Privacy notice for processing of personal data received by clients and partners of ARS Bulgaria EOOD
1.Information about the processor and processor contact data.
We, the undersigned ARS Bulgaria EOOD, UIC: 130381622, having seat and registered office in the city of Sofia, 7 Sheynovo Str., level 1, contact details: Telephone: +359 (2) 933 78 35, e-mail: office@arsbulgaria.com, (hereinafter referred to in this document as “The Company”), we take into consideration that it is important for you to understand how we collect, store and share any personal data processed in the performance of our commercial activity.
2.Who is this Notice dedicated to?
This Privacy Notice is designated for all entities the personal data of which we are processing in the course of our operations. Such entities may include:
- • users of insurance services (individuals);
- • individuals, representatives of legal entities, who have business and/or partner relationships with the Company and with their beneficiary owners;
- • individual employees of legal entities, who have trade and/or partnership relationships with the Company.
3.What types of personal data do we process?
The types of personal data we process depend on the purpose we need that personal data for. In most cases, providing your personal data is necessary to enable us to sign and/or fulfil an agency/service agreement based on which we provide our services to you, or to fulfil legal requirements. If you fail to provide this information to us, we may not be able to sign or fulfil our agreement with you. We will inform you additionally if the disclosure of your information is not mandatory.
3.1. Insurance agency:
In the performance of the insurance agency/services agreements, which we conclude with our individual clients, we process data about the users of insurance services. The data processed depends on the type of the insurance agreement that we act as an agent for. We process this data as mutual processors with the insurance company you have selected. Such data may be:
- • Individualizing data: Names and Personal ID/Foreign Resident ID/Uniform Identification Code of a sole proprietor, to allow us to individualize you unambiguously;
- • Contact details: telephone, e-mail, address – in order to effectively communicate in the performance of our agreement, including by reminding you of an expiration of a term, or the need to make a payment of a contribution;
- • Social identity data: Data about existing employment relationship, if required for the respective type of insurance agreement;
- • Family identity data: Data about marital status and family members, when required for the particular type of insurance.
- • Economic identity data: Data about the property status, for example conclusion of property insurance, or data regarding your employment remuneration;
- • Financial data: Information regarding the bank account or regarding the origin of funds;
- • Health condition data: At the time of the conclusion of certain insurances (such as medical or life insurance), or in case of claiming damages to the insurer;
- • Any other information we are required to collect by law, which is required by the insurers, or which has been presented by the subjects on a voluntary basis.
3.2 Administration of contractual relations
In order to administratively process the contracts we undertake and in order to fulfil our obligations under the laws in force, we process the following personal data:
- • for the individuals who represent legal entities: the physical identity of the person: names, address and contact phones, e-mail, position, authorization data (only for proxies), etc.;
- • for the employees of our clients, who act as contact persons: names, position, e-mail, contact phone;
- • for individual clients, managers and beneficiary owners of the clients – data requested under the Money Laundering Counter Measures Act including a copy of an identity document.
3.3 Response to submitted questions
In the course of promoting our activity, we process data about the persons, who have submitted a request through our website, which include: names, e-mail address, IP address, browser and operation system information, and any other information which is provided to us through the contact form.
3.4 Organizing surveys and/or awareness campaigns
As part of our activity in support of our clients, we organize surveys and awareness campaigns. Participation therein is voluntary and anonymous. For us to provide you with information regarding the conducted research and campaigns, we require certain personal data – names, role/position in your organization, and an e-mail address. Should you wish to, you can provide us with the name of your organization and a contact number for you. We will only use this data to get in touch with you for the specific survey or campaign that you requested information for. We will use the contact data to provide you with other information, including information for the services offered by you, if you have agreed to receive this information.
3.5 Direct marketing
In order to increase the volume of the services we offer, we can process the data provided by you in order to inform you about new insurance products and services, which we think would be of interest to you, in order to propose the renewal of the insurance agreements you have concluded, which are set to expire. We only use the information you have provided us with. If you do not want to receive notices, which are direct marketing, you can object to this at any time by contacting us in one of the ways indicated.
4.What is the grounds for the processing?
Personal data processing shall be performed only in case there is a legal reason for this processing. We process the data for one of the following reasons:
- • processing is necessary in order to conclude or perform the agreement with the Company;
- • processing has been stipulated in a regulation, for example in the Liabilities and Contracts Act, the Accounting Act, the Natural Persons Income Tax Act, the Corporate Income Tax Act, the Value Added Tax Act, the Money Laundering Counter Measures Act, and others;
- • processing is based on consent of the data subject – when using contact data, obtained in relation to surveys or awareness campaigns for additional purposes, for example providing information about offered goods and services.
- • processing is based on our legitimate interests, which are directed towards efficient management of our business processes and towards increasing the volume of the services provided, for example via responding to queries, providing surveys and campaigns information, or via direct marketing.
Depending on the type of the insurance agreement, it may be necessary to process sensitive personal data, such as data about your health condition. We perform processing of sensitive personal data only in case this is necessary for the respective type of insurance agreement, and with your express permission.
5.What is the purpose for data processing?
All the activities on personal data processing in the course of our operations shall be performed for the purpose of:
- • implementation of the agency or service agreement, for example:
- * insurance risks analysis;
- * insurance coverage proposals analysis;
- * provision of advisory services;
- * negotiation of the terms and conditions or conclusion of an insurance agreement;
- * observing the contracts renewal terms;
- * providing assistance in settling claims in case of occurrence of an insurance event.
- • administration of the legal relationship – for example for drafting an agency or service agreement, preparation of payment documents, necessary for the performance of bank transfers for payment of remuneration, payment of tax liabilities and implementation of other obligations, established with a law;
- • contacting the client or the supplier;
- • promotion of our operations by maintaining an information website and contacting the persons who have submitted queries through it;
- • protecting your vital interests, or the vital interests of another natural person;
- • increasing the volume of the provided services through direct marketing.
We shall only process personal data for the objective that they have been collected for and we shall not reuse such data for purposes that are incompatible thereto. Additional processing shall only be eligible for establishment, exercising or defending legal claims.
We do not use the data obtained in the realization of our main activity for automated decision-making using computer algorithms, which substitute human assessment, including through profiling.
6.Who do we receive the data from?
Most frequently data is received directly by the person they refer to, but it shall be possible to receive the data from other persons:
- • in case we are processing the data of the insured person, obtained from our client (insurer);
- • in case a representative of a user of insurance services provides data to us;
- • the data about the representatives and the beneficial owners of the legal entities may only be presented to us by other employees or be received by us through the use of public registers.
If you provide us information about other people, please verify you have justification for providing such data (for example you have that person’s agreement), and introduce that person to this Privacy Notice.
7.How long do we keep your data?
We only keep your personal data for as long as necessary in order to achieve the objectives that they have been collected for, or for as long as it has been stipulated in the regulatory provisions. The terms of preservation depend on the type of the particular information. In compliance with the requirements of the regulatory provisions, the data related to our commercial operations shall be preserved for a maximum of 10 years.
8.Who do we share your personal data with?
In order for us to fulfil our agreement with you, we need to provide data to insurance companies, in order to negotiate the best possible conditions and conclude the insurance agreements.
In case of a reason thereof, we may provide data to individual subjects, which process them as separate processors – for example banks, licensed post operators, medical establishments, attorneys-at-law (in case of a legal dispute), etc.
In certain cases, we may provide access to the data of suppliers, which support our activity, for example in case of maintenance of our technical infrastructure. As our processors, they shall provide high levels of security, and we shall control the processing activities that they perform.
We always provide data to the competent state bodies, if this is stipulated by law.
We do not transfer personal data to other countries or to international organizations.
9.Is the data protected?
ARS Bulgaria EOOD undertakes reasonable physical, technical and organizational security measures, designated to protect all personal data from loss, abuse, alteration, destruction or damaging in compliance with the requirements of the European and the national laws. We designate these measures on the grounds of the risks identified by us, we make a regular review of the measures provided and we update them, if necessary.
10.What rights do you have?
When processing personal data in relation to business operations ARS Bulgaria EOOD applies the lawful established rules for exercising the data subjects rights, acting in good faith.
As a data subject, you shall have the right to request the following from us:
- • to provide access to your personal data, with respect to the rights of third parties;
- • to remove incorrect personal data (including the right to complete incomplete personal data);
- • to delete personal data. This shall only be applicable in the following cases:
- * personal data is no longer required for the purposes, for which they have been processed;
- * you are withdrawing your consent and there is no other justification for the processing;
- * you object against processing based on our legitimate interests and we are unable to prove that our interests prevail over your rights;
- * personal data has been processed illegally;
- * deleting is necessary for the fulfilment of a legal obligation under the laws of the European Union or the right of a member state, applied to the processor;
- • limiting the scope of processing of personal data only to storage in the following cases:
- * the correctness of said personal data were disputed;
- * the processing is illegal, but you objected against the deletion of your personal data;
- * we no longer require your personal data, but that personal data is still needed in order to establish, exercise or protection a legal claim;
- • to withdraw your consent at any time, and this withdrawal shall not have an effect on the already completed processing activities;
- • in order to exercise your transferability right – for data which is processed on the grounds of an agreement or consent, in case processing that data is performed automatically.
You are authorized at all times to object the processing of data based on our legitimate interests and based on your specific situation. We will cease processing personal data, unless we are able to prove that there are convincing legitimate grounds for that processing, which shall prevail before the interests, rights and freedoms of the data subject or establishing, exercising and the defense of legal claims.
You shall have the right to exercise these rights regarding data that we process as mutual administrators with the insurance companies. Based on our agreements, you shall be able to exercise your rights towards each processor, and each of us shall review your requests independently. You also have the right to file a claim to the Personal Data Protection Commission, with the following address: 1592 Sofia, 2 Professor Tsvetan Lazarov Blvd., with e-mail: https://www.cpdp.bg/ or request that your rights are protected by a competent court.
If you have any questions or concerns regarding the processing of your personal data, or you would like to exercise any of your rights, please contact us at the following e-mail address: gdpr@arsbulgaria.com.
11.Document versions
The validity date of the current version of this document is: 11.05.2022.