PRIVACY POLICY

Last Updated on 21-05-2022

This document is intended to inform our customers — natural persons, respectively the representatives of clients legal entitiesabout how we,“GENERAL BROKER CLUB” LTD, in carrying out our business as an insurance broker, we collect, use or share personal data that you provide to us or that we have otherwise obtained or created and that are related to you. It is desirable that you take the time to familiarize yourself with this Privacy Notice, as well as periodically review it, as we may change it from time to time.

When you contact us to commission insurance mediation (to assist you in obtaining an offer from insurers for insurance of interest to you, to take out insurance through us, to file a notice of damage, to renew insurance, etc.) or for other of our services, you provide us with certain information about yourself— such as names, personal identification number, address, etc.

According to Legislation(including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, with effect from 25 May 2018 (”Regulation“) this information about you represents your personal dataand you are their subject. For our part, we appear administratorof your personal data. The data that identifies us as an administrator and the ways of contacting us are indicated at the end of this document.

From the notification you will learn:

WHAT PERSONAL DATA WE COLLECT

When you contact us, whether at our premises, through our website, to commission insurance mediation or to obtain information, ask questions or claim your rights, we may receive directly from you or ask you to provide us with certain information about yourself.

The personal data relating to you that we collect in connection with the provision of insurance mediation services are defined in the applicable regulations and our contracts with the insurance companies whose products we offer.

The personal data we collect may include:

  1. Identification and biographical data— incl. three names, personal identification number or LNC, EIC of a sole trader;
  2. Contact Information—incl. permanent address or correspondence address, telephone, e-mail;
  3. Property and car insurance data— incl. property status, marital status, vehicle data (reg. Vehicle number, engine number, frame number), data from a driver's license and from a vehicle registration voucher;
  4. Identification data under the PMI for life insurance— identity card data and photo (from a copy of the ID); date and place of birth data on related persons holding a senior government position; citizenship; country of permanent residence; professional activity; final owners of UL client; origin of funds;
  5. Financial information— incl. details of your bank account when paying a premium by bank transfer;
  6. Sensitive personal data related to your health— when taking out life insurance, medical insurance or other insurance requiring prior information about your health condition, provided with your consent;
  7. Information about your device and Internet activity— incl. technical information about your device; the website that referred you to us; date and duration of access; your inquiry through our contact forms and online chat; information about the browser and operating system you use and IP address when visiting our website to view information about our activity and products to place an order for online insurance. We may collect information about your internet behaviour by installing cookies on your device (for more information please refer to our Cookie Policy.)
  8. Your video image— when you visit our offices where video surveillance takes place and where you can receive our Privacy Notice regarding video surveillance, to learn more information, including about the grounds and purposes of this processing. When we carry out video surveillance, we place information signs in a visible place in our offices;
  9. Other information that is required by law; it is necessary to take out insurance and is required by the insurer or that you voluntarily provide to us.

Where we process your personal data for the purposes of our core business of insurance mediation and when we provide you with other services, as well as to fulfill our regulatory obligations, this processing is mandatory for the fulfillment of these purposes. Without this data, we would not be able to provide the relevant services. For example, if you do not provide us with your name, personal identification number and address, we would not be able to issue an insurance policy. In other cases, when collecting your personal data, we will inform you whether the provision of the data is necessary and what the consequences are if you refuse.

HOW WE COLLECT AND PROCESS YOUR PERSONAL DATA

We process your personal data based on the following legal grounds:

  • in connection with the conclusion and execution of a contract of assignment, which we conclude with you (including in oral form when taking out compulsory motor liability insurance or accident of passengers in public transport); or
  • for the performance of our obligationswhich follow from a regulatory act, for example in relation to obligations provided for in the Accounting Act and the Tax and Insurance Procedure Code or when providing information to judicial and other state authorities; or
  • our legitimate interestunless your interests or your fundamental rights and freedoms prevail over it. Examples of our legitimate interest are establishing, exercising or defending legal claims; improving the performance and quality of our services;
  • Your Explicit Informed Consentin some cases, for example to use certain types of cookies or to provide sensitive personal data (e.g. health data required for certain types of insurance) or to send inquiries, requests and complaints through our contact form on the site or our online chat; your consent may be withdrawn at any time by writing to us at the addresses and email for contacting us specified at the end of this document, whereby we will no longer process your data subject to the withdrawn consent.

We use your personal data for one or more of the following: Objectives:

  1. To provide you with our insurance brokerage services that we carry out and that you have requested, including sending you a message regarding your insurance order, sending you a completed online insurance policy to your address by courier, notifying you of installment maturities or expiration deadlines for renewing your insurance contract; or to communicate other relevant information in relation to your insurance by phone call, text message (SMS) or email, to assist in claiming a claim/damage to the insurer at the occurrence of an insured event;
  2. To contact you when you have asked us a question or made a complaint or request for a service offer, or to notify you of changes in the operation of our offices or of a breach of data security;
  3. To comply with legal, regulatory and other requirements, to carry out our activities in accordance with applicable legislation and professional norms and rules, to respond to requests from local or foreign regulatory, state or judicial authorities;
  4. To improve the services we provide to you, including for internal purposes such as audits, analyses and surveys to help us improve our operations or to monitor and analyse trends and usage of our services and to improve the design and content of our website to best suit your preferences and the devices you use;
  5. In relation tolegal claims,to defend our interests in litigation or other proceedings instituted by the competent authorities, as well as for purposes set out elsewhere in this Notice.
WITH WHOM WE SHARE YOUR PERSONAL DATA

In carrying out our activities, we have to share your personal data with some of the following persons:

  • The insurance companies you have selected with our assistance
  • Our lawyers, professional consultants and auditors
  • Regulatory, state and judicial authorities, which by virtue of a legal act have the power to require the provision of information, including personal data, such as — courts, public prosecutor's office, various regulatory bodies such as the Consumer Protection Commission, the Commission for Personal Data Protection, the Financial Supervision Commission, bodies with powers to protect national security and public order;
  • Our service providers (accounting, IT system maintenance, courier services, etc.) or business partners, with the help of which we provide our services to you.

Also, please note that our website may contain links to other such sites that are not owned and operated by us (for more information please refer to our “Cookie Policy”. We cannot control and are not responsible for the personal data processing practices or the content of these other pages. We strongly recommend that you familiarize yourself with the policies and privacy information of any website that collects personal data. This Notice applies only to personal information that we collect about you through our website or otherwise.

In all cases, we enter into contracts in writing with the merchants we work with, requiring them to take the necessary measures to ensure the protection of your personal data. We will only provide these contractors with the information they need to provide us with the contracted services, without allowing them to use your information for their own purposes. We will not provide your personal data to third parties to send you unsolicited marketing communications, unless you have given the necessary consent to do so. In the event that you receive unsolicited commercial communications from the merchants with whom we work, please notify us at the address or contact email indicated at the end of this document.

TRANSFER OF PERSONAL DATA OUTSIDE BULGARIA

We do not transfer your personal data to others in another Member State or third country or to international organisations.

HOW LONG WE KEEP YOUR PERSONAL DATA

We have an internal policy that determines how long we keep your personal data. It is built on the basis of (a) the type of information we collect and (b) the purposes for which we collect it. In principle, we store your personal data for as long as necessary for the purposes of processing for which the data were collected and for any other permissible and related purpose or until the expiration of a statutory period (for example, for storage and processing of accounting data and for tax control — 11 years). It is our legitimate interest to retain certain of your personal information until the expiration of the limitation period for claims (5 years) after the expiration or termination of the contract with you. We will not delete or anonymize your personal data if it is necessary for pending judicial or administrative proceedings or proceedings regarding your complaint against us.

HOW PROTECTED IS YOUR PERSONAL DATA

We value the privacy of your personal data and take the security measures of the personal data we collect and store very seriously.

We use a variety of physical, electronic and organizational measures appropriate to the sensitivity of the information we maintain to protect the personal data you provide to us from unauthorized access, use or disclosure. For example, we encrypt communications through an SSL encrypted connection, we have firewalls and antivirus programs, means of controlling access, separation of duties, and more. We have adopted policies and procedures and have appointed a Data Protection Officer. We require our suppliers and partners who have access to your personal data to use appropriate measures to ensure the protection and confidentiality of your personal data. However, you are also responsible for the protection of your personal information that you share with us over the Internet. Unfortunately, the transmission of information via the Internet or by telephone may not be completely secure, despite the measures we have taken. Therefore, please bear in mind that the transmission of your personal information via the Internet or by telephone is carried out at your own risk.

WHAT RIGHTS DO YOU HAVE

In relation to your personal data, you have certain rights in relation to us, which are granted to you by the Regulation and other applicable legislation. Sometimes certain rights may arise and can only be exercised on certain grounds for the processing of your personal data; other rights of yours are subject to certain limitations and exceptions by law. To exercise your rights or to ask questions, you should send your request to the email or contact address indicated below.

According to the applicable law You have the following rights:

  1. Right to accessto personal data relating to you;
  2. The right to demand rectificationinaccurate personal data relating to you;
  3. Right to request restriction of processingpersonal data relating to you;
  4. Right to object against processingof your personal data;
  5. The right to demand erasurepersonal data relating to you (”The right to be forgotten.”
  6. The right to getthe personal data that you have provided to us that concern you, and to use it again as transferto another administrator (“right of portability”)
  7. Law to file a complaintto the competent supervisory authority or to the court in case your rights have been violated or you have suffered from unlawful processing of your personal data
  8. Where the processing is based on your consent, you have right to withdraw consentyou consent to the processing of your personal data at any time by writing to us at the addresses indicated at the end of the document and by email to contact us, without prejudice to the lawfulness of the processing based on your consent before it is withdrawn.

You have the right to accessand you can request more detailed information about whether we process your personal data, what categories, for what purposes, to whom we disclose it, etc. If you have requested, we will provide you with access to your personal data that is being processed, in the form of their copy. The copy is free of chargefor you. If you request additional copies, we may charge you a reasonable fee to cover our administrative costs of producing them. If you have submitted the request by electronic means, if possible, we will provide you with the information in a widely used electronic form, unless you have requested otherwise from us.

If we do not process your personal data, we will notify you of this. If we reject your request for a copy of the data, we will explain to you the reasons for this decision.

The exercise of Your right of accessit should not adversely affect the rights or freedoms of other persons, including trade secrets or intellectual property, and in particular the copyright to protect the software. In the event that we believe that there is reason to expect such a negative impact, we may reasonably limit some of the information we will provide to you so that it does not occur.

If we process a large amount of information about you, we may ask you to specify exactly the information or processing activities to which your request relates.This will help us to navigate better and faster, and you will also get the data you need sooner.

If you are objected to the processingof your personal data based on our legitimate interestor a legitimate interest of a third party, we may continue processing despite your objection if we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

When you want to we correctYou may ask us to notify your personal data to third parties to whom it is disclosed, except in cases where this is impossible or involves excessive effort.

You have the right to demand erasureof your personal data when they are no longer necessary for the purposes for which they were collected or otherwise processed; when you withdraw your consent to the processing of your personal data and there is no other legal basis for the processing; when you object to processing based on a legitimate interest and it does not override your rights, freedoms and interests; in case of processing without a legal basis or objection the deletion of your personal data is our legal obligation, defined by the law of the Republic of Bulgaria or the European Union. Under current legislation, we have the right to continue processing despite your request for deletion, to comply with our legal obligations under the law of the Republic of Bulgaria or the European Union, which require the processing of your personal data or where necessary for the establishment, exercise or defense of legal claims.

To exercise the right to restriction of processing, the following conditions must be met:

  • You are disputing Accuracyof personal data;
  • Processing is without legal basis, but instead of deleting them, you demand restriction of their use;
  • We no longer need the personal data for the purposes of processing, but you you requirefor the establishment, exercise or defence of legal claims;
  • Objectedyou are against processing on the basis of”legitimate interest

Where the processing of your personal data has been restricted, we may still continue to process your personal data in two cases:

  • Explicitly yours consentor
  • for the establishment, exercise or protection of legal claims or to protect the rights of another natural person or for important reasons of public interestfor the Union or a Member State.

The right to portabilityexists and can be exercised, only whenthe following are implemented two conditions(1) It is about processing automated way(that is, this right notrefers to the processing of data in the form of paper files) and(2) in addition to automated processing, the processing of your personal data is carried out on the basis of (a) Yourconsent or (b) oncontract, to which you are a partyor fortaking steps at your request antes de la conclusión de un contratto. You have the right to receive your personal data in a structured, widely used and machine-readable format or to request a direct transfer of your personal data to another controller, where technically feasible.

You should know that when you exercise el derecho de portabilidad, this not . You will be able to continue using our services even after the data portability operation. Data portability as good notel tiempo de retenção inicial que se applica a los datos transmissões. You can exercise your other rights, which are set out in the legislation and we have listed here, while we continue to process the data.

If you believe that we are in violation of applicable law, please contact us to clarify the matter. Dans cours, vous avez également le droit à fichier une question avec une authority superviseur dans l'Union européenne, où vous en travail ou où l'alleged violation de votre droits took place. A supervisory authority for personal data protection in Bulgaria isThe Commission for the Protection of Personal Data, with address: Sofia, p. Code 1592, Blvd. “Tsvetan Lazarov” № 2. You can also seek protection of your rights in court.

COSA È IMPORTANTE SABER QUANDO ESEGUIRE I TUOI RIGHE

How to claim your rights?To exercise your rights under the Regulation, you can write to us by e-mail or send us a letter by mail at the contact details indicated below.

Applications in connection with the exercise of your rights are generally submitted personally or by a person expressly authorized by you. Hvor er regler av regler av regler i forretningen (i Regulering, den personlige datenutstyrket og andre akter), skal også beholdt også.

In what form will we answer you?En la forma de que se enviará a nos — en papel ou en forma elettronico. Hvor du har tilført en elektronisk mål, informasjon vil, hvis du kan forsendes i en elektroniske formen brukt, hvis du har tilført alt.

In what time frame will you receive a response? To one monthon receipt of your request, we will provide you with information about the actions we have taken on it. Se necessarioquesta termo can be extended for another two monthsa a. If such an extension is required, we will notify you within one month of the submission of your request, explaining why such an extension is required.

Doubts about your identity. A,. If we do not receive such information and are unable to identify the data subject, we may refuse to take action based on a request made to us to exercise any of the rights set out in this Notice.

Qui un citat fa una richiesta per noi che sono manifestly non funzionato o excessante, in particolare di ripetizione di ripetizione, o (a) a carre un fezo reasonabile, accanto a custos administrativa di fornisce l'informazioni o comunicazione o prenotà, o (b) per rimuovere l'azione richiesta.

COME NOTIFICA DELLE MODIFICHE AL CONTENUTO DI NOTIFICA INSISTENTE

We will update the information in this Notice from time to time in response to developments in our business and changing legal requirements. We will notify you in the event that we wish or need to use your personal data for purposes and in a significantly different way from what we have informed you about and, if necessary, we will seek your consent.

We will notify you of material changes to this document via our website and, where possible, by other appropriate means, so that you are always informed of changes regarding what personal data we collect about you, how we use it and under what circumstances we share it with others. You may be asked to read and accept these changes before continuing to access our website.

HOW TO CONTACT US

“GENERAL BROKER CLUB” Ltd. has a Data Protection Officer (DPO), whom you can contact if you have any questions about this document or if you wish to exercise any of your rights in this regard. Nedere er kontaktoplysninger:

(a) DLZD — Velin Nikolaev Nikolov

(b) Adresse: gr. Sofia, ul.” Yakubitsa “№7B

(c) Telefon: +359 887 755 700

(d) Email: [email protected]

The administrator of the personal data is “GENERAL BROKER CLUB” LTD, EIC 201044795, with registered office and management address in the city of Bulgaria. Sofia, 1336, Zh.K. Lyulin, block 279, entrance B, floor 10, apt. 6, represented by the Manager - Slavina Krastanova.