MEDIBROKER - Corretor e Consultor de Seguros, S.A. needs to regularly collect personal data as part of its insurance distribution activities
You can also obtain more information from the CNPD - National Commission for Data Protection at www.cnpd.pt
Personal Data Controller
The entity responsible for processing personal data is MEDIBROKER- Corretor e Consultor de Seguros, S.A., NIF 501108530, with share capital of EUR 50,000.00, an insurance intermediary registered on 30/11/2007 in the register of the ASF - Supervisory Authority for insurance and pension funds in Portugal, under the category of Insurance Broker, with no. 607246357/3, authorised to perform the activity of insurance distribution in the Life and Non-Life sectors, which may be verified and confirmed at www.asf.com.pt
Data Protection Officer
MEDIBROKER has appointed a Data Protection Officer ("DPO") and complaints handler, who can be directly contacted by email address firstname.lastname@example.org, or by letter, to:
MEDIBROKER - Corretor e Consultor de Seguros, S.A.,
a.c. Data Protection Officer
R. Diogo Macedo, 114 – 3º A e B, 4400-107 V. N. Gaia
Secrecy and Confidentiality
MEDIBROKER shall maintain strict confidentiality towards third parties in relation to all facts or information that it gains knowledge of in the performance of its functions. Except in cases where the law requires that this information be given to the authorities.
Processing of Personal Data
Personal data provided as part of the relationship established with MEDIBROKER shall be processed in accordance with the applicable legal precepts, namely:
• Processed in a way that is lawful, fair and transparent;
• Collected for specified, explicit and legitimate purposes, and subsequently processed in a way that is compatible with those purposes;
• Adequate, relevant and limited to what is strictly necessary for the purposes for which it is being processed;
• Accurate and, where necessary, up to date, taking appropriate steps to ensure that any inaccurate or incomplete data is erased or rectified, keeping in mind the purposes for which it was collected or for which it is subsequently processed;
• Stored in a way that allows its owner to be identified only for the period strictly necessary, and within the legally permitted timeframe to achieve the purposes for which it was collected or subsequently processed;
Purpose, basis and Time Limits for the Storage of Personal Data
|Processing necessary to execute and manage the insurance and insurance distribution contract, or for pre-contractual diligence, with the intervention of MEDIBROKER.||Presentation, proposal, conclusion and execution of the insurance contract, pre-contractual diligence and support for its management, particularly in the event of a claim with the intervention of MEDIBROKER.
Legitimate interest of the controller or a third party in the identification, risk assessment, information, clarification and advice on solutions and products.
Compliance with legal and statutory obligations.
|Until the legal period for all obligations arising from the insurance contract and related insurance distribution activity has ended.|
|Prospecting and commercial action.||Consent of the Data Subject.
Legitimate interests of development and growth of the activity of the data controller or third parties.
|For one year after the end of the contractual and legal relationship.
|Compliance with legal obligations, such as supervisory, tax, fiscal and judicial authorities, among others.||Compliance with legal and statutory obligations.
Legitimate interests of controlling the activity of the data controller or third parties.
In the establishment, exercise or defence of rights in legal proceedings.
|Legal deadline applicable at each stage for each legal and judicial obligation to be fulfilled.
Until the limitation or prescription period for the exercise of rights has ended.
In the case of some risk cover to be transferred, particularly in the case of insurance for work accidents, personal accidents, health and life insurance, among others, MEDIBROKER may process health data, either within the scope of the pre-contractual relationship for analysis of the proposed risk and negotiation of the contractual conditions, or within the scope of the management of the contractual relationship, use of the cover, claims handling, and processes of renewal or changes to contracts.
MEDIBROKER's employees and any parties to the contract in question who require access to the personal data in order to comply with pre-contractual procedures, contractual or legal obligations in the insurance distribution business.
Personal data may also be processed by other Insurers, co-brokers or PDEADS, as part of the management of the contract and settlement of claims.
Collection of Data from Other Sources
For the purpose of managing the pre-contractual and contractual insurance relationship and to ensure compliance with its duties of information, clarification, transmission, advice, assistance and registration set out in the applicable legislation, MEDIBROKER may collect information about the Data Subject that it considers relevant to assess the risk to be insured and for the establishment, by the insurers, of the contractual conditions of the insurance, from sources accessible to the public, public bodies, sector associations, existing IT platforms or specialised companies, in order to complement or confirm the information provided by the Data Subject.
Rights of the Data Subject
The Data Subject is entitled to ask MEDIBROKER and, through it, the insurers, for the following, through a written request addressed to the DPO:
• To access, under the terms and conditions provided for by law, their Personal Data that is being processed;
• To rectify or update inaccurate or out-of-date Personal Data about them;
• To process missing Personal Data where the data is shown to be incomplete;
• To erase their Personal Data, in cases specifically provided for by law;
• To restrict the processing of their personal data, according to the conditions provided for by law.
Upon written request addressed to the DPO, the Data Subject is also entitled to:
• Withdraw their consent, when the data processing is based on consent alone; this withdrawal shall only apply to data processing after the request has been made, and does not apply to any data processing already carried out;
• Object to the data processing for reasons relating to their particular situation, where the processing is based on the legitimate interest of a third party controller
• Receive from the controller, in a commonly used and machine-readable format, personal data they have provided and that has been processed by automated means on a justified basis:
– In consent provided by the Data Subject or,
– In a contract entered into,
The Data Subject may request, in writing, that their data be transferred directly to another controller, where technically feasible.
The Data Subject may also request more detailed information from the DPO, concerning the purposes, grounds of lawfulness and retention periods, as well as make complaints concerning the way their personal data is processed, without prejudice to the right to lodge a complaint with the CNPD.
Obligations of the Data Subject
The Data Subject is obliged to provide the personal data required to comply with the obligations and precontractual diligence derived therefrom, as well as data that MEDIBROKER is legally obliged to collect.
Without this data, MEDIBROKER will, generally, have to refuse to place the contract or execute an order with an insurer or pension fund management company.
MEDIBROKER, as an insurance distributor, is subject to the legal provisions on money laundering. In order for us to comply with this legal obligation, the Data Subject will be required to provide us with the necessary information and documentation and, during the business relationship, to immediately communicate any changes that occur, or to confirm that they are up to date. If the Data Subject fails to provide us with the necessary information and documentation, we cannot establish or continue the business relationship or follow up on any requests made to us.
The Data Subject is obliged to keep MEDIBROKER informed of their personal data, in particular under the terms and conditions provided for in the respective policies.
Security of Personal Data
MEDIBROKER takes appropriate technical and organisational measures to protect personal data against accidental or unlawful loss, destruction or damage and to ensure that the data provided is protected against access or use by unauthorised third parties.
MEDIBROKER may carry out profiling in order to inform and advise on products and services using evaluation tools. This allows for targeted communication and advertising.
MEDIBROKER applies all appropriate measures to safeguard your rights and freedoms in this respect. In the event of the creation of customer profiles exclusively for commercial purposes, you may object to the creation of such a profile by contacting the Data Protection Officer through the contact shown above.
For more information see our Cookies Policy at www.medibroker.pt