Personal data processing policy/procedure by InterAssist Ltd.
Document Personal Data Processing Policy/Procedure by InterAssist Ltd., hereinafter referred to as the Procedure, describes the procedure according to which InterAssist Ltd., hereinafter referred to as InterAssist, processes personal data.
The Procedure enters in force on 25 May 2018.
This Procedure shall be applied to the Customers serviced in line with the signed agreement, hereinafter referred to as the Agreement, between:
- insurance company and InterAssist;
- help service, hospital, clinic, physician, other service provider and InterAssist;
- Customer himself/herself and InterAssist.
This Procedure pertains also to the Customers who were serviced before this Procedure came in force.
Definitions used herein:
InterAssist – legal person with registered office in Latvia, Riga, Jūrmalas gatve 82, k-2, office 124, and which, depending on the Agreement, acts in the capacity of a controller or a processor.
Customer – natural person to whom assistance is arranged or consultation provided in connection with the Agreement.
Personal Data – any information pertaining to identified or identifiable natural person, including Special Category Personal Data.
Special Category Personal Data — reveal racial or ethnic origin, political beliefs, religious or philosophic conviction or participation in trade unions, and genetic, biometric data to exclusively identify natural person, processing of health data or data of sex life or sexual preference of a natural person;
Processing – any action taken with Personal data, including collecting, recording, registering, entering, storing, arranging, transforming, using, requesting, transferring, disclosing, blocking or deleting etc.
General terms and conditions
The Procedure describes general Processing of Personal Data of InterAssist Customers.
In order to comply with the applicable laws and regulations, InterAssist has provided confidentiality of Personal Data and put certain technical and organisational measures in place to protect Personal Data from unauthorised access, illegal Processing or disclosing, accidental loss, transformation or destruction.
InterAssist Processes Personal Data by agency of processors that ensure personal data processing in line with the General Data Protection Regulation. By attracting a processor, InterAssist shall take the necessary steps to ensure that the processors Process Personal Data in line with instructions from InterAssist and according to applicable laws and regulations, and demand that appropriate safety measures are in place.
Categories of Personal Data
Personal Data may be collected from the Customer, Customer's relatives and external sources, for example, insurance company, assistance service, hospital and other third parties. InterAssist collects and processes only those Customer data that are necessary for performance of the Agreement.
Personal Data categories are mainly, but not limited to, collected and processed by InterAssist:
- Identification data, for example, name, surname, personal ID code, date of birth, data from personal ID document (for example, a copy of passport, ID card), copy of birth of marriage certificate, name and type of bank card;
- Data of existing insurances that could pertain to the event applied and to be processed;
- Contact information, for example, address, location, phone number, e-mail address, communication language;
- Family data, for example, information about Customer's family, relatives and other related persons;
- Special category personal data, for example, health complaints of the Customer, medical documentation with diagnosis, performed examinations, their results and applied treatment methods, conditions, history of disease or trauma occurrence, data of treating physician etc.;
- Data on Customer tax residency, for example, information about country of residence, citizenship;
- Data on the affected vehicle, for example, registration plate of the vehicle, number of registration passport, brand, make, vehicle and other parameters, data of vehicle owner — name, surname;
- Third party data to whom a damage has been caused;
- Communication data collected when the Customer contacts InterAssist by phone (audio records), by e-mail, WhatsApp, Viber, data obtained when the Customer contacts the partners of InterAssist;
- Data necessary for disbursement of compensation, for example, bank requisites, name, surname personal ID code/date of birth of the recipient;
- Data related to services, for example performance or default on agreements, transactions made, signed and invalid agreements, submitted applications, requests and complaints;
- Data obtained and/or created when performing obligations stipulated in the laws and regulations, for example, data following from information inquiries received from investigative authorities, sworn notaries, tax administration bodies, courts and sworn law enforcement officers;
- Data requested from the contracting parties for performance of the Agreement, for example, an insurance company may request InterAssist to obtain additional documents to make a decision about setting in of an insured event.
Basis and goals of Personal Data Processing
Basis of Personal Data Processing:
Processing is based on the Agreement, which in its turn has been signed with a goal to execute, service an agreement to which the Customer himself/herself is a Party, as well as saving of Customer's life, health.
Goals of Personal Data Processing:
- Service provision and administering:
To execute liabilities hereunder, for example, to arrange assistance or provide consultations to the Customer, who have entered into a contract with an insurance company, InterAssist or other company;
To provide Customer with appropriate service or information;
To ensure data accuracy and correctness by checking and supplementing data by using external or internal sources on the basis of Agreement performance;
- To perform a legal obligation:
To comply with the provisions of laws and regulations as well as provide answers to legal inquiries from governmental and municipal authorities.
- Protection of Customer, Party to the Agreement or InterAssist interests:
To protect interests of the Customer, Party to the Agreement or InterAssist and to be aware of the quality of services provided by InterAssist and to provide evidence in the event applied and to be processed and for other commercial communication (conversation records; e-mails, WhatsApp, Viber, fact — correspondence, received documents), on the basis of performance of the Agreement.
To prevent, restrict and investigate use of services in bad faith or illegally or any interventions in them for interests of InterAssist or Party to the Agreement; for internal training of service quality maintenance and improvement.
To ensure safety of InterAssist, Party to the Agreement, Customer, to protect Customer's life, health and other rights of InterAssist, Party to the Agreement and the Customer (audio records) on the basis of legitimate interests of InterAssist, to protect its Customers, employees, visitors.
- Provision, implementation and protection of right to claim
To establish, implement, protect and assign rights to claim on the basis of performance of the Agreement or to perform a legal obligation, or to exercise a right to claim for legitimate interests of InterAssist.
Profiling, personalised offers and automated decision making
InterAssist does not perform Customer profiling, elaborate personalised offers or make automated decisions.
Recipients of Personal Data
InterAssist transfers Personal Data to other recipients, for example:
- Insurance company:
- Assistance services, healthcare institutions, physician or other company that can ensure, arrange the necessary assistance to the Customer;
- institutions, such as law enforcement bodies etc.;
- other Personal Data Processors approved by InterAssist, such as companies providing data storing, provision of audio records.
Geographical territory of Processing
Personal Data are Processed on behalf of InterAssist in the European Union / European Economic Area (EU/EEA).
In order to comply with the terms and conditions of the Agreement and arrange assistance for the Customer (mainly an assistance related to vital interests of the Customer — health and life), Personal Data can be transferred and processed in countries outside EU/EEA.
Transfer and processing of personal data outside EU/EEA can take place if it has a legal basis, namely to perform a legal obligation, sign or perform the Agreement or in line with Customer's consent, provided that proper safety measures have been taken. Proper safety measures are, for instance:
- signed agreement, including standard clauses of EU Treaty, or approved other provisions, code of action, certifications etc. that are approved in compliance with the General Data Protection Regulation;
- in a county outside EU/EEA, where the recipient is located, according to a decision of the EU Commission an adequate data protection level is provided.
Personal Data will be processed only for a period necessary to achieve aforesaid goals, but not longer. Storage period may be based on the Agreement, legitimate interests of InterAssist or applicable laws and regulations (for example, laws on accounting, prescription period, civil rights etc.).
Rights of Customer as Data Subject
Customer (Data Subject) has rights regarding Processing of his/her data that, pursuant to applicable laws and regulations, are classified as Personal Data. These rights in general are as follows:
- request editing of his/her Personal Data if they are inappropriate, incomplete or false;
- request to delete his/her Personal Data, if the Personal Data are processed on the basis of a consent, if the Customer has withdrawn its consent. This right is not effective if Personal Data, deletion of which is requested, are processed on other legal grounds, such as an agreement or a statutory obligation;
- restrict Processing of his/her Personal Data in compliance with applicable laws and regulations, for example while InterAssist evaluates whether the Customer in entitled to request deletion of his/her data;
- receive information on whether InterAssist processes Personal Data of the Customer, and to access them if it processes them;
- receive his/her Personal Data that the Customer has provided and that it processes on the basis of a consent and performance of the Agreement, in a written form or any of most frequently used electronic formats, and, if possible, to transfer such data to other service provider (data portability);
- to withhold his/her consent to processing of his/her Personal Data (such situation is practically impossible with InterAssist, because Personal Data are processed on a legal basis, namely — the Agreement);
- To submit complaints about use of Personal Data to the Data State Inspectorate (www.dvi.gov.lv) if the Customer believes that Personal Data Processing violates his/her rights and interests in compliance with the applicable laws and regulations;
- not to be subject to fully automated decision making, including profiling, if such decision making entails legal consequences or has similar significant impact on the Customer. This right is not applicable if decision making is necessary to sign or perform an agreement with the Customer, if decision making is permissible in compliance with applicable laws and regulations or if the Customer has provided clear consent to it.
The Customer may contact InterAssist regarding any issues, withdrawal of consent, inquiries, use of data subject's rights and complaints regarding use of Personal Data.
Contact information of InterAssist is available on its website: www.interassist.lv.
Contact information of person in charge of data protection: GDPR@interassist.lv or Jūrmalas gatve 81 k-2, office 124, Riga, LV-1029, providing a remark for the addressee “Data Protection”.
Validity of amendments to the Procedure
This Procedure is available to the Customers on InterAssist website www.interassist.lv.
InterAssist is entitled to amend this Procedure unilaterally in compliance with the applicable laws and regulations, by informing the Customer on the respective amendments at InterAssist website.