+357 22 761010
  • English
    • Greek

1. About Us

Prodromou & Makriyiannis Insurance Underwriting Agencies & Consultants (hereinafter referred to as “the Company” or “Prodromou & Makriyiannis Insurance Underwriting Agencies & Consultants”) engages in insurance activities across Cyprus, having its main office at Kolokotroni 14, 2408 Engomi, Nicosia

This text aims to provide you with intelligible, transparent, and direct information about the processing of your personal data, collected and processed by us in the context of fulfilling our obligations to you. Our Company is bound by the applicable legislation to secure and to safeguard your rights and protect you against illegal processing of personal data. The Company also aims to protect your right to privacy, as well as to protect the personal data maintained by us and which is of concern to you.       

Your personal information may help us to better understand your insurance needs and to offer you a more comprehensive and customized service. However, we understand that maintaining security and confidentiality of your personal data is a big responsibility which we take very seriously.  For this reason, we have drawn up this Policy, among other things, which aims at informing you about the kind of data we collect, why we collect it and how we use it.

This Policy is addressed to natural persons, who are current or potential customers of the Company, beneficiaries of insurance policy contracts, authorized persons, third persons, suppliers and associates. By providing your personal information or the information of some other person, such as a beneficiary of the Insurance Policy or a person who files a claim and for whom you have consented or obtained authorization towards the processing of their personal data, you accept that we will use such information in the manner which is analytically explained in this Policy. You should identify the person whose personal data you give to the Company, to this Policy.

Further Processing Notices may be delivered to you at a later stage, underlining specific uses of your personal information.  

It is also likely that certain changes will be made to this Policy in order to keep it in line with evolution in the legislation as well as with operational and technological developments. From time to time you should check the website of the Company and update yourself with the latest version of the Policy.

In the Policy, your data may sometimes be referred to as “personal data”, “personal information” or “data.” For the purposes of the Policy, personal data is any information concerning a natural person, whose identity may be established whether directly or indirectly, particularly by reference to an identification detail, such as full name, identity card number or one or more factors relating to the physical, physiological, genetic, psychological, financial, cultural or social identity of the said natural person.   

The term personal data also includes, among other things, certain sensitive data (or special categories data), as for example the data concerning a natural person’s state of health, any penal convictions and data revealing the racial or ethnic origin of the person.

When we say that your personal data is a subject to “processing”, this term includes every action undertaken in relation to this data, such as the collection, registration, organization, structure, storage, adaptation, variation, recovery, search for information, usage, transmission, diffusion, disposal, correlation, combination, limitation, erasure, and destruction.  

In case you require more information on how we process your personal data, you may apply to the Data Protection Officer of the Company at the address of our registered office, Kolokotroni 14, 2408 Engomi, Nicosia or by emailing dpo@pminsurancebrokers.com.

2. Personal Data Processing Principles

When we collect sensitive personal data, we are bound by the General Regulation for the Protection of Personal Data (EU) 2016/679 and, we take into consideration all the necessary organizational measures. Then we proceed to the processing stage, which is based on the following principles that govern the processing of personal data:it shall be subjected to legitimate and lawful processing in a transparent manner,

  • it shall be subjected to legitimate and lawful processing in a transparent manner,
  • it shall be collected for specified, express and legitimate purposes and shall not be subjected to further processing in any way incompatible with the purposes for which this data is collected by the insurance company,
  • only the appropriate and relevant data shall be collected, limited to the necessary purpose for which it has been collected, ,
  • it shall be accurate and updated as necessary,
  • it shall be retained only for as long as required and for the purposes for which they have been collected,
  • it shall be subjected to processing in a manner guaranteeing their required security against non-authorised or unlawful processing and accidental loss, destruction or wear, among other things, through the use of suitable techniques and or organizational measures,    
  • when we transmit your personal data whether to another country or to a person who carries out the processing on behalf of the Company, the necessary measures shall be taken by us for the protection of your personal data, as for example through the conclusion of specialized contracts for data processing.

3. How we Collect your Personal Data

Quite often the collection of personal data is performed directly by you or through consultants or intermediaries. The relevant information may be received through a proposition submitted to us whether directly or indirectly (via associates or/and agents) or by way of the agreement between us by telephone or any other kind of communication with you.

Nevertheless, in some cases the collection of personal data may be effected by third parties, when for example you are named by someone as party to an offer/Company contract. Your personal details may be collected either by third persons (associates, agents, lawyers, authorized individuals) or by other insurance companies or even by sources available to the public at large.     

More analytically, personal data may be collected:

 (a) Straight from you (directly or indirectly):

  • Through the information completion form in the context of filing an application for an insurance offer  
  • In the context of submitting an inquiry or objection and filing a complaint or claim on your part
  • On line by the client or through an intermediary
  • On line by the client when he chooses to pay through the JCC  or an intermediary
  • On line through a bank
  • Personal details submission form  
  • By personal contact directly with the natural persons
  • Via a hand-written curriculum vitae, email, employees, supervisor, department Director

(b) From various other/ “third” sources (indicatively):

  • Through other insurance contracts in which you are named as part thereto (e.g. if you are nominated as driver in a motor vehicle insurance policy)  
  • Through other insurance services
  • Through Insurance companies that we cooperate with
  • Through our branches
  • Through our associates, brokers or agents
  • Through your next of kin (in the event you are unable to provide us with information)
  • Through medical practitioners or other related health professionals (e.g. during the evaluation of a claim for damages),  
  • Through lawyers, agents, brokers, new associate completion form and insurance agent contract
  • Company’s representatives, medical centers
  • Through legal consultants  (e.g. when you are not insured with us but you have a claim against a client of ours due to an accident),
  • Through banks
  • Through the Department of Road Transport, Public Services, Tax Department and Official Recipient Insolvency Service
  • Through specialists and experts such as surveyors
  • By telephone, through the Police, fax, websites, Photographs
  • Through an electronic email message.
  • Payslips

4. What kinds of Personal Data is Processed by us?  

Our insurance company collects and processes various kinds of personal data, depending on the services provided in each particular case. Our policy applies to both our current and or potential customers directly or indirectly involved.  

For all of the aforementioned reasons, our insurance company collects and processes personal data depending on the insurance coverage that will be provided for you as follows:

  • Contact details (such as full name, Date of Birth, Identity Card Number, home address, email address, telephone, occupation, Social Insurance Number, etc.)
  • Biographical details, competence statement, penal record, financial standing, social insurance number, School Leaving Certificate, Degree or/and Post Degree certificates, seminar attendance certificates, performance, grading, Name, Address, NIN, IBAN, TIN(AFT), date of birth, Telephone, Previous Salaries, clocking in and out, content of complaint. 
  • Information and contact details for third parties, who are named in any way as part of the contract (eg named drivers in motor vehicle insurance), spouse name and dependents (name, ID number, age, driver’s license dates, citizenship)
  • Personal information, which is mentioned in the ID / passport (such as date of birth, citizenship, ID number, passport number, etc.)
  • Credit card number (copy of JCC company clipping), name, contract number, Your banking information (eg IBAN), Swift bank
  • Vehicle details
  • Alien ID and passport numbers, social security numbers, copy of passport, alien visa
  • Personal information about your state of health, both medical and mental as well as information on previous accidents, illnesses and their treatment.
  • Income tax clearance and social security, jurisdiction, death certificate
  • Information about your past such as bankruptcies, penalties, your previous claims or even if a lawsuit is pending against you.
  • Information about the object, which is provided or will be provided by the Insurance Companies with which we cooperate (such as for example your vehicle, your boat, your home, etc. depending on the insurance product)
  • Report from the police / fire department / relevant competent authority, expert report, Medical Certificates, Diagnostic Tests, accident photos, copy of driving license, copy of vehicle title deed
  • Previous insurance coverage details
  • Information about the property (movable and immovable), what is inside it and any kind of charges that concern it (mortgages, debts, etc.).
  • Information that is collected through our website, through the use of cookies.
  • Information necessary and corresponding to the respective insurance coverage.
  • Claim form details, supporting documents, diagnoses, valuations, etc.

5. How we use your Personal Data

After your data has been collected by us, it may be subjected to processing within our insurance company, as previously mentioned, by our employees, associates and or agents, in order to provide you with a customized service.

We use your personal data for the following purposes:

  • To communicate with you
  • To improve the quality our services
  • For the prevention, detection and investigation of crimes, including fraud and the legalisation of the proceeds from illegal activities, as well as the appraisal and management of other trading risks.
  • To conduct research and analyse data, including an examination of our client basis and other individuals, who have given us their personal details and information (for instance, third persons claiming damages), and the risks faced by our enterprise, always in accordance with the prevailing Cypriot and European legislation (including the obtaining of consent when required).
  • For promotional marketing and advertising activities. We may undertake the conduct of promotional activities in accordance with your preferences and upon your consent, using email messages
  • For the personalization of your experience and the analysis and recording of your needs in relation to the insurance products that you have received from the insurance companies with which our Company cooperates, presenting information, advertisements and other promotions for new services.
  • For the compliance of our company with the applicable laws and statutory obligations, European Union directives and guidelines, court decisions and other legal processes, and in order to respond to requests by public and state authorities, as stipulated in Cypriot and European legislation.
  • To enforce and defend our legitimate rights and to protect our business activities, including those of our business associates, and to safeguard our rights, individual privacy, security or property assets, as well as the rights of our business associates, yours and those of other persons’ or third parties’; for the purpose of imposing our terms and conditions and pursuing all available recovery measures and containing our damages.

6. Sharing Your Personal Data

It might be necessary to share your personal data with our associates so that we could provide for you the required insurance, (i.e expert, loss adjustors) among others with Insurance Companies / Brokers / Employees / Partners, with JCC, with Microsoft, with Golden Telemedia, Domain Star, depending on the case with the Police, Insurance Companies Control Service, Insolvency department, with Cyprus Income Tax, with Insurers, with Bank and intermediaries (authorized to contact bank customers for services), with Immigration, with Auditors, third party the data subject asked us to contact, with Government Services, with Reinsurers, with Analysis Laboratories, with medical consultants, doctors, brokers, with the Supervisory Authority, with Consortium (MIF), with Home care service, with roadside assistance, lawyers, Social insurance (employer liabity), ΤΟΜ (vehicle insurance), business associations, with Financial Commissioner, with insolvency service, with Human Resources Development Authority, seminar organizers / training centers, with Investment / stock exchange / management companies and investment consultants, with Printing centers, with internal control, with brokers, with Courier Company, post office, Consultants, Legal Consultants.

As processors we may transfer your personal data to the insurance companies with which you contract through us, so that they can provide you with insurance coverage. We have contracted with all the insurance companies with which we cooperate to comply with the provisions of the General Data Protection Regulation (GDPR).

In no case, however, are we going to share your personal data for processing for purposes contrary to those described in this Policy without your prior notification.

In each case arising from our relationship, your personal data may be transmitted to public authorities, researchers, reinsurance companies, the Registrar of Insurance Companies, who shall undertake to process them on behalf of the Company in the capacity of processors, on the basis of the agreement between us. Personal data may be transmitted abroad to associated third providers, reinsurance companies, lawyers and experts.    .

In each transmission to third parties every measure shall be taken beforehand so that only the necessary data shall be transmitted for the implementation of the contract, along with the effective requirements for their legitimate and lawful processing; moreover, the organizations to which the data is being transmitted shall undertake a written commitment that they shall comply on their part with the provisions of the General Data Protection Regulation. Exempt are those cases in which the communication of the data is effected due to some legal or statutory obligation.   In cases where it is necessary to communicate your personal data to countries outside the European Union, which do not offer adequate guarantees for the protection of your personal data, our insurance company shall be obliged and hereby undertakes the responsibility to conclude contractual clauses between our Company and the Company to which the data is communicated, in order to safeguard the information transmitted.

7. Retention Period for your Personal Data

Our insurance Company shall retain your personal data in its records only for the time period required for the fulfillment of the insurance contract between us, unless legal or statutory obligations provide otherwise. This also applies to those cases where our agreement has been interrupted for any reason.

Trying to achieve harmonization with the Regulation, we have determined the time periods for the retention of your personal data, depending on the processing to which they are being subjected. The parameters that have been taken into consideration for the determination of the time periods are your better service, our operational needs, our legal obligations and the safeguarding of our legal interests.

In order to be accurately informed on the retention periods, please contact the Data Protection Officer of our Company.

8. What are your rights?

The General Data Protection Regulation defines your rights in regard to your personal data. On account of this, our insurance Company has developed a mechanism for the satisfaction of requests concerning your personal data, as follows:  

  1. Right to access: You have a right to access your data maintained by us and you may at any time obtain a copy thereof provided we possess them in electronic form.
  1. Right to rectification: You have a right to access and rectify your personal details. You may at any stage of our relationship check and update your personal data, always presenting the necessary documentation and requesting the rectification or completion of inaccurate information.  .
  1. Right to be forgotten: You have the right to ask for the erasure of the whole or part of the data that concerns you. We would like to underline however that our Insurance Company shall be obliged to erase only those personal data which can be erased as per our data erasure policy.
  1. Right to restriction: You hold the right to ask for the processing of your personal data to be restricted, even when the accuracy of the data is disputed or furthermore when the data is no longer useful to the insurance company but you request its retention due to legal claims.  
  • Right to object: You may at any time whatsoever raise objections about the processing of your personal data. In case you make use of this right, the processing shall immediately cease, unless the Company can prove the existence of legal interest or the need to use the data in support of a legal/judicial case.  
  • Right to data portability: You have the right to portability, that is, to transfer your personal data to another organization in a legitimate and commonly used form. The said data shall be erased as specified in the erasure policy of the Company.
  • Right to recall consent: You have the right at any time to withdraw your consent to the processing of your personal data, without however affecting the legality upon which our policy was based prior to your withdrawal. We would like to inform you that the recall of your consent may possibly lead to the termination of the relevant services.  .
  • Right to launch complaint: You have a right to launch a complaint with the Commissioner for the Protection of Personal Data, regarding the processing of your personal data.

If, when filing your complaint, you feel that you have been wronged by us or if you have any doubts about the outcome of your request, you may submit it in writing to the Commissioner for the Protection of Personal Data at the below address:  

Office of the Commissioner for the Protection of Personal Data

Iasonos 1, 2nd Floor

1082 Nicosia

P.O. Box 23378

1682 Nicosia

Τel.: 22818456 Fax No.: 22304565

email: commissioner@dataprotection.gov.cy

In order to exercise your rights as above or in the case you require more information concerning your rights, you may communicate with the Data Protection Officer of our Company, at the address of our registered office or through the email address dpo@pminsurancebrokers.com.

9. Changes to our Policy

Changes in the Legislation or technological developments impose corresponding modifications on our part.

You are kindly asked to keep apace with our Policy, which may at any time change in order to adapt to new developments and facts. 

Our reviewed policy shall be posted on our website at the address www.pminsurancebrokers.com.

Finally, you may ask to be supplied with a copy of the most recent version of the Policy in printed form.

July 2021


Appendix A – Table of Processing Activities

Name of processing activityCategories of Personal DataMeans of Collection  Legal BasisReceipient CategoriesRetention Period
Study of Data for risk assessment of a specific proposal – This concerns a section of underwriting departmentsDetails of insurance proposal by industry (see section / branch)ERP, Insurance Proposal and Additional InformationArticle 6 (1) (b) – execution of a Convention to which the data subject is a contracting party   or to take action at the request of the data subject prior to the conclusion of a contract for investigating probability of cooperationN/AData is returned to the relevant Department. They are not kept by the Risk Manager
Data processing for settlement of dealers’ obligations (bills)Ownership Titles, Third Party Signatures, Name, Address, Telephone Numbers, Identity Number, Guarantor DataDealers themselvesArticle 6 (1) (b) – execution of a Convention to which the data subject is a contracting partyLawyers (Erotokritou, Nikolaidis Giorgos LLC) if required7 years after termination / expiration of the contract
Data processing for complaints – Collection of informationDetails of insurance proposal by industry (see section / branch)Clients themselves,
Representative, email, telephone, Complaint Form, Website, Financial Disputes Commissioner  
Article 6 (1) (b) – execution of a Convention to which the data subject is a contracting party  Article 6 (1) (c) Legal duty of the controller The Insurance and Reinsurance and Other Related Matters Act of 2016 (38 (I) / 2016)Financial Dispute Commissioner (if there is no consensus / solution) possible complaint to the insurer of insurance companies appeal to a lawyer / court  3 years after the full resolution of the complaint or the outcome of the matter
Receipt of information from Insurers / Official Receiver with Bankruptcy, Debt Relief, etcName, Identity Number, Address, AdvisorCircular by Registrar of Companies and Official ReceiverArticle 6 (1) (c) Legal duty of the controller  Bankruptcy of Natural Persons Law, Chapter 5 Insolvency of natural persons law  Registrar of Companies and Official Receiver7 years after termination / expiration of the contract for customers Immediately if they are not customers
Data transfer (after client death) to other parties (example lawyers, beneficiaries)Contract details, Covers, AmountsEmailArticle 6 (1) (b) – execution of a Convention to which the data subject is a contracting partyLawyers, Administrators, Beneficiaries, Authorized Dealers,Emails are deleted immediately
Assessment of a claimName, Identity Number, Cost, Diagnosis, Test Results, Medical Certificates, IBAN Number (for Remittance)Insurer, Fax, email, hand-written originals, postalArticle 6 (1) (b) – execution of a Convention to which the data subject is a contracting party, in  combination with the consent we have received in the claim form  Company Lawyers, Banks (Remittance), Ironmountain, Auditors, Doctors, Chemists, Radiologists, Brokers Greece (Matrix), External Consultants (Michalis Pilavakis, Sakis Stylis)7 years after termination / expiration of the contract or 7 years after full settlement if the contract has already expired / terminated
Data transfer to mediators (usually only the spreadsheets, to update them)Name, Contract Number, Amount, Claim DetailsERP Genius sent by email or mail in a sealed envelopeArticle 6 (1) (b) – execution of a Convention to which the data subject is a contracting partyMediators, ReinsurersImmediate deletion of transferred data  
Offer for insuranceName, Address, Telephone Numbers, Identity Number, Nationality, Email, Health Status, Age, Credit Card Number / Account Number for Order, Medical History, Names and Addresses of Medical Service ProvidersIndividual offer (online registration), From an intermediary (online registration), By phone, Private – Team offer  (employee information) From a company or an intermediary. (Email, Fax, Handwritten (Customer), Mediator, Company Clerk)Article 6 (1) (b) – execution of a Convention to which the data subject is a contracting party or to take action at the request of the data subject prior to the conclusion of a contract investigating probability of cooperation Article 9 (2) (a) the subject has given explicit consent to the processing of such personal dataMediators,, Reinsurers, Branch Officers, Branches, and Customer Staff (Group offer)7 years after termination / expiration of the contract (successful bid) In the event that the offer is not accepted and cooperation is not established then the data will be deleted at the end of the year following the year of the offer
Examination of insurance proposal (collective, individual) and contract preparationName, Address, Telephone Numbers, Identity Number, Nationality, Email, Health Status, Age, Credit Card Number / Account Number for Order, Medical History, Names and Addresses of Medical Service ProvidersMail, fax, mail, original (delivered by hand)Article 6 (1) (b) – execution of a Convention to which the data subject is a contracting party or to take action at the request of the data subject prior to the conclusion of a contract investigating probability of cooperation Article 9 (2) (a) the subject has given explicit consent to the processing of such personal dataMediators / Affiliates, Banks (Payment), Reinsurers (above the limit), Assessors, Immigration (Medical Maids), AssistAmerica (only name and contract), Lawyers, Infocredit, Doctors, Ironmountain7 years after termination / expiration of the contract (successful bid) In the event that the offer is not accepted and cooperation is not established then the data will be deleted at the end of the year following the year of the offer
Modification, cancellation, renewal of a ContractName, Address, Phone numbers, Identity number, Nationality, email, Health status, Age, Credit card number / order number, Medical history, Names and addresses of medical service providers.  Email, fax, manual (modification form)Article 6 (1) (b) – execution of a Convention to which the data subject is a contracting party or to take action at the request of the data subject prior to the conclusion of a contract investigating probability of cooperation Article 9 (2) (a) the subject has given explicit consent to the processing of such personal dataInsurers, Reinsurers, Lawyers, Ironmountain, Banks, Migration, Doctors, Ironmountain.7 years after termination / expiration of the contract
Evaluation of mediator data to initiate collaborationName, Address, Phone numbers, Identity number, email, Citizenship, Date of birth, Total contract value, Training, Guarantor data (Names, telephones, addresses)Mediators themselves (interview), new partner formArticle 6 (1) (b) – execution of a Convention to which the data subject is a contracting partyN/A3 years with possible expiration of cooperation
Management of Mediator’s DataName, Address, Phone numbers, Identity number, email, Citizenship, Date of birth, Total contract value, Training, Guarantor data (Name, phone numbers, addresses)New Partner Form and Insurance Agent Agreement.Article 6 (1) (b) – execution of a Convention to which the data subject is a contracting partyInsurer of Insurance Companies (original), Legal Advisor3 years with possible expiration of cooperation
Status communication with performance (monthly)Contract detailsERP Genius  Article 6 (1) (b) – execution of a Convention to which the data subject is a contracting partyN/AImmediate deletion of Data  
Transmission of travel trip data to mediators and their families as co-reward and to board members (as escort)Name, Telephone, Passport number, Identity card (copy) and Data of family membersMediators themselves  Article 6.1 (a) – the data subject has consented to the processing of personal dataTravel agencies, HotelsImmediate deletion at the end of the trip
Compilation of data (such as bank accounts) of financial representativesIBAN number, account numberData subjects themselves (email)  Article 6 (1) (b) – execution of a Convention to which the data subject is a contracting partyN/A3 years with possible expiration of cooperation
Assessment of a claim  Name, Identity Number, Address, Phone Numbers, Accidents, Social Security Number, Vehicle Data, Date of Birth, Witness Details, Medical Certificates and Other Sectoral InformationServer speedfire (.pdf), Photos and conditions, hand-assured lawyer notification  > third party involved  > mediator  > Insurance company of a person / third party  > PoliceArticle 6 (1) (b) – execution of a Convention to which the data subject is a contracting party in combination with the consent we have received in the claim formDoctors, Speedfire, Ironmountain, Lawyers, Infocredit, Estimators, Banks (any property), other third party insurance7 years after termination / expiration of the contract or 7 years after full settlement if the contract has already expired / terminated
Assessment of medical certificate and other certificates requested for the claimTest results, Health statusemail, Fax, by hand  Article 6 (1) (b) – execution of a Convention to which the data subject is a contracting party in combination with the consent we have received in the claim formLawyers, Reinsurers, Doctors, Associates, Auditors7 years after termination / expiration of the contract or 7 years after full settlement if the contract has already expired / terminated
Payments – Receivables (check)Claim form details (Name, Address, Telephones, Email, Accident and Insurance Type, Additional information), Supporting Documents, IBAN Number  Branch, Mediator, Claim Form, Supporting Documents (email)Article 6 (1) (b) – execution of a Convention to which the data subject is a contracting partyAuditors, Ironmountain  7 + 7 years in the end of cooperation due to tax, VAT in accordance with the legislation on income tax and value added tax
Collection of information (private investigator)Monitoring of an insured individual or third party debtor, verification of health status, damage suffered (insurance based)Associates (email, by hand)  Article 6 (1) (f) – Legitimate Interest   safeguarding of interests and avoiding fraud  Lawyers, Reinsurers3 years after full settlement
Data transmission to MIF  Name, Phone numbers, vehicle number, conditionsFrom Speedfire database, from customers themselves, from systemsArticle 6 (1) c Legal responsibility if the controller in accordance with the legislation (Third Party Insurance) Law 96 (I)/2000Speedfire, MIF  7 years after termination / expiration of the contract
Exchange of information with other insurers (fraud)Name, Identity number, Amounts, ConditionsSystems  Article 6 (1) (f) – Legitimate Interest   safeguarding interests and avoiding fraud  Other Insurance Companies  3 years after termination / expiration of the contract
Offer for insuranceName, Mail Address, Phone Numbers, ID number, e-mail  Online registration by interested individuals themselves, Online registration by an intermediary, From communicating with an intermediary or client via email, fax, or by hand  Article 6 (1) (b) – execution of a contract to which the data subject is a contracting party or to take action at the request of the data subject prior to the conclusion of a contract for investigating probability of cooperationMediator  7 years after termination / expiration of the contract (successful bid) In the event that the offer is not accepted and cooperation is not established then the data will be deleted at the end of the year following the year of the offer  
Assessment of insurance proposal and contract preparationBasic insurance proposal details (Name, Address, Phone number, ID number, email, Copy of ID),
Other details in relation to the insurance type, such as age pay salary etc.

The ID should only be shown and a copy of it should not be received
Proposal for insurance and additional details that may be required by hand or electronically (by email or fax) by the proposer or by the intermediaryArticle 6 (1) (b) – execution of a contract to which the data subject is a contracting party or to take action at the request of the data subject prior to the conclusion of a contract for investigating probability of cooperationMediators, Lawyers (if necessary), Damage estimators – experts, Doctors
Ironmountain, a financial institution which has been granted rights,
Infocredit Reinsurers if circumstances require so

7 years after termination / expiration of the contract (successful bid) In the event that the offer is not accepted and cooperation is not established then the data will be deleted at the end of the year following the year of the offer  
Data collection via Infocredit – credit scoring  Name, Identity Number, Affiliated Companies, Financial DataInformation from Infocredit serverArticle 6 (1) (f) – Legitimate InterestΝ/ΑΝ/Α  
Contract modification / cancellation  Basic insurance proposal details (Name, Address, Phone number, ID number, email, Copy of ID),
Other details in relation to the insurance type, such as age pay salary etc.

The ID should only be shown and a copy of it should not be received
Modification form and supplementary information that may be required, either manually or electronically (by email or fax) from the proposer or the intermediaryArticle 6 (1) (b) – execution of a Convention to which the data subject is a contracting partyMediators, Lawyers (if necessary), Damage estimators – experts, Doctors
Ironmountain, a financial institution which has been granted rights,
Infocredit Reinsurers if circumstances require so

7 years after termination / expiration of the contract
Offer for insuranceName, Address, Telephones, ID Number, Driver’s License Number, Email, Health Status, Age, Other Driver Data, Accident History, Driving ExperienceOnline registration by interested individuals themselves, Online registration by an intermediary, From communicating with an intermediary or client via email, fax, or by hand  Article 6 (1) (b) – execution of a contract to which the data subject is a contracting party or to take action at the request of the data subject prior to the conclusion of a contract for investigating probability of cooperation in conjunction with the consent received with the proposalMediator or client representatives7 years after termination / expiration of the contract (successful bid) In the event that the offer is not accepted and cooperation is not established then the data will be deleted at the end of the year following the year of the offer  
Assessment of insurance proposal and contract preparationName, Gender, Identity or passport of drivers, Nationality of the insured, Date of birth of the drivers, Occupation of the driver, Address, Email, Telephone, Driver’s license (copy), Background of physical or mental illness, Previous claims, Previous convictions for a driving-related  criminal offense or offenses, Previous insurance historyCustomers themselves, Mediators (by hand, email, courier service)  Article 6 (1) (b) – execution of a contract to which the data subject is a contracting party or to take action at the request of the data subject prior to the conclusion of a contract for investigating probability of cooperation in conjunction with the consent received with the proposalMediators, Reinsurance (based on circumstances) Underwriting, Risk, Speedfire, Ironmountain, Valuers of other insurance companies for confirming the history, Cyprus Information Service, Lawyers and Banks in case of mortgage7 years after termination / expiration of the contract (successful bid) In the event that the offer is not accepted and cooperation is not established then the data will be deleted at the end of the year following the year of the offer  
Coverage memo of temporary duration (4 months)Name, Identity Number, Coverage, Vehicle Details, and Driver InformationCustomers themselves, Mediators  Article 6 (1) (b) – execution of a contract to which the data subject is a contracting partyCar dealers, car yards, Department of Road Transport etc  7 years after termination / expiration of the contract

Payment receipts (premiums)
Name, Check details, Contract number, Account number, Credit card number, Identity number, AddressMediators themselvesArticle 6 (1) (b) – execution of a contract to which the data subject is a contracting partyInsured individual, Auditors, Lawyers, Infocredit 9 (after consent), Mediator7 years with an extension for another 7 years after invoicing, in the case of an investigation by the Department of Taxation
Contract cancellation payments (checks, remittances)IBAN, SWIFT Bank, Full Name, Account Number, Amount, Contract NumberSystems, customers themselves, email (mediators)  Article 6 (1) (b) – execution of a contract to which the data subject is a contracting partyMediators  7 years with an extension for another 7 years after cancellation, in the case of an investigation by the Department of Taxation
Claim payments (remittances only)IBAN, SWIFT Bank, Full Name, Account Number, Amount, Contract NumberClaims department, ERP system  Article 6 (1) (b) – execution of a contract to which the data subject is a contracting partyBank,  7 years with an extension for another 7 years after cancellation, in the case of an investigation by the Department of Taxation
Supplier payments  Full Name, Phone, Address, Email, Account NumberSuppliers themselves, Invoices (email)  Article 6 (1) (b) – execution of a contract to which the data subject is a contracting partyAuditors  7 years with an extension for another 7 years after cancellation, in the case of an investigation by the Department of Taxation
New employee registration   Name, Telephone Numbers, Address, ID Number, Social Security Number, Tax ID, Position, Job Start Date, IBAN NumberFrom HR (Employee Recruitment Form, Social Insurance Form – First Employment)Article 6 (1) (b) – execution of a contract to which the data subject is a contracting partySocial Insurance, Income Tax (IR 7)7 years with an extension for another 7 years, after termination (data relating to tax issues) All other data is kept for 3 years after termination (unless there is an ongoing legal case)
Transfer of employee data for ‘Pension scheme’ Eurolife  Name, Identity Number, Salary, Date of Birth, Cut (5%, 10%)Inquiry form, emailingArticle 6 (1) (b) – execution of a Convention to which the data subject is a contracting partyEurolife, Auditors  7 years with an extension for another 7 years, after termination (data relating to tax issues) All other data is kept for 3 years after termination (unless there is an ongoing legal case)
Transmitting data via a bank’s website for payroll purposes (.xml file)Full Name, Salary, Account Number, IBAN NumberEasysoft payroll systemArticle 6 (1) (b) – execution of a Convention to which the data subject is a contracting partyBank  7 years with an extension for another 7 years, after termination (data relating to tax issues) All other data is kept for 3 years after termination (unless there is an ongoing legal case)
Transmission of data (statements) submitted to government departments – allowancesName, Identity Number, Details (Forms: Sickness 3-008, Maternity 3-007, Paternity 3-009) and supporting documents, IBAN NumberThemselves (printed form) Salary (email)  Article 6 (1) (c) Legal duty of the controller

the Companies Law Chapter. 113  
Social Insurance  7 years with an extension for another 7 years, after termination (data relating to tax issues) All other data is kept for 3 years after termination (unless there is an ongoing legal case)
Membership of the Board of DirectorsName, CV, Capacity statement, Criminal record, Financial status, etc.Data subjects themselves  Article 6 (1) (c) Legal duty of the controller
The Insurance and Reinsurance and Other Related Matters Act of 2016 (38 (I) / 2016) Articles 44 and 297
Insurance Officer, Chairman of the Board, Compliance Officer (Ioannidis & Demetriou LLC)7 years with extension for another 7 years, after termination
Διαβίβαση δεδομένων σε ΜΟΚΑΣ (Οικονομικό έγκλημα), Φόρο Εισοδήματος (Corporate Tax) κ.α.  Name, Address, Telephone Numbers, Identity Numbers, Address, Email, Social Security NumberData subjects themselves    Article 6 (1) (c) Legal duty of the controller
The Insurance and Reinsurance and Other Related Matters Act of 2016 (38 (I) / 2016)  
Government services  7 years with extension for another 7 years, after termination
Transmission of data to banks (signatories, committee members)Name, Identity Number, Utility billData subjects themselves  Article 6 (1) (c) Legal duty of the controller
The Insurance and Reinsurance and Other Related Matters Act of 2016 (38 (I) / 2016)  
Bank  7 years with extension for another 7 years, after termination
Transmission of data to lawyers for handling casesContract details, Payment statusERP system  Article 6 (1) (b) – execution of a Convention to which the data subject is a contracting partyLawyers7 years after termination / expiration of the contract
Data transmission to Infocredit for the collection of cash receivablesName, Telephones. Address, Amount, Contract number, ID numberERP system and sending Excel file by email (uploading information to the infocredit-kerveros website)Article 6.1 (a) – the data subject has consented to the processing of personal dataInfocredit  7 years with extension for another 7 years at the end of cooperation, due to tax, VAT   in accordance with the legislation on income tax and value added tax
Improvement of website  customer experienceCookies  Websites www.cosmosinsurance.com.
cy and www.cosmosins.com  
Article 6.1 (a) – the data subject has consented to the processing of personal dataWeb provider  According to the partner’s privacy policy
Website communication (Contact us/ Complaints and Get a quote)  Εmail, Phone numbers, Full name,
Date of birth, ID number email body, Vehicle details, Building details etc. depending on type of insurance
Websites www.cosmosinsurance.com.
cy and www.cosmosins.com

and then an email is sent from both websites to info@cosmosinsurance.com.cy    
Article 6 (1) (b) – execution of a Convention to which the data subject is a contracting partyWeb Host  Immediate deletion of data unless the subject of communication requires data storage for some time (complaints). In such a case, the retention time will be proportionate to the issue or the outcome of the issue
Access to computer systemsSurname, Fixed Telephone Line, Company Email, LocationHuman Resource Message (electronic)Article 6 (1) (b) – execution of a Convention to which the data subject is a contracting partyMicrosoft (Office 365)  In the event of an employee leaving 1. Employees are given the right to receive any personal records and data  2. Transfer the remaining files and data to the replacement or line manager of the retired 3. Password change  – known only to the Manager (usually IT)  4. 60 days after the departure, the account is deleted
DNS/DHCP addressing   IP Addresses (static)  Interfaced with Domain controller  Article 6 (1) (b) – execution of a Convention to which the data subject is a contracting partyN/A  N/A  
 Sending a monthly note to customers for information or reminders about issues related to their contract   Insurance number, Type of insurance, Vehicle number or other type of insurance information, AmountFrom Customers themselves  Legal interestN/A  Until the customer withdraws their consent or stops being a customer
Provision of an email serviceFull Name, Phone number, Mobile Phone number, Email, Company, LocationΑπό το τμήμα Ανθρώπινου Δυναμικού  Article 6 (1) (b) – execution of a Convention to which the data subject is a contracting partyMicrosoft (Office 365)  There is a procedure which provides for the deletion of emails (after the expiry of 2 months, unless there is a special exception) of the employees who left  
Provision of Fixed PhonesFull Name, Telephone number, Department Home AddressΔια ζώσης  Legal interestΝ/Α  Deleted as a user for purposes of access   employee’s history with all of the information is not deleted
Employee Performance MeasurementUser name, Type of activity (new policies, new contracts, deletions, additions) Genius insurance system  Legal interest General DirectorateΝ/Α  
Monitoring and tracking of user movementsUsername
Accessed Files
Time  
Log 360 system  Legal interestGeneral DirectorateEvery 30 days logs are deleted

Copyright Stylianos N. Christoforou & Associates LLC