You may also obtain further information at CNPD Comissão Nacional de Proteção de Dados at

Transcription

1 PRIVACY POLICY The privacy policy provides an overview of how Costa Duarte processes your data and what are your rights in this matter, according to Regulation (EU) 2016/679 of the European Parliament and of the Council General Data Protection Regulation (GDPR) and other legislation applicable to data protection and privacy, including local legislation complementing the GDPR. You may also obtain further information at CNPD Comissão Nacional de Proteção de Dados at The data controller is Costa Duarte - Corretor de Seguros, S.A. ( Costa Duarte ), VAT no , with a Share Capital of 123,000.00, insurance intermediary registered on 27/01/2007 with ASF - Autoridade de Supervisão de Seguros e Fundos de Pensões, in the category of Insurance Broker, under no /3, authorized to practice insurance mediation services in both the Life and Non-life branches, which can be verified and confirmed at Costa Duarte appointed a Data Protection Officer (DPO) who may be contacted directly by at dpo@costaduarte.pt or by registered mail sent to: Costa Duarte - Corretor de Seguros, S.A. Att.: Data Protection Officer Av.ª António Augusto Aguiar, º, Lisbon Personal data supplied through the relation established with Costa Duarte is processed in compliance with the legally applicable precepts, namely: Processed in a licit, loyal and transparent manner; Collected for specific, explicit and legitimate purposes and will not be processed at a later date in a manner incompatible with those purposes; This document is merely informative, cannot be considered an insurance proposal and does not replace the legally required pre-contractual and contractual information, which can be obtained at Costa Duarte reserves the right at all times to complete, modify or delete this information.

2 Adequate, relevant and restricted to what is necessary for the processing purposes; Accurate and, if necessary, updated, for which appropriate measures must be taken to ensure that inaccurate or incomplete data is deleted or corrected according to the purposes for which it was collected or for which it is processed on a later date; Stored in a manner allowing identification of its bearers during only the strictly necessary and legally allowed period to fulfil the purposes of collection or of later processing. Personal data is processed for purpose, lawfulness and stored for the time strictly necessary for fulfilling the respective aims, according to the following terms: PURPOSE LAWFULNESS BASIS STORAGE PERIOD Treatment necessary for performing and managing the insurance contract and insurance mediation, or for precontractual diligences, in which Costa Duarte intervenes. Commercial marketing and action. Compliance with legal obligations, namely with the supervisory, tax and fiscal or judicial authorities. Presentation, proposition, signing and performance of the insurance contract, pre-contractual diligences and support for its management, especially in case of a claim, with intervention of Costa Duarte. Legitimate interest by the data controller or by third parties in identifying, evaluating the risks, information, clarification and advice on solutions and products. Consent by the Data Subject. Compliance with legal obligations. Consent by the Data Subject. Legitimate interests for the development and growth of activities by the data controller or by third parties. Compliance with legal obligations. Legitimate interests to control the activities of the data controller or of third parties. To declare, exercise or defend rights in a legal process. Until completion of the legal expiry period of all obligations arising from the insurance contract and of the related insurance mediation activity. Until one-year has elapsed after completion of the contractual and legal relation. Legal period applicable at any time to each legal and juridical obligation to be met. Until completion of the time limit or expiry for exercising rights.

3 In case of some risks to be transferred, namely in the case of insurance workmen s compensation, personal accidents, health and life polices, among others, Costa Duarte may process health data, either as part of the pre-contractual relation to analyse the proposed risk and negotiate contractual conditions, or as part of managing the contractual relation, activation of the coverage, claims management and in contract renewal and amendment processes. Access to personal data is given to Costa Duarte personnel and to all parties participating in the contract in question that need the said data to carry out pre-contractual diligences and contractual or legal obligations for insurance mediation activities. Personal data may be communicated to other companies that are in a dominant or control relation, already set up or to be set up, of which Costa Duarte is a party thereof or comes to be a party thereof, whose identification and contact data may be, at any time, requested from the DPO, and may be processed by other entities for which Costa Duarte acts, if such is the case, as a processor or is jointly responsible for the processing, to which Costa Duarte has subcontracted its processing and also by its insurance co-mediators or Persons Directly Involved in the Insurance Mediation Activity (PDEAMS). Personal data may also be processed by other Insurance Companies or co-insurace mediators as part of claims management. As part of managing the insurance s pre-contractual and contractual relation and for compliance with the duties of information, clarification, transmission, advice, assistance and registration imposed by applicable laws, Costa Duarte may collect information about the Data Subject deemed relevant for evaluating the risk to be insured and for the Insurance Companies to establish the contractual conditions of the insurance. The said information may be obtained from sources accessible to the public, public entities, the sector s associations, existing computer platforms or specialised companies, to complement or confirm the information provided by the Data Subject. Data Subject has the right to request the following from Costa Duarte and, through the latter, from the Insurance Companies, by submitting a written request sent to the DPO: Access, within the legally stipulated terms and conditions, to the Personal Data about them and subject to processing; Correction or updating of inaccurate or outdated Personal Data referring to them; Processing of missing Personal Data when the said data is incomplete; Deletion, in cases specifically stipulated by law, of Personal Data referring to them; Restriction, when the legal conditions are met, of the processing of Personal Data referring to them.

4 Through a written request, sent to the DPO, Data Subject is also entitled to: Withdraw his consent when the data processing is grounded merely on a consent; Oppose the processing for reasons related with his specific situation, when the data processing is based on a legitimate interest of the data controller or of third parties; Receive from the data controller, in a currently used digital format with automatic reading, the personal data referring to him and that was provided by him, processed by automated means and based on: a) consent given by the Data Subject, or b) through a signed contract, and may request, in writing, the respective transmission directly to another data controller, whenever such is technically feasible. Data Subject may also request more detailed information from the DPO, namely about the purposes, lawfulness basis and storage periods, and also submit complaints to the DPO about how his personal data is processed, without prejudice of also submitting such to the Portuguese Data Protection Authority (CNPD). Data Subjects shall provide the necessary personal data for compliance with the respective pre-contractual and contractual obligations and diligences and the data that Costa Duarte is legally required to collect. Without this data, Costa Duarte must, as a general rule, decline from placing the contract or an order at an insurance company or pension fund management firm. Costa Duarte, in carrying out insurance mediation activities in the Life branch, is bound to the legal provisions on money laundering. For us to comply with this legal obligation, the Personal Data Subject must submit the necessary information and documentation and, during the commercial relation, must immediately notify any alterations or confirm that the information is up to date. If the Data Subject does not provide us with the necessary information and documentation, we will be unable to establish or continue the commercial relation or proceed with the Data Subject s requests. Personal Data Subjects must maintain Costa Duarte informed about any alterations to their personal data, namely within the terms and conditions stipulated in the respective policies. Costa Duarte applies adequate technical and organisational measures to protect Personal Data against loss, destruction or damage, either accidental or illicit, and thereby ensure that the provided data is protected against access or utilisation by unauthorised third parties. Costa Duarte guarantees the privacy and security in the transmission of data of its clients and of visitors to its website and other IT platforms, if it has them.

5 Personal data will be transmitted to countries outside the European Union only when necessary to carry out orders or requests by the Data Subject, by legal requirement or when the Data Subject has given us express authorisation for the purpose. When necessary to rely on service providers from third countries, these are bound to comply with the instructions applicable to this matter, by signing an agreement of to fulfil standard European Union contractual clauses for compliance with the level of data protection applicable in the European Union. Although, as a rule, we do not perform automated data processing to define commercial profiles, we may need to define profiles within the scope of the services that were contracted or to be contracted. We may define profiles enabling us to provide information and advice about products and services by using assessment instruments. This approach enables us to match our communication and publicity to market demand. Costa Duarte applies all suitable measures to safeguard your rights and liberties within this scope. If client profiles are created exclusively for commercial purposes, you may object to the definition of that profile by contacting the Data Protection Officer at the contacts shown above. Costa Duarte s website uses cookies to improve the provided information. Cookies are small text files stored in your computer through the browser. They may contain any type of information. Normally, cookies are used to facilitate browsing and/or save information, between visits, about the visitor s options or preferences. Using cookies is a normal practice by websites, and most Internet browsers allow a user to accept, reject or delete cookies, namely by selecting the appropriate definitions in the browser. For further information, please consult our Cookies Policy at Costa Duarte may alter this privacy policy at any time without prior notice. Alterations will be suitably published at Lisbon, 21 May 2018