Privacy and data protection policy
policy
Corbroker - Corretores de Seguros, S.A.
Commitment
Corbroker - Corretores de Seguros, S.A. ("Corbroker"), within the scope of providing its products and services, needs to collect and process personal data from its customers.
Corbroker is concerned about the security and privacy of its clients. In this context, it has adopted this Privacy and Data Protection Policy ("Policy"), which applies generally to the collection and processing of personal data provided by its clients and aims to help you understand what personal data it collects, how and why it uses it, to whom it discloses it and how it protects privacy when providing its products and services. For any clarification, additional information or to exercise your rights in this area, please contact the Data Protection Officer by e-mail: dpo@cobroker.pt
Definitions
Personal details
Information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier.
Treatment
An operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Responsible for treatment
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Subcontractor
A natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller.
Recipient
A natural or legal person, public authority, agency or other body that receives communications of personal data, regardless of whether or not it is a third party.
Third
The natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Supervisory authority
An independent public authority set up by a Member State under the terms of Article 51 of the General Data Protection Regulation. In Portugal's case, the National Data Protection Commission (CNPD).
Responsible for treatment
Corbroker - Corretores de Seguros, S.A., with its head office in Lisbon, at Av. 5 de Outubro 17, 2.º andar, 1050-047 Lisboa, taxpayer no. 503 239 470, is responsible for the processing of the products and services it provides, insofar as it determines the purposes and means of processing, under the terms of the General Data Protection Regulation.
Data protection officer
Corbroker has appointed a Data Protection Officer. For any clarification, additional information or to exercise your rights in this area, please contact our Data Protection Officer by e-mail: dpo@cobroker.pt or the address Rua Pedro Monjardino nº 4 - 2º Esq - 1600 - 892 Lisboa
Processing of personal data
The data provided by clients as part of the relationship established with Corbroker is processed in accordance with the applicable principles, namely: lawfulness, fairness and transparency; purpose limitation; minimisation; storage limitation; accuracy; and security and confidentiality.
Purposes, grounds for processing and categories of data
The purpose
Fundamentals
Data categories
Management of the pre-contractual and contractual insurance relationship - creation of client files.
Pre-contractual and contractual due diligence
Identification data; contact details.
Policy creation and management.
Contractual due diligence
Data relating to the insurance product subscribed to, such as policy number, gender, profession, recreational activities, education data, vehicle data, others, depending on the policy subscribed to, may include special categories of data, if the policy so justifies(Some personal data must be provided, so if this data is missing or insufficient, Corbroker will not be able to offer the product or service in question. In these cases, the customer will be duly informed of the obligation to provide this data)
Claims management.
Contractual due diligence
Identification, contact, policy, details of the claim may include special categories of data, if the policy so justifies(Some personal data must be provided, so if this data is missing or insufficient, Corbroker will not be able to offer the product or service in question. In these cases, the customer will be duly informed of the obligation to provide this data).
Compliance with legal obligations, including with supervisory, regulatory or tax authorities; management control and actions to prevent and combat fraud.
Fulfilment of a legal obligation.
Legitimate interests of the controller to control the activity, including prevention of fraud losses.
Declaration, exercise or defence of rights in legal proceedings.
Miscellaneous data, may include special categories of data if justified(Some personal data must be provided, so if this data is missing or insufficient, Corbroker will not be able to offer the product or service in question. In these cases, the customer will be duly informed of the obligation to provide this data)
Shelf life
Corbroker keeps the data until it is no longer needed to provide the products and services, or until the right to erasure is legitimately exercised, whichever occurs first. The data retention period is determined on a case-by-case basis and depends on factors such as the nature of the data, the reason for which it is collected and processed and the relevant operational or legal retention requirements. The data collected on the basis of the fulfilment of pre-contractual and contractual steps will be kept until the expiry of the legal limitation period for all obligations arising from the contract entered into after the end of the contract (without prejudice to the legal duty to keep the data necessary to invoke the limitation period after the expiry of the limitation period).
Third-party data
When the client makes data available to third parties, they must ensure that they have authorised them to transmit that personal data to Corbroker, and they must inform them of the way in which Corbroker processes personal data, in accordance with this Policy.
Recipients
Corbroker uses other organisations to provide certain services. The provision of these services may involve access by these entities to the personal data of their clients.
Therefore, any subcontractor of Corbroker will process the personal data of its clients, in the name and on behalf of Corbroker, under the strict obligation to follow its instructions. Corbroker shall ensure that such subcontractors provide sufficient guarantees for the implementation of appropriate technical and organisational measures, so that the processing meets the requirements of applicable law and ensures the security and protection of the rights of data subjects, in accordance with the terms of the subcontracting agreement entered into with said subcontractors.
Corbroker may also transmit its clients' personal data to third parties when it deems such data communications to be necessary or appropriate (i) in the light of applicable law, (ii) in fulfilment of legal obligations/court orders, or (iii) to respond to requests from public or government authorities. In this regard, Corbroker may transmit your personal data to public authorities and regulators (namely, the Insurance and Pension Funds Supervisory Authority). In any of the above situations, Corbroker undertakes to take all appropriate measures to ensure the effective protection of the personal data it processes.
Data subjects' rights
Under the terms of the applicable legislation, the data subject has the following rights in relation to the processing of their personal data (which they can exercise in writing via e-mail: dpo@corbroker.pt or to the address: Rua Pedro Monjardino nº 4 - 2º Esq - 1600 - 892 Lisboa.
Right to information
The right to receive information on the terms of the processing of their personal data when it is collected or, if the data is not collected from the data subject, within a reasonable period of time after the personal data has been obtained, subject to the exceptions provided for in the General Data Protection Regulation or other applicable law.
Right of access
The right to obtain confirmation as to whether or not personal data is being processed and, where applicable, the right to access their personal data, as well as information regarding the purposes of processing, the categories of personal data in question, the recipients of the data, the expected storage period, among others.
Right to rectification
The right to obtain, without undue delay, the rectification or updating of inaccurate personal data concerning you.
Right to data erasure
The right to have your personal data erased without undue delay, within the legally established limits.
Right to restriction of treatment
Right to obtain restriction of processing if one of the conditions set out in the General Data Protection Regulation or other applicable law applies.
Right to data portability
The right to receive personal data concerning you that you have provided in a structured, commonly used and machine-readable format.
Right to object
The right to object, at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, in particular when your data is processed for the purposes of direct marketing.
The right not to be subject to automated individual decisions
The right not to be subject to any decision taken solely on the basis of the automated processing of your personal data, including profiling, which produces effects in your legal sphere or similarly significantly affects you.
International transfers
The provision of services by Corbroker may involve the transfer of its clients' personal data to third countries (which do not belong to the European Union or the European Economic Area). In such cases, Corbroker will implement the necessary and appropriate measures under the applicable law to ensure the protection of the personal data subject to such transfer, strictly complying with the legal provisions regarding the requirements applicable to such transfers, namely informing its clients in this regard.
Changes to the policy
Corbroker reserves the right to make changes or updates to this Policy at any time, and such changes will be duly updated on our platforms. Corbroker suggests that you check back regularly to be aware of any changes.
Cookie policy
Cookies are small pieces of text used to store information in browsers. Cookies are used to store and receive identifiers and other information on computers, mobile phones and other devices. This policy explains how Corbroker uses cookies and the options available to the user. Unless otherwise specified in this policy, the Privacy and Data Protection Policy applies to the processing of data that Corbroker collects through cookies.
The cookies used by Corbroker do not collect personal information that allows users to be identified, but only store generic information, such as the way or geographical location in which they access and how they use the website, among others. Cookies do not store personal data. Most browser programmes are set to accept cookies, although it is possible to configure the browser to refuse all cookies, or to indicate when a cookie is being sent. When you browse the website or application and the cookie is accepted, on a next visit to the website or application our Internet server will recognise your computer or mobile device. In this way, when you scroll through the pages of a website or application or return to a website or application that you have already visited, and for which you have given your consent to the use of cookies, you do not, in principle, have to re-indicate your preferences or enter data that you have previously provided. Corbroker uses analytical cookies. Analytical cookies are used anonymously to create and analyse statistics in order to improve the functioning of the website.