Data Protection & Privacy Policy

About us

Assikura Insurance Brokers PCC Limited (herein referred to as the “Company” and/or “Assikura”) are the data controllers as defined by relevant data protection laws and regulations. We control and are responsible for keeping and using personal data in paper or electronic files.

This statement is in compliance with the Data Protection Act, Chapter 440 of the Laws of Malta, the European Union Directive 2002/58/EC and Regulation (EU) 2016/679 (GDPR).

Scope of this statement 

Whether you are our customer or approached us for a proposal, we understand the importance of your personal data and of your right to privacy.  Throughout the insurance lifecycle, Assikura will receive information on beneficiaries under a policy, their relatives, claimants and other parties to a claim. Moreover, references to ‘individuals’ in this statement includes any living person from the preceding list, whose Personal Data Assikura receives in connection with the services it provides under its engagements with its clients.

The purpose of this document is to reassure you that the privacy and security of your personal information is very important to us. We are committed to continue to do our utmost to keep your personal data as safe as possible.

Information we hold about you

We may collect, store, and process the following categories of personal information about you (“Personal Information”):

  • – Basic personal details such as your name, address, e-mail address, telephone number, date and place of birth and age, gender, marital status, nationality, ID Card Number, Passport Number;
  • – Additional information about your lifestyle and insurance requirements, such as details of your car, your home, your household or your travel arrangements;
  • – Information about your other policies, such as claims history, quotes history, payment history, claims data;
  • – Details on your dependants/spouse/partner/family;
  • – Information about your current and previous employment and occupation, including salary;
  • – Identification document information (e.g. ID Card, Driving Licence, Passport);
  • – Bank account details;
  • – Debit/ Credit Card Details;
  • – Bank statements;
  • – Utility Bills;
  • – IP addresses when visiting our webpage without disabling Cookies including related location data;
  • – Results of checks relating to prevention of fraud and/or terrorist activities;
  • – Signature;

We may also collect, store and use the following “special categories” of more sensitive personal information such as health information (for example current state of health, existing conditions, family or personal history in relation to medical conditions). The information we collect, store and process, will depend on the type of policy you will be requiring.

How is this information collected?

We may collect, store and process information through the following sources either when assisting you with a proposal, your policy or a claim:

  • – Your employer;
  • – Your family who may be acting on your behalf;
  • – Claim or proposal forms;
  • – Through our website, phone, email or written correspondence;
  • – Through your membership in trade or professional associations;
  • – When handling third party claims, including the other party to the claim (claim-ant/defendant), witnesses, experts (including medical experts), loss adjusters, lawyers and claims handlers;
  • – Other insurance market players;
  • – Associated Companies;
  • – Anti-fraud databases and other third-party databases, including sanctions lists;
  • – Government agencies, such as vehicle registration authorities and tax authorities;
  • – Public accessible information such as electoral registers and registry of companies;
  • – Business information & research tools.

How will this information be used?

We will use your personal data to provide you with products and services. Relevant data will be shared by Assikura with Insurers or other brokers for the purpose of obtaining insurance quotations and during the course of the insurance contract, to other insurers or to persons acting on their behalf and/or instructions, the Malta Association of Insurance Brokers, banks for payment purposes and other appointed experts where such sharing is required for any of the purposes listed above, together with the Commissioner of Police or any person, body or authority authorised by law to receive personal data and sensitive data

As part of this, we may use your personal data in the course of correspondence relating to the products or services.  In addition, the purpose for obtaining the information will include:

  • – The proper performance of your and/or others’ contract of insurance or the information requested by you for quotation purposes;
  • – The performance or conclusion of a contract concluded or to be concluded in your and/or Others’ interest between Assikura and a third party;
  • – Collection of premiums, handling and settling of claims and compliance with legal obligations to which Assikura is subject to;
  • – The establishing, exercising or defending of any legal claims arising;
  • – Keeping of statistics, market research and analysis, and internal management and other related activities;
  • – Risk Consultancy Services;
  • – The exchange of information for the prevention, suppression and detection of insurance fraud, and the protection and promotion of Assikura’s legitimate interests and the proper conduct of its business;
  • – Direct marketing of Assikura’s services and offers being promoted by Assikura or its associated/affiliated companies.

How will this information be shared?

We will ensure that your personal data is processed in a manner that is compatible with the purposes indicated above.

For the stated purposes, your personal data may be shared with and processed where applicable by:

  • – the insurance principals;
  • – the policy holder (for a corporate policy); and/or
  • – Any other brokers, agent or insurance intermediaries.

This may also include appointed consultants and experts such as motor surveyors, private investigators, lawyers, loss adjustors, medical doctors and other service companies to assist in the insurance process. Your information may be disclosed when we believe in good faith that the disclosure is required:

  • – by law;
  • – to protect the safety of our employees, the public or Assikura property;
  • – to comply with a judicial proceeding, court order or legal process;
  • – in the event of a merger, asset sale, or other related transaction;
  • – for the prevention or detection of crime (including fraud);
  • – as part of the insurance process

In order to prevent and detect fraud we may share your information with regulatory bodies in Malta or if applicable, overseas, as well as with insurance companies other than your principal (directly or via shared databases such as the Malta Insurance Fraud Platform), public bodies including the Police and other organisations and may undertake credit or fraud searches with relevant agencies.

Handling of sensitive information

For us to provide you with a holistic service, we may require personal sensitive information such as Bank account details, payment card details, income and other information pertaining to financial personal data.

In addition, for certain insurance policies, such as Health or Life Insurance policies, we require to collect personal sensitive information. This could be in the form of medical or health data, existing or former physical/mental medical conditions, medical procedures history, personal habits relevant to insurance (including smoking, consumption of alcohol, amongst others), disability information, prescription information and medical history.

Sensitive Personal Information requires higher levels of protection. We will not use Personal Information for any other purpose incompatible with the purposes described in this Privacy Statement.

How do we secure your information?

The security of your information is very important for us. We have implemented a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information whilst within our control. We also adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal information, transaction information and data obtained and stored through our website.

Assikura also restricts access to Personal Data to personnel and third parties that require access to such information for legitimate, relevant business purposes only.

Where will my information be processed?

Your information may be processed both inside and outside of the European Economic Area (EEA) by the parties specified above, subject always to contractual restrictions regarding confidentiality and security in line with applicable data protection laws and regulations. We will not disclose your personal data to parties who are not authorised to process them.

On what basis are we collecting your personal information?

All processing of your personal information is justified by a “lawful basis” for processing. In the majority of cases, processing will be justified on the basis that processing is:

  • – necessary for the performance of a contract to which you are a party, or to take steps to enter into a contract (i.e. provide you with a quotation);
  • – necessary for us to comply with a relevant legal obligation (e.g. where we are required to make disclosures to courts or regulators); or
  • – in our legitimate commercial interests, subject to your interests and fundamental rights (e.g. where we use personal information provided to us by our clients to deliver our services, and that processing is not necessary in relation to a contract to which you are a party).

In limited circumstances, we will use your consent as the basis for processing your personal information, for example, where we are required to obtain your prior consent in order to send you marketing communications.

Before collecting and/or using any special categories of data, or criminal record data, we will establish a lawful exemption which will allow us to use that information. This exemption will typically be:

  • – your explicit consent;
  • – the establishment, exercise or defence by us or third parties of legal claims; or
  • – a context specific exemption provided for under local laws of EU Member States and other countries implementing the GDPR, such as in relation to the processing of special category data for insurance purposes, or for determining benefits under an occupational pension scheme.

Any data collection that is optional would be made clear at the point of collection.

What if you choose not to give personal information?

If you choose not to give us this personal information (where we have a legal basis to collect it), or decide to withdraw your consent, it may delay or prevent us from providing you with our products or services.

For how long is your data retained?

Our retention periods for Personal Data are based on commercial, tax and legal requirements. These vary depending on the type of service, policy and individual circumstances. Such retention period under normal circumstances is that of 10 years. No Data will be maintained other than to fulfil its purpose unless a longer retention period is required or permitted by law. In the scenario that Personal Data is no longer required, Assikura either irreversibly anonymizes the data or entirely deletes such data.

What cookies do we use and why?

A cookie is a piece of information contained in a very small text file that is stored in your Internet browser or elsewhere on your hard drive. Cookies allow a website to identify a user’s device whenever that user returns to the website and are commonly used in order to make websites work more efficiently and enrich the user experience, as well as to provide information to the owners of the site. We only use cookies that are vital for the running of our services on our websites. Without the use of these cookies, parts of our websites would not function.

We do not use our cookies to deliver any targeted advertising or for use through any third party services such as Google analytics.

What are my rights?

You have various rights in relation to your personal data. In particular, you have a right to:

  • – obtain confirmation that we are processing your personal data and request a copy of the personal data we hold about you
  • – ask that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete
  • – ask that we delete personal data that we hold about you, or restrict the way in which we use such personal data
  • – withdraw consent to our processing of your personal data (to the extent such processing is based on consent)
  • – receive a copy of the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit such personal data to another party (to the extent the processing is based on consent or a contract)
  • – object to our processing of your personal data.

To exercise any of your rights, or if you have any other questions about our use of your personal data, please email us on dataprotection@assikura.com or write to us at the address below:

Assikura Insurance Brokers PCC Limited

Old Railway track
Santa Venera
SVR9017

You may also use these contact details if you wish to make a complaint to us relating to your privacy.

It is important that you include your name, email address and purpose of your request when contacting us. Please note, however, that certain Personal Information and Sensitive Personal Information may be exempt from such access, correction and erasure requests pursuant to applicable data protection laws or other laws and regulations.

Right to complain

If you are unhappy with the way we have handled your personal data or any privacy query or request that you have raised with us, you have a right to complain to the Office of the Information and Data Protection Commissioner. Find out on the IDPC website how to send a complaint.

Changes to this privacy statement

We may modify or amend this privacy statement from time to time.

To let you know when we make changes to this privacy statement, we will amend the revision date at the top of this page. The new modified or amended privacy statement will apply from that revision date. Therefore, we encourage you to periodically review this statement to be informed about how we are protecting your information.