Privacy Policy

We, Hydra Insurance Company Ltd, care about the privacy and security of your personal data and we take measures to ensure that your personal information is properly handled, whilst in our possession and in the possession of others, to whom we may disclose it, under the terms and for the purposes explained below in the Privacy Policy.

This Policy explains when and why we collect personal data of our website visitors and of about natural persons in general, i.e., offline, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

We may change this Policy from time to time. When we do so, we will notify you about the change by displaying a relevant notice on our homepage about the effected fact of the change, inviting you to visit this page and ensure that you are happy with any change. You are hereby called upon to check our website periodically, in order to keep up to date with any changes to our privacy policy. Importantly, by using our website, you agree to this Policy, as amended from time to time to the extent relating to information we collect about you in your capacity as a user of our website. As far as information we are collecting about you, in the context of conducting our business in general, you are welcome to contact our DPO (see immediately below), in case you are not happy with any change to our Privacy Policy.

In compliance with the law, specifically the EU General Data Protection Regulation (GDPR), our Company has appointed a Data Protection Officer (DPO), specifically, our internal legal advisor. In case you have any questions regarding this Privacy Policy or any question or complaint as regards to how your personal data is handled, you can contact our DPO as follows:
Email: dpo@hydrainsurance.com.cy
Tel.: 22009139
Fax: 22454704
Address: 11 Strovolos Anenue, SEK Building, 5th Floor, 2018, Strovolos, P.O. Box 24653-1302 Nicosia, Cyprus
This Privacy Policy is valid as of 25th May 2018.

WHO ARE WE?

Hydra Insurance Company Ltd
Registration Number ΗΕ122764
11, Strovolos Avenue, SEK Building,
5th floor, 2018 Strovolos
P.O.Box 24653 – 1302 Nicosia
Tel: 22454700
Fax: 22454704
Website: www.hydrainsurance.com
Nature of business: Insurance company transacting business in the General Insurance Sector

HOW DO WE COLLECT INFORMATION FROM YOU?

WHAT TYPE OF INFORMATION IS COLLECTED FROM YOU?

HOW AND ON WHAT LEGAL BASIS IS YOUR INFORMATION USED?

We use your non-sensitive personal information lawfully, in accordance with,
Article 6(a), i.e., for purposes you have consented to,
Article 6(b), i.e., as necessary to conclude or perform a contract with you,
Article 6(c), i.e., to comply with obligations imposed by law (such as tax and insurance legislation) and,
Article 6(f), i.e., as necessary for legitimate interests we pursue as a business.

Article 6(1)(b)

respond to, examine or satisfy orders, proposals, claims and related requests or queries submitted by yourself or a person acting on your behalf,
process or examine orders or Proposals of Insurance that you or others, acting onyour behalf, have submitted including for the purpose of assessing insurance risk,
confirm your identity,
issue and deliver to you, your insurance policy,
carry out our obligations arising from any contracts entered into by you or another person, who has named you on an insurance policy and us.

Article 6(1)(c)

comply with or responding to requirements or demands by regulatory authorities and comply with insurance and tax οr any legislation.

Article 6(1)(f)

notify you of any changes to our services or our privacy policy, if necessary,
ensure fraud prevention, for example by spotting fraudulent claims or statements and protect other legitimate interests of our Company, such as, reduce credit risk and receive payment of insurance premiums and only to the extent absolutely necessary for this purpose and without disproportionately intruding upon your privacy,
carry out customer research, surveys and statistics having previously anonymized relevant data.

Article 6(1)(a)

send you communications which you have requested such as a reply to a query or to inform you about the outcome of the examination of your Proposal of Insurance or your claim,
pass your insurance policy to the bank to which you have assigned it.
provide you with information regarding promotional offers and our products and services, if you have consented to such communications;

We will not normally contact you for marketing purposes by post, email, or text message unless you have given your prior consent or in so far as is permitted by the law. You can change your marketing preferences and withdraw previously-given consent at any time or object to the processing of your information for marketing purposes by contacting our DPO, the details of whom are stated at the beginning of this Privacy Policy. In this case, we will stop sending you marketing messages. For further information regarding this right to object to the processing of personal data for direct marketing and in general, see below in this Privacy Policy.

When for any of the above-stated purposes, we need to process sensitive personal data such as data relating to your health, we do so lawfully in accordance with Article 9(2)(a) of the Regulation, i.e., if you have given your explicit consent and where necessary for the exercising and pursuing of legal claims, in accordance with Article 9(2)(f).

If you need further explanation on how your information is used, you are welcomed to contact our DPO, the details of whom are stated at the beginning of this Privacy Policy.

WHERE AND HOW LONG DO WE RETAIN YOUR INFORMATION FOR?

Your information is stored in physical (hard copy) files in our premises in Cyprus and to some extent, also in electronic form in computer servers in Cyprus and the EU. By way of exception, personal information in our corporate emails is stored by Microsoft in its own servers. Additionally, information we collect through our website is stored on servers situated in the U.S.A.

We only keep information for as long as it is necessary for us to perform a contract you have with us or to comply with legal obligations to which we are subject, more specifically by Cyprus insurance and tax legislation. In this case, we adhere to the maximum retention periods specified by the Data Protection Commissioner, if any, and we follow the law for personal data about which a maximum permitted data retention period is specified.

When there are no specified maximum retention periods, we retain your data for 7 years, starting from the date of the expiration of the contractual relationship with you or from the end or settlement of any dispute or claim that arises in relation to an insurance policy. This 10-year retention period covers the period specified by the statute of limitations (which is six years), the periods specified by insurance legislation including the Compulsory Insurance for Motor Vehicle Third Party Liability Statute (Ν. 96(I)/2000), (which is 5 years) and the period that our external auditors advised us for tax purposes, (which is 7 years) and it is also in line with the maximum data retention period specified by the Data Protection Commissioner, in the case of banks. We may retain information relating to health, for up to 15 years, which is the maximum retention period specified by the Data Protection Commissioner for health data.

We retain your information for a period of up to three years, in case we have rejected an insurance proposal submitted to us. This is to enable us to have a relevant history in our files so that we can combat fraud or take this rejection into account, in case you re-submit a relevant Proposal of Insurance to us in the future.

We retain information we collect about you in your capacity as a mere visitor to our website for two years.

Should the Cyprus Data Protection Commissioner specify any maximum retention periods, shorter or longer than the above, we will adjust our Policy accordingly.

We would like to clarify that we may keep some of your information for longer than the aforementioned retention periods. This is when we have obtained your consent or we have a legitimate interest as explained above in using your information for a particular purpose. In such case, we retain that information unless and until you decide to withdraw your consent or you object to its processing or you communicate to us a valid request for erasure. For more information on these rights of yours, please see the question ‘Which are your rights’ in this privacy policy.

WHO HAS ACCESS TO YOUR INFORMATION?

We will never sell your information to third parties and we will not share it with third parties for marketing purposes.

We may pass your information to our third party service providers, agents and subcontractors for the purposes of completing tasks and/or providing services to you on our behalf (for example to forward to you your insurance policy or assist us in assessing a claim submitted to us by you). Such third parties may also be technical service providers providing us with the software systems (or their maintenance) necessary to contact administrative tasks inherent in the provision of our services to you or in the conducting of our business or messengers and/or delivery companies we use to deliver correspondence. We only disclose to them the personal information that is absolutely necessary to deliver the service or perform the task and when legally required, we have a contract in place that requires them to keep your information secure and in accordance with the principles and rules of the General Data Protection Regulation.

Moreover, the recipients of personal data will mainly be, companies or persons, who are processing dada on behalf of the Company, the reinsurers or co-insurers of the Company, from time to time, if the conclusion and/or execution and/or administration of the Insurance Contract, as well as the renewals or amendments effected to it, requires the involvement of them, as well as representatives of the Company for the settlement of any claim, who are appointed, from time to time, by the Company, under the Law, the Motor Insurance Fund (MIF), the Cyprus Hire Pool or other Compensation Bodies, claims adjusters, authorized operators dealing with accident care services, your insurance intermediaries, assessors or experts or other independent professionals, such as lawyers, accountants, auditors, actuaries, doctors, or consulting services providers or doctors, clinics, diagnostic centers, if required for the purpose of conclusion, execution and administration of the Insurance Contract or in the context of conducting the business of the Company as well any Competent Body and/or Professional Body, strictly for the purpose of operating a platform with data, aiming at the protection of the public interest, if such platform is approved and put into operation. We only disclose to them the personal information that is absolutely necessary for them to perform the relevant necessary tasks and when data sharing with them is large-scale or is otherwise legally required, we have a contract in place that requires them to keep your information secure and in accordance with the principles and rules of the General Data Protection Regulation.

We may also pass your information to our lawyers and accountants/auditors to the extent necessary to defend or institute legal claims and to comply with legal obligations with regards to the preparation of financial accounts and tax reasons respectively.

When you submit an order on our website, your payment is processed by a third party payment service provider, who specializes in the secure online processing, of payment transactions, As this processing is not performed by us and we do not retain the relevant data, your rights, explained in the next section of this Policy, to the extent referring to comprehensive payment card details or transactions, should be exercised directly with the said payment service provider. In case, you address a relevant request to us, we will take reasonable measures to meet the request to the extent possible. The said provider is a data controller in its own right and bound by all of the obligations of the GDPR and with its own privacy policy.

We may also transfer personal information to our banks in particular when you pay us through a cheque or direct debit or if you consent to your data being transferred to a bank for a reason, such as when you have assigned your insurance policy to such bank. Banks are controllers of personal data themselves and are bound by all of the obligations of the General Data Protection Regulation and have their own privacy policies.

We may transfer your personal information to a third party, as part of a sale of some or all of our business and assets to any third party, or as part of any business restructuring or reorganization, in which case we will take measures to ensure that all data protection principles and related rights, as derived by the General Data Protection Regulation are fully complied with, prior, during and after the relevant transfer.

Finally, we may disclose your information to public and/or regulatory authorities, if disclosure is required by law or an order issued by a court of law.

Other than the above, the recipients of personal data are the authorized members of our staff who have been informed as to their confidentiality and security obligations and as to how they should handle your personal data, in accordance with the rules of the General Data Protection Regulation.

WHAT ARE YOUR RIGHTS?

You may at any time, send us any of the following requests and we will meet them the earlier possible and in any case, within a month from the date of receipt of your request and inform you about the action we have taken. If your request is for any reason complex to examine or meet, we will ask you for an extension, before the aforementioned one-month period expires.

If we have legitimate reasons to refuse to satisfy your request, we will inform you accordingly and in this case, you have the right to submit a relevant complaint to the Cyprus data protection authority, namely, the Data Protection Commissioner, http://www.dataprotection.gov.cy/ if you believe that our decision is unjustified.

These are the requests you can submit to us:

A request that we permanently delete all or some of your information from our records (right to be forgotten or to erasure), for example, in case we no longer have reasons to have it.

A request from you to access your information that we keep in our records (right of access)

A request that we provide you with a copy of your information that exists in our records, in digital or hard copy form. If you require additional copies, we may charge you with a maximum of EUR40,00 per copy, as administrative costs, depending on the volume of the data involved. (right to a copy)

A request that we update or correct personal information that we keep in our records (right to rectification), for example, in case it is outdated or contains errors or inaccuracies.

A request that we provide you with information of yours we keep in our records in a structured, commonly used and machine-readable format or forward it in such form to another provider of your choice, if such forwarding or transfer is technically possible (right to portability). Please note that this right applies only in relation to data that you yourself has provided to us with and which we process by electronic means, in the context of a contract between you and our Company or because you have consented to us doing so. Not all information you provide to us is processed by electronic means.

A request that we stop doing anything with your information without however deleting it from our records (right to restriction of processing). In this case, we will restrict access to your personal data.

A request that we stop processing your information for direct marketing purposes or on the basis of legitimate interests pursued by our Company, as explained under the fourth question of this Privacy Policy or in the name of the public interest (right to object). In the case of direct marketing, we will stop processing your information. In the rest of the cases, we will do so the same unless we have compelling reasons to refuse to do so.

In the case in which the decision as to whether you will be insured by our Company or not is taken solely on the basis of automated processing, as is the case in relation to insurance products offered for sale on our website, you have the right to express an opinion on and dispute the decision, as well as to request its reviewed by a member of our personnel.

If you wish to exercise any of the above rights, you will be able to do so by contacting our DPO at any of the contact details stated at the beginning of this Privacy Policy.

Please note that before acting upon any of your above requests, we may require you to prove your identity, if we are in doubt about your true or correct identity. If we cannot identify you, i.e., we do not hold personal data belonging to the person you are saying you are, we will inform you accordingly and we will not act upon your request.

WHAT SECURITY MEASURES DO WE APPLY TO PROTECT YOUR INFORMATION?

USE OF COOKIES

TRANSFERRING YOUR INFORMATION OUTSIDE THE EUROPEAN UNION

Privacy Policy

About Us

Useful Links

Customer Service

Useful Information