These Personal Data Protection Principles inform you about how and for what purposes SATUM CZECH s.r.o. obtains, stores and further processes your personal data within its activities as an insurance intermediary, i.e. in connection with the intermediation of insurance contract conclusion with insurance companies. We place great emphasis on personal data protection. We consider the personal data we process to be confidential, we maintain confidentiality about them, we emphasise security in their processing, the selection of contractual partners and strict compliance with the legal rules of processing.
The purpose of these personal data protection principles (hereinafter “Personal Data Protection Principles“) is to inform you about how and why we collect and process your personal data, about your rights and how you can exercise these rights, and what measures we have taken to protect your personal data and to implement your rights.
Personal data processing is a necessary component and condition for insurance distribution (providing or intermediating insurance). Our obligation is to distribute insurance with professional care, and we process personal data in order to be able to present you with a proposal for concluding insurance and provide recommendations based on your requirements, objectives and needs. Within the fulfilment of our obligations, pursuant to Section 80(7) of Act No. 170/2018 Coll., on Insurance and Reinsurance Distribution, as amended (hereinafter the “Act“), we are obliged to process personal data relating to natural persons involved in the establishment and changes of insurance distributed by us, including their birth numbers.
Personal data means any information relating to an identified or identifiable natural person, i.e. you, if you are a natural person, and/or your employees and/or your family members or other natural persons, if you provide us with such data (hereinafter “Personal Data“). Health data belongs to the so-called special categories of Personal Data, sometimes also referred to as “sensitive” Personal Data.
SATUM CZECH s.r.o., with registered seat Ostrava, Moravská Ostrava, 28. října 3346/91, postal code 702 00, Company No. 253 73 951, registered in the commercial register maintained by the Regional Court in Ostrava in section C, file 16189 (hereinafter “independent intermediary“, “data controller” or “we“) processes your Personal Data in connection with the intermediation of insurance between you and the insurer/insurance company and other activities related to the exercise of rights and obligations under such insurance contract, including exercising rights under insurance.
In cases where we approach potential insurance clients, present proposals for concluding insurance and carry out preparatory work leading to the conclusion of insurance, we are usually in the position of Personal Data controller. If we intermediate insurance on behalf of an insurer or provide assistance with insurance administration and exercising rights under insurance, we are in the position of Personal Data processor. The Personal Data controller will in such case be our partner insurance company, for which and on whose behalf we carry out these activities and to which we transfer your Personal Data.
The data controller has appointed a Data Protection Officer. Contact information of the Data Protection Officer:
Name of Data Protection Officer: JUDr. Radim Bartoň
Phone: +420 595 132 379
Email: osobniudaje@satum.cz
In performing insurance intermediation, we process Personal data for the purpose of:
(i) offering the possibility to arrange, change or terminate insurance, including comparing insurance;
(ii) presenting proposals for concluding, changing or terminating insurance;
(iii) carrying out other preparatory work aimed at concluding, changing or terminating insurance, including providing recommendations leading to the conclusion, change or termination of insurance;
(iv) concluding or changing insurance, or assistance with insurance administration and exercising rights under insurance;
(v) fulfilling obligations imposed on us by legal provisions in the field of insurance distribution or regulations relating to measures against so-called money laundering (client identification and verification pursuant to Act No. 253/2008 Coll., on certain measures against the legalisation of proceeds from criminal activities and terrorist financing, as amended);
(vi) sending commercial communications, such as information about insurance product offers on the market intermediated by us or information about events organised by us (hereinafter collectively “marketing purposes”), if you have given us consent to use your contact details for these purposes or if and to the extent that we are authorised to send such communications under applicable legal provisions (e.g. Act No. 480/2004 Coll., on certain information society services).
Due to your position as potential insurance clients – yourselves and/or your employees and/or your family members – we need to know Personal Data in order to be able to intermediate insurance
and perform activities according to points (i) to (v) above in relation to you, your employees, family members and/or third parties whose Personal Data you provide to us. Conversely, any granting of consent to the processing of Personal Data for marketing purposes according to point (vi) is entirely voluntary and is not a condition for the provision of our intermediary services and you can withdraw your consent for these purposes at any time.
Pursuant to Section 80(7) of the Act, we are obliged as an insurance intermediary in insurance distribution to process Personal Data relating to natural persons involved in the establishment and changes of distributed insurance, including birth numbers.
The above-mentioned obligation applies when in relation to you we act as an insurance broker, insurance agent or as another type of intermediary pursuant to Section 12 of the Act and we process your Personal Data.
In order to comply with your request for the intermediation of insurance contract conclusion with an insurance company, we also occasionally process Personal Data of your employees, family members and/or other natural persons which we have obtained from you. Regardless of whether in relation to you we are in the position of insurance broker, agent or other intermediary (see above), we process such Personal Data only for the purpose and to the extent necessary for the intermediation of insurance for the benefit of these natural persons (insured persons) whose Personal Data you provide to us.
Regardless of whether in relation to you we are in the position of insurance broker, agent or other intermediary (see above), we also process Personal Data to fulfil other legal obligations beyond the Act in accordance with relevant provisions of legal regulations (e.g. regarding contact details for invoicing purposes in accordance with accounting and tax regulations, regulations relating to measures against so-called money laundering, etc.), in accordance with relevant rules and guidelines issued by the CNB, and furthermore possibly on the basis of our legitimate interest as data controller or the legitimate interest of the insurer/insurance company, which consists in establishing, protecting and exercising our legal claims or the claims of the insurer/insurance company. Such processing may also occur after termination of the contract (between you and us, or between you and the insurer/insurance company).
We also process personal data of our clients, partners and beneficiaries, or their employees and other authorised persons, within our client portal available at www.satum.cz, if they decide to use this service (portal access). Through this portal, clients, partners and beneficiaries may in particular manage insurance policies which we have intermediated for them or for their benefit, including reporting insurance claims. We process personal data within the portal for the above-mentioned purposes of providing the portal service, within the scope and extent of our statutory obligation pursuant to Section 80 (7) of the Act.
We process your Personal Data to the extent that you provide to us through completed questionnaires, communicate personally, by telephone or electronically according to the type of insurance for which you are interested in intermediation, and further to the extent necessary to ensure performance under insurance contracts or administration of claims arising from them. We therefore obtain Personal Data primarily directly from you, and further from persons who conclude insurance for your benefit, as well as from insurance companies and other partners and persons who provide us with data related to your insurance or from whom we verify such data. The specific type and scope of Personal Data always depends on the purpose of processing, e.g. the type of insurance requested or concluded or the type of claim event. This concerns in particular the following data:
We will process your Personal Data for the period necessary to fulfil the purposes stated in Article 4 above. We will always process Personal Data for at least the duration of the insurance contract and will retain it until the end of the tenth calendar year from its termination or until the end of the tenth calendar year from the end of the insurance period. If insurance is not concluded, we will retain Personal Data until the end of the second calendar year from the last communication with you, all in accordance with Section 80(4) of the Act.
If the insurance contract has already been terminated, we will continue to process Personal Data only if it is necessary to fulfil a legal obligation for the period determined by legal provisions (such as the above-mentioned accounting regulations or anti-money laundering regulations), or if this is required of us or we are authorised to do so by CNB rules and guidelines (e.g. the obligation to ensure retention of documentation prepared in connection with the intermediation of insurance products for a period taking into account the running of limitation periods, for the purpose of being able to demonstrate the exercise of professional care). We may also retain certain Personal Data on the basis of our legitimate interest, consisting in establishing, protecting and exercising our legal claims, for the duration of limitation periods for claims arising from or relating to our intermediary activities, extended by 1 year with regard to the protection of our legal claims. In the event of commencement of court, administrative or other proceedings, we will process Personal Data to the necessary extent for the entire duration of such proceedings.
In the event that you have provided consent to the processing of your Personal Data and you withdraw this consent, we will terminate the processing of your Personal Data for the purposes for which the consent was granted; however, such withdrawal of consent does not affect the lawfulness of previous processing based on this consent (i.e. before its withdrawal), nor the lawfulness of processing of Personal Data on the basis of other legal grounds than the granted consent (e.g. legitimate interest or fulfilment of legal obligation). See also point 5.1 above.
Personal Data that we collect in the ways described above may be shared with third parties who provide insurance distribution by providing or intermediating insurance or who provide certain services related to insurance and reinsurance distribution, administrative support or use of software tools. These persons are thus in the position of controllers or processors of Personal Data.
We may therefore provide your Personal Data, or share it, particularly with the following recipients, who will usually be in the position of controllers:
(i) with partner insurers/insurance companies, whose list we will provide to you upon request; (ii) with state authorities or other third parties when fulfilling obligations under legal provisions or where it is necessary for exercising our rights (e.g. Czech National Bank, courts, criminal law enforcement authorities, tax administrators and others).
We may further share your Personal Data particularly with the following recipients, who are in the position of processors:
(i) with our subsidiary or sister companies from the SATUM group, particularly for the purpose of administrative support;
(ii) with suppliers of our IT systems, who may in certain cases have access to your Personal Data;
(iii) with tied representatives and ancillary insurance intermediaries, including intermediaries outside the European Union, if you wish to intermediate insurance with an insurer outside the European Union;
(iv) with external legal representatives, if it is necessary for exercising our rights or for protecting our legitimate interests.
With the Personal Data processors according to the previous paragraph, we have concluded Personal Data processing agreements that guarantee at least the same level of protection of your Personal Data as these Personal Data Protection Principles.
A list of current processors of your Personal Data will be sent to you upon request.
We process your Personal Data manually and by automated means in information systems. We have implemented and maintain necessary appropriate technical and organisational measures, internal controls and information security processes in accordance with best business practice corresponding to the potential risk threatening data subjects. At the same time, we take into account the state of technological development with the aim of protecting Personal Data against accidental loss, destruction, alteration, unauthorised disclosure or access. These measures may include, inter alia, particularly the adoption of appropriate steps to ensure accountability of employees and other persons carrying out intermediary activities for the insurance intermediary who have access to Personal Data, employee training, regular backups, data recovery and incident management procedures, software protection of devices on which Personal Data are stored, etc.
If you exercise any of your rights under this article or under applicable legal provisions, we shall inform each recipient to whom this data has been provided under these Personal Data Protection Principles about the action taken or erasure of your Personal Data or restriction of processing in accordance with your request, where such communication is possible and/or does not require disproportionate effort.
We will respond to you within one month of receiving your request, however we reserve the right to extend this period by two months.
Under applicable legal provisions, you have the right to rectify your Personal Data which you share with us. If you wish to exercise this right, please contact us via email address osobniudaje@satum.cz. We take reasonable measures to ensure that you can keep your Personal Data accurate and up to date. You can always contact us with an enquiry as to whether we are still processing your Personal Data.
You have the right to file a complaint regarding our data processing with the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Praha 7. Office website: www.uoou.cz.
You may withdraw your granted consent to the processing of certain Personal Data at any time without giving reasons, without affecting the lawfulness of processing based on consent given prior to its withdrawal. For this purpose, please contact the data protection officer. In such case, we will immediately erase your Personal Data.
You have the right to object at any time to the processing of personal data processed on the basis of our legitimate interest. If we cannot demonstrate compelling legitimate grounds for processing which override the interests or rights and freedoms of the data subject, or further processing is not necessary for the establishment, exercise or defence of our legal claims, we will not further process your Personal Data.
Version 3, effective from 26 August, 2019
