Personal Data Protection Policy
Iordanidis Agency is committed to collecting and processing your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 of the European Parliament and the Council of April 27, 2016, regarding the protection of natural persons against the processing of personal data and the free movement of such data, as well as the repeal of Directive 95/46/EC (GDPR), Law 4624/2019 (Government Gazette 137/A’29.08.2019), and any derivative laws/opinions/decisions issued by the Personal Data Protection Authority and relevant legislation.
Categories of Personal Data We Process
Iordanidis Agency processes:
Personal Data (PD), such as identification details, contact data, payment data, insurance data necessary for the conclusion and management of the insurance contract, special category personal data (SCPD), such as information related to health (physical condition, disabilities, medical history, medication administration, etc.), financial/property status information, investment/savings objectives, data related to driving behavior in auto insurance, etc.
Personal data collected on our website depending on the visitor/user request. In addition to the above, this may include a CV if expressing interest in collaborating with the company. Depending on the submitted request, optional completion of some of the aforementioned details by the visitor/user may be required.
Interaction data with electronic services: IP address, Cookies, browser information, device data, etc., which do not directly identify you.
Where We Collect Personal Data From
We collect personal data:
-
Specifically for auto insurance, we collect data on accident history and key characteristics of insured vehicles from the Statistical Service of Insurance Companies (YSAE).
-
Through our authorized employees/associates (e.g., expert assessors).
-
Through contracted service providers (e.g., hospitals, diagnostic centers).
-
From visitors/users of our website, only when they voluntarily provide them for the processing of submitted electronic requests.
-
Within the framework of promotional activities for the marketing of our products, expressing interest in a specific insurance program (lead collection), and conducting prize draws or contests.
Purpose of Processing
Below, we describe all the ways in which we intend to use your personal data and the legal bases on which we rely for processing. We also describe our legitimate interests, where applicable.
If you wish to receive clarifications regarding the legal reason we rely on for processing your personal data, you may contact us.
If you are an insurance policyholder or insured individual, we collect and process your personal data:
A. i) To personalize the insurance product we propose to you, ii) To issue an insurance offer, iii) To conduct a pre-insurance check, assess the risk within the framework of an insurance contract, determine general and special terms, the corresponding premium, iv) To issue a green card on your behalf, v) To fulfill requests for modification/conversion/cancellation, redemption, insurance benefit (compensation, periodic payment/pension), and to generally manage your insurance contract, vi) To conclude an insurance contract, vii) To process and deliver your contract, including actions such as (a) managing premium payments (b) collecting and recovering amounts owed to us (c) refunding premiums, viii) To process your claim notification request, to request information about your satisfaction with our services, ix) To manage our relationship with you, including (a) informing you of changes to terms and conditions or the privacy statement, (b) requesting you to review or participate in a survey, x) To conduct an expert assessment following a claim notification. The legal basis in this case is the conclusion/performance of the insurance contract (Article 6(1)(b) of the GDPR).
B. i) For complaint management, ii) To administer and protect our business and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and data retention), iii) To ensure proper service to all our insured clients, optimize internal company processes, and prevent fraud against the company, iv) For the prevention and suppression of money laundering and terrorism financing, v) For the exchange of financial account information in the tax sector to combat tax evasion, vi) To fulfill requests from public/judicial authorities/independent authorities, insurance funds, or the supervisory authority (Department of Supervision of Private Insurance – DEIA of the Bank of Greece – BoG), and vii) To comply with court decisions and respond to public authority requests. The legal basis for this processing is the company’s compliance with obligations imposed by the current legal and regulatory framework (Article 6(1)(c) of the GDPR).
C. i) To manage collaboration application submissions on our website, ii) To conduct market research, iii) To provide marketing services and present personalized information and insurance offers to you, iv) To promote our products to you, only if you have explicitly stated that you wish to receive promotional activities by checking the corresponding box on our website or in the consent form, which is the legal basis for this processing (Article 6(1)(a) of the GDPR), v) To allow you to participate in a prize draw, contest, or complete a questionnaire, vi) To record telephone calls for the purpose of proving each commercial transaction upon notification and obtaining your unequivocal consent. The legal basis for such processing is the explicit consent of the data subject (Article 6(1)(a) of the GDPR).
In cases of collection and processing of required special category data (health data) (life and health insurance sector, as well as in cases of traffic accidents with bodily injuries), processing is exclusively conducted based on one of the following legal bases:
a. With your explicit consent following special notification. b. For compliance with obligations imposed by law under labor law and social security law. c. For the establishment, exercise, or defense of legal claims.
Retention Period of Data
The company will retain and process your personal data for the duration of our contractual relationship, in both paper and electronic format. If the relationship is terminated or ends in any way, we will retain your personal data for as long as required until related claims are time-barred and in any case for as long as required by tax law, the applicable legal and regulatory framework, and approved codes of conduct. Additionally, in the case of application rejection and non-conclusion of an insurance contract, we will retain and process your personal data for up to five (5) years. If a legal dispute is pending between us beyond the above processing periods, we will retain your data until the final judicial resolution of the case.
For any additional information regarding the General Data Protection Regulation (GDPR), you may contact us via email at: info@iordanidisagency.gr.