Data Protection Notice
Fortegra Europe Insurance Company Ltd, Office 13, SOHO Office The Strand, Fawwara Building, Triq l-Imsida, Gzira, GZR 1401, Malta (“We/Us/Our”) is the data controller in relation to personal information which We hold about You (“Personal Data”). Any queries relating to data protection matters may be addressed to Our Data Protection Officer at The Data Protection Officer, Fortegra Europe Insurance Company Ltd, Office 13, SOHO Office The Strand, Fawwara Building, Triq l-Imsida, Gzira, GZR 1401, Malta or on data subject access page.
By means of this Data Protection Notice We would like to provide You with information as to how and why We process Your Personal Data as defined by the Data Protection Act, 2018 and the General Data Protection Regulations (GDPR) (Regulation (EU) 2016/679).
Information We hold about You
As data controllers, We may collect, store and use the following categories of Personal Data:
- individual details which include name, address (and proof of address), other contact details (e.g. e-mail and telephone details), gender, marital status, family details, date and place of birth, employer, job title and employment history, relationship to the policyholder, insured, beneficiary or claimant;
- identification details which include identification numbers issued by government bodies or agencies (e.g. depending on the country You are in, social security or national insurance number, passport number, ID number, tax identification number, driver’s licence number);
- financial information which include payment card number, bank account number and account details, income and other financial information;
- policy information which include information about the quotes individuals receive and the policies they obtain;
- previous/ current claims which include information about both previous and current claims, which may include criminal records data and other special categories of Personal Data.
Processing of Personal Data, referred to as “special categories” revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation shall be prohibited, unless You have given explicit consent to the processing of those Personal Data for one or more specified purposes.
How We will process information about You
We process Your Personal Data as may be necessary in order to provide You with the particular insurance product or service that You request of Us and to administer the same. We process such data for the purpose of providing You with quotations, underwriting, risk assessment, claims handling and any other purpose for which We may be obliged or authorised to process such data by or under any law, statutory and/or contractual requirement, including that of preventing, detecting or suppressing insurance fraud. For these same purposes, We may need to transfer Your Personal Data to third parties including but not limited to service providers (insurance companies and agents), surveyors, repairers, loss adjusters, investigators, credit reference agencies, bank and insurance associations. Such third parties may be local or foreign and may form part of an international organisation or a group of companies.
If You fail to provide Personal Data
We remind You that You are required to provide Personal Data since failure to provide such data may result in Us not being able to provide a suitable insurance product or service. Furthermore, You are requested to notify Us immediately if there is any material change in risk or change in any other personal information provided, to ensure that information held by Us is accurate at all times.
How We use particularly sensitive Personal Data
Special categories of Personal Data require higher levels of protection. We need to have further justification for collecting, storing and using this type of Personal Data. We may process special categories of Personal Data in the following circumstances:
- in limited circumstances, with Your explicit written consent;
- where We need to carry out Our legal obligations;
- where it is needed in the public interest;
- where it is needed to assess Your working capacity on health grounds, subject to appropriate confidentiality safeguards;
- where it is needed in relation to the exercise or defence of legal claims.
We will not use Personal Data for any other purpose which is incompatible with the purposes described in this Notice, unless such use is required or authorised by Law, authorised by You or is in Your own vital interest (such as in the case of medical emergency).
Transfer of Personal Data outside Malta
The transfer of Personal Data outside of the European Economic Area (EEA) is prohibited unless one or more of the following specified safeguards, or exceptions, apply:
- The European Commission can and does assess third countries, a territory and/or specific sectors within third countries to assess whether there is an appropriate level of protection for the rights and freedoms of natural persons. In these instances, no authorisation is required.
- An adequacy assessment is undertaken considering the following factors:
- the nature of the information being transferred;
- the country or territory of origin, and final destination, of the information;
- how the information will be used and for how long;
- the laws and practices of the country of the transferee, including relevant codes of practice and international obligations.
We will take appropriate measures to protect Personal Data and sensitive Personal Data, which are consistent with the applicable privacy and data security Law and regulations, including requiring third party service providers to use appropriate measures to protect the confidentiality and security of Personal Data and sensitive Personal Data.
Data integrity and retention
We will take reasonable steps to ensure that Personal Data and sensitive Personal Data processed by Us, is reliable for its intended use and is accurate and complete for carrying out the purposes described in this Notice. We will retain Personal Data and sensitive Personal Data for the period necessary to fulfil the purposes outlined in this Notice, unless a longer retention period is required or permitted by Law.
In the case of a Personal Data breach, the Data Protection Officer shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the Personal Data breach to the competent supervisory authority, namely the Office of the Data Protection Commissioner and the data subject, unless the Personal Data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
We also remind You of Your rights in line with data protection laws and regulations, which are as follows:
- Right to information, on the type of data requested, the reasons for and how We process Your Personal Data;
- Right of access, which is Your right to obtain from Us confirmation as to whether Personal Data concerning You is being processed, where and for what purpose. Furthermore, upon Your request, We shall provide You with a copy of Your Personal Data, free of charge, in a structured, commonly used, electronic and machine-readable format, to ensure data transparency and data portability. We acknowledge that You have the right to transmit this data to any other party;
- Right to object to the processing of Your Personal Data and to direct marketing;
- Right of rectification/ correction of the Personal Data concerning You;
- Right to be forgotten, that is Your right to have Your Personal Data erased, no longer processed, cease further dissemination of the data, and potentially have third parties halt processing of the data where the Personal Data is no longer relevant to the purposes for which the information was originally collected and processed. You can withdraw Your consent or object to the processing of Personal Data concerning You, or where the processing of Your Personal Data does not comply with the GDPR. At the same time, We remind You of our requirements, in terms of the Companies Act (Cap. 486) and the General Data Protection Guidelines – Guidelines for the Promotion of Good Practice – Insurance Business Sector to retain Your Personal Data for a minimum period of ten (10) years following the lapse/ cancellation of Your insurance product/ service. Your data shall be stored/ archived securely in line with GDPR requirements. Hence, erasure of Personal Data may be requested following this timeframe;
- Right to withdraw consent, to processing Your Personal Data;
- Right to restrict, the processing of Your Personal Data;
- Right to portability, that is Your right to receive a copy of Your Personal Data in a commonly Used machine-readable format, and to request to have the data transferred to any other parties;
- Right to object to automated decision-making, including profiling which is the processing of Personal Data for the purpose of evaluating personal aspects in order to make predictions about You based on a series of statistical deductions.
Any such requests must be signed by You and sent to Us in writing (The Data Protection Officer, Fortegra Europe Insurance Company Ltd, Office 13, SOHO Office The Strand, Fawwara Building, Triq l-Imsida, Gzira, GZR 1401, Malta) or on data subject access page.
You may also lodge a complaint with the supervisory authority, the Office of the Information and Data Protection Commissioner, Floor 2, Airways House, Triq Il-Kbira, Sliema SLM 1549 Malta, if You are not satisfied with Our data protection processes.
By using our services, You consent to Us processing Your Personal Data for the purposes as described in this Notice, unless You otherwise inform Us in writing. Kindly note this Data Protection Notice can also be downloaded from our company website www.fortegra.eu
Should You require any further information, please do not hesitate to contact us.