DATA PROCESSING RESPONSIBLE
- Owner: COSTA SERRA, S.L. (hereinafter, “The Brokerage”)
- Registered Office: Carrer de Baldomer Solà, 1, 08912 Badalona
- CIF: B60268208
- Phone: 933 995 718
- Email: info@costaserra.com
PERSONAL DATA COLLECTED AND PROCESSED
The personal data we collect and process are obtained directly from you or your legal representative, through forms, communications with us via postal mail, phone, email, WhatsApp, or any other means
All the information you provide must be truthful, and you will be responsible for the accuracy of the data you communicate to us. Furthermore, you must keep the information up to date so that it always reflects your actual situation. In any case, the person providing the information will be solely responsible for any false or inaccurate statements made and the damages that may arise to THE BROKERAGE or third parties
due to the information provided.
If you provide information about other people, you must obtain their consent. This applies to all data, and particularly to sensitive data, such as those related to administrative penalties. By providing us with data about other individuals, you confirm that you have their permission and that they understand how their information will be used.
The personal data we may collect and process about you include:
- Identifying Data: Name, address, email, phone numbers, gender, marital status, date and place of birth, nationality, family details (e.g., in the case of additional drivers linked to the policy), ID card, passport, driver’s license, vehicle registration, vehicle brand and model, vehicle purchase date, vehicle ownership, existence of leasing or bank credit on the vehicle, call recordings, etc. Navigation data from our website (e.g., IP address).
- Financial Information: Bank account details or payment card, or other secure payment methods (e.g., PayPal).
- Risk Details: Information we need to collect to assess the risk of the coverage being requested and provide quotes from insurance companies that best fit your needs. This may include driving license suspensions, claims history with/without responsibility, cancellations by another insurer, use of the vehicle (personal or business). For classic car insurance, the current mileage of the vehicle.
- Credit and Fraud Prevention Data: Credit history, penalties and criminal offenses, and information received from various anti-fraud databases related to you (credit reference agencies – assets and credit solvency files).
- Service Information: Information about the quotes you receive and the policies you contract.
- Claim Advice: Existence or not of bodily injuries in the event of an accident (this information is only collected to assist the policyholder in managing the claim with the insurance company, without collecting information on the nature and extent of the injuries).
- Previous and Current Claims: Information on previous and current claims (including other unrelated insurances), which may include personal data.
- Special Categories of Personal Data: Data related to sanctions and criminal convictions.
- Marketing and Communication Data: Your consent and preferences regarding receiving our commercial communications and those of third parties, as well as your communication preferences
- Statistical and Demographic Data: We also collect, use, and share aggregated data, such as statistical or demographic data, for any purpose. Aggregated data may be derived from your personal data but is not considered personal data under the regulations since such data does not directly or indirectly reveal your identity.
Purposes for Which We Collect and Process Your Personal Data:
We will only use your personal data for the purposes for which they were collected, unless we reasonably believe that we need to use them for another reason that is compatible with the original purpose.
If we need to use your personal information for unrelated purposes, we will notify you in advance and explain the legal basis that allows us to do so.
- Commencement of Brokerage Relationship
Acquisition of client status.
Assessing the risks to be covered and determining the appropriate policy/premium.
Providing objective advice on the different insurance products that best meet your needs.
Detecting and preventing fraud.
If applicable, managing the premium payment to the insurance company.
- Policy Administration
Customer service, including communication through any medium and sending updates or other communications related to your policy.
Managing payments.
Performing quality controls in relation to the services provided regarding the contracted insurance.
- Claims Handling and Management
Managing insurance and reinsurance claims.
Defending claims before the insurance company.
Advising on exercising or defending claims of any type that may arise from the
contractual relationship.
Fraud investigation.
- Renewals
Contacting the insured/policyholder to renew the insurance policy.
Providing objective advice to you as a client on the different insurance products
that best meet your needs.
If applicable, managing the premium payment to the insurance company.
- Other Purposes Outside the Insurance Life Cycle, but Necessary for Its
Provision During the Entire Life Cycle
Complying with our legal and regulatory obligations.
- Marketing and Advertising
To make suggestions and recommendations about products, services, or
offers directly related to the insurance sector that may
interest you.
To offer information related to contests, promotions, events, or
similar.
To make suggestions and recommendations on topics indirectly related to insurance, such as health, automotive issues, or any other current topic.
We collect your personal data through the following means:
- Our website (including the use of cookies).
- Telephone (call recording).
- Email.
- Price comparison websites for insurance that you have accessed
seeking quotes.
- Forms
- Trade fairs and/or events organized on the sector.
- Publicly accessible sources.
Legal Bases for Processing Your Data
Legal Bases for Processing Your Data The legal bases that justify the processing of your data for the specified purposes are as follows:
Explicit Consent
You have given your explicit consent for the processing of this personal data for one or more specific purposes, where we cannot obtain, provide, or manage insurance coverage without this consent.
You are free to withdraw your consent by contacting our Data Protection Officer. Withdrawing this consent may affect our ability to enter into or manage an insurance contract or assist with claims payments.
Contractual Performance
The processing is necessary for the celebration and/or execution of a contract towhich you are a party.
Compliance with Legal Obligation
The processing is necessary to comply with a legal obligation to which we are subject
Public Interest
The processing is necessary for the performance of a task carried out in the public
interest.
Legitimate Interests
The processing is necessary for the legitimate interests pursued by LA CORREDORIA or a third party, except when these interests are overridden by your interests or fundamental rights and freedoms, which require the protection of personal data.
Legal Claims
The processing is necessary for the establishment, exercise, or defense of legal
claims, or when the courts are exercising their jurisdiction.
RETENTION PERIOD FOR YOUR PERSONAL DATA
We will keep your personal data only for as long as necessary for the purposes for which it was originally collected.
We must retain the data while there is a possibility of a legal claim under the umbrella of the insurance contracted by both parties or when required to retain your personal data for legal or regulatory reasons (Insurance Contract Law, Law on the Organization and Supervision of Private Insurance, Law on Mediation in Private Insurance and Reinsurance, Distance Marketing of Financial Services for Consumers, Civil Liability and Motor Vehicle Insurance Law, distribution regulations, and any other applicable laws).
However, the data will remain in a state of blocking for the periods specified by the aforementioned regulations, in order to address any responsibilities that may arise. After these periods, we will proceed with their deletion, unless the interested party has authorized the processing for specific purposes during a longer period.
In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes. In this case, we may use this information indefinitely without prior notice.
Communication of Your Personal Data to Third Parties
We may share your personal information with the third parties listed below for the strict purposes described in this Privacy Policy.
You can contact us to obtain more information about the communication of your
personal.
The third parties listed below will only use your personal information under our strict instruction and are obligated to ensure that appropriate security measures are implemented.
- Insurance companies
- Reinsurance companies
- Providers of anti-fraud and sanctions databases
- Credit reference agencies – credit and solvency files
- In case of client delinquency, LA CORREDORIA may transfer your data to companies responsible for debt collection in compliance with applicable regulations
- IT service companies to insurance companies
- Professional advisors including auditors, lawyers, tax advisors, experts, and
media sales agencies - Claims managers
- Third parties involved in claims/investigations/legal proceedings
- Private investigators
- State Security Forces and Corps
- Judges, Courts, and other public administration bodies
- System and IT administration service providers
- Event organizers, exhibitors at events, and any other third party involved in the organization or contribution to LA CORREDURIA events
- Communication platforms and marketing/advertising companies
- Banks/savings banks
- Telephone service providers used as part of Customer Service
- Satisfaction survey entities
- Software/system providers
- Directorate-General for Insurance and Pension Funds or other public authorities with competence in the matte
- Public authorities with authority over us or you, such as when there is a court order, legal obligation, etc.
International Data Transfers
Currently, LA CORREDURIA does not perform any international transfer of personal data
outside the European Union.
However, should this take place in the future, we want to ensure that your data is stored and transferred securely. Therefore, we will only transfer data outside the European Union when the data protection legislation is complied with, and the transfer methods provide adequate guarantees concerning your data, such as:
- Through a data transfer agreement incorporating the standard contractual clauses established by the European Commission for transferring personal data from controllers in the EEA to controllers and processors in territories without adequate data protection laws
- Under the EU-U.S. Privacy Shield framework for the transfer of personal data from entities based in the EU to entities located in the United States or another equivalent agreement concerning other territories
- Transferring data to countries where the European Commission has adopted an adequacy decision regarding the level of protection provided by their laws.
- When necessary for the formalization or execution of a contract between us and a third party, and the transfer is in your interest for the purposes of this contract (for example, if we need to transfer data outside the EEA to fulfill our obligations under the contract if you are our client).
- When you have given your consent for the data transfer.
To ensure your personal data receives an adequate level of protection, we will implement the appropriate procedures along with the third parties with whom we exchange your personal data to ensure that these third parties process this information in a manner consistent with data protection laws and respect them.
Profile Building and Automated Decision-Making
When calculating insurance premiums, insurance market participants (insurers and reinsurers) may compare your personal data with industry averages/statistics. Your personal data may also be used to create future industry averages/statistics. This is known as “profile building” and is used to ensure premiums reflect the risk.
We may also process your data to create a commercial profile based on your personal preferences, allowing us to offer you insurance products via any means, including electronic channels and social media.
Insurance market participants could make decisions based on the profile without human intervention (known as automated decision-making). In this case, participants in the insurance market will provide details of any automated decision in their information notices (and upon request), including:
- Where they use automated decision-making
- The logic applied
- The consequences of automated decision-making
- The right to obtain human intervention, express your point of view, receive an explanation of the decision made after evaluation, and challenge it.
Security Measures for Personal Data
We have implemented the appropriate technical and organizational security measures to prevent your personal data from being lost, used, or accessed in an unauthorized manner, altered, or disclosed, in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons regarding the processing of personal data, as well as
Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights, and other applicable sectoral regulations
Additionally, we have established procedures to address any suspected personal data security breach. If this occurs, we will notify you and the relevant regulatory entity (Spanish Data Protection Agency).
However, any transmission of data made over the internet is at your own responsibility and risk, so we encourage you to take all precautions to protect your personal information while online.
Your Rights
You may freely exercise your rights of Access, Rectification, Deletion,
Objection, and Limitation of the processing of your data, as well
as portability of your data and not to be subject to a decision based solely on automated processin
, including profiling.
Specifically, you have the right to:
- Obtain further details about the use of your
- personal data/category of special data.
- Access your personal data, even obtaining a copy of the personal information
- you have provided us.
- Request that any inaccuracies in your personal data be updated.
- Request the deletion of any special categories of personal data/personal data that
no longer have a legal basis for use. - When the processing is based on explicit consent, withdraw the consent given (without retroactive effects), to cease processing based on that consent.
- Object to any processing based on legitimate interest, unless our reasons for processing override any harm to your data protection rights
- Restrict the way we use your personal data while investigating a complaint.
- Receive your personal data in a structured, commonly used electronic format and
transmit it to another controller. - Request to unsubscribe from receiving commercial communications
In certain circumstances, we may be required to restrict the aforementioned rights to safeguard public interest (for example, the prevention or detection of crimes) and our interests (for example, maintaining legal privilege).
Exercising these rights is a personal matter; therefore, to exercise them, you will need to verify your identity or that of your Legal Representative. If we do not properly verify your identity or there are doubts regarding the exercised right, we will contact you to clarify these details.
If you wish to exercise any of the aforementioned rights, please contact us at the addresses provided above, attaching your signed and dated request, along with a valid identification document and an address for notifications