Austria
Belgium
Denmark
Estonia
Finland
France
Germany
Greece
Iceland
Ireland
Italy
Liechtenstein
Netherlands
Norway
Poland
Portugal
Spain
Sweden
Switzerland
Turkey
United Kingdom
Australia
Fiji
Hong Kong
India
New Zealand
Indonesia
Japan
Malaysia
Philippines
Singapore
Thailand
Brazil
Chile
Colombia
Mexico
Peru
USA
Bahrain
Israel
Morocco
Oman
UAE
Saudi Arabia
Tanzania
Privacy Notice for the Telephone Customer Service Digital Assistant Service
This notice concerns the processing of personal data carried out in the context of the telephone customer service provided through an Artificial Intelligence digital assistant of HOWDEN HELLAS INSURANCE AND REINSURANCE BROKERS S.A., for the support of insured persons and beneficiaries under a group health insurance policy.
The service is designed to provide information and procedural guidance regarding the group health plan, to facilitate the handling of callers, and to contribute to the documentation and quality of communications. The digital assistant does not make insurance decisions, does not approve or reject coverage, does not assess entitlement to compensation, and does not replace human judgment in cases requiring individualized or complex assessment.
1. Data Controller
The Data Controller for the processing of personal data within the scope of this service is HOWDEN HELLAS INSURANCE AND REINSURANCE BROKERS S.A., which determines the purposes and essential means of processing.
For any matters relating to the protection of your personal data, you may contact the Data Protection Officer of Howden Brokers at: [email protected]
2. How the Digital Assistant Service Operates
At the start of the telephone call, you are informed that you are communicating with “Athena”, the digital assistant of Howden Brokers, and that your call is recorded for the purposes of policy servicing, service quality, and documentation of communication.
The digital assistant uses natural language processing and voice interaction technologies to understand your request and provide informational or procedural responses. You are informed at the outset that you are interacting with a digital assistant, so that you are aware from the beginning that the initial interaction takes place with an Artificial Intelligence system.
This operation is consistent with the transparency approach of Regulation (EU) 2024/1689 on Artificial Intelligence, which provides that natural persons must be informed when they are interacting directly with an AI system, unless this is obvious from the circumstances and context of use. The specific obligation under Article 50 of the AI Act applies from 2 August 2026; however, HOWDEN HELLAS INSURANCE AND REINSURANCE BROKERS S.A. already applies this transparency practice from the launch of the service.
3. What Personal Data We Process
Within the framework of the service, we may process personal data that you provide during the call or that arise from the telephone communication. Such data may include identification details (such as full name, date of birth, relationship with the employer or the group policy), contact details, and other information necessary for serving your request.
Given that the service is provided by telephone, we also process your voice through call recording, the content of the communication, call transcripts, and basic call metadata, such as date, time, duration, routing technical data, and indication of successful or unsuccessful completion.
Due to the nature of group health insurance, information relating to your health or the health of another insured person or beneficiary may be disclosed during the call. Such information constitutes special categories of personal data under Article 9 GDPR and is subject to enhanced protection safeguards.
You are advised not to disclose more medical details than strictly necessary for handling your request. In cases involving emergencies, complex coverage issues, specific medical procedures, pre-existing conditions, complaints, or explicit requests to speak with a representative, the communication may be escalated to a human operator.
4. Purposes of Processing
HOWDEN HELLAS INSURANCE AND REINSURANCE BROKERS S.A. processes your personal data for the following purposes:
- servicing you in the context of the group health insurance policy,
- providing information and procedural guidance regarding the plan,
- identification or verification of your relationship with the group policy,
- recording and documenting communications,
- ensuring service quality,
- handling complaints or disputes,
- ensuring the security and proper operation of the service.
Call recording and transcription are used exclusively for service, quality assurance, and documentation purposes. They are not used for training, fine-tuning, benchmarking, or improving Artificial Intelligence models of HOWDEN HELLAS INSURANCE AND REINSURANCE BROKERS S.A., TECHMELLON, or third-party providers.
5. Legal Basis for Processing
For ordinary personal data, processing is primarily based on the legitimate interests of HOWDEN HELLAS INSURANCE AND REINSURANCE BROKERS S.A., pursuant to Article 6(1)(f) GDPR, namely the organization and provision of efficient telephone support, service quality assurance, and documentation of communication.
Where processing is necessary for the provision of services related to the group policy or to contractual obligations, it may also rely on Article 6(1)(b) GDPR.
For health data, processing is carried out only insofar as necessary for servicing, documenting, or managing requests related to the group health insurance policy, and in accordance with Article 9(2) GDPR. Where applicable, processing may also be necessary for the establishment, exercise, or defense of legal claims pursuant to Article 9(2)(f) GDPR, or for insurance servicing purposes strictly to the extent necessary.
The company takes measures to limit the collection of health data to what is strictly necessary and to avoid extensive medical disclosures via the digital assistant.
6. Access to Your Data
Access to personal data processed within this service is granted only to authorized personnel of HOWDEN HELLAS INSURANCE AND REINSURANCE BROKERS S.A. and to cooperating service providers acting on its behalf, where necessary for the provision, support, security, and documentation of the service.
TECHMELLON acts as a Data Processor on behalf of HOWDEN and provides the technological infrastructure and support of the digital assistant. Sub-processors or technology providers (such as cloud, voice processing, telephony, and routing providers) may also be used, under appropriate contractual data protection safeguards and instructions.
Groupama, where involved as insurer or claims handler, acts as an independent Data Controller for its own processing activities. Any transfer or referral to Groupama takes place only where necessary for handling the relevant insurance matter.
7. Data Storage and Transfers Outside the EEA
According to the technical architecture of the service, data are stored in cloud infrastructure located within the European Economic Area (EEA).
No transfer or storage of data outside the EEA is envisaged within this service. Should this change in the future, HOWDEN HELLAS INSURANCE AND REINSURANCE BROKERS S.A. will ensure appropriate GDPR safeguards and update this notice accordingly.
8. Data Retention
Data collected through the service are retained only for as long as necessary for the purposes for which they were collected, namely servicing the policy, service quality, communication documentation, service security, and handling complaints, disputes, or legal claims.
Recordings, transcripts, metadata, and logs are retained for periods defined in accordance with the company’s data retention policy and the storage limitation principle.
Proposed final wording (subject to confirmation):
“Call recordings and transcripts are retained for a period of six (6) months from the date of the call, unless longer retention is required for handling a request, complaint, dispute, or for the establishment, exercise, or defense of legal claims. Technical logs are retained for six (6) months for security, access control, and technical support purposes.”
After the retention period, data are securely deleted or anonymized, unless further retention is required by law or for legal claims.
9. Use of Data for AI Training
No. Recordings, transcripts, interaction data, logs, or other data generated through the service are not used for training, fine-tuning, benchmarking, or improving Artificial Intelligence models of HOWDEN, TECHMELLON, or third parties.
Processing is strictly limited to service provision, policy servicing, quality assurance, documentation, and operational security.
10. Automated Decision-Making
No. The digital assistant does not engage in automated decision-making within the meaning of Article 22 GDPR.
It does not approve or reject coverage, assess compensation eligibility, evaluate risk, price policies, classify insured persons, or make decisions producing legal or similarly significant effects.
Cases requiring human judgment are escalated to a human operator.
11. Security Measures
HOWDEN and its partners implement appropriate technical and organizational measures to protect personal data, taking into account the nature of the service and the potential processing of health data.
Measures include:
- access restriction to authorized personnel,
- least privilege principle,
- authentication and access control mechanisms,
- logging of access and technical events,
- secure cloud infrastructure,
- contractual confidentiality and data protection clauses,
- procedures for handling data subject requests and security incidents.
12. Your Rights
You have the right to request:
- access to your personal data,
- rectification of inaccurate or incomplete data,
- erasure,
- restriction of processing,
- objection to processing,
- data portability (where applicable).
You also have the right to lodge a complaint with the competent supervisory authority, namely the Hellenic Data Protection Authority, if you believe your data protection rights are violated.
For exercising your rights or any inquiries, you may contact: [email protected]
The company will respond in accordance with GDPR requirements and deadlines.
13. Updates to this Notice
This notice may be updated in case of changes to the service, processing purposes or means, data categories, recipients, processors, retention periods, or applicable regulatory framework.
The current version will always be available on the website of HOWDEN HELLAS INSURANCE AND REINSURANCE BROKERS S.A..