Austria
Belgium
Denmark
Estonia
Finland
France
Germany
Greece
Iceland
Ireland
Italy
Liechtenstein
Netherlands
Norway
Poland
Portugal
Spain
Sweden
Switzerland
Turkey
United Kingdom
Australia
Hong Kong
New Zealand
India
Indonesia
Japan
Malaysia
Philippines
Singapore
Thailand
Brazil
Chile
Colombia
Mexico
Peru
USA
Bahrain
Israel
Morocco
Oman
UAE
Saudi Arabia
Tanzania
Privacy notice regarding the processing of personal data
Data Controller
Company Name: HOWDEN HELLAS INSURANCE AND REINSURANCE BROKERS S.A.
Address: 1 Kifisias Avenue, Ampelokipoi–Athens, Attica, 11523
GEMI Number: 069057903000
VAT Number: 999510910
Telephone/Email: 2103390356, [email protected]
In this notice, references to “the Company”, “we” or “us” refer to HOWDEN HELLAS INSURANCE AND REINSURANCE BROKERS S.A., including its affiliated companies and subsidiaries. References to “you” mean our customers and specifically the natural person whose personal data is being processed.
This notice is provided in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and explains what personal data we may collect from you when providing our insurance intermediation services, the purposes for which we use it, your rights, and the procedures we implement for its processing. Our aim is to provide services of the highest quality while prioritizing your privacy, the security of your personal data, and full compliance with applicable European and national data protection laws.
Personal Data We Collect and Process
We collect and process personal data concerning you that is included in your application for the provision of insurance intermediation services, in supporting documents and evidence, in your insurance policy, as well as in any other documents you may provide to us in the course of our cooperation.
You provide your personal data voluntarily, either directly or through other natural or legal persons acting on your behalf under your instructions/authorization (e.g. relatives, employers, or other persons you have designated).
Depending on the type of insurance and the nature of your request, the personal data may include:
- Identification data: name, surname, date of birth, ID/passport number, Social Security Number, Tax Identification Number, occupation, etc.
- Contact data: telephone number, email address, postal address.
- Payment data: bank account numbers and beneficiaries, Tax Identification Number.
- Health data (special categories of personal data): medical history, medical reports, and supporting documentation.
- Financial data: income, assets, etc.
Purpose and Legal Basis of Processing
The Company processes your personal data for one or more of the following purposes:
A. Handling your request for insurance intermediation services (pre contractual stage)
We process your personal data when you submit an insurance application and when completing questionnaires used to assess your insurance needs.
Legal basis: carrying out pre contractual steps at your request.
B. Provision of insurance intermediation services (contractual stage)
This includes managing your insurance contract throughout its duration or after its termination, including handling claims in the event of an insured event.
Legal basis: performance of the insurance contract for which we act as intermediary on behalf of the relevant insurance company.
For life and health insurance, when health related personal data is involved, your explicit consent is required under Article 9 GDPR. If you do not provide consent, we cannot process your request. Consent may be withdrawn at any time; however, withdrawal may prevent us from servicing your insurance related requests.
C. Provision of advisory insurance intermediation services
We process your data to respond to advisory requests related to the insurance product you have selected or wish to select.
Legal basis: performance of the insurance contract.
D. Compliance with the Company’s legal and tax obligations
We process personal data during and after our cooperation to ensure compliance with applicable insurance, tax, and anti money laundering/anti terrorist financing laws.
Legal basis: compliance with legal obligations.
E. Handling a request or complaint
We process your data to review and respond to any requests or complaints submitted by you.
Legal basis: compliance with legal and regulatory obligations.
F. Marketing activities
If you have provided explicit consent in the pre contractual information form, we may use your contact details to inform you about marketing activities, new services, and products.
Legal basis: your consent, which may be withdrawn at any time.
Recipients
Personal data is collected and processed by duly authorized employees and associates of the Company solely for the purposes described above. Recipients may include:
a) other Howden Group companies located in Greece, within the EU, and in the United Kingdom,
b) legally operating insurance companies in Greece or within the EU, and possibly insurance intermediaries cooperating with the Company,
c) public authorities such as the Bank of Greece (our supervisory authority), judicial authorities, etc., following a lawful request and only where necessary to safeguard legal rights or fulfil legal obligations,
d) external advisors (legal, accounting), courier services, and IT system development/maintenance providers, always under confidentiality obligations.
In all cases, only the minimum necessary data will be shared and always under lawful processing conditions.
Transfers of Personal Data to Third Countries Outside the EEA
As a rule, we do not transfer your data outside the European Economic Area (EEA). If such transfer is required for the provision of our services (including transfers to the United Kingdom), it will only occur if:
- the European Commission has issued an adequacy decision for the country concerned, or
- appropriate safeguards are in place (e.g., Binding Corporate Rules, Standard Contractual Clauses).
Data Security
The security of your personal data is an absolute priority. We implement appropriate technical and organizational measures and regularly review them, including:
- protection against unauthorized access and misuse,
- ensuring the integrity of our information systems.
Indicative measures include CCTV in critical areas, firewalls, antivirus and antimalware software, multi factor authentication, and encryption where applicable.
Your Rights
Under the GDPR, you have the right to:
- Access: obtain information about your personal data and how it is used.
- Rectification: correct inaccurate or incomplete data.
- Erasure (right to be forgotten): request deletion under certain conditions.
- Restriction: request limitation of processing if you contest accuracy.
- Data portability: request transfer of your data to another provider, where technically feasible.
- Objection: object to processing based on reasons related to your personal circumstances.
Please note that exercising the rights to erasure, restriction, or objection may make it impossible for us to provide insurance intermediation services.
Requests must be submitted in writing and signed. Within 30 days, we will either satisfy the request or inform you of the lawful reason preventing its fulfilment.
You may contact our Data Protection Officer (DPO):
Email:[email protected]
Telephone: (+30) 2103390356
You may also send a written letter to the Company’s postal address.
If you are not satisfied with how we process your personal data or with our response, you have the right to lodge a complaint with the Hellenic Data Protection Authority:
Website:www.dpa.gr
Address: 1–3 Kifisias Avenue, 115 23, Athens
Telephone: +30 210 6475600
Email: [email protected]