We, at Citadel Insurance, endeavour to protect your privacy rights at all times, including when you visit and use our website. For this reason, we kindly invite you to read the following information so that you will be better guided as to how we process and protect your personal data. This privacy policy applies to this website and all products and services that are offered by Citadel Insurance p.l.c.
Who we are
Citadel Insurance p.l.c. and its subsidiary companies (hereinafter referred to as ‘Citadel’, ‘us’, ‘we’, ‘our’, ‘the Company’) is the Controller of the data that you may provide us at any time, including when visiting and using this website, such as where you provide information to acquire a quote and purchase insurance cover.
Information collected about you
You may visit our website www.citadelplc.com without telling us who you are directly and/or revealing any other information about you. However, when visiting our website, we may record your internet protocol address (hereinafter referred to as the ‘IP Address’). If you download information from our website, we may also collect the following information (hereinafter referred to as the ‘Download Data’):
- The date and time you accessed the website;
- The details of the requested web page and/or download;
- Whether your request was successful or not.
Other than the information stipulated above, we will only collect personal data that you voluntarily submit to us, such as where you submit your details to receive a quote, to purchase insurance cover, to send us queries or questions, or to create an account for online services that is available on our website. Therefore, we may collect information falling into the following categories of personal data:
- Basic identifying details;
- Contact details;
- Information about your family and family relationships;
- Professional background;
- Insurance history and insurance needs;
- Information about your lifestyle;
- Financial details;
- Medical information;
- Telephone correspondence, if and when it is recorded;
- CCTV footage, when visiting our branches or head office.
The information that you are requested to provide is necessary to take steps at your request prior to entering into a contract, or for the proper performance of your contract of insurance, or to enable the Company to provide you with the service that you request, depending on the circumstances. Therefore, failure to provide the Company with the requested information might render the Company unable to accede to your requests.
Purposes and Legal Bases for Processing
Any information that you supply to the Company on any form (such as proposal form or claim form) or otherwise, whether in writing or verbally, may be processed for all or any of the following purposes:
On the basis that processing is necessary to perform the contract of insurance or to take steps at your request prior to entering into a contract, the Company may process your data to assess risk; underwrite and issue present and future contracts of insurance; collect premiums and submit other bills; assess, defend and/or settle any claims or benefits made under your policy, also through the processing of additional information; assess and respond to your queries; and transfer data to and receive data from other insurance and reinsurance companies to underwrite your contract of insurance.
On the basis that processing is necessary to comply with its legal obligations, the Company may process your data to assess, handle and/or settle any third party claims; store accounting records for tax purposes and disclose relative data to tax authorities if called upon to do so; carry out due diligence, where necessary; and prevent, detect, suppress and/or report insurance fraud or any other criminal activity as is required by law.
On the basis that processing is necessary for the purposes of the legitimate interests pursued by the Company or by a third party, the Company may process your data to establish, exercise and/or defend legal action brought by you, an insured or a third party against the Company; carry out research (and compile statistics) for the internal management of resources, for performing actuarial science, and for the development and improvement of the Company’s products and services; and take steps to safeguard the integrity of your data, and to protect the Company’s data systems.
If you provided your consent on the proposal form (or subsequently) the Company may use your data to inform you by direct marketing about the Company’s range of products and services including those of our affiliated companies, associates, agents and intermediaries or other carefully selected organisations.
Recipients and Sources of Data
The personal data that you submit through this website will be received by the host of the website and transmitted to the Company.
Such data may then be disclosed or shared by the Company, only as is strictly necessary in line with the purposes outlined above, with the Company’s employees, subsidiaries, associates, intermediaries, joint controllers, the Company’s external actuaries, consultants, legal advisors, auditors, risk assessors, loss adjusters and surveyors, repairers, healthcare and other medical institutions and professionals, banks, credit referencing agencies, risk intelligence agencies, the Malta Insurance Association and other insurance and reinsurance companies, other professionals, and public, legal and/or judicial authorities. The Company may also disclose your data to third parties if it is called upon to do so by a competent authority, or by a Court or tribunal, only to the extent required and allowed by law.
Retention Period
The Company makes every effort to store personal data only for as long as it is necessary for the purposes outlined above. If the Company does not provide you a quote on your proposal, or provides you a quote which you do not accept, the Company will store the data provided by you for fives (5) years. In line with industry practice and following termination of your policy (if any), the Company erases, destroys, or makes anonymous all data howsoever received after taking into consideration whether:
- There are any ongoing insurance claims, or any potential for such claims;
- There are any disputes, both in relation to third parties and in relation to the Company, whether in Court, at arbitration, or otherwise, or any potential for disputes, including without limitation, those relating to the contract of insurance;
- The Company has any further obligations towards other insurance companies, its reinsurers, its intermediaries, the Malta Insurance Association, its service providers, and/or any third parties;
- The Company has extinguished its legal obligations towards you, its service providers and/or any third parties;
- The Company has any further legal obligations arising out of, among others, tax law, law relating to money laundering, and the MFSA rules and regulations for the insurance industry.
Your Rights
You have the right to:
- Acquire access to your data, including confirmation from the controller as to whether data about you is being processed and to receive further information about that processing;
- Amend inaccurate personal data;
- Request the erasure of data processed about you, on the basis of certain grounds, such as where the data is no longer necessary for the purposes for which it was collected or where consent for processing that requires consent has been withdrawn, among other grounds;
- Request the data controller to restrict its processing activities on your data, on the basis of certain grounds, such as where the accuracy of the data is contested;
- Receive the personal data provided by you in a structured, commonly used and machine-readable format or to request that such data is transferred in such format to another data controller;
- Withdraw your consent to processing that is based on your consent, such as direct marketing;
- File a complaint with us and/or with the competent data protection supervisory authority (i.e. the Office of the Information and Data Protection Commissioner by clicking here);
- Object to processing that is carried out for the legitimate interests of the controller, by reference to your specific situation. You may, at all times, object to direct marketing.
Should you wish to exercise any of your rights, you may do so by sending us an email on dpadmin@citadelplc.com or by contacting our Data Protection Officer directly.
It is important to note that, in certain circumstances, you may not be able to exercise your rights as stipulated above or you may be able to exercise such rights but only in a limited manner, as dictated by law, such as where such right requests may prejudice the rights and freedoms of third parties.
The Company engages in insurance industry standard profiling, wherein the assessment of risk is made partially by automated means. However, all final decisions which produce any legal effects on data subjects, including without limitation, the decision on whether to underwrite a risk and issue a contract of insurance, are taken with human intervention.
Cookies
Our website makes use of “cookies”, which are pieces of information that a website transfers to your computer’s system for record keeping purposes.
Cookies are created for each session you visit our website and they are used to enhance the content of web pages by storing information about your preferences, thus enabling website owners to provide more useful features for their users. We do not use cookies to obtain names or address information or any other information that will enable anyone to contact you via telephone, e-mail or any other means. The information which cookies can provide may include the date and time of visits, the pages you view and the time you spend on our website.
Most web browsers are initially set to accept cookies. However, you can set your browser to block all or certain cookies or to notify you when they are sent.
Please note that information on how to change your options regarding cookies can be obtained by referring to your Operating Systems Manual or to the ‘Help’ section of your web browser, or by contacting your Internet Service Provider. However, given that we may sometimes use cookies you may not be able to take full advantage of our website if you decide to disable them.
Security
We undertake to implement appropriate measures and safeguards for the purpose of protecting the confidentiality, integrity and availability of all data processed. All our employees and data processors, who have access to and are associated with the processing of personal data, are further obliged to respect the confidentiality of our clients’ and visitors’ personal data.
Links to other websites
Our website may contain links to local and international websites. Please note that such links are not an endorsement by us of any information, products or services in such websites and we shall not accept any responsibility whatsoever for the content, use, availability, privacy practices or the content of any such websites. Please note that upon linking to such other websites, you will no longer be on our website and you will become subject to the Privacy Policy, if any, of such other website. No third party is permitted to link any other website to our website without obtaining our prior written consent.
Changes to the Privacy Policy
We reserve the right to update this Privacy Policy at any time. It is in your own interest to check this page any time you access our website so as to be aware of any amendments which may have been made.
In Case of Queries
In the event that you require any further information or seek clarifications with respect to how we process your data, do not hesitate to contact us. The Company also has a Data Protection Officer. If you wish to address him directly, you may do so by:
Telephone: (+356) 2759 5000 (ext: 601)
Email: dpo@citadelplc.com
Post: Citadel Insurance DPO, 170, Pater House, Psaila Street, Birkirkara, BKR 9077, Malta.
This Privacy Policy was last updated on 23/5/2018.