We collect personal information from you through your contact with us, including by phone (we may record or monitor phone calls to make sure we are keeping to legal rules, codes of practice and internal policies, and for quality assurance purposes), by email, through our websites, by post, by filling in application or other forms, through social media or face-to-face (for example, in medical consultations, diagnosis and treatment). Where you provide us with information about other people, you must make sure that they have seen a copy of this privacy notice and are comfortable with you giving us their information.
We may collect information from:
- your parent or guardian, if you are under 18 years old;
- a family member, or someone else acting on your behalf;
- doctors, other clinicians and health-care professionals, hospitals, clinics and other health-care providers;
- sources which are available to the public, such as social media.
- the main member, if you are a dependant under a family insurance policy;
- your employer, if you are covered by an insurance policy your employer has taken out;
We process two categories of personal information about you and (where this applies) your dependants:
- standard personal information (for example, information we use to contact you, identify you or
manage our relationship with you); and
- special categories of information (for example, health information).
Standard personal information includes:
- identification and contact information, such as your name, username, address, email address and fixed and mobile phone numbers, country of residence, age, date of birth and national identification documents (such as National Identificantion Card or Passport number);
- information about your employment;
- details of any contact we have had with you, such as any complaints or incidents;
- financial details, such as bank account numbers, debit/credit card numbers, either for paying your subscriptions and other financial obligations or for receiving claim reimbursements and other amounts payable to you.
Special category information includes information about your physical or mental health, including genetic information or biometric information (we may get this information from application forms you have filled in, from notes and reports about your health and any treatment and care you have received or need, or it may be recorded in details of contact we have had with you such as information about complaints or incidents, and referrals from your existing insurance provider, quotes and records of medical services you have received).
By law, we must have a lawful reason for processing your personal information.
We process standard personal information about you if this is:
- necessary to provide the services set out in an insurance contract you will sign or you have already signed with an insurance company we collaborate with
- required or allowed by law
- necessary for your information on other products or services of the insurance companies we collaborate with
- required to send you questionnaires about your satisfaction and appraisal of our services as well as of the services and products offered by the insurance companies we collaborate with
- necessary to provide you with top-level specialised service, ensuring promptness and quality in dealing with your requests.
We process special category information about you because:
- it is necessary for insurance purposes when we:
- offer you advice
- explore alternative insurance solutions
- request insurance quotations from insurance companies
- fill-in relative application/amendment forms
- assist you in claims handling – eg. Hospitalisation
- we have your permission. As is best practice, we will only ask you for permission to process your personal information if there is no other legal reason to process it. If we need to ask for your permission, we will make it clear that this is what we are asking for, and ask you to confirm your choice to give us that permission. If we cannot provide a product or service without your permission (for example, we can’t service you for a claim without health information), we will make this clear when we ask for your permission. If you later withdraw your permission, we will no longer be able to provide you with our service that relies on having your permission.
We process your personal information for a number of legitimate interests, including managing all aspects of our relationship with you, for marketing and to help us improve our services to you. Legitimate interest is one of the legal reasons why we may process your personal information. Taking into account your interests, rights and freedoms, legitimate interests which allow us to process your personal information include:
- to manage our relationship with you, our business and third parties who provide products or services for us (for example, to check that you have received a courier and so on);
- to provide our services on behalf of a third party (for example, your employer);
- to investigate complaints
- to keep our records up to date and to provide you with marketing as allowed by law;
- to develop and carry out marketing activities and to show you information that is of interest to you,
- based on our understanding of your preferences;
- to contact you about market research and analysis we are carrying out, so that we can monitor and improve our services;
- to exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us and the third parties we work with; and
- to take part in, or be the subject of, any sale, purchase, merger or takeover of all or part of our business.
We may use your personal information to send you marketing by post, by phone, by email and by text. We can only use your personal information to send you marketing material if we have your permission or a legitimate interest as described above.
If you don’t want to receive emails or letters from us, please let us know by email, fax or post.
- doctors, clinicians and other health-care professionals, hospitals, clinics and other health-care providers;
- suppliers who help deliver products or services on our behalf;
- the police and other law-enforcement agencies to help them perform their duties, or with others if we have to do this by law or under a court order;
- if we sell or buy any business or assets, the potential buyer or seller of that business or those assets; and
- the policy-holder or their agent if you are not the main member under an individual policy (we will send them all membership documents and confirmation of claims, and all people who are insured on the policy may have access to correspondence and other information we provide through our
- your employer for product or service administration purposes if you are a member or beneficiary under your employer’s group scheme;
- other third parties we work with to provide our services, such as solicitors, translators and interpreters, regulators, data-protection supervisory authorities, health-care professionals, healthcare providers and medical-assistance providers; and;
- organisations who provide your treatment and other benefits, including travel-assistance services.
We keep your personal information in line with set periods calculated using the following criteria.
- How long you have been a customer with us, the types of services you have with us, and when you will stop being our customer.
- How long it is reasonable to keep records to show we have met the obligations we have to you and by law.
- Any time limits for making a claim.
- Any periods for keeping information which are set by law or recommended by regulators, professional bodies or associations.
- Any relevant proceedings that apply.
If you would like more information about how long we will keep your information for, please contact us.
You have the following rights (certain exceptions apply).
- Right of access: You have the right to make a written request for details of your personal information and a copy of that personal information.
- Right to rectification: You have the right to have inaccurate information about you corrected or removed.
- Right to erasure (‘right to be forgotten’): You have the right to have certain personal information about you deleted from our records.
- Right to restriction of processing: You have the right to ask us to use your personal information for restricted purposes only.
- Right to object: You have the right to object to us processing (including profiling) your personal information in cases where our processing is based on a task carried out in the public interest or where we have let you know it is necessary to process your information for our or a third party’s legitimate interests. You can object to us using your information for direct marketing and profiling purposes in relation to direct marketing.
- Right to data portability: You have the right to ask us to transfer the personal information you have given us to you or to someone else in a format that can be read by computer.
- Right to withdraw consent: You have the right to withdraw any permission you have given us to handle your personal information. If you withdraw your permission, this will not affect the lawfulness of how we used your personal information before you withdrew permission, and we will let you know if we will no longer be able to provide you with your chosen product or service.
Please note: Other than your right to object to us using your information for direct marketing (and profiling for the purposes of direct marketing), your rights are not absolute. This means they do not always apply in all cases, and we will let you know in our correspondence with you how we will be able to meet your request relating to your rights.
If you make a request, we will ask you to confirm your identity if we need to, and to provide information that helps us to understand your request better. If we do not meet your request, we will explain why.
In order to exercise your rights, please contact us at firstname.lastname@example.org.
If you have any questions, comments, complaints or suggestions in relation to this notice, or any other concerns about the way in which we process information about you, please contact us:
Mr Ioannis Eliomarkakis
53, Agiou Polycarpou Street
171 24, New Smyrnee
Athens – Greece
T. +30 210 93 33 351
F. +30 210 93 45 681
You also have a right to make a complaint to the Hellenic Data Protection Authority, the local supervisory authority, if you believe that the processing of your personal information is unlawful.
For more information, you may visit the webpage: www.dpa.gr
- +30 210 93 33 351
- +30 210 93 45 681
53 Agiou Polykarpou Str.
171 24, Nea Smyrni – Athens, Greece