- Provides an overview of how we collect and process your personal data and explains your rights under the local data protection law and the EU General Data Protection Regulation (“GDPR”).
- Is directed to natural persons who are either current or potential customers or are authorised representatives / agents or beneficial owners of legal entities or of natural persons which/who are current or potential customers of us.
- Is directed to natural persons who had such a business relationship with us in the past,
- Contains information about how we collect data, use and process your personal data, when we share your personal data with other associates of ours and other third parties (ie, service providers).
In this privacy statement, your data is sometimes called “personal data” or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal data or any such action as “processing” such personal data.
For the purposes of this statement, personal data shall mean any information relating to you which identifies or may identify you and which includes, for example, your name, address, identification number.
Who we are
Prodromou & Makriyiannis Insurance Underwriting Agencies & Consultants Ltd with registration number 6188 with head offices at The Riverside Forum, Ground Floor, 2A Ioanninon & Cheilonos Streets, 1101 Nicosia, P.O.Box 25045, 1306, Nicosia. Within the context of this policy, Prodromou & Makriyiannis means Prodromou & Makriyiannis Insurance Underwriting Agencies & Consultants Ltd and/or any of its affiliates, subsidiaries or associated entities including but not limited to Insurers and Underwriters. For more information concerning Prodromou & Makriyiannis please visit www.pminsurancebrokers.com.
Entities of Prodromou & Makriyiannis Insurance Underwriting Agencies & Consultants Ltd
Prodromou & Makriyiannis Insurance Underwriting Agencies & Consultants represent a number of global insurance and broking firms.
Prodromou & Makriyiannis Insurance Underwriting Agencies & Consultants Limited, The Riverside Forum, Ground Floor, 2A Ioanninon & Cheilonos Streets, 1101 Nicosia, Cyprus.
Tel +357 22 76 10 10
Paphos Branch, Status Insurance Services, a Trade brand of Prodromou & Makriyiannis Insurance Underwriting Agencies & Consultants Limited, Office No.2, No.74 Apostolou Pavlou Avenue 8046 Paphos, Cyprus.
Tel +357 26 930317
London Branch – UK 8-11 Crescent, London EC3N 2LY
Tel: +44 (0) 207 480 1098
Privacy Notice accessible at www.pminsurancebrokers.com/privacy-policy
Besso Limited, 8-11 Crescent, London EC3N 2LY, UK
Tel +44 (0)207 480 1000; www.besso.co.uk
Privacy Notice accessible at www.besso.co.uk/web/privacy-notice
Xact Risk Solutions Ltd, 3rd Floor, 6 Lloyd’s Avenue, London EC3N 3AX
Tel +44 (0)203 897 8180
Privacy Notice accessible at http://www.xactrisk.com/data-protection.html
All Seasons Underwriting Insurance Brokers Ltd, Peek House, 1st Floor, 20 Eastcheap, London EC3M 1EB
Tel +44 (0) 207 481 2399
Canopius Services Ltd, Gallery 9, One Lime Street, London EC3M 7HA, UK
Tel. +44(0) 207337 3700
Privacy Notice accessible at www.canopius.com/privacy/privacy-notice/
Axis Syndicates Limited, 21 Lombard Street, London, EC3V 9AH, UK
Tel. +44 (0) 20 7877 3800; www.novae.com
Privacy Notice accessible at www.novae.com/cookies-and-privacy
Chaucer Syndicates Limited, 30 Fenchurch St, London EC3M 3AD, UK
Tel. +44 (0) 20 7397 9700; www.chaucerplc.com
Privacy Notice accessible at www.chaucerplc.com/privacy-cookie-policy
Argenta Syndicate Management Limited, 5th Floor, 70 Gracechurch Street, London EC3V 0XL, UK
Tel. +44 (0)20 7825 7200; www.argentagroup.com/argenta-holdings-limited
Privacy Notice accessible at www.argentagroup.com/argenta-holdings-limited
Atrium Underwriters Limited, Lloyd’s Building, 1 Lime Street, London, EC3M 7DQ, UK
Tel. +44 (0) 207 327 4877; www.atrium-uw.com
Privacy Notice accessible at www.atrium-uw.com
MS Amlin Underwriting Ltd, The Leadenhall Building, 122 Leadenhall Street, London EC3V 4AG
Privacy Notice accessible at https://www.msamlin.com/en/site-services/data-privacy-notice.html
Tel. +44 (0)20 7746 1000
Willis Towers Watson plc, 51 Lime Street, London, EC3M
Privacy Notice accessible at https://www.willistowerswatson.com/en/global-website-privacy-notice
Tel. London: +44 20 3124 6000 New York:+1 212 915 8888
LUMEN Insurance (GasanMamo Insurance Ltd), Msida Road, Gzira, GZR1405
Tel +356 21 345 123
Privacy Notice accessible at https://www.gasanmamo.com/company/legal/privacy-policy/
What type of Personal Data we process
Personal Data under the General Data Protection Regulation (GDPR) 2016/679 of the European Union is defined as any information relating to an identified or identifiable natural person (‘data subject’) who, in turn, is defined as one who can be distinguished by reference to an identifier such as a name, an identification number, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
The types of personal data we collect about you depends upon your relationship with Prodromou & Makriyiannis Insurance Underwriting Agencies & Consultants Ltd.
If you are an Insured Person or Potential Insured, we collect personal data of the policyholder, prospective insured and related individuals in order to determine eligibility for underwrite and administer insurance policies. In some instances, we may need to collect sensitive personal data, such as information about you medical or criminal history.
If you are a claimant making a claim under a Prodromou & Makriyiannis Insurance Underwriting Agencies & Consultants Ltd policy, we may need to collect your contact information, as well as information about our claim and previous claims. We may also need to collect sensitive personal information, depending on the nature of your claim.
If you are a business partner, we will collect your business contact details.
We collect and process different types of personal data which we receive from our customers – both potential and existing – in person or via their representative or via our alternative channels of communication (website), in the context of our business relationship.
We may also collect and process personal data which we lawfully obtain from public authorities and companies that process card payments such as JCC Payments Systems Ltd. Furthermore, we may also lawfully collect and process data from publicly available sources (eg the Department of Registrar of Companies, the press, media and the Internet).
The personal data which we collect may include:
- Basic personal details such as your name, address, email address, telephone number, date of birth, gender, marital status, family information, employment status, employment information, income, identification data, place of birth, photograph, signature
Depending from the service we provide to you (ie life insurance, property insurance, motor insurance etc), additional personal data may be requested, which may include:
- Additional information about your lifestyle and insurance requirements, such as details of your car, your home, your household, your health or your travel arrangements, emergency contact /details of any dependents, property ownership, IP address, driving license,
- Information about your other policies, such as claims and/or loss history, quotes history, payment history, claims data
- Sensitive personal information such as health/ medical information (also including alcohol consumption. Drug use, tobacco use, current or previous medication, current state of health, previous or existing conditions, family or personal history) or disclosures unspent criminal convictions, criminal history
- Financial information: banking information/ credit history, Tax ID
- Any other information you may choose to tell us about.
For payment services, either for standing orders or direct debit set up the below personal data may be requested:
Personal data relative to the order data (eg. payment and transfer orders) and personal data arising from the performance of our contractual obligations.
How do we collect Personal Data from
We may receive personal information about you, when you contact Prodromou & Makriyiannis or an insurance intermediary for example by doing any of the following:
- Requesting or obtaining a quote for one of our products from us or an insurance intermediary
- Purchase a product from us
- Telephoning, texting, writing by post or email, or when you visit our offices or intermediaries / agents.
- Making a claim
If you are insured or potential insured, we collect information from you or your representative through the policy application process. We may also collect information about you from your family members or employer, credit reference agencies, anti-fraud databases, due diligence, sanctions list, and relevant government agencies, including public registers or databases as well as credit reference organisations, other insurers or insurance intermediary.
To ensure we have the necessary facts to assess your insurance risk, verify your identity, to help prevent, detect and suppress fraud and to provide you with the best premium options, we may obtain information relating to you from third parties at quotation inception and renewal and in certain circumstances where policy amendments are requested or at claims stage.
In case we obtain information about you from medical professionals, we will seek your permission to contact these people for your information.
If you are a claimant, we will collect information about you when you notify us of a claim, or if the claims are made by someone with a close relationship to you or who otherwise has authority to make a claim on your behalf. We may also collect personal information about you from others who are involved in the claim, including lawyers, witnesses, other insurers or insurance intermediary, experts and adjusters. Finally, we may consult other public sources to validate the claim or protect against fraud or other financial crime.
If you are a business partner, we will collect information about you when you or your company provides that information to us as part of the business relationship.
Personal information about others
we may collect information about other members of your household or family or individuals to be covered under a polcy, for example, family members who may drive your car or persons who may be included on a travel or health insurance policy or who may be beneficiaries under a policy.
If you give us information about another person, it is your responsibility to ensure and confirm that:
- To make them aware of any terms and conditions contained in the relevant insurance policy.
Whether you have an obligation to provide us with your personal data.
In order to be in a position to proceed with a business relationship with you, you must provide your personal data to us which are necessary for the required commencement and execution of a business relationship and the performance of our contractual obligations. We are furthermore obligated to collect such personal data before we enter into a contract or a business relationship with you or the legal entity for which you are authorized representative/ agent / beneficial owner.
Kindly note that if you do not provide us with the required data, then we will not be allowed to commence or continue our business relationship either to you as an individual or as the authorized representative/ agent or beneficial owner of a legal entity.
Why we process your personal data and on what legal basis
As mentioned earlier we are committed to protecting your privacy and handling your data in an open and transparent manner and as such we process your personal data in accordance with the GDPR and the local data protection law for one or more of the following reasons:
A. For the performance of the contract.
The purpose of processing personal data depends on the requirements for each product or service and the contract terms and conditions provide more details of the relevant purposes.
We may collect your personal information for the following purposes:
If you are an insured or potential insured:
- Account setup, including background checks
- Evaluating risks to be covered
- Risk modelling and underwriting
- Customer service communications
- Payments to /from individuals
- Direct marketing
- Complying with legal or regulatory obligations.
If you are a claimant:
- Managing insurance or reinsurance claims
- Defending or prosecuting fraud
- Investigating or prosecuting fraud
- Complying with legal or regulatory obligations.
- Deal with complaints
If you are a business partner:
- Managing our business relationship with you.
B. For compliance with legal obligation.
Such obligations and requirements impose on us necessary personal data processing activities for credit checks, identity verification, compliance with court orders and loans, tax or other reporting obligations and anti-money laundering controls.
C. For the purposes of safeguarding legitimate interests
We can process personal data so as to safeguard the legitimate interests pursued by us or by a third part. A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. Examples of such processing activities include:
- Initiating legal claims and preparing our defense in litigation procedures,
- Setting up CCTV systems
- Measures to manage business and for further developing products and services
D. You have provided your consent
Provided that you have given us your specific consent for processing (other than for the reason set out herein above) then the lawfulness of such processing is based on the consent. In the event that we need to collect and hold special category personal data, or else sensitive data, about you such as health information or criminal convictions and offences we always ask for your consent before taking such processing. You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.
To whom do we disclose your information collected
In the course of the performance of our contractual and statutory obligations your personal data may be provided to various departments within our company – claims department, underwriting department, finance department etc. Various service providers and suppliers may also receive your personal data so that we may perform our obligations – ie brokers, courier, loss adjusters, surveyors, lawyers, doctors, other insurers or reinsurers, regulators etc. Such service providers and suppliers enter into contractual agreements with us by which they observe confidentiality and data protection according to the data protection law and GDPR.
It must be noted that we may disclose data about you for any of the reasons set out hereinabove or if we are legally required to do so, or if we are authorized under our contractual and statutory obligations or if you have given your consent. All data processors appointed by us to process personal data on our behalf are bound by contract to comply with the GDPR provisions.
Under the circumstances referred to above, recipients of personal data may be, for example:
- Supervisory and other regulatory and public authorities
- Valuators, lawyers, surveyors and loss adjusters
- Third party administrators
- Other insurers or reinsurers
- Debt collection agencies
- External legal consultants
- Auditors, Accountants, Actuaries
- Marketing operations
- File storage companies, archiving and/or records management companies, cloud storage companies
- Companies who assist us with the effective provision of our services to you by offering technological expertise, solutions and support and facilitating payments
- Garages, Contractors, Engineers,
- Compulsory Insurance Databases
How do we protect your personal data
We will only use your personal information where we are satisfied that:
- Where required, you have provided your consent to use your data in the appropriate manner
- We must use your personal information to perform a contract ( ie. To manage your insurance policy with us)
- We have a legitimate interest as a business to use your personal data.
If you are required to collect sensitive personal data about you, we will make sure we have the right to do so. Typically, the right will arise from:
- Your explicit consent to collect and use the information
- An insurance-specific exemption provided by regulations enacted by specific EEA member states, permitting the collection and use of such sensitive personal information.
- Our need to establish, exercise or defend your legal rights as an insured or claimant, or the rights of Prodromou & Makriyiannis Insurance Underwriting Agencies & Consultants Ltd.
Transfer of your personal data to a third country or to an international organization
Your personal data may be transferred to third countries. Processors in third countries are obligated to comply with the European data protection standards and to provide appropriate safeguards in relation to the transfer of your data in accordance with GDPR Article 46.
Whenever it is necessary to transfer your personal information to our affiliates, agents or contractors located outside of the EEA, we will take appropriate steps to ensure that such transfer adequately protects your rights and interests.
We will only transfer your personal information to countries recognized as providing an adequate level of legal protection or where we are satisfied that protections are in place to properly protect your privacy rights.
Transfers to our service providers and business partners are protected by contractual agreements that also require an adequate level of data protection.
Your information may be transferred to third countries including outside of the EEA, for processing, storage, administration or any other use stated in this policy. The purposes and processing associated with any such transfer will comply with all applicable date protection regulations, including GDPR and with our obligation to adequately protect and secure your personal information. Where required under applicable laws we will take measures to ensure that personal information handled in other countries will receive at least the same level of protection as it is given in the EEA. By providing your personal information to Prodromou & Makriyiannis you consent to the transfer of your information as described above.
To what extent there is automated decision-making and whether profiling takes place
In establishing and carrying out a business relationship, we generally do not use any automated decision-making. We may process some of your data automatically, with the goal of assessing certain personal aspects (profiling), in order to enter into or perform a contract with you.
How we treat your personal data for marketing activities and whether profiling is used for such activities
We may process your personal data to tell you about products, and services that may be interest to you or your company.
We can only use your personal data to promote our products and services to you if we have your explicit consent to do so or, in certain cases, if we consider that it is in our legitimate interest to do so.
You have the right to object at any time to the processing of your personal data for marketing purposes, which includes profiling, by contacting at any time our DPO.
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible. We use regular Malware Scanning. We do not collect credit card information over the internet.
How long we keep your personal information for
We will keep your personal data for as long as is necessary to provide service to you under your policy, or for the purposes described above. Specifically, we will keep your information for so long as a claim may be brought under the policy, or where we are required to keep your personal information to satisfy legal or regulatory obligations.
In some cases, we may keep your personal information for longer periods of time, in order to maintain accurate records in the event of future complaints, challenges or litigation regarding your policy, claims or other issues that may arise.
Once our business relationship with you has ended, we may keep your data for up to ten (10) years in accordance with the directive of the Data Protection Commissioner. This may be extended if we cannot delete it for legal, regulatory or technical reasons.
In case the personal data refer to quotations not taken up by data subjects the retention period is 3 years.
Your data protection rights
One of the GDPR’s main objectives is to protect and clarify the rights of EU citizens and individuals in the EU with regards to data privacy. This means that you retain various rights in respect of your data, even once you have given it to us. You have the following rights in terms of how we collect and use your personal data we hold about you:
- Receive access to your personal data: This enables you to e.g. receive a copy of the personal data we hold about you and check that we are lawfully processing it. In order to receive such a copy, you can email us on firstname.lastname@example.org.
You may also: confirm whether we are collecting and using your personal information, obtain additional information about your personal information, including: what information we have, how we collect your information, how we use it, to whom we disclose it, whether we transfer it outside EEA, how long we keep it, your rights and how you can make a complain.
- Request correction (rectification): Of the personal data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
- Request erasure of your personal information: This enables you to ask us to erase your personal data – right to be forgotten- where there is no good reason for us continuing to process it, it is no longer needed for the purposes for which it was collected, you have withdrawn consent that you explicitly provided, it was unlawfully processed, you have an appropriate Right to Object.
Prodromou & Makriyiannis Insurance Underwriting Agencies & Consultants Ltd is not required to erase your personal data if continued collection and use of it is necessary: to comply with a legal obligation, to establish, exercise or defend legal claims of the company or our insureds
- Object of processing of your personal data: Where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.
- Request the restriction of processing: Of your personal data. This enables you to ask us to restrict the processing of your personal data and only use it for certain things, if , it is not accurate, it has been used unlawfully but you do not wish for us to delete it, it is not relevant any more, but you want us to keep it for use in possible claims and if you have already asked us to stop using your personal data but you are waiting from us to confirm if we have legitimate grounds to use your data.
- Request to receive a copy: of the personal data concerning you in a format that is structures and commonly used and transmit such data to other organisations and companies. You also have the right to have your personal data transmitted directly to ourselves to other organisations you will name – data portability.
- Withdraw the consent that you gave us: with regard to the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked you.
Please note: if you provide explicit consent to our collection of sensitive personal information, you may withdraw this consent to this collection and use at any time. However, your withdrawal of consent may prevent us from providing you with appropriate insurance services, and in certain circumstances it may not be possible for insurance coverage to continue. If you choose to withdraw your consent, we will inform you of the possible consequences and effects, including cancellation of your policy.
To exercise any of your rights, or if you have any other questions about our use of your personal data, please contact us email@example.com or visit us. We endeavor to address all of your requests promptly.
Right to lodge a complaint
If you have exercised any or all of your data protection rights and still feel that your concerns about how we use your personal data have not been adequately addressed by us, you have the right to complain to the supervisory authority.
How can you exercise your rights?
We take data protection very seriously and therefore we have dedicated personnel who handles your requests in relation to your rights stated above. You can always reach them at firstname.lastname@example.org.
Data Protection Officer:
We have appointed a Data Protection Officer to ensure that we continuously process your personal data in an open, accurate and legal manner. You can contact our Data Protection Officer at email@example.com.
Changes to this privacy statement
The General Data Protection Regulation (EU) 2016/679 shall apply from 25th May 2018. Until then, the Processing of Personal Data (Protection of Individuals) Laws 2001 till 2012 remain in force.
Please let us know if your information changes as it is important that the information we hold about you is up to date and accurate.
In case you have any questions or want more information about how we use your personal information, please contact our Data Protection Officer at our head offices.
How to contact us
Contact: Data Protection Officer
Address: The Riverside Forum, Ground Floor, 2A Ioanninon & Cheilonos Streets, 1101, Nicosia, Cyprus