Privacy and personal data protection policy
Corbroker - Corretores de Seguros, S.A.
Commitment
Corbroker – Corretores de Seguros, S.A. (“Corbroker”) is required to collect and process the personal data of its clients as part of providing its products and services.
Corbroker cares about its clients’ security and privacy. Accordingly, the company has adopted this Privacy and Data Protection Policy (“Policy”), which applies in general terms to the collection and processing of personal data supplied by the company’s clients and aims to help clients understand what personal data Corbroker collects and how, as well as what the data is used for, who it is disclosed to and how Corbroker protects privacy when providing its products and services. To obtain clarification or further information or to exercise your rights in this area, contact the Data Protection Officer at: dpo@cobroker.pt
Definitions
Personal data
Information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier.
Processing
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor
A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient
A natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
Third party
A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Supervisory authority
an independent public authority which is established by a Member State pursuant to Article 51 of the General Data Protection Regulation. In the case of Portugal, this is the , National Commission for Data Protection (CNPD).
Controller
Corbroker – Corretores de Seguros, S.A., with registered office in Lisbon, at Av. 5 de Outubro 17, 2.º andar, 1050-047 Lisboa, tax number 503 239 470, is the data controller in relation to the products and services it provides, insofar as it determines the purposes and methods of processing, in the terms of the General Data Protection Regulation.
Data protection officer
Corbroker has appointed a data protection officer. To obtain clarification or further information or to exercise your rights in this area, contact our Data Protection Officer at dpo@cobroker.pt or at Rua Pedro Monjardino nº 4 – 2º Esq – 1600 – 892 Lisboa
Personal data processing
Data supplied by clients within the scope of the relationship established with Corbroker is processed in accordance with the applicable principles, namely lawfulness, fairness and transparency; purpose limitation; data minimisation; storage limitation; accuracy; and integrity and confidentiality.
Purposes, bases for processing and categories of data
Purposes
Bases
Categories of data
Management of the pre-contractual and contractual insurance relationship – creation of a client file.
Pre-contractual and contractual steps
Identification data; Contact details.
Policy creation and management.
Contractual steps
Data relating to the insurance product subscribed, such as policy number, gender, profession, recreational activities, education details, data relating to vehicles, and others, depending on the policy subscribed, which may include special categories of personal data, if the policy so justifies. (The provision of certain types of personal data is mandatory and if this data is lacking or insufficient Corbroker will not be able to provide the product or service in question. In such cases, the client will be duly informed that provision of this data is mandatory.)
Claims management.
Contractual steps.
Identification, contact details, policy, data relating to the claim, which may include special categories of personal data, if the policy so justifies. (The provision of certain types of personal data is mandatory and if this data is lacking or insufficient Corbroker will not be able to provide the product or service in question. In such cases, the client will be duly informed that provision of this data is mandatory).
Compliance with legal obligations, including in relation to supervisory, regulatory or tax authorities; management control and actions to prevent and combat fraud.
Compliance with a legal obligation.
Legitimate interest of the data controller in controlling the business, including preventing loss due to fraud.
Assertion, exercise or defence of rights in legal proceedings.
Other data, which may include special categories of personal data, if justified. (The provision of certain types of personal data is mandatory and if this data is lacking or insufficient Corbroker will not be able to provide the product or service in question. In such cases, the client will be duly informed that provision of this data is mandatory).
Storage period
Corbroker stores your data until it is no longer needed for the provision of products and services, or until you have lawfully exercised your right to have it erased, whichever occurs first. The storage period for data is determined on a case-by-case basis, depending on factors such as the type of data, the reason it has been collected and processed and operationally or legally relevant reasons for its storage. Data collected on the basis of pre-contractual and contractual steps will be stored until the end of the limitation period for all obligations arising out of the contract entered into after such contract has ended (without prejudice to the legal duty to keep such data as is necessary to invoke the limitation period after such period has ended).
Data of third parties
When a client shares the data of third parties, they must ensure that those third parties gave them permission to transfer that personal data to Corbroker, and they must inform the third parties as to how Corbroker processes personal data, in line with this Policy.
Containers
Corbroker uses other entities for the provision of certain services. That provision of services may mean that those entities have access to clients’ personal data.
Accordingly, any sub-contractor of Corbroker will process the personal data of our clients in our name and on our behalf, and will comply strictly with our instructions. Corbroker ensures that these processors provide sufficient guarantees that they have implemented appropriate technical and organisational measures to ensure that the processing meets the requirements of the applicable law and to ensure the security and protection of the rights of data subjects in accordance with processing agreements entered into with those processors.
Corbroker may also transfer the personal data of its clients to third party entities, when it considers such transfer to be necessary or appropriate (i) in the light of the applicable law, (ii) to comply with legal obligations/court orders, or (iii) to respond to requests from public or government authorities. Accordingly, Corbroker may transfer your personal data to public and regulatory authorities (in particular, the Portuguese Insurance Supervisor – Autoridade de Supervisão de Seguros e Fundos de Pensões). In any of the situations mentioned above, Corbroker agrees to take all appropriate measures to guarantee effective protection of the personal data it processes.
Rights of data subjects
Pursuant to the applicable legislation, data subjects have the following rights with regard to the processing of their personal data (which may be exercised in writing by email to be sent to: dpo@corbroker.pt or letter to: Rua Pedro Monjardino nº 4 – 2º Esq – 1600 – 892 Lisboa.
Right to be informed
The right to receive information on how your personal data will be processed at the time that data is collected from you or, if the data is not directly collected from you, within a reasonable time after it has been obtained, unless otherwise provided for in the General Data Protection Regulation or other applicable law.
Right of access
The right to obtain confirmation as to whether or not your personal data is being processed, and, where that is the case, access to the personal data and to information regarding the purposes of processing, the categories of personal data concerned, the recipients of the data, and the envisaged storage period, among others.
Right to rectification
The right to obtain without undue delay the rectification or updating of inaccurate personal data concerning you.
Right to erasure
The right to obtain the erasure of your personal data without undue delay, within the limits set out in law.
Right to restriction of processing
The right to obtain restriction of processing, if one of the conditions set out in the General Data Protection Regulation, or other applicable law, applies.
Right to data portability
The right to receive the personal data concerning you and which you have provided, in a structured, commonly used and machine-readable format.
Right to object
The right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you, in particular where your data is processed for direct marketing purposes.
The right not to be subject to decisions based solely on automated processing
The right not to be subject to a decision based solely on automated processing of your data, including profiling, which produces legal effects concerning you or similarly significantly affects you.
International transfers
The provision of services by Corbroker may involve the personal data of our clients being transferred to third countries (outside the European Union or the European Economic Area). In such cases, Corbroker will take all necessary and appropriate steps in the light of the applicable law to ensure the protection of the personal data that is the subject of that transfer and will strictly comply with the legal provisions concerning the requirements applicable to such transfers, in particular informing you in this regard.
Changes to the policy
Corbroker reserves the right to modify or update this Policy at any time. Any modifications or updates will be duly updated on our platforms. We suggest that you consult these platforms regularly to make sure you are aware of any changes.
Cookies policy
Cookies are small pieces of text used to store information in browsers. Cookies are used to store and receive identifiers and other information on computers, mobile phones and other devices. This policy explains how Corbroker uses cookies and the choices available to you. Unless otherwise specified in this policy, the Privacy and Data Protection Policy applies to the processing of data that Corbroker collects through cookies.
The cookies used by Corbroker do not collect any personal information that would allow users to be identified and only store generic information such as how and where the website is accessed and how it is used, among others. Cookies do not store personal data. Most browsers are set to accept cookies, although it is possible to configure the browser to refuse all cookies, or to indicate when a cookie is being sent. When you browse the website or application and the cookie is accepted, on a next visit to the website or application our Internet server will recognise your computer or mobile device. This means that when you move around the pages of a website or application or return to a website or application that you have already visited, and for which you have consented to the use of cookies, you do not, in principle, have to re-enter your preferences or enter data that you have previously provided. Corbroker uses analytical cookies. Analytical cookies are used anonymously for the purpose of creating and analysing statistics in order to improve the functioning of the website.
English 
Portuguese