PRIVACY POLICY OF ZAVAROVALNICA TRIGLAV, D.D.

IMPORTANT: This privacy policy also applies to policyholders, insured persons and other categories of individuals whose personal data was processed by Triglav, Zdravstvena zavarovalnica, d.d. until its merger with Zavarovalnica Triglav, d.d. Following the registration of the merger in the court register, Zavarovalnica Triglav, d.d. became the controller instead of Triglav, Zdravstvena zavarovalnica, d.d.

We collect and further process your data in accordance with the regulations governing the protection of personal data.

1.1 When do we obtain your personal data?

We obtain your personal data from you when you:

• use our website;

• use our online or mobile applications;

• call our phone numbers (e.g. 080 28 64);

• request an insurance quotation;

• take out an insurance policy with Zavarovalnica Triglav, d.d.;

• ask us for information;

• provide feedback or make a complaint;

• report an insurance claim or incident;

• report insurance fraud;

• subscribe to receive notifications from Zavarovalnica Triglav, d.d.;

• use other services provided by Zavarovalnica Triglav, d.d.;

• participate in prize draws or competitions (co-)organised by Zavarovalnica Triglav, d.d.;

• in other circumstances as outlined in this policy.

You can find information about the processing of personal data relating to taking out and managing insurance policies with Zavarovalnica Triglav, d.d. in the Insurance and Personal Data section.

1.2 When you visit our website

Our websites (*.triglav.si, *.triglav.eu, triglavtek.si, triglavzdravje.si, vsebovredu.triglav.si) are publicly accessible and intended for general use and information. They also offer various other functionalities.

Visitors to Zavarovalnica Triglav, d.d.'s websites can always choose when and how they wish to contact us (by phone, email, applications or through online forms). Website visitors also decide which free interactive tools (e.g. information calculators) they will use.

Zavarovalnica Triglav, d.d. uses data related to website visits or mobile app usage for the following purposes:

• To monitor and analyse the performance of our online and mobile applications;

• For the technical maintenance and development of Zavarovalnica Triglav, d.d.'s websites and services;

• To provide information about Zavarovalnica Triglav, d.d.'s services and products, and other important information (business updates, tender notices, events, etc.).

• To manage relationships with existing clients and provide selected services;

• For other purposes as outlined in this privacy policy.

When you visit Zavarovalnica Triglav, d.d.'s website, mobile apps or online application the server automatically collects details about your visit, such as:

• Your IP address;

• URL of the website from which you accessed our site;

• Your browser settings and information about your computer or mobile device's operating system;

• The content you view on Zavarovalnica Triglav, d.d.'s website or application;

• Date of access and duration of your visit to Zavarovalnica Triglav, d.d.'s websites or application.

You will also encounter the term 'cookies' on our websites, mobile apps, online applications and other digital solutions. You can find more detailed information about these by following the 'Use of Cookies' link, which forms part of this policy. Cookies are small text files that most websites store on users' devices when they access the internet. This enables us to recognise the devices used by our visitors to access our services. Visitors or users of websites can manage cookies themselves (save, limit or disable them). The purpose of cookies is to make websites more user-friendly by recording users' interests, preferences and experiences, and improving the efficiency of information retrieval, while not making it possible to identify specific individuals.

2.3 When you fill out online forms

Typically, our online forms will specify the personal data Zavarovalnica Triglav, d.d. needs to provide you with the information, help or service you've asked for.

The following online forms are available on the Zavarovalnica Triglav, d.d. website. Through these forms we may collect and process the data listed below, in addition to the data referred to in the previous point of this Privacy Policy:

2.4 Use of web applications

If you use Zavarovalnica Triglav, d.d.'s web applications, we may also collect other personal data from you that we need either to provide access to information regarding your concluded insurance policies or to perform other services that you, as an existing client, subscribe to for the purpose of claiming discounts and other benefits.

Zavarovalnica Triglav, d.d. manages the following web applications and collects data within them as follows:

• i.triglav web app
• i.triglav web app for business users
• Procurement Portal
  

The i.triglav web application and the i.triglav web application for business users are intended for existing clients with non-life or life insurance or health insurance with Zavarovalnica Triglav, d.d. or insurance with Triglav, pokojninska družba, d.d.

Within the i.triglav web application, we process the following personal data:

• Data upon registration (full name, email address, password);

• Data upon login (full name, email address, password, tax number, digital certificate information, health insurance card number for health insurance policies, address details, mobile phone number);

• Data on insurance policies (non-life, life and health insurance), data on agent appointment requests, data on the status and structure of accumulated funds from insurance policies and other investments, indicative calculation of the value of investment-linked, unit-linked or pension insurance policies, data on forms and applications for communicating data and requests related to insurance policies, data on payments for each insurance policy, data on reported claims;

• Data on the use of the web application (IP address, date of last login, mobile device name, operating system version of the device or browser, duration of visit, list of visited pages, browsing history, list of recent visits).

You can find information about using the i.triglav web application in the Terms of Use.

The Procurement Portal web service is an application that facilitates the execution of Zavarovalnica Triglav, d.d.'s tenders. We provide information on open tenders and the possibility to submit bids online. The web service is intended for companies and sole traders who wish to do business with Zavarovalnica Triglav. Within the Procurement Portal, Zavarovalnica Triglav, d.d. processes the following data:

• Data upon registration (full name, email address, department, phone number, password, company tax number, company registration number);

• Data upon login (email address, password);

• Data for the purpose of participating in selected tenders (specification, amount of business value, full name of company representative, tender attachments, phone number of representative, history, time and reason for changes)

• Data on the use of the web application (IP address, date of last login, mobile device name, operating system version of the device or browser, duration of visit, list of visited pages, browser history, list of recent visits).

2.5 Use of mobile applications

We also offer free mobile apps for anyone who loves the latest technologies:

More information on the processing of personal data in mobile applications can be found in the Terms of Use, while the terms of use for the Drajv mobile application are available here.

We collect the following personal data about users of mobile applications:

• Basic data about the subject: policyholder, insured party, payer, user or other subjects who interact with us in any way;
• Data about the vehicle or other object of insurance;
• Data about the mobile device (if you use one) or other electronic device you use;
• Data from telemetry applications (e.g. DRAJV) and other Zavarovalnica Triglav mobile applications (e.g. Triglav Vreme, etc.);
• Data obtained in the context of client relationship management (assistance requests and claims reported via i.triglav).

We also store cookies which can uniquely identify the application installed on your device and how you use it.

We use personal data obtained through mobile applications for the purpose of:

• Providing access to data and information regarding your taken out insurance policies;
• Providing an additional communication channel for reporting assistance or claims;
• Applying, collecting and monitoring benefits and discounts;
• Providing information related to the Vse bo: v redu (Everything Will Be Alright) portal and other Zavarovalnica Triglav, d.d. online content;
• Providing technical support to users;
• Performing cloud and other mobile application analytics;
• Developing and upgrading service functionalities;
• Improving user experience;
• Analysing user trends;
• Assessing the level of safety for obtaining insurance premium benefits;
• Performing data processing in accordance with given consents.

Processing location data on mobile application users

To enable the correct functioning of the DRAJV, Triglav Vreme and i.triglav applications, and to ensure the use of all functionalities of these mobile applications, we process the user's location data obtained from their mobile device. We process location data in a way that does not allow users to be identified. In cases where the processing of location data is strictly necessary for the operation of (certain) application functionalities, its processing is part of the general terms of use of the application. In these general terms, we inform users which data we will process, for what purpose and for how long, as well as about the possibility of transferring this location data to a third party for the provision of a value-added service (e.g. in the context of roadside assistance, processing the coordinates of the client's location to determine as accurately as possible the location of the user requesting roadside assistance). The user can manage the use of location data in the "location services" settings of their mobile device for each connection to the network or for each communication transfer. However, this may disable the use of the entire application or some of its functionalities if they require location data to operate.

2.6 Use of email

You can email Zavarovalnica Triglav, d.d. using the addresses listed on our website, www.triglav.si. If you choose to do this, you decide what personal information to include in your message. When you do so, you decide what personal data you share with us. Zavarovalnica Triglav, d.d. will then process your email address and the content of your message in accordance with that content and considering the nature of our relationship.

2.8 Use of telephones

You may also contact Zavarovalnica Triglav, d.d. by telephone. Furthermore, employees of Zavarovalnica Triglav, d.d. or representatives of its contractual processors may contact you by telephone should you have expressed a preference for this method of communication or have provided your consent to receive such calls.

In the event that a telephone conversation is recorded, you will be explicitly notified prior to the commencement of the communication or via an automated voice announcement. Recordings are retained and processed for the purposes of substantiating business communications, specifically to ascertain the facts and circumstances of the matters under consideration and the information furnished by clients in accordance with the stipulations of the legislation governing electronic communications.

2.9 Video surveillance at the entrances to head office and regional units of Zavarovalnica Triglav, d.d.

For the purpose of safeguarding people and the property of Zavarovalnica Triglav, d.d. we operate video surveillance at the entrances to the head office and regional units of Zavarovalnica Triglav, d.d. In such cases, you are informed of this by a specific notice displayed in a prominent location. In connection with the surveillance, we collect the following data: image recording of the individual, date and time of entry and exit from the area under video surveillance.

For the purpose of efficient management of the claims process, automatic license plate recognition is carried out at our regional unit, located at Verovškova ulica 60b, 1000 Ljubljana. In such case, you are informed of this by a special notice displayed in a prominent location. In connection with the implementation of the automatic license plate recognition system, we additionally process data on the registration number of the vehicle.

2.10 Filming and photography at events organised by Zavarovalnica Triglav, d.d.

We strengthen the Triglav brand by organising various sporting, cultural and socially responsible events (such as Planica, the Triglav Run and Let’s Clean Up our Mountains), during which we may also process the personal data of participants.

The initial processing of personal data usually occurs upon registration, where event registration is required. When creating registration forms, we therefore ensure that we only request the data genuinely needed from participants for the organisation and execution of the event itself. When registering for an event, individuals may also complete a "Consent for Personal Data Processing" form – specifically for recordings in which they are depicted, meaning photographs and/or video footage. We process recordings containing an individual's image based on their consent. We are particularly careful when the recording features a minor under the age of 15, in which case we require the consent for personal data processing to be given by their legal guardian. We require consent both for creating the recording and for its publication on websites, social media, printed media, etc. Without consent, we will only publish photographs where the individual is not identifiable, i.e., they cannot be recognised, such as blurred photographs, shots from behind, close-ups of hands, etc.

We handle mass attendance or larger events differently. Anyone attending a larger or public event (as a performer or spectator) should be aware that there is a higher likelihood of being photographed or filmed at such an event. At these events, we may photograph and film the event itself or create a report that includes images of individuals, while taking care to ensure that individuals are not the central focus of the recording. Prior to such events, we always publish a notice stating that the event will be recorded. If you wish for a published photograph where you are the central subject to be removed, or if you do not wish to appear in the frame or participate with a statement in a video, please inform us in advance or as soon as possible at info@triglav.si. Zavarovalnica Triglav processes photographs and video footage for the purpose of publishing photo galleries of the event or video reports and for subsequent event promotion in databases that it establishes, manages and maintains in accordance with personal data protection regulations, and retains them for five years from their creation.

2.11 Prize draws

When you enter any prize draw organised or sponsored by Zavarovalnica Triglav, d.d., and provide your personal data as part of your entry or at the related event, Zavarovalnica Triglav, d.d. may process your data as the sole controller or a joint controller together with the organiser or other parties involved in running the prize draw or event.

We mainly process your personal data to run the prize draw or event and to award prizes. We will also use your data according to any separate consent you give when entering the prize draw or at the specific event. We keep this data until the prize draw or event is finished, or for 10 years if you win a prize. If you give consent, we will keep it until you withdraw it.

Zavarovalnica Triglav, d.d. may also process your personal data for other reasons if the law requires it.

If you win a prize worth more than EUR 42 or multiple prizes from Zavarovalnica Triglav, d.d. in a year totalling over EUR 84, we will also process your data to prepay income tax and will send it to the relevant tax office as required by the Income Tax Act. We keep this data for 10 years as required by law.

2.12 Use of data for marketing purposes

If you have given your appropriate consent when taking out insurance or when registering to participate in a prize draw or event, or in another way, Zavarovalnica Triglav, d.d. may also process your personal data for the following purposes:

We also conduct certain marketing activities based on our legitimate interests, specifically in the following situations:

• When the primary purpose is business communication related to your inquiries, the conclusion and execution of insurance contracts and mandatory notifications. In such cases, marketing content is included on the reverse side of business documents or in the email signature of sent messages;
• When sending offers to potential clients, both without prior profiling and with profiling that uses a limited set of non-sensitive personal data (e.g. name, permanent or temporary address, phone number, email address, fax number, age, gender, types of concluded insurance contracts, contract expiry date);
• When including marketing content in business communications.
  

You can find more information about our legitimate interests in the section titled "Processing of personal data based on legitimate interests".

Zavarovalnica Triglav, d.d. also uses contracted processors to conduct telephone marketing. You can find a brief explanation and more information about how this works here.

2.13 Use of data for operating loyalty programmes

Zavarovalnica Triglav, d.d. also processes personal data from its collections for the purposes of operating loyalty programmes, i.e. offering various benefits vouchers and additional discounts (e.g. inclusion in the Triglav komplet). Inclusion in the loyalty programme is entirely voluntary.

Triglav komplet

Within the Triglav komplet programme, we collect the following data based on the application form:

• Data on the holder: full name, tax number, date of birth, contact details (street and house number, postcode, town/city, phone number and email address);
• Data on the member: full name of the komplet holder, full name, date of birth, tax number, member's relationship to the holder (e.g. husband, wife, partner, child, parent, grandparent, brother, sister, grandchild, etc.), contact details (street and house number, postcode, town/city, phone number and email address);
• Data on the insurance policies included in the Triglav komplet package;
• Data on the discount amount.

2.14 During Fixed Photography on the Assessment Lane

At our regional unit, located at Verovškova ulica 60b, 1000 Ljubljana, we conduct photography of damaged passenger vehicles using a scanner. The photography is carried out while the individual drives the vehicle along the assessment lane, which means that in certain photos, the individual’s face may be visible. These faces are blurred to ensure they are not recognizable. In case of performing fixed photography on the assessment lane, you are informed about this through a special notice displayed in a prominent location. The photographs are stored and processed for the purpose of documentation and effective assessment of motor vehicle damage.

If you have taken out any form of insurance with Zavarovalnica Triglav, d.d. we can only administer it by processing your personal data. This also applies to instances where you have expressed an intention to take out insurance online. We do this with great care and only to the extent necessary to achieve the legitimate purposes of processing personal data, such as administering the insurance policy, paying out claims, recovering unpaid premiums and similar actions where the processing of personal data is unavoidable.

Generally, the information you provide when taking out, applying for or during your insurance policy is used solely for that purpose. If you experienced difficulties applying for insurance online and did not complete the process, we might contact you using the phone number or email address you gave us to help you complete it. However, depending on the situation, we might sometimes need to use this data for other insurance-related reasons, but only when we have a proper legal basis. These other uses of your insurance data usually come from specific legal obligations Zavarovalnica Triglav, d.d. has, such as preventing money laundering and terrorism financing, following domestic and international sanctions, and reporting to insurance regulators, law enforcement, tax authorities and similar bodies.

Obtaining personal data

We mainly obtain your personal data directly from you when you take out insurance and during the application process or while the insurance policy is in effect. However, in certain cases, depending on the type of insurance, we may also obtain it from other legal entities, individuals or government bodies. For example, if you have taken out life insurance, the insurance company may legally obtain certain information from your personal and treating doctors, healthcare providers, the national health insurance fund and similar organisations when you take out the policy, during its term or when a claim is paid. If you have taken out car insurance or been involved in a road accident, we may obtain your details from the police and other relevant authorities who hold them. If you have taken out a loan agreement with a bank and the bank has insured it with us against your non-payment, we will obtain your data from the lending bank. If you have taken out health insurance, the insurance company may legally obtain certain information from healthcare providers, the National Health Insurance Institute, and similar organisations when you take out the policy, during its term or when a claim is paid. If you took out insurance through an authorised external insurance agency, we will obtain your personal data from them. In cases stipulated by the Insurance Act, we may also obtain your data from other parties who hold it if we need it for the administration of the insurance policy and other legal obligations.

If you have entered into a contract with another company within the Triglav Group, Zavarovalnica Triglav, d.d. may also obtain your personal data from that company based on your consent or another legal basis for sharing. In cases stipulated by the Insurance Act, we may also obtain your data from other parties who hold it if we need it for the administration of the insurance policy and other legal obligations.

We may also obtain your personal data within the context of concluding and administering insurance policies where you are the beneficiary or the insured party, but not the policyholder or the payer of the insurance premium. For instance, when taking out group insurance, the insurance company may obtain data about the insured individuals based on a list provided to the insurer by the policyholder. In the context of life insurance in case of death, the insurance company obtains data about the beneficiary, which may include identification details, from the insured person.

For the specific purpose of ensuring the accuracy and updating the personal data of policyholders, insured persons and other beneficiaries of compensation or insurance payments, Zavarovalnica Triglav, d.d. may also obtain your personal data free of charge via electronic exchange from the Central Population Register, particularly when initiating enforcement proceedings, when pursuing subrogation claims, upon renewal of the insurance contract, when resolving claims, when establishing suspicious circumstances or if there is no response to requests during claim resolution or annuity payments.

Additional information pursuant to Articles 13 and 14 of the General Data Protection Regulation is available here.

If you are not a (potential) client of Zavarovalnica Triglav, d.d. or a person involved in insurance (e.g. beneficiary, injured party, witness, party liable for subrogation or their authorised representative), a visitor to our website or a user of our services, you can find some additional information about the processing of personal data, which is available here.

Zavarovalnica Triglav, d.d. also processes personal data based on our legitimate interests in specific situations and depending on the category of individuals, unless these interests are overridden by the individual's interests or fundamental rights and freedoms that require the protection of personal data. This means we only process your personal data based on legitimate interests when you, at the time of data collection and within its context, would reasonably expect such processing for a specific purpose.

We process personal data at Zavarovalnica Triglav, d.d. based on the following legitimate interests, depending on the circumstances and the individuals involved:

• Improving, developing and upgrading our insurance services, systems and products;

• Maintaining the technical functionality and security of our websites and services and preventing misuse;

• Managing client relationships and monitoring satisfaction, including providing apps with policy information and benefits (i.triglav, Triglav Komplet), conducting surveys, issuing premium vouchers, rewarding loyalty with gifts and running loyalty programmes;

• Sending push notifications in the i.triglav and DRAJV mobile applications;

• Including relevant marketing content in business communications;

• Preparing for sales discussions and reviewing existing insurance coverage;

• Contacting clients regarding insurance renewal or continuation;

• Understanding the needs and requirements of potential and existing clients, including offering new insurance products with relevant coverages identified during sales interactions;

• Sending general offers to all or potential clients without specific profiling and sending targeted offers with limited profiling using non-sensitive personal data (e.g. personal name, permanent or temporary address, phone number, email address or fax number, age, gender, types of concluded insurance contracts, contract expiry date, etc.). Our legitimate interest is to offer you, as a client, relevant insurance products and services within our registered business that are similar to your previous purchases. We may also use your email address for social media advertising. You have the right to object to data processing for direct marketing;

• Ensuring the accuracy and keeping up-to-date the personal data of policyholders, insured individuals and beneficiaries;

• Ensuring the operation and security of our IT systems, networks and information (preventing threats to data availability, authenticity, integrity and confidentiality, and the security of related IT services), preventing unauthorised access and responding to cyber security incidents;

• Protecting the property and employees of the insurance company from threats and violence, and in similar situations where processing personal data is necessary to protect and enforce our legitimate interests and legal rights. This includes using video surveillance for access control in our business premises to ensure the safety of people and property;

• For the conclusion, processing and exchange of personal data for reinsurance purposes;

• For the purpose of efficient management of the claims process, automatic license plate recognition is carried out in the motor vehicle damage assessment area;

• For the purpose of conducting an effective motor vehicle damage assessment, fixed photography using a scanner is carried out on the assessment lane;

• For performing actuarial calculations, settlements and controlling commission payments to insurance agents;

• For investigating suspected insurance fraud;

• For handling claims from parties liable for subrogation and those representing them, regarding the consideration of personal circumstances related to payment;

• Recording phone calls to the Assistance Centre to protect the interests of the insurance company and callers by clarifying information and ensuring the quality of assistance services;

• Carrying out fit and proper assessments of key function holders and business function holders within Zavarovalnica Triglav, d.d.;

• For internal administrative purposes within the Triglav Group or related companies;

• For internal analyses and monitoring of strategic goals within the Triglav Group.

What do we mean by 'reasonable expectations of individuals'?

These are your legitimate expectations regarding how we process your personal data. For example, you can reasonably expect us to ensure the functioning of the insurance company’s IT solutions and the security of personal data processing. Similarly, you would reasonably expect an insurance agent to be aware of the insurance policies you have already purchased and, based on this information and an assessment of your needs and requirements, to recommend suitable insurance products (for example, ones that better match your needs or offer additional coverage not included in your existing insurance policies). This also includes ensuring your physical safety when you visit our business premises. You may also reasonably expect to be rewarded for your loyalty and trust with additional discounts and benefits. Furthermore, you can reasonably expect us to handle your complaints and suggestions in a way that helps us to improve our services, making them more customer-friendly and of higher quality, and to develop additional functionalities in line with technological progress.

What are your rights regarding the processing of personal data based on legitimate interests?

You have the right to object at any time to the processing of your personal data carried out by Zavarovalnica Triglav, d.d. on the basis of legitimate interests.

If you object to the processing of your personal data based on our legitimate interests, we will no longer process your personal data unless, in accordance with the General Data Protection Regulation, we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing is necessary for the establishment, exercise or defence of legal claims. Notwithstanding the above, if you object to the processing of your personal data for the purposes of direct marketing based on legitimate interests—including profiling to the extent that it is related to such direct marketing—we will cease processing your personal data for those purposes immediately.

For more information on how to exercise your rights in relation to the processing of personal data, please refer to the section “Exercising your rights regarding personal data”.

We do not generally disclose your personal data to third parties in the course of providing insurance services. However, Zavarovalnica Triglav may occasionally be required to share your personal data with certain external recipients, provided that they demonstrate a valid legal basis for obtaining such data. These recipients are typically official authorities that require access to your personal data as part of official procedures they are conducting, but they may also include individuals who either request access through a court or can clearly demonstrate that you have authorised them to obtain your data.

We always verify any request from third parties to obtain your personal data to establish whether the party making the request is legitimate and if they possess the appropriate legal basis for acquiring it. A request for the disclosure of personal data must include: details of the applicant (for a natural person: full name and permanent or temporary address; for a sole trader, self-employed individual or legal entity: name or business name and registered office and registration number) and the signature of the applicant or their authorised representative; the legal basis for obtaining the requested personal data; the purpose of processing the personal data or the reasons demonstrating the necessity and appropriateness of the personal data for achieving the purpose of obtaining it; the subject matter and reference number or other identifier of the case in connection with which the personal data is required, and the indication of the authority or other entity dealing with the case; the types of personal data to be disclosed and the format and method of obtaining the requested personal data. In the event that a request for obtaining data is incomplete, we will refuse any disclosure of your data.

A list of categories of recipients of your personal data is available here.

Like most companies, Zavarovalnica Triglav, d.d. engages various processors for specific parts of personal data processing. These processors carry out some of the services on our behalf. Zavarovalnica Triglav enters into legally required data processing agreements with these processors of personal data, requiring them to adhere to the same standard of personal data protection as if the insurance company were carrying out these outsourced parts of the processing itself. Furthermore, these processors only process data for the purpose of performing the contractually defined services for the insurance company and for no other purpose. They are not permitted to use the data for their own purposes or the purposes of third parties.

A list of categories of your personal data processors can be found here.

We will retain your data for the period necessary to fulfil the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law.

The Insurance Act stipulates that data concerning policyholders and insured parties must be stored for 10 years after the termination of the insurance contract, or in the event of an insurance claim, for 10 years after the conclusion of the claim handling process. In the case of legal proceedings to recover unpaid obligations arising from insurance contracts, the data is retained for 10 years after the conclusion of the legal proceedings.

Data relating to insurance claims and the assessment of insurance cover and the amount of compensation or the insured sum is stored for 10 years after the conclusion of the claim handling process. If the insured party or the injured party submits a new claim to exercise rights arising from the insurance claim within this period, or if the submission of a new justified claim is reasonably expected after this period, the retention period will be extended as necessary, so that the data is kept for 5 years after the conclusion of the new claim handling process or for as long as the possibility of submitting a new justified claim exists. After the expiry of the retention period, the data is erased from the databases, and the documentation is destroyed in such a way that its content can no longer be determined or reused.

Data concerning potential policyholders and insured parties is stored for no longer than the point at which an insurance contract is concluded, or at most three months from the end of negotiations for an insurance contract, and in any event no more than six months from the date the data was obtained.

Your personal data that we process based on your consent and for the purposes defined in the consents will be stored until you withdraw your consent or you object to the processing of data for direct marketing purposes. The same applies to the processing of such data in related companies to whom the personal data was disclosed with your consent for the same processing purpose.

Where personal data is processed on the basis of legitimate interests, we retain it until the legitimate interest has been fulfilled or until you object to the processing, or at the latest until the expiry of statutory retention periods. Call recordings are stored and processed for the purpose of providing evidence of business communication for three years after the call. CCTV recordings are kept for a maximum of 3 months, except in the event of extraordinary incidents (injuries, falls, etc.), when the recordings are kept for a maximum of one year. After this time, the recordings are deleted.

Please be advised that certain personal data may be processed by automated means where such processing is necessary for the conclusion or performance of an insurance contract with you, where permitted by European Union or Slovenian legislation and appropriate measures are in place to protect your rights and freedoms, or where you have given your explicit consent.

In the event of data processing by automated means which produces legal effects concerning you or similarly significantly affects you, you have the right to request that a decision based solely on automated processing should not apply to you. You may do so by sending a request to info@triglav.si or dpo@triglav.si. In such cases, we will ensure that the automated decision is reviewed by a competent person within the insurance company.

About the filing system controller:

Zavarovalnica Triglav, d.d.
Miklošičeva cesta 19
1000 Ljubljana
01 474 72 00
info@triglav.si

You can contact the data protection officer:
Zavarovalnica Triglav, d.d.
Data protection officer
Miklošičeva cesta 19
1000 Ljubljana
dpo@triglav.si

For information on video surveillance, please call 01 580 61 12 or visit https://www.triglav.si/privacy-policy.

Purpose and legal basis for processing data from the video surveillance system:

Zavarovalnica Triglav, d.d. operates video surveillance at access points to its official or business premises with the aim of ensuring the safety and security of people and the property of the insurance company, its employees, clients, business partners, visitors and others entering the insurance company's business premises.

Video surveillance is also conducted within certain work areas where it is strictly necessary for the safety of persons or property, or for the protection of classified information or trade secrets.

For the purpose of efficient management of the claims process, automatic license plate recognition is also carried out in the area of the regional unit located at Verovškova ulica 60b, 1000 Ljubljana, where motor vehicle damage assessments are performed.

Zavarovalnica Triglav, d.d. carries out video surveillance on the basis of point (f) of Article 6(1) of the General Data Protection Regulation (GDPR), in conjunction with Article 76 et seq. of the Slovenian Personal Data Protection Act (ZVOP-2).

Personal data processed in connection with video surveillance:

Images of individuals, along with the date and time of entry to or exit from the premises (area) under video surveillance as well as registration number of the vehicle, if the individual enters the area where automatic license plate recognition is carried out.

Recipients or categories of recipients of personal data:

The contracted security service and the contracted video surveillance system maintenance provider.

Retention of recordings:

Video surveillance recordings are retained for a maximum of 3 months.

Your rights in relation to the processing of personal data:

You may exercise your rights relating to your personal data processed through video surveillance at Zavarovalnica Triglav, d.d.—such as the right to access your data, object to processing, request restriction of processing or erasure—by contacting us at: dpo@triglav.si.

For more information about data protection, please visit: https://www.triglav.si/privacy-policy.

Right to lodge a complaint:

You may lodge a complaint regarding the processing of your personal data in relation to video surveillance at Zavarovalnica Triglav, d.d. with the Information Commissioner (address: Dunajska 22, 1000 Ljubljana, email: gp.ip@ip-rs.si, phone: 01 230 97 30, website: www.ip-rs.si).

Special impacts of processing:

Authorised users (e.g. the police) may be granted access to archived footage and may receive excerpts of recordings where justified.

Unusual further processing:

Live monitoring of premises by a representative of the contracted security service on-site or from the security monitoring centre of Zavarovalnica Triglav, d.d.

10.1 Technical and organisational measures

Zavarovalnica Triglav, d.d. implements physical, organisational and technical measures to protect data against loss, theft, inaccessibility and unauthorised use. We protect your data in accordance with applicable legislation and internal policies governing the protection and security of personal data within Zavarovalnica Triglav, d.d., as well as the field of information security.

All employees of Zavarovalnica Triglav, d.d., contractual processors and other persons who process data on the basis of your consent or another valid legal basis are bound to maintain the confidentiality of your data and may not disclose it to unauthorised individuals or to persons who do not have a legal basis for its processing. Access to your personal data is granted only to those persons who need the data to process it on our behalf. These individuals are subject to contractual confidentiality obligations, and in the event of breaches, appropriate action may be taken against them.

Business premises where data carriers, hardware and software are located are carefully protected with measures that prevent unauthorised access to personal data by unauthorised persons.

We implement, review and maintain security procedures that correspond to the latest technological advancements, standards and data protection practices.

The insurance company's internal network is protected from the external world by a firewall system and other active intrusion prevention and detection systems that reflect the latest technological standards.

Zavarovalnica Triglav, d.d.'s online and mobile applications are accessible only after logging in with individual identification, such as a username and password, personal digital certificate, and other methods.

Users only have access to the data they need to perform their work and tasks or to which they have legitimate access.

10.2 Recommended measures for the protection of privacy and the liability of individuals

We recommend that individuals, i.e., all recipients of this policy, also take steps to protect their own privacy:

• Ensuring accurate and up-to-date data

If you have taken out insurance with our company, we urge you to inform us promptly of any changes to your personal data. We will endeavour to update your data as soon as possible upon receiving your notification.

To help us keep your information complete, accurate and up-to-date, you can provide your consent when taking out insurance or at any later point. This is beneficial because errors can sometimes occur when we record personal details like your name, date of birth or tax number. By consenting, you allow us to verify and correct this information directly with official records such as the Central Population Register, saving you the inconvenience of further calls or contact.

• Email and secure repository

Before sending us an unencrypted email via your internet service provider, please be aware that its content online may not be protected against unauthorised reading, forgery, etc.

Secure document exchange between Zavarovalnica Triglav, d.d. and individuals is ensured by a secure repository that employs strong security measures, including two-factor authentication as well as data encryption. Zavarovalnica Triglav, d.d. can send you a link upon your request where you can upload documents. You can also use this link to download documents.

• Use of passwords
  

We recommend that you ensure the security of passwords or other identifiers that you use to log in. Be careful to store them appropriately and do not disclose them to others.

If, as a user of our services, you discover misuse of your username and password or other user identifier that you use to access the web applications of Zavarovalnica Triglav, d.d., please notify us as soon as possible at info@triglav.si. Upon notification, we will disable further use of the password.

In the event that you lose or forget your login information (user password) that you use to access the web applications of Zavarovalnica Triglav, d.d., you can reset your user password by entering the personal email address you provided as your contact email address. You will receive an email at this address with a link to reset your user password.

• Antivirus protection
  

We recommend that you have active software protection against malicious code installed on the device you use to access Zavarovalnica Triglav, d.d.'s content. More information regarding internet threats and protection recommendations can also be found at https://www.varninainternetu.si/

10.3 Digital social network rules

Zavarovalnica Triglav d.d. uses the digital social networks Facebook, YouTube, LinkedIn, Instagram, and TikTok to engage with individuals and the wider public. Therefore, it is important for individuals to familiarise themselves with the rules of these networks, their privacy policies and the privacy settings available on the following links: Facebook, Youtube, LinkedIn, Instagram, TikTok.

You should also be aware that anything you post on the internet is visible to the wider public, so it is very important to observe proper online etiquette (so-called "netiquette"), including the following:

• Express your opinions and views in a respectful manner;
• Do not disclose confidential or sensitive personal information;
• Do not share information for which you do not have publication rights;
• Do not use logos, symbols, trademarks or other intellectual property rights without the owner's permission;
  
• Do not post messages containing malicious, offensive, indecent, vulgar, defamatory, hateful, threatening, obscene or any other content that may harm other members of the social network or third parties;
• Do not threaten or intimidate other users.

Zavarovalnica Triglav, d.d. also uses various services or software solutions provided by Google Ireland Limited. When using Google's services, you are bound by their Terms of Service, which are available here.

Places API (terms of use are available here and the privacy policy is available here).

10.4 Links to other websites, applications and services

The websites and mobile applications of Zavarovalnica Triglav, d.d. may contain links to third-party websites or include third-party pages and services. Zavarovalnica Triglav, d.d. is not responsible for the protection of privacy or personal data by third parties, including application providers, operating system providers, wireless service providers, device manufacturers, and others.

If you decide to visit such a link, we are not responsible for the availability of the selected page, mobile applications or other third-party services. Likewise, we do not check third-party websites, their mobile applications or services, and we are not directly or indirectly responsible for their use and content, the collection and processing of any data by the websites, mobile applications or services of these persons. In view of the above, we recommend that before using third-party services or mobile applications, or before entering any of your personal data into them, you familiarise yourself with their privacy policies or privacy statements, which are available either on their websites or when accessing (registering) to such a mobile application.

10.5 Children and personal dat

We do not intentionally collect children's personal data on our websites and in mobile applications, with the exception of participation in prize draws and obtaining image material at events organised by Zavarovalnica Triglav, d.d., where we always strive to collect children's personal data to a reasonable extent. At Zavarovalnica Triglav, d.d., we take special care not to collect, use or disclose the personal data of children under the age of 15 and to ensure that we do not intentionally attract children to the websites and mobile applications of Zavarovalnica Triglav, d.d. We obtain their personal data exclusively through the contact details of their parents or guardians.

When children under the age of 15 participate in an event organised by us, we only obtain and process their images with the prior written consent of their parents or guardians. For children under the age of 15, participation in a prize draw must also be authorised by their parents or guardians, who may, by giving their consent, permit us to process the child's personal data for the purpose of awarding prizes and publishing the details of prize winners. If a child under the age of 15 wins a prize, their parents or guardians will be informed by email, telephone or in writing.

We would also like to draw your attention to the fact that digital social networks have their own terms of use and privacy policies, for which Zavarovalnica Triglav, d.d. is not responsible, and which set a lower minimum age limit for children's participation, generally assuming that all users or persons who like, follow or otherwise engage with a social network are over the age of 13.

In view of the above, and regarding the use of the internet and other information society services, we recommend that you talk to your child about the safe use of the internet and mobile devices in order to avoid the disclosure of children's personal data online and communication with strangers. The following website may also be helpful for parents: https://safe.si/

If personal data is processed at Zavarovalnica Triglav, d.d. based on consent, the individual may at any time temporarily or permanently withdraw their consent to the processing of personal data; likewise, the individual may object to the processing of personal data relating to them for the purpose of direct marketing, or request access, completion, correction, restriction of processing, transfer or deletion of personal data, or lodge an objection against the processing of personal data processed in connection with them, by written request sent to the address: Zavarovalnica Triglav, d.d., Miklošičeva cesta 19, 1000 Ljubljana, or info@triglav.si or using the online forms of Zavarovalnica Triglav, d.d. Your withdrawal is effective from the date it is made and does not affect any processing of your personal data that occurred before your withdrawal.

If you object to the processing of personal data based on our legitimate interests, we will no longer process your personal data unless, in accordance with the General Data Protection Regulation, we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

We would also like to inform you that in the event that you believe that the regulations governing the protection of personal data have been violated, you have the right to lodge a complaint with the Information Commissioner of the Republic of Slovenia, Dunajska cesta 22, 1000 Ljubljana.

If you have any questions regarding this policy, comments or requests for assistance regarding the exercise of your rights related to the processing of your personal data you can contact the Data Protection Officer at Zavarovalnica Triglav, d.d. at the email address: dpo@triglav.si.

Zavarovalnica Triglav, d.d. reserves the right to update this privacy policy from time to time.

Any changes to this privacy policy will take effect on the date of publication on the website www.triglav.si or in the mobile applications of Zavarovalnica Triglav, d.d.

Zavarovalnica Triglav, d.d. recommends that all individuals to whom this policy applies review it regularly.

Continued use of the websites, mobile applications, or services of Zavarovalnica Triglav, d.d. following the publication of changes to the privacy policy will be deemed acceptance of those changes.