top of page

We value your personal and confidential information. We are committed to protecting this information with adequate protection and use it only for the purposes stipulated in this Privacy Policy. This Privacy Policy will help you understand what personal data is collected and processed, how its protected, how we use it and what rights are made available to you regarding your personal data.

 

Boitefin CY is a trading name of Syndiom Insurance Agents, Sub-Agents & Consulting Ltd. This Privacy Policy (‘Policy’) explains how (collectively, with its affiliates, ‘Boitefin CY, ‘we’, ‘us’, ‘our’) a Company registered in the Republic of Cyprus with registration number HE410181, whose registered at Inomenon Ethnon 2, 4th Floor, 6042 Larnaca being a Data Controller, collects and processes your personal information, i.e. information collected online and offline, in accordance with the General Data Protection Regulation (2016/679) and the applicable Data Protection Laws of the Republic of Cyprus (‘the Law’).

 

Our Policy does not apply to any services or third-parties that have a separate privacy policy and are not incorporated in this Policy and it does not apply to third-party products or services, all of which are regulated by their own privacy policies, even if our services contain them, utilize them, or contain links to them.

 

DEFINITIONS

​

‘Data Controller’ means the person or organization which determines when, why and how to process Personal Data and implements appropriate technical and organizational measures to comply with the Law;

 

‘Data Protection Officer’ means the person who is formally appointed with the purpose of ensuring that we are aware of and comply with our data protection responsibilities and obligations according to the Law;

 

‘Data Subject’ means a living, identified or identifiable natural person about whom we hold Personal Data;

 

‘Personal data’ means data about the Data Subject who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access;

 

‘Processing’ means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction;

 

‘Special Categories of Personal Data’ means the information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data;

​

For the purposes of this Policy, Personal Data includes Special Categories of Personal Data.

 

‘Third Party’ means the recipient of your Personal Data as defined below.

 

The kind of information we collect about you

 

The purpose of the Processing of your Personal Data is largely based on each of our services that you have requested, used or intend to use:

 

Contact Details e.g., name, surname, email address, telephone number, physical address, phone number

 

Identification Information: date of birth, social insurance employee number, social insurance employer number, passport, residency number, alien registration certificate, identification card number, driving license, nationality, country of residence,

 

Demographic Information: e.g., age, gender, weight

 

Personal Correspondence e.g., emails that you send to us, questions you submit to us, information posted publicly on our social media channels

 

Financial information: e.g., payment card information, sort code, bank account information, credit information

 

Website information: e.g., geographical coordinates, IP address,

 

Educational background: e.g., university, certifications, qualifications, work experience etc.)

 

Third-Party/Related Person information: details of any related or third persons included on a policy where they are named along a policyholder,

 

Additional Information: Data related to your insurance policy e.g. car information, property information, travel itinerary, dash-cam footage

 

Business Information: Information about the nature of your business

 

Special Categories of Personal Data: vulnerabilities stated by client, allergies, recent health claims, previous injuries, current and former physical or mental health records of you and persons including on your policy

 

In the event that you provide us with Personal Data about other individuals, you warrant to us that you have obtained such individuals’ permission to do so.

​

SENSITIVE INFORMATION

 

We do collect or process Personal Data of children.

 

We do specifically process sensitive personal data, such as physical and/or mental conditions.

 

By providing this sensitive data us, you are consenting to us using it in the manner set out in this Policy in order to better serve and meet your needs when using our services and website.

 

Other sensitive data is only shared with other members of Boitefin CY our third-party service providers acting as data processors (e.g. agents, insurance companies, clinics, doctors) for the purpose of providing the services you request and will not be shared or used by us for any other purposes.

 

ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA

 

As Data Controllers we may collect and process your Personal Data for any or all of the following purposes:

 

Contractual Obligations: Are necessary to enter into a contract and/or to perform the contract in order to fulfill the services that you have requested (e.g. insurance policies, benefits, to review and evaluate applications, making payments, communicating with you to resolve matters, providing quotes, handling complaints, representing you when called upon, booking flights, debt recovery matters, setting up and managing your policy, setting up your client or agent portal, managing your insurance benefits, handling and processing claims, booking appointments, registering you as a client, registering you as an agent etc.);

 

Consent: You have given consent to the processing of your Personal Data for a specific purpose (e.g. receiving newsletters and/or promotional offers, SMS communication, Email Communication, booking appointments, setting up your portal account etc.) Consent may be withdrawn at any time by contacting our Data Protection Officer at the contact details provided below.

 

Legitimate Interests: Are necessary for the purposes of our legitimate interests or of a third party (e.g. legal claims, handling complaints, defending our rights, training methods, improving your experience, changes to services, informing you about our products and/or services, assessing agent performance), except where these interests are overridden by your interests or fundamental rights and freedoms.

 

Legal & Regulatory Obligations: Are necessary for complying with the Law and/or any applicable law and/or any Regulatory body (e.g. the obligation of keeping accounting records, maintaining financial records, tax requirements, auditing obligations, regulatory inspections, AML inspections.

 

Public Interest: Are necessary for complying with matters of public interest (e.g. investigating fraudulent claims, anti-money laundering checks and medical malpractice)

 

Vital Interest: Are necessary in situations of life and death in order to protect your vital interests when faced with such situation.

 

WHO RECEIVES YOUR PERSONAL DATA

 

Your Personal Data are only accessible by the following Third Parties:

 

The employees with a need for access to fulfill the purposes set out above;

 

Any person named as an alternative contact and/or emergency contact on your application;

 

Any other person whose information is added on your policy;

 

The insurance partners such as brokers, agents, other insurers, reinsurers;

 

Third-parties associated with the management and administration of your policy e.g. doctor, surveyor, personal assistant, secretary, lawyer, mechanic, travel agent, booking agent;

 

The police or law enforcement agencies or competent authorities where reasonably necessary for the prevention or detection of crime.

 

In case of an absence of your consent, your Personal Data will not be disclosed to any Third Party, other than the above-mentioned, unless the disclosure is required and/or mandatory under the provisions of any legislation, regulation or upon governmental, supervisory, competent authority request.

 

When we enter to an engagement with a Third Party pursuant to which your Personal Data may be processed by that party, we enter into a processing agreement with that party in order to ensure that this Third Party processes the Personal Data strictly according to our instructions and implements the appropriate administrative, physical and technical measures to protect the Personal Data from unauthorized or accidental use, collection, access, damage, loss or disclosure.

 

Transferring your Personal Data outside United Kingdom, European Union (‘EU’) and European Economic Area (‘EEA’)

 

We generally transfer your Personal Data to countries outside of the Republic of Cyprus, E.U. and EEA (‘Third Countries’). When we transfer any Personal Data to Third Countries, we always ensure that the transfer meets the relevant requirements of the Law and we take all steps required to ensure that your Personal Data continues to receive our standards of protection.

 

Retention of Personal Data:

 

We will retain your Personal Data for as long as it is necessary to fulfill the purpose for which it was collected or for as long as is required/permitted by applicable law and in order to comply with legal and regulatory obligations.

 

Once you stop working with us, where we can and it is appropriate, we anonymize your personal information so it can longer be connected to you and/or minimize to be used for analytical purposes.

 

Personal Data received, based on your consent, for newsletters and/or information about promotions/offers, will be retained until you withdraw your consent.

 

PROTECTION OF PERSONAL DATA

 

To safeguard your Personal Data from unauthorized access, collection, use, damage, loss, disclosure, copying or similar risks, we have introduced appropriate administrative, physical and technical measures such as up to date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of Personal Data to Third Parties. We also allow access to Personal Data only to those employees who need to know such data and they will only process your Personal Data on our instructions.

 

However, no method of transmission over the internet or method of electronic storage is completely secure. While security cannot be guarantee, we try to protect the security of the Data Subject’s Personal Data and we constantly review and enhance our information security measures.

Your rights in relation to your Personal Data

 

Right to access:

 

Request access to your Personal Data (commonly referred to as a "data subject access request"). This enables you to receive a copy of your Personal Data that we hold about you;

 

Right to rectification:

 

Request to correct or update any of your Personal Data which we hold. This enables you to have any incomplete or inaccurate information we hold about you corrected. We strive to retain only Personal Data that is accurate, complete and up to date;

 

Right to data portability:

 

Request the transfer of your Personal Data to another party;

 

Right to erasure:

 

Request to delete your Personal Data. However, we may need to retain certain information for legal or administrative purposes, such as record keeping and detect fraudulent activities.

 

Right to restrict processing:

 

Request to restrict the use of your Personal Data;

 

Right to object:

 

You have the right to object to the collection and use of your Personal Data (e.g. when we use your Personal Data on the basis of your consent, you can withdraw that consent at any time);

 

How can you exercise your rights in relation to your Personal Data:

 

If you wish to exercise any of your rights, you may contact our Data Protection Officer in writing or via email at the contact details provided below:

 

Ibrahim Ozkaratan

Inomenon Ethnon 2,

4th Floor,

6042 Larnaca

 

ibrahimo@boitefin.com

 

Right to lodge a complaint:

 

You also have the right to lodge a complaint about the use of your Personal Data by contacting either our Data Protection Officer or the Commissioner of Personal Data Protection through the website http://www.dataprotection.gov.cy

​

EFFECT OF POLICY AND CHANGES TO POLICY

 

We keep this Policy under review, and we may modify it from time to time without any prior notice. You should review our Policy on our website periodically to ensure that you are aware of any such modifications/updates.

bottom of page