Principles of personal data processing until 01.07.2020
The purpose of this document is to regulate the bases and principles of processing your personal data.
Seesam Insurance AS (hereinafter Seesam) regards processing of your personal data in accordance with the laws of Estonia and the European Union and mutual agreements as a priority. Seesam does everything in its power to protect your personal data from being accessed by unauthorised persons.
Seesam processes personal data as little as possible and you can choose which data to share with us. Your personal data will not be stored any longer than it is necessary for processing them. Seesam processes your personal data in accordance with agreements and only within the framework of the client relationship.
Processing your personal data enables us to offer you better services. We want you to be aware of the types of personal data we collect and why, how we use them and your options and choices.
We strive to keep the data in our possession correct and up to date by deleting any unnecessary data and updating expired data. Nevertheless, we ask you to regularly check whether your data are correct and let us know if they have changed. Log in to our e-service here.
What are personal data?
Personal data are any information that can be used directly or with other data to identify a person. For instance, personal data are your name, address, personal identification code, phone number, bank account number and health data. Personal data are also any data collected in the framework of a client relationship, e.g. data collected during operations carried out in Seesam sales offices, entry into contracts with Seesam or contacting Seesam in another way.
Why do we collect and process your personal data?
We process your personal data for the purpose of offering you high quality and personalised insurance services and better customer service. We wish to constantly improve the quality and functionality of our services. We may use your personal data to develop our insurance services, customer service and sales and marketing activities.
We use your personal data to offer insurance services, respond to your inquiries and questions, fulfil contracts, address loss events and make other similar operations. We use your data for the purpose of Seesam risk management. We may also use your personal data to fulfil obligations arising from laws and regulations and precepts issued by authorities. Such obligations may include identification of users and ensuring data protection, but also prevention and investigation of cases of fraud.
Namely, we process personal data for the purpose of entering into insurance contracts, which above all entails assessment of insurance risk, determining the possibility of providing an insurance service, performance of insurance contracts, claims handling, exercising the right of recourse and offering additional insurance services to policyholders, incl. after the insurance contract has expired.
How do we collect your personal data and from whom?
We generally collect personal data directly from you. For instance, you provide information to us when you make inquiries about types of insurance, participate in our surveys or campaigns or answer our questions about the services we offer.
We also collect your personal data when you register as our client, enter into an insurance contract with Seesam, participate in marketing campaigns and surveys, during claims handling and in other cases where you submit your personal data to Seesam.
In the course of claims handling, we may also obtain your personal data from third parties as responses to our inquiries. We may also obtain your personal data (which you have made publicly available) from the Internet, different registers and other reliable sources.
We collect data in writing, in a format reproducible in writing, via phone recordings or by saving information from the Internet. We obtain data from you both directly (e.g. during meetings and filling in applications) and indirectly (e.g. from experts during the claims handling process).
Who are authorised to process your personal data?
Your data are only processed by employees of Seesam and its service providers (e.g. insurance intermediaries, companies providing a claims handling service, etc.), who have been authorised to process personal data.
Your data can be disclosed outside Seesam to the aforementioned service providers only for specific purposes arising from law or with your consent. Your data are always processed by applying due diligence and in accordance with best data processing practices.
What kind of personal data do we collect?
We only collect information from you that is necessary for entry into and performance of an insurance contract or on another specific legal basis.
We generally collect the following personal data:
- Data related to identification and proving the identity of a person: first name and surname and personal identification code.
- Contact details: address, e-mail address and telephone number.
- Information related to providing services, client relationships and management thereof, e.g. information about the object insured.
- Information required for fulfilling legal obligations.
- Information about use of services by using surveys. The personal data collected depend on the service provided.
How do we use automated decision-making?
Automated decision-making means that a decision on you will be made on the basis of fully automated data processing – decisions are made only by the information systems without employees’ involvement. Automated decision-making speeds up the use of insurance services and makes the process smoother for you. For instance, an insurance contract entered into online enters into force immediately after it has been entered into or indemnity is calculated automatically and a payment is made based on information submitted in a loss notice prepared online.
You have the right to object to automated decisions and request that our employees process your data manually. In such a case. ask your insurance consultant to forward your data to the respective department for assessment. Alternatively you can submit your data by sending an e-mail to email@example.com.
Please note that manual processing of data may sometimes cause delays.
Entry into insurance contract
We use automated decision-making if you enter into an insurance agreement via Seesam self-service environment, the e-shop or other channels. The decision is based on information submitted by you and, depending on the insurance product, the insurance cover selected by you and the amount of indemnity or information collected by us, which means automated inquiries to public traffic, vehicle and credit info register databases. For instance, we can locate the data of a registered vehicle from the vehicle register by using the registration number you provided. Seesam’s insurance programme calculates the price of insurance on the basis of empirical insurance mathematical calculations, taking into account objective information, such as the model of the vehicle, the composition of assets, loss history, age, region, policyholder (user responsible), credit rating or other factors. Once you have received the decision, you can ask our employee to process your data on your behalf and review the insurance offer.
We use automated decision-making in claims handling when performing loss adjustment. The automated decision is based on information you have provided us, the data that Seesam already has and the insurance terms and conditions and we use it to calculate the justified amount of insurance indemnity. Once you have received the decision, you can ask our employee to process your data on your behalf and review Seesam’s decision should you wish.
Termination of insurance contract
Seesam has a legal obligation to automatically terminate insurance contracts due to unpaid insurance premiums.
To whom do we transfer your personal data if necessary?
Seesam uses service providers to fulfil the insurance contract, such as claims handling partners to whom we forward personal data on the basis of an agreement or law. Seesam also transfers personal data for the purpose of fulfilling legal obligations (e.g. before the traffic insurance fund).
We generally process data in the European Union (EL) and the European Economic Area (EEA). In the event of transferring data outside of the EU or the EEA, we ensure the sufficient personal data protection required by law, for instance, by applying the standard contractual terms and conditions adopted by the European Commission.
Seesam may share personal data if we are performing a business transaction or hold negotiations over a business transaction that involves the selling or transferring of our whole business or assets. Such transactions may include mergers, financing, acquisitions, bankruptcy transactions or proceedings.
Your rights as a client
You have the right to verify information pertaining to you and demand the rectification of incorrectly entered or incomplete data and erasure of expired data or data that is not required for the purpose of processing.
You also have the right to prohibit the use of your data for the purposes of marketing and opinion surveys and direct marketing. To this end, contact us at firstname.lastname@example.org.
How do we protect your personal data?
We protect your personal data by taking appropriate data protection and data security measures. These methods include risk management, use of firewalls, encryption methods, control and security systems, controlled granting and monitoring of access and user rights, ensuring employees’ personal data processing-related skills by organising training events and attestations, but also careful selection of suppliers. We constantly update internal procedures and regulations in appropriate manner.
Why do we process children’s personal data?
We collect and process the data of children under 13 years of age mostly with the consent of their parents or guardians. Without the latter’s consent, we can only collect such data with a specific, precisely defined and restricted purpose (for example, a minor can be named in an insurance policy as the insured person or beneficiary without the consent of the parent/guardian).
How long do we store your personal data?
At a minimum, we retain your personal data for as long as you are our client. We fulfil the legal obligation to preserve data. After the end of the client relationship, the personal data retention period depends on the purpose of use of the data, on which you will find detailed information in the respective personal data processing operations register.
Whom can you contact in relation to processing of personal data?
You can contact the person responsible for personal data protection in all questions pertaining to the processing of your personal data in Seesam by sending an inquiry to email@example.com.
Terms and definitions
- A data subject is a person to whom Seesam provides a service by engaging in insurance activity, including the policyholder, persons that are regarded as being equivalent to the policyholder in the insurance contract (incl. insured person), the beneficiary, the injured party, persons responsible for the insured event and witnesses or the person with whom the insurer is in negotiations for entry into an insurance contract.
- Personal data are any information about an identified or identifiable natural person (data subject). An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- A client is a person who uses, has used or has expressed the will to use the services provided by Seesam.
- An insurance service is a service provided by Seesam to the client upon preparing, entering into and performing insurance contracts.
- Marketing is Seesam’s activity, the purpose of which is to determine the client’s interest in entering into insurance contracts and to establish, consolidate and expand relationships with new and existing clients. Seesam considers direct marketing as a subtype of marketing, which involves advertising offers Seesam sends to clients in relation to entry into an insurance contract.
- Processing means any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, documentation, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- A data controller is a person who determines the purposes and means of the processing of personal data. The data controller is Seesam Insurance AS.
- A data processor is a person who processes personal data on behalf of the data controller (Seesam) and on the basis of an agreement entered into therewith.