Privacy Notice

In pursuance of Article 13 of the General Data Protection Regulation (GDPR), we are informing you about the processing of your personal data by AWP P&C S.A., Austrian branch, and about your rights under data protection law.

The following is responsible for processing your personal data

AWP P&C S.A., Austrian branch

Linzer Straße 225
A-1140 Wien

The data protection officer can be reached by ordinary mail at the address above, with the title “Data Protection Officer” added, or by email sent to datenschutz.azpat@allianz.com

AWP P&C S.A., Austrian  branch (“we”, “us”, “our”), is part of Allianz Worldwide Partners SAS Paris, an insurance company registered in France , offering insurance products and services around the world. In turn, AWP SAS Paris is part of the Alliance Group.

What applies to all categories of personal data?

We process your personal data in compliance with the EU General Data Protection Regulation (GDPR), the Data Protection Act, the Act on Insurance Contracts and all other applicable laws.

When you apply for insurance cover, we require the details you provide in order to conclude the contract and assess the risk which we are to assume. If the contract is concluded, we process these personal data in order to administer the insurance relationship,  e.g. to issue invoices. For instance, we require the details of losses to assess whether an insured event has occurred and establish the size of the loss.

 

Without processing your personal data, the conclusion and implementation of the insurance contract are impossible.

The legal basis on which we process personal data for pre-contractual and contractual purposes is Article 6 (1) (b) GDPR.

We also process your personal data to pursue our legitimate interests or those of third parties (Article 6 (1) (f) GDPR). This may be particularly necessary in order to:

• ensure IT security and IT operation,
• advertise our own insurance products and conduct market research and opinion polls,
• prevent and clarify criminal offences, in which case we use data analyses to identify evidence of possible insurance fraud.

Furthermore, we use your personal data to perform legal obligations, e.g. supervisory duties and corporate and fiscal retention duties. The legal basis for data processing in this case are the appropriate legal provisions in  connection with Article 6 (1) (c) GDPR.

If we intend to process your personal data for a purpose not stated above, we shall notify you upfront in compliance with the legal regulations.

 

What applies to special categories of personal data, especially data concerning health?

Processing special categories of personal data, which include data concerning health, is subject to special protection. As a rule, processing is only permissible if you have given consent to the processing or one of the possibilities of processing provided under the law exists (Article 9 (2) GDPR).

 

Processing your special categories of personal data

In many cases, we require special categories of personal data in order to investigate entitlement to benefits. These include data concerning health. By providing us with such data in a specific insurance event, coupled with the request to investigate and assess the loss, you give us you express consent to process the data concerning health required to process the insurance claim. You will be informed about this again on the claims form.

Consent may be revoked at any time, effective for the future. Please note. however, that in such a case it may be impossible to verify our duty to provide benefits under the insurance claim. If the investigation of the insurance claim has already been completed, statutory duties of data retention may prohibit the erasure of the data.

 

Access to data concerning health by third parties to verify a duty to provide benefits

To verify a duty to provide benefits, we may need to check the details concerning your health which you provided in support of a claim or which emanate from the documentation (e.g. invoices, prescriptions, reports) or doctors’ or other medical practitioners’ reports which we received.

For this we require your consent, including a discharge from the duty of confidentiality for us and for all other entities who are under this duty but who nevertheless are obliged to give information to verify a duty to provide benefit.

In each case we shall tell from whom or what institution we require the information and for what purpose. You may then decide whether to allow us to collect and use your data concerning health, discharge the above persons and institutions and their employees from their duty of confidentiality, and allow us to convey your data concerning health or submit the required documents yourself.

Recipients of your personal data may be:

• Public authorities, the ombudsman
• Other companies of the Allianz Group
• Other insurers (regress claims)
• Co-insurers / Re-insurers
• Insurance agents/brokers and banks
• Legal services
• Service providers (e.g. medical services and assistance)
• Advertisers and advertising Networks

We store your personal data solely for the purposes for which they were collected and, in principle, only for the length of time required to perform our contract or laid down in the appropriate legislation. The appropriate provisions are to be found in the following legal, § 12 of the Act on Insurance Contracts and § 21 of the Financial Markets-Money Laundering Act. Under these regulations, the retention periods are seven to ten years.
Consequently, the legal time limits for the submission of claims against or by our company are to be observed.

Your personal data may be processed both inside and outside of the European Economic Area (EEA) by the parties specified in section 3 above, subject always to contractual restrictions regarding confidentiality and security in line with applicable data protection laws and regulations. We will not disclose your personal data to parties who are not authorized to process them. Whenever we transfer your personal data for processing outside of the EEA by another Allianz Group company, we will do so on the basis of Allianz’ approved binding corporate rules known as the Allianz Privacy Standard (Allianz’ BCR) which establish adequate protection for personal data and are legally binding on all Allianz Group companies. Allianz’ BCR and the list of Allianz Group companies that comply with them can be accessed here. Where Allianz’ BCR do not apply, we will instead take steps to ensure that the transfer of your personal data outside of the EEA receives an adequate level of protection as it does in the EEA. You can find out what safeguards we rely upon for such transfers (for example, Standard Contractual Clauses) by contacting us as detailed in section 1.

You have the right of access to the personal data stored by us and to rectify any personal data that are incorrect. Also, under certain conditions, you have the right to erase your personal data, the right to object to the processing of and the right to restrict the processing of your personal data, and the right to data portability.

Right to object

You may object to the processing of your personal data for the purposes of direct advertising at any time. If we process your data to pursue legitimate interests, you may object to this processing for reasons emerging from your particular Situation.

You may exercise these rights by contacting us.

If you wish to lodge a complaint with regards to the handling of your personal data, you may contact the above-named data protection officer. You also have the right to submit a complaint to a data protection authority.