Brandenburg Marine and General Data Protection Regulation (GDPR)

PRIVACY NOTICE  

At Brandenburg Marine Insurance Brokers Ltd. we strongly believe in protecting the privacy and personal data of our clients. This Privacy Notice (Notice) is intended to inform you of the ways we collect, use and protect any personal data you provide us.

Introduction – What is GDPR?

GDPR is a regulation by the European Parliament (Regulation (EU) 2016/679) that comes into force on 25th May 2018 and replaces the existing Data Protection Act. GDPR lays down a set of rules on the protection of individuals within the European Economic Area (EEA) with regard to the processing of their personal data and with intention of protecting their fundamental rights and freedoms. Further information on the GDPR may be found at the Data Protection Commissioner’s Website.

Useful Terms & Definitions

Personal Data

Personal data relates to a living natural person who can be identified directly or indirectly by the use of any information related to them. The identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.
Unless expressly stated otherwise, all terms used in this Notice are in consistency with the GDPR, full version of which you can access
here.

Where Brandenburg Marine stands with regard to GDPR?

Brandenburg Marine is an organisation based within the EU, which, according to the GDPR, is a controller of the data collected with regards to its employees and a processor in connection with the services provided under the relevant engagement with the clients. Brandenburg Marine determines the purposes and means of processing personal data, has implemented technical and organisational measures to ensure and demonstrate compliance with the GDPR and collects, organises and stores them lawfully as per Art. 5 and 6 of the GDPR.

How we process your data? (Art 5, 6)

Brandenburg Marine complies with its obligations under the GDPR by:

  • Processing personal data lawfully, fairly and in a transparent manner in relation to the data subject. (lawfulness, fairness and transparency);

We rely on legal grounds (Art 6, 9) to justify how, what, when, why and where we deal with your personal data. The legal basis of this is either performance of the contract concluded between Brandenburg Marine and you or, compliance with our legal obligation and / or legitimate interests. We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced. A legitimate interest is when we have a business or commercial reason to use your information.

Any other personal data that do not fall within the above legal grounds, we collect only by use of consent forms that require an explicit opt-in / so-called positive action from you. You have a right to withdraw your consent to our processing at any time. However, doing so may prevent us from continuing to provide our services for this further purpose.

  • Collecting data for specified, explicit and legitimate purposes and not processing it further in a manner that is incompatible with those purposes. (purpose limitation);

 The purposes for collecting your data are identified under clause “Why do we collect this information?”.

  •  Collecting and processing personal data that is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

 We collect, use, disclose and otherwise process Personal Data that is necessary for the purposes identified in this Notice or as permitted by law. If we require Personal Data for a purpose inconsistent with the purposes we have identified in this Notice, we will notify clients of the new purpose and, where required, seek individuals’ consent (or ask other parties to do so on our behalf) to process personal data for the new purposes (data minimisation). 

  • Keeping the accurate, necessary and up to date personal data; taking every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay. (accuracy
  • Keeping personal data in a form which permits identification of the data subjects for no longer than it is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in accordance with this Notice. (storage limitation
  • Processing personal data in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing against accidental loss, destruction or damage, using appropriate technical or organizational measures. (integrity and confidentiality
  • Demonstrating compliance with all of the above. (accountability)

The personal data are collected by:

  • Telephone, email or written correspondence with you or proposal / application forms, voluntarily completed by you
  • Your employees
  • In the event of an insurance claim,from third parties including claimant, relevant underwriter and their appointed local correspondents and surveyors, witnesses, experts (including medical experts), loss adjusters and lawyers
  • Other insurance market participants, such as insurance intermediaries
  • Publicly available databases, such as company registries
  • Government bodies or agencies, such as tax authorities.

What information we collect from you?

We may collect and process the following Personal Data:

Individual Details: Name, address, other contact details (email and telephone details)

Identification Details: Identification number issued by relevant government bodies or agencies, social security or national insurance number, passport number, ID number, tax identification number

Financial Information: Bank account number and account details or other financial information

Insured Risk and Insurance Claims:  Information about the insured risk, which contains personal data and may include, only to the extent relevant to the risk being insured:

  • Health data: Current or former physical or mental medical conditions, health status, injury or disability information, medical procedures performed, relevant personal habits (e.g., smoking or consumption of alcohol), prescription information, medical history;
  • Criminal records data: Criminal convictions, including driving offences; and
  • Other special sategories of personal data: Racial or ethnic origin, biometric data.

Credit and Anti-fraud Data: Credit history and credit score, information about fraud convictions, allegations of crimes and sanctions details received from various anti-fraud and sanctions databases, or regulators or law enforcement agencies.

Previous Insurance Claims: Information about previous insurance claims, which may include health data, criminal records, and other special categories of personal data.

Current Insurance Claims: Information about current insurance claims, which may include health data, criminal records data, and other special categories of personal data.

Why do we collect this information?

The information we collect about you may be used in a number of ways, for instance:

  • To negotiate, arrange and administer insurance quotations, policies and insurance claims on behalf of the Assured
  • To communicate with you with regards to survey requirements / arrangements, claims, and all issues with regards to your insurance policies
  • To make relevant debit / credit arrangements
  • To send you Loss Prevention Circulars
  • For fraud and money laundering prevention under Prevention and Suppression of Money Laundering Activities Law N. 188 (I)/2007 as it has been amended.

Where you provide us with personal data of a person other than yourself, you agree to notify them of our use of their personal data and to obtain their consent thereto for us.

Who may we share your personal data with?                                                                  

Your personal data will be treated as strictly confidential and will be shared only with third parties such as: underwriters, correspondents, adjusters, surveyors, lawyers, agents and any other party which you / your underwriter specifically instruct us to engage with, or it is essential to do so for the scope of our services.

As already stated above, Brandenburg Marine, as an intermediary party, is only a processor in connection with the services provided under the relevant engagement with you. Therefore, when transferring data outside European Economic Area (EEA), you, as controller, are responsible to ensure that an adequate level of protection is in place to protect your personal information, such as that a privacy law is in place that requires the same level of protection as the GDPR within the EEA, or that legal grounds justifying such transfer are in place, such as contractual clauses, or other legal grounds permitted by legal requirements.

Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections as EEA data protection laws.

How long do we keep your personal data?

Personal data relevant to tax are kept for a period of 6 years after the completion of the entries or deeds written according to Section 43 and the Tenth Schedule of the Cyprus VAT Law, unless the VAT Commissioner, by relevant notification determines otherwise. The books and records are kept at the premises of Brandenburg Marine. Any other personal data are kept for 5 years according to the Prevention and Suppression of Money Laundering Activities Law N. 188 (I)/2007 as it has been amended. We keep these data for legal and regulatory reasons.

We only retain your data for processing purposes for which the information was collected, and any other permissible, related purpose. For instance, we may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data. When Personal Data is no longer needed, we either irreversibly anonymise the data (and we may further retain and use the anonymised information) or securely destroy the data.

Your rights regarding your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which we hold. In case you would like a copy of some or all personal data we hold, please email us and we will provide this service without charge;
  • The right to request us to correct any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data to be erased provided that it is no longer necessary for us to retain such data according to this Notice;
  • The right to withdraw your consent for us to hold, process or transfer your personal data where consent has been provided;
  • The right to request, where possible, to transmit that data directly to another data controller (right to data portability);
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction to be placed on further processing;
  • The rights to object to the processing of personal data, only where processing is based on the performance of a task in the public interest / exercise of official authority, legitimate interests of the controller or a third party, direct marketing;
  • The right to lodge a complaint with the Office of Commissioner for Personal Data in Cyprus.

Actions taken by Brandenburg Marine to secure you data

We have in place physical, electronic, and procedural safeguards appropriate to the sensitivity of the information we maintain. These safeguards will vary depending on the sensitivity, format, location, amount, distribution and storage of the personal data, and include measures designed to keep Personal Data protected from unauthorized access. If appropriate, the safeguards include the encryption of communications via SSL, encryption of information during storage, firewalls, access controls, separation of duties, and similar security protocols. We restrict access to Personal Data to personnel and third parties that require access to such information for legitimate, relevant business purposes.

Changes to our Notice?

We keep our notice under regular review and we will place any updates on this web page. It is subject to change at any time and any changes we make become effective immediately when we post the revised Notice on this site. We recommend that you review this Notice regularly for changes.

How to contact us?

We have designated a Data Protection Officer (DPO), who is responsible to monitor compliance with this privacy policy as well as the applicable Laws and liaise with the Cyprus Supervisory Authority, namely the Office of the Commissioner for Personal Data Protection. If you have any questions, concerns or complaints about this Notice, or our privacy practices in general, please contact our DPO directly with regards to all matters concerning this policy and the processing of your personal data including the enforcement of all applicable and available rights.

If you choose to contact us by post, please use the below address:

Brandenburg Marine Insurance Brokers Ltd
9, Constantinou Paparigopoulou Str.
Frema House, Office M02
3106 Limassol, Cyprus

Mailing address:
P.O. Box 58242
3732 Limassol
Cyprus