educational or professional data;
3.2.6. Financial information such as bank account number, transactions;
3.2.7. Customer financial experience, such as data collected when selecting and offering insurance services or other investment risk products;
3.2.8. Details of the origin of the property or income, such as Customer's counter-parties and business activities;
3.2.9. Reliability and due diligence data, such as payment behavior; Damage to Inpro Insurance or third parties and information enabling Inpro Insurance to exercise its due diligence in relation to money laundering and terrorist financing and to comply with international sanctions.
3.2.10. Information obtained and/or created in the course of the performance of a legal obligation, such as information obtained from inquiries by investigative bodies, notaries, tax authorities, courts and bailiffs, such as information on property ownership, notices, historical notices and indebtedness;
3.2.11. Customer's tax residence information, such as country of residence, tax identification number, nationality;
3.2.12. Communication data, such as visual and/or audio recordings, that may be collected when the Customer visits the Inpro Insurance office or other location where Inpro Insurance provides services, or when the Customer communicates with Inpro Insurance by telephone or other data that may be collected via email, data related to messages and other communication mechanisms, such as social media, and the Customer's visit to the Inpro Insurance website (www.inpro.ee);
3.2.13. Service-related data such as performance or non-performance of contracts, transactions performed, contracts entered and completed, applications submitted, inquiries and complaints, interest and fees, insurance experience;
3.2.14. Data on habits, preferences, and satisfaction, such as service usage activity, services used, personal settings, survey responses, lifestyle, hobbies, Customer's overall satisfaction;
3.2.15. Details of participation in games and promotions, such as points earned, prizes won at games or promotions;
3.2.16. Special Category Data such as Customer Health and other special types of personal data.
4. OBJECTIVES AND GROUNDS FOR CUSTOMER DATA PROCESSING
4.1. Inpro Insurance processes Customer Data primarily to:
4.1.1. Manage Customer Relationships and provide access to services for concluding and performing an Insurance Brokerage Contract with the Client, keeping Client Data up to date and truthful, verifying and completing the
data through external and internal sources that may be based on the Contract or pre-contractual measures at Client's request or legal obligation;
4.1.2. Conduct internal risk assessments to determine what services and products can be provided to the Client and to ensure compliance with applicable law regarding risk assessments in the provision of insurance or other financial services and risk mitigation;
4.1.3. To protect the interests of the Customer and/or Inpro Insurance and to investigate the quality of the services provided by Inpro Insurance and to verify transactions or other business communications (through recorded conversations) based on the performance of an Insurance Brokerage Contract or pre-contractual action at Customer's request or legal obligation; with the consent or in the legitimate interest of Inpro Insurance, to prevent, limit and investigate the misuse or unauthorized use or malfunctioning of Inpro Insurance Services and Products, to provide in-house training or to ensure the quality of the Services;
4.1.4. To ensure the safety of Inpro Insurance and/or the Customer, to protect the life and health of the Customer and its agents and other Inpro Insurance and Customer's rights (through visual and/or audio recordings) based on Inpro Insurance's legitimate interest in protecting its Customers, employees, visitors;
4.1.5. Provide additional services, conduct customer satisfaction surveys, market analysis and provide statistics;
4.1.6. Provide Customer with Inpro Insurance or carefully selected affiliate services, including personalized offers, which may be based on Customer's consent or Inpro Insurance's legitimate interest in providing additional services;
4.1.7. Fulfill legal obligations and identify;
4.1.8. Comply with applicable law and international agreements, apply the principles of customer due diligence and know your customer; prevent, detect, investigate, and report potential money laundering or terrorist financing if the Customer is subject to financial sanctions or is a person of national background, and to identify any person who may be a legitimate interest in sound risk management and corporate governance;
4.1.9. Avoid misuse of services and ensure proper provision of services;
4.1.10. Enabling and controlling access to, and operation of, digital channels; prevent unauthorized access and misuse of digital channels, and ensure information security that may be based upon Customer's performance or legal obligation, or with Customer's consent or Inpro Insurance's legitimate interest in performing contract or pre-contractual measures, to control the authorization, access, and operation Enhance technical systems, information technology architecture, customize service view to the device, and develop Inpro Insurance services through testing and improvement based on Inpro Insurance legitimate interest;
4.1.11. Prove, enforce, assign and defend legal claims that may be based upon the performance of the contract or the implementation of pre-contractual measures upon Customer's request or performance of a legal obligation or Inpro Insurance's legitimate interest in meeting legal claims.
5. PROFILE ANALYSIS, PERSONAL OFFERS AND AUTOMATED DECISIONS
5.1. Profile Analysis is the automated processing of Personal Data used to evaluate certain personal characteristics of the Customer, for example, to analyze or predict a person's financial situation, personal preferences, interests, residence. Profile Analysis is used to advise the Client, for marketing purposes and for automated decision making, such as risk management, insurance risk assessment and transaction control in fraud prevention, based on Inpro Insurance's legitimate interest or legal obligation or performance of the agreement or the Client's consent.
5.2. Inpro Insurance may process Customer Data to improve the user experience of digital services, such as customizing service views to the device in use and creating personalized offers to Customer. Unless the Customer has opted out of direct marketing, Customer Data may be processed by Inpro Insurance for the purpose of offering Inpro Insurance services, including personal offers. Such marketing can be based on the services the Customer uses and the Customer's use of the Services and the Customer's navigation of Inpro Insurance's digital channels.
5.3. For personalized quotes based on profile analysis and marketing based on the legitimate interest of Inpro Insurance, Inpro Insurance ensures that Individual Customers can make their choices using a convenient privacy settings management environment;
5.4. Inpro Insurance may also collect statistics about the Customer, such as typical behavior and lifestyle based on demographic household data. Statistics to create segments/profiles can be collected from external sources and can be combined with Inpro Insurance's internal data.
6. RECIPIENTS OF CUSTOMER DATA
6.1. Customer data is shared with other recipients, such as:
6.1.1. Authorities such as law enforcement agencies, bailiffs, tax authorities, supervisory authorities;
6.1.2. Insurance providers;
6.1.3. Auditors, legal and financial consultants or other processors authorized by Inpro Insurance;
6.1.4. Registers are maintained by third parties, such as the Motor Vehicle Registration Center (Autoregistrikeskus) or other registers where Customer Data is stored or transmitted;
6.1.6. Debt collectors, courts and bankruptcy or insolvency administrators;
6.1.7. Other persons involved in the provision of services to Inpro Insurance, such as archiving and postal service providers, if the Client orders e-invoices for these services;
6.1.8. Healthcare institutions in case of Customers interest in life insurance contracts, health insurance contracts, corporate health insurance contracts, dental insurance contracts, or corporate dental insurance contracts.
7. GEOGRAPHICAL AREA OF CUSTOMER DATA PROCESSING
7.1. In general, Customer Data is processed within the European Union / European Economic Area (EU/EEA), but in some cases, it is transmitted and processed in countries outside the EU/EEA.
7.2. The transfer and processing of Customer Data outside the EU/EEA may be subject to the existence of a legal basis, such as the fulfillment of a legal obligation or the Customer's consent, and appropriate safeguards are in place. Appropriate safeguards include, for example, the existence of a valid contract containing standard contract terms or approved codes of conduct developed by the EU, certifications and the like, which comply with the General Regulation on the Protection of Personal Data; there is an adequate level of data protection in the non-EU/EEA country where the recipient is located, as decided by the European Commission; the recipient is certified under the Privacy Shield (applicable to recipients based in the United States).
7.3. Upon contact, the Customer will receive further information on the transfer of Customer Data to countries outside the EU/EEA.
8. PERIODS OF CUSTOMER DATA RETENTION
8.1. Customer data will not be processed longer than necessary. The retention period may be based on contracts with the Client, Inpro Insurance's legitimate interest or applicable law, such as accounting law, anti-money laundering or statute of limitations, other private law bases.
9. RIGHTS OF A PRIVATE CUSTOMER WITH REGARD TO THE PROCESSING OF PERSONAL DATA
9.1. Request the correction of your Personal Data if it is inadequate, incomplete or incorrect;
9.2. Object to the processing of your Personal Data if the use of the Personal Data is based on a legitimate interest, including profiling for direct marketing purposes, such as receiving marketing offers or participating in surveys;
9.3. Request the deletion of your Personal Data, for example when Personal Data is processed with his consent and if he has withdrawn his consent. Such law does not apply if the Personal Data requested to be deleted is further processed on other legal grounds, such as under a contract or for the purpose of fulfilling legal obligations;
9.4. Limit the processing of your Personal Data under applicable law, such as while Inpro Insurance is evaluating whether the Customer is entitled to delete his or her data;
9.5. Receive information as to whether Inpro Insurance processes its Personal Data and, if so, access to such data;
9.6. Send your Personal Data, which you have provided yourself and which is processed for your consent or for the purpose of performing your contract, in writing or in a publicly available electronic format, and if technically possible, pass this data on to another service provider (data portability);
9.7. Withdraw your consent to the processing of your Personal Data;
9.8. To request that he not be the subject of a decision solely based on automated decision-making, including profiling, where the legal consequences for him or her are significant or are significant. This right does not apply if the decision is necessary for the conclusion or performance of the contract with the Client if the decision is permitted by the applicable law or the Client has given his explicit consent.
9.9. A complaint about the use of Personal Data to the Estonian Data Protection Inspectorate (www.aki.ee) if it considers that it's the processing of Personal Data infringes its rights and interests under applicable law.
10. CONTACT DETAILS
10.1. Customers may contact Inpro Insurance regarding inquiries and withdrawals of consent, and individual Customers may further claim their rights in the processing of Personal Data and lodge complaints about the Processing of Personal Data.
10.2. Contact information for Inpro Insurance is available on the Inpro Insurance Brokers OÜ website: www.inpro.ee
10.3. Contact details of the appointed Data Protection Officer for a Corporate Client: (+372) 383 8122, Private Client: (+372) 383 8118, e-mail: email@example.com
11. VALIDITY AND CHANGES TO THE PERSONAL DATA PROCESSING POLICY
11.1. The Policy of Personal Data Processing are available to Customers on the website of Inpro Insurance Brokers OÜ - www.inpro.ee/privacy-policy
11.2. Inpro Insurance has the right to unilaterally change the Policy at any time in accordance with the applicable law, notifying the Client of such changes via the Inpro Insurance website (www.inpro.ee), by mail, e-mail or any other means, such as the media, not later than one week before the changes take effect.