GUIDELINES ON PERSONAL DATA PROTECTION IN INSURANCE SECTOR

Similar documents
LAW ON COMPULSORY TRAFFIC INSURANCE

LAW ON PROVIDING FAST MONEY TRANSFER SERVICES (unofficial fair copy) 1 I. GENERAL PROVISIONS

LAW ON VOLUNTEERING Official Gazette of Republic of Macedonia no. 85 from

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT

CROATIAN PARLIAMENT 1364

LAW ON COMPULSORY TRANSPORT INSURANCE

LAW ON COMPULSORY TRAFFIC INSURANCE. (consolidated text) 1 I BASIC PROVISIONS. Subject matter. Article 1

CONTENT OF THE AUDIT LAW

/ Insurance. Regional Highlights * Bosnia and Herzegovina. karanovic/nikolic. /March 2015/

Republic of Macedonia LAW ON MANDATORY FULLY FUNDED PENSION INSURANCE

THE UNIFIED COMPULSORY MOTOR INSURANCE POLICY

I. Supervision of Insurance and Reinsurance Mediation

ABI CODE OF PRACTICE: THIRD PARTY ASSISTANCE

and the President has proclaimed the following Law:

THE APPLICATION FORM FOR FINANCIAL COMPENSATION OF THE CRIME VICTIMS

Act on Insurance. The National Council of the Slovak Republic has adopted the following Act: SECTION I PART ONE GENERAL PROVISIONS

Motor Insurance Policy (Third Party) Customer Service RIYADH JEDDAH KHOBAR

Terms and Conditions of Loan Payment Protection Insurance

Personal Data Act (1998:204);

CITIZENS' LABOR RIGHTS PROTECTION LEAGUE N.Narimanov street, 11 \ 16, Baku AZ1006, Azerbaijan

CROATIAN PARLIAMENT Pursuant to Article 88 of the Constitution of the Republic of Croatia, I hereby pass the

General terms and conditions for voluntary health insurance

Law on the Deposit Insurance Agency (Official Gazette of the Republic of Serbia, No. 14/2015) (Unofficial Translation)

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document

ROAD ACCIDENT FUND AMENDMENT BILL

COMPULSORY INSURANCE IN SERBIA

Act on Compulsory Contractual Motor Vehicle Third Party Liability Insurance

ACT ON LIABILITY FOR NUCLEAR DAMAGE

General Protocol relating to the collaboration of the insurance supervisory authorities of the Member States of the European Union March 2008

LAW. ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05)

LAW ON TAX PROCEDURE OF REPUBLIC OF SRPSKA

RS Official Gazette, No 38/2015

STATE OF RHODE ISLAND AND PROVIDENCE PLANTATIONS DEPARTMENT OF TRANSPORTATION DIVISION OF MOTOR VEHICLES AMENDED RULES AND REGULATIONS RELATIVE TO

MOTOR VEHICLE INSURANCE PROPOSAL FORM

FACTORING LAW I. BASIC PROVISIONS II. DEFINITIONS

Electronic Documents Law

LAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE. Chapter two. ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE

Nationality: Passport No: Occupation: Tel No: Fax No: Nationality: Passport No: Occupation: Tel No: Fax No:

Act on the Contractor s Obligations and Liability when Work is Contracted Out (1233/2006) (as amended by several Acts, including 678/2015)

THE LAW ON NATIONAL COUNCILS OF NATIONAL MINORITIES I. GENERAL PROVISIONS. Article 1

ORDER to promulgate the Act on Prevention of Late Payment (ZPreZP)

CLAIM FORM A. To be completed by the registered operator/ owner or driver of the vehicle

DECISION PROMULGATING THE ACT ON AMENDMENTS TO THE ACT ON PENSION INSURANCE COMPANIES AND PAYMENT OF PENSIONS BASED ON INDIVIDUAL CAPITALISED SAVINGS

Holidays Act (consolidated text Dec 2003)

How did you hear about The Mills Law Firm? MVA Premises Liability Labor Law Product Liability Other:

(Unofficial translation by the Financial and Capital Market Commission)

Employers Liability Section

REPUBLIC OF ARMENIA LAW ON COMPULSORY INSURANCE OF LIABILITY ARISING OUT OF THE USE OF MOTOR VEHICLES CHAPTER 1 GENERAL PROVISIONS

Business License Application General Information

L A W ON AMENDMENTS TO THE LAW ON PENSION AND DISABILITY INSURANCE. Article 1

: As defined in the Traffic Act in force. Accident

COMMERCIAL GENERAL LIABILITY INSURANCE TERMS AND CONDITIONS 1/2013 Valid from

PO Box Ellerslie 1542 Auckland TERMS OF BUSINESS

LAW ON MILITARY SECURITY AGENCY AND MILITARY INTELLIGENCE AGENCY I GENERAL PROVISIONS. Article 1

ISLAMIC AFFAIRS & CHARTABLE ACTIVITIES DEPARTMENT GOVERNMENT OF DUBAI

HIPAA PRIVACY NOTICE PLEASE REVIEW IT CAREFULLY

Table of contents: ***

NATIONAL PAYMENT SYSTEM ACT

(Official Gazette of the Republic of Macedonia, No. 63/2000, 29/2002, 43/2002, 49/2003 and 81/2008) LAW ON DEPOSIT INSURANCE FUND

fleetshield proposal form

Motor Legal Care Terms and Conditions

Personal Accident Claim Form

Consultation Paper 1.5. Mandatory Third Party Liability Insurance for Road Vehicles

MOTOR INSURER S BUREAU OF IRELAND

Motor Accident Report Form

THE SOCIALIST REPUBLIC OF VIETNAM Independence - Freedom - Happiness No: 23/2014/TT-NHNN Hanoi, 19 August 2014 CIRCULAR

INSURANCE LAW OF THE KINGDOM OF CAMBODIA

THE CROATIAN PARLIAMENT DECISION PROMULGATING THE ACT ON INVESTMENT FUNDS WITH A PUBLIC OFFERING

Act amending Banking Act (ZBan-1L) Article 1

COMPULSORY THIRD PARTY LIABILITY INSURANCE

Act on Insurance Mediation and Reinsurance Mediation

LAW NO: 5549 ON PREVENTION OF LAUNDERING PROCEEDS OF CRIME

Act No. 168/1999 Coll. - Motor Third Party Liability Insurance act

JOINT AGREEMENTS. - Cyclistes Professionnels Associés [Associated Professional Riders], hereinafter referred to as CPA,

Work Injury Compensation Act. A Guide to the Work Injury Compensation Benefits and Claim Process

General Terms of Public Procurement in Service Contracts JYSE 2014 SERVICES

GUIDELINES FOR THE ADMINISTRATION OF INSURANCE AGENTS

Employers Liability Policy ( 蘇 黎 世 產 物 僱 主 意 外 責 任 保 險 )

STATE OF RHODE ISLAND AND PROVIDENCE PLANTATIONS DEPARTMENT OF REVENUE DIVISION OF MOTOR VEHICLES AMENDED RULES AND REGULATIONS RELATIVE TO

Details of Helivac RAC Claim

LAW ON FOREIGN CURRENT AND CAPITAL OPERATIONS I BASIC PROVISIONS

AN ACT REGULATING TRANSPORTATION NETWORK COMPANIES.

Initial Credentialing Application: Certified Registered Nurse Anesthetist (CRNA)

WHO CAN PULL A BUILDING PERMIT?

Republika e Kosovës Republika Kosovo - Republic of Kosovo Kuvendi - Skupština - Assembly

PAYMENT SERVICES AND SYSTEMS ACT (ZPlaSS) CHAPTER 1 GENERAL PROVISIONS SUBCHAPTER 1 CONTENT OF THE ACT. Article 1. (scope)

It is hereby notified that the President has assented to the following Act which is hereby published for general information:-

LAW ON FOREIGN EXCHANGE OPERATIONS OF FEDERATION OF BOSNIA AND HERZEGOVINA

Transcription:

Document 2.1.4-8 GUIDELINES ON PERSONAL DATA PROTECTION IN INSURANCE SECTOR Component 2 Activity 2.1.4 8 The content of this report is the sole responsibility of Human Dynamics and can in no way be taken to reflect the views of the European Union

Table of Contents I. About the Guidelines... 3 II. Introduction... 3 III. Legal framework... 4 IV. The role of the... 4 V. How to submit a complaint for personal data protection... 5 VI. Specific questions regarding personal data protection... 5 VII. FAQ... 13

About the Guidelines The purpose of the s guidelines is to provide common practical instructions and advice for the citizens in order to improve the exercising of their personal data protection s right. It seeks to address the most common questions that citizens are facing with. The provided answers of all questions will help the citizens to better understand and exercise their data protection right in the insurance sector. Introduction Personal data are collected and processed in variety of areas. Insurance sector is one of the sectors where personal data are collected and processed. Insurance companies in their daily activities collect and process large number of personal data for the insured, as well as for the insurance users, damaged persons... Personal data collected by the insurance companies in certain cases are subject to exchange with state authorities, while sometimes they are transferred to other states. Because of this fact, the protection of personal data is an important segment in the insurance sector. The protection of personal data collected and processed in the insurance sector, besides the Law on Personal Data Protection 1 is also governed by the Law on Insurance Supervision 2 and the Law on Compulsory Motor TPL Insurance 3. The fact that these two laws were enacted before the Law on Personal Data Protection was enacted, may lead to wrong interpretation and application of the provisions on personal data protection in practice from the insurance companies on one hand, and wrong exercising of data protection right by the citizens. 1 Official Gazette of Republic of Macedonia No 7/05, 124/10, 103/08, 124/10 and 135/11 2 Official Gazette of the Republic of Macedonia no. 27/2002, 84/02, 98/02, 33/04, 88/05, 79/07, 8/08, 88/08, 56/09, 67/10 and 44/11 3 Official Gazette of the Republic of Macedonia no. 88/05, 70/06, 81/08, 47/11 and 135/11

Legal framework In the state legislation, personal data protection as a whole, is primarily governed by the Law on Personal Data Protection and the respective bylaws deriving from it. However, the provisions of this Law are general and they set the standards for personal data protection for all areas where personal data are collected and processed, i.e. where they need appropriate protection. The insurance sector represents specific area where personal data, on daily basis, circulate throughout the main actors of this sector insurance companies and the National Insurance Bureau. This is the case because personal data are conditio sine qua non for establishing a respective legal relationship by signing contract of insurance, or signing an insurance policy or list of coverage by the contractors. It is also the case for practicing the rights, as well as fulfilling the obligations that derive from the insurance relationship. Having in mind the aforementioned, as well as the requirement for providing appropriate protection of the large flow of personal data in this sector, the legislator has recognized the need to prescribe specific rules, i.e. to precisely define certain criteria Page 4 of 13

Page 5 of 13 that will apply only for the insurance sector as a mean to answer the specific needs for all stakeholders. In this sense, the legal framework for the insurance sector is consisted of the Law on Insurance Supervision and the Law on Compulsory Motor TPL Insurance and few bylaws deriving from the Law on Insurance Supervision which ring round the legal framework for the insurance sector. The role of the In the broadest sense, the is responsible for proper implementation of the Law on Personal Data Protection. This means that the Directorate cares for personal data protection of the citizens and protects their rights. This role is carried out by the Directorate through: - resolving citizen s complaints for violation of their data protection rights throughout inspection; - conducting inspection ex officio to check whether the data protection principles are implemented properly. However, it should be noted that Directorate has not only repressive role does not solely solve problems when they occur. Rather, the role of the Directorate is to acquaint citizens closer to their rights. This role, the Directorate practices on daily basis, and this Guidelines is aimed for the improvement of citizens knowledge for their personal data protection rights. How to submit complaint for personal data protection It s very easy and simple. Whenever one believes that her/his right of personal data protection is violated and has some facts or prove for the violation, s/he can submit to the Directorate for Personal Data Protection: - Request (complaint) for determining a violation of the right of personal data protection or - Initiative to the the Directorate to perform inspection over the personal data processing performed by the controller of personal data collection. In order to facilitate these procedures, the Directorate has developed forms of Request (complaint) and the Initiative for performing inspection, which are published on the Directorate s web site (www.dzlp.mk/mk/prijavi zloupotreba).

After filling the required information in the Request (complaint) or Initiative for performing inspection you can easily submitted via following e-mail: contact@dzlp.mк or by ordinary mail: Samilova 10, 1000 Skopje. The whole procedure is in details explained on the aforementioned Directorate s web site (www.dzlp.mk/mk/prijavi zloupotreba). Specific questions regarding personal data protection Types of personal data collections Question: What types of personal data collections may the insurance companies maintain? The insurance companies are obliged to maintain the following types of personal data collections: Question: What types of personal data are contained in the personal data collections that insurance companies maintain? As it was already mentioned the insurance companies are obliged to maintain 3 (three) data bases. Each of those data bases contains certain types of personal data: Question: What types of personal data collections may the National Insurance Bureau maintain? The National Insurance Bureau maintains the same date bases like the insurances companies. The National Insurance Bureau has developed Information Center that contains the following personal data: It should be noted that insurance companies are obliged to keep register of insurance agents. 1) registry designations from the license plates, types, numbers of chassis, i.e. bodies of the vehicles registered in the country, Page 6 of 13

2) name and surname, personal identification number, date and place of birth, permanent and temporary place of residence of the insuree and 3) the name and/or the seat of the authorized representatives appointed by the insurance companies of other European Union member states in the country. Question: Can the insurance companies establish and maintain personal data collections different from those defined in the Law on Insurance Supervision? Undoubtedly, the answer of this question is YES. It remains possible to create other personal data collections based on the consent of the personal data subject, as well as to create personal data collections based on other laws, such as employees records or records of employees working hours. Question: When the insurance companies and the National Insurance Bureau are obliged to report personal data collections to the Central Register of Personal Data Collections within the Directorate for Personal Data Protection? The Directorate for Personal Data Protection has to be notified about the existence of all personal data collections maintained by the insurance companies and the National Insurance Bureau. The insurance company and the National Insurance Bureau are not obliged to notify the Directorate, if: - the personal data are part of the publicly available collections based on a law; - the personal data collection refers to at most ten employees with the controller or - the processing refers to personal data of member of associations founded for political, philosophical, religious or tradeunion purposes. A link to the Central Register of Personal Data Collections could be found on the Directorate s website (http://www.dzlp.mk:8001/). The main purpose of the Central Register of Personal Data Collections is to ensure transparency in the processing of personal data. Also, this Register should provide citizens with possibility, at any time to check what types of personal data are processed for her/him, by the insurance companies. Question: What types of personal data collections may the Supervision Insurance Agency maintain? The Supervision Insurance Agency maintains the following data bases: Page 7 of 13

These personal data collections are public and that s why Supervision Insurance Agency is not obliged to notify/report the personal data collections in the Central Register for reporting/notification to the Central Register for Personal Data Collections. Personal Data Collection within the Directorate for Personal Data Protection. Question: What types of personal data collections may the insurance brokerage company and insurance agency maintain? The insurance brokerage company and insurance agency are obliged to maintain the same date bases like the Supervision Insurance Agency. Same like personal data collections maintained by the Supervision Insurance Agency, the personal data collections maintained by the insurance brokerage company and insurance agency are public and because of this reason they are not subject to Page 8 of 13 Collecting, processing and revealing of personal data Question: What is the manner of collecting personal data by the insurance companies? The insurance companies can collect personal data: 1) as a rule, directly from the person they refer to; 2) from other persons (witnesses of the damage incurrence); 3) name and surname, date and place of birth, constant or temporary address of the insureds and name of the insurance company, number of policy, duration of the insurance,

insured case and insurance security may be as well collected from the databases set up within the insurance companies and the National Insurance Bureau; 4) name and surname, date and place of birth, constant or temporary address and PIN of the persons involved in the incurred damage, as well as the same data for the witnesses; type of harmful event; place, time and course of the damage incurrence and description of the damage from the harmful event may also be collected from the databases set up within the Ministry of Interior; 5) data referred to crimes and misdemeanors in regard to the incurred damage may also be collected from the databases set up within the judicial bodies;6) the health data like: shortterm injuries and health condition, type of physical injury, duration of the treatment and consequences for the insured person, as well as for the submitter of the request for damage compensation; costs for the medical treatment, medicinal products and orthopedic devices for the insured person and the submitter of the request for damage compensation from the databases set up within the health institutions; 7) data relating to the incomes of the insured person and of the submitter of the request for damage compensation can be collected from the database of the employer, Fund for Pension and Disability Insurance and the Ministry of Labor and Social Policy; 8) data relating to pension (old age or disability), prequalification and degree of disability of the insured person and of the submitter of the request for damage compensation can be collected from the databases of the Fund for Pension and Disability Insurance. Page 9 of 13

Ministry for Labor and Social Policy National Insurance Bureau Directly from the persons Insurance companies Fund for Pension and Disability Insurance Employers Insurance companies Other persons Ministry of Interior Ministry of Interior National Insurance Bureau C Helath institutions Judical bodies Question: What are the databases from which the National Insurance Bureau collects personal data? Similar like insurance companies, the National Insurance Bureau collects data from: 1) insurance companies; 2) Ministry of Interior and 3) Information Centers from other European Union member states. Page 10 of 13 Question: Do the insurance companies have right to make copy of ID documents, such as ID card, passport, driving licenses? The answer is NO. The insurance companies are not provided with legal base for making a copy of ID documents, such as ID card, passport, driving licenses. These documents could be subject of copying if there is a previously given consent from the citizens/data subjects. Question: In which cases the insurance company can reveal personal data to third persons? Collected and processed personal data, may be revealed by the insurance companies in the following cases: 1) if the data are necessary for determination of facts in criminal

procedures or other court procedure and if they have received written request from the competent court to submit data; 2) in cases anticipated by the Law on Prevention of Money Laundering and other Financial Proceedings from a Crime and Financing Terrorism; 3) if the data are necessary for determination of the legal relations between the insurance company and its insureds and/or other beneficiary of the insurance, in the performance of legal procedures; 4) if the data are necessary for the purpose of performing coercive procedures over immovable property of an insured person or other beneficiary of the insurance, and if they have received written request for the competent court to submit data; 5) if the data are requested from the Insurance Supervision Agency or from another competent supervisory body, and due to conduct of supervision within the framework of the established liabilities; 6) if the data are requested by a tax body, in regard to conducting procedures within its competence and 7) in other cases stipulated by law. Question: Whom to and what personal data contained in the personal data collections of the National Insurance Bureau may the Bureau reveal? The National Insurance Bureau through its Information Center, upon request, is obliged to reveal the following personal data to the claimants: 1) name and address of the insurance undertaking with which the person causing the accident concluded motor TPL insurance contract; 2) number of insurance policy; 3) name and address of the authorized representative in the Republic of Macedonia appointed by the insurance undertaking of the EU member state with which the person that caused the Page 11 of 13

accident concluded motor TPL insurance contract; 4) data on the name and the address of the owner, user, i.e. the registered user of the motor vehicle in case the claimant proves that he/she has a legal interest in obtaining such information. 5) data on the name of the driver of the motor vehicle that caused the damage, for which the provisions of the Law on Compulsory Motor TPL Insurance do not apply. National Insurance Bureau and insurance companies? The timeframe for keeping the personal data in the personal data collections of the Information Center of the National Insurance Bureau is for at least seven years after expiry of the registration of the motor vehicle or after the expiry of the insurance contract. The timeframe for storage of personal data collected and processed by the insurance companies is ten years after the expiry of the insurance contract or after closing the case for the occurrence of the damage. This provision is in line with the principle of personal data protection that the personal data aren t kept longer than necessary to fulfill the purposes for which data are collected. Period for keeping personal data Question: For what period of time should the personal data be kept by the Data Protection Officer Question: Are the insurance companies, the National Insurance Bureau, the Supervision Insurance Agency, the insurance brokerage companies and insurance agencies obliged to appoint personal data protection officer? Page 12 of 13

The answer is YES. All of the above mentioned institutions are obliged to appoint personal data protection officer, because of the fact that personal data protection officer is in general responsible for the implementation of data protection principles in practice. Personal data protection officer is responsible for lawful exercise of citizen s right to personal data protection, and in the same time acts as safeguard for their protection. FAQ Page 13 of 13