1. About this Privacy Statement

Eurolife Limited (referred to as ‘we’, ‘us’, ‘our’ or ‘Eurolife’) is committed to protecting your privacy and handling your data in an open and transparent manner. The personal data that we collect and process depends on the product or service requested and agreed in each case.  

This Privacy Statement:

• Provides and overview of how Eurolife collects and processes your personal data, including sensitive data and informs you about your rights under the EU General Data Protection Regulation (“GDPR’) and any law supplementing or implementing the GDPR
• Is directed to natural persons who are: (a) current or potential customers of Eurolife; and/or (b)beneficial owners or authorised representatives of legal entities or of natural persons that are current or potential customers of Eurolife; and/or (c) insured persons named under any Eurolife policy; and/or (d) third party claimants
• Is directed to natural persons who had a business relationship with Eurolife in the past
• Contains information about what personal data we collect, what we do with such personal data, who we may share it with and why in the normal course of our business
• Contains information about when we share your personal data with the Bank of Cyprus Limited, of which we are a wholly owned subsidiary and other third parties (for example, our service providers or suppliers).

For the purposes of this Privacy Statement the following terms mean as follows:

“Personal Data”: means data which identifies or may identify you. An indicative list of the personal data we process can be found under the heading “What Personal Data do we Process?”  below.  In certain insurance policies you may have with us, Personal Data will also include Sensitive Data.

“Sensitive Data”: Sensitive Data is the term we use to describe Special Categories of Personal Data (as those are set out in the GDPR) that we may process, and for our purposes mainly concerns data concerning health which may identify or reveal details about your past or current physical or mental health status, including data on any physical or mental disease or disability. Sensitive data may also include genetic data which is personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person.

“Processing”:  refers to the handling, collecting, amending, protecting, storing or other such action of your personal data.

“GDPR”: GDPR stands for the General Data Protection Regulation (EU) 2016/679 that governs the processing of personal data.

“Legal Framework”: refers to European Laws on data protection and the applicable Cyprus National Laws.  

2. Who we are

Eurolife Limited is a licensed insurance company registered in Cyprus under registration number ΗΕ36247 as a private limited liability company having its registered office at Evrou 4, Strovolos, 2003, Nicosia, Cyprus.  Eurolife Limited also operates in Greece by virtue of a Freedom of Services license under the trade name ‘Kyprou Zois’. This Privacy Statement is also applicable for operations undertaken in Greece under this trade name.   

Eurolife Limited is a member of the Bank of Cyprus Group and is a wholly owned subsidiary of Bank of Cyprus Limited.

3. How we collect your Personal Data

We obtain your Personal Data through the following channels:

a. From information you provide to us directly including:

• When you visit our website or social media pages or submit written inquiries to our website or social media pages
• If you request a quotation for insurance cover either directly or through our insurance representatives or undertake an analysis of your insurance needs
• When you request for an insurance policy
• When you register on our portal (myeurolife) and use the functionalities provided to you
• When you register on Eurolife’ s mobile application and use the functionalities provided to you
• When you participate in any marketing activity/competition provided by Eurolife or in any employee/insurance intermediary recruitment process of the Company
• When you submit any query or complaint to us through email, telephone or social media
• When you request an alteration to your policy
• When you submit a claim directly to us, through our insurance representatives, through our portal (myeurolife), through our mobile application or through an e-mail sent to our Health Service Provider.

b. From information lawfully obtained by third parties, examples include:

• Directly from an individual or an authorised representative of the legal entity that has a policy with us under which you are either an insured person or a named beneficiary (e.g. your employer for a group policy that is provided to you as an employment benefit)
• Our representatives, brokers and insurance intermediaries who have passed on your Personal Data to us
• Persons who provide services to you directly on our behalf such as our healthcare claims handlers and medical assistants, who collect and process your healthcare claims and medical evidences
• Medical practitioners or medical facilities
• Your legal representatives
• Other insurance companies
• Companies that process card payments such as JCC Payment Systems Ltd
• Other entities within the Bank of Cyprus Group
• Public Authorities.

c. From publicly available sources, examples include:

• Department of Registrar of Companies and Official Receiver
• The press and media
• Internet search engines (website or social media)
• Bankruptcy Archive.

4. What Personal Data do we process?

The type of Personal Information we usually collect and process depends on the nature of our interactions and relationship with you. We collect Personal Information about (a) current or potential customers of Eurolife, that is, persons who enter into a  contract with us for the provision of a service, namely insurance cover (b) insured persons for who we provide cover under a Eurolife insurance policy (c) beneficiaries and nominated representatives of legal entities or of natural persons who hold an insurance policy with Eurolife (d) Eurolife employees and current or potential insurance intermediaries that we cooperate with (e) contact persons of our business partners, suppliers and service providers (f) persons who take part in any competitions/surveys we carry out.

• The Personal Data collected, handled and processed by us may include:

• Contact details such as your name, address, telephone number, email address and fax number
• Identification details such as your identification or passport number, a copy of your Identification or passport, a copy of your residence permit for non-EU nationals
• Biographical and demographic data such as your date of birth, age, gender, marital status, occupation details, or if you hold/held a prominent public function (Political Exposed Person) and details in this regard, FATCA/CRS info, authentication data (e.g. Wet signature, electronic signature)
• Financial information such as annual income, source of income, proof of income, bank account number and account details, tax residency and tax identification number
• Information about other previous or current insurance policies you may have and claims histories of such policies
• Information with regard to your lifestyle activities and habits, such as for example smoking and drinking habits or whether you participated in dangerous activities (e.g. sky diving)
• Information relevant to your insurance policy such as policy history and status, cash value of the policy, policy and claims numbers
• Details of your visits to Eurolife website or social media pages, information you have provided through such channels, information collected through cookies and other tracking technologies
• Other information collected in the form of various surveys/marketing research which you agree to participate in or provide other feedback to us regarding our products or services
• Your marketing preferences
• Information about your interactions with us including complaints
• Sensitive Data
• Children’s Data.

• Sensitive Data:

For the provision of insurance cover for certain policies, we also collect and process special categories of data for insured persons. Special categories of data processed by us are data relating to your health (this can include genetic information) and can include details in relation to your past and present physical or mental health including any injury or disability information activities that may impact your health, your health history, fitness and physical activities.  We only collect and hold sensitive information with your consent or in other situations which the law allows.

• Children’s Data

We understand the importance of protecting children’s privacy. We may collect Personal data and Sensitive data in relation to children that are insured persons under Eurolife policies, or that are named or are legal beneficiaries of such policies, provided that their parents or legal guardians’ consent has been obtained or unless otherwise permitted as allowed by the Legal Framework. We do not provide online services to children. For the purposes of this Privacy Statement, “Children” are individuals under the age of eighteen (18).

5. Why we process your Personal Data and on what legal basis

5.1Personal Data

As we are committed to protecting your privacy and handling your data in an open and transparent manner, we process your Personal Data in accordance with the GDPR and the Legal Framework for one or more of the following reasons:

a. Performance of a contract:

Processing of your Personal Data is necessary for the execution/performance of a contract we have entered into with you (e.g. insurance policy) or in the case of a group insurance policy, with the owner of the policy, or for undertaking certain actions prior to entering into a contract with you.

Indicatively, with regard to an insurance policy you have with us, it is necessary for us to process your personal data with regard to the following:

• To provide you with advice/undertake an analysis of your insurance needs and to provide you with a quotation/quote you have requested for an insurance policy
• To process and underwrite insurance policy applications (including deciding whether or not to provide cover) or determine your eligibility under a group insurance scheme
• To provide you with the insurance products and services you’ve asked for or under which you may receive cover or benefits
• To administer and service your insurance policy and any claims you make
• To respond to your requests or complaints with regard to your insurance policy
• To notify you of any changes to your insurance policy or services provided under the insurance policy.

The purpose of processing personal data depends on the requirements for each product and/or service.  The insurance policy terms and conditions provide more details of the relevant purposes.

If you do not provide the personal data requested from you, we may be unable to offer you an insurance policy service, service your insurance policy, or process your claim.

b. Compliance with a legal obligation

As an insurance company we are subject to a number of legal and regulatory obligations which require the collection and processing of personal data (e.g. anti-money laundering legislation, FATCA/CRS, other tax law obligations, compliance with court orders). Such obligations require processing of certain data, for example we are required to obtain and process certain information from you on your identity, your profession and your income for purposes of compliance with anti-money laundering legislation. An additional example is tax information that we may request and process from you for compliance with FATCA/CRS tax treaties to which the Republic of Cyprus is a party.  Also, compliance with the Sanctions/Restrictive Measures that are published.

c. For the purpose of safeguarding legitimate interests

Where necessary, and taking into account your rights and freedoms, we may process your Personal Data for the performance of our contractual obligations, in order to safeguard the legitimate interests pursued by us or by a third party, provided your interest and fundamental rights are not overridden by our interests.  A legitimate interest is when we have a business or commercial reason to use your information.  Examples include:

• Maintaining our accounts and records
• Initiating legal claims, preparing our defence in litigation procedures and seeking recoveries
• Receiving legal or tax advice
• Maintaining an internal registry of legal actions filed against Eurolife
• Identifying and preventing fraud or other unlawful activities, including irregular or fraudulent claims
• Ensuring the security of our network and information systems, as well as the security of our premises and assets (through CCTV monitoring, admittance controls and anti-trespassing measures)
• Improving our products, services and communications (through e.g. voice recording of telephone communications, surveys on the services provided by our representatives, market research and data analysis)
• Identifying and assessing customers’ product preferences and customer behaviour, to award benefits that may be associated with riders or other schemes by Eurolife and/or the Bank of Cyprus Group
• Sharing your personal data with the Bank of Cyprus Group where required for execution of the bancassurance arrangement we have with the Bank of Cyprus Limited, as well as for investigations for compliance with the anti-money laundering legislation and for compliance with sanctions
• Measures, including the usage of specialised tools, in order to manage business more efficiently and for further developing products and services
• Preparation of internal reports within Eurolife in order to facilitate strategic, management, risk, operational and other decisions that need to be taken in order to evaluate, monitor and enhance the performance of Eurolife in meeting its obligations and providing its services
• Outsourcing to third party service providers communication methods such as mail printing and enveloping with customers on behalf of Eurolife
• Recording and honouring a transfer, assignment or other appointment of a beneficiary of an insurance policy, and payment of a policy to beneficiaries other than the contracting party
• Performing enhanced due diligence of existing customers where there is a suspicion that the client’s country of origin or residence is a country subject to sanctions.

d. You have provided your consent

Provided that you have given us your specific consent for processing then the lawfulness of such processing is based on that consent. You have the right to revoke consent at any time. However, any processing of Personal Data prior to the receipt of your revocation will not be affected.

e. For the performance of a task carried out in the public interest

Where we need to process your personal data in order to protect your vital interests or those of another person.

We will only process your personal data on this basis in very rare circumstances, such as where you or a third person is physically or legal incapable of giving consent and only provided that your life, or a third person’s life, is in jeopardy.

5.2 Sensitive Personal Data

We process your Sensitive Data lawfully for one or more of the following reasons:

1. You have provided your consent.

When the insurance policy you wish to purchase or the claim you wish to submit requires the provision of your Sensitive Data, we collect and process such data on the basis of your consent.

You may withdraw your consent to processing of your Sensitive Data at any time, however this will likely impact our ability to provide you with the insurance cover requested or process any claims provided under such cover.  

2. If it is necessary for the establishment, exercise or defence of legal claims.

3. If it is necessary for reasons of substantial public interest.

6. Who receives your Personal Data

The confidentiality of your Personal Data is our priority. For this reason, all the persons who are recipients of your Personal Data or Sensitive Data are subject to an obligation of confidentiality and of processing your data in accordance with applicable Legal Framework and GDPR.  Data is disclosed to such recipients and processed by such recipients only for the purposes set out above under the heading “Why we process your Personal Data and on what legal basis”.

Recipients of your data may be, for example:

• Relevant departments of Eurolife who are required to process the data for the purposes stated above
• Relevant departments of the Bank of Cyprus Limited provided you are its customer, for the purposes of your voluntary participation in a loyalty scheme which the Bank may implement for its customers and assuming that the criteria, terms and conditions as announce by the Bank are met
• Our insurance intermediaries (advisors, brokers, agent’s employees and agents) who refer your business to us
• Persons that provide services directly to you on our behalf such as independent healthcare claims administrators, travel medical aid assistance abroad providers, provision of 2^nd medical opinion services
• Persons that provide services to us such as underwriting experts, reinsurers, external legal consultants, investigators, financial and business advisors, internal and external auditors and accountants
• Medical professionals and assistants, medical facilities, chemists, other health organisations and other insurance companies in case a claim is filed against you or on your behalf by another insurance company
• Service providers we have chosen to support us in the effective provision of our products and services to you by offering technological expertise, software solutions (e.g. eSignature) and support
• The policy owner or an appointed representative of a policy under which you are insured and/or are the beneficiary (e.g. for group policies in which your employer is the owner, your employer and other persons authorised by your employer to administer the policy)
• Marketing companies and market research companies including companies which assist us in performing customer satisfaction surveys
• Card payment processing companies, such as JCC Payment Systems Ltd
• Bank of Cyprus Limited for the purpose of providing premium collection services
• Bank of Cyprus Limited for anti-money laundering purposes in respect to Eurolife customers posing increased money laundering/terrorist financing risk
• Other banking/financial institutions in the event of an assignment by you of an insurance policy as collateral for a credit granted to you or to a third party/company
• Website, mobile app and advertising agencies e.g. Google Analytics for reporting purposes
• Fraud prevention agencies, such as private investigators
• File storage companies, archiving and/or records management companies
• Call centers and/or other service providers which may assist us with large scale campaigns and/or for the execution of an insurance contract
• Supervisory and other regulatory and public authorities if an obligation to disclose your data exists.

Some of the recipients of your Personal Data may be located in third countries (i.e. countries outside the European Economic Area) or Eurolife uses service providers that may have their headquarters, parent companies or data centers in a third country. We ensure that such processers are obligated to comply with the European data protection standards and to provide appropriate safeguards in relation to the transfer of your data in accordance with the GDPR and Legal Framework.

7. How long we keep your personal data for

We will keep your personal data for as long as we have a business relationship with you as either an individual or as an appointed representative of a legal entity, or a beneficial owner.

Once our business relationship with you has ended, we may keep your personal data for the longest of the following periods: (i) any retention period set out in our retention policy which is in line with regulatory requirements relating to retention and it is set up to 8 years or (ii) the end of the period in which legal action or investigations might arise in respect of the products and services provided.

We may keep your data for longer if we cannot delete it for legal, regulatory or technical reasons. If we do, we will make sure that your privacy is protected and only use it for these purposes.

For prospective customer data we shall keep your personal data for 2 years from the date that a quotation was provided to you, assuming that no insurance applications or policies arose in relation to the quotation provided, or unless you have requested that we maintain this data for a further period of time as determined by yourself.

8. Automated Decision Making

With regard to certain types of insurance cover, when you wish to submit an electronic application for such insurance cover with us, we will use systems to make automated underwriting decisions based on Personal Data and Sensitive Data you have provided us with.  You have the right in this case to contact us to:

1. Give you information about the processing of such data
2. To object to such electronic underwriting and to request that you are assessed by our Underwriting Department instead. In such a case we will require the completion of a hard copy insurance application.

9. Marketing activities and Profiling.

We may process your Personal Data to inform you about products, services and offers that may be of interest to you or your business.

The Personal Data that we process for this purpose consists of information you provide to us and data we collect and/or infer when you use our services, such as information on your policy transactions. We study all such information to form a view on what we think you may need or what may interest you. In some cases, profiling is used, i.e. we process your data automatically with the aim of evaluating certain personal aspects in order to provide you with targeted marketing information on products.

We can only use your Personal Data to promote our products and services to you if we have your explicit consent to do so or, in certain cases, if we consider that it is in our legitimate interest to do so.

You have the right to object at any time to the processing of your personal data for marketing purposes, which includes profiling, by contacting our Customer Services Center or any of our branches either in person or in writing.

Even if you inform us that you no longer wish to receive marketing material, you will still receive other important information from us from time to time, such as changes to your existing products or services.

10. Obligation for you to provide us with your Personal Data and consequence of non-provision

In order for us to proceed with a business relationship with you, you must provide the Personal Data required for the commencement and execution of a business relationship and the performance of our contractual obligations.

In regards to an insurance policy you are interested in, if you do not provide us with the necessary personal information requested in our quotations, or applications, we will most likely not be in a position to accept your application for insurance with us.  This also applies to any claims you may request under an insurance policy.

Furthermore, we are obligated in certain circumstances to collect Personal Data from you for compliance with our legal obligations, such as for example identification details for compliance with anti-money laundering legislation and tax details for compliance with FATCA/CRS treaties.

Kindly note that if you do not provide us with the required data, then we will not be allowed to commence or continue our business relationship either with you as an individual or as the authorized representative of a legal entity or beneficial owner of a policy.

11. Your data protection rights

You have the following rights in terms of your Personal Data that we hold about you:

• Receive access to your Personal Data. This enables you to e.g. receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it. In order to receive such a copy you can complete our web form through our website.
• Request correction [rectification] of the Personal Data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
• Request erasure of your Personal Data. This enables you to ask us to erase your Personal Data also known as the ‘right to be forgotten’ where there is no good reason for us continuing to process it.
• Object to processing of your Personal Data. Where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you object, we will no longer process your Personal Data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.

You also have the right to object where we are processing your Personal Data, for direct marketing purposes. This also includes profiling in as much as it is related to direct marketing If you object to processing for direct marketing purposes, then we will stop the processing of your Personal Data for such purposes.

• Request the restriction of processing of your Personal Data. This enables you to ask us to restrict the processing of your Personal Data, i.e. use it only for certain things, if:
• it is not accurate
• it has been used unlawfully but you do not wish for us to delete it
• it is no longer relevant , but you want us to keep it for use in possible legal claims
• you have already asked us to stop using your Personal Data but you are waiting for us to confirm if we have legitimate grounds to use your data.
• Request to receive a copy of your Personal Data in a format that is structured and commonly used and transmit such data to other organisations. You also have the right to have your Personal Data transmitted directly by ourselves to other organisations you will name, also known as the right to data portability.
• Withdraw the consent that you gave us with regard to the processing of your Personal Data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you.

To exercise any of your rights, or if you have any other questions about our use of your Personal Data, please contact our Customer Services Center, or visit any of our branches, or complete the relevant web form through our website (http://www.eurolife.com.cy/epikoinonia/epikoinoniste-mazi-mas/aitima/).

12. How to complain

If you have exercised any or all of your data protection rights and still feel that your concerns about how we use your personal data have not been adequately addressed by us, you have the right to complain in writing at the following addresses : (a) via post at : 4, Evrou Street, Eurolife House, 2003 Strovolos, Nicosia, Cyprus, (b) via email at : info@eurolife.bankofcyprus.com or (c) by completing our on line contact form (http://www.eurolife.com.cy/epikoinonia/epikoinoniste-mazi-mas/complaint/). You also have the right to complain to the Office of the Commissioner for Personal Data Protection. Find out more on their website on how to submit a complaint at http://www.dataprotection.gov.cy.

13. Changes to this Privacy Statement

We may modify or amend this Privacy Statement from time to time.

We will notify you appropriately when we make major changes to this Privacy Statement and we will amend the revision date at the bottom of this page. We do however encourage you to review this Privacy Statement periodically in order to be so informed about how we are processing and protecting your personal information.

14. Contact Details of DPO

If you have any questions, or want more details about how we use your Personal Data, you can contact our Data Protection Officer at Evrou 4, Strovolos, 2003, Nicosia, Cyprus, or sent an email: dpo@eurolife.bankofcyprus.com or through the telephone line 80008880

15. Cookies

Our website uses small files known as cookies to make it work better in order to improve your experience.

To find out more about how we use cookies please see our cookie policy at www.eurolife.com.cy.