This information aims to familiarise Zavarovalnica Triglav, d.d. clients with the details we are required to provide regarding the processing of their personal data. This is in accordance with Articles 13 and 14 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, also known as the Regulation).
In accordance with the Regulation, we have strived to present this information in a concise, transparent and easily understandable way.
For further details, please consult our Privacy Policy and other related information available on our website www.triglav.si.
1. |
Data controller and contact details |
Controller:
Zavarovalnica Triglav, d.d.
Miklošičeva cesta 19
1000 Ljubljana
01 4747 200
You can contact the Data Protection Officer:
Zavarovalnica Triglav, d.d.
Data Protection Officer
Miklošičeva cesta 19
1000 Ljubljana
|
2. |
How do we obtain your personal data? |
We obtain personal data directly from you. In the provision of our services, we may also use personal and other data obtained from the following sources, in accordance with the applicable regulations:
|
2.1 |
Categories of personal data |
In the databases that the insurance company establishes, manages and maintains in accordance with the regulations governing the protection of personal data and insurance, it collects, stores, transmits and uses (hereinafter: processes) the following personal data of individuals:
Special categories of personal data To fulfil the legally defined purposes of the Insurance Act, we also process your health data, which falls under special categories. This includes information about your prior injuries, health status, the nature of any bodily harm, the duration of treatment and its consequences for both the insured and any injured third party, as well as the costs of medical care, medications and medical devices for both parties. We obtain this information directly from you through a health questionnaire. However, we may also collect it from your doctor, other healthcare providers or other individuals where provided by regulations. Furthermore, Zavarovalnica Triglav processes special categories of your data under its legitimate interest when you or your authorised representatives disclose personal circumstances that impede your ability to settle a subrogation claim. In these instances, we will request supplementary evidence from you or your representative to verify these circumstances, which may encompass details regarding your financial, social or health status. Upon reviewing the submitted documentation, we, as the creditor, will then assess the validity of your request and appropriately consider grounds for reducing, waiving or easing the payment of the subrogation claim. Moreover, in accordance with the Prevention of Money Laundering and Terrorist Financing Act we are obligated to verify the potential political exposure of our clients. In accordance with the Insurance Act, and for the purpose of assessing insurance coverage in relation to insurance claims, we also process personal data relating to criminal offences and misdemeanours. We only process this data to the extent necessary to achieve the processing purposes outlined in point 3.1.1. |
3. |
Purposes of the processing of personal data |
We process your personal data in accordance with the General Data Protection Regulation, the Insurance Act, the Compulsory Motor Third-Party Liability Act, the Personal Data Protection Act and other regulations governing the scope and purposes of personal data processing that we, as the controller, are authorised to carry out. |
3.1 |
Fulfilment of contractual obligations |
The primary purposes for processing your personal data are primarily: identifying client needs and requirements; conducting negotiations for the conclusion of an insurance contract, including contacting clients who have expressed an intention to take out insurance online; concluding and implementing insurance contracts, which also includes the recovery of unpaid obligations arising from insurance contracts; settling claims; enforcing recourse claims and other rights and obligations, including investigating suspicious cases of unjustified compensation or insurance payments arising from insurance policies; assessing the suitability and adequacy of the insurance service or product in relation to client needs and requirements; and verifying the political exposure of individuals under the law governing the prevention of money laundering and terrorist financing. The extent of personal data processing depends on the type of individual insurance product. In the case of some of our services - mobile and web applications and loyalty programmes - the use of the services or inclusion in the loyalty programme requires acceptance of the general terms and conditions, which also include provisions on the processing of personal data (e.g. i.triglav, Triglav Komplet). |
3.2 |
Legitimate interests |
Where necessary, we process your personal data on the basis of legitimate interests, which include:
|
3.3 |
Performance of tasks carried out in the public interest or in the exercise of official authority vested in the controller |
Where processing is necessary for compliance with our legal obligations carried out in the public interest:
|
3.4 |
Consent |
We may process your personal data for certain purposes of use only on the basis of your consent (e.g. for segmented (direct) marketing, including profiling, which we carry out for marketing our own products and services and for marketing the products and services of companies within the Triglav Group, and/or for the transfer of your personal data to companies within the Triglav Group with a registered office in the Republic of Slovenia, engaged in insurance and/or financial services (this includes Zavarovalnica Triglav, d.d., Triglav, pokojninska družba, d.d., Triglav Investments, upravljanje premoženja, d.o.o. – for a complete list of companies please visit the Triglav Group website, www.triglav.eu) for the purpose of preparing personalised offers of their own products and services). Consent for direct marketing also includes the use of your data for advertising on social media. If you give us your consent for segmented (direct) marketing, including profiling, we may process the following personal data: your full name, address, tax number, date of birth, email address, phone number and mobile phone number, if you provide them to us. In accordance with the Insurance Act, we may also process your gender for marketing purposes. Additionally, for marketing purposes based on your consent, we may also process data regarding your age and/or the extent of your insurance coverage and/or the duration of your insurance in order to ensure that, in accordance with the requirements of the Insurance Act relating to the distribution of insurance products, we properly consider the needs and requirements of our clients in relation to the type of insurance product we are marketing. If you consent to the transfer of your data to companies within the Triglav Group based in the Republic of Slovenia engaged in insurance and/or financial services, we will transfer the following personal data: full name, address, tax number, date of birth, email address, phone number, mobile phone number and additionally your gender. In the case of a telephone call recording, we will explicitly inform you of the recording before the conversation starts. The recording will be stored to serve as evidence of your consent. You always have the right to object to the processing of your personal data for direct marketing purposes. You may withdraw your consent at any time, either partially or fully. |
4. |
Recipients and categories of recipients of personal data and processors of personal data |
Only employees responsible for fulfilling our contractual and legal obligations have access to your personal data within the insurance company. In accordance with data protection legislation, recipients of personal data include the Slovenian Insurance Association and other insurance companies, to the extent and for the purposes defined by law. Other categories of recipients are listed on the List of categories of recipients of personal data published on our website. Your personal data may also be processed by our contractual data processors, whose contractual obligations regarding data protection we rigorously oversee. These include (for example) insurance agents and brokers in various organisational forms, marketing service providers, printers, IT service providers as well as banks and leasing companies with whom you have a credit or other contractual relationship. A list of categories of data processors is available here. |
4.1 |
Other persons who may have access to your personal data |
In order to fulfil our legal obligations, your personal data may also be accessed by supervisory authorities (see point 3.3) and other persons where you have given your consent or where they have a legal basis for accessing the data and/or demonstrate a legitimate interest. You can view a list of these persons on the insurance company's website (point 4). |
5. |
How long will we keep your personal data? |
We will retain your personal data related to your insurance for the following periods:
|
6. |
Will my personal data be transferred to third countries? |
Transfer of data to third countries or outside the European Union is possible if carried out in accordance with the conditions laid down by the General Data Protection Regulation. Such transfers may occur pursuant to the Compulsory Motor Third-Party Liability Insurance Act, which transposes into Slovenian law Codified Directive 2009/103/EC on motor insurance, which lays down the obligations of insurance companies with regard to the implementation of motor insurance and the handling of claims under the green card system. In these procedures, data is sent by registered mail or by email, secured with TLS/SSL encryption. Certain personal data may also be transferred, within the scope of collaborations with social media providers and analytics tools (e.g. Microsoft, Google, Meta), to countries that are not members of the EU or the European Economic Area. These relationships are governed by Standard Contractual Clauses (model contracts adopted by the European Commission) and/or the Data Privacy Framework (DPF) agreement between the EU and the USA. |
7. |
Do I have any obligation regarding the provision of personal data? |
You are required to provide us with the data we need to enter into, execute and fulfil our contractual obligations, as well as the data that the insurance company must collect in accordance with prescribed legal obligations (e.g. in accordance with insurance, tax, and anti-money laundering regulations). Without your data, we cannot enter into a contract with you, nor can we execute or fulfil it if you have already entered into one. We would particularly like to draw your attention to the fact that, in relation to insurance products where there is a risk of money laundering and terrorist financing, we are obliged under the Prevention of Money Laundering and Terrorist Financing Act to establish the identity of the client (and any person acting on behalf of the client) based on your personal identification document, and to obtain personal data (full name, permanent and temporary residential address, date and place of birth, tax number or Slovenian personal identification number - EMŠO, citizenship, and the number, type, and name of the issuing authority of the official personal identification document), data on the beneficial owner of the client, obtain data on the purpose and intended nature of the business relationship or transaction, regularly and diligently monitor the business activities carried out by the client with the insurance company, and verify and update the obtained documents and information about them. In order for us to fulfil these obligations, you are required to provide us with the data and information stipulated by the aforementioned regulations. We process the information about the expiry of your official personal identification document based on a legitimate interest arising from the limited period of validity of official personal identification documents, and in accordance with the requirements of the law, which stipulates that an official personal identification document can only be a valid document issued by the competent state authority of the Republic of Slovenia or another country and which is considered a public document under the law of the issuing country. In addition, we would also like to inform you that, in addition to the legally required data, and only based on your consent for the purpose of sending notifications regarding concluded insurance policies, we may also process your email address, whereby you can withdraw this method of business communication at any time by contacting us at: Zavarovalnica Triglav, d.d., Miklošičeva cesta 19, 1000 Ljubljana, or by email at info@triglav.si, or by submitting a change of your email address on the prescribed form. If you fail to fulfil your obligations and do not provide us with all the legally required data, we are not permitted to conclude an insurance policy with you or we must terminate any existing policy. If you or a person you authorise to represent you informs us of circumstances related to a subrogation claim that make it difficult for you to pay, we will ask you to submit evidence demonstrating your inability to meet your obligations. Based on the submitted evidence, we will be able to decide on the merits of your request in accordance with our internal policies. In accordance with legal obligations (in particular the Prevention of Money Laundering and Terrorist Financing Act, the Tax Procedure Act, and based on international agreements regarding CRS and FATCA), we are obliged to inform the competent state authorities (the Office for the Prevention of Money Laundering, the Financial Administration of the Republic of Slovenia, etc.) about data related to concluded life insurance policies. |
8. |
Is automated decision-making, including profiling, carried out which produces legal effects concerning me or similarly significantly affects me? |
Profiling or automated processing of certain aspects of your personal data is used in the following cases:
Zavarovalnica Triglav, d.d. does not use the above-mentioned profiling for decision-making based solely on automated processing that would produce legal effects concerning you or similarly significantly affect you. |
9. |
Is data transferred to third countries or international organisations? |
In the event that the transfer of personal data to third countries or international organisations is necessary, we will carefully verify, prior to the transfer of data, whether there is an adequate legal basis and appropriate safeguards for such a transfer (existence of an adequacy decision, existence of binding corporate rules, use of standard contractual clauses, approved certification mechanisms (e.g. Privacy Shield between the European Union and the USA), using standard contractual clauses). |
10. |
What rights do I have regarding my personal data? |
You can request the following at any time:
If we process your personal data based on your consent, you can withdraw your consent for processing at any time, either temporarily or permanently. In this case, your withdrawal applies from that point onwards and does not affect processing that has been carried out before the withdrawal. You can exercise your rights by:
When we have reasonable doubts concerning the identity of the person making a request to exercise any of their rights, we may request the provision of additional information necessary to confirm the identity of the data subject. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, Zavarovalnica Triglav, d.d. may:
In case of any questions or regarding the exercise of your rights, you can also contact our Data Protection Officer: dpo@triglav.si. The Information Commissioner, Dunajska cesta 22, 1000 Ljubljana, carries out supervision over the lawfulness of processing and the protection of personal data in general in the Republic of Slovenia. |