The administrator of personal data is Sopockie Towarzystwo Ubezpieczeń ERGO Hestia S.A. The person whose data is concerned can contact the administrator of personal data: 1) in writing, at the address ul. Hestii 1, 81-731 Sopot; 2) by phone, at the number: 801 107 107 or (58) 555 55 55.
The administrator of personal data has appointed a Data Protection Officer, who can be contacted for all matters related to the processing of personal data and the exercise of rights related to data processing. The person whose data is concerned can contact the Data Protection Officer: 1) in writing, at the address: ul. Hestii 1, 81-731 Sopot; 2) via email: iod@ergohestia.pl; 3) through the Personal Data Protection section on the website www.ergohestia.pl.
The administrator of personal data processes personal data for the purpose of assessing insurance risk, presenting an insurance contract offer, and, in the case of entering into an insurance contract, for its execution, reinsurance, and co-insurance of risks, handling reported complaints, direct marketing of the administrator’s own products and services, the legitimate interests of the administrator of personal data, and pursuing claims under the insurance contract.
Profiling is used to determine the amount of the insurance premium: 1) decisions related to profiling will be made based on data collected in the process of concluding the insurance contract, and in the case of motor insurance, also based on information obtained through the Insurance Guarantee Fund; 2) in the case of distance contracts, decisions will be made automatically (without human intervention) based on data collected in the process of concluding the insurance contract and information obtained through the Insurance Guarantee Fund; 3) in the case of renewing an insurance contract, decisions will be made automatically based on data collected during the conclusion and execution of the previous insurance contract. For example, the more claims that have occurred in the insurance history, the higher the insurance risk may be, and therefore the insurance premium may be higher; 4) provided separate consent is given, data obtained through the Credit Information Bureau and the National Debt Register may be taken into account when assessing insurance risk. In the case of direct marketing of the administrator’s own products and services, profiling will be used to develop a marketing profile and tailor an individual offer.
The legal basis for processing personal data: 1) for the purpose of assessing insurance risk, concluding and executing an insurance contract, reinsurance, and co-insurance of risks, it is necessary to conclude and execute an insurance contract; 2) for direct marketing of the administrator’s own products and services and pursuing claims under the insurance contract, it is the legitimate interest of the administrator of personal data; 3) for handling reported complaints and preventing insurance crimes, it is the obligations incumbent on the administrator of personal data under the law; 4) in the case of giving separate consent, for purposes other than those mentioned above, it will be the legal basis for processing.
Personal data may be transferred to: entities processing personal data on behalf of ERGO Hestia, reinsurance companies, other insurance companies for co-insurance purposes, and other administrators of personal data if they have a legitimate interest. Other entities processing personal data on behalf of ERGO Hestia include, in particular: IT service providers, entities processing data for debt collection purposes, entities providing archiving services, entities providing services as part of assistance, entities conducting liquidation proceedings or participating in them, and insurance intermediaries. In the case of giving separate consent, personal data may be transferred to other insurance companies for direct marketing of their products and services.
ERGO Hestia will transfer personal data to recipients located in countries outside the European Economic Area if it is necessary to execute the insurance contract. ERGO Hestia will ensure appropriate protection of this data. The person whose data is concerned may request a copy of the transferred data and be informed about where it is made available. In this matter, you should contact the administrator of personal data or the Data Protection Officer.
Individuals whose personal data is processed by ERGO Hestia have the following rights in connection with data processing: 1) the right to access their personal data; 2) the right to request correction, deletion, or limitation of the processing of their personal data; 3) the right to object to the processing of personal data – to the extent that they are processed for direct marketing purposes, including profiling; 4) the right to data portability, i.e., to receive from the administrator of personal data in a structured, commonly used machine-readable format, and the right to send this data to another administrator; 5) the right to lodge a complaint with the supervisory authority responsible for data protection; 6) the right to withdraw consent, without affecting the lawfulness of the processing carried out before its withdrawal; 7) in the case of automated decision making, the right to contest the decision and express their own position or request human intervention to reanalyze the data and make an individual decision.
In order to exercise the rights specified in point 8, please contact the administrator of personal data or the Data Protection Officer.
In the case of entering into an insurance contract, personal data will be stored until the expiration of claims under that contract or until the obligation to store data arising from legal provisions, in particular the obligation to store accounting documents related to the insurance contract, expires. If an insurance contract is not concluded, in the case of giving separate consent, personal data will be used for the purpose of marketing the administrator’s own products and services until the consent to process data for this purpose is withdrawn.
Providing personal data is necessary to assess insurance risk and to conclude and execute an insurance contract. Failure to provide personal data will result in the inability to conclude an insurance contract. In the case of giving separate consent to the processing of personal data for marketing purposes, providing them is voluntary.