Privacy Policy

A.M.A Pacific Insurance Agents Ltd Privacy Policy

  1. Who Are We?

A.M.A. Pacific Insurance Agents Ltd (hereinafter referred to as "the Company") provides insurance intermediary services and information about insurance products across Cyprus, with its headquarters located at 42 Eleftheriou Venizelou Street, 8021, Paphos.

This document aims to provide clear, transparent, and direct information regarding the processing of your personal data, which we collect and process as part of our obligations to you. The Company is committed under applicable laws to safeguard your right to protection against unlawful processing of personal data and to respect your privacy by protecting the personal data that we hold, which pertains to you.

Your personal information can help us better understand your insurance needs and offer a more comprehensive and personalized service. However, we understand that maintaining the security and confidentiality of your personal data is a significant responsibility that we take very seriously. For this reason, we have created this Policy, among other measures, to inform you about what data we collect, why we collect it, and how we use it.

This Policy is directed at individuals who are current or potential clients of the Company, beneficiaries of insurance policies, authorized persons, employees, third parties, suppliers, and partners. By providing your personal information or the information of another person, such as a beneficiary in the Insurance Contract or an individual submitting a claim for whom you have provided consent or received authorization to process their data, you agree that we will use it in the manner explained in this Policy. You should refer any individual whose personal information you are providing to the Company to this Policy.

Further Processing Notices may be provided to you at a later stage, highlighting specific uses of your personal information.

Additionally, from time to time, certain changes may be made to the Policy to keep it in line with legislative, operational, and technological developments. You should periodically check the Company’s website for the most recent version of the Policy.

In this Policy, your personal data is sometimes referred to as "personal data," "personal information," or "data." For the purposes of this Policy, personal data is considered any information relating to an individual whose identity can be directly or indirectly identified, especially by reference to an identifying element, such as a name, identification number, or one or more factors specific to their physical, physiological, genetic, psychological, economic, cultural, or social identity.

The term personal data also includes, among other things, certain sensitive data (or special category data), such as health data relating to an individual's health condition, any criminal convictions, and data revealing racial or ethnic origin.

When we state that your personal data is subject to "processing," this term encompasses any action taken with respect to the data, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, information search, use, transmission, dissemination, making available, linking, combining, restriction, deletion, and destruction.

If you need more information regarding how we process your personal data, you can contact the Company at our registered office address, 42 Eleftheriou Venizelou Street, 8021, Paphos, or via email at pacificinsurance@cytanet.com.cy.

  1. Personal Data Processing Principles

In collecting sensitive personal data we are bound by the General Regulation for the Protection of Personal Data (EU) 2016/679 and, taking into consideration the necessary organizational measures, we proceed to the processing stage, based on the following principles governing the processing of personal data:

  • they shall be subjected to legitimate and lawful processing in a transparent manner,
  • they shall be collected for specified, express and legitimate purposes and shall not be subjected to further processing in any way incompatible with the purposes for which these data are collected by the Company,
  • only the appropriate and relevant data shall be collected, limited to the necessary purpose for which they have been collected,
  • they shall be accurate and updated as necessary,
  • they shall be retained only for as long as required and for the purposes for which they have been collected,
  • they shall be subjected to processing in a manner guaranteeing their required security against non-authorised or unlawful processing and accidental loss, destruction or wear, among other things, through the use of suitable techniques and or organizational measures,
  • when we transmit your personal data whether to another country or to a person who carries out the processing on behalf of the Company, the necessary measures shall be taken by us for the protection of your personal data, as for example through the conclusion of specialized contracts for data processing,.
  1. How Your Personal Data is Collected

Personal data is most commonly collected directly from you, either through consultants or intermediaries. This information may be obtained via a proposal submitted to us directly or indirectly (through associates or agents), or through the Company's efforts to provide insurance coverage services via telephone or other forms of communication with you.

However, in certain cases, personal data may be collected from third parties. For instance, if someone names you as part of a proposal or contract with the Company, your personal information may be obtained from third parties (such as partners, agents, attorneys, or authorized individuals) or even from insurance companies or publicly available sources.

More specifically, personal data can be collected as follows:

(a) Directly from you (either directly or indirectly):

  • Through information forms submitted as part of an insurance proposal application
  • When you submit a query or request
  • Online, either by the client or through an intermediary or the insurance company
  • Through online banking
  • Through forms providing personal details
  • In person, directly from individuals
  • Through resumes provided in person or by email, evaluation forms, or from our own employees

(b) From various other "third-party" sources (indicative):

  • From other insurance contracts where you are named (e.g., if you are a named driver on a motor vehicle insurance policy)
  • From other insurance services
  • Through insurance companies with whom we collaborate
  • Through companies we represent
  • From family members (in special cases where you cannot provide the information yourself)
  • From legal advisors (e.g., in cases where you are not insured with us but have a claim against our client due to an accident)
  • Lawyers
  • Banks
  • Public Services
  • Via telephone or fax
  • Photographic material
  • Via email
  • Online forms, websites
  • The Insurance Companies Supervisory Service
  1. Types of Personal Data We Process

Our Company collects and processes various types of personal data, depending on the services provided in each individual case. This policy applies to both directly and indirectly involved parties, including current or potential clients.

For all the purposes mentioned above, our Company collects and processes personal data according to the insurance type under consideration, as follows:

  • Contact Information (e.g., full name, home address, email address, phone number, occupation, date of birth)
  • Insurance Coverage Details (e.g., vehicle registration number, claims and previous claims, data needed to complete an insurance proposal, ID card copy, driver’s license copy, health data, medical conditions, previous accidents, vehicle ownership title copy)
  • Employment Information (e.g., resume, job application, salary details, employment contract details, commissions, employee number, social insurance number, certifications, academic qualifications, training certificates)
  • Third-Party Contact Information for those named in any way in the insurance contract (e.g., named drivers on a motor vehicle insurance policy, spouse and dependents’ names, ID number, age, license issue dates, nationality)
  • Identity/Passport Information (e.g., date of birth, nationality, ID number, passport number)
  • Banking Information (e.g., IBAN)
  • Foreign Identification Details (e.g., foreigner’s ID and passport numbers, social insurance numbers, passport copies, visas)
  • Health-Related Data including both medical and mental health conditions, prior accidents, illnesses, and treatments
  • Details of Insured Assets (e.g., vehicles, vessels, property) as provided or to be provided by the insurance companies we collaborate with
  • Previous Insurance Information
  • Property Details (both movable and immovable), including contents and any relevant encumbrances (e.g., mortgages, debts)
  • Website-Related Information collected via our website and cookies
  • Insurance-Specific Information that is necessary and relevant to each type of coverage
  • Claims Form Data including supporting documents, diagnoses, evaluations, etc.
  1. How We Use Your Personal Data

Once collected, your personal data may be processed within our Company by our employees, partners, or agents to provide you with a personalized service. We use your personal data for the following purposes:

  • To communicate with you.
  • To improve the quality of our services.
  • Contractual obligation and assist at your requests.
  • To prevent, detect, and investigate crimes, including fraud and money laundering, as well as to analyze and manage other business risks.
  • To conduct research and data analysis, including the analysis of our customer base and other individuals who have provided their personal data to us, as well as to assess business risks, in compliance with Cypriot and European law (including obtaining consent when required).
  • To personalize your experience, analyze, and record your needs related to the insurance products you have received from the insurance companies we work with, presenting information, advertisements, and other promotions for new services.
  • To ensure our compliance with applicable laws and regulatory obligations, including European directives, guidelines, court rulings, and other legal processes, as well as to respond to requests from public and government authorities, as required by Cyprus and European legislation.
  • To enforce and defend our legal rights and to protect our business operations, our business partners, the companies we represent, and to secure the rights, privacy, safety, or property of ourselves, our business partners, you, or other individuals or third parties. This includes enforcing our terms and conditions, seeking available remedies, and mitigating our damages.
  1. To Whom We May Disclose Your Personal Data
  • To provide requested services, we may need to share your personal data with our partners, such as experts, assessors, insurance companies, Microsoft, regulatory authorities of the Republic of Cyprus, banks, auditors, accountants, public services, accident care services, legal advisors, social insurance bodies, internal audit departments, courier services, post offices, and other consultants or legal advisors.
  • As data processors, we transfer your personal data to the insurance companies with which you are contracted through us, allowing them to provide insurance coverage. We have agreements with these companies to comply with the General Data Protection Regulation (GDPR).
  • We do not share your data for processing beyond the purposes described in this Policy or without prior notice to you.
  • In certain situations, your data may be transferred to public authorities, which will process it on behalf of the Company under our agreement.
  • For every transfer to third parties, we ensure that only necessary data is shared, that the conditions for legal and legitimate processing are met, and that recipient organizations are contractually bound to comply with GDPR provisions. Exceptions to this include cases where disclosure is required due to a legal or regulatory obligation.
  • If it is necessary to share your personal data with countries outside the European Union that do not ensure adequate data protection, we will establish contractual clauses with the receiving entity to safeguard and protect the information being shared.
  1. Retention Period for your Personal Data

Our Company shall retain your personal data in its records only for the time period required for the fulfillment of our services to you, unless legal or statutory obligations provide otherwise. This also applies to those cases where our agreement has for any reason been interrupted.

Due to harmonization with the Regulation, we have determined the time periods for the retention of your personal data, depending on the processing to which they are being subjected. The parameters that have been taken into consideration for the determination of the time periods are your better service, our operational needs, our legal obligations and the safeguarding of our legal interests.

In order to be accurately informed on the retention periods, please contact our Company.

  1. What are your rights?

The General Data Protection Regulation defines your rights in regard to your personal data. On account of this, our Company has developed a mechanism for the satisfaction of requests concerning your personal data, as follows:

  • Right to access: You have a right to access your data maintained by us and you may at any time obtain a copy thereof provided we possess them in electronic form.
  • Right to rectification: You have a right to access and rectify your personal details. You may at any stage of our relationship check and update your personal data, always presenting the necessary documentation and requesting the rectification or completion of inaccurate information.
  • Right to be forgotten: You have the right to ask for the erasure of the whole or part of the data that concern you. We would like to underline however that our Company shall be obliged to erase only those personal data which can be erased as per our data erasure policy.
  • Right to restriction: You hold the right to ask for the processing of your personal data to be restricted, even when the accuracy of the data is disputed or furthermore when the data are no longer useful to the company but you request their retention due to legal claims.
  • Right to object: You may at any time whatsoever raise objections about the processing of your personal data. In case you make use of this right, the processing shall immediately cease, unless the Company can prove the existence of legal interest or the need to use the data in support of a legal/judicial case.
  • Right to data portability: You have the right to portability, that is, to transfer your personal data to another organization in a legible and commonly used form. The said data shall be erased as specified in the erasure policy of the Company.
  • Right to recall consent: You have the right any time to withdraw your consent to the processing of your personal data, without however affecting the legality on which our policy was based prior to your withdrawal. We would like to inform you that the recall of your consent may possibly lead to the termination of the relevant services.
  • Right to launch complaint: You have the right to launch a complaint with the Commissioner for the Protection of Personal Data, regarding the processing of your personal data.

If in filing your complaint you feel that you have been wronged by us or if you have any doubts about the outcome of your request, you may submit it in writing to the Commissioner for the Protection of Personal Data at the below address:

Office of the Commissioner for the Protection of Personal Data

Kypraronos 15

1061 Nicosia

P.O. Box 23378

1682 Nicosia

Τel.: 22818456 Fax No.: 22304565

email: commissioner@dataprotection.gov.cy

In order to exercise your rights as above or in the case where you require more information concerning your rights, you may communicate with our Company, at the address of our registered office or through the email address pacificinsurance@cytanet.com.cy

  1. Changes to our Policy

Changes in the Legislation or technological developments impose corresponding modifications on our part.

You are kindly asked to keep apace with our Policy, which may at any time change in order to adapt to new developments and facts.

Our reviewed policy shall be posted on our website at the address https://pacificinsurance.com.cy/privacy-policy/

Finally, you may ask to be supplied with a copy of the most recent version of the Policy in printed form.

Last Updated on April 2024