Share price (Xetra)
Article 13 and 14 of GDPR

Other categories of individuals and information under Articles 13 and 14 of the General Data Protection Regulation (GDPR)

In addition to the categories of individuals whose data is processed in accordance with the provisions of the Insurance Act (policyholders, insured persons, beneficiaries and other individuals involved in insurance transactions, such as injured parties and witnesses), Zavarovalnica Triglav, d.d. also processes personal data of other categories of individuals, based on other legal bases.

If you are not a potential client or customer of Zavarovalnica Triglav, d.d. or an insurance-related person (e.g. a beneficiary, injured party, witness), a visitor to our website or a user of our services, we use this list to inform you for which purposes, on what basis and what personal data we process* in relation to you:

Category of individuals

Purpose of processing

Basis for processing**

Source of data

Categories of personal data relating to you

Employees of the controller

Conclusion and performance of the employment contract, provision of data to authorised recipients, fulfilment of obligations stipulated by regulations in the event of accidents at work, collective accidents, hazardous events, identified occupational diseases and work-related illnesses, provision of preventive health checks, provision of measures for safety and health at work and fire safety, and performance of other obligations arising from regulations and contracts

Employment Relationships Act, Health and Safety at Work Act, Labour and Social Security Registers Act, Income Tax Act and others, collective agreements, contract, consent, legitimate interests of the insurance company – employer

Individual*, public databases

Personal data determined by regulations, data necessary for the conclusion and performance of the contract, data processed based on the legitimate interests of the employer as controller

Employees in Triglav Group companies

Performance of prescribed obligations (management, strategic development, operational activities)

Insurance Act, Delegated Regulation (EU) Solvency II, legitimate interests

Individual*, Triglav Group company

Full name, contact details, job title, name and code of the organisational unit, name of the Triglav Group company, and other data within the framework of the management system, internal control, risk management and implementation of other prescribed requirements

Jobseekers

Selection of candidates for an advertised vacant position

Employment Relations Act, other regulations laying down the conditions for the post

Individual*

Data provided by the job seeker or obtained during the selection process (full name, date of birth, contact details, education details, work experience details, additional skills details, references, competency assessment, etc.)

Insurance agents and brokers

Supervising the work, keeping a register of insurance agents, accounting for commissions, calculating and paying income tax and other duties in accordance with the applicable regulations

Contract, Insurance Act, Code of Obligations, Income Tax Act, etc.

Individual*, business entity, Insurance Supervision Agency, databases

Full name, contact details, regulatory and other information necessary for the conclusion and performance of the contract

Scholarship recipients of the controller

Fulfilling obligations and exercising rights under the scholarship agreement

Scholarship Act, scholarship agreement

Individual*, educational institutions

Data specified by law and data necessary for the conclusion and performance of the scholarship agreement

Natural persons performing work for the controller on the basis of a copyright contract or a contract for work

Conclusion and fulfilment of obligations and exercising rights under a copyright contract or a contract for work

Contract, Copyright and Related Rights Act, Code of Obligations

Individual*

Contact details and data necessary for the conclusion and performance of the contract

Pupils and students working via referral slips issued by authorised organisations providing temporary work services for pupils and students

Pension and disability insurance, health insurance, and insurance for injuries at work and occupational diseases, as well as fulfilling other obligations and exercising rights arising from work performed via the referral slip

Student work referral slip, Employment and Insurance Against Unemployment Act, Labour Market Regulation Act, etc.

Student work agency, individual*

Data from the student referral slip: full name, contact details, details about the educational institution and course of study, student status, type of work, date of work performed, number of hours worked

Pupils and students on practical training and their mentors

Conducting practical training for students and pupils and fulfilling obligations and exercising rights from the contractual relationship between the controller, the educational institution and the student or pupil

Vocational and Professional Education Act, contract

Individual*, educational institution, mentor

Data necessary for the conclusion and performance of the contract

Members of the supervisory board and candidates for members of the supervisory board, and related persons

Convening meetings, attendance at meetings at the controller, payment of meeting fees, entry into the court register, fulfilling other legal obligations, verifying the fulfilment of fit and proper criteria for a member or candidate member of the supervisory board

Companies Act, Insurance Act, Worker Participation in Management Act, Court Register Act, Financial Instruments Market Act, etc.

Individual*, databases

Data specified by regulations, data from public databases (including an extract from the criminal record), and data concerning their related persons (full name, connection to the member, description of senior management position or function in another legal entity), which the individual provides themselves in accordance with the controller's internal rules to fulfil the controller's legal obligations

Members of the management board at the controller and related persons

Fulfilling legal obligations, entry into the court register, reporting to supervisory authorities and other data reporting obligations, verifying the fulfilment of fit and proper criteria for a member or candidate member of the management board

Companies Act, Insurance Act, Worker Participation in Management Act, Court Register Act, Financial Instruments Market Act, etc.

Individual*, databases, Insurance Supervision Agency

Data specified by regulations, data from public databases (including an extract from the criminal record), other data, and data concerning their related persons (full name, connection to the member, description of senior management position or function in another legal entity), which the individual provides themselves in accordance with the controller's internal rules to fulfil the controller's legal obligations, or which are obtained by the Insurance Supervision Agency.

Pensioners who were employed by the controller before the retirement

For providing information about company events and for sending the internal newsletter

Legitimate interest

Individual*

Full name, contact details

External visitors entering the controller’s premises

Protection of property and persons located on the controller's premises, recording entry, efficient management of the claims process

Legitimate interest

Individual*

Visitor data (full name, date of arrival and departure), purpose of visit, image recording of the individual, date and time of entry or exit from the area under video surveillance, , registration number of the vehicle, if the individual enters the area where automatic license plate recognition is carried out

Representatives of contractual partners (contractors and suppliers)

Performance of contracts for the provision of services and supply of goods

Contract

Individual*, business entity on whose behalf the representative works

Full name, contact details, job title, company name of the contractual partner, other data necessary for the conclusion and performance of the contract

Participants and winners of prize draws

Conducting the prize draw, notification of results, awarding the prize, and payment of advance income tax in the event that the prize value exceeds EUR 42

General terms and conditions of the prize draw, Code of Obligations, Income Tax Act, Tax Procedure Act, consent

Individual*, parents or guardians of the winners if the prize winner is under 15 years of age

Contact details; in the case of a prize winner also tax number; other data in accordance with the general terms and conditions of the prize draw

Shareholders of the controller

Holding of the company's general meetings, payment of dividends, notification of shareholders, payment of tax

Companies Act, Insurance Act, Book Entry Securities Act, etc.

Central register at the Central Securities Clearing Corporation, individual*

Full name, address, number of shares, tax number, amount of payment, advance payment of income tax, date of payment

Controller's bondholders

Bond payment, reporting, bond coupon payments, notification, tax payment

Companies Act, Book Entry Securities Act, etc.

Central register at the Central Securities Clearing Corporation, individual*

Full name, address, number of bonds, tax number, amount of payment, advance payment of income tax, date of payment

Lawyers, bailiffs, receivers, court experts and appraisers and court interpreters

Communication in proceedings by order of the court or a client represented by a lawyer, or based on statutory authorisation in personal bankruptcy, enforcement and security proceedings, and other proceedings

Attorneys Act and power of attorney, Courts of Justice Act, Law on enforcement and protective measures, Financial Operations, Insolvency Proceedings and Compulsory Dissolution Act, etc.

Individual*, other persons involved in procedures, databases

Full name and contact details, content of the request, submissions in the proceedings, opinions or reports

Persons obliged to disclose circumstances indicating a (potential) conflict of interest, their family members and recipients of disclosures

Managing risks arising from actual and potential conflicts of interest, verifying the existence of circumstances that could lead to a conflict of interest, implementing rules, procedures and measures

Companies Act, Slovenian Sovereign Holding Act, Integrity and Prevention of Corruption Act

Individual*, databases

Full name, job title/position, debts, liabilities or guarantees undertaken and loans granted of a certain value held by the obliged person themselves or by companies in which the obliged person holds more than a 25% ownership stake, manner of connection with the related person, other facts and information about the matter, data related to the legal transaction in question, qualified related person, and the decision-making process regarding the permissibility of transactions with the qualified related person

Applicants to the controller's calls for tenders and recipients of funds – sponsorships and donations

For carrying out the selection procedure in accordance with the conditions of the call, processing applications and selecting projects, publishing selection results, payment of funds, for promotional and other purposes within the scope of the individual project, conclusion and performance of the contract and other activities

Call for tenders, contract, consent, Code of Obligations

Applicant (individual* or associations and institutions in the field of socially responsible activities)

Data specified in the call for tenders, data necessary for the conclusion and performance of the contract, data processed based on the individual's consent

Participants in events organised or co-organised by the controller

Organisation or co-organisation of events, sending invitations to various events and activities, and for publication in the media, on the controller's website, on its social media profiles, and on the websites of individual events, carrying out other activities in accordance with the consent given

Consent, without consent in the case of individual participation in mass events, contract

Individual*, business entities

Contact details and other data provided by individuals; in the context of mass events and photographing crowds, there is no processing of personal data, except when the subject of the photograph is a specific individual

Officials in public bodies

Inspection procedures, misdemeanour procedures and exchange of various submissions in proceedings, opinions and explanations from public bodies

Administrative Procedure Act, Minor Offences Act, Inspection Supervision Act, etc.

Individual, public body*

Full name, job title/position of the official, name of the public body and contact details

Beneficial owners of business entities, politically exposed persons (representative or authorised agent of the client, beneficial owners and their family members and close associates)

Customer due diligence, establishing and verifying the identity of the client, identifying the beneficial owner, monitoring business activities, reporting and documenting the reporting of data to the Office for Money Laundering Prevention

Prevention of Money Laundering and Terrorist Financing Act

Individual, business entity, databases and publicly available data, Office for Money Laundering Prevention*

Types of personal data specified by law

Representatives of the public

Handling journalistic and other inquiries from interested members of the public

Media Act, Access to Public Information Act

Individual*

Only data provided by the individual*

 

Additional notes to the list:

* Controller – Zavarovalnica Triglav, d.d.
* Processing of personal data - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
* Individual - an individual representative of the category of individuals whose data is processed and is listed in the first column of the list (e.g. employee, student, shareholder, prize draw participant, etc.);
* Databases - publicly accessible official collections/registers (e.g. business register), or registers and collections to whose data the controller can access on the basis of law;
* Authority - a body of state administration or other state body, a body of self-governing local community and holder of public authority, which is authorised by law to decide in an administrative matter;
* Official - a person who is authorised by law to decide in an administrative matter or to perform individual actions in an administrative procedure
** Legitimate interests - one of the legal bases for the processing of personal data for certain purposes pursued by the controller. These interests are detailed below.

Controller and contact details

Controller:
Zavarovalnica Triglav, d.d.
Miklošičeva cesta 19
1000 Ljubljana
01 4747 200

You can contact the Data Protection Officer:
Zavarovalnica Triglav, d.d.
Data Protection Officer
Miklošičeva cesta 19
1000 Ljubljana

Legitimate interests

Where necessary, we process your personal data based on our legitimate interests. These interests include:

  • Equipping business communications with marketing content,
  • Ensuring the operation of information systems, network and information security (preventing events, illegal or malicious actions that threaten the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of related IT services), preventing unauthorised access to the controller's information systems and responding to computer security threats and incidents;
  • For the purpose of protecting and securing the controller's property and employees from threats and violence, and in similar cases where, without processing individuals' personal data, the controller could not protect and enforce its own legitimate interests and rights enjoyed in accordance with the law, which also includes the implementation of video surveillance of entrances to business premises to clarify the circumstances of criminal acts against the controller's employees and property, and monitoring access to the controller's business premises to prevent unauthorised access to business premises and to ensure house rules within the controller's business premises.

Certain legitimate interests concerning internal categories of individuals (e.g. employees) are communicated to them in a manner customary at the controller.

How long do we retain personal data?

When we process your personal data based on laws, we retain it until the expiry of the statutory retention periods. When we process your personal data based on a contract, we retain it until the fulfilment of obligations under the contract and until the expiry of periods set by regulations concerning the retention of business documentation and taxes. Personal data processed based on consent is retained until consent is withdrawn or until the period specified in the consent. Personal data processed based on the legitimate interests of Zavarovalnica Triglav, d.d. is retained until the legitimate interest is fulfilled, or at most until the expiry of periods set by regulations.

Do I have any obligation regarding the provision of personal data?

You must provide us with the data we require for the conclusion, performance and fulfilment of contractual obligations, and the data that we, as the controller, are required to collect in accordance with prescribed obligations (e.g. according to regulations in the fields of insurance, taxes, employment relationships, etc.). Without your data, we cannot conclude a contract with you, nor can we perform or fulfil it if you have already entered into one.

Is automated decision-making, including profiling, which has legal or similar significant effects on me, carried out?

We do not make decisions that are based solely on the automated processing of your data and that include profiling and have legal or similar effects on you.

If you are a (potential) client of Zavarovalnica Triglav, d.d., please also read the Information regarding the processing of personal data in the field of insurance.

If you are a visitor to the websites or a user of the applications of Zavarovalnica Triglav, d.d., you can obtain more information in the Privacy Policy of Zavarovalnica Triglav, d.d.

What rights do I have regarding my personal data?

You can request at any time:

  • Access to your personal data (to obtain information on whether we are processing your personal data, to access it, or to obtain a copy of your personal data; to obtain information about the purposes of the processing, the categories of data, the recipients or categories of recipients of this data, etc.);
  • Rectification or erasure of your personal data (erasure cannot be requested for data that is stored or processed by law, and in some cases, erasure of data also means the termination of the contractual relationship with us);
  • Restriction of the processing of your personal data (e.g. until its accuracy is verified);
  • Portability of your personal data (where the data is processed based on consent or a mutual contract and by automated means, you can receive the personal data concerning you or request that it be transferred to another controller);
  • To object to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, and where this decision is not necessary for entering into or performing a contract, or is not permitted by UK or EU law, or is not based on your explicit prior consent;
  • To object to the processing of personal data concerning you, which is carried out solely in the legitimate interests of the insurance company or in the public interest (in this case, we will cease processing your personal data; an exception applies if we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if we need it for the establishment, exercise or defence of legal claims);

If we process your personal data based on your consent, you can withdraw your consent for processing at any time, either temporarily or permanently. In this case, your withdrawal applies from that point onwards and does not affect processing that has been carried out before the withdrawal.
You can exercise your rights by:

  • Sending a written request to: Zavarovalnica Triglav, d.d., Miklošičeva cesta 19, 1000 Ljubljana, Slovenia or
  • Emailing info@triglav.si
  • Using the online forms provided by Zavarovalnica Triglav, d.d.

In case of any questions or regarding the exercise of your rights, you can also contact our Data Protection Officer: dpo@triglav.si.

The Information Commissioner, Dunajska cesta 22, 1000 Ljubljana, carries out supervision over the lawfulness of processing and the protection of personal data in general in the Republic of Slovenia.

Complementary Content
${loading}