- 1. Responsible data Controller
- 2. Personal data we may collect about you
- 3. Where we may collect your personal data from
- 4. Purpose, and legal basis of using your personal data
- 5. Disclosures of your personal data
- 6. International transfer of your personal data
- 7. Data security
- 8. Data retention
- 9. Your legal rights
1. Responsible data Controller
BICM is the Controller and is responsible for your personal data, as defined under the GDPR.
You can reach our Data protection officer by post, or email at the addresses below.
Gramzdas 90, “Ferrus” building
2. Personal data we may collect about you
We may collect, use, store, and transfer different kinds of personal data about you that we grouped below as follows, and that may be either in paper, and/or in various digital forms (scan/copy, photo, video/audio):
- Individual details, such as: first name, maiden name, last name, marital status, title, age / date and place of birth, nationality, gender, dependants / spouse / partner / family details, employment history, occupation, signature;
- Special categories of individual details, such as: medical history, criminal and/or administrative conviction/offence history;
- Contact details, such as: home address, billing address, email address, telephone number;
- Identification numbers, such as: government/law enforcement/public body/agency and/or similar issued personal ID, passport, driving license, national and/or private insurance, tax identification;
- Financial details, such as: bank account details, payment card details, transaction history.
3. Where we may collect your personal data from
We may collect your personal data from the below sources:
- You, your family member, your agent/representative;
- Insurer, insurance broker, claims manager, third party claimant;
- Government/law enforcement/public body/agency.
For website visitors: we do not collect personally identifying information about you when you visit this website.
4. Purpose, and legal basis of using your personal data
When we process your personal data, we will rely on the following grounds for processing:
- Performance of a contract: when processing of your personal data is necessary to perform our obligation under a contract with an insurer, and/or insurance broker, and/or claims manager, and/or you, and/or your agent/representative, in order to administrate (manage, process, handle, adjust, recover) incident and/or claim;
- Public–legal/regulatory obligation: when processing of your personal data is necessary to comply with our obligation to a government/law enforcement/public body/agency.
5. Disclosures of your personal data
We may share your personal data with the parties set out in section 4 above.
We do not share your personal data with unaffiliated third parties, except as set out in section 4.2 above.
6. International transfer of your personal data
Personal data we collect from you may be transferred to, stored, and processed at, a destination outside the EEA. These transfers will be made in compliance with the GDPR.
If you would like further details, relevant to your specific instance, of how your personal data would be controlled and processed when transferred outside the EEA, please contact us.
7. Data security
We implemented reasonable physical, technical, and administrative security standards to protect your personal data from unauthorised disclosure of, or access to, from accidental or unlawful destruction, loss, alteration.
Our service providers and are legally bound to maintain the confidentiality of personal information and may not use the information for any unauthorized purpose.
8. Data retention
Personal data we collect from you is retained by us during processing, and, for the purposes of satisfying legal, and/or accounting, and/or reporting requirements, after closure of processing, for the length of a period set out in applicable national and/or EU legislation.
When disclosed within the EEA, your personal data is subject to respective applicable national and/or EU legislation.
When disclosed and transferred internationally, your personal data is retained as per applicable legislation of that country and/or a state within its borders.
9. Your legal rights
You have certain rights, subject to exceptions under applicable legislation, with regard to your personal data processed by us as described below:
- Right of access / right to data portability: you have the right to receive a copy of your personal data that we hold in a commonly used structured machine readable format, and to request us to transmit your personal data to a third party of your choice;
- Right of rectification: you have the right to have your personal data that we hold to be corrected and/or completed, if the information we hold about you is incorrect and/or incomplete;
- Right to restrict, or object to processing: you have the right to request us to restrict the processing of your personal data that we hold;
- Right to erasure: you have the right to the erasure of any personal data we hold about you.
You can make a request to exercise these rights by contacting us, at the addresses stated in the section 1 above.
Each request will be considered on its merit, and we will ask you to provide evidence of your identity before we can take instructions to fulfill your rights.
Rights of access requests are generally free of charge. However, we can charge a fee based on the administrative cost of providing information when a request is unfounded, and/or excessive, and/or repetitive.