PRIVACY POLICY

1. GENERAL
This Policy is a privacy statement and aims to inform you on: how we collect, use and disclose your
personal data, the purpose for processing and your legal rights as data subjects pursuant to the General
Data Protection Regulation (EU) 2016/679 (GDPR) and the Protection of the Personal Data Processing
Act 2018.

In accordance to the mentioned Regulation ‘personal data’ means any information that can identify
(directly or indirectly) a natural person e.g. full name and an address or an ID number.

2. WHO ARE WE
Cynosure Insurance Consultancy, Agency & Sub-Agency (Cyprus) Ltd and Stelios Kaparis are
licensed insurance intermediaries registered in the Registers of Insurance Intermediaries of Cyprus
under license numbers 5402 & 5314 respectively. Their office is at 7-9, Georgiou Seferi Street, shop 1,
1076 Nicosia.

3. HOW WE PROCESS YOUR PESONAL DATA
We collect and process different types of personal data which we obtain from you through the ‘Proposal
Form’ and/or other insurance forms in accordance to the explicitly and freely given consent that you
have given us. We may also collect personal data from other publicly available sources (e.g. the Internet)
which I lawfully obtain and are permitted to use.

4. WHAT PERSONAL DATA WE COLLECT
If you are a client, a prospective client, an insured person or a beneficiary in an insurance policy, the
personal data we collect may include:

Full name, home address, contact details, date of birth, ID or passport, profession, marital status,
number of family members, personal income and expenses, assets, bank account or credit card number,
residence address, height, weight and health conditions.

If you are a candidate employee, the personal data we collect may include: full name, contact details,
academic qualifications, work experience and other information voluntarily given to us through your CV.

If you are a current or a former employee, in furthermore to the above-mentioned, we may additionally
collect: place and date of birth, marital status, social insurance number and contributions,
remunerations, health conditions and bank account number.

5. WHY WE PROCESS YOUR PERSONAL DATA AND ON WHAT LEGAL BASIS
We are committed to protecting your privacy and handling your data in a transparent manner and as
such we process your personal data in accordance with the GDPR and the data protection statute law
for one or more of the following reasons:

A. Contract necessity
We process personal data on behalf of the insurance companies: Metlife, A.I.G., C.N.P. Asfalistiki,
Ydrogios, Cosmos and Allianz Hellas as well as two international insurance brokerage companies

Howden in order to enter into contract, to amend a policy, to handle a claim or any other contract
performance.

B. Legal obligation
There are some legal obligations arising from relevant laws and statutory requirements. In addition
there are various supervisory authorities like the Insurance Companies Control Service which may
impose on us necessary personal data processing e.g. the insurance analysis.

C. Legitimate interest
We process personal data to safeguard legitimate interests pursued by ourselves or by a third party.
Legitimate interest occurs when we have a business or commercial justifiable reason to process your
personal data, as long as this is necessary and is not unfair for you.

D. Consent
Provided you have given us your written specific consent, then the lawfulness of such processing is
based on that consent. You have the right to withdraw or restrict your consent at any moment.
Concerning the separate consent you may have given to the insurance company, you should contact the
insurance company directly.

6. WHO RECEIVES YOUR PERSONAL DATA
As processors we share your personal data with the above-mentioned insurance companies so that they
can provide insurance cover for you.

For employees only: we transmit your personal data to the Social Insurance pursuant to the labor law.

7. COMMERCIAL PURPOSES
Provided you have given us your specific consent, we may process your personal data in order to inform
you about products, services and offers that may be of interest for you. This communication may
continue even when you cease to be our client, however you may us to stop doing so at any time.

8. HOW LONG WE KEEP YOUR PERSONAL DATA FOR
We shall keep your personal data for as long as you remain our client. Upon termination of this
relationship, we erase all relevant information within 13 months, unless there is a justifiable reason not
to do so.

In case you have filed a claim to your insurance company through us, we keep your personal data until
the settlement of your claim.

Concerning candidate employees, we erase all relevant information within 6 months after job
application.

Concerning former employees, we erase all relevant information within 2 years after employment
termination.

9. YOUR DATA PROTECTION RIGHTS
Right to be informed. You have the right to be informed about the collection and use of your
personal data.

  • Right of access. You may ask for a free copy of your personal data that is being used.
  • Right of rectification. You may ask to erase or rectify inaccurate or incomplete personal data.
  • Right to erasure (right to be forgotten). You may ask us to erase your personal data, as long as
    there is no justifiable reason for us to continue to do so.
  • Right to restrict processing. You can ask us to restrict the purposes of your personal data processing.
  • Right to object to processing. You have the right to object to processing when we rely on a
    legitimate interest. In such a case we shall stop processing your personal data unless we prove
    that compelling legitimate grounds override your rights and freedoms.
  • Right to data portability. You can also ask us to transfer your personal data directly to another
    business.
  • Right to withdraw consent. You may withdraw the consent you have given us at any time.
  • Right to report a complaint. If you have concerns about the way we use your personal data, you
    may contact our Data Protection Officer (DPO). You also have the right to report us to the
    Commissioner of Personal Data Protection through the website http://www.dataprotection.gov.cy.

10. HOW TO COMMUNICATE WITH US
If you wish to exercise any of the above rights, ask any question and/or request any clarifications
concerning the way we use your personal data, you may contact our DPO by email at
[email protected] or by post: 7-9, Georgiou Seferi Street, shop 1, 1076 Nicosia.