1. Our Commitment
We will ensure that all of our employees obtain, use and disclose personal information lawfully and correctly. To this end we fully endorse and adhere to the principles and rules of data protection, as set out in particular in the EU General Data Protection Regulation and the Austrian Data Protection Act (hereinafter the »Acts«). We shall apply the Acts globally, except where part or all of any local law will prevail.
In particular we will:
- observe the conditions in the Acts regarding the lawful, fair and transparent collection and use of personal data;
- meet our legal obligations to specify the purposes for which we process personal data and the legal grounds for such processing;
- collect and process adequate and relevant personal data, only to the extent that it is necessary to fulfil our operational needs or to comply with any legal requirement;
- ensure the accuracy of any personal data kept by us;
- ensure that personal data shall only be stored in a form which permits identification of data subjects as long as this in necessary for the purposes for which the personal data are processed;
- ensure that the rights of data subjects about whom personal data are held, are able to be exercised fully under the Acts;
- take appropriate technical and organisational security measures to safeguard personal data and to ensure integrity and confidentiality of such data;
- ascertain that personal data is not transferred outside the European Union (hereinafter the "EU") and/or the European Economic Area (hereinafter the "EEA") without suitable safeguards or agreement from the data subject.
2. Handling with Your Personal Data
In the following we provide you with information on which personal data we collect and how we use and handle your personal data when you use either our website or enter in a business relationship with us. In particular we endeavour to ensure that you are informed as to: (i) the purpose for collecting the information, (ii) what the information will be used for, and (iii) the legal basis for any such processing of your personal information.
Polaris does not use automated decision-making including profiling when handling with your personal data.
2.1. Using our Website
Please note that where our website contains links to other websites, we are not responsible for the privacy practices and/or contents of other websites and with regard to our website this statement applies solely to any personal data collected by our website.
2.2. Use of "Contact us" Option
You can contact us directly via the contact form available on our website. Personal data gathered through these function include: name and surname, e-mail address, telephone number, subject, message content.
We collect, process and use the information and data provided by you via the contact forms exclusively for the processing of your specific request based on your consent.
2.3. Business Data
Polaris Corporate Solutions GmbH provides specialty casualty insurance solutions to other business entities by offering direct access to Lloyd’s capacities. Since we operate through a B2B business model, we only collect limited amount of personal data namely: (i) personal data of contact persons of our business partners such as name and surname, position, company, e-mail, telephone number and other data which are necessary to enter into a business relationship with such companies, my it be brokers policyholders or other insurers; and (ii) personal data of insured parties that are natural persons. With respect to the former, we need to keep and process certain personal data of our business partners for normal contractual purposes. With respect to the latter we only gather and process data that are necessary for a specific product and its coverage. As a key rule, Polaris collects your data only if we received it directly or indirectly from you (e.g. by a third party acting on your behalf) either pre-, during or after our contractual relationship with you.
The legal basis for the handling of all such personal data results from the fact that handling is required to facilitate our business relationship with you and to provide you with a specific product. Such personal data will be used for our management and administrative use only. We will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately. Nondisclosure of such personal data automatically means that we are no longer able to offer you our specialty products and insurance services.
Furthermore, we may gather some of your data, including further personal data, that is transferred to us voluntarily based on a claim and/or complaint procedure under an existing insurance policy. In such a case we endeavour to process such data only for the purpose of handling the claims procedure.
2.4. Direct Marketing
We may use personal information of our existing business partners such as brokers and clients to contact them from time to time by e-mail with details about other related insurance products or services offered by Polaris Corporate Solutions GmbH which we think will be of interest to them in order to provide them with a personalised service and to give them details of our related services / offers.
Insofar your data is processed on the legal basis of legitimate interest as stated above, you shall have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data. You have the right to object to the processing of your personal data for marketing purposes without giving reasons. Insofar other purposes apply we shall no longer process the personal data on this legal basis unless we demonstrate compelling legitimate grounds for the processing which overrides your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. The storage or processing on other legal bases also remains unaffected by your objection.
You may at any time with future effect object to processing of your data for direct marketing by informing us about your wish on any given contact details as follows: firstname.lastname@example.org, +43 (0) 664 882 99 128 or any other given contacts on our website.
3. Transfer of Personal Data
We will disclose your information to third parties outside the Polaris Corporate Solutions GmbH such as to our capacity providers and Lloyd's and their reinsurers only for the purpose of obtaining professional advice, sharing information with them, providing our services to you and for the purposes of associated administration. We will not sell, rent or trade your personal information to third parties outside the Polaris Corporate Solutions GmbH for marketing purposes.
Personal data of our business partners such as brokers and our clients that we collect and store might be shared with Lloyd's syndicates and Lloyd's brokers as applicable based on the Binding Authority agreement that regulates our role as a Coverholder at Lloyd's. Furthermore personal data of our clients might be shared with their insurance brokers who act as data controllers and who dispose with an adequate legal ground for processing of clients' data based on their business relationship with such clients. In such a case we will make sure to enter into a special agreement with any such third party.
Furthermore we may submit your personal data to the following recipients:
- when required by law;
- to a buyer or a potential future buyer of our business; and/or
- to specialized service providers appointed by us who provide services connected to this website, its functions or our core business, but only to the extent it is necessary in order to provide these services (for example provider(s) of cloud-based services, IT service provider(s) which hosts, develops and offers support for this website and our information security system).
Such service providers are carefully selected and regularly monitored by us. Based on respective data processor agreements, they will only process personal data upon our instruction and strictly in accordance with our directives.
4. Retention Periods
We store your personal data as long as it is necessary to fulfil the purpose for which the data have been collected. This means that we permanently delete or efficiently anonymise your personal data when such data are no longer necessary to process your request or an order, or to administrate our client relationship. We will, in any case, retain your personal data for as long as there are statutory retention obligations or potential legal claims are not yet timebarred.
All business data such as data provided to us based on your inquiry or due to our business relationship with you are stored as long as it is necessary to facilitate our services and to foster our business relationship with you. However, some data may be stored for longer periods of time due to our legal obligation based on Austrian legal order (e.g. business data, accounting and financial data pursuant to § 212 Austrian Commercial Code (UGB) and §132 Austrian Federal Fiscal Code (BAO) for seven years). Data gathered from insurers and insured persons for the purpose of concluding insurance policies may be stored for the duration of statutory limitation periods to file claims under such policies or in case of any potential claim, throughout the claims procedure (e.g. pursuant to Austrian Civil Code (ABGB) and Austrian Insurance Act (VersVG)).
5. Processing of Data Outside the EU / the EEA
Your data will in part also be processed in countries outside the EU and/or the EEA, which may have a lower data protection level than the European countries (for example in cases where our clients' brokers are situated in countries outside the EU / the EEA or in cases of our cloud-based providers). In such cases, we will ensure that a sufficient level of protection is provided for your data, e.g. by concluding specific agreements with our contractual partners that use standard contractual clauses approved by the European Commission to ensure a sufficient level of protection for your personal data (copy available on request), or we will ask for your explicit consent to such processing.
We commit to take appropriate measures to protect all personal data transferred to any such third countries, in accordance with applicable data protection Acts and as stated above.
7. Information Regarding Data Subjects’ Rights
The following rights are in general available to data subjects according to applicable Acts:
- right of information about personal data stored by us (for example the right to request information on how personal data are processed and what personal data are processed about you);
- right to data access and to data portability (you are entitled to request the personal data that are processed based on your consent or on a contract in a machinereadable format which you are entitled to transfer directly to another data controller);
- right to request rectification of inaccurate or incomplete personal data,
- right to erasure / right to be forgotten (however, please note that deletion could mean that we cannot process requests or orders placed by you),
- right to restriction of processing in particular where (i) you contest the accuracy of your personal data; (ii) the processing is unlawful and you oppose the erasure of your personal data; (iii) we no longer need personal information for the purposes of the processing, but you require the information for the establishment, exercise or defence of legal claims; or (iv) you have objected to the processing and pending the verification whether our legitimate grounds override yours;
- right to object to a processing for reasons of our own legitimate interest, public interest, or profiling, unless we are able to proof that compelling, warranted reasons superseding your interests, rights and freedom exist, or that such processing is done for purposes of the assertion, exercise or defense of legal claims;
- right to file a complaint with a relevant data protection authority. For Austria: Österreichische Datenschutzbehörde, Wickenburggasse 8, 1080 Wien, telefon: +43 1 52 152-0, e-mail: email@example.com.
If processing of personal data is based on your consent, you have the right to revoke your consent to the collection, processing and use of your personal data at any time. The withdrawal will not affect the lawfulness of the processing carried out before you withdraw your consent.
There may be conditions or limitations to your rights. It is therefore not certain for example you have the right of data portability in the specific case - this depends on the specific circumstances of the processing activity.
Please note that we may ask you to verify your identity before taking further action on your request.
If you still have any concerns about data privacy or security, the handling of your personal data or you wish to exercise any of your above described rights, please contact us at your earliest convenience on firstname.lastname@example.org, +43 (0) 664 882 99 128 or to any other given contacts on our website.
Last updated: May 25, 2018