GDPR POLICY
This policy establishes the conditions and terms by which natural persons whose personal data are processed by Visenta Insurance Company AD (“Visenta”, “Company”, “We”) can exercise their rights in accordance with data protection legislation personal.
Chapter 1: GENERAL CONDITIONS
1.1. VISENTA processes, stores and protects personal data collected in the course of its activities, transparently, legally and in accordance with the purposes for which the data are collected.
1.2. This policy also applies to the way in which the Company’s employees process personal data for the purpose of distributing insurance products, concluding insurances, fulfilling obligations from insurance contracts and settling claims files from insurance contracts as part of their service obligations. Employees are obliged to comply with the following principles when processing personal data:
1.2.1 Personal data is processed lawfully and in good faith.
1.2.2 Personal data is collected for concrete, well-defined and legitimate purposes or for similar purposes and is not further processed in a way incompatible with these purposes.
1.2.3 The personal data that are collected and processed in the management of human resources are strictly related and do not exceed the purposes for which they are processed.
1.2.4. Personal data is accurate and, if necessary, updated.
1.2.5 Personal data will be deleted or corrected when it is found to be inaccurate or incompatible with the purposes for which it is processed.
1.2.6 Personal data must be kept in a form that allows the identification of the persons concerned for a period no longer than is necessary for the purposes for which the data are processed.
1.3. Employees who process personal data undergo initial and regular training on confidentiality and familiarize themselves with the applicable legislation.
1.4. All personal data and other information by which a natural person can be identified will be collected and processed only if necessary and to the extent necessary for the performance of the official’s duties, provided that such activities are carried out within the employee’s powers and in accordance with the legal requirements for the protection of personal data.
CHAPTER 2: DEFINITIONS
The definitions listed below have the following meanings:
“Personal data” means any information relating to an identified natural person or a natural person who can be identified directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or a or more characteristics, specific for the physical, physiological, genetic, mental, intellectual, economic, cultural or social identity of that individual;
“Profiling” means any form of automatic processing of personal data, in the form of using personal data to evaluate certain personal aspects relating to a natural person and, in particular, to analyze or predict aspects related to the performance of the professional tasks of that natural person, his economic condition, health, personal preferences, interests, confidence, behavior, location or movement;
“Data subject” means a natural person who can be identified, directly or indirectly, in particular by means of an identifier such as name, personal number code, location data, online identifier or one or more characteristics specific to nature, physiology, genetics, identity mental, intellectual, economic, cultural or social of that natural person;
“Processing” means any operation or set of operations performed on personal data or a selection of personal data by automatic means or by other means such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making the data accessible, arrangement or combination, restriction or destruction;
CHAPTER 3: RIGHTS OF PERSONS CONCERNING PERSONAL DATA
Data subjects have the following rights regarding their personal data:
1. The right of access;
2. The right to correction;
3. The right to data portability;
4. The right to be deleted (the right to be forgotten);
5. The right to request restriction of processing;
6. The right to object to the processing of personal data;
7. The right of the data subject not to be subject to a decision based exclusively on automatic processing, including profiling.
2.Right of access
2.1 In the sky
Here, Visenta provides the data subject with the following information:
2.1.1 confirmation of whether or not Visenta processes the personal data of the respective person;
2.1.2 a copy of the personal data of the person processed by Visenta, if it does not violate the rights and legitimate interests of other persons and
2.1.3 an explanation of the processed data. The explanation from art. 2.1.3 includes the following information about personal data processed by Visenta: 2.2.1 purposes of processing;
2.2.2 the relevant categories of personal data;
2.2.3 recipients or categories of recipients to whom the personal data is or will be disclosed, in particular recipients from third countries or international organizations;
2.2.4 where possible, the intended period for which the personal data will be stored and, if this is not possible, the criteria used to determine this period;
2.2.5 the existence of the right to request the correction or deletion of personal data or to restrict the processing of personal data relating to the data subject or to object to such processing;
2.2.6 the right to appeal to a supervisory authority;
2.2.7 if the personal data is not collected by the data subject, any available information about its source;
2.2.8 the existence of automated decision-making, including profiling, and information about the logic used, as well as the meaning and expected consequences of this processing for the data subject;
2.2.9 when personal data is transferred to a third country or to an international organization, the data subject has the right to be informed of the appropriate safeguards in connection with the transfer.
The explanation of processed data includes the information that Visenta provides to data subjects through a privacy notice. At the request of the data subject, Visenta can provide a copy of the personal data being processed.
When providing a copy of personal data, Visenta cannot disclose the following categories of data:
3.2.1 personal data of third parties, unless they have expressly agreed to this,
3.2.2 data that constitutes a trade secret, intellectual property or confidential information,
3.2.3 other information that is protected under applicable law. Granting access to data subjects may not adversely affect the rights and freedoms of third parties or lead to a breach of a regulatory obligation of Visenta. If the access requests are manifestly unreasonable or excessive, in particular due to their frequency, Visenta may charge a reasonable fee based on the administrative costs of providing the information. Visenta assesses, on a case-by-case basis, whether a request is manifestly unfounded or excessive.
4.3 If a request for access to personal data is clearly unfounded, Visenta can refuse access, justifying its refusal and informing the person concerned. of his right. to file a complaint with the Commission for the protection of personal data.
5. Right of rectification
5.1. The persons concerned may request the rectification of their personal data processed by Visenta, if the latter are inaccurate or incomplete.
5.2. In case of approval of the request for rectification of personal data, Visenta will notify the other recipients to whom the data were disclosed (for example, public authorities, service providers) so that they can reflect the changes.
6. Right to erasure (“right to be forgotten”)
6.1. Upon request, Visenta is obliged to delete personal data if any of the following reasons are present:
6.1.1 the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
6.1.2 the data subject withdraws the consent on which the data processing is based and there is no other legal basis for the processing;
6.1.3 the data subject objects to the processing and there are no legitimate reasons for the processing to take priority;
6.1.4 the data subject objects to the processing of personal data for direct marketing purposes.
6.1.5 personal data were processed illegally;
6.1.6 the data must be deleted to comply with a legal obligation of Visenta;
6.1.7 the personal data were collected in connection with the provision of information society services to children within the meaning of Article 8 paragraph (1) of Regulation (EU) 2016/679.
6.2 Visenta is not obliged to delete personal data to the extent that processing is necessary:
for the exercise of the right to freedom of expression and the right to information;
for the observance of a legal obligations of Visenta, which require processing;
for reasons of public interest in the field of public health in accordance with Article 9(2)(h) and (i) and Article 9(3) of Regulation (EU) 2016/679;
for the purpose of archiving in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) of Regulation (EU) 2016/679, to the extent that the right to erasure is likely to make it impossible or seriously hinder processing;
7. The right to limit processing
7.1. The data subject has the right to request the restriction of processing when any of the following reasons exist:
7.1.1 the accuracy of the personal data is disputed by the data subject for a period that allows the operator to verify the accuracy of the personal data;
7.1.2 the processing is illegal, but the data subject does not want to delete the personal data, but requests the restriction of their use;
7.1.3 the operator no longer needs the personal data for the purpose of processing, but the data subject requires them for the establishment, exercise or protection of legal claims;
7.1.4 The data subject has objected to the processing on the basis of Visenta’ legitimate interest and an investigation is underway to determine whether the controller’s legal grounds take precedence over the interests of the data subject.
7.2. Visenta can process personal data, the processing of which is limited, only for the following purposes:
for data storage with the consent of the person concerned;
for the establishment, exercise or defense of legal requirements;
to protect the rights of other natural persons; or for reasons of public importance.
7.3. When the data subject has requested the restriction of processing and any of the reasons provided for in art. 7.1. above, Visenta informed him before lifting the processing restriction.
8. The right to data portability
8.1. The data subject has the right to receive the personal data relating to him and which he has provided to Visenta in a structured, widely used and machine-readable format.
8.2. Upon request, this data may be transferred to another operator designated by the data subject, where technically possible.
8.3. The data subject can exercise the right of portability in the following cases:
the processing is based on the data subject’s consent;
the processing is based on a contractual obligation;
the processing is carried out in an automatic way.
8.4. The right to portability cannot adversely affect the rights and freedoms of others.
9. The right to object
9.1. The data subject has the right to object to the processing of his personal data by Visenta if the data is processed for one of the following reasons:
9.1.1 the processing is necessary for the performance of a task of public interest or in the exercise of the official powers conferred on the operator;
9.1.2 processing is necessary for purposes related to the legitimate interests of Visenta or a third party;
9.1.3 data processing includes profiling.
9.2. The operator stops processing personal data, unless it proves that there are compelling legal grounds for its continuation, which take priority over the interests, rights and freedoms of the data subject or for the establishment, exercise or protection of legal claims.
The right to object to the processing of personal data for direct marketing purposes
10.1. When processing personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for this purpose, including profiling in connection with direct marketing.
10.2. When the data subject objects to the processing for direct marketing purposes, the processing of personal data for these purposes ceases.
The right to human intervention in automated decision-making
11.1. In cases where Visenta makes individual automated decisions, including or exclusively profiling, which have legal consequences for natural persons or significantly affect them in a similar way, these persons may request a review of the decision through human intervention, such as and express their own point of view.
11.2. Visenta provides persons subject to the automated decision-making process with essential information about the logic used, as well as about the meaning and intended consequences of this processing for that person.
CHAPTER 4: PROCEDURE FOR EXERCISE OF THE RIGHTS OF THE PERSONS CONCERNED
12.1. The persons concerned can exercise the rights provided for in these rules by sending a request to exercise that right.
12.2. Requests for exercising the rights of data subjects can be submitted as follows:
By electronic means at the following address;
In a VISENTA headquarters;
By mail, to the address of the VISENTA Headquarters: Str. Klara Norra Kyrkogata n.29 – 113 21 Stockholm Sweden
12.3. The request for the exercise of personal data rights must contain the following information:
Personal identification data – name and / policy number / customer code;
Contact details – address, telephone, e-mail address;
Request – description of the request.
13.1 Visenta provides information on the actions taken in relation to a request to exercise the rights of subjects within one month of its receipt.
13.2. If necessary, this period can be extended by another two months, taking into account the complexity and number of requests from a particular person. Visenta will inform the person about such an extension within one month of receiving the request, indicating the reasons for the delay.
13.3. Visenta is not obliged to respond to a request if it cannot identify the person concerned.
13.4. Visenta may request the provision of additional information necessary to verify the identity of the data subject when there are reasonable concerns about the identity of the requesting natural person.
13.5. If the request is submitted by electronic means, the information is provided, if possible, by electronic means, unless the data subject has requested otherwise.