Detailed information and setup options can be found HERE.
According to the Regulation of the European Parliament and the EU Council No. 2016/679 from 27. April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter „GDPR“).
The controller processing personal data is NOVIS Insurance Company, NOVIS Versicherungsgesellschaft, NOVIS Compagnia di Assicurazioni, NOVIS Poisťovňa a.s., Námestie Ľudovíta Štúra 2, 811 02 Bratislava (hereinafter „Controller“). Company Identification number: 47251301, VAT registration number: 7120001350, registered in the Business Register of the District Court Bratislava I, Section: Sa, file number: 5851 / B, NBS License No. ODT-13166 / 2012-16.
The Controller has a designated data protection officer. You can contact this person by post at the address of the registered office of the Controller or via email at firstname.lastname@example.org. Data subjects may contact the data protection officer with any questions concerning the processing of their personal data and the exercise of their rights under GDPR. The data protection officer is bound by the obligation of secrecy and/or confidentiality in accordance with Union and/or Member State law.
The Controller processes the personal data of its clients in order to provide services connected with the conclusion and administration of insurance contracts, underwriting or claims management. Specific purposes of processing and the legal basis for processing include:
Purpose – Legal basis
Depending on the activities, statutory and contractual obligations, the Controller provides personal data to the following categories of recipients: the Controller´s subsidiaries, insurance intermediaries, contracted doctors of the Controller, reinsurers, IT suppliers, suppliers of printing and postal services, marketing agencies, legal counsels, notaries, executors, fraud detection agencies, delivery companies, banks, debt collection agencies.
The Controller processes personal data for the time necessary to fulfill the purpose of its processing. Usually, for as long as there is a legal relationship and five years after its termination or otherwise if the legislation or contractual relationships state a different retention period for the certain purpose of the processing.
A data subject is a natural person whose personal data are being processed. Data subjects have the right to:
Access to personal data
The data subject shall have the right to obtain from the Controller a confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: purposes of the processing, categories of personal data concerned, the nature of the recipients to whom personal data were or will be disclosed, the envisaged period of retention of personal data, the existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing, the right to lodge a complaint with a supervisory authority and where personal data have not been obtained from the data subject, any available information as to their source.
Rectification of personal data
The data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have the incomplete personal data completed, including by means of providing a supplementary statement.
Erasure of personal data („right to be forgotten“)
The data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay and the Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
Restriction of processing personal data
The data subject shall have the right to request from the Controller restriction of processing where one of the following applies:
Where processing has been restricted, such personal data shall with the exception of retention, only be processed with the consent of the data subject, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. The data subject, who has obtained restriction of data processing shall be informed by the Controller before the restriction of processing is lifted.
Objecting to processing of personal data
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data, which is based on the necessity for the performance of a task carried out for the public interest or for the exercise of public power, or for purposes of legitimate interests pursued by the Controller or a third party with the exception of cases where such interests prevail over the interests or fundamental rights and freedoms of a data subject that require the protection of personal data, especially when the data subject is a child. The Controller mustn´t further process personal data unless it demonstrates compelling legitimate grounds necessary for the processing that outweigh the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims. When personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for purposes of such marketing, which includes profiling to the extent that it is related to such direct marketing.
Transfer of personal data
The data subject shall have the right to obtain personal data related to him or her and which he or she has provided to the Controller in a structured, commonly used and machine-readable format and shall have the right to transfer such data to another controller without hindrance from the Controller to whom such personal data have been provided, if the processing is based on consent or contract and if the processing is carried out by automated means. A data subject shall, in exercising his or her right on data portability, have the right to transfer personal data directly from one controller to another, where technically feasible.
Withdrawal of consent
Where the processing is based on the consent of the data subject, the data subject shall have the right to withdraw his or her consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The withdrawal of consent is effective as soon as the Controller is notified.
The data subject shall have the right to lodge a complaint with a supervisory authority if he or she considers that the processing of personal data relating to him or her infringes the GDPR. The supervisory authority for the Controller is the Office for Personal Data Protection of the Slovak Republic. The supervisory authority that has received the complaint shall inform the complainant of the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of GDPR.
Regardless of the purpose of personal data processing, the provision by the data subject for the Controller is always voluntary. The Controller needs to process personal data to fulfill its statutory and contractual obligations. Failure to provide personal data may, therefore, lead to the inability to enter a contractual relationship with the Controller.