GENERALI OSIGURANJE SRBIJA a.d.o. (hereinafter: the Company) collects personal data when handling requests for payment of a claim/indemnity/sum insured:
- from the insured/beneficiary and/or the claimant in the claim filing procedure or based on subsequent request if additional medical and other documentation is needed for claims handling;
- from third parties cooperating with the Company in the claim settlement process;
- from healthcare facilities with which it has entered into a service contract (where the medical service was provided to the insured person/beneficiary and/or the claimant);
- from the Association of Serbian Insurers, the Ministry of Internal Affairs, and other record-keeping authorities.
Purpose of processing, legal basis, and retention period
- The Company processes all personal data of the insured/beneficiary and/or the claimant in order to comply with its obligations under the insurance contract. This data processing is carried out based on the insurance contract. Without collecting and processing the personal data of the insured/beneficiary and/or the claimant the Company cannot execute the contract. The data processed for this purpose are retained for a period of 10 years after the loss is determined or the amounts under the insurance contract are paid.
- The Company processes the health information of the insured/beneficiary and/or claimant in order to execute an insurance contract. This data processing is carried out based on the consent of the insured/beneficiary and/or claimant. Without collecting and processing these data the Company cannot execute the contract. The data processed for this purpose are retained, in compliance with the law, throughout the insurance contract period, and for a period of 10 years after the expiry of the insurance contract.
- When handling life insurance claims the Company processes all personal data of the insured/beneficiary for the purpose of complying with the legal obligations under the Law on the Prevention of Money Laundering and Financing of Terrorism and the Foreign Account Tax Compliance Act (FATCA). The data processed for this purpose are retained, in compliance with the regulations, for a period of 10 years.
- The Company processes the applicant’s personal data (first name, last name, email, and telephone number), in order to contact, send insurance products offers and notifications. This data processing is carried out based on the applicant’s consent. The data processed for this purpose are retained for five years, or until the withdrawal of consent.
- The Company processes the applicant’s personal data (first name, last name, email, and telephone number), for the purpose of a customer satisfaction survey regarding the insurance contract execution. This data processing is carried out based on the Company’s legitimate interest to improve insurance products by better understanding its customers’ needs. The data processed for this purpose are retained until the requirement is met, and for a period not longer than one year.
- The Company processes all the personal data of the insured/beneficiary for statistical purposes, in order to conduct a risk assessment at the time of renewal or conclusion of future insurance contracts, implement actuarial rules, and detect and prevent insurance fraud. This data processing is carried out based on the Company’s legitimate interest to improve insurance products. The data processed for this purpose are retained for a period of 10 years after the loss is determined or the amounts under the insurance contract are paid.
Data access and portability
The Company shares all personal data with healthcare facilities with which it has entered into a service contract, with third parties with which it has entered into a business cooperation agreement (who provide medical opinion and arrange medical treatment of the insured person abroad), with the reinsurer or co-insurer in order to meet contractual obligations, with members of the Generali Group, third parties cooperating with the Company in the claim settlement process and with third parties who must have access to such data under the law (the National Bank of Serbia, Administration for the Prevention of Money Laundering, and other authorities, external auditors, courts, etc.)
Transfer of data to another country, to the members of the Generali Group and other external partners, is carried out in accordance with provisions of the Law on Personal Data Protection.
Data Security
The Company stores all the data it processes in digital format and in hard copy. All the data are treated as confidential by the Company and all technical and organizational protection measures available, in compliance with the law and its internal regulations, are applied. Also, the Company holds an ISO27001 certificate which regulates the protection of information available to and obtained by the Company in its business operations.
Data processing rights
The insured/beneficiary and/or the claimant has all the legal rights regarding personal data processing: the right to access, rectify, and erase personal data, the right to restrict data processing, to object, and to transfer the data. If the applicant has given consent to personal data processing, they can withdraw the consent at any time, under the Law on Personal Data Protection. Withdrawal of consent shall not affect the permission to process data based on consent prior to withdrawal.
If they believe that the personal data processing was carried out against the Law on Personal Data Protection, the insured/beneficiary and/or the claimant has the right to file a complaint to the Commissioner for Information of Public Importance and Personal Data Protection.
Contact
If you have any questions about your rights related to personal data processing, or if you have information or concerns about data breach, please contact us:
- Contact center: 011 222 0 555
- e-mail: dpo@generali.rs
- address: GENERALI OSIGURANJE SRBIJA a.d.o., Vladimira Popovića 8, 11070 Novi Beograd.