In addition to the categories of individuals whose data is processed in accordance with the provisions of the Insurance Act (policyholders, insured persons, beneficiaries and other individuals involved in insurance transactions, such as injured parties and witnesses), Zavarovalnica Triglav, d.d. also processes personal data of other categories of individuals, based on other legal bases.
If you are not a potential client or customer of Zavarovalnica Triglav, d.d. or an insurance-related person (e.g. a beneficiary, injured party, witness), a visitor to our website or a user of our services, we use this list to inform you for which purposes, on what basis and what personal data we process* in relation to you:
Category of individuals |
Purpose of processing |
Basis for processing** |
Source of data |
Categories of personal data relating to you |
---|---|---|---|---|
Employees of the controller |
Conclusion and performance of the employment contract, provision of data to authorised recipients, fulfilment of obligations stipulated by regulations in the event of accidents at work, collective accidents, hazardous events, identified occupational diseases and work-related illnesses, provision of preventive health checks, provision of measures for safety and health at work and fire safety, and performance of other obligations arising from regulations and contracts |
Employment Relationships Act, Health and Safety at Work Act, Labour and Social Security Registers Act, Income Tax Act and others, collective agreements, contract, consent, legitimate interests of the insurance company – employer |
Individual*, public databases |
Personal data determined by regulations, data necessary for the conclusion and performance of the contract, data processed based on the legitimate interests of the employer as controller |
Employees in Triglav Group companies |
Performance of prescribed obligations (management, strategic development, operational activities) |
Insurance Act, Delegated Regulation (EU) Solvency II, legitimate interests |
Individual*, Triglav Group company |
Full name, contact details, job title, name and code of the organisational unit, name of the Triglav Group company, and other data within the framework of the management system, internal control, risk management and implementation of other prescribed requirements |
Jobseekers |
Selection of candidates for an advertised vacant position |
Employment Relations Act, other regulations laying down the conditions for the post |
Individual* |
Data provided by the job seeker or obtained during the selection process (full name, date of birth, contact details, education details, work experience details, additional skills details, references, competency assessment, etc.) |
Insurance agents and brokers |
Supervising the work, keeping a register of insurance agents, accounting for commissions, calculating and paying income tax and other duties in accordance with the applicable regulations |
Contract, Insurance Act, Code of Obligations, Income Tax Act, etc. |
Individual*, business entity, Insurance Supervision Agency, databases |
Full name, contact details, regulatory and other information necessary for the conclusion and performance of the contract |
Scholarship recipients of the controller |
Fulfilling obligations and exercising rights under the scholarship agreement |
Scholarship Act, scholarship agreement |
Individual*, educational institutions |
Data specified by law and data necessary for the conclusion and performance of the scholarship agreement |
Natural persons performing work for the controller on the basis of a copyright contract or a contract for work |
Conclusion and fulfilment of obligations and exercising rights under a copyright contract or a contract for work |
Contract, Copyright and Related Rights Act, Code of Obligations |
Individual* |
Contact details and data necessary for the conclusion and performance of the contract |
Pupils and students working via referral slips issued by authorised organisations providing temporary work services for pupils and students |
Pension and disability insurance, health insurance, and insurance for injuries at work and occupational diseases, as well as fulfilling other obligations and exercising rights arising from work performed via the referral slip |
Student work referral slip, Employment and Insurance Against Unemployment Act, Labour Market Regulation Act, etc. |
Student work agency, individual* |
Data from the student referral slip: full name, contact details, details about the educational institution and course of study, student status, type of work, date of work performed, number of hours worked |
Pupils and students on practical training and their mentors |
Conducting practical training for students and pupils and fulfilling obligations and exercising rights from the contractual relationship between the controller, the educational institution and the student or pupil |
Vocational and Professional Education Act, contract |
Individual*, educational institution, mentor |
Data necessary for the conclusion and performance of the contract |
Members of the supervisory board and candidates for members of the supervisory board, and related persons |
Convening meetings, attendance at meetings at the controller, payment of meeting fees, entry into the court register, fulfilling other legal obligations, verifying the fulfilment of fit and proper criteria for a member or candidate member of the supervisory board |
Companies Act, Insurance Act, Worker Participation in Management Act, Court Register Act, Financial Instruments Market Act, etc. |
Individual*, databases |
Data specified by regulations, data from public databases (including an extract from the criminal record), and data concerning their related persons (full name, connection to the member, description of senior management position or function in another legal entity), which the individual provides themselves in accordance with the controller's internal rules to fulfil the controller's legal obligations |
Members of the management board at the controller and related persons |
Fulfilling legal obligations, entry into the court register, reporting to supervisory authorities and other data reporting obligations, verifying the fulfilment of fit and proper criteria for a member or candidate member of the management board |
Companies Act, Insurance Act, Worker Participation in Management Act, Court Register Act, Financial Instruments Market Act, etc. |
Individual*, databases, Insurance Supervision Agency |
Data specified by regulations, data from public databases (including an extract from the criminal record), other data, and data concerning their related persons (full name, connection to the member, description of senior management position or function in another legal entity), which the individual provides themselves in accordance with the controller's internal rules to fulfil the controller's legal obligations, or which are obtained by the Insurance Supervision Agency. |
Pensioners who were employed by the controller before the retirement |
For providing information about company events and for sending the internal newsletter |
Legitimate interest |
Individual* |
Full name, contact details |
External visitors entering the controller’s premises |
Protection of property and persons located on the controller's premises, recording entry, efficient management of the claims process |
Legitimate interest |
Individual* |
Visitor data (full name, date of arrival and departure), purpose of visit, image recording of the individual, date and time of entry or exit from the area under video surveillance, , registration number of the vehicle, if the individual enters the area where automatic license plate recognition is carried out |
Representatives of contractual partners (contractors and suppliers) |
Performance of contracts for the provision of services and supply of goods |
Contract |
Individual*, business entity on whose behalf the representative works |
Full name, contact details, job title, company name of the contractual partner, other data necessary for the conclusion and performance of the contract |
Participants and winners of prize draws |
Conducting the prize draw, notification of results, awarding the prize, and payment of advance income tax in the event that the prize value exceeds EUR 42 |
General terms and conditions of the prize draw, Code of Obligations, Income Tax Act, Tax Procedure Act, consent |
Individual*, parents or guardians of the winners if the prize winner is under 15 years of age |
Contact details; in the case of a prize winner also tax number; other data in accordance with the general terms and conditions of the prize draw |
Shareholders of the controller |
Holding of the company's general meetings, payment of dividends, notification of shareholders, payment of tax |
Companies Act, Insurance Act, Book Entry Securities Act, etc. |
Central register at the Central Securities Clearing Corporation, individual* |
Full name, address, number of shares, tax number, amount of payment, advance payment of income tax, date of payment |
Controller's bondholders |
Bond payment, reporting, bond coupon payments, notification, tax payment |
Companies Act, Book Entry Securities Act, etc. |
Central register at the Central Securities Clearing Corporation, individual* |
Full name, address, number of bonds, tax number, amount of payment, advance payment of income tax, date of payment |
Lawyers, bailiffs, receivers, court experts and appraisers and court interpreters |
Communication in proceedings by order of the court or a client represented by a lawyer, or based on statutory authorisation in personal bankruptcy, enforcement and security proceedings, and other proceedings |
Attorneys Act and power of attorney, Courts of Justice Act, Law on enforcement and protective measures, Financial Operations, Insolvency Proceedings and Compulsory Dissolution Act, etc. |
Individual*, other persons involved in procedures, databases |
Full name and contact details, content of the request, submissions in the proceedings, opinions or reports |
Persons obliged to disclose circumstances indicating a (potential) conflict of interest, their family members and recipients of disclosures |
Managing risks arising from actual and potential conflicts of interest, verifying the existence of circumstances that could lead to a conflict of interest, implementing rules, procedures and measures |
Companies Act, Slovenian Sovereign Holding Act, Integrity and Prevention of Corruption Act |
Individual*, databases |
Full name, job title/position, debts, liabilities or guarantees undertaken and loans granted of a certain value held by the obliged person themselves or by companies in which the obliged person holds more than a 25% ownership stake, manner of connection with the related person, other facts and information about the matter, data related to the legal transaction in question, qualified related person, and the decision-making process regarding the permissibility of transactions with the qualified related person |
Applicants to the controller's calls for tenders and recipients of funds – sponsorships and donations |
For carrying out the selection procedure in accordance with the conditions of the call, processing applications and selecting projects, publishing selection results, payment of funds, for promotional and other purposes within the scope of the individual project, conclusion and performance of the contract and other activities |
Call for tenders, contract, consent, Code of Obligations |
Applicant (individual* or associations and institutions in the field of socially responsible activities) |
Data specified in the call for tenders, data necessary for the conclusion and performance of the contract, data processed based on the individual's consent |
Participants in events organised or co-organised by the controller |
Organisation or co-organisation of events, sending invitations to various events and activities, and for publication in the media, on the controller's website, on its social media profiles, and on the websites of individual events, carrying out other activities in accordance with the consent given |
Consent, without consent in the case of individual participation in mass events, contract |
Individual*, business entities |
Contact details and other data provided by individuals; in the context of mass events and photographing crowds, there is no processing of personal data, except when the subject of the photograph is a specific individual |
Officials in public bodies |
Inspection procedures, misdemeanour procedures and exchange of various submissions in proceedings, opinions and explanations from public bodies |
Administrative Procedure Act, Minor Offences Act, Inspection Supervision Act, etc. |
Individual, public body* |
Full name, job title/position of the official, name of the public body and contact details |
Beneficial owners of business entities, politically exposed persons (representative or authorised agent of the client, beneficial owners and their family members and close associates) |
Customer due diligence, establishing and verifying the identity of the client, identifying the beneficial owner, monitoring business activities, reporting and documenting the reporting of data to the Office for Money Laundering Prevention |
Prevention of Money Laundering and Terrorist Financing Act |
Individual, business entity, databases and publicly available data, Office for Money Laundering Prevention* |
Types of personal data specified by law |
Representatives of the public |
Handling journalistic and other inquiries from interested members of the public |
Media Act, Access to Public Information Act |
Individual* |
Only data provided by the individual* |
Additional notes to the list:
* Controller – Zavarovalnica Triglav, d.d.
* Processing of personal data - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
* Individual - an individual representative of the category of individuals whose data is processed and is listed in the first column of the list (e.g. employee, student, shareholder, prize draw participant, etc.);
* Databases - publicly accessible official collections/registers (e.g. business register), or registers and collections to whose data the controller can access on the basis of law;
* Authority - a body of state administration or other state body, a body of self-governing local community and holder of public authority, which is authorised by law to decide in an administrative matter;
* Official - a person who is authorised by law to decide in an administrative matter or to perform individual actions in an administrative procedure
** Legitimate interests - one of the legal bases for the processing of personal data for certain purposes pursued by the controller. These interests are detailed below.
Controller and contact details |
Controller:
Zavarovalnica Triglav, d.d.
Miklošičeva cesta 19
1000 Ljubljana
01 4747 200
You can contact the Data Protection Officer:
Zavarovalnica Triglav, d.d.
Data Protection Officer
Miklošičeva cesta 19
1000 Ljubljana
|
Legitimate interests |
Where necessary, we process your personal data based on our legitimate interests. These interests include:
Certain legitimate interests concerning internal categories of individuals (e.g. employees) are communicated to them in a manner customary at the controller. |
How long do we retain personal data? |
When we process your personal data based on laws, we retain it until the expiry of the statutory retention periods. When we process your personal data based on a contract, we retain it until the fulfilment of obligations under the contract and until the expiry of periods set by regulations concerning the retention of business documentation and taxes. Personal data processed based on consent is retained until consent is withdrawn or until the period specified in the consent. Personal data processed based on the legitimate interests of Zavarovalnica Triglav, d.d. is retained until the legitimate interest is fulfilled, or at most until the expiry of periods set by regulations. |
Do I have any obligation regarding the provision of personal data? |
You must provide us with the data we require for the conclusion, performance and fulfilment of contractual obligations, and the data that we, as the controller, are required to collect in accordance with prescribed obligations (e.g. according to regulations in the fields of insurance, taxes, employment relationships, etc.). Without your data, we cannot conclude a contract with you, nor can we perform or fulfil it if you have already entered into one. |
Is automated decision-making, including profiling, which has legal or similar significant effects on me, carried out? |
We do not make decisions that are based solely on the automated processing of your data and that include profiling and have legal or similar effects on you. If you are a (potential) client of Zavarovalnica Triglav, d.d., please also read the Information regarding the processing of personal data in the field of insurance. If you are a visitor to the websites or a user of the applications of Zavarovalnica Triglav, d.d., you can obtain more information in the Privacy Policy of Zavarovalnica Triglav, d.d. |
What rights do I have regarding my personal data? |
You can request at any time:
If we process your personal data based on your consent, you can withdraw your consent for processing at any time, either temporarily or permanently. In this case, your withdrawal applies from that point onwards and does not affect processing that has been carried out before the withdrawal.
In case of any questions or regarding the exercise of your rights, you can also contact our Data Protection Officer: dpo@triglav.si. The Information Commissioner, Dunajska cesta 22, 1000 Ljubljana, carries out supervision over the lawfulness of processing and the protection of personal data in general in the Republic of Slovenia. |