The present Privacy Policy constitutes an integral part of our company’s Terms of Use. Maxima Insurance is a provider of insurance and finance services and consultation, offering high-quality products and services which cover the whole spectrum of the insurance field. Our company is dedicated to ensuring the confidentiality and privacy of the information provided to us and is compliant with the standing legislature regarding privacy and the protection of personal data, as well as the General Data Protection Regulation (GDPR). We only collect the data willingly provided by online visitors, clients, prospect clients and partners, enabling us to provide our services.

1.1. When do we collect personal data?

Upon reception of completed applications, documents, forms, complementary documents and all other information coming to our company’s possession, within the context of its operation, it proceeds to process the personal data, with or without the use of automated means such as collection, filing, organization, correction, storage, adaptation, alteration, recovery, information research, use, deletion or destruction. Our company will potentially make use of automated means and, in the context of protecting its legitimate interests, it frequently conducts quality controls and damage analysis, through automated processing, for purposes of aversion of fraud against it. In any case of automated processing, the emerging results are always reviewed by the company’s responsible employees or partners and thus no decision is taken exclusively based on automated processing. Our website visitors are not required to disclose their identity or provide any personal information without their explicit consent. However, for the visitor to be able to become a recipient of any informative material (such as Newsletters) that the company may send, so they may be informed for matters concerning themselves and the company, as well as happen to benefit from possible future promotional campaigns, they provide explicit consent by filling-in the relative form during registration to the services. We receive your personal data provided you have chosen to provide them. Your personal data will not be used for other purposes, unless we receive your permission, or this is required or allowed by law.
The IP addresses (the number given to your device when you gain access to the web and allows computers and servers to be identified and communicate with each other) which the visitors appear to come from may be registered for purposes of information security and system diagnostics.

1.2. What data do we collect and process?

Personal data, like identification information, contact details, payment details and insurance details necessary for the synapsis and management of an insurance agreement, as well as sensitive personal data like information regarding an individual’s health (physical condition, possible inabilities, medical background, prescribed medication etc.), financial and property state as well as investment/saving goals, driving behaviour in vehicle insurance, business activity and subordinate working/independent service relations. Additional payment details such as bank account numbers, credit/debit card numbers and other bank card details, interaction details from electronic services: IP addresses, Cookies, Browser information, device information etc. settlement information like information necessary to manage insurance claims contained in payment applications for reimbursements/buyouts/claims or supporting/relative documents. Also, personal data collected by our website and depending on the request of the visitor, data included in resumes, in cases of emergent interest for collaboration with the company, even data notified within the context of possibly recorded phone calls, about which you will be explicitly informed. I every case and with respect to the applied request, an optional query for certain information, as stated above, may take place to the information subject.

1.3. Where do we collect personal data from?

We collect personal data:

a) From the individual/client/prospect client.
b) Through authorized staff members/collaborators (such as experts).
c) Through affiliate service providers (such as hospitals, diagnostic centres)
d) From visitors to our website, only after they have intently provided them for the submission of electronic applications
e) In the context of promotional-advertising campaigns for the promotion of our provided services.

1.4. Purpose of data process

Our company processes the personal information of all individuals dealing with it, for more than one purpose, and only for those purposes for which we collect them, as well as additional goals relevant to them, referring but not limited to research for the conclusion of insurance contracts and their handling (for instance offer, suggestion, approval reimbursement settlement etc.), evaluation of insurance risk for the conclusion of an insurance contract, its handling, inspection and settlement of reimbursement in the occurrence of the risk and disbursement of the fixed amount as stated in the terms of the contract, prevention and avoidance of insurance fraud. Personal information required for the conclusion of team insurance contracts of a company’s human resources, the conclusion of professional liability, vessel crew, car fleet insurance. We collect personal information for automated decision-making purposes (including profile set-up), individualisation of your experience, marketing messages, offers and content tailor-made for you) and other decisions regarding the use of computer technology, like determining which products are the most suited to you, to handle any of your requests, including collaboration/recruitment applications to our company. We collect personal information in order to protect our company’s lawful interests (such as the prevention and detection of fraud against us), as well as fulfilment of our tax and legal obligations.

1.5. What is the legal basis for the use of your personal information?

Our company collects personal information necessary in order to fulfil the goal of your contract. Whenever additional, optional information are required, you will be notified when the data collection takes place. The GDPR allows the process of your personal information when the following apply separately or simultaneously.

a) Contract completion: This happens when your personal data processing is necessary for the completion of our obligation as they come up from the contract as well as the actions required in the pre-contractual stage (such as application completion, offer submission etc.)
b) Legal obligation: This happens when we are required to process your personal information to be complicit with legal requirements, like record keeping for tax purposes or providing information to a public body or law enforcement authority.
c) Protection of our company’s legal interests: (for instance the support and exercise of its legal rights, prevention of insurance fraud, researching its customer satisfaction level, management of its business operation, operation of its data-processing systems, internal control operations etc.).
d) Your consent: You may revoke your consent at any time by contacting with us at: i.kanakari@maximainsurance.gr

1.6. Rights of the subject of the information

The subject of the data has the right to access their personal information collected and processed by the company, as well as the right to be informed, following an email request at: i.kanakari@maximainsurance.gr or by calling the number: +302106835300. This is referred to as “Subject Access Request”. Access to your personal information is granted free of charge. Before we satisfy your request and for transaction safety purposes, we may require identification documents and adequate information of your transactions with us from which we can trace your personal information and identify you. If the data we have of you is incorrect, you may request we make corrections to the collected personal information. You may modify, correct, supplement your personal information undergoing processing from our company and for this reason you may send an email at: i.kanakari@maximainsurance.gr or call the number: +302106835300. You also have the right to contest the processing of your personal information from us (right to object), require their deletion (right of deletion) if we no longer have the right to use them, or require their processing take place at specific cases (limited processing right). To exercise all the aforementioned rights, you may send us an email at: i.kanakari@maximainsurance.gr or call the number: +302106835300. Upon reception of the relative request, the company will proceed to its satisfaction within a time period of one month, provided it is lawful and valid. The information subject maintains the right to revoke their consent to process information of personal nature by sending an email request at: i.kanakari@maximainsurance.gr or calling the number: +302106835300.

1.7. Disclosure and transfer of personal information

Our company does not transfer, disclose or publicize personal information to non-affiliate third parties unless if this is required by our lawful, professional and business needs for us to respond to your requests and provide you with our services, when this is dictated by law. Our company may disclose personal information in order to respond to inquiries by courts of law, judiciary, government or law enforcement authorities, or whenever it is deemed necessary or wise to conform with the standing legislature, court decisions or orders and rules by court and judiciary authorities. Disclosure of personal information may also be required for personal information audits, security and research purposes as well as to respond to potential complaints or security threats. Your data may be transferred to third parties (legal or physical entities) with whom our company has contractual relations regarding the proper and in accordance with its terms provision of services. For this reason and to uphold its legal obligations, our company can, on a case-by-case basis, transfer your personal information to legal or physical entities, indicatively to Insurance Companies within or outside the European Union, Health Establishments, Diagnostic-Coordinating Centres Medical Professionals Insurance Claim investigators and experts, International Specialists, Legal professionals etc. Also, to Roadside Assistance, Courier, Record keeping/Management, Phone Service companies, the Informatics Department of the Insurance Company Union of Greece, the information Centre and the office of International Insurance, car repair establishments, affiliate Bank Institutions, Public and Judiciary authorities, Public Organizations and Supervisory Bodies, as well as our Subsidiaries.
However, the legal or physical entities will process your personal information, exclusively for service provision purposes to our company, acting as wholly or partially responsible for the process of information and contractually bound in keeping confidentiality, protection of personal information and upholding information security regulations.
In every transmission, our company takes all measures to always disclose the minimally required amount of data and always under the premiss of their lawful and legitimate processing.

8. Data security, Personal Information Violation Incidents, Storage, Keeping Time and Data Integrity

Our company applies reasonable security policies and procedures to protect personal information and data from unauthorised loss, misuse, alteration or destruction. The company is bound to protect the personal information and data trusted to it form the information subject. For this purpose, it has taken the necessary measures of organization and processing of personal information. The collected personal data are stored to servers with limited access, accessed with the use of specialized codes and the company utilizes special technologies and procedures to enhance the protection of the information against loss or misuse, as well as unauthorized access, disclosure, modification or destruction. However, despite the company’s best efforts to protect the data, it is unable to provide complete assurance that the above-mentioned technologies will not be attacked at any time and in any way. Despite the company’s best efforts, absolute safety against all possible threats cannot be guaranteed. In case of loss or violation of personal information, the company employs a specialized team to work on the restoration of the violation, containment of the possible consequences and comply with our legal obligations as soon as possible. We put all possible effort to making sure access to your personal data is provided only to those necessary. The individuals who have access to the data are bound to uphold the confidentiality regarding the information. For this reason, if any illicit, malicious, inappropriate or immoral use of the data comes to any individual’s attention, they are required to immediately notify the company regarding the fact. If otherwise, the individual will also stand responsible against the company.
We also put all possible effort towards keeping the personal information we collect from you only for the time period they are necessary for the purposes they were collected, comply with each individual request or until their deletion is required by the subject. The company will maintain and process the data for the duration of your contractual relation with it. In case this is terminated for any reason, our company will maintain this data for the legally required time period or until the stature of limitations comes to pass, the maximum relative period being five (5) years. In case no contractual relation is reached, our company can maintain the declared data for the pre-contractual stage, for a period of up to five (5) years from their submission, depending on the standing policy of the company’s record destruction. All the above stand on condition there is no outstanding legal dispute beyond the stated time periods by irrevocable court order.

1.9. Children

For minors under the age of 18, with participation in the insurance coverage as an insured member or/and proprietor, processing is lawful only if, and to the degree that, consent is approved or (wherever it is required) is provided by the individual exercising parental responsibility for the minor. When the minor reaches 18 years of age, consent (wherever it is necessary) for processing of personal information from the company is provided by the individual who is now an adult.

1.10. Contact us

If you have any questions, comments or complaints regarding our handling or protection of your personal information by us or if you wish to amend your personal information or you wish to exercise any of your rights as the subject of the data, please contact us at: i.kanakari@maximainsurance.gr or by calling the number: +302106835300.
The person in charge of processing is called Ioanna Kanakari and can be contacted at: i.kanakari@maximainsurance.gr, by calling the number: +302106835300 or at our physical offices on 360Α Kifissia’s Av. and 2 Marathons St. in Chalandri, Attica, the information subject maintains the right to file a complaint to the Personal Information Protection Authority (1-3 Kifisias Av. 11523, Athens, +30 210 6475600, contact@dpa.gr).
We inform you that you may, at any time, revoke your consent to the process of your personal information as well as special category personal information, collected for the purposes of our business collaboration. However, we state that the revocation of your consent as well as exercising your right to oppose processing of your personal information will result in the immediate termination of our contractual relationship, as it is unable to function without the lawful processing of your personal information.