Compensa Vienna Insurance Group, ADB is an insurance company registered in Lithuania and having its branches in Latvia and Estonia. You can find our requisites on this web-page. In our activities we also use the services provided by our affiliated companies (representatives): UAB “Compensa Services”, registration code 302701871, Ukmergės g. 280, Vilnius, Lithuania, and Sabiedrība ar ierobežotu atbildību “Compensa Services”, registration code 40103534334, Vienibas g. 87H, Riga, Latvia.
In order to properly fulfill the obligations arising from insurance contracts and imposed by legal acts, we have to process natural persons’ personal data. Compensa is officially registered as data controller and meets the legal requirements applicable for data controllers.
We have appointed Data protection officer, and in case of any questions or concerns related to your personal data you can easily contact him by e-mail:
- Lithuania DPO@compensa.lt
- Latvia DPO@compensa.lv
- Estonia DPO@compensa.ee
How we process personal data?
Irrespectively of the nature of our relationship with individuals, the respect for their personality, including their personal data, is of fundamental importance to Compensa. Accordingly, we are committed to data protection, security and confidentiality and these topics are a key element in our Code of Business Ethics. In order to ensure privacy in all aspects of our relationships with individuals, we have designed standards and procedures and regularly review and improve them.
We make every effort to ensure that your personal data are:
- being processed lawfully, fairly and in a transparent manner,
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date;
- kept in a form which permits your identification for no longer than is necessary for the purposes for which the personal data are processed;
- processed in a manner that ensures appropriate security of the personal data.
What personal data do we process?
“Personal data” means any information relating to a natural person who can be identified directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Aiming to conclude and perform insurance contracts properly, we usually collect and process the personal data of the individual (such as name, surname, contact details) and the personal data related to insurance object (e.g. information about property, motor vehicle, etc.). Depending on the situation, we may also process other personal data which are necessary for conclusion and (or) performing the insurance contracts (e.g. individual characteristics data – driving experience, travel destinations and periods, etc.; financial data – bank account number, amount of debt, etc.). This is not finite list of personal data processed by Compensa; amount of information about particular natural person depends on his/her individual relationships with us. In all the cases, we do not collect any excessive personal data which are incompatible with data minimisation principle. You can anytime get the information about your personal data being processed by Compensa; for details please see chapter “What are your rights?”.
What are the purposes and legal basis for data processing?
In absolute majority of cases, we process personal data for the purpose of concluding and performance of the insurance contracts (including insurance risk assessment, identification and evaluation of insurance object, calculation of insurance compensation, etc.). Limited content of your personal data (e.g. insurance history) may be used for insurance risk assessment and conclusion of prospective insurance contracts as well.
We also may be obliged to process personal data due to legal obligations (e.g. administration of the list of insurance intermediaries, etc.).
In some cases (e.g. for the purpose of direct marketing) your personal data may be processed based on your freely given and unambiguous consent. You may easily withdraw your consent at any time free of charge.
Sometimes, individuals’ personal data may be processed if it is necessary for the purposes of our legitimate interest (e.g. video surveillance of entrance to our premises ensuring the safety of the property and employees). In such cases we disclose our legitimate interest to the individual. However, we do not process personal data based on this ground, if such legitimate interests are overridden by individuals’ interests or their fundamental rights and freedoms.
In all the cases, we process personal data strictly complying with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), as well as with local laws providing the requirements for personal data protection.
How do we collect and transfer personal data?
Usually, we collect individual’s personal data from himself/herself. However, sometimes we have to collect personal data from other persons as well – e.g. from state registers, police offices, other state institutions or other persons. In all cases, we do not deliberately collect excessive personal data, which are not necessary aiming to achieve legal purposes of processing such data. Moreover, we inform the individuals about collecting their personal data from other persons, unless they already have this information or there are other legal grounds permitting not to provide such information.
We keep your personal data safely and do not transfer them to any unauthorized persons. However, part of individuals’ personal data being processed by Compensa may be transmitted to other persons or state institutions due to legal obligations imposed by European Union or local laws, or in order to properly fulfill the contractual obligations. Your personal data also may be transferred to third parties by your request or according to the agreed contractual conditions (e.g. to banks, leasing companies, etc.).
We provide the typical (not finite) list of the subjects, to whom the personal data may be transferred:
- Claims handling partners, assessors of damages;
- Insurance intermediaries;
- Reinsurance companies;
- IT systems maintaining services providers;
- Debts collection companies,
- State institutions, etc.
In all the cases, we transmit as little part of personal data to the third parties as it is necessary in order to achieve the legitimate purpose of such data transfer. Moreover, we use only those outsourced partners who guarantee the implementation of appropriate technical and organizational measures in such a manner that processing of your personal data will meet the legal requirements and ensure protection of your rights. We also constantly control our outsourced partners as regard the compliance with data protection requirements.
How long do we store personal data?
Your personal data may be stored in different documents or files both in paper and electronical form. Legal acts may provide different terms of their storage. Compensa do not store any personal information longer than it is necessary according to the legal acts or to the purposes of data processing. Usually, the information containing your personal data is being deleted after the term of receipt of possible claims is expired.
Even if you decide to cease our cooperation, we may still store your personal data due to the possibility of prospective claims. Moreover, we shall store your personal data in order to be able to answer your questions or to provide you necessary information about our cooperation. However, we do not use your personal data for any other purposes than you have been informed about.
What are your rights?
You have the rights provided in the General Data Protection Regulation and described below. Please note that some of these rights are not absolute and Compensa shall not necessarily and unconditionally satisfy your request for their implementation.
Right of access
You may ask for the confirmation as to whether or not your personal data are being processed, and where that is the case, access to your personal data and the information on its processing.
Right to rectification
You may ask for retification of inaccurate personal data, to have incomplete personal data completed.
Right to erasure (right to be forgotten)
You may ask to erase your personal data without undue delay.
Right to restriction of processing
You may ask for restrication of processing your personal data, where one of the following applies:
- You contest the accuracy of the personal data - for a period enabling us to verify the accuracy of the personal data;
- The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- Compensa no longer needs your personal data, but you require them for the esitablishment, exercise or defence of legal claims;
- You have objected to processing your personal data pending the verification whether our legitimate grounds override your ones.
Right to data portability
You may ask to receive your personal data in a structured, commonly used and machine-readable format and may transmit (or ask us to transmit) them to another data controller.
Right to object
You have the right to object to processing your personal data which is based on Compensa's legitimate interest; also, to processing the personal data for direct marketing purposes.
Right not to be subject to a decision based solely on automated processing
You may ask not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
You may ask for the detailed explanation of your rights at our Data protection officer (see contact details in chapter “About us”) or find their description in General Data Protection Regulation. Intending to implement your rights, please contact our Data protection officer.
Once per year we provide the information about processing of your personal data free of charge. If you apply more than once per year, or if your request is groundless, repetitive or disproportionate, we may charge a reasonable fee based on administrative costs. We may ask you to provide the proves for verification of your identity (e.g. identification document). We also may ask you to clarify your request in order to speed up our response. We reply to your request within 30 days since receipt of your application; this term may be extended if your request is complicated or if you submitted a lot of requests (in such case we will inform you about the delay of the response).
We appreciate for your feedback and kindly ask you to submit your concerns related to protection of your personal data to our Data protection officer (see contact details in chapter “About us”). You may also send your application to our office (requisites may be found on this web-page). Compensa assures that will thoroughly investigate all the incidents of possible non-compliance with this Policy and legal acts and will adopt all the necessary risk remediation measures to ensure the maximum protection of your personal data. If we don’t manage to solve the dispute, you also may submit the official complaint to the supervisory authority:
- Lithuania: State Data Protection Inspectorate, A.Juozapavičiaus g. 6, Vilnius L. Sapiegos g. 17, 10312, Vilnius, el. paštas email@example.com;
- Latvia: Data State Inspectorate, Blaumana str. 11/13-15, Riga, email firstname.lastname@example.org;
- Estonia: Estonian Data Protection Inspectorate, Väike-Ameerika 19, Tallinn, email email@example.com.