Privacy policy

As part of its professional activities, BICM acts on behalf of insurers, and/or insurance brokers, and/or claims managers, and/or clients directly, and/or agents/representatives of clients, inside and outside of the European Economic Area (“EEA”). As a result, when relevant, respective privacy policies of insurers, and/or insurance brokers, and/or claims managers, and/or clients directly, and/or agents/representatives of clients apply in addition to this Privacy policy. BICM takes necessary measures to ensure protection and confidentiality of personal information it holds or processes in compliance with provisions of the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

In this Privacy policy, “we”, “us”, or “our” refers to BICM. “You”, or “your” refers to an individual whose personal data we are processing.

This Privacy policy explains our information processing practices. It applies to any personal information you provide us, and any personal information we collect from other sources mentioned further in this Privacy policy.

This Privacy policy is a statement of our practices and of your rights regarding your personal information. This is not a contractual document, and it does not create any rights or obligations on either party, beyond those which already exist under applicable data protection laws.

1. Responsible data Controller

BICM is the Controller and is responsible for your personal data, as defined under the GDPR.

You can reach our Data protection officer by post, or email at the addresses below.


                      BICM Ltd.
                      Gramzdas 90, “Ferrus” building
                      Riga, LV-1029

2. Personal data we may collect about you

We may collect, use, store, and transfer different kinds of personal data about you that we grouped below as follows, and that may be either in paper, and/or in various digital forms (scan/copy, photo, video/audio):

  1. Individual details, such as: first name, maiden name, last name, marital status, title, age / date and place of birth, nationality, gender, dependants / spouse / partner / family details, employment history, occupation, signature;
  2. Special categories of individual details, such as: medical history, criminal and/or administrative conviction/offence history;
  3. Contact details, such as: home address, billing address, email address, telephone number;
  4. Identification numbers, such as: government/law enforcement/public body/agency and/or similar issued personal ID, passport, driving license, national and/or private insurance, tax identification;
  5. Financial details, such as: bank account details, payment card details, transaction history.

3. Where we may collect your personal data from

We may collect your personal data from the below sources:

  1. You, your family member, your agent/representative;
  2. Insurer, insurance broker, claims manager, third party claimant;
  3. Government/law enforcement/public body/agency.

For website visitors: we do not collect personally identifying information about you when you visit this website.

4. Purpose, and legal basis of using your personal data

When we process your personal data, we will rely on the following grounds for processing:

  1. Performance of a contract: when processing of your personal data is necessary to perform our obligation under a contract with an insurer, and/or insurance broker, and/or claims manager, and/or you, and/or your agent/representative, in order to administrate (manage, process, handle, adjust, recover) incident and/or claim;
  2. Public–legal/regulatory obligation: when processing of your personal data is necessary to comply with our obligation to a government/law enforcement/public body/agency.

5. Disclosures of your personal data

We may share your personal data with the parties set out in section 4 above.

We do not share your personal data with unaffiliated third parties, except as set out in section 4.2 above.

6. International transfer of your personal data

Personal data we collect from you may be transferred to, stored, and processed at, a destination outside the EEA. These transfers will be made in compliance with the GDPR.

If you would like further details, relevant to your specific instance, of how your personal data would be controlled and processed when transferred outside the EEA, please contact us.

7. Data security

We implemented reasonable physical, technical, and administrative security standards to protect your personal data from unauthorised disclosure of, or access to, from accidental or unlawful destruction, loss, alteration.

Our service providers and are legally bound to maintain the confidentiality of personal information and may not use the information for any unauthorized purpose.

8. Data retention

Personal data we collect from you is retained by us during processing, and, for the purposes of satisfying legal, and/or accounting, and/or reporting requirements, after closure of processing, for the length of a period set out in applicable national and/or EU legislation.

When disclosed within the EEA, your personal data is subject to respective applicable national and/or EU legislation.

When disclosed and transferred internationally, your personal data is retained as per applicable legislation of that country and/or a state within its borders.

9. Your legal rights

You have certain rights, subject to exceptions under applicable legislation, with regard to your personal data processed by us as described below:

  1. Right of access / right to data portability: you have the right to receive a copy of your personal data that we hold in a commonly used structured machine readable format, and to request us to transmit your personal data to a third party of your choice;
  2. Right of rectification: you have the right to have your personal data that we hold to be corrected and/or completed, if the information we hold about you is incorrect and/or incomplete;
  3. Right to restrict, or object to processing: you have the right to request us to restrict the processing of your personal data that we hold;
  4. Right to erasure: you have the right to the erasure of any personal data we hold about you.

You can make a request to exercise these rights by contacting us, at the addresses stated in the section 1 above.

Each request will be considered on its merit, and we will ask you to provide evidence of your identity before we can take instructions to fulfill your rights.

Rights of access requests are generally free of charge. However, we can charge a fee based on the administrative cost of providing information when a request is unfounded, and/or excessive, and/or repetitive.

10. Amendments to this Privacy policy

This Privacy policy may be amended at any time.

We encourage you to periodically review this Privacy policy so that you are aware of our current privacy practices.

This Privacy policy was last amended on 1st November 2019.