For retail

Information on personal data processing

PERSONAL DATA MANAGER

Wiener Städtische Insurance a.d.o. Belgrade (hereinafter: the Company) is the Manager of your personal data under the applicable Law on Personal Data Protection applicable in the territory of the Republic of Serbia. As the Personality Data Manager, the Company determines the purpose of processing of personal data.

  • Address: Trešnjinog cveta 1, 11070 New Belgrade, Republic of Serbia, TIN 102608229, Master registration number 17456598.
  • Contact phone: 0800 200 800, 011 2209 800
  • E-mail address: zastitapodataka@wiener.co.rs

OFFICER APPOINTED TO PROTECT PERSONAL DATA

The Company appointed a Personal Data Protection Officer. You can contact him at the e-mail address: zastitapodataka@wiener.co.rs or at the Company’s previously mentioned address with the note “for the Personal Data Protection Officer.”

THE PURPOSE OF PROCESSING PERSONAL DATA AND THE LEGAL BASIS OF PROCESSING

The types of personal information we process depend on the specific purpose of the processing, of the execution of the specific insurance agreement, or the request you have made to us.

In most cases, the Company processes personal data necessary for identification, such as, for example. name, surname, UMCN [Unique Master Citizens’ Number], address of residence, without which an insurance agreement cannot be executed, and sometimes additional personal information, such as e.g. gender, health status, date of birth, identification document (personal ID no. or passport number).

Some insurance products require processing of specific types/categories of personal information, such as health information.

The Company primarily obtains and collects personal data from those persons to whom the personal data relate as such (when entering into insurance agreements, when filing objections, reporting claims, etc.). In individual cases, the Company does not receive the personal data directly from the persons to whom the personal data relate, but from the insurance contractor who actually enters into the insurance agreements (e.g. if the insurance contractor and the insured person are not the same person).

The following are the purposes for which the Company collects and processes personal information:

  • Entering into/executing insurance agreements:

We process your personal information for the purpose of entering into/executing insurance agreements. The amount of personal information the Company collects depends on the type of insurance agreement you intend to enter into.

The Company collects the information required for risk assessment upon admission to insurance in accordance with the rules of the profession and on the basis of regulations that define insurance and insurance agreements.

In the event that you are not an insurance contractor but have the role of another insurance user, the purpose of collecting your personal information is also to fulfill the obligation of the Company arising from the insurance agreement.

  • Fulfillment of the Company’s legal obligations:

Personal information is also used by the Company to fulfill legal obligations such as, but not limited to, the obligations laid down in regulations regarding taxation, accounting, anti-money laundering and terrorist financing, etc.

  • Legitimate interests of the Data Manager (the Company) and third parties

Personal information is also processed by the Company for the pursuit of legitimate interests, except when those interests will be prevailed by your interests or your fundamental rights and freedoms that require the protection of personal data.

Based on a legitimate interest, the Company will e.g. process your information for the purpose of:

  • prevention of fraud and detection of insurance fraud.

Data processing for this purpose is also recognized by the Company as a legitimate interest of third parties, that is, as a legitimate interest of other insurance companies and reinsurance companies when the Company exchanges data with them for these purposes.

You may object to a legitimate interest based on your particular case at any time. In this case, the Company will no longer process your personal data.

  • Data processing based on consent/approval

Personal information the Company may collect and process for certain purposes based on the consent provided by the person to whom the personal data relate. In such a case, the Company shall inform the person in advance of the purposes of such processing of personal data, seeking prior consent.

An example where the Company seeks consent for processing personal data is direct advertising/direct marketing as well as contacting for promotional and market research purposes. This consent can be obtained from persons who are in a contractual relationship with the Company, as well as from persons who are not (e.g, consents collected at fairs, etc).

Given consent can always be withdrawn, but withdrawing the consent will not affect the legality of the processing that was done based on that consent before it had been withdrawn.

Consent is the voluntary, informed and specific expression of a will by which a person, through a statement or clear affirmative action, gives unambiguous consent to the processing of personal data for a specific purpose.

  • Data processing via the Company’s Internet pages

When using the Company’s website, wiener.co.rs, personal information is collected and processed in two ways. The first way is to enter them in the forms yourself:

  1. Online forms for informative offers and newsletter sign-ups (promotional information)
  2. Web application for customer objections, suggestions and requests
  3. On-line shop: Web shop

Another way is with an aim to improve the customer experience and service as well as with a goal to tailor the Company’s offerings to your needs and interests.

In the event that you have filed an objection through the Company’s website, the personal data you have provided will be kept within the time limit defined in accordance with the provisions of the regulations regulating the handling of objections from users of insurance services.

If you would like to receive the Company Newsletter, you can sign up by entering the email address on the form for receiving it on the Company website. You can unsubscribe from the Newsletter List at any time via the link provided in each issue of the Newsletter.

By turning off cookies on your computer or mobile device, you may prevent the Company from collecting information to improve the customer experience and service.

More information about the terms of use of the Company’s website and the Privacy Policy can be found here.

 

CATEGORIES OF RECIPIENTS OF PERSONAL DATA

Personality information is processed for the purposes set out in this document. When required to achieve this purpose, certain recipients may have access to personal information:

  • Re-insurers and co-insurers
  • Insurance companies for the prevention of insurance fraud
  • VIG Group, based in Vienna, Republic of Austria
  • Banks
  • Public authorities and supervisory authorities (e.g. National Bank of Serbia, Courts, Prosecutor’s Offices, Tax Administration, Ministry of Internal Affairs, Administration for Prevention of Money Laundering and Financing of Terrorism, etc.)
  • Assessors and/or physicians censors for the purpose of assessing risk or harm
  • Health institutions
  • Service Providers of assistance and compensation claims services, with which the Company has contracted business cooperation
  • External partners with whom the Company has contracted cooperation (entrusted activities), such as those who manage data protection, storage, or destruction
  • Audit providers (internal and external)
  • Law offices, collection enforcement agencies, notaries public, etc.

In all the above cases, the transfer and processing of personal data is done with mandatory measures of personal data protection.

DATA TRANSFER TO THIRD COUNTRIES

Personal data are processed in the territory of the Republic of Serbia. If personal data are processed and/or in territories outside the Republic of Serbia, then the Company acts in accordance with the provisions of the Law on Personal Data Protection and adheres to the list adopted by the Government of the Republic of Serbia, which defines the territories in which adequate protection, processing and guarantee measures and handling of personal data are guaranteed.

If the transfer is made to territories or to international organizations not on the list adopted by the Government of the Republic of Serbia, before the transfer, the Company will request the opinion of the Commissioner for information of public importance and protection of personal data, which is the obligation of the Company as a data manager under the Law on Personal Data Protection, and also allow you to know what information is being transferred and what safeguards are being applied.

DEADLINE FOR WHICH PERSONAL DATA WILL BE CONSERVED

Your personal information will be kept for as long as necessary to fulfill the purpose for which it is being processed. For example, when it comes to entering into and executing an insurance agreement, that period depends on the statute of limitations for the specific type of agreement. These deadlines may also depend on other specific retention periods prescribed by specific laws and regulations (e.g. those that regulate objections, anti-money laundering and terrorist financing, accounting and tax regulations, etc.).

YOUR RIGHTS IN THE PROCESSING OF PERSONAL DATA BY THE DATA MANAGER

Depending on the purpose of the processing and the legal basis for processing personal data, we inform you that you have the following rights:

  • The right to access your personal information;
  • The right to correct your personal information so that they are always accurate;
  • The right to delete your personal information, if applicable;
  • The right to restrict the processing of personal data under certain circumstances, for example when you object to the accuracy of personal data, and until we verify their accuracy;
  • The right to transfer personal data (if applicable);
  • The right to object to the processing of data based on our legitimate interest;
  • Right to object to automated individual decision-making (if applicable).

If you have any questions regarding personal data, you can write to the contact e-mail address: zastitapodataka@wiener.co.rs

Request for exercise of any of the rights (for example, the right to access, delete) can be submitted in person at the Head Office, or organizational units outside the Head Office.

The Company will respond to your request within the period prescribed by the Law on Protection of Personal Data

THE RIGHT TO SUBMIT A COMPLAINT TO THE SUPERVISORY AUTHORITY – COMMISSIONER FOR PUBLIC INFORMATION AND PROTECTION OF PERSONAL DATA

You may at any time file a objection about the processing of your personal data if you believe that the processing was carried out contrary to the provisions of the Law on Personal Data Protection, to the competent supervisory authority – Commissioner for Information of Public Importance and Personal Data Protection, address: 15 Bulevar kralja Aleksandra, Belgrade, e-mail: office@poverenik.rs