Personal data privacy policy

Personal data protection (policy)

General productions:

The current personal data protection policy of ZB "Corporex Bulgaria" EOOD is applied and based on the requirements and principles for the protection of personal data adopted by Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (Regulation (EU)2016/679 or General Data Protection Regulation).

"Corporex Bulgaria" EOOD is a licensed insurance broker with Certificate from the Financial Supervision Authority No.  762-ЗБ/30.06.2021 EIK 204774857, with registered office and management address: Sofia, Mladost 4, Okolovrasten Path 257, fl. 2, and is a personal data controller within the meaning of Regulation (EU)2016/679 and the Personal Data Protection Act.

In "Corporex Bulgaria" EOOD, a Personal Data Protection Officer meeting the requirements of the General Regulation for the Protection of Personal Data has been appointed with contact details: e-mail: hq@corporexbg.com

Corporex Bulgaria EOOD uses the websitewww.insurance.bgfor the online sale and request of insurance products in accordance with the Insurance Code, the Law on the provision of remote financial services and all other applicable Bulgarian and European regulations.

Definitions

Personal Data means any information relating to an identified natural person or an identifiable natural person ("data subject“); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by an identifier such as a name, an identification number, location data, an online identifier or by one or more characteristics specific to the physical, physiological, genetic, mental, mental, economic, cultural or social identity ofthat natural person;

Processing means any operation or set of operations performed on personal data or a set of personal data by automatic or other means such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or any other way in which the data is made available, arrangement or combination, restriction, erasure or destruction;

A personal data registry means any structured set of personal data that is accessed according to certain criteria, whether centralized, decentralized or distributed according to a functional or geographical principle.

An administrator is any natural or legal person, public body, agency or other structure that alone or jointly with others determines the purposes and means of processing personal data;when the purposes and means of this processing are determined by the law of the EU or the law of the Republic of Bulgaria, the administrator or the special criteria for its determination may be established in the law of the European Union or in the law of the Republic of Bulgaria;

Data subject –is a natural person who is identified or who can be identified based on certain information representing personal data directly or indirectly;

(f) Legitimate interest of "Corporex Bulgaria" EOOD or of a third party, when the same have priority over the interests or fundamental rights and freedoms of the data subject /client/, for example for the purpose of preventing crimes and other lawful purposes.

Corporex Bulgaria EOOD recognizes the inviolability of the personality of natural persons and makes efforts to protect against the unlawful processing of personal data of natural persons.In accordance with the current legislation, the insurance broker implements the relevant technical and organizational measures to protect the personal data of individuals.

Personal data protection policy

This personal data protection policy of Corporex Bulgaria Ltd. aims to inform users about the purposes and grounds for processing personal data, the rights of data subjects, the categories of recipients to whom the data may be disclosed, the mandatory or voluntary nature of providing the data, information on the right of access and the right to correct the collected data, in accordance with the requirements of the Personal Data Protection Act.

Processing of personal data

"Corporex Bulgaria" EOOD, as the administrator of personal data, processes them in a way that guarantees an appropriate level of security, including protection against unauthorized or illegal processing and against accidental loss, destruction or damage, applying appropriate technical and/or organizational measures in compliance with the following principles:

• Lawful, fair and transparent processing of personal data with respect to the data subject (lawfulness, good faith and transparency)
• The data is collected for specific, legitimate purposes and is not processed in a manner incompatible with these purposes ("appropriateness of personal data processing and purpose limitation")
• Proportionality and limitation of personal data processing in relation to the purposes for which the data are processed ("data minimization");
• Accuracy and timeliness of personal data processing.
• Limitation of storage for a period not longer than necessary for the purposes for which the personal data are processed ("storage limitation")
• Processing in a way that ensures an appropriate level of security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, applying appropriate technical or organizational measures ("integrity and confidentiality")

"Corporex Bulgaria" EOODprocesses personal data if:

• the processing is necessary for the performance of a contract with the insurance broker to which the data subject is a party or to take steps at the data subject's request prior to the conclusion of a contract.
• processing is necessary to comply with a legal obligation that applies to the insurance broker in its capacity as a personal data controller.
• the data subject has consented to the processing of his personal data for one or more specific purposes.In cases where personal data is processed solely on the basis of consent, the data subject has the right to withdraw consent at any time.

Corporex Bulgaria EOOD processes personal data independently or by assigning data processors in compliance with the Personal Data Protection Act and the General Regulation on Personal Data Protection.

Exceptions

The insurance broker, as an administrator, does not process personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs, or membership in trade union organizations, as well as the processing of genetic data, biometric data for the sole purpose of identifying the individual, data on the sex life or sexual orientation of the individual, unless the data subject has given his express consent to the processing of these personal data for one or more specific purposes.

For some insurances, such as Health Insurance, health data are required, which are processed in accordance with the Personal Data Protection Act and the General Data Protection Regulation.The data is required according to the provisions of the Insurance Code.

For what purposes we process personal data

Corporex Bulgaria EOOD, as a licensed insurance broker, processes personal data for the purpose of providing insurance mediation in accordance with the Insurance Code.

The provision of personal data by individuals is voluntary.In case of refusal to provide personal data, "Corporex Bulgaria" Ltd. will not provide mediation for the requested insurance product or service or carry out the relevant commercial transaction, insofar as the processing of personal data in the largest volume is in fulfillment of the legally and normatively established obligations of the insurance broker.

The personal data that individuals provide to "Corporex Bulgaria" EOOD when requesting the provision of an insurance brokerage service is processed for the purpose of analyzing whether these individuals meet the conditions for the provision of this product or service, as well as for the purpose of proper identification of the parties to the commercial transactions carried out in fulfillment of legally and normatively established obligations for the insurance broker.

The processing of personal data is most often in fulfillment of legally established obligations of the insurance broker, resulting from legal requirements regulating insurance and other accompanying commercial activities, financial accounting activities, activities for the prevention of money laundering and financing of terrorism, health and social security activities, human resources management activities, etc.

Apart from the described cases, processing of personal data of data subjects is permissible in the presence of a Legitimate interest of "Corporex Bulgaria" EOOD or of a third party, when the same have priority over the interests or fundamental rights and freedoms of the data subject /client/, for example for the purpose of preventing crimes and other lawful purposes.

Subjects' personal data is stored for the duration of our contractual relationship and for the statutory period of 5 years after its termination, in accordance with the requirements of applicable special laws.

What personal data we collect

Corporex Bulgaria EOOD collects the following types of personal data:

• Personal identification data - names, social security number, date of birth, data from an identity document, phone number, email address.This data is necessary to comply with the requirements of the Insurance Code and the Anti-Money Laundering Measures Act, which require us to identify you.Also, the data is necessary for concluding an insurance policy.
• Data on your social status - for some types of insurance, data related to marital status and social status are required in order to determine the client's needs in accordance with the Insurance Code.
• Special categories of personal data - for some types of insurance, such as Health Insurance, information about your health is required.If you provide one, we will process it fully in accordance with the provisions of the Personal Data Protection Act and EU Regulation 2016/679.
• For some additional services, such as various checks in public registers related to motor vehicles and/or information on the validity of civil liability insurance, road accidents, traffic fines, etc.the customer is required to provide the requested personal data and consent to our use for this purpose.
• For direct marketing purposes, we will require express consent for this purpose, which can be withdrawn by the customer at any time.

When we may disclose personal data to third parties

Corporex Bulgaria EOOD may disclose personal data to:

• Government bodies that have a legal basis to receive personal data
• Insurers whose personal data is necessary in connection with pre-contractual relations or fulfillment of legal requirements
• Providers of information systems, companies providing legal services, couriers and others who are necessary for the functioning of the processes and service in the broker

Cookies

A "cookie" is a small amount of data that a website stores on your computer or mobile device

visitor's device.

On our website www.insurance.bg we use "cookies" in connection with its functioning, as well as to collect statistical data for the purpose of analysis, for which we use Google Analytics and Google Search Console.

The cookies used serve to distinguish between users and sessions, to determine new sessions, to submit requests, to store the source of traffic and how the site was reached.

By setting your browser accordingly, you can always disable both our cookies and third-party cookies.In this case, it is possible to lose part of the functionality of some of the services on the site.

User rights

▪ Right to be informed (in connection with the processing of the data subject's personal data by the insurance broker – the natural person who is the data subject has the right to receive information* about "Corporex Bulgaria" EOOD as a personal data controller, as well as about the processing of his personal data. This information includes: data identifying the insurance broker as well as his contact details, including the contact details of the data protection officer; The purposes and legal basis forprocessing;

The recipients or categories of recipients of the personal data, if any;The controller's intention to transfer the personal data to a third party/third country (when applicable);The period of storage of personal data;The existence of automated decision-making, including profiling (if any);Information about any rights that the data subject has;The right to appeal to the supervisory authority.*Specified information is not provided if the data subject already has it.

▪ Right of access to his own personal data – the data subject has the right to receive from the insurance broker confirmation as to whether personal data related to him is being processed and, if so, to obtain access to the data and the following information: Purpose of processing;

The relevant categories of personal data;The recipients or categories of recipients of the personal data, if any;The controller's intention to transfer the personal data to a third party (where applicable);The period of storage of personal data;Existence of the right to correct personal data, as well as the right to object to the processing of personal data;The existence of automated decision-making, including profiling (if any);Information about any rights that the data subject has;The right to appeal to the supervisory authority.

▪ Right to correct personal data (if the data is inaccurate) – the data subject has the right to request the insurance broker to correct inaccurate personal data related to him without undue delay.

▪ Right to deletion of personal data ("right to be forgotten") –The data subject may ask the insurance broker for erasure if one of the following conditions is met:

o Personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

o The data subject withdraws his consent, which is the only basis for the processing of the data and there is no other legal basis for the processing /processing pursuant to a legal obligation, concluded contract/;

o The data subject objects to the processing and there are no overriding legal grounds for the processing;

o Personal data has been processed unlawfully;

o Personal data must be deleted in order to comply with a legal obligation under the law of the European Union or the law of the Republic of Bulgaria, which applies to the insurance broker in its capacity as an administrator;

o Personal data has been collected in connection with the provision of information society services to children and consent has been given by the holder of parental responsibility for the child.

▪ The right to limit the processing by the Broker or the processor of personal data - for the possibility of using this right, specific conditions are necessary, such as:

o The relevance of the personal data is contested by the data subject.In this case, the limitation of processing is for a period that allows the insurance broker to check the accuracy of the personal data;

o The processing is unlawful, but the data subject does not wish the personal data to be deleted, but instead requests the restriction of its use;

o The insurance broker no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defense of legal claims;

o The data subject has objected to the processing pending verification of whether the insurance broker's legitimate grounds prevail over the interests of the data subject.

• Right to portability of personal data between individual administrators –the data subject has the right to receive the personal data concerning him and which he has provided to the insurance broker in a structured, widely used and machine-readable format and has the right to transfer such data to another controller without hindrance from the insurance broker to whom the personal data have been provided, when the processing is based on consent or a contractual obligation and the processing is carried out in an automated manner.When exercising the right to data portability, the data subject has the right to also obtain a direct transfer of the personal data from the insurance broker to another administrator, where this is technically feasible.
• Right to object to the processing of their personal data, data subjects have the right to object to the insurance broker against the processing of their personal data, and the broker will terminate the processing, unless it proves that there are compelling legal grounds for the processing that override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.In case of objection to the processing of personal data for the purposes of direct marketing, the insurance broker will stop the processing immediately.
• The data subject also has the right not to be subject to a decision based solely on automated processing, including profiling, which gives rise to legal consequences for the data subject or similarly significantly affects him;
• Right to judicial or administrative protection, in the event that the data subject's rights have been violated - if the data subject considers that his right to personal data protection and privacy has been violated, he can file a complaint with the relevant supervisory authority - Commission for the Protection of Personal Data or seek his rights in court.

Procedure for exercising consumer rights

When exercising their right of access, natural persons have the right at any time to request from "Corporex Bulgaria" EOOD:

• confirmation of whether data relating to them is processed by the insurance broker, what are the purposes of the processing, the categories of data and the recipients of this data or the categories of recipients to whom the data is disclosed;
• The broker to send them a message to them in an understandable form, containing the personal data being processed and any available information about the source of this data;
• information about the logic of any automated processing of personal data relating to natural persons, at least in the case of automated decisions under the General Regulation on the Protection of Personal Data and the Law on the Protection of Personal Data;

The above information is provided free of charge.

Individuals have the right at any time to ask Corporex Bulgaria EOOD to:

• delete, correct or block their personal data, the processing of which does not meet the requirements of current legislation
• the insurance broker to notify the third parties to whom the personal data of the individuals were disclosed about any deletion, correction or blocking, except for cases where this is impossible or related to excessive efforts for the Broker.

Individuals exercise their rights by submitting a written application to the insurance broker.

Submitting the application is free.

When an application is submitted by an authorized person, an express notarized power of attorney is attached to the application.

In case of death of the natural person, his rights are exercised by his heirs, and a certificate of heirs is attached to the application.

The application is considered and the insurance broker makes a decision within 14 days, and when a longer period is needed in order to collect data and information, the request is considered and the broker makes a decision within 1 month of receiving the request.

If necessary, this period can be extended by another two months.

The broker informs the data subject of any such extension within 1 month of receiving the request, indicating the reasons for the delay.

When the data subject submits a request by electronic means, the information shall be provided by electronic means whenever possible, unless the data subject has requested otherwise.

The insurance broker provides an answer to the applicant, taking into account the applicant's preferred form of providing information/orally or in writing - on paper or electronically/.

When the data does not exist or its provision is prohibited by law, the requester is denied access to it.

In the event that the applicant is not satisfied with the answer received and/or considers that his rights related to the protection of personal data have been violated, the applicant has the right to exercise his right of protection.

To contact the Commission for the Protection of Personal Data:

Sofia 1592, "Prof. Tsvetan Lazarov" Blvd. No. 2

Email: kzld@cpdp.bg

Website: www.cpdp.bg

Comments

When visitors leave comments on the site, we collect the data displayed on the comment form, as well as the visitor's IP address and user browser ID to help detect spam.

An anonymous string based on your email address (also called a "hash") may be provided to the Gravatar service to verify that you are using it.Gravatar's privacy policy is here: https://automattic.com/privacy/.Once your comment is approved, your profile picture will be publicly visible to it.

Files

If you upload images to the site, you should avoid uploading images with embedded location data (EXIF GPS).Site visitors can download and extract location data from images on the site.

Cookies

If you leave a comment on our site, you can allow your name, email address and website to be saved in cookies.These are for your convenience so you don't have to re-enter your details when leaving another comment.These cookies will be kept for one year.

If you have an account and log in to this site, we will set a temporary cookie to determine if your browser accepts cookies.This cookie contains no personal data and is deleted when you close your browser.

When you log in to your account on the site some more cookies will save your login information and your preferences for what to see on the screen.Login cookies expire after two days and screen preferences after a year.If you choose the remember option, your login information will be kept for two weeks.If you log out of your account, the login cookies will be deleted.

If you edit or publish an article, an additional cookie will be saved in your browser.It won't contain any personal data, it will simply add the ID of the post you just edited.Expires in one day.

Embedded content from other websites

Articles on this site may be embedded (videos, images, content, etc.).Embedded content from other sites treats and treats the site visitor as a visitor to its own site.

These sites may collect data about you, use cookies, embed additional statistics tools from third parties, track how you use these tools including how you consume embedded content if you have an account and are logged in to the site.