GREENVAL DATA PROTECTION NOTICE | Greenval-insurance

Greenval Insurance DAC (“Greenval”, “the Company”, “we”, “us”, “our”) takes its responsibilities under applicable data protection law, including the General Data Protection Regulation and implementing legislation (“Data Protection Law”) very seriously. Accordingly, the BNP Paribas Group, of which Greenval is a wholly owned subsidiary, has adopted strong principles in its Personal Data Protection Charter available here].

The purpose of this notice is to inform you of the data relating to you that we may collect and use and the uses (including disclosures to third parties) we may make of your data in connection with you as a customer of the Company or your other interactions with us. When you provide us with personal data related to other people, please make sure that you inform them about the disclosure of their personal data and invite them to read this notice. We will ensure that we will do the same whenever possible (e.g., when we have the person's contact details).

The Company is the controller in respect of your data and is registered under registration number 432783 and has its registered office at 2^nd Floor, The Anchorage, 17-19 Sir John Rogerson’s Quay, Dublin 2, D02 DT18.

If you have any questions about our use of your personal data please contact us at privacy@greenval-insurance.ie

Personal Data that we collect and process

The personal data that we process about you will depend on your relationship with us.

We, or our partners and processors including claim handlers, may collect, have transferred to us and process data relating to you and your authorised contacts during the course of our relationship with you (and afterwards as set out below). Such data may include:

For drivers, passengers and any injured third parties making third party liability claims:

1. 1. your name, including any former name and contact details, including your residential address, postcode, phone number and email address;
  2. your date of birth;
  3. your nationality;
  4. your car registration number;
  5. your car model and brand;
  6. your vehicle identification number (“VIN”);
  7. telematics data including geolocation information, speed information and/or impact information, time of an accident, may be collected by your vehicle if it is equipped with a telematics box. If the vehicle has a telematics box installed, you will be informed by that the vehicle is equipped with a telematics box which collects telematics data, which data may be processed by Greenval for the purpose of managing claims. ;
  8. your driver number;
  9. your gender;
  10. the policy holder and the policy number (if applicable);
  11. the location of your car accident, including city and country;
  12. the beginning date and end date of the contract of insurance for the vehicle;
  13. accident reports;
  14. hospital records;
  15. income information;
  16. police statements;
  17. minutes of the incident report;
  18. findings of the incident report; and
  19. any other personal data you have provided directly to us or to our claims handlers .

For insured clients of Greenval and employees of insured clients:

1. 1. your name and address;
  2. beginning date and end date of your contract with us;
  3. the car registration number;
  4. your claims details;
  5. pesel number (if located in Poland only);
  6. the car model and brand;
  7. the car’s plate number;
  8. the car’s VIN;
  9. any other personal data you or your representatives have provided directly to us or to our claims handlers .

If you make a complaint to us:

1. 1. your name, including any former name and contact details, including your residential address, postcode, phone number and email address;
  2. details of your complaint; and
  3. your claim number.
Purposes of processing and legal bases

We, and third party service providers acting on our behalf, will use this personal data relating to you for the purposes of:

1. 1. claims handling and management of claims in which case the legal bases for processing are that it is necessary:
    1. where you have a contract with us, for the performance of our contract with you; or
    2. for the purposes of our legitimate interests. The legitimate interest pursued in this case is the provision of services to our policy holders.
  2. managing policies and premiums, in which case the legal basis is that it is necessary for the performance of our contract with you;
  3. handling and resolving complaints made by you, in which case the legal basis is that it is necessary for the purposes of our legitimate interests. The legitimate interest pursued by us in this regard is the management of risks, including operational risks;
  4. preventing fraud, in which case the legal basis is that it is necessary for the purpose of our legitimate interests. The legitimate interest pursued by us in this regard is the prevention, investigation or detection of theft, fraud or other criminal activity;
  5. handling whistleblower disclosures in connection with sanctions, in which case the legal basis is that it is necessary for the purpose of our legitimate interests. The legitimate interest pursued by us in this regard is the compliance with sanctions requirements and the prevention, investigation or detection of fraud, bribery and/or corruption;
  6. anti-money laundering, know your customer requirements, investigation and detection of fraud, bribery and/or corruption, in which case the legal bases are that it is necessary:
    1. for the purpose of our legitimate interests. The legitimate interest pursued by us in this regard is the prevention, investigation or detection of money laundering, theft, fraud, bribery, corruption or other criminal activity;
    2. to comply with the regulations to which we are subject, including banking and financial regulations and other obligations placed on us by the Central Bank of Ireland; and
  7. establishing, exercising or defending legal claims, in which case the legal bases are that it is necessary to comply with our legal and regulatory obligations and that it is necessary for the purposes of our legitimate interests in conducting our business in a responsible and commercially prudent manner.

The legal bases on which we collect, process and transfer special categories of data relating to you in the manner described above are:

1. 1. where, subject to suitable and specific safeguards, processing of health data is necessary and proportionate for the purposes of a policy of insurance; or
  2. in limited circumstances, where you have given your explicit consent to such processing (where we have sought it and you have provided it to us).

Where we have listed legitimate interests as a legal basis for processing above, please note that we will not process your personal data for these purposes if our or the third party’s legitimate interests should be overridden by your own interests or fundamental rights and freedoms.

Sources of Data

As well as collecting information from you directly, we also receive or obtain information relating to you from third party sources such as our local partners who act as third party administrators, third party claim handlers, intermediaries and policyholders.

Recipients of Data

We may disclose your personal data to third party recipients in connection with the above purposes, including:

to third parties who we engage to provide services to us, such as professional advisors, claims handlers, subcontractors, processors, outsourced service providers and intermediaries;

to reinsurers and fronters;

to your advisors and service providers at your request;

to other entities in the BNP Paribas Group, including Arval;

to business partners and/or possible acquirers of or lenders to the Company or investors (and our and/or their advisors);

to national fleet databases, motor insurance databases or similar where we are required to do so by law; or

to competent regulatory authorities and bodies as requested or required by law.

How long we may retain your Personal Data for

We will retain your personal data for the duration of any contract or policy you have or your employer has with us, for the duration of any claims handling procedure or any complaint handling procedure relating to you or for such a period of time as is necessary to comply with our obligations under applicable law and, if relevant, to deal with any subsequent claim or dispute that might arise in connection with your relationship with us. Your personal data will be retained in accordance with our records retention policy.

Necessity of provision of certain information and consequences

There are certain pieces of information that are required so that we can comply with legal obligations that apply to us. If we do not receive this information, this may impact our ability to continue dealing with you in compliance with our obligations and internal policies.

International Transfers of Personal Data

In connection with the above we may transfer your personal data outside the European Economic Area, including to a jurisdiction which is not recognised by the European Commission as providing for an equivalent level of protection for personal data as is provided for in the European Union.

If and to the extent that we do so, we will ensure that appropriate measures are in place to comply with our obligations under applicable law governing such transfers, which may include entering into a contract governing the transfer which contains the ‘standard contractual clauses’ approved for this purpose by the European Commission or transferring your personal data pursuant to binding corporate rules.

In the absence of an adequacy decision or an appropriate safeguard we may rely on a derogation applicable to the specific situation (e.g., if the transfer is necessary for the exercise or defence of legal claims).

You can obtain more details about the basis of our international transfers by sending written request to privacy@greenval-insurance.ie.

In the event that your personal data is transferred outside the European Economic Area U , any such transfers will be on the basis of module 2 controller to processor standard contractual clauses that are put in place for this purpose.

Your rights and how to update your information

You have rights, which allow you to exercise real control over your personal data and how we process them.

If you wish to exercise the rights listed below, please submit a request by mailing a letter to the following address: 2^ndFloor, The Anchorage, 17-19 Sir John Rogerson’s Quay, Dublin D02 DT18 or on our website https://www.greenval-insurance.com/your-details

If you have any questions relating to our use of your personal data under this Privacy Notice, please contact Greenval Data Protection contact at the following address privacy@greenval-insurance.ie.

Right to access the data – If you wish to have access to your personal data, we will provide you with a copy of the personal data you requested as well as information relating to their processing. Your right of access may be limited in certain circumstances.

Right to rectification – Where you consider that your personal data are inaccurate or incomplete, you can request that such personal data be modified or completed accordingly. In some cases, supporting documentation may be required.

Right to erasure – If you wish, you may request the deletion of your personal data, to the extent permitted by law.

Right to restriction of processing or to object to processing – If you do not agree with a processing activity based on a legitimate interest, you can object to it, on grounds relating to your particular situation, by informing us precisely of the processing activity involved and the reasons for the objection. We will cease processing your personal data unless there are compelling legitimate grounds for doing so.

Right to data portability – You may request a copy of the personal data that you have provided to us in a structured, commonly used and machine-readable format. Where technically feasible, you may request that we transmit this copy to a third party.

Right to withdraw your consent – If you have given your consent to the processing of your personal data, you can withdraw this consent at any time.

Please note that these rights are not absolute, and are subject to certain restrictions and exemptions. For example, the right to erasure of personal data will not apply where we have a legitimate reason to continue to hold such data.

In order to exercise any of the rights set out above, please contact privacy@greenval-insurance.ie

The Company is required to keep all data accurate and up to date. To enable us to do this more easily, please ensure that you keep us up to date with any changes to your personal data.

Complaints

In addition to the rights mentioned above, you may lodge a complaint with the competent supervisory authority, Irish Data Protection Commission (https://forms.dataprotection.ie/contact ). If you prefer, you may also lodge a complaint with your local supervisory authority, which may communicate your complaint to the Irish Data Protection Commission or provide information to you as to how to make a complaint. See contact details for all supervisory authorities at https://edpb.europa.eu/about-edpb/about-edpb/members_en.