Privacy Statement

1. The Company

Commercial General Insurance Ltd (hereafter referred to as “the Company”) holds a leading role among Cypriot general insurance companies and its headquarters are located at Arch. Makarios III Avenue, 1071 Nicosia, Cyprus, Tel 22505100, email: [email protected].

The Company was founded in 1973 by the British insurance company Commercial Union Assurance plc, present-day Aviva plc, and the Christophides Group, which had represented said company in Cyprus since 1925. With branches in all cities, and having created an expansive, modern and notable network of representatives who operate across the whole of Cyprus, the Company stands by its customers and offers its complete services.

It offers an array of modern insurance policies, especially designed to meet the needs of any individual or business and securing complete cover for its customers. Its goal is to continue its successful operations in the Cypriot insurance market, with particular commitment to its professional paradigms and business ethics, and to secure the full satisfaction of its customers’ insurance needs, focusing on the continuous improvement of its services and utilizing all modern technological means.

Furthermore, the Company remains focused on maintaining high standards of professionalism, innovates and creates within the field of insurance, having earned the trust and appreciation of the public through its credibility and reliability.

The purpose of this document is to inform you in an accessible, transparent and direct manner about the processing of your personal data, which the Company collects and processes within the framework of its responsibilities toward you, because it has committed, in accordance with current legislation, to securing and safeguarding your right to be protected against the unlawful processing of your personal data, as well as your right to privacy, but also to protecting the retained personal data concerning you.

Your personal data can help the Company to better comprehend your insurance needs, and to offer you a more rounded and personalised service. The Company nevertheless understands that preserving the security and confidentiality of your personal data is a great responsibility, which it takes very seriously into consideration. For this reason, it has designed this Privacy Statement which, among other measures, aims to inform you about the type of personal data collected, the reasons behind such collection, and the uses of the collected data.

This Privacy Statement addresses natural persons who are existing or potential clients of the Company, policyholders, authorised persons, third parties, suppliers and partners. By providing your personal data, or those of another person such as a policyholder, or of a claimant to whom you have given consent or by whom you have been authorised to process his personal data, you accept that the Company will use such data in the manner detailed in this Privacy Statement. You will need to direct the attention of the person whose personal data you give to the Company, to this Privacy Statement.
You may be given further notices of processing at a later stage, which will emphasise particular uses of your personal data.

The Company reviews the Privacy Statement on an annual basis and updates it when necessary, so that it may conform to legislative changes, operational or technological advancements. Thus, you will need to periodically check the Company website for the most recent version of this Privacy Statement.

Within the Privacy Statement, your personal data may at times be referred to as “Personal Data”, “Personal Information”, “Data” or “Information”. For the purposes of this Privacy Statement, Personal Data shall be deemed to include any piece of information concerning a natural person who can be identified either directly or indirectly, in particular by reference to identifiers, such as his full name, identity card number, or any factor(s) specific to the physical, physiological, genetic, mental, economic, cultural or social identity of said natural person.

The term Personal Data also includes, among others, sensitive information (or information of special categories) such as, for example, information which concerns the health of a natural person, possible criminal convictions and information which reveals his racial or ethnic origin.

When the Company states that your Personal Data are subject to “Processing”, this term includes any action undertaken in relation to such data, such as their collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, transmission, dissemination, alignment, combination, restriction, erasure and destruction.

 

2. The contact details of the data protection officer

In compliance with the EU General Data Protection Regulation (GDPR), the Company has appointed a Data Protection Officer (DPO).  In case you require further information regarding the processing of your personal data by the Company, you can contact the Data Protection Officer (DPO) of the Company at the address of its registered office, Arch. Makarios III Avenue, 101, 1071 Nicosia, or by email at [email protected]

 

3. Principles relating to processing of personal data

During the collection of any Personal Data, the Company is bound by the main principles of processing of the General Data Protection Regulation (EU) 2016/679, and after applying all the necessary organisational and technical protection measures, the Company is processing the personal data of individuals in accordance with the following principles of Personal Data Processing:

  1. The data are subject to lawful and fair processing in a transparent manner.
  2. The data are collected only for specified, explicit and legitimate purposes and are not further processed in a manner that is incompatible with the purposes for which the Company collected these data in the first place.
  3. Only the necessary and relevant data are collected, and the processing is limited only to what is necessary to achieve the purposes for which they have been collected.
  4. The data are always maintained accurate and are updated when necessary.
  5. The data are only retained for the period necessary for the purposes for which they have been collected.
  6. The data are processed in a manner that guarantees their safety, including, among others. their protection against unauthorised or unlawful processing and accidental loss, destruction or damage, through the use of necessary technical and organisational measures.
  7. When the Company transfers the Personal Data either to another country, or to a person who processes them on behalf of the Company, all necessary precautions for the protection of the data are taken, such as for example the conclusion of specialised agreements for data processing.

 

4. Collection of Personal Data

Personal Data collection mostly occurs directly from you, either through consultants or intermediaries. These data can be obtained through a proposal, which is directly or indirectly submitted to the Company (through partners and/or representatives) or through an agreement between us, or through telephone or any other communication with us for the sole purpose of creating or maintaining a business relationship as per article 6(1) (b) of the GDPR.

Nevertheless, in some cases, Personal Data collection can be carried out by third parties, when for example someone names you as part of a proposal / contract. Your personal data can be received either through third parties (partners, representatives, lawyers, authorised persons) or through other insurance companies or even through sources available to the wider public as per article 14 of the GDPR.

More specifically, your Personal Data can be collected:

a. From you (directly or indirectly):

  1. Through the information form when submitting an insurance proposal.
  2. Through telephone communication with the Company, which is likely to be recorded.
  3. Through queries, grievances, complaints or claims on your part.
  4. By filling out the “Website-Application Form for Employment”.
  5. Submission of personal information documents.
  6. In person, directly from natural persons.

 

b. From various other/third-party sources (for example):

  1. From other insurance policies, on which you are named as part thereof (e.g. if you are a named driver on a motor insurance policy).
  2. From other insurance services.
  3. From partners / service providers, intermediaries or representatives of the Company.
  4. From members of your family (in specific cases where you are unable to provide such information by yourself).
  5. From doctors or other similar healthcare professionals (e.g. during the evaluation of a claim for indemnity on your part).
  6. From legal advisors (e.g. in cases where you are not insured with the Company but have a claim submitted against you by one of its clients due to an accident).
  7. The Road Transport Department.
  8. From specialists, experts.
  9. By telephone or fax.
  10. Photographic material.
  11. By email, ERP systems.
  12. By telephone from the Police.
  13. Application form at our website (www.cgi.com.cy).
  14. Evaluation form during an interview.
  15. Registrar of Companies and Official Receiver- Insolvency Service.

 

5. Types of personal data processed by the Company

The Company collects and processes several types of Personal Data according to the services provided in each specific case. This Privacy Statement applies to both those directly and indirectly involved, as well as its potential and existing clients.

For all the aforementioned reasons, the Company collects Personal Data according to the insurance to be provided, as follows:

  1. Contact details (such as full name, address of residence, email address, telephone number, occupation, identity card / passport number, date of birth, nationality, etc.).
  2. Information and contact details of third parties, who are in any way named as part of the contract (e.g. named drivers on a motor insurance policy).
  3. Details of referees, medical certificate
  4. Bank details (e.g. IBAN).
  5. Personal data relating to your state of health, both medically and mentally, and information about past accidents, illnesses and treatments thereof.
  6. Information relating to your past, such as bankruptcies, penalty points, past claims and pending judicial proceedings against you.
  7. Information relating to the nature of your occupation and insurance history, as well as those of all named individuals, so that the Company may evaluate its risk as an insurance company.
  8. Information relating to the item for which the Company provides or is to provide cover (such as your vehicle, boat, house, etc. according to the insurance type).
  9. Information relating to your property (movable and immovable), anything located within this, and any type of charge that concerns it (mortgages, debts, etc.).
  10. Data collected through the Company website, using cookies.
  11. Information in relation to underwriting.

For employees or candidates, the company collects Personal Data for employment purposes such as:
Name, Address, Tax Identification Number, Identity Card Number, Social Security Number, Bank Account Number, IBAN number, Appointment Letter, CV.

 

6. Legal basis of the possessing of personal data

Once collected by the Company, your Personal Data may be processed, as mentioned earlier, by the Company, its employees, its partners or representatives, so as to offer you a personalised service and based on the legal basis and purposes described below:

6.1. The Company processes non-sensitive personal information lawfully, in accordance with:

i. Article 6 1 (a), for purposes you have consented to, such as mainly:

  1. provide you with information regarding promotional offers and our insurance products.

The Company will not normally contact you for marketing purposes by post, email, or text message unless you have given your prior consent or in so far as is permitted by the law or as an existing client for informing you for any for any offers or discounts on insurance products that serve your insurance needs and providing you the legitimately the right to opt out opt out of such communication. You can change your marketing preferences and withdraw previously given consent at any time or opt-out or object to the processing of your information for marketing purposes by contacting our DPO, the details of whom are stated in this Privacy Statement.

  1. share your insurance policy to the bank to which you have assigned it, or with whom you have a loan or finance or who has any legal interest in the subject matter of the insurance
  2. Keep your CV as a candidate for a limited predefined and notified period.

 

ii. Article 6 1 (b), as necessary to conclude or perform an insurance contract with you, such as mainly but not exhaustively:

  1. To communicate with you.
  2. respond to, examine or satisfy proposals of Insurance, claims, orders and related requests or queries submitted by yourself or a person acting on your behalf,
  3. process or examine Proposals of Insurance or orders that you or others, acting on your behalf, have submitted including for the purpose of assessing insurance risk,
  4. To carry out evaluations and decisions relating to the provision and the terms of insurance, settling claims, and the provision of support and other services.
  5. confirm your identity,
  6. issue and deliver the insurance policy,
  7. carry out obligations arising from any contracts or insurance policies, entered by you or another person.
  8. Handling of your claim
  9. To provide services that derive from the insurance contract, to submit claims for indemnity and support, as well as other products and insurance services offered by the Company, including the valuation of claims, the handling, settling and resolution of discrepancies.
  10. To improve the quality of the products and insurance services provided by the Company.

 

iii. Article 6 1 (c), to comply with obligations imposed by law to comply with or respond to requirements or demands by regulatory authorities and comply with regulatory framework.

iv. Article 6 1 (f), as necessary for the protection of Company’s legitimate interests pursue as a business, such as mainly but not exhaustively:

  1. ensure fraud prevention, for example by spotting fraudulent claims or statements,
  2. reduce credit risk and receive payment of insurance premiums,
  3. carry out customer research, surveys and statistics having previously anonymized relevant data.
  4. notify you of any changes to our services or our privacy policy, if necessary,
  5. to exercise and defend the Company’s legal rights, to safeguard its professional operations and the operations of its business partners, and to protect the rights, the privacy, the security or the assets of the Company, as well as those of its business partners, yourself or other persons or third parties,
  6. to enforce its terms and conditions, to pursue the available measures of reparation and to minimise its losses,
  7. to raise a claim or legal demands.

 

6.2. When for any of the above-stated purposes, the Company needs to process sensitive personal data such as data relating to your health, we do so lawfully in accordance with:

  1. Article 9(2)(a) of the Regulation, i.e., if you have given your explicit consent and where necessary,
  2. Article 9 (2) (b), if processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the Company as an employer or of the data subject, as an employee in the field of employment and based on the Employment regulatory framework.
  3. Article 9(2)(f) for the establishment, exercise or defence of legal claims.

If you need further explanation on how your information is used, you are welcomed to contact our DPO, the details of whom are stated in this Privacy Statement.

 

7. To whom the Company may disclose your Personal Data

The Company may need to disclose your personal data to its partners so that it can provide you with your required insurance and fulfil its obligations to you; such partners may include experts, assessors, cooperating service providers, such as road assistance and accident care, intermediaries, lawyers of the Company, lawyers of clients and third parties, other insurance companies that may be involved, doctors, reinsurers, representatives, credit institutions, the Motor Insurers’ Fund (MIF) in case of accident with an uninsured driver, the Police, the Superintendent of Insurance, inspectors, the Commissioner of Administration and Human Rights (Ombudsman), the Road Transport Department, Social Insurance Services, Income Tax, public authorities and other services.

In no case will the Company disclose your Personal Data for processing for reasons contrary to those described within this Privacy Statement or without your prior notice.

Your Personal Data may be disclosed to public authorities, auditors, assessors, reinsurance companies, the Superintendent of Insurance, who as processors will process them on behalf of the Company, on the basis of our agreement. Disclosure of Personal Data abroad may occur between the Company and service providers or reinsurance companies, lawyers and specialists.

In any case of disclosure to third parties, the Company takes all precautions to ensure that the disclosed data are those necessary for the performance of the contact, in accordance with the terms for their lawful and fair processing, and the organisations to which data are disclosed have bound themselves in writing toward the Company, to the fulfilment of the provisions of the general data protection regulation. Cases in which disclosure of data is necessitated by any legal or regulatory obligation, are excluded.

In cases where your Personal Data must be disclosed to countries outside the European Union, and which do not sufficiently protect your Personal Data, the Company will be liable and will need to enact contractual clauses between itself and the company to which the data are disclosed, for the purposes of securing and protecting the disclosed data.

 

8. Retention period of your personal data

The Company retains your Personal Data in its electronical or physical records only for the period necessary for the completion of the insurance contract between us, unless otherwise required by legal or regulatory obligations. This also applies to cases where said insurance contract is annulled for whatever reason.

Conforming to the Regulation, the Company has determined the various retention periods of your Personal Data according to the processing which they undergo. The factors taken into consideration when deciding these retention periods were the provision of better services to you, as well as the operational needs, legal and compliance obligations of the Company and the protection of the legal interests thereof.

Upon the expiry of the retention period of personal data the Company destroys or deletes the personal data based on its retention and destruction Policy, or alternatively keep them separated in an anonymized or encrypted form.

For more details on said retention periods or the Retention and Destruction Policy please contact the Data Protection Officer (DPO) of the Company, the contacts of which are described in this Privacy Statement.

 

9.  Your Rights

The General Data Protection Regulation specifies your rights in relation to your personal data. The Company has hence developed a procedure for settling any demand relating to your personal data, as follows:

  1. Right to Access: You have the right to access the data concerning you that the Company retains, and to obtain a copy thereof, provided that they are stored digitally.
  2. Right to Rectification: You have the right to access and rectify your Personal Data. You may, at any stage in our relation, review and update your Personal Data, providing always the necessary documentation, and requesting the rectification or filling in of any inaccurate information.
  3. Right to be Forgotten: You have the right to request the erasure of all or any part of the data concerning you. It is nevertheless emphasised that the Company is only obligated to erase those Personal Data that can be erased or are permitted to be erased.
  4. Right to Restriction: You retain the right to request the restriction of the processing of your Personal Data, even when the accuracy of such data is in doubt, or when they are no longer of use to the Company, but you nevertheless request their safeguarding due to legal proceedings.
  5. Right to Object: You may at any time express your objections to the processing of your Personal Data. In case you exercise this right, such processing ceases automatically, unless the Company proves a legal interest, or the data are required in support of a legal/judicial case.
  6. Right to Data Portability: You retain the right to data portability, i.e. the transfer of your Personal Data to another organisation in a recognisable and widely use format. The data in question will then be erased, as defined by the Company’s erasure policy.
  7. Right to Withdrawal of Consent: You retain the right to withdraw your consent for the processing of your Personal Data, at any time, without however affecting the legality of said processing, on which the Company relied prior to your withdrawal. The Company informs you that withdrawal of consent may lead to the termination of relevant services.
  8. Right to Submit a Complaint: You retain the right to submit complaints in relation to the processing of your Personal Data, to the Commissioner for Personal Data Protection.
  9. If during the submission of a complaint, you have doubts about the outcome of your enquiry, you may also submit it in writing to the Commissioner for Personal Data Protection at the following address:

Office of Commissioner for Personal Data Protection
Kypranoros 15
1061 Nicosia
PO Box 23378
1682 Nicosia
Phone No.: 22818456 Fax No.: 22304565
Email address: [email protected]

 

To exercise the above rights or in case you require further information relating to your rights, you can contact the Data Protection Officer of the Company, at the address of its registered office, and through the email address [email protected]

10. Amendments to the Company’s Privacy Statement

The Privacy Statement is reviewed by the Company at least on an annual basis. Any update of the Privacy Statement is based on any changed business processes and circumstances, findings derived from the Company’s policy monitoring procedures and methods or amendments to Legislation or technological advancements necessitate corresponding amendments on the part of the Company.

You are requested to remain informed about the Privacy Statement of the Company, which may at any time change and adapt to new developments and states of affairs.

The revised Privacy Statement of the Company will be uploaded to our website at www.cgi.com.cy

Finally, you are able to request a physical copy of the most recent version of the Privacy Statement from [email protected]

Last Updated 08/10/2024

Commercial General Insurance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.