Insurance Company “Kentriki” Ltd (henceforth the “Company”) is a professional insurance Company operating in all cities and towns of Cyprus since 1985 with their headquarters located at Klimentos 33, Kentriki Tower, 1061 Nicosia, Cyprus. The primary purpose of the Company is to fulfill its obligations under the Regulation and take all necessary measures to protect the privacy and confidentiality of personal data it collects and processes in relation to the services provided to its clients. The Company is the Data Controller in respect of the personal data it collects and processes and in connection with the service provided under the relevant engagement with its clients.
1. What types of personal data we process
Our Company’s Policy governs the collection and processing of your data in accordance with the services we provide or we will provide. Below is a detailed list of personal data we may process for the purpose of providing insurance services. We collect and process from you the following types of personal data depending the type of insurance we will provide you:
• Individual details: name, surname, address, email, post address, work phone, home phone,
mobile phone, job title, marital status, siblings/dependents.
• Identification details: ID/Passport No., date of birth and citizenship.
• Property details: information related to your vehicle, yacht or property such as driving
license and registration number of the vehicle/yacht, past insurance or claims and other
information about your claim and/or your participation in the event/accident that created
the claim or information about other people/third parties who participated/involved in the
event/accident which created the claim.
• Insured risk: information about the insured risk, which contains Personal Data and may
include, only to the extent relevant to the risk being insured:
– Health data: medical statements, medical examinations, medical certificates, personal
doctor report, independent medical examinations, medical history and family medical
history, death certificate, birth certificate, medical record with cause of death, details
of the property administrator of the decease and additional medical certificates obtained
– Criminal records data: information regarding past convictions or pending legal
proceedings against you.
– Anti-Fraud data: information about fraud convictions and information about
sanctions from various databases.
•Financial/Banking information: pay slip, monthly income, commission/fee, invoices,
IBAN, income tax return, bank account number, credit card number, information about
your house and other property within it, mortgages or property charges.
•Guarantors’ information: name, surname, address, ID/Passport number and phone number.
•Communication usage: information you provide during a telephone correspondence with the Company.
•Information about insurance intermediary: registration certificate of insurance intermediary, production level, payment of commissions, apolytirion/degree/diploma, certificate of non-bankruptcy, curriculum vitae, details of guarantors.
2. Sources of Personal Data
Our Company, depending on the service it intends to provide, collects personal information from
various sources as follows:
• Individuals and their family members, online, face to face, or by telephone, or in written
• Individuals’ employers.
• In the event of a claim, third parties including the other party to the claim such as
claimant/defendant, witnesses, experts, lawyers and claim handlers.
• Other insurance market participants, such as insurers, reinsurers and other intermediaries.
• From databases including sanctions lists.
• Government Agencies, such as vehicle registration authorities and tax authorities.
• Claim forms.
• Publicly available information.
• Forms on our website and your interactions with our website (please also see our Cookies
3. How we Use and Disclose your Personal Data
In this section, we set out the purposes for which we collect and process personal data of our clients
and we explain how we share your personal data to this parties.
We inform you that your personal data may be processed from the employees of our Company,
associates or insurance agents for the following purposes:
|Purpose of Processing||Legal Grounds||Disclosures|
|Establishing a client relationship, including communicating with the client.||Performance of contract with the client.||Insurers
|Collection or refunding of premiums, paying on claims, processing and facilitating other payments.||(a) Performance of contract with the client. (b) Legitimate interests of the Company for debt recovery.||Insurers
Debt recovery providers
|Managing insurance claims.||(a) Performance of contract with the client. (b) Legitimate interests of the Company for debt recovery. (c) Public interest.||Insurers
Experts Third parties e.g. doctors, witnesses.
|Defending or prosecuting legal claims either of our Company or our clients.||(a) Performance of contract with the client. (b) Legitimate interests of the Company for customer service (c) To establish, defend or prosecute legal claims.||Insurers
Experts Third parties e.g. doctors, witnesses.
|Investigating and prosecuting fraud or possible criminal offences.||(a) Performance of contract with the client.
(b) Legitimate interests of the Company for the prevention and detection of fraud and other criminal offences.
(c) To establish, defend or prosecute legal claims.
(d) Public interest.
Third parties e.g. people related to the fraud or the investigation of the offence.
|Renewal of insurance agreements.||(a) Performance of contract with the client.
(b) Legitimate interests of the Company to facilitate the continuation of insurance cover.
|Processing of sensitive personal data||Consent||–|
|Complying with our regulatory obligations||(a) Compliance with a legal obligation.
(β) To establish, defend or prosecute legal claims.
|Communication with clients||s (a) Performance of contract with the client.
(b) Legitimate interests of the Company for customer service or the service of a potential client and the provisions of consultancy services.
|Risk evaluation||(a) Performance of contract with the client.
(b) Legitimate interests of the Company for claims coverage.
4. Retention of Personal Data
Our Company collects and processes personal data which are important for the purposes indicated herein.
In case we need personal data for purpose other than for the initial purpose of processing, our Company owes to inform the client accordingly. The retention period for personal data is based on the business needs and legal requirements of our Company. Specifically, we retain personal data for as long as is necessary for the conclusion of our insurance contract unless other legal or regulatory obligations of our Company require additional retention of your personal data. At the end of the personal data retention period, our Company follows the appropriate data destruction procedure along with the necessary security measures.
If you would like to know whether we hold any personal data about you and/or which data we
hold, you can exercise your right of access and obtain a copy of your data.
5. Your Rights
The Regulation defines your rights in regards to your personal data. Our Company has developed
procedures with which it can address the following enquiries:
Right to Access: You have the right to obtain access to the personal data held about you by the
Company by receiving an electronic copy from our records.
Right to Rectification: You have the right to submit an enquiry to the Company for the
rectification of incorrect, inaccurate or incomplete personal data.
Right to be forgotten: You have the right to submit an enquiry to the Company for the erasure of
personal data when those are not any longer necessary or when the processing is illegal.
Right to Restriction: You have the right to submit an enquiry for restriction of the processing of
your personal data which might be effected under specific circumstances.
Right to Object: You have the right to object to the processing of your personal data unless the
Company proves a legitimate interest or whereas data are required for a legal claim.
Right to Data Portability: You have the right to receive your personal data in a structured,
commonly used and machine-readable format and send them to another Data Controller.
Right not to be subject to solely automated decisions: You have the right to submit an enquiry
so that decisions based on automated processing concerning you or significantly affecting you and
based on your personal data, are made by natural persons, not only by computers. You also have
the right in this case to express your point of view and to contest the decision.
To exercise your rights or in case you require further information about your rights, please contact
the Data Protection Officer of Insurance Company “Kentriki” Ltd, Ms. Andria Georgiou via email:
In the event that you wish to complain about how we have handled your personal data, please
contact our Data Protection Officer. Our Data Protection Officer will then look into your complaint
and work with you to resolve the matter.
If you still feel that your personal data has not been handled appropriately according to the law,
you have the right to file a complaint by contacting Commissioner’s Office of Personal Data
Protection in Cyprus:
Office of the Commissioner for Personal Data Protection
1 Iasonos, 2nd Floor,
P.O. Box 23378, 1682 Nicosia,
Tel: +357 22818456
Fax: +357 22304565
6. Changes to our Policy