WHO WE ARE Elmo Insurance Limited (C-3500) of Elmo, Abate Rigord Street, Ta’ Xbiex, XBX 1111, Malta (“We/Us/Our”) is the data controller in relation to personal information which We hold about You (“Personal Data”). Queries relating to data protection matters may be referred to Our Data Protection Officer at: The Data Protection Officer, Elmo Insurance Limited, Abate Rigord Street, Ta’ Xbiex, XBX 1111, Malta or at: dpo@elmoinsurance.com.
OUR COMMITMENT We highly value the trust that You place in Us and We are committed to protect the security of Your Personal Data and to ensure that Your rights according to data protection Law are safeguarded.
INFORMATION WE HOLD ABOUT YOU As data controllers, We may collect, store and use the following categories of Personal p>
a. Basic Personal Data, such as: Your name and surname; identification document details; dateof birth; mail address; contact details; banking details; occupation and signature;
b. Information about Your insurance requirements, such as: details about the subject matter to be insured and details about persons to be covered by Our insurance products;
c. Additional information, such as: accident, loss or claims history;creditworthiness; no claims bonus; insurance history (including: previous special underwriting conditions imposed and decline of cover); annual income and matters relating to the prevention, detection and/or suppression of fraud, money laundering and terrorism and Your marketing preferences;
We may also collect, store and use the following “special categories” of more sensitive Personal Data, such as: current and past health information; pre-existing health conditions or injuries; medication; medical treatment; surgical procedures; hereditary disease, illness or condition; and smoking or drug abuse history.
HOW WE WILL PROCESS INFORMATION ABOUT YOU We will only process Your Personal Data when the Law allows Us to. Most commonly, We will use Your Personal Data in the following circumstances:
a. Where We need to perform the contract which We have entered with You;
b. Where We need to comply with a legal obligation; and
c. Where it is necessary for Our legitimate interests, or those of third parties, provided that such legitimate interests are not overridden by Your interests or fundamental rights and freedoms which require the protection of Personal Data.
We may also process Your Personal Data in the following situations, which are likely to be rare:
a. Where We need to protect Your vital interests or the vital interests of another person;
b. Where it is required in the public interest or for official purposes.
IF YOU FAIL TO PROVIDE PERSONAL DATA If You fail to provide certain Personal Data when requested, We may not be able to perform the contract We have entered with You or We may be prevented from complying with Our legal obligations.
HOW WE USE PARTICULARLY SENSITIVE PERSONAL DATA Special categories of Personal Data require higher levels of protection. We need to have further justification for collecting, storing and using this type of Personal Data. We may process special categories of Personal Data in the following circumstances:
a. In limited circumstances, with Your explicit written consent;
b. Where We need to carry out Our legal obligations;
c. Where it is needed in the public interest;
d. Where it is needed to assess Your working capacity on health grounds, subject to appropriate confidentiality safeguards;
e. Where it is needed in relation to the exercise or defence of legal claims.
Less commonly, We may need to process sensitive Personal Data where it is needed to protect Your vital interests or the vital interests of other persons and You are not capable of providing consent or where You have already made the information public.
We will not use Personal Data for any other purpose which is incompatible with the purposes described in this Notice, unless such use is required or authorised by Law, authorised by You or is in Your own vital interest (such as in the case of medical emergency).
HOW WE MAY SHARE YOUR PERSONAL DATA We may share Your Personal Data within Our different departments, Our affiliated companies and Our service providers, including assistance and road assistance service providers. This is generally required for the performance of Our contract with You; in order to identify products which may be of interest to You; for pricing and underwriting purposes; for marketing purposes; and for claims management purposes. Moreover, We may share Your Personal Data to prevent, detect and/or suppress fraud and in order to be able to comply with Our legal obligations.
We may also share Your Personal Data with third parties, including: insurance undertakings;insurance intermediaries; reinsurers; medical professionals; legal professionals; hospitals and clinics; surveyors, architects, loss adjustors and other appointed experts in the course of underwriting or claims management processes; Transport Malta; the Malta Insurance Association; credit referencing agencies; the Commissioner of Police, the Financial Intelligence Analysis Unit (FIAU), tax authorities and any other body, institution or authority which is authorised to receive Your Personal Data from us according to Law. This is generally required for the performance of Our contract with You, to prevent, detect or suppress fraud, money laundering and terrorism, to exercise or defend legal claims, and to comply with Our legal obligations. Additionally, in limited circumstances, Your Personal Data may be made accessible to third party service providers for IT system testing and maintenance purposes, and for insurance audit and actuarial purposes. We are a member of the Malta Association of Credit Management (‘MACM’). If You fail to settle any amounts which are due to Us, We have a right to pass on information about You and about the amounts owed by You to Us to MACM as well as to any legally entitled third party. Where such a disclosure is carried out, MACM, as a Credit Referencing Agency, shall be deemed to be a Data Controller of the personal data it processes within its systems, in pursuance of its legitimate interests, such as promoting responsible lending, amongst others. For more info please visit https://www.macm.org.mt/dataprotection. Data Protection queries concerning MACM may be referred to its Data Protection Officer at dataprotectionofficer@macm.org.mt In all cases, the sharing of Your Personal Data is made subject to appropriate confidentiality safeguards.
TRANSFER OF PERSONAL DATA OUTSIDE MALTA We may share Your Personal Data with third parties established both within and outside the European Economic Area, subject to observance with all confidentiality safeguards applicable according to Law.
HOW WE MAY OBTAIN PERSONAL DATA ABOUT YOU Apart from the Personal Data which You provide Us with, We may obtain Personal Data about You from third parties to prevent, detect or suppress insurance fraud, money laundering and terrorism; to exercise or defend legal claims; and to safeguard Our legitimate expectations in so far as this is permitted by Law. In particular, We may receive Personal Data about You from third parties who we may share Personal Data with according to this Notice; the ETARS traffic accident database; the Court Registry Database (LECAM); the Public Registry; the Registry of Companies and other entities which have authority to disclose Personal Data to Us. We may also record telephone conversations for quality and assurance purposes. Our head office and branches are equipped with CCTV cameras for security purposes.
SECURITY We will take appropriate measures to protect Personal Data and sensitive Personal Data, which are consistent with the applicable privacy and data security Law and regulations, including requiring third party service providers to use appropriate measures to protect the confidentiality and security of Personal Data and sensitive Personal Data.
DATA INTEGRITY AND RETENTION We will take reasonable steps to ensure that Personal Data and sensitive Personal Data processed by Us, is reliable for its intended use and is accurate and complete for carrying out the purposes described in this Notice. We will retain Personal Data and sensitive Personal Data for the period necessary to fulfil the purposes outlined in this Notice, unless a longer retention period is required or permitted by Law.
YOUR RIGHTS You have the right to object at any time to the processing of Your Personal Data. You can exercise this right by contacting Our Data Protection Officer. You also have the right to access Your Personal Data and sensitive Personal Data, the right to correct inaccurate Personal Data and sensitive Personal Data, the right to erase Your Personal Data and sensitive Personal Data in certain circumstances and the right to receive the Personal Data and sensitive Personal Data which You have provided to Us in a structured, commonly used and machine-readable format for onward transmission by You to another entity, without hindrance from Us. If You wish to exercise any of these rights, please contact Our Data Protection Officer. Please note however that, certain Personal Data and sensitive Personal Data may be exempt from such access, correction and/or erasure pursuant to the applicable data protection Law or other legislation and regulations.
As part of the provision of Your insurance contract, We may use automated decision making, including profiling, subject to appropriate safeguards to protect Your rights and freedoms and legitimate interests. You have the right to request human intervention to express Your point of view and to contest automated decisions.
You can also file a complaint on data protection matters with the Office of the Information and Data Protection Commissioner by following this link:https://www.reportbreachidpc.com/Complaint/