These Principles of Personal Data Protection inform about how and for what purposes the company SATUM CZECH s.r.o. obtains, stores and further processes your personal data in the course of its activities as an insurance intermediary, that is in connection with the intermediation of the conclusion of insurance contracts with insurers. We place great emphasis on the protection of personal data. We consider the personal data we process to be confidential, we maintain confidentiality about them, we emphasise security in their processing, the selection of contractual partners and strict compliance with the statutory rules of processing.
The processing of personal data is a necessary component of and condition for the distribution of insurance (provision or intermediation of insurance). Our obligation is to distribute insurance with professional care, whereby we process personal data so that we can, on the basis of your requirements, objectives and needs, submit a proposal for the conclusion of insurance and provide a recommendation. In the course of fulfilling our obligations, pursuant to the provisions of Section 80(7) of Act No. 170/2018 Coll., on Insurance and Reinsurance Distribution, as amended (hereinafter the “Act“), we are obliged to process personal data relating to natural persons involved in the creation and changes of insurance distributed by us, including their birth identification numbers.
The purpose of these principles of personal data protection (hereinafter the “Principles of Personal Data Protection“) is to inform you about how and why we collect and process your personal data, about your rights and how you can exercise these rights, and what measures we have adopted to protect your personal data and to exercise your rights.
Personal data means any information relating to an identified or identifiable natural person, that is you, if you are a natural person, and/or your employees and/or your family members or other natural persons, if you provide us with such data (hereinafter “Personal Data“). Data on health status are among the so-called special categories of Personal Data, sometimes also referred to as “sensitive” Personal Data.
The company SATUM CZECH s.r.o., with its registered office at Ostrava, Moravská Ostrava, 28. října 3346/91, Postal Code 702 00, Company Registration Number 253 73 951, registered in the Commercial Register maintained by the Regional Court in Ostrava in section C, file 16189 (hereinafter the “independent intermediary“, “controller” or “we“) processes your Personal Data in connection with the intermediation of insurance between you and the insurer/insurance company and other activities related to the exercise of rights and obligations under such insurance contract, including the exercise of rights from insurance.
In cases where we approach prospective policyholders, submit proposals for the conclusion of insurance and carry out preparatory work leading to the conclusion of insurance, we are usually in the position of controller of Personal Data. If we intermediate insurance on behalf of the insurer or provide assistance in the administration of insurance and in the exercise of rights from insurance, we are in the position of processor of Personal Data. The controller of Personal Data will in such case be our partner insurance company, for which and on whose authorisation we provide these activities and to which we transfer your Personal Data.
The controller has appointed a data protection officer. Contact information of the data protection officer:
Name of officer: JUDr. Radim Bartoň
Telephone: +420 595 132 379
E-mail: osobniudaje@satum.cz
In the performance of insurance intermediation, we process Personal Data for the purpose of:
By reason of your position as prospective policyholder yourself and/or your employees and/or your family members, we need to know Personal Data so that we can intermediate insurance and perform activities pursuant to points (i) to (v) above in relation to you, your employees, family members and/or third persons whose Personal Data you provide to us. Conversely, any grant of consent to the processing of Personal Data for marketing purposes pursuant to point (vi) is entirely voluntary and is not a condition for the provision of our intermediary services and you may revoke your consent for these purposes at any time.
Pursuant to the provisions of Section 80(7) of the Act, we are in the position of insurance intermediary in the distribution of insurance obliged to process Personal Data relating to natural persons involved in the creation and changes of distributed insurance, including birth identification numbers.
The above-mentioned obligation applies when in relation to you we act as insurance broker, insurance agent or as another type of intermediary pursuant to Section 12 of the Act and we process your Personal Data.
In order to comply with your request for the intermediation of the conclusion of an insurance contract with an insurance company, we also process occasionally Personal Data of your employees, family members and/or other natural persons which we have obtained from you. Regardless of whether we are in relation to you in the position of insurance broker, agent or other intermediary (see above), we process such Personal Data only for the purpose and to the extent necessary for the intermediation of insurance in favour of these natural persons (insured persons) whose Personal Data you provide to us.
Regardless of whether we are in relation to you in the position of insurance broker, agent or other intermediary (see above), we process Personal Data also for the fulfilment of other legal obligations beyond the scope of the Act in accordance with the relevant provisions of legal regulations (e.g. in relation to contact details for the purposes of invoicing in accordance with regulations in the area of accounting and taxes, regulations concerning anti-money laundering measures, etc.), in accordance with the relevant rules and guidelines issued by the CNB and further possibly on the basis of our legitimate interest as controller or legitimate interest of the insurer/insurance company, which consists in the determination, protection and exercise of our legal claims or claims of the insurer/insurance company. Such processing may take place even after the termination of the contract (between you and us, or between you and the insurer/insurance company).
We also process Personal Data of our clients, partners and acquirers, or their employees and other authorised persons, within our client portal available at www.satum.cz, if they decide to use this service (access to the portal). Through this portal, clients, partners and acquirers can in particular administer insurance which we have intermediated for them or in their favour, including reporting insured events. We process Personal Data within the portal for the above-mentioned purposes of providing the portal service, within the scope of and to the extent of our legal obligation pursuant to Section 80(7) of the Act.
We process your Personal Data to the extent that you provide to us through completed questionnaires, communicate personally, by telephone or electronically according to the type of insurance in the intermediation of which you are interested, and further to the extent necessary to ensure the performance of insurance contracts or the administration of claims from them. We therefore obtain Personal Data primarily directly from you, and further from persons who conclude insurance in your favour, as well as from insurance companies and other partners and persons who provide us with data related to your insurance or with whom we verify such data. The specific type and scope of Personal Data always depend on the purposes of processing, e.g. the type of insurance requested or being concluded or the type of loss event. These are in particular the following data:
We will process your Personal Data for the period which is necessary for the fulfilment of the purposes stated in Article 4 above. We will always process Personal Data at least for the duration of the insurance contract and we will store them until the end of the tenth calendar year from its termination or until the end of the tenth calendar year from the end of the insurance period. If the conclusion of insurance does not take place, we will store Personal Data until the end of the second calendar year from the last communication with you, all in accordance with Section 80(4) of the Act.
If the insurance contract has already been terminated, we will further process Personal Data only if it is necessary to fulfil a legal obligation for the period determined by legal regulations (such as, for example, the above-mentioned regulations in the area of accounting or anti-money laundering regulations), or if the rules and guidelines of the CNB require or authorise us to do so (e.g. the obligation to ensure the storage of documentation prepared in connection with the intermediation of insurance products for a period taking into account the running of limitation periods, for the purpose of being able to demonstrate the exercise of professional care). We may also store certain Personal Data on the basis of our legitimate interest, consisting in the determination, protection and exercise of our legal claims, for the duration of limitation periods, of claims arising from or related to our intermediary activities, extended by 1 year with regard to the protection of our legal claims. In the event of the commencement of court, administrative or other proceedings, we will process Personal Data to the necessary extent for the entire duration of such proceedings.
In the event that you have provided consent to the processing of your personal data and you revoke this consent, we will terminate the processing of your personal data for the purposes for which the consent was granted; such revocation of consent does not, however, affect the lawfulness of previous processing based on this consent (i.e. before its revocation), nor the lawfulness of the processing of Personal Data on the basis of legal grounds other than the granted consent (e.g. legitimate interest or fulfilment of a legal obligation). See also point 5.1. above.
Personal Data which we collect in the ways described above may be shared with third parties who ensure the distribution of insurance by providing or intermediating insurance or ensure certain services related to the distribution of insurance and reinsurance, administrative support or the use of software means. These persons are thus in the position of controllers or processors of Personal Data.
We may therefore provide, or share, your Personal Data in particular with the following recipients, who will usually be in the position of controllers:
We may further share your Personal Data in particular with the following recipients, who are in the position of processors:
We have concluded contracts on the processing of Personal Data with processors of Personal Data pursuant to the preceding paragraph, which guarantee at least the same level of protection of your Personal Data as these Principles of Personal Data Protection.
The list of current processors of your personal data will be sent to you upon request.
We process your Personal Data manually and by automated means in information systems. We have implemented and maintain necessary appropriate technical and organisational measures, internal controls and information security processes in accordance with best business practice corresponding to the possible threatening risk to data subjects. At the same time, we take into account the state of technological development with the aim of protecting Personal Data against accidental loss, destruction, changes, unauthorised disclosure or access. These measures may, inter alia, include in particular the adoption of appropriate steps to ensure the responsibility of employees and other persons performing intermediary activity for the insurance intermediary who have access to Personal Data, employee training, regular backups, procedures for data recovery and incident management, software protection of devices on which Personal Data are stored, etc.
If you exercise any of your rights under this Article or pursuant to applicable legal regulations, we shall inform about the adopted measure or erasure of your Personal Data or restriction of processing in accordance with your request each recipient to whom such data have been provided pursuant to these Principles of Personal Data Protection, if such communication will be possible and/or will not require disproportionate effort.
We will respond to you within one month of receiving your request, whereby, however, we reserve the right to extend this period by two months.
In accordance with applicable legal regulations, you have the right to request access to your Personal Data which we process as controller of Personal Data, the right to their rectification, erasure or transfer (e.g. transfer of your Personal Data to another service provider), the right to lodge objections and also the right to request restriction of our processing.
Pursuant to applicable legal regulation, you have the right to rectification of your Personal Data which you share with us. If you wish to exercise this right, please contact us via the email address osobniudaje@satum.cz. We adopt appropriate measures to ensure that you can maintain your Personal Data accurate and up to date. You can always contact us with an enquiry whether we still process your Personal Data.
You may request us at any time for the erasure of your Personal Data. If you approach us with such a request, we will delete without undue delay all your Personal Data which we have, if we no longer need your Personal Data for the fulfilment of contractual and legal obligations or the protection of our legitimate interests, as described above.
You have the right to obtain Personal Data relating to your person and Personal Data which you have provided to us. If you so request, we may send certain of your Personal Data (in particular therefore those data which we process on the basis of performance of a contract and/or your consent) directly to a third party (another controller), which you specify in your request, if such request will not have a negative effect on the rights and freedoms of other persons, and if it will be technically feasible.
If you request us for restriction of processing of your Personal Data, for example in a case where you contest the accuracy, lawfulness or our need to process your Personal Data, we will restrict the processing of your Personal Data to the necessary minimum (storage), and possibly we will process them only for the determination, exercise or defence of legal claims, or by reason of the protection of rights of another natural or legal person, or other limited reasons prescribed by applicable legal regulations. If the restriction is cancelled and we will continue in the processing of your Personal Data, we will inform you about this without undue delay.
You have the right to lodge a complaint concerning our processing of data with the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7. Website of the office: www.uoou.cz.
You may revoke at any time the granted consent to the processing of certain personal data without stating a reason, without prejudice to the lawfulness of processing based on the consent granted before its revocation. For this purpose, please contact the data protection officer. In such case, we will erase your personal data without delay.
You have the right to lodge at any time an objection to the processing of personal data processed on the basis of our legitimate interest. If compelling legitimate grounds for processing are not demonstrated on our part which override the interests or rights and freedoms of the data subject, or further processing will not be necessary for the determination, exercise or defence of our legal claims, we will not further process your personal data.
Version 3, valid from 26 August 2019
