Data Protection and Privacy Notice
Oney Insurance (PCC) Limited and Oney Life (PCC) Limited (‘we’, ‘us’, ‘our’) strive to protect the privacy and the confidentiality of Personal Data that the company processes in connection with the services it provides to clients and individuals.
Identity of the Data Controller
Oney Insurance (PCC) Limited and Oney Life (PCC) Limited are the Data Controllers in respect of the Personal Information as defined by relevant data protection laws and regulations.
The kind of information we hold about you
Depending on your relationship with us, we may collect, store, and use the following categories of personal information about you (‘Personal Information’):
- General identification and contact information such as name; residential address; e-mail and telephone details; identity card number; passport number; nationality, relationship to the policyholder, insured or claimant; date of birth.
- Financial information and account details such as credit/ debit card details, bank account or other financial account number, income and other financial information.
- Information enabling us to provide products or services such as location and identification of property insured (for example property’s serial number/ IMEI number); policy and claim numbers; prior accident or loss history; information about your other policies such as claims history, claims data. Family details such as details on your dependents/ spouse/ partner/ family.
- Fraud Prevention information such as checks relating to terrorist activities.
- Locational information such as IP addresses when visiting our website without disabling Cookies including related location data.
- Social media account and information when you use our Social Media Pages such as your social media ID and profile picture.
We may also collect, store and use the following ‘special categories’ of more sensitive personal information such:
- Health Information such as current or former physical/ mental condition; health status, injury or disability information; medical procedures performed; family or personal history in relation to medical conditions.
- Criminal Data Records such as information about your criminal record or civil litigation history in the process of preventing, detecting and investigating fraud; checks relating to terrorist activities.
How we will process information about you
We will only use your Personal Information when the law allows us to. Most commonly, we will use your Personal Information in the following circumstances:
- Where we need to perform the contract which we have entered with you
- Where we need to comply with a legal obligation; and
- Where it is necessary for our legitimate interests or those of a third party, provided that such legitimate interests are not overridden by your interests or fundamental rights and freedom which require the protection of Personal Data.
We may also process your personal information in the following situations, which are likely to be rare:
- Where we need to protect your vital interests or the vital interests of another person;
- Where it is required in the public interest or for official purposes.
If you fail to provide Personal Information
If you fail to provide certain Personal Information when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations.
How we use particularly sensitive personal information
Special categories of Personal Information require higher levels of protection. We need to have further justification for collecting, storing and using this type of Personal Information. We may process special categories of Personal Information in the following circumstances:
- In limited circumstances, with your explicit written consent;
- Where we need to carry out our legal obligations;
- Where it is needed in the public interest;
- Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards;
- Where it is needed in relation to the exercise or defence of legal claims.
Less commonly, we may need to process this type of information where it is needed to protect your vital interests or the vital interests of other persons and you are not capable of providing consent or where you have already made the information public.
We will not use Personal Information for any other purpose incompatible with the purposes described in this Notice, unless such use is required or authorised by law, authorised by you, or is in your own vital interest (such as in the case of a medical emergency).
How we may share your Personal Information
We may share your Personal Information within our different departments, our associated companies and our partners. This is generally required for the performance of our contract with you; in order to identify products which may be of interest to you; for pricing and underwriting purposes; for claims management purposes; for marketing and product research and development purposes; and for statistical analysis purposes. We may share your Personal Information to prevent, detect and/or suppress fraud and in order to comply with our legal obligations.
We may also share your Personal Information with third parties, including:
- Insurance intermediaries (such as Insurance Brokers and Insurance Agencies), insurance distributors (such as retail shops and banks), claims handlers (with whom personal data can be exchanged mainly for the purposes of insurance distribution, policy underwriting and administration and claims handling);
- Services providers (such as actuaries, lawyers, archiving companies, debt management companies, repair services providers) – with whom personal data can be exchanged for the purposes of providing ancillary services to the policy management, distribution and claims handling;
- Health care provides (such as public or private hospitals, general and specialised medical practitioners), with whom personal data can be exchanged mainly for the purposes of evaluation and management of claims;
- Any other third parties legally entitled to communicate personal data to us in relation with the policy management, distribution and claims handling, such as the Insured Parties’ employers, notaries, appointed experts by court or the Policy holder/insured party together with the Commissioner of Police and any kind or any person, body or authority authorised by law to disclose and receive personal data.
In all cases, the sharing of your Personal Information is made subject to appropriate confidentiality safeguards.
Transfer of Personal Information outside Malta
Due to the global nature of our business, we may share your Personal Information with third parties established within the European Economic Area, subject to observance with all confidentiality safeguards applicable according to Law.
How we may obtain Personal Information about you
Apart from the Personal Information which you provide us with, we may obtain Personal Information about you from third parties to prevent, detect or suppress insurance fraud, money laundering and terrorism; to exercise or defend legal claims; and to safeguarding our legitimate expectations in so far as this is permitted by Law. In particular, we may receive Personal Information about you from third parties who we may share Personal Information with according to this Notice. Our head office is equipped with CCTV cameras for security purposes.
We will take appropriate measures to protect Personal Information and Sensitive Personal Information that are consistent with applicable privacy and data security laws and regulations, including requiring service providers to use appropriate measures to protect confidentiality and security of Personal Information and Sensitive Personal Information.
Data Integrity and Retention
We will take reasonable steps to ensure that the Personal Information and Sensitive Personal Information processed by us, is reliable for its intended use, and is accurate and complete for carrying out the purposes described in this Notice. We will retain Personal Information and Sensitive Personal Information for the period necessary to fulfill the purposes outlined in this Notice unless a longer retention period is required or permitted by law.
You have the right to object at any time to the processing of your Personal Information. You can exercise this right by contacting our Data Protection Officer at: The Data Protection Officer, Oney Insurance (PCC) Limited, 171, Old Bakery Street, Valletta Malta or at: email@example.com.
You also have the right to access your Personal Information and Sensitive Personal Information, the right to correct inaccurate Personal Information and Sensitive Personal Information, the right to erase your Personal Information and Sensitive Personal Information in certain circumstances, and the right to receive the Personal Information and Sensitive Personal Information you have provided to Us in a structured, commonly used and machine-readable format for onward transmission by you to another entity without hindrance from us. If you wish to exercise any of these rights, please contact our Data Protection Officer. Please note, however, that certain Personal Information and Sensitive Personal Information may be exempt from such access, correction and erasure requests pursuant to applicable data protection laws or other laws and regulations.
As part of the provision of your insurance contract, we may use automated decision making, including profiling, subject to appropriate safeguards to protect your rights and freedoms and legitimate interests. You have the right to request human intervention to express your point of view and to contest automated decisions.
You can also file a complaint on data protection matters with the Office of the Information and Data Protection Commissioner by following this link: https://idpc.org.mt/en/Pages/contact/complaints.aspx
Cookies are pieces of information stored directly on the device you are using. Cookies allow us to recognize your device and to collect information such as internet browser type, time spent on our website, pages visited, language preferences, country website preference. We may use the information for security purposes, to facilitate navigation, to display information more effectively, or to personalize your experience while using our website. In addition, we may use the information to gather statistical information about the usage of our website in order to understand how they are used, continually improve their design and functionality, and assist us with resolving questions about them.
Links to Third Party Websites
Our website may contain links to other third-party websites. If you follow a link to any of those third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third-party websites.
Changes to this Privacy Notice
This Privacy Notice is subject to change at any time. If we make changes to this Privacy Notice, we will update the date it was last changed.
This Privacy Notice was last updated on 04 June 2018.