Privacy Notice AWP P&C S.A. Branch in Poland

Privacy protection rules

AWP P&C S.A. Branch in Poland (‘we’, ‘us’, ‘our’), a member of Allianz Worldwide Partners SAS, is a French authorised insurer operating in Poland in the form of a branch. This privacy notice explains how and what type of personal data will be collected, why it is collected and to whom it is shared or disclosed. Please read this notice carefully.

1. Who is the data controller?

A data controller is the individual or legal person who controls and is responsible to keep and use personal data. AWP P&C S.A. Branch in Poland is a data controller.

2. What personal data will be collected?

We will collect and process various types of personal data about you, the scope of which depends on the type of agreement or notified damage, in accordance with the following:

  • Surname (including Family name) and first name(s)
  • Parents names
  • Personal identification number (PESEL)
  • Domicile and residence address
  • Date of birth
  • Sex
  • Number, issue date, expiry date, issuing authority and type of identity document
  • Telephone numbers
  • E-mail address
  • Information about your driving license (category, issue date, expiry date, document number)
  • Information on a credit/debit card and bank account
  • Vehicle registration number
  • VIN
  • Policy number
  • Data on the concluded insurance contract
  • Data about the employer and employment status
  • Citizenship
  • Information about the conducted business activity
  • Data obtained during the notification and liquidation of the claim

Depending on your contract or damage, we will only ask for the data necessary in a specific case. We will also collect and process your ‘sensitive personal data’, such as data from your medical records or from death certificates or your claims history.

3. How will we collect and use your personal data?

We will process personal data provided to us by you or received by us without your participation (i.e. from medical facilities, from your employer, from the National Health Fund) in accordance with the following explanation and list:

Purpose Do you give your consent/Is your consent required? Legal basis for processing
Contract administration, including insurance contract (e.g. quotation, underwriting, claims handling, wage calculation, complaints handling) No (except when you are not our client and we have no other basis to process your data).

Article 6 sec. 1 letter b) and c) GDPR *, Article 9 sec. 2 letter a) GDPR *, Article 9 sec. 2 letter g) in connection with Article 41 1 of the act on insurance and reinsurance activity

To inform you, or enable other companies of the Allianz Group and selected third parties to inform you, about products and services which we believe may be of interest to you, in accordance with your preferences regarding marketing communications. You are free to change these preferences at any time. If your preferences change and you no longer consent to any of the above-mentioned items, please notify us by clicking the ‘Stop subscription” link in any email with marketing communications, or by contacting us by email or by phone or in the manner described in point 9 below.

Yes

Article 6 sec.1 letter a) GDPR*, Article 6 sec. 1 letter f) GDPR * (our legitimate interest is direct marketing of our products and services)

Compliance with legal duties (e.g. tax, accounting, administrative duties)

No Article 6 sec.1 letter c) GDPR*
To spread risks through reinsurance or co-insurance No

Article 6 sec.1 letter f) GDPR* (our legitimate interest is to reduce the insurance risk)

In order to reduce the risk of economic sanctions by verifying and applying other appropriate measures to verify that the client or the insured risk is not subject to any restrictions and that the contract does not infringe any economic sanctions, through periodic checks of the insured and clients, as well as - at the loss adjustment stage - by analyzing the application of financial sanctions in relation to the insured and, if applicable, the beneficiary before the payment of compensation or benefits

No Article 6 sec.1 letter c) GDPR*
For the prevention of insurance crime No

Article 6 sec. 1 letter f) GDPR * (our legitimate interest is the prevention of insurance crime and defense against abuse)

In order to survey customer satisfaction No

Article 6 sec. 1 letter f) GDPR * (our legitimate interest is to test the quality of our services and the level of satisfaction of our clients with these services)

In order to establish, investigate and defend against claims No

Article 6 sec. 1 letter f) GDPR * (our legitimate interest is the possibility of establishing, investigating and defending against possible claims)

For the purposes set out above, we do not require your explicit consent (except when you provide data pertaining to your health status or you are not our client) because the data is processed for the purpose of performing an insurance contract or complying with legal duties.

We will require your personal data if you intend to purchase our products and services or to settle a reported claim. If you do not wish to disclose your data to us, we may not be able to supply the products and services that you have asked for or which are of interest to you, or to adapt our offer to your individual needs or to rectify the damage reported by you.

In the case of insurance offers, where an electronic premium calculator is used (e.g. on a website dedicated for this purpose), we will also be making decisions concerning you in an automated manner, i.e. without human participation. Your health status and the destination country of travel will be the factors we will consider.

We will rely on what is called ‘profiling’ when making that decision. This means that we will evaluate the information you have provided to us (e.g. regarding your health status, date of birth, length and purpose of travel) and assign it to the relevant profiles developed with the use of statistical data in our possession.

In connection with automated decision-making, you have the right to challenge a decision adopted in an automated manner, express your point of view and have your situation analysed and a decision made by our employee.

4. Who will have access to your personal data?

We will make sure that your personal data is processed in a manner consistent with the purposes set out above.

For the stated purposes, your personal data may be disclosed to the following third party data controllers: public authorities, other Allianz Group companies, other insurers, co-insurers, reinsurers, insurance brokers and agents, as well as banks.

For the stated purposes, we may also share your personal data with the following entities who operate as data processors under our instruction: other Allianz Group companies, technical consultants, experts, lawyers, claim adjusters, service technicians, doctors and other subcontractors providing services to AWP in order to carry out activities (claims reporting, IT service, postal services, document management, claim settlement, contract performance by providing services to an authorized person), as well as advertisers and advertising networks to send you marketing communications as permitted by national law and in accordance with your preferences regarding communications you wish to receive. Without your permission, we will not share your personal data with non-affiliated third parties for their own marketing purposes.

In addition, we may share your personal data in the following instances:

  • in the event of any proposed or actual reorganisation, merger, sale, joint venture, assignment, transfer or other transaction relating to all or any portion of our business, disposal or other regulation of the whole or a part of our enterprise, assets or stocks (including in connection with any bankruptcy or similar proceedings), or
  • to meet any legal obligation, including to the relevant ombudsman if you make a complaint about the product or service we have provided to you.

5. Where will my personal data be processed?

Your personal data may be processed within or outside the European Economic Area (EEA) by the parties specified in section 4, subject to contractual restrictions regarding confidentiality and security of information in line with the applicable data protection laws. We will not disclose your personal data to anyone who is not authorised to process them.

Whenever we transfer your personal data for processing outside of the EEA by another Allianz Group company, we will do so on the basis of Allianz’ approved binding corporate rules known as the Allianz Binding Corporate Rules (Allianz’ BCR) which establish adequate protection for personal data and are legally binding on all Allianz Group companies. Allianz’ BCR and the list of Allianz Group companies that comply with them can be accessed here https://www.allianz.com/en/. Where Allianz’ BCR do not apply, we will instead take steps to ensure that the transfer of your personal data outside of the EEA receives an adequate level of protection as it does in the EEA. You can find out what safeguards we rely upon for such transfers (for example, Standard EU Model Contractual Clauses) by contacting us as detailed in section 9.

6. What are your rights in respect of your personal data?

Where permitted by applicable law or regulation, you have the right to:

  • Access your personal data held about you and to learn the origin of the data, the purposes and ends of the processing, the details of the data controller(s), the data processor(s) and the parties to whom the data may be disclosed;
  • Withdraw your consent at any time where your personal data is processed with your consent;
  • Update or correct your personal data so that it is always accurate;
  • Delete your personal data from our records if it is no longer needed for the purposes indicated above;
  • Restrict the processing of your personal data in certain circumstances, for example where you have contested the accuracy of your personal data, for the period enabling us to verify its accuracy;
  • Obtain your personal data in an electronic format for you or for your new insurer; and
  • File a complaint with us or the relevant data protection In Poland, this authority is the President of the Personal Data Protection Office.

You may exercise these rights by contacting us as detailed in section 9 providing your name, email address and purpose of your request. You may also make an access request by completing the Data Access Request Form available at https://mondial-assistance.pl/polityka-prywatnosci-awp-eng

7. How can you object to the processing of your personal data?

Where permitted by applicable laws, you have the right to object to us processing your personal data, or tell us to stop processing them (including for purposes of direct marketing). Once you have informed us of this request, we shall no longer process your personal data unless permitted by applicable laws.

You may exercise this right in the same manner as for your other rights indicated in section 6.

8. How long do we keep your personal data?

We will retain your personal data for six years from the date the insurance relationship ends or loss adjustment proceedings are completed or your complaint is settled. The 6-year period results from the period of limitation of claims in force in Poland and the need to archive documents in accordance with the Accounting Act.

We will not retain your personal data for longer than necessary and we will hold it only for the purposes for which it was obtained.

9. How can you contact us?

If you have any questions about how we use your personal data, you can contact us by letter at:

AWP P&C S.A. Branch in Poland
ul. Konstruktorska 12
02-673 Warszawa

We have appointed the Data Protection Officer, who may be contacted by e-mail or post at the following addresses:

Data Protection Officer

AWP P&C S.A. Branch in Poland
ul. Konstruktorska 12, 02-673 Warszawa
E-mail: iodopl@mondial-assistance.pl

You can also contact us using the Data Access Request Form available https://mondial-assistance.pl/polityka-prywatnosci-awp-eng

10. How often do we update this data protection notice?

We regularly review and update this data protection notice. We will ensure the most recent version is available on www.mondial-assistance.pl/biznes/Dane.aspx, and we will tell you directly when there’s an important change that may impact you. This privacy notice was last updated on 31/03/2023.

* GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (Journal EU L 119z 04.05.2016, p. 1 and EU Official Journal L 127 of 23.05.2018, p. 2)