This policy may be updated from time to time taking into account updated laws and subject to change in technology and our operations.
All personal information held by us will be governed by our most recently updated policy.
A current version of this policy will be published on our website or can be obtained free of charge upon request.
The nature of the personal information we may collect from you includes:
• identity particulars, including the following: your name, address, date of birth, nationality, telephone number, email and occupation;
• your bank account details;
• medical condition (including diagnoses, medical history and treatment plans);
• information we collect from providing you with our services;
• records of your communication with us; and
• information in relation to any insurance policy or insurance claim.
Collecting personal information is essential for us to effectively conduct and manage our business functions and activities. We will only collect your personal information for the primary purposes of our business functions and activities. These purposes include:
• to assess eligibility of the policy holder;
• to assess if a claim falls within the scope of insurance cover;
• to assess the quality of the medical treatment rendered;
• to provide you with assistance and claims handling service in connection with travel and expat health insurance;
• carrying out claim assessments, claims processing, settlement and guaranteeing of both medical and non medical claims for policy holders and members under a set of policy conditions;
• communicating with you;
• responding to your inquiries;
• meeting our legal and regulatory requirements; and
• conducting and improving our business relationship with you.
How we collect Information
Your personal information is collected by lawful and fair means, and where practicable, we will collect your personal information directly from you. We may also collect your personal information from other persons who are authorised to act on your behalf.
We may obtain personal information over the phone, by fax, by email and in hard copy format.
We may also receive information collected from insurance companies and assistance companies helping you on behalf of your insurer or other agencies so that we can provide our services to you. We will collect personal information about you only if you contact us or if we are instructed to do so by your insurance company or by an assistance company helping you on behalf of your insurer.
In order for us to collect and hold personal information, we may also, as required, request a signed “Consent for Release of Personal Information Form” from you.
We will only use and disclose your personal information in limited circumstances, including:
• for the primary purposes for which it was collected such as those described above (i.e. for our business functions and activities);
• where you have consented to the use or disclosure;
• where required or authorised by Union or member state law, or to a court/tribunal;
• where we reasonably believe that the use or disclosure is necessary to prevent serious impact to an individual’s life, health or safety or a serious threat to public health or safety.
We will not disclose your personal information for any other secondary purpose, unless your consent has been given or as required by law and we will not sell or license any personal information that we collect from you.
We rely on you to provide us with accurate and up to date information about you. If there are any changes to your personal information during the course of dealing with us, you are responsible for advising us.
We will take reasonable steps to ensure your personal information is kept up-to-date, accurate, complete and not misleading. If you believe the personal information we hold about you is incorrect or inaccurate, you can request that we update this information by contacting our Data Protection Officer (details below).
We will correct information we hold about you if we discover, or you are able to show to a reasonable standard, that the information is incorrect or inaccurate. If you seek a correction and we disagree that the information is incorrect, we will provide you with our reasons for taking that view.
We will store the information about you for as long as it is required according to any instructions received from your insurance company or the assistance company assisting you on behalf of your insurer. These two parties are regarded as the “data controllers”. This means that we will delete the information we store about you according to the instructions from the data controllers; this includes deletion of data that can identify you in our IT systems and all hard copies in paper format containing personal information about you.
We will take reasonable steps to protect the security of your information from misuse, interference or loss by restricting access to the information from unauthorised access or disclosure.
We hold personal information electronically and in hard copy paper format. For information that is stored electronically, we take reasonable security measures to ensure that personal information is protected by firewalls, secure logon processes and encryption technologies. Hard copy information is securely stored in a lockable filing system when it is not supervised during the claim administration process.
We acknowledge that you have a general right under the EU Regulations to access the information we hold about you. However, we may not be required to provide you access to your personal information to the extent that (amongst other things):
• it’s likely that you already have the information;
• the provision of such information proves impossible or would involve a disproportionate effort;
• obtaining or disclosure is expressly laid down by Union or Member State law to which we are subject and which provides appropriate measures to protect your legitimate interests;
• where the personal data must remain confidential subject to an obligation of professional secrecy regulated by Union or Member State law, including a statutory obligation of secrecy;
• European Union or member state law hinders the disclosure of the information in order to safeguard:
a. national security;
c. public security;
d. the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security;
e. other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, including monetary, budgetary and taxation a matters, public health and social security;
f. the protection of judicial independence and judicial proceedings;
g. the prevention, investigation, detection and prosecution of breaches of ethics for regulated professions;
h. a monitoring, inspection or regulatory function connected, even occasionally, to the exercise of official authority in the cases referred to in points (a) to (e) and (g);
i. the protection of the data subject or the rights and freedoms of others;
j. the enforcement of civil law claims
You are able to request access to your personal information by contacting our Data Protection Office (details below). You may be required to pay an administrative charge for associated matters if your request is manifestly unfounded or excessive, in particular because of its repetitive character. In such case we may also refuse to act on the request. We may require up to 30 days from notice to comply with your request to access your personal information.
If we refuse your request to access the information we hold about you, we will provide you with our reason/s for doing so.
Any personal information provided to us may be transferred to, stored by or disclosed to an overseas recipient. For example, we may disclose your personal information to an insurance company and/or assistance company (as the case may be) and any such company may be located overseas. The disclosure would be for the purposes of the assessment of claim eligibility, assistance services provided, updates in relation to reserves and payments made under the relevant policy.
Your personal information may also be processed by employees or by other third parties operating outside of the European Union in countries. These employees may work for Euro-Center.
Before your information is disclosed to an overseas recipient, we will take steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach privacy laws in relation to your personal information. Such reasonable steps may include contracts containing European Union model clauses for data protection.
However, the reasonable steps may not apply, if we reasonably believe (when disclosing your personal information to the overseas recipient) that:
• the recipient of the information is subject to a law, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the European Union personal data processing principles protect the information; and
• here are mechanisms that you can access to take action to enforce that protection of your privacy.
We will take reasonable steps to determine whether or not information we receive could be unsolicited information. If we believe that information is unsolicited information, we will destroy the information as soon as practicable or ensure that it is de-identified.
If you provide personal information to us about other individuals (for our primary purposes), we rely on you to have obtained consent from the individual on these matters, and that you will comply with the obligations under the European Union personal data processing principles for the disclosure of that information to us. If you do not, you must inform us, or our agents, before you provide the relevant information. We will not be responsible or liable for any breach of the European Union personal data processing principles.
As we only process sensitive information about you upon instruction from you, your insurance company or an assistance company assisting you on behalf of your insurer, we would advise you to contact your insurance company or assistance company first if you have any questions about the data we have managed concerning you. As they have the direct relationship with you, they are likely to hold fuller and more comprehensive information about you. In addition, they would have full insight when it comes to the information we may have managed concerning you. The same applies if you wish to withdraw any consent given to us to process your personal data. Please note that withdrawal of a consent to process your personal data may render the delivery of services to you impossible. If contact to the insurance company or the relevant assistance company is not an option for you, you are welcome to contact us directly for advice.
We will ensure your concerns or complaints are handled by our Data Protection Officer in an appropriate and reasonable manner.
Euro-Center Data Protection Office:
+420 221 860 330
Data Protection Officer
Euro-Center Holding SE
186 00 Praha 8
If your concerns are not resolved to your satisfaction, you may contact the relevant Government Authority for data protection in the country in which your insurer is registered. Alternatively you may contact The Office for Personal Data Protection in the Czech Republic at https://www.uoou.cz/en and on +420 234 665 111 for further advise.