Data Protection and Privacy Notice

Oney Insurance (PCC) Limited and Oney Life (PCC) Limited (‘we’, ‘us’, ‘our’, ‘Company’) strive to protect the privacy and the confidentiality of Personal Data that the Company processes in connection with the services it provides to clients and individuals.

Identity of the Data Controller

Oney Insurance (PCC) Limited and Oney Life (PCC) Limited are the Data Controllers in respect of the Personal Data as defined by relevant data protection laws and regulations.

The kind of information we hold about you

Depending on your relationship with us, we may collect, store, and use the following categories of personal information about you (“Personal Data”):

  • General identification and contact information such as name; residential address; e-mail and telephone details; identity card number; passport number; nationality, relationship to the policyholder, insured or claimant; date of birth.
  • Financial information and account details such as credit/ debit card details, bank account or other financial account numbers, income and other financial information.
  • Information enabling us to provide products or services such as location and identification of property insured (for example property’s serial number/ IMEI number); policy and claim numbers; prior accident or loss history; information about your other policies such as claims history, claims data. Family details such as details on your dependents/ spouse/ partner/ family.
  • Fraud Prevention information such as checks relating to terrorist activities.
  • Locational information such as IP addresses when visiting our website without disabling Cookies including related location data.
  • Social media account and information when you use our Social Media Pages such as your social media ID and profile picture.

We may also collect, store and use the following “special categories” of more sensitive personal information such as:

  • Health Information such as current or former physical/ mental condition; health status, injury or disability information; medical procedures performed; family or personal history in relation to medical conditions.
  • Criminal Data Records such as information about your criminal record or civil litigation history in the process of preventing, detecting and investigating fraud; checks relating to terrorist activities.

How we will process information about you

We will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Information in the following circumstances:

  1. Where we need to perform the contract which we have entered with you
  2. Where we need to comply with a legal obligation; and
  3. Where it is necessary for our legitimate interests or those of a third party, provided that such legitimate interests are not overridden by your interests or fundamental rights and freedom which require the protection of Personal Data.

We may also process your personal data in the following situations, which are likely to be rare:

  1. Where we need to protect your vital interests or the vital interests of another person;
  2. Where it is required in the public interest or for official purposes.

If you fail to provide Personal Data

If you fail to provide certain Personal Data when requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations.

How we use particularly Sensitive Personal Data

Special categories of Personal Data require higher levels of protection. We need to have further justification for collecting, storing and using this type of Personal Data. We may process special categories of Personal Information in the following circumstances:

  1. In limited circumstances, with your explicit written consent;
  2. Where we need to carry out our legal obligations;
  3. Where it is needed in the public interest;
  4. Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards;
  5. Where it is needed in relation to the exercise or defence of legal claims.

Less commonly, we may need to process this type of information where it is needed to protect your vital interests or the vital interests of other persons and you are not capable of providing consent or where you have already made the information public.

We will not use Personal Data for any other purpose incompatible with the purposes described in this Notice, unless such use is required or authorised by law, authorised by you, or is in your own vital interest (such as in the case of a medical emergency).

How we may share your Personal Data

We may share your Personal Data within our different departments, our associated companies and our partners. This is generally required for the performance of our contract with you; in order to identify products which may be of interest to you; for pricing and underwriting purposes; for claims management purposes; for marketing and product research and development purposes; and for statistical analysis purposes. We may share your Personal Data to prevent, detect and/or suppress fraud and in order to comply with our legal obligations.

We may also share your Personal Data with third parties, including:

  • Insurance intermediaries (such as Insurance Brokers and Insurance Agencies), insurance distributors (such as retail shops and banks), claims handlers (with whom personal data can be exchanged mainly for the purposes of insurance distribution, policy underwriting and administration and claims handling);
  • Services providers (such as actuaries, lawyers, archiving companies, debt management companies, repair services providers) – with whom personal data can be exchanged for the purposes of providing ancillary services to the policy management, distribution and claims handling;
  • Health care provides (such as public or private hospitals, general and specialised medical practitioners), with whom personal data can be exchanged mainly for the purposes of evaluation and management of claims;
  • Any other third parties legally entitled to communicate personal data to us in relation with the policy management, distribution and claims handling, such as the Insured Parties’ employers, notaries, appointed experts by court or the Policyholder/insured party together with the Commissioner of Police and any kind or any person, body or authority authorised by law to disclose and receive personal data.

In all cases, the sharing of your Personal Data is made subject to appropriate confidentiality safeguards.

Transfer of Personal Data outside Malta

Due to the global nature of our business, we may share your Personal Data with third parties established within the European Economic Area, subject to observance with all confidentiality safeguards applicable according to Law.

How we may obtain Personal Data about you

Apart from the Personal Data which you provide us with, we may obtain Personal Data about you from third parties to prevent, detect or suppress insurance fraud, money laundering and terrorism; to exercise or defend legal claims; and to safeguarding our legitimate expectations in so far as this is permitted by Law. In particular, we may receive Personal Data about you from third parties who we may share Personal Data with according to this Notice. Our head office is equipped with CCTV cameras for security purposes.


We will take appropriate measures to protect Personal Data and Sensitive Personal Data that are consistent with applicable privacy and data security laws and regulations, including requiring service providers to use appropriate measures to protect confidentiality and security of Personal Data and Sensitive Personal Data.

The Company has taken appropriate physical, logic, and organisational measures to guard against the loss, improper use, unauthorised access or diffusion, alteration, or possible destruction of Personal Data. However, despite our efforts to protect your Personal Data, we cannot guarantee the infallibility of this protection due to the unavoidable risks that may occur during the transmission of Personal Data.

Since all Personal Data is confidential, access is limited to the Company’s employees and third parties that require it for the execution of their missions. Everyone with access to Personal Data is bound by a confidentiality obligation and is exposed to disciplinary action and/or other sanctions if these obligations are not respected.

Data Integrity and Retention

We will take reasonable steps to ensure that the Personal Data and Sensitive Personal Data processed by us, is reliable for its intended use, and is accurate and complete for carrying out the purposes described in this Notice. We will retain Personal Data and Sensitive Personal Data for the period necessary to fulfil the purposes outlined in this Notice unless a longer retention period is required or permitted by law.

  • Personal Data in relation to quotations not taken up by data subjects

Retention Period: 5 years

Retention Purpose: As a measure to combat insurance fraud.

  • Personal Data in relation to expired or lapsed insurance contracts

Retention Period: 10 years from the closure of all outstanding policy claims or policy expiry whichever comes last.

Retention Purpose: Due to legal compliance obligations and a legitimate interest of the controller which will be stated by the insurer.

As a necessity for the performance of a contract with the data subject.

As a measure to combat insurance fraud.

  • Personal Data in relation to insurance claims including 3rd party claims data

Retention Period: 10 years from the closure of all outstanding policy claims.

Retention Purpose: As a measure to combat insurance fraud.

Due to the legal compliance obligations of the controller.

Audit and Tax purposes.

The retention periods indicated above do not relate to Personal Data which has been anonymised. Such anonymised data may be retained indefinitely.

Your Rights concerning your Personal Data

You have the right to object at any time to the processing of your Personal Information. You can exercise this right by contacting our Data Protection Officer at:

The Data Protection Officer
Oney Insurance (PCC) Limited
171, Old Bakery Street, Valletta Malta or

You also have the right to access your Personal Data and Sensitive Personal Data, the right to correct inaccurate Personal Data and Sensitive Personal Data, the right to erase your Personal Data and Sensitive Personal Data in certain circumstances, and the right to receive the Personal Data and Sensitive Personal Data you have provided to us in a structured, commonly used and machine-readable format for onward transmission by you to another entity without hindrance from us. If you wish to exercise any of these rights, please contact our Data Protection Officer. Please note, however, that certain Personal Data and Sensitive Personal Data may be exempt from such access, correction and erasure requests pursuant to applicable data protection laws or other laws and regulations.

As part of the provision of your insurance contract, we may use automated decision making, including profiling, subject to appropriate safeguards to protect your rights and freedoms, and legitimate interests. You have the right to request human intervention to express your point of view and to contest automated decisions.

You can also file a complaint on data protection matters with the Office of the Information and Data Protection Commissioner by following this link:


Cookie Policy

When Oney Insurance site is accessed, information may be recorded in the “Cookies” files on your computer, tablet, or mobile phone.

Cookies are pieces of information stored directly on the device you are using. Cookies allow us to recognise your device and to collect information such as internet browser type, time spent on our website, pages visited, language preferences, country website preference. We may use the information for security purposes, to facilitate navigation, to display information more effectively, or to personalise your experience while using our website. In addition, we may use the information to gather statistical information about the usage of our website in order to understand how they are used, continually improve their design and functionality, and assist us with resolving questions about them.

Cookies used on our Internet site and their purpose

We use two types of Cookies that can be recorded on your terminal when you visit our website. These cookies are issued by third parties and are subject to policies to protect the private lives of these third parties. These cookies are not essential for browsing our site.

“Google Analytics” audience measurement cookie

This cookie is issued by Google Inc. to measure the audience of various content and sections of our site in order to assess them, improve how they are organised and, if necessary, detect browsing problems to make our services more user-friendly. This cookie only produces anonymous statistics and audience volumes, to the exclusion of any individual information.
The lifetime of an audience measurement cookie does not exceed 12 months.

“Addthis” social network cookie

This cookie is used to display social network icons to enable you to share our site on your networks if you wish, share the content of our site with other people, or inform them about your viewing or opinion of the content of the site.

Please view the private life protection policies of these social networks to obtain information on the purposes of use, the advertising and browsing information they can collect thanks to these app buttons, in particular.

For information on the private life protection policy of the social networks concerned, please click on LinkedIn.

The lifetime of this cookie does not exceed 12 months.

By continuing to use the Internet site in view of the information given above, you expressly agree to the use of this type of cookie by Oney Insurance.

Links to Third Party Websites

Our website may contain links to other third-party websites. If you follow a link to any of those third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third-party websites.

Controlling and deleting cookies

To control these cookies, most browsers enable you to accept or reject any cookie, only accept certain types of cookies, or ask you the question each time a site wishes to record a cookie. It is also easy to delete cookies saved onto your computer by a browser.

You can oppose the installation of cookies on your computer by configuring your Internet browser as follows:

For Internet Explorer: click on the link
For Safari: click on the link
For Chrome: click on the link
For Firefox: click on the link
For Opera: click on the link

Changes to this Privacy Notice

This Privacy Notice is subject to change at any time. If we make changes to this Privacy Notice, we will update the date it was last changed.

This Privacy Notice was last updated on 16 May 2019.