Warning: Trying to access array offset on value of type null in /data/web/virtuals/340689/virtual/www/www/wp-content/themes/petrisk/functions/templates/shared.php on line 182


Warning: Trying to access array offset on value of type null in /data/web/virtuals/340689/virtual/www/www/wp-content/themes/petrisk/functions/templates/shared.php on line 183

I. Introduction

  1. PETRISK a.s. (hereinafter also “PETRISK“) is a personal data controller and processes the personal data of its clients. Personal data serves, among other things, to uniquely and unmistakably identify each client and thus to protect their interests. However, to the extent necessary for the performance of insurance activities and for the fulfilment of the obligations imposed on us by law, the provision of such data is a condition for the conclusion of an insurance contract; without the personal data provided, we cannot conclude an insurance contract with you.
  2. PETRISK would like to inform you about how it protects your personal and insurance data. Protecting the privacy, personal data and insurance information of our clients is one of the company’s priorities.

II. Processing of personal data of the data subject

  1. The processing of personal data is governed by Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), as amended (hereinafter referred to as “GDPR “). PETRISK is the controller of personal data and the client is the data subject. For the purposes of this policy, the data subject is any natural person to whom the personal data relates, i.e. the client, policyholder, insured, beneficiaries and data subjects (“data subject“).

III. Purpose and legal titles of processing

  1. PETRISK processes clients’ personal data for the purpose of providing insurance and on the basis of the following legal titles:
    1. performance of a legal obligation, performance of a contract and legitimate interest within the meaning of Article 6(1)(a), (c), (f) GDPR,
    2. the granting of consent within the meaning of Article 9(2)(a) GDPR and Article 7 GDPR, which we request from the relevant data subject if it is necessary to process special categories of personal data, such as health data, at the pre-contractual stage; after the conclusion of the insurance contract, Article 9(2)(f) GDPR becomes the legal title for the processing of health data.

IV. Performance of legal obligation, performance of contract and legitimate interest

  1. PETRISK is entitled to process the personal data of the data subject for the performance of a legal obligation, the performance of a contract, i.e. the operation of insurance activities and as part of the activities directly resulting from it, and for the sending of commercial communications, to the extent of:
    1. personal data to the extent specified in the insurance contract, the cooperation agreement (hereinafter referred to as the “contract“) and the record of the meeting,
    2. personal data provided by the data subject to the insurer in connection with the existence of a legal relationship of insurance.
  2. PETRISK processes the personal data of the data subject in particular in the following scope: name, surname, address, date of birth, birth number, nationality, e-mail address, telephone number, as well as data on health status and data on tax residency and tax identification number (if required by special legislation).
  3. The provision of personal data is voluntary; however, it is a necessary requirement for the conclusion and performance of the contract and without the provision of personal data, the contract cannot be concluded or performed by PETRISK.

V. Method and duration of processing of personal data

  1. PETRISK processes personal data manually and in an automated manner. Personal data is thus under constant physical, electronic and procedural control and PETRISK has modern control, technical and security mechanisms to ensure maximum protection of the processed data against unauthorised access or transfer, against loss or destruction, as well as against other possible misuse. All persons who come into contact with personal data in the course of their work or contractual duties are bound by a legal or contractual obligation of confidentiality.
  2. PETRISK processes and stores personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship, and for the period for which PETRISK is obliged to store the data under generally binding legal regulations and for the duration of the limitation period for obligations arising from or related to the contract (15 years) or for which it has received consent from the data subject. Consent is given by the data subject for the period from the conclusion of the insurance contract until its withdrawal.

VI. Rights of the data subject

  1. The data subject has the right to request from PETRISK access to personal data, to have them rectified, erased or, where applicable, to restrict processing, to object to processing or to withdraw his or her consent in writing at any time and to have personal data portable, all in accordance with Article 16-21 GDPR, in writing to the address of the head office of the intermediary or by sending an e-mail to petrisk@petrisk.cz.
  2. The data subject also has the right to lodge a complaint with the Office for Personal Data Protection (www.uoou.cz) if he or she believes that his or her right to personal data protection has been violated.
  3. The processing of personal data involves automated decision-making as well as profiling pursuant to Article 13(1)(a) of Directive 95/46/EC. f) GDPR. We make fully automated decisions based on personal data, for example. about the policy or the premium – especially when taking out insurance online, which is important in speeding up the process. We also use profiling, for example, in direct marketing on the internet to ensure that we only reach you with insurance offers that are relevant to you and to comply with certain legal obligations, such as measures against money laundering and terrorist financing. Automated decisions are based on rules we define in advance – for example, insurance algorithms.
  4. The data subject shall have the right to object at any time and free of charge to processing, including automated decision-making and profiling, insofar as it relates to a particular form of profiling, by any of the means set out in the preceding paragraph.
  5. The data subject has the right to request from the controller access to personal data, their correction or deletion, or restriction of processing, to object to processing, or to withdraw his/her consent at any time in writing to the address of the agent’s registered office, by sending an e-mail to petrisk@petrisk.cz.
  6. The intermediary shall also destroy the personal data once the purpose for which the personal data were processed has ceased.
  7. The data subject has the right to data portability and to lodge a complaint with the supervisory authority.
  8. The data subject has the right to request a printed version of this policy from PETRISK.
  9. The data subject is not obliged to provide personal data to the intermediary and failure to do so will not have any legal consequences for the data subject.

VII. Marketing use of personal data

  1. The data subject signed on the insurance policy, as well as the beneficiary and the obligee, grant PETRISK consent to the processing of personal data in the scope of name, surname and address for marketing purposes, i.e.:
    1. offering insurance or related services to PETRISK and sending other commercial communications from the insurer,
    2. transfer of personal data 3. to persons, namely Allianz pojišt’ovna, a.s., Colonnade Insurance S.A., organizační složka, Česká podnikatelská pojišt’ovna, a.s., VIG,
      ČSOB Pojist’ovna, a.s., Generali Česká pojišt’ovna a.s., Kooperativa pojišt’ovna, a.s., VIG, UNIQA pojišt’ovna, a.s. for the purpose of offering their trade and services and sending their commercial communications.
  2. The data subject further consents to the insurer adding to the personal data already collected additional personal data of the data subject that it obtains from any other source at a later date. Consent to the processing of personal data for marketing purposes is entirely voluntary and is not a prerequisite for entering into an insurance contract.

VIII. Withdrawal of consent

  1. Consent for the marketing use of personal data may be withdrawn at any time, in whole or in part.
  2. Withdrawal of consent must be made in writing to PETRISK’s registered office or by email to petrisk@petrisk.cz.
  3. In connection with the performance of insurance activities and activities directly or indirectly related to insurance activities, the insurer may record incoming and outgoing telephone calls on audio recording for the purpose of improving services, negotiating the conclusion or amendment of the contract, fulfilling contractual obligations and protecting rights arising from the insurance contract (in particular as evidence in court, administrative or other proceedings) and keep them for the duration of the insurance contract and for the period necessary to ensure the exercise of rights and fulfillment of obligations arising from the insurance contract. Agree, or else. the data subject expresses his/her disagreement with these activities at the beginning of the telephone call.

IX. Personal data processors

  1. PETRISK, as a personal data controller, uses the services of other processors to process the above personal data. The processor is the person authorised by PETRISK to process personal data in the performance of activities directly or indirectly related to insurance activities, in particular: the provider of the insurance product comparison application, the insurance product calculator application, the hosting service provider and the accounting company.

X. Recipients of personal data

  1. PETRISK may transfer the personal data of the data subject to other entities (recipients of performance), namely:
    1. insurance companies on whose behalf PETRISK concludes insurance with the data subject or for whom PETRISK arranges insurance with the data subject,
    2. entities for which the provision of data to the intermediary is required by law (e.g. law enforcement authorities, the Czech National Bank, financial administration authorities, bailiffs, insolvency administrators, etc.),
    3. entities that PETRISK may use to protect rights and legally protected interests (e.g. courts, bailiffs, insolvency administrators, lawyers, external enforcement agencies, etc.),
    4. the processors of personal data referred to in Art. X. of these rules,
    5. insurance companies for the purpose of prevention and detection of insurance fraud and other illegal acts pursuant to Act No. 277/2009 Coll., on Insurance,
    6. on the basis of the data subject’s consent, to the other subjects listed in Article VIII. Marketing use of data),
    7. with the consent or on the instructions of the data subject, to other entities.

These rules take effect on 14 March 2023.