Last update: 11th November 2020
The company Colonnade Insurance SA ("Colonnade"), operating in Bulgaria through its branch "Colonnade Insurance SA – Bulgaria branch", is committed to protect the privacy of individuals whose data it receives and processes during its business activities.
"Personal data" is the information identifying your identity or data related to you or other people (such as your family).
- Colonnade Insurance website ("Website");
- software applications that we provide for usage through computers and mobile devices ("Applications");
- Colonnade web portals for social networks; and
- content of other social networking tools or applications (Colonnade "Social Content Network"),
collectively (including our website, applications and content of social network, named below "Colonnade Electronic Services") and in other ways (e.g. your forms with questions or applications; claim forms (notifications); phone calls; e-mails or other means of communication with us, as well as from persons investigating insurance claims; medical professionals; witnesses or other third parties related to the business relationship between us).
1. Who should you contact regarding your personal data
If you have questions on your personal data usage, you may send an inquiry to the following email address: email@example.com or write us at: Customer Service Department, Colonnade Insurance SA - Bulgaria branch, 51B Cherni vrah blvd., entr. B, fl.2, FairPlay Business Center, Sofia 1407, Bulgaria.
2. The Personal data we collect
Depending on your relationship with us (for example, as a policyholder person; an insured or a person entitled to claim, who is not the policyholder; a witness; a commercial/insurance broker/agent or an appointed representative; or other person connected to our work), the received personal data for you and for your family may include:
- Basic identifying information or contact information:
Your name; address; email and phone number; gender; marital status; date and place of birth; passwords (including passwords for access to our systems); education; physical characteristic data; data for certain activities (such as information about your experience history as a driver); photos; employment information; skills and experience; professional licenses and memberships; relationship with the policyholder, the insured or the person entitled to claim; date and cause of death, injury or disability.
- Identification numbers issued by government bodies or agencies:
Personal identification number (PIN); personal number of foreigner (PNF); number of identity document; number of the military's document; driver's license number or number of another documents; copy of identification document or of another identity document.
- Financial information and bank account details:
Payment card number; bank account number and similar bank account information ; credit history and credit rating, assets; income and other financial information.
- Medical condition and health status:
Current or previous physical and/or mental condition; health status; information about injuries or disability; medical treatments; personal habits (e.g., smoking and/or consumption of alcohol); information about prescriptions you use or have used and medical history.
- Another sensitive information:
In certain cases, we may receive sensitive information about your membership in trade unions, religious organizations, political opinions, family medical history or genetic information (for example, if you apply for insurance through a third party which is our marketing partner that can be commercial, religious or political organization). Also, we may obtain information about your criminal record or lawsuits in civil matters during procedures for preventing, detecting and investigating fraud. Also, we could get sensitive information that you voluntarily provide to us or you have provided it to medical and healthcare institutions (e.g. as expressed preferences about medical treatments that are based on your religious beliefs).
- Phone records:
Recordings of telephone calls to our representatives and call centers for customer service; and when these conversations are recorded.
- Prevention and investigation of crimes, including fraud and money laundering:
For example, we may be required to provide certain information to the law enforcement authorities.
- Information that allows us to provide certain products and services:
Location and identification of insured property (e.g., address of the property; registration number of the vehicle or other identification numbers); information concerning travel arrangements (including reservation number); age categories of the people you want to insure; policy and claims numbers; details of insurance coverage/risks; causes of loss; previous accidents or losses; your status as director or partner, or information for other ownership or management position in another company; and other insurance policies that you have.
- Marketing preferences and customer feedback:
You may inform us about your marketing preferences, to participate in contests or lottery or other sales promotions, or to complete a voluntary survey for the level of your satisfaction as a customer. It is also possible to contact you in order to obtain feedback for the services we provide or to hear your opinion about the new offered services. However, we would like to inform you that we will seek to contact you for marketing purposes, in order to protect your interests and to raise the level of our service provided to you.
- Profile in social network and information from Applications:
We may receive certain personal data about you when you use our Applications or Social Network Content, including your profile username in the social network, profile picture and other personal information that you provide to us. In case you choose to connect your existing social network profile with your profile(s)/account(s) in the Colonnade Electronic Services, your personal data from that profile will be transferred into your Colonnade profile which may include personal data, such as part of your social network profile or profiles of your friends.
3. How we use the personal data
We use personal data in order to:
- communicate with you and other people as part of our business;
- decide whether to enter into certain insurance contract and to provide assistance services, including assessment, processing and settlement of claims in case there are disputes;
- evaluate your solvency and to process the payment of insurance premiums and other payments;
- provide improved quality of our service, training and security (e.g. in respect of recorded and reviewed telephone calls with you);
- provide prevention, detection and investigation of crimes, including fraud and money laundering, analysis and management of the risk;
- conduct marketing research and analysis, including surveys on the customer satisfaction level;
- provide you with marketing information in accordance with your expressed preferences (including information about other products and services offered by certain third parties partners);
- personalize Colonnade Electronic Services interface by providing you information and advertisements especially related to your interests;
- ensure your identification during your correspondence through the Colonnade Electronic Services;
- allow you to participate in contests, games and similar promotions and to manage those activities. Some of these activities have additional conditions that contain additional information about how we use and disclose your personal data, so please read them carefully.;
- improve the usage of the sharing functionalities in the social networks;
- manage our infrastructure and business activities and to observe our internal policies and procedures, including these related to audit, finance and accounting, invoicing and collection of payments, IT systems, data hosting and websites, business continuity and management reports, documentation and printed copies;
- settle complaints and requests for data access or data correction ;
- be compliant with applicable laws and legal obligations, including the laws of other countries (for example measures against money laundering and financing of terrorism or protection of personal data), with the law procedures and in accordance with the requests from the governmental and public authorities, including these outside of the Republic of Bulgaria;
- establish and to protect our legal rights, our operations, confidentiality, safety and property of our and/or other companies (part of our group, our insurance business partners, yours or others), and seeking court redress or limiting our damages.
We may use automated decision processes based on the data provided by the customer (e.g., insured, claimant) and using customer profiling. Our algorithms take into accounts a variety of factors such as customer demographics (e.g., age), current risk trends related to specific insurance coverages, claim history, and others. These automated processes can be used in the following contexts:
1) assessment of insurance risk, which may affect the scope of the offered product, the amount of premium or the refusal to conclude an insurance contract;
2) payment of compensation in certain types of claims, with regards to their approval and amount of indemnity paid;
3) compliance with international sanctions, which may affect the possibility of concluding an insurance contract or payments of claims.
The customer, and any other data subject, has the right, among others, to contact us and to require a justification for an automated decision or to challenge such a decision.
4. Provision of personal data in other countries
Given the global scale of our business, for the purposes set above, we may provide personal data to the persons located in other countries (for example Canada, United States of America and other countries that may have different legal regime of information protection than the country you reside). For example, we can provide personal information in order to process claims on international travel insurance and provide urgent medical assistance while you are abroad. We can provide information internationally to our group companies, service providers, business partners and governments or public authorities.
5. Sharing personal data
Colonnade may provide personal data to:
- Our group
For the purposes of our business, recruitment and marketing goals, the Bulgarian branch of Colonnade may provide personal data to other branches of Colonnade Insurance SA (a joint stock company, registered in Grand Duchy of Luxembourg) or to its group companies. You can receive a list of the Colonnade group companies, that can have access to your personal data by following the instructions of this policy. Colonnade is responsible for the management and the security of jointly processed personal information. The access to personal data within the group is limited and used only by people, with granted access to such information for the company business operations purposes only, including marketing purposes.
- Other parties such as insurers and intermediaries
During marketing activities, the insurance contracts provision and claims processing, Colonnade may provide personal data to third parties such as other insurers, reinsurers, insurance/reinsurance agents and other intermediaries or agents, appointed representatives, distributors, marketing partners and financial institutions, securities trading companies and other business partners. This provision of personal data is most often necessary in connection with the provided insurance services to you and it is in protection of your rights under the insurance contracts.
- Our service providers
Third parties - external service providers, such as medical professionals; accountants; actuaries; auditors; experts; attorneys and other external professional consultants; medical and travel assistance service providers; service providers related to customers call centers; IT systems; hosting and support providers; printing, advertising, marketing and market research and analysis providers; banks and financial institutions that serve our accounts; third parties responsible for claims management or business documents management insurance investigators and expert witnesses; construction consultants; engineers; investigators; court consultants; translators; and other such third parties as merchants and outsourcing providers assisting to carry out our business.
- Recipients of information shared in social network
- State authorities and third parties involved in lawsuits
Colonnade may also provide personal data to the government; other public institutions (including, but not only, to the commissions for employees compensations, law enforcement, tax authorities and investigating crimes bodies) and third parties involved in civil litigation, their accountants, auditors, lawyers and other advisers and representatives, that we believe it is necessary to share in order to: (a) be compliant with the applicable law, (b) be compliant with the applicable procedures, (c) fulfill the requirements of the public authorities, including public and government authorities outside the Republic of Bulgaria (d) implement and enforce our terms, (e) protect our business or the business of our group companies, (f) protection of our rights, confidentiality, safety or property and/or those of our group of companies, yours or of the others, and (g) seeking redress or limiting our damages.
- Other third countries
We may provide personal data to recipients of payments; authorities providing help in an emergency situation (a fire, police and emergency medical services); retailers; medical networks, organizations and providers; carriers when traveling; credit bureaus; credit reporting agencies and other persons involved in accidents that are subject of claims; and also buyers and potential buyers or other parties in a real or proposed process of reorganization, merger, sale, joint venture, assignment, transfer or other transaction related to the whole or part of the business assets or shares.
You can share personal information through forums; internet conversations (chat); blogs and other Colonnade Electronic Services, where you can upload information and materials (including, but not limited only to the content of social network). Please note that the information uploaded by you or revealed through these services will become public information and will be available to the visitors and the users of Colonnade Electronic Services and to the public. Because of that, for your own security and safety, we urge you to be very careful when deciding to disclose your personal data or other information using Colonnade Electronic Services.
6. Data protection
Colonnade is taking appropriate technical, physical, legal and organizational measures in accordance with the applicable laws related to confidentiality and data protection. Unfortunately, the data protection cannot be 100 % guaranteed during the Internet data transfers or during the storage in data storage systems. If you have a reason to believe that your data obtained during our relationship is no longer protected (e.g. if you think that the security of your personal data has been compromised or at risk), please notify us immediately. (See the section above "1. Who should you contact regarding your personal data").
When Colonnade provides personal data to a service provider, the service provider is selected very carefully, and we require him to apply the appropriate measures in accordance with the applicable law in order to protect the confidentiality and security of the personal data.
7. Retention of personal data
8. Personal data of other people
9. Marketing preferences
We provide you with the opportunity to inform us about your marketing preferences, including preferences related to the exchanged messages between us. You can also contact us by the email address: firstname.lastname@example.org or by writing to: Customer Service Department of Colonnade Insurance SA – Bulgaria branch, 51B Cherni vrah blvd., entr. B, fl.2, FairPlay Business Center, Sofia 1407, Bulgaria and inform us about your marketing preferences or refuse receiving such messages.
If you no longer wish to receive messages with marketing focus from Colonnade on your email (the principle not to receive such messages from now on): You can cancel receiving such messages by clicking on the link "disallow subscription" (the link you can find in our marketing communication) or by contacting us at the addresses above.
If you no longer wish to receive SMS text messages/phone calls/mail messages from Colonnade hereinafter: You can cancel receiving such communications by contacting us at the addresses above.
If you prefer not to share your personal data from now on with the companies from our group for their marketing purposes: You can indicate your preference by contacting us at the addresses above.
If you prefer not to share your personal data hereinafter with third parties that are our partners for their marketing purposes: You can indicate your preference by contacting us at the addresses above.
We strive fulfilling your request(s) for denial of receiving such communications within a reasonable time period. Please note that if we receive such application as the described above, we will not be able to remove your personal data from the databases already provided to third parties (i.e. those who already have your personal data provided prior to the date we received your request for cancelation). You should keep in mind that if you opt-out receiving marketing communications from us, we will continue to send you important administrative messages from which you cannot opt out.
10. What are your rights concerning the provided personal data
Subject to the Bulgarian and European legislation, including Regulation (EU) 2016/679 EU and the Council (General Data Protection Regulation - GDPR) on the protection of personal data, you can exercise the following rights:
- Right of access to your personal data processed by Colonnade and to get a copy of them;
- Right to request correction or update of your personal data by Colonnade, in case of discrepancies findings or occurred changes by sending us an e-mail to email@example.com;
- Right to request your personal data to be blocked or to restrict their processing as per the cases specified by the law and by the Regulation;
- Right to request deletion (i.e. to delete your personal data) in case the conditions for this requirement are in place;
- Right to object to the processing of your personal data for direct marketing purposes by using the link for opt-out placed in each email containing advertising information and sent to you;
- Right to object to the disclosure of your personal data to third parties by logging into your personal profile on our web site and unchecking the box regarding the disclosure of personal data to third parties;
- Right, whenever you wish, to withdraw your consent for processing of your personal data for the purposes for which you have consented (to marketing, for example), by sending an e-mail to firstname.lastname@example.org
- Right to request the portability of your personal data in a structured, machine-readable, commonly used format;
- Right to file a complaint or request for protection of your rights with the Commission for Personal Data Protection (CPDP);
You may exercise all rights at any time during the processing of your personal data.
What does each of the above rights mean?
• Right of access to personal data
This right enables the data subject to obtain information whether Colonnade processes his/her personal data and, if so, to has access to the data and to the following information:
a) the purposes of processing;
b) the relevant categories of personal data;
c) the recipients or categories of recipients to whom personal data are or will be disclosed, in particular, recipients in third countries or international organizations;
d) the estimated storage period of the personal data and, if this is not possible, the criteria used to determine that period;
e) the existence of the right to request the Administrator to correct or to delete personal data or to restrict the processing of personal data, relating to the data subject or to object to such processing;
f) the right to complain to the CPDP;
g) where the personal data are not obtained directly by the data subject, any available information about their alternative source;
h) the existence of automated decision-making, including the profiling.
• Right to correct and delete ("right to be forgotten")
The data subject has the right to request the Administrator to correct inaccurate personal data related to him/her immediately. Given the purposes of the processing, the data subject has the right to complete incomplete personal data by adding a declaration.
The data subject has the right to request the Administrator to delete personal data related to him/her and the Administrator is obliged to delete them immediately, when any of the following circumstances occur:
a) the personal data are no longer needed for the purposes for which they have been collected or processed;
b) the data subject has withdrawn his/her consent on which the data processing is based and there is no other legal basis for the processing;
c) the data subject objects to the processing and there are no legitimate grounds for such processing that can take precedence;
d) the personal data have been unlawfully processed;
e) the personal data must be deleted in order to comply with the legal obligation under the European Union or/and the Bulgarian laws, applicable to the Administrator;
f) the personal data have been collected with the purpose service provision of information society.
• Right to object
The data subject has the right to object to the processing of his/her personal data, including when the personal data is processed in respect of activities with public interest or in execution of official authority conferred on the Administrator or for reasons related to the legitimate interests of the Administrator or third party.
The right to object is also present when personal data are processed for the purposes of direct marketing and profiling.
• Right to portability
The data subject is entitled to receive personal data concerning him/her in a structured, widely used and machine-readable format from the Administrator and has the right to transfer these data to another Administrator without any obstacles from the previous Administrator, namely when:
a) the processing is based on consent or in fulfillment of a contractual obligation;
b) the processing is carried out in an automated manner.
• Right of complaint or request to Commission for Personal Data Protection (CPDP)
The data subject has the right to refer to the Commission for Personal Data Protection to the address: 1592, Prof. Tsvetan Lazarov ”№ 2, phone number: 02 / 91-53-519.
If you think there is a violation of your rights, you have the right to appeal the actions and acts of the Administrator as per administrative or judicial procedure. The court cannot be appealed if there is a pending case in front of the CPDP for the same breach or CPDP's decision on the same breach has been appealed and no court decision has been entered into force in this regard.
11. Other information collected through the Colonnade Electronic Services
"Other information" is any information that does not reveal your identity, such as:
- information about your browser and electronic device;
- information related to the use of application;
- information obtained from "cookie" files (cookies); usage of pixel tags and other technologies;
- demographic information and other information provided by you
- aggregated information.
We and our service providers (third parties)can obtain other information in various ways, including other information collected:
- From your web browser or an electronic device: Most websites and electronic devices automatically collect certain information such as your IP address (i.e. the address of your computer on the Internet); your screen resolution; the type of your operating system (Windows or Mac) and version; the manufacturer of your electronic device and its model; the language that you are using; the type and the version of your web browser; the time you are visiting the site(s); the name and the version of the Colonnade Electronic Services you use (such as specific Application). We use this information to ensure proper functioning of the Colonnade Electronic Services.
- From used application: When you download and use an Application, we and our service providers can track and collect data related to the usage of the Application, such as date and time when your electronic device was connected to our server; what information and files were downloaded in the Application, based on the phone number of your device.
- Use of "cookie” files (“cookies"): "Cookies" are small text files that are saved on your computer when you visit our website. If you have access to this website at some point, your browser sends back the contents of "cookies" on the relevant provider and thus allows re-identification of the terminal. Reading "cookies" allow us to design our website optimal for you and makes it easy to use.
Below is a description of possible "cookie" files that we use on our Bulgarian website, what is their purpose, what data we collect and how we use them.
- "Cookie” for geographical positioning (Geo Location “cookie”) - When a user visits one of our websites for the first time, we read his/her location from his/her IP address and use this information to assume the website of which country the user would like to visit. But this method is not completely accurate, so when the user chooses to visit the website of certain country, we use “cookie” files to save this information and the language chosen to review the website. The next time the user visits the website, we read the "cookie" files and provide access to the website visited by the user last time. This is done in order to provide convenience and the users do not have to re-choose the website they want to explore. When using "cookie" files we do not collect or use personal data.
- Site Catalyst “cookie” (by Adobe) - This file allows the collection and analysis of data about how users reach our website and how they work with it, including what products they look for, content reviewed and the steps leading to making a sale or not making a sale. We use this aggregated information to tailor our websites so they better serve the needs and interests of our customers and to provide more relevant and useful information to the customers. "Cookie" files are stored only temporarily on the visitor's computer. These files do not collect and use personal data. They write anonymous code that serves to authenticate users and this code "follows" the user during his navigation through our website.
- Analytical "cookie" - The analytical "cookie" is used to record user behavior (e.g. clicking on advertising banners, entered search queries) and to evaluate the user’s actions statistically.
- Advertising "cookie" - We also use "cookie" for advertising purposes. The profiles of user behavior created with the help of such "cookies" (e.g. clicking on advertising banners, visited subpages, search queries entered) is used by Colonnade to show you advertisements or offers that are tailored to your interests (“advertising based on individuals interest ").
- Advertising "cookie" to third parties - We also allow other companies to evaluate data of our customers by advertising "cookies". This allows us and third parties to show users of our website ads based on interests, shown after the analysis of their behavior (e.g. clicks on advertising banners, visited subpages, search queries entered) and it is not limited to our online offers.
- Forwarding „Cookie“- Our referral partners set cookies on your computer ("forwarding cookie") if you have reached our website through advertising by the affiliate. These cookies usually lose their validity after 30 days. If you visit certain pages we host and the cookie has not yet expired, we and the respective partner may see that the specific user has clicked on the ad and has been redirected to our page. The information collected through the forwarding cookie is used to generate referral statistics and to determine the total number of users, clicked on the ad and directed to a page that is provided with a referral tracking tag.
- DoubleClick “cookie” – We put "cookie" files to track pixels of the visitor’s computers for the purposes of our website banner ads. We use these files, so we know if that user has visited our website before and then to show him appropriate banner ad on a website of our partner network. No personal data are collected by this "cookie". One of the advertising companies that we use is Google Inc. For more information about DoubleClick “cookies” or to opt-out of this type of files, please visit: http://www.google.com/privacy/ads/.
- Affiliate “cookie” – We use "cookie" files to track pixels that are placed on a visitor's computer and to gather information for identification of the transaction (they show which is the affiliate website the user came from and record the time and the date). This allows our affiliate network to track sales and to ensure that a sale of our products is due to particular partner. This process does not include transfer of personal data.
- Deactivating and deleting "cookies"
You can request a waiver of receiving "cookie" files via your browser settings. But if you do not accept the use of these "cookies", you may experience some inconvenience when using Colonnade Electronic Services and some online products.
- Use of pixel tags, web warning alerts, transparent .gif images and other related technologies: In regard to some of the Colonnade Electronic Services, with email messages in .html format to track the actions of the Colonnade Electronic Services users and email recipients, other methods may be used to measure the success of our marketing campaigns and to collect statistics on the usage of the Colonnade Electronic Services and the frequency of responses.
We use Adobe's Omniture analytics services, which use "cookies" and web signals to alert and to help us to understand more about how the site is used by the visitors so we can improve it. Adobe has no right to use the information we provide to him beyond the necessary one to provide assistance. For more information on Adobe's Omniture service, including how to opt-out, visit: http://www.omniture.com/privacy/policy#optout.
- From Location: Depending on the applicable law, we may collect location information about your electronic device (for example, by using a satellite, cellular telecommunication network or Wi-Fi signals). We may use the location of your device to provide you personalized services and information tailored to your location. Depending on your marketing preferences that you have stated to us or by the applicable law, we may also provide information about the location of your device, along with information about the advertising messages you have seen and other information, that we have collected for our marketing partners, enabling them to provide you with much more specialized information and research on the outcome of their advertising campaigns. In certain cases, you may allow or prohibit such use and/or provision of location information on your device, but if you choose to prohibit such use and/or provision, the provision of relevant personalized services and information by us and/or our marketing partners might become impossible.
- From you: Some of the information (such as your location or preferred method of communication) is obtained as you voluntarily provide it to us. Unless it is combined with personally identifiable information, this information does not personally identify you.
- By summarizing information: We can summarize and use certain types of information (for example, we can summarize information to calculate the percentage of users who have a specific area code).
Please note that we may use and disclose this "other information" for any purpose, except where we are not entitled to do so under the applicable law. In cases where we need to treat "Other information" as a personal information (personal data) under the applicable law, in addition to the listed uses in the "Other information we collect" section we may collect, use and disclose this “other information” for all purposes for which we may use and disclose a personal information (personal data).
- Web analysis
We need statistical information about the usage of our web site to make it more accessible, to perform measurements , and to do market researches. To this extent we use the web analytics tools described in this section. The user’s profiles created by these tools, using analytic cookies or by evaluating log files, do not contain personal information. The tools either do not use users' IPs at all or shorten them immediately after they are collected. Providers of these instruments process data only as personal data processors, according to our instructions and not for their own purposes.
Below, you will find information about each tool provider and how you can object to the collection and processing of personal data through the tool.
You should keep in mind that for tools that use opt-out cookies, the opt-out function is associated with the device or browser and is therefore valid for the currently used terminal device or browser. If you are using multiple terminals or browsers, you must select the opt-out feature for each device and each browser used.
In addition, you can generally prevent user profiles from being created by disabling cookies.
12. Third Party Services
Please note that we are not responsible for the policies and practices for collection, use and disclosure of personal information (including policies and procedures for Information Security) of other organizations, such as Facebook®, Twitter®, Apple®, Google®, Microsoft® , RIM / Blackberry® and any other application developer, application provider, social networking platform provider, operating system provider, wireless service provider or electronic device manufacturer, including any personal information you disclose to other organizations or in connection with the Colonnade Electronic Services.
13. Use of the Colonnade Electronic Services by minors
The Colonnade Electronic Services is not directed to anyone under the age of eighteen (18) and we ask such people not to provide personal information through the Colonnade Electronic Services.