Data Protection & Privacy Policy

Data Protection and Privacy Statement

WHO WE ARE

Atlas Insurance PCC Limited and/or any other subsidiaries of Atlas Holdings Limited or any of its daughter companies (hereinafter ‘Atlas’, ‘us’, ‘our’, ‘we’) are the data controllers as defined by relevant data protection laws and regulations. We control and are responsible to keep and use personal data in paper or electronic files.

OUR APPROACH TO PRIVACY

The privacy and security of your personal information is very important to us. We want to assure you that your information will be properly managed and protected whilst in our hands.

THE KIND OF INFORMATION WE HOLD ABOUT YOU

We may collect, store, and process the following categories of personal information about you (“Personal Information”):

  • Basic personal details such as your name, address, e-mail address, telephone number, date of birth or age, gender, marital status, nationality ID Card Number;
  • Additional information about your lifestyle and insurance requirements, such as details of your car, your home, your household or your travel arrangements;
  • Information about your other policies, such as claims history, quotes history, payment history, claims data;
  • Details on your dependants/spouse/partner/family;
  • Information about your current and previous employment and occupation, including salary;
  • Identification document information;
  • Bank account details
  • IP addresses when visiting our webpage without disabling Cookies including related location data;
  • Results of checks relating to prevention of fraud and/or terrorist activities;
  • Your marketing preferences;
  • Signature;
  • We may also collect, store and use the following “special categories” of more sensitive personal information such as health information (for example current state of health, existing conditions, family or personal history in relation to some conditions).

    HOW WE WILL USE INFORMATION ABOUT YOU

    We will only collect and use your personal information when the law allows us to. Most commonly, we will use your Personal Information:

  • for the purpose of preparing quotations, underwriting and administering the insurance proposal and policy;
  • where we need to perform the contract we have entered into with you;
  • where we need to comply with a legal obligation
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and/or
  • for training purposes, to improve our services and their delivery, including by recording telephone calls.
  • We may also use your personal information in the following situations, which are likely to be rare:

  • Where we need to protect your interests (or someone else’s interests).
  • Where it is needed in the public interest (or for official purposes].
  • OUR LEGITIMATE INTEREST TO SEND TIPS ON RISK IMPROVEMENTS AND PREVENTION

    We have a legitimate interest to send information to our insureds that can help improve the risks we are insuring. This may include health related tips for customers who have medical insurance, weather related warnings and risk prevention tips for customers insured for weather related perils, or other such information which may help improve risks and reduce claims to the mutual benefit of the insureds and Atlas.

    In such cases, Insureds are provided with a user-friendly link to unsubscribe to such emails on each and every mailing.

    Our legitimate interest assessment is kept under regular review.

    We will only send you information on our other products, services, special offers and news with your consent.

    IF YOU FAIL TO PROVIDE PERSONAL INFORMATION

    If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations.

    HOW WE USE PARTICULARLY SENSITIVE PERSONAL INFORMATION

    Sensitive Personal Information requires higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:

  • In limited circumstances, with your explicit written consent.
  • Where we need to carry out our legal obligations and in line with this Data Protection and Privacy Statement.
  • Where it is needed in the public interest, such as for equal opportunities monitoring, and in line with this Data Protection and Privacy Statement.
  • Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.
  • Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

    We will not use Personal Information for any other purpose incompatible with the purposes described in this Data Protection and Privacy Statement, unless it is required or authorised by law, authorised by you, or is in your own vital interest (e.g. in the case of a medical emergency).

    HOW WE SHARE YOUR INFORMATION WITHIN THE ATLAS GROUP

    We may share and aggregate information about you from across the Atlas group, including personal information held within the Atlas group relating to other policies held with us, quotes or claims details and depending on your preferences, we may use this information to:

  • help us identify products and services that may be of interest to you, to tailor and package our products and services;
  • to determine pricing and/or offer available discounts; and
  • conduct customer research and develop marketing campaigns.
  • If you request a quote, or purchase a product or service from us, your personal information will be used and shared within the Atlas group for the purposes of administration (including underwriting, determining premiums, managing claims and offering renewals). We will use your information to communicate with you about your quote, product or service.

    We may, as a matter of law, and without requiring notice or consent, use your information for crime and fraud prevention, systems administration within the Atlas group and to monitor and/or enforce Atlas’s compliance with any regulatory rules and codes.

    HOW WE SHARE YOUR INFORMATION OUTSIDE OF THE ATLAS GROUP

    We will ensure that your personal data is processed in a manner that is compatible with the purposes indicated above.
    For the stated purposes, your personal data may be shared with and processed where applicable by:

  • our associated companies, introducers, intermediaries, agents, reinsurers and (in the case of agents within the Atlas group) insurance principals;
  • the policy holder (for a corporate policy); and/or
  • your broker or agent
  • coinsurers
  • for the purposes of administration, including third parties providing services to them.

    Your information may be disclosed when we believe in good faith that the disclosure is required:

  • by law;
  • to protect the safety of our employees, the public or Atlas property;
  • to comply with a judicial proceeding, court order or legal process; or
  • in the event of a merger, asset sale, or other related transaction; or
  • for the prevention or detection of crime (including fraud).
  • In order to prevent and detect fraud we may share your information with regulatory bodies in Malta or if applicable, overseas, as well as with other insurance companies (directly or via shared databases such as the Malta Insurance Fraud Platform), public bodies including the Police and other organisations and may undertake credit or fraud searches with relevant agencies.

    The aim of the Malta Insurance Fraud Platform is to prevent, detect, suppress and/or prosecute insurance fraud and the platform is administered on our behalf by the Malta Insurance Association. You can find out more about the Malta Insurance Fraud Platform by clicking here.

    We may disclose your information to third party suppliers or service providers to conduct our business, including to help administer your policy, to help us manage and store data, provide data analytics, conduct market research and to communicate with you effectively. This may include any online or digital partners we work with, so we, or our online or digital partners on our behalf, can communicate with you through their platforms. This may also include appointed consultants and experts such as motor surveyors, private investigators, lawyers, loss adjustors, medical doctors and other service companies to discharge operations such as claims.

    In addition, depending on your marketing preferences, we may share your information with third parties who help run our marketing campaigns. We do not share personal data with non-affiliates third parties for their own marketing use without your permission.
    We may also share your personal data:

  • in the event of any contemplated or actual reorganisation, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock; and
  • to meet any legal obligation, including to the relevant ombudsman if you make a complaint about the product or service we have provided to you.
  • WHO MAY GIVE US INFORMATION ABOUT YOU?

    For the stated purposes, we may receive personal or sensitive data relating to you or your dependants/ spouse/ partner/ family from third parties such as those listed above or others such as (but not limited to) the ETARS traffic accident database, the Court Judgements database and the Registry of Companies, which are legally entitled to communicate such data and that such data may be processed for the stated purposes.
    We may also record telephone conversations for training, security and quality control purposes. CCTV cameras are in use throughout our premises and branches.

    WHERE WILL MY PERSONAL DATA BE PROCESSED?

    Your personal data may be processed both inside and outside of the European Economic Area (EEA) by the parties specified above, subject always to contractual restrictions regarding confidentiality and security in line with applicable data protection laws and regulations. We will not disclose your personal data to parties who are not authorised to process them.

    SECURITY

    We will take appropriate measures to protect Personal Information and Sensitive Personal Information that are consistent with applicable privacy and data security laws and regulations, including requiring service providers to use appropriate measures to protect the confidentiality and security of Personal Information and Sensitive Personal Information.

    DATA INTEGRITY AND RETENTION

    We will take reasonable steps to ensure that the Personal Information and Sensitive Personal Information processed is reliable for its intended use, and is accurate and complete for carrying out the purposes described in this Notice. We will retain Personal Information and Sensitive Personal Information for the period necessary to fulfil the purposes outlined in this Notice unless a longer retention period is required or permitted by law.

    YOUR RIGHTS

    Where permitted by applicable law or regulation, you have the right to:

  • Access your personal data held about you and to learn the origin of the data, the purposes and ends of the processing, the details of the data controller(s), the data processor(s) and the parties to whom the data may be disclosed;
  • Withdraw your consent at any time where your personal data is processed with your consent e.g. direct marketing;
  • Update or correct your personal data so that it is always accurate;
  • Delete your personal data from our records if it is no longer needed for the purposes indicated above;
  • Restrict the processing of your personal data in certain circumstances, for example where you have contested the accuracy of your personal data, for the period enabling us to verify its accuracy;
  • Obtain your personal data in electronic format for onward transmission by you to another entity without hindrance from Us; and
  • File a complaint with us and/or with the competent data protection supervisory authority (i.e. the Office of the Information and Data Protection Commissioner by clicking here)
  • You may exercise these rights by contacting us by email or by post as follows:
    Atlas Insurance PCC Limited
    Data Protection Officer
    48-50, Ta’ Xbiex Seafront
    Ta’ Xbiex XBX 1021
    Malta
    Email: dpo@atlas.com.mt

    It is important that you include your name, email address and purpose of your request when contacting us. Please note, however, that certain Personal Information and Sensitive Personal Information may be exempt from such access, correction and erasure requests pursuant to applicable data protection laws or other laws and regulations.

    HOW OFTEN DO WE UPDATE THIS DATA PROTECTION NOTICE

    We may revise this Data Protection and Privacy Statement from time to time, and will post the most current version on our website. If a revision meaningfully reduces your rights, we will notify you

    WHAT ARE COOKIES?

    Cookies are small pieces of data sent from a website and stored in your web browser, on your computer, ready for future access. On subsequent visits to a webpage these cookies can be read by the website server, to notify the website on your previous activity. Cookies allow websites to work more efficiently and provide useful information to the owner of the site.

    HOW DOES ATLAS GROUP USE COOKIES?

    We may collect information that could identify your computer to us (through your IP address) and/ or that tells us about how you use our website. Cookies enable us to quickly confirm your identity and owing to them the use of our services become much easier and more widely available.

    Cookies are used solely with the purpose of personalising a particular user. Cookies can be used on condition that they are accepted by a browser and that they shall not be removed from the storage media. Users who removed cookies from their storage media or have not accepted them on their browser may not have access to products or services offered on our site. We do not link the information we store in cookies to any personal data you submit while on our site.

    WHAT HAPPENS IF I READ OR DOWNLOAD INFORMATION FROM THE SITE?

    If you read or download information from our site, we automatically collect and store the following non-personal information:

  • the requested web page or download;
  • whether the request was successful or not;
  • the date and time when you accessed the site;
  • the Internet address of the website or the domain name of the computer from which you accessed the site;
  • the operating system of the machine running your web browser and the type and version of your web browser.
  • Please note that this information is strictly for the purpose of gathering usage of statistics for www.atlas.com.mt and www.atlaspcc.eu and it is not shared, leased, or sold in any manner to any other organisation.

    This Data Protection and Privacy Statement was last updated on 27/06/2018.