About this Policy

We at EuroLife Ltd. (referred to as ‘we’, ‘us’, ‘our’ or ‘EuroLife’) are committed to protecting your privacy and handling your data in an open and transparent manner. The personal data that we collect and process depends on the product or service requested and agreed in each case.  

This privacy statement sets out general information about how we manage your personal information and how you can contact us about this Privacy Statement or the personal information that we hold.

For the purposes of this privacy statement the following terms mean as follows:

“Personal Data” or “Personal Information” : when we refer to Personal Data or Personal Information, we mean data which identifies or may identify you. An indicative list of the personal data we process can be found under the heading “What Personal Data do we Process?”  below.  In cases of certain insurance policies you may have with us, Personal Data will also include Sensitive Data.

“Processing”: when we refer to Processing of your Personal Data, we collectively refer to the handling, collecting, amending, protecting, storing or other such action of your personal data.

“Sensitive Data”: Sensitive Data is the term we use to describe Special Categories of Personal Data (as these are set out in the GDPR) that we may process, and for our purposes mainly concerns data concerning health which may identify or reveal details about your past or current physical or mental health status, including data on any physical or mental disease or disability. Sensitive data may also include genetic data which is personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person.

“GDPR” : GDPR stands for the General Data Protection Regulation (EU) 2016/679 which is part of the legal framework (along with any other data protection laws or regulations in Cyprus) that governs the processing that we undertake of your personal data.   

Who we are

EuroLife Ltd is a licensed insurance company registered in Cyprus under registration number ΗΕ36247 as a private limited liability company having its registered office at Evrou 4, Strovolos, 2003, Nicosia, Cyprus.

How we collect your Personal Data

We obtain your Personal Data through the following channels:

(a)    From information you provide to us, examples include:

  • When you visit our website or social media pages or submit written inquiries to our website or social media pages;
  • If you request a quotation for insurance cover either directly or through our insurance representative or undertake an analysis of your insurance needs;
  • When you apply for an insurance policy;
  • When you participate in any marketing activity/competition provided by EuroLife or in any employee/insurance intermediary recruitment process of the Company;
  • When you submit any query or complaint to us through email, telephone or social media;
  • When you submit a claim with us or request an alteration to your policy.

(b)    From information lawfully obtained by third parties, examples include:

  • Directly from an individual or an authorised representative of the legal entity that has a policy with us under which you are either an insured person or a named beneficiary (e.g. your employer for a group policy that is provided to you as an employment benefit);
  • Our representatives and insurance intermediaries who have passed on your Personal Data to us;
  • Persons who provide services to you directly on our behalf such as our healthcare claims handlers, who collect and process your healthcare claims;
  • Medical practitioners or medical facilities;
  • Your legal representatives;
  • Other insurance companies;
  • Other entities within the Bank of Cyprus Group;  
  • Public Authorities.

(c)    From publicly available sources:

  • Department of Registrar of Companies and Official Receiver;
  • The press and media;
  • Internet search engines;
  • Bankruptcy Archive.

 

What Personal Data do we process?

The type of Personal Information we usually collect and process depends on the nature of our interactions and relationship with you. We collect Personal Information about (a) current or potential customers of EuroLife, that is, persons who contract with us for the provision of a service, namely insurance cover (b) insured persons for who we provide cover under a Eurolife insurance policy (c) beneficiaries and nominated representatives of legal entities or of natural persons who hold an insurance policy with Eurolife (d) EuroLife employees and current or potential insurance intermediaries that we cooperate with (e) contact persons of our business partners, suppliers and service providers (f) persons who take part in any competitions/surveys we carry out.

1. The Personal Data collected, handled and processed by us may include:

  • Contact details such as your name, address, telephone number, email address and fax number;
  • Identification details such as your identification or passport number, a copy of your Identification or passport, a copy of your residence permit for non-EU nationals;
  • Biographical and demographic data such as your date of birth, age, gender, marital status, occupation details, or if you hold/held a prominent public function and details in this regard;
  • Financial information such as annual income, source of income, proof of income, bank account number and account details, tax residency and tax identification number; 
  • Information about other previous or current insurance policies you may have and claims histories of such policies;  
  • Information with regard to your lifestyle activities and habits, such as for example smoking and drinking habits or whether you undertake dangerous activities; 
  • Information relevant to your insurance policy such as policy history and status, cash value of the policy, policy and claims numbers;
  • Details of your visits to EuroLife website or social media pages, information you have provided through such channels, information collected through cookies and other tracking technologies;
  • Other information collected in the form of various surveys/marketing research which you agree to participate in or provide other feedback to us regarding our products or services; 
  • Your marketing preferences;
  • Information about your interactions with us including complaints;
  • Sensitive Data
  • Children’s Data 

2. Sensitive Data:

For the provision of insurance cover for certain policies, we also collect and process special categories of data for insured persons. Special categories of data processed by us are data relating to your health (this can include genetic information), and can include details in relation to your past and present physical or mental health including any injury or disability information activities that may impact your health, your health history, fitness and physical activities.  We only collect and hold sensitive information with your consent or in other limited situations which the law allows.

3. Children’s Data

We understand the importance of protecting children’s privacy. We may collect Personal data and Sensitive data in relation to children that are insured persons under Eurolife policies, or that are named or legal beneficiaries of such policies, provided that their parent’s or legal guardian’s consent has been obtained or unless otherwise permitted by law. We do not provide online services to children. For the purposes of this Privacy Statement, “Children” are individuals under the age of eighteen (18).

Why we process your Personal Data and on what legal basis

1. Personal Data

We process your Personal Data lawfully for one or more of the following reasons:

a)      Performance of a contract:

Processing of your Personal Data is necessary for the execution/performance of a contract we have entered into with you (e.g. insurance policy) or in the case of a group insurance policy, with the owner of the policy, or for undertaking certain actions prior to this with the aim of entering into a contract with you.

Indicatively, with regard to an insurance policy you have with us, it is necessary for us to process your personal data with regard to the following:

  • To provide you with advice/undertake an analysis of your insurance needs and to provide you with a quotation/quote you have requested for an insurance policy;
  • To process and underwrite insurance policy applications (including deciding whether or not to provide cover) or determine your eligibility under a group insurance scheme;
  • To provide you with the insurance products and services you’ve asked for or under which you may receive cover or benefits;
  • To administer and service your insurance policy and any claims you make;
  • To respond to your requests or complaints with regard to your insurance policy;
  • To notify you of any changes to your insurance policy or services provided under the insurance policy.

b)      Compliance with a legal obligation

As an insurance company we are subject to a number of legal and regulatory obligations which require the collection and processing of personal data (e.g. anti-money laundering measures, FATCA/CRS, other tax law obligations, compliance with court orders and so forth). Such obligations require processing of certain data, for example we are required to obtain and process certain information from you on your identity, your profession and your income for purposes of compliance with anti-money laundering measures. An additional example is tax information that we may request and process from you for compliance with FATCA/CRS tax treaties to which the Republic of Cyprus is a party.

c)       For the purpose of safeguarding legitimate interests

Where necessary, and taking into account your rights and freedoms, we may process Personal Data above and beyond the actual performance of our contractual obligations, in order to safeguard the legitimate interests pursued by us or by a third party.  Examples include:

  • Initiating legal claims, preparing our defence in litigation procedures and seeking recoveries;
  • Receiving legal or tax advice;
  • Identifying and preventing fraud or other unlawful activities, including irregular or fraudulent claims;
  • Ensuring the security of our network and information systems, as well as the security of our premises and assets (through CCTV monitoring, admittance controls and anti-trespassing measures)
  • Improving our products, services and communications (through e.g. voice recording of telephone communications, opinion requests on our customer service and on the services provided by our representatives, market research and data analysis);  
  • Sharing your personal data with the Bank of Cyprus Group where required for execution of the bancassurance arrangement we have with the Bank as well as for investigations for compliance with the anti-money laundering regulatory framework;
  • Recording and honouring a transfer, assignment or other appointment of a beneficiary of an insurance policy, and payment of a policy to beneficiaries other than the contracting party.

 

d)      You have provided your consent

Provided that you have given us your specific consent for processing then the lawfulness of such processing is based on that consent. You have the right to revoke consent at any time. However any processing of Personal Data prior to the receipt of your revocation will not be affected.

2. Sensitive Personal Data

We process your Sensitive Data lawfully for one or more of the following reasons:

a)       You have provided your consent.

When the insurance policy you wish to purchase or the claim you wish to submit requires the provision of your Sensitive Data, we collect and process such data on the basis of your consent.

You may withdraw your consent to processing of your Sensitive Data at any time, however this will likely impact our ability to provide you with the insurance cover requested or process any claims provided under such cover.  

b)      If it is necessary for the establishment, exercise or defence of legal claims;

c)       If it is necessary for reasons of substantial public interest, such as preventing insurance fraud;

Who receives your Personal Data

The confidentiality of your Personal Data is our priority. For this reason, all the persons who are recipients of your Personal or Sensitive Data are subject to an obligation of confidentiality and of processing your data in accordance with applicable data protection law and GDPR.  Data is disclosed to such recipients and processed by such recipients only for the purposes set out above under the heading “Why we process your Personal and Sensitive Data and on what legal basis”.

Recipients of your data may be, for example:

  • Relevant departments of EuroLife who are required to process the data for the purposes stated above;
  • Relevant departments of the companies within the Bank of Cyprus Group;
  • Our insurance intermediaries (advisors, brokers and agents) who refer your business to us;,
  • Persons that provide services directly to you on our behalf such as healthcare claims handling experts, travel medical aid assistance abroad providers, provision of 2nd medical opinion services;
  • Persons that provide services to us such as underwriting experts, reinsurers, external legal consultants, investigators, financial  and business advisors, auditors and accountants;
  • Medical professionals, medical facilities, chemists ,other health organisations and other insurance companies;
  • The policy owner or an appointed representative of a policy under which you are insured and/or are the beneficiary (e.g. for group policies in which your employer is the owner, your employer and other persons authorised by your employer to administer the policy).
  • Supervisory and other regulatory and public authorities, if an obligation to disclose your data exists.

Some of the recipients of your personal data may be located in third countries (i.e. countries outside the European Economic Area). We ensure that such processers are obligated to comply with the European data protection standards and to provide appropriate safeguards in relation to the transfer of your data in accordance with the GPR.

How long we keep your personal data for

We will keep your personal data for as long as we have a business relationship with you as either an individual or as an appointed representative of a legal entity, or a beneficial owner.

Once our business relationship with you has ended, we may keep your personal data for the longest of the following periods: (i) any retention period set out in our retention policy which is in line with regulatory requirements relating to retention or (ii) the end of the period in which legal action or investigations might arise in respect of the products and services provided.

We may keep your data for longer if we cannot delete it for legal, regulatory or technical reasons. If we do, we will make sure that your privacy is protected and only use it for these purposes.

For prospective customer data we shall keep your personal data for 12 months from the date that a quotation was provided to you, assuming that no insurance applications or policies arose in relation to the quotation provided, or unless you have requested that we maintain this data for a further period of time as determined by yourself.

Automated Decision Making

With regard to certain types of insurance cover, when you wish to submit an electronic application for such insurance cover with us, we will use systems to make automated underwriting decisions based on Personal and Sensitive Data you have provided us with.  You have the right in this case to contact us to:

a)       Give you information about the processing of such Data  

b)      To object to such electronic underwriting and to request that you are assessed by our Underwriting Department instead. In such a case we will require the completion of a hard copy insurance application.

Marketing activities and Profiling

We may process your personal data to tell you about products, services and offers that may be of interest to you or your business.

The personal data that we process for this purpose consists of information you provide to us and data we collect and/or infer when you use our services, such as information on your policy transactions. We study all such information to form a view on what we think you may need or what may interest you. In some cases, profiling is used, i.e. we process your data automatically with the aim of evaluating certain personal aspects in order to provide you with targeted marketing information on products.

We can only use your personal data to promote our products and services to you if we have your explicit consent to do so or, in certain cases, if we consider that it is in our legitimate interest to do so.

You have the right to object at any time to the processing of your personal data for marketing purposes, which includes profiling, by contacting at any time our Customer Services Center or any of our branches either in person or in writing.

Obligation for you to provide us with your Personal Data and consequence of non-provision

In order for us to proceed with a business relationship with you, you must provide the Personal Data required for the commencement and execution of a business relationship and the performance of our contractual obligations.

In the case of an insurance policy you wish us to provide to you, this means that If you do not provide us with the necessary personal information requested in our quotations, application or claim forms, we will most likely not be in a position to accept your application for insurance with us, or any claims you may make under the Policy.

Furthermore we are obligated in certain circumstances to collect personal data from you for compliance with our legal obligations, such as for example identification details for compliance with anti-money laundering measures and tax details for compliance with FATCA/CRS treaties.

Kindly note that if you do not provide us with the required data, then we will not be allowed to commence or continue our business relationship either with you as an individual or as the authorized representative of a legal entity or beneficial owner of a policy.

Your Data protection rights

You have the following rights in terms of your personal data we hold about you:

  • Receive access to your personal data. This enables you to e.g. receive a copy of the personal data we hold about you and to check that we are lawfully processing it. In order to receive such a copy you can complete our web form through our website (http://www.eurolife/en-gb/contact_us/).
  • Request correction [rectification] of the personal data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to erase your personal data [known as the ‘right to be forgotten’] where there is no good reason for us continuing to process it.
  • Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.

You also have the right to object where we are processing your personal data, for direct marketing purposes. This also includes profiling in as much as it is related to direct marketing.

If you object to processing for direct marketing purposes, then we shall stop the processing of your personal data for such purposes.

  • Request the restriction of processing of your personal data. This enables you to ask us to restrict the processing of your personal data, i.e. use it only for certain things, if:

-      it is not accurate,

-      it has been used unlawfully but you do not wish for us to delete it,

-      it is not relevant any more, but you want us to keep it for use in possible legal claims,

-      you have already asked us to stop using your personal data but you are waiting for us to confirm if we have legitimate grounds to use your data.

  • Request to receive a copy of the personal data concerning you in a format that is structured and commonly used and transmit such data to other organisations. You also have the right to have your personal data transmitted directly by ourselves to other organisations you will name [known as the right to data portability].
  • Withdraw the consent that you gave us with regard to the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you.

To exercise any of your rights, or if you have any other questions about our use of your personal data, please contact our Customer Services Center, your insurance intermediary, or visit any of our branches, or complete the relevant web form through our website (http://www.eurolife.com.cy/en-gb/contact_us/).

You can also contact our Data Protection Officer at dpo@eurolife.bankofcyprus.com

We endeavour to address all of your requests promptly.

How to complain

If you have exercised any or all of your data protection rights and still feel that your concerns about how we use your personal data have not been adequately addressed by us, you have the right to complain by completing our on line contact form (http://www.eurolife.com.cy/en-gb/contact_us). You also have the right to complain to the Office of the Commissioner for Personal Data Protection. Find out on their website how to submit a complaint (http://www.dataprotection.gov.cy).

Changes to this privacy statement

We may modify or amend this privacy statement from time to time.

We will notify you appropriately when we make changes to this privacy statement and we will amend the revision date at the bottom of this page. We do however encourage you to review this statement periodically so as to be always informed about how we are processing and protecting your personal information.

Contact Details of DPO

If you have any questions, or want more details about how we use your personal information, you can contact our Data Protection Officer at Evrou 4, Strovolos, 2003, Nicosia, Cyprus, email: dpo@eurolife.bankofcyprus.com.

Cookies

Our website use small files known as cookies to make it work better in order to improve your experience.

To find out more about how we use cookies please see our cookie policy