Privacy Policy

This Privacy Policy (the ‘Policy’) contains information on how ADB Compensa Vienna Insurance Group (‘Compensa’) and Compensa Life Vienna Insurance Group SE, acting through the branch in Lithuania (‘Compensa Life’) (jointly, the ‘Companies’ or ‘we’), as data controllers, process Personal Data.

This Policy defines the rules applicable to the collection, use, and processing of Personal Data, which the Companies follow in the course of their insurance business, and is intended for persons using our services. More detailed information about the processing of Personal Data is provided in under Purposes and Grounds of Data Processing, based on the services the Company/Companies will be providing to you.

Personal Data: any information that allows us to identify you directly or indirectly.

Personal Data Processing: any actions in relation to the Personal Data, including the collection, recording, structuring, storage, exchange, and disclosure thereof, the granting of access to the Personal Data, as well as reviewing and reading, using, transferring, cross-using, adjusting, blocking, erasing or removing the Personal Data, or a combination of the above actions, depending on the character of their execution or the measures employed.

Data Subject, you: a private individual (including the policyholder, the beneficiary, the CEO/representative of a legal entity) who uses/has expressed an intention of using the services provided by Compensa and/or Compensa Life or is otherwise related to us and/or our services.

Data Controller: an individual or an entity that, acting alone or in association with others, defines the goals and measures for processing the Personal Data. When the Personal Data is processed under this Policy, Compensa and Compensa Life act as Data Controllers when they process the Personal Data in the course of providing you with insurance and related services.

Data Processor: an individual or an entity processing Personal Data for the Data Controller. In processing Personal Data, Compensa and Compensa Life engage Data Processors and take any actions necessary for the Data Processors to process the Personal Data in line with the documented instructions and with adequate security measures in place and in compliance with the requirements of Personal Data protection regulations.

The rest of the terms used in this Policy shall be construed in the way they are defined in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation (GDPR)), unless specified otherwise herein.

Personal Data shall be collected directly from you, and shall be generated as you use or express and intention to use the insurance services provided by Compensa and/or Compensa Life. In some cases, your Personal Data may be provided to us by our Clients who enter into contracts in your interests or designate you as the beneficiary, as a case in point.

Depending on the services that are provided to or contracted by you, Compensa and/or Compensa Life shall also receive Personal Data from external data sources such as:

• public registers (including the Real Estate Register, the Register of Legal Entities, the Population Register, the Register of Motor Vehicles, and other registers or databases);
• third parties, on the basis of contracts or official inquiries sent to entities involved in processing and authorised (or obligated) to release the necessary information (such as the police; the public authorities; Regitra, a public body; the Motor Insurers’ Bureau of the Republic of Lithuania; the Fire Safety and Rescue Service; healthcare institutions; or other governmental bodies or entities);
• the managers of other databases as well as persons and entities spelled out elsewhere in his Policy.

Compensa and/or Compensa Life collect the Personal Data by recording phone calls, making surveillance records, and retaining communications with you.

In cases where you provide the Companies with the Personal Data of third parties (for example, when you conclude an insurance contract in the interests of another person, designate third parties as Beneficiaries, and so on), you undertake to inform these persons about the Insurance Contract, the transfer of their Personal Data to companies, and the processing of their Personal Data by the Companies, as well as this Privacy Policy.

The categories of your Personal Data processed depend on your specific relationship with Compensa and/or Compensa Life. The categories of Personal Data that are processed by a particular insurance company are indicated below (the list is not exclusive):

We ensure that we process Personal Data in a lawful, fair and transparent way and collect it for specified, clearly defined and legitimate purposes. We usually process personal data on the following grounds of lawfulness:

• The performance of the contract is one of the main legal bases on which we ground the processing of Personal Data done in order to provide you with insurance services. This includes the processing necessary to respond to the pre-contractual request of the Data Subject in order to conclude, change, perform, administer or terminate the contract.
• The fulfilment of a legal obligation is the processing of Personal Data that creates a legal obligation for the Data Controllers as envisioned in the relevant legislation.
• The legitimate interest in the processing of Personal Data is the legal basis for processing Personal Data in pursuit of the legitimate interests of the Data Controllers, which take precedence over the interests or rights and freedoms of the Data Subject.
• Your consent. In cases where we ask you to provide your consent to the processing of your Personal Data, you will be informed about the purpose of such processing separately. You can withdraw your consent at any time.

We process your Personal Data securely and do not transfer it to any unauthorised persons. Part of the Personal Data processed by us may be transferred to other persons in the cases indicated below. The following is a description of the typical situations in which Personal Data may be transferred.

1. In some cases, the transfer of the Personal Data is grounded on the legal obligation borne by the insurer towards:

• The Motor Insurers’ Bureau of the Republic of Lithuania (Article 27.4 of the Law on Third-Party Liability of Vehicle Operators of the Republic of Lithuania);
• Another insurance or reinsurance company, an insurance or reinsurance company in another state within the European Economic Area (EEA), or a branch of an insurance or reinsurance company of a third country based in the Republic of Lithuania or another EEA state (Article 49 of the Insurance Law);
• The auditor;
• Supervisory bodies, pre-trial investigation authorities, the prosecutor’s office, courts, and the Financial Crimes Investigation Service;
• The insolvency administrator, notary public, and bailiff.

2. We may transfer part of our risks arising from insurance contracts to reinsurers in the Republic of Lithuania or abroad in order to reduce losses due to the assumed insured risk, effectively use the available capital or expand the possibilities to assume other insured risks.

These reinsurers are provided with technical insurance data: the number of the insurance contract, the insurance premium, the type of insurance cover, risk and risk supplement to the premium, and in individual cases, detailed Personal Data. Detailed Personal Data may be provided to reinsurers if reinsurers are involved in the assessment of risks and claims and it is necessary for assessing risks and claims. Special categories of Personal Data are provided to reinsurers if it is necessary for the assessment of risks and claims, subject to obtaining the written consent of the Data Subject to the transfer of such Personal Data.

3. Compensa and/or Compensa Life, as Data Controller(s), may provide the Personal Data of the Data Subject to third parties, as Data Processors, who provide us with services (perform works for us) and process the Personal Data of the Data Subject on behalf of the Data Controller.

The provision of services (performance of works) does not relieve us of our liability arising from insurance activities and we are responsible for supervising the provision of such services (performance of works).

As we engage Data Processors, we take all necessary measures to ensure that the Data Processors have implemented appropriate technical and organisational security measures and uphold confidentiality. The Data Processors are obliged to comply with all requirements for the processing of Personal Data by contract.

The Companies have the right to receive from the Data Processors detailed information related to the activities performed by them under the contract, as well as to prepare mandatory instructions for them in the contract regarding the activities performed.

4. The insurance contract can be concluded through an intermediary of supplementary insurance activities and an insurance intermediary: an insurance agent or an insurance brokerage company providing insurance product distribution services.

As a rule, in performing insurance product distribution activities an insurance brokerage company acts as an independent Data Controller and is responsible for ensuring that the processing of Personal Data complies with the requirements of legal acts and guarantees the protection of your rights.

Normally, an intermediary of supplementary insurance activity or an insurance agent who carries out insurance product distribution activities is considered to be the Data Processor, with whom separate brokerage and Personal Data processing agreements are signed.

The following is a typical (non-exclusive) list of subjects to whom Personal Data may be transferred (Data Recipients who are Data Controllers, Data Recipients who are Data Processors):

We usually process and store your Personal Data on the territory of the European Union (EU) and the EEA, but sometimes your Personal Data has to be transferred to other countries outside the EU and the EEA, where a lower level of data protection policy may apply. In such cases, we do everything in our power to ensure that the security of the Personal Data so transferred is on the level of protection of Personal Data as guaranteed in Lithuania.

Personal Data may be transferred and processed outside the EU/EEA when there is a legal basis for the transfer of the Personal Data and the situation satisfies at least one of the following criteria:

• the country outside the EU/EEA in which the Data Recipient is located ensures, by decision of the European Commission, a sufficient level of protection of Personal Data;
• the Data Controller or the Data Processor implements appropriate data security measures: for instance, Personal Data is transferred on the basis of a contract that features the standard terms and conditions approved by the European Commission or other standard terms approved in accordance with the established procedure or a valid code of conduct, or the Data Recipient holds a certificate to that effect;
• some derogations apply, for instance, when the client has expressly consented to the transfer of Personal Data, the transfer of Personal Data is necessary for the performance of a contract with the client or for entering into or performing a contract concluded in the interests of the client, or for making, exercising or defending legal claims or pursuing significant reasons of public interest.

We retain your Personal Data for as long as necessary to achieve the underlying objective. Upon achieving said objective, your Personal Data will be deleted or anonymised, unless the effective legislation obliges us to store Personal Data for the period specified therein. At the end of this period, the Personal Data will be deleted/destroyed in such a way that it cannot be reproduced, or modified in such a way that it can no longer be linked to a particular person. The specific time limits for the retention of your Personal Data depend on the legal basis for the processing of the Personal Data.

The following are examples of Personal Data retention periods:

Even though you may terminate the insurance contract and discontinue using our services, we will still have an obligation to keep your Personal Data for possible future claims until the data retention periods expire.

Information will also be stored so that we can provide you with the necessary information as necessary and have a proper history of the relationship between you and Compensa and/or Compensa Life and can answer any questions related to your cooperation with us. 

We are legally obligated to identify you and, where relevant, your representatives who seek to enter into an insurance contract on your behalf or in your interests.

For this purpose, we ask you to provide a valid ID and, where necessary, other documents necessary for your identification. We use authenticators to verify your identity. When processing Personal Data, we must ensure that your personal identification data is correct and up-to-date throughout the entire period of provision of insurance services to you.

Identification

For the purpose of identification, we ask you to provide a valid identity document. Throughout the entire period of our relationship with you, we must ensure that your Personal Data that we process is accurate and correct. For this purpose, we will periodically ask you to update your identity and contact details. If the identity is established by way of remote identification, for example, using the services of UAB Ondato, we also process your biometric data.

Authentication

For the purposes of authentication, we verify your identity to allow you to access our services on the self-service website.

Authentication is usually done with our own authenticators or authenticators from other service providers, such as SK ID Solutions’ Smart-ID, Dokobit, and so on. You can also use authenticators that we find acceptable in view of the applicable legislation, such as mobile signature, e-banking, or a PIN.

Compensa Life processes Personal Data in order to provide the risk and/or endowment life insurance services of your choice, including cases when we seek to assess individual insured risks and calculate the insurance premium and examine applications for the award and payment of the insurance benefit where necessary, as well as in cases where we seek to comply with the legal requirements for risk and/or endowment life insurance.

Personal Data is processed when we conclude, administer and terminate a contract for risk and/or endowment life insurance services. In addition, we process Personal Data when we implement the requirements of the legislation pertaining to life insurance. We collect Personal Data directly from you, as well as from external sources, and we ask you to update it routinely. Depending on which life insurance services you have chosen, your Personal Data may be transferred to data recipients in order to conclude and perform a contract or to comply with the requirements of the legislation.

Entry into Insurance Contract

When you apply to enter into a risk insurance contract, we process your Personal Data to assess your needs, individual risks, calculate the insurance premium, the insured amount, and make a decision on the insured risk. We process your Personal Data, including health data, in an automated manner and make an automated decision, including for the purposes of profiling, to make a quick decision about the insured risk. When additional information is required or when you request for the decision not to be made automatically, your application will be processed by an employee of Compensa Life. In this case, we process data about your health as provided by you or by physicians and medical institutions on the basis of your consent, as well as health data pertaining to your current or previous insurance contracts, insurance applications, insurance claims, and insured events. When the decision was exclusively automated, you have the right to request for it to be reviewed by an employee.

When you apply to enter into an endowment insurance contract, we also process your Personal Data, including for profiling purposes, in order to assess the suitability of the insurance service for you.

Upon entry into the insurance contract, we process your Personal Data in order to perform, change or terminate the contract if necessary, refund the insurance premium or pay the insurance benefit under the contract, and apply tax on the benefits. We also process Personal Data in cases where we send notifications related to insurance services, debt notifications, annual statements or routine reports in the case of an endowment life insurance contract.

For the above purposes, we process your personal identification data, data about your bank account, contact details, financial data, family data, children's data (when the services concern a child), health data, data on affiliation with legal entities, data collected using communication and other technological means, data on the status of your relations with Compensa Life, demographic data.

Disbursement of the Insurance Benefit

When you submit an insurance claim, we process your Personal Data in order to examine the application, including for the purposes of us making a decision on the benefit and payment thereof in an insured event. For said purpose, we process your Personal Data, including data about your health as provided by you or by physicians and medical institutions on the basis of your consent, as well as Personal Data pertaining to your current or previous insurance contracts, insurance applications, insurance claims, and insured events. We also process your financial data as provided by you if it is necessary to pay the insurance benefit, as well as Personal Data received from state authorities, such as data on convictions and criminal offenses, when relevant in terms of the insured event.

For this purpose, in addition to the Personal Data specified above, we process your data related to your profession, work activity, active pastime activities, data on convictions and criminal offenses when relevant, data on behavioural habits, priorities, and satisfaction with the insurance services.

We process Personal Data in order to provide the non-life insurance services of your choice, meaning that we assess the insured risks and calculate the insurance premium payable, and we process applications/complaints related to the insurance contract or the payment of the insurance benefit if necessary and comply with the legal requirements related to non-life insurance. Depending on the non-life insurance services that you choose, Personal Data is transferred to the Data Recipients in order to conclude and perform a contract or to comply with the legal requirements.

Entry into Insurance Contract

When you file an application for the entry into an insurance contract, we process your Personal Data to assess the insured risks, choose the insurance product best aligned with your needs, and calculate a fair insurance premium. The processing of your Personal Data for said purposes is automated. We also make automated decisions, including for profiling purposes, to expedite the decision-making with regard to the insurance contract. Where we need additional information or you request that the decision would not be automated, your application will be processed by our employees. We process Personal Data that we receive from you, from public registers, as well as the Personal Data that is already available to us with respect to your prior insurance contracts and insured events, among other things. Where the decision was made automatically, you have the right to request that it be reviewed by an employee of the relevant Company.

When you enter into an insurance contract, we will also process your Personal Data to perform the insurance contract, send you updates to insurance contracts, modify and terminate the insurance contract, refund an insurance premium, or disburse a benefit under the contract. We also process Personal Data to provide you with notifications relating to the insurance contracts or notices of arrears when necessary.

For those purposes, we process your personal identification data (such as name and last name, contact details); Personal Data relating to the subject of the insurance (such as information about the property, the vehicle, and so on). Depending on the situation, we may also process other Personal Data as necessary to enter into and/or perform insurance contracts (such as details of individual characteristics: driving experience; travel destinations and periods, and so on; financial details: bank account number, amount of debt, and so on).

We may also process your personal ID number for identification purposes or for the purposes of obtaining from a data recipient (such as Centre of Registers, a public company) information necessary for entering into or performing the insurance contract.

Collecting special categories of Personal Data (such as health data) will be permitted with the explicit consent from the Data Subject (the policyholder, the insured person) only, provided the data is required for entering into and performing the insurance contract, assessing insured risks, and for reinsurance purposes. When entering into an insurance contract, we have the right to request data that will affect our decision to conclude the insurance contract or decision regarding some of its terms and conditions.

Usually, for insurance contracts where the insured risk is related to the health of the policyholder or the insured person (such as accident or health insurance), entering into the insurance contract requires health data of the policyholder or the insured person.

Disbursement of the Insurance Benefit

If you apply for the disbursement of the insurance benefit, we will process your Personal Data to administrate the claim file and to make the decision on the disbursement of the benefit in the insured event.

In the occurrence of an insured event, the policyholder, the insured person, the beneficiary, and/or the injured third person must provide the insurer with all available documents and information about the circumstances and consequences of the insured event or an event that can be recognised an insured event, as may be required for the purposes of assessing the insurance benefit, including special categories of Personal Data (data about health condition, injuries, cause of death, and so on). We have the right to process this data to determine if the insured event actually happened and whether it happened during the period of insurance, as well as the extent of the compensation.

We can collect (and continue to process) special categories of Personal Data not only from the policyholder, the insured person, the beneficiary, and/or the injured third person, but also from Data Recipients such as healthcare institutions, the State Patients’ Fund under the Ministry of Health, or other state or municipal authorities (such as the police), as well as data about the insured person’s and the injured third person’s health, medical services provided, illnesses diagnosed, injuries sustained, capacity for work, and cause of death as processed in registers, information systems, and other data files. This type of collecting Personal Data may be grounded on an explicit consent from the Data Subject, unless the Data Subject is deceased, if it is necessary for the purposes of determining the circumstances and consequences of the insured event or assessing the insurance benefit, or if there are other grounds to collect this data.

For example, in the event of termination of a trip due to illness with travel insurance in effect, it is reasonable that we submit a request to the general practitioner of the insured person to provide information about the insured person in order to find out whether the insured event (illness) occurred during the period of insurance and whether it was an unexpected and sudden event. The application is accompanied by the insured person's consent to the collection of their Personal Data.

We process your Personal Data that we receive from other insurance companies, public registers, state authorities, doctors and medical institutions, as well as Personal Data, including health data related to your previous applications for the disbursement of insurance benefits.

When you need medical assistance due to an insured event that has occurred in a country outside the EU/EEA, in the case of travel insurance, your Personal Data is transferred to the relevant country outside the EU/EEA in order to confirm the validity of the insurance cover. This transfer is necessary for the performance of the contract between you and Compensa.

When you need roadside assistance abroad or if you have been in a traffic accident outside the EU/EEA, your Personal Data is transferred to a country outside the EU/EEA in order to provide you with the necessary assistance, to process the application for the disbursement of a third-party liability insurance benefit in the insured event. This transfer is necessary for the performance of the insurance contract.

We process Personal Data in order to perform a voluntary health insurance contract between Compensa and/or Compensa Life and the policyholder (the employer), whereby you are the insured person. The contract of voluntary health insurance is concluded for the benefit of the employee (the insured person) when the insured person is not a party to the insurance contract.

What is specific about voluntary health insurance is that the Personal Data of the insured person, such as name and last name and personal identification number, is collected for the purposes of entering into the insurance contract from your employer (the policyholder) rather than from you as the insured person directly. In certain cases, when insured persons wish to insure their family members with voluntary health insurance, we receive your Personal Data from them. The subsequent processing of Personal Data of insured persons, including the processing of health Personal Data, is based on the consent that you, as the insured person, give us to the processing of health data.

Compensation of Costs

Depending on the extend of health insurance they have, insured persons can pay for healthcare services with their health insurance card or provide documents validating the costs to the Company providing the health insurance cover. When you use voluntary health insurance services, we process your Personal Data, including special categories of Personal Data, in order to administer the claims file and make a decision on the reimbursement of your expenses in the insured event, or the denial of the insurance benefit when the event is recognised as uninsured.

We may collect (and continue to process) Personal Data, including special categories of Personal Data, not only from the insured, but also from other Data Controllers (such as healthcare institutions, hospitals, the State Patients’ Fund under the Ministry of Health, pharmacies, wellness service providers, and other companies to which the insured person has applied for the reimbursement of the costs of the services provided, as well as data contained in registers, information systems or other data files) about the services provided to the insured person and the scope thereof, the goods purchased, the state of health of the insured person, the diagnostic and treatment services provided, the diseases diagnosed, the injuries sustained, the level of capacity for work, and so on. Depending on the scope of your health insurance, Personal Data, such as name and last name, personal ID number, scope and limits of health insurance, are transferred to the data recipients whose services the insured person uses.

Depending on which Company the insured person is insured with, persons insured with voluntary health insurance can use our mobile applications created for this purpose, the SEESAM app (Compensa) or the Compensa Life app (Compensa Life), to pay for healthcare services and/or to have their healthcare costs reimbursed. The submission of documents confirming the costs related to healthcare through the aforementioned apps is secure, since the data so provided is stored in the main information system of the respective Company and is only displayed in the application.

For the above purposes, we process Personal Data related to your health (such as information about procedures or operations performed on you while the insurance cover was in effect and in previous periods of insurance cover, your complaints, diagnoses, illnesses, treatments, wellness services, and so on). Depending on the situation, we may also process other Personal Data that is necessary for the proper performance of the health insurance contract (such as financial data: bank account number, reimbursable amount of insurance benefit, and so on).

We process Personal Data in order to prepare and submit insurance offers that are aligned with your needs, to inform you about special promotions, offers and discounts, and to conduct surveys. Direct marketing messages may be provided during a phone call or sent as text messages, by e-mail and other means (such as through our self-service system).

We process your Personal Data, which we receive directly from you or from persons who collect your consents for direct marketing on our behalf.

We process your Personal Data for direct marketing purposes with your consent or if we have a legitimate interest in processing such data for direct marketing purposes.

We process your Personal Data for direct marketing purposes based on your consent only if you have given your consent to such processing of Personal Data of your own free will.

We process your Personal Data for direct marketing purposes based on our legitimate interest only if we have reasonable grounds to believe that you expect us to do so. For instance, with our existing clients, we may provide information about insurance products similar to those that are already owned by our client, inquire about their opinion on the quality of the insurance services provided. We prepare this information on the basis of our legitimate interest, so we do not ask for your consent, but you can decide whether you allow us to do so.

You always have the right to disagree with the processing of your Personal Data for marketing purposes or to withdraw your consent when the processing is based on consent, depending on your relationship with one of the Companies. You can do this at any time by contacting the appropriate Company in writing, orally, by phone, on the self-service portal, by e-mail at tiesioginerinkodara@compensa.lt or tiesioginerinkodara@compensalife.lt, or by unsubscribing from newsletters in the manner specified in the marketing communications. Information about the Personal Data processed when you provide your consent or do not object to the processing of your Personal Data on the basis of a legitimate interest is available in the memo about this consent or permission to process Personal Data (in the case of legitimate interest).

Extension of Insurance Cover

If we have an effective insurance contract with you, we will remind you of the pending expiry thereof, as in certain cases we are legally obligated to do so. In addition, good practice of insurance services provides that we must make reasonable efforts to ensure continued insurance coverage in all cases where it is believed that the person has an interest in insurance coverage. As a rule, it can be assumed that it is in the interest of the policyholder to keep their insurance coverage effective. Thus, we can remind you that the insurance contract with us is coming to an end, and so is the insurance cover. In this case, we consider it reasonable that, together with a reminder, we send to you a new insurance contract, offering to start negotiations before concluding an insurance contract. In this case, our communication is not considered direct marketing. This principle also applies if an existing contract is renewed, additional benefits are offered under an effective insurance contract, including cases when the insurance contract has been transferred to a new policyholder.

We do not process special categories of Personal Data and your personal ID number for direct marketing purposes.

In certain cases, we carry out profiling and can make our decisions by automated means.

Automated decision-making, including profiling, is used to purchase insurance services such as compulsory motor vehicle operator third-party liability insurance, personal, travel insurance online and via other channels. Automated decision-making, including profiling, is necessary in order to conclude, extend or renew the insurance contract between the Data Subject and the Company by assessing the risks insured.

In that case, the insurance offer is submitted to you automatically, after assessing the Personal Data and/or the data of the insurance object as provided by you, which can be used for assigning you and/or the object of insurance to a certain risk group, meaning that the Company's information systems automatically calculate the price based on the data such as the model of the vehicle, the claims history, age, region, hobbies, occupational risks, health status, or other factors. Automated decision-making can also be made by drawing on our experience of the likelihood of insured events and possible damage. After this information has been evaluated, statistical risk models are used to assess the insured risk accordingly, and the insurance premium is calculated.

Automated identification and profiling of the insured person's risks helps us to reduce the possibility of discrimination against the client and abuse by the employee, and allows us to make faster decisions on the entry into the insurance contract and on its terms in accordance with the recommendations provided by the above programs.

Following automated assessment of the insured risks, its outcome can determine a set of terms of conditions of the insurance contract different from those that you specified in your application, or we may decline entry into an insurance contract altogether.

You always have a possibility to apply for an insurance offer via other channels, such as by phone or by visiting any of our client service units.

Automated decision-making, including profiling, can also be used to evaluate the marketing information to be provided. In this case, automated decision-making is carried out in view of the history of the Data Subject and other data, the evaluation thereof aimed at providing the Data Subject with the most appropriate and relevant information.

You have the right to access the Personal Data used to create your profile, as well as to access information about the profile and the segments or categories that you were assigned to. In addition to the right to access your Personal Data, you are also entitled to exercise other rights provided for in the GDPR and described in this Policy below.

With automated decision-making and profiling, when the processing of Personal Data is based on Article 6.1(e) or 6.1(f) of the GDPR, as well as with profiling for direct marketing purposes, you have the right to object, as provided for in Article 21 of the GDPR.

Having familiarised yourself with the automated decision and in the cases outlined in Article 22.2(a) and 22.2(c) of the GDPR, you have the right to demand, in writing or in person by visiting one of our offices, human intervention, express your point of view, receive an explanation of the decision taken as a result of this assessment, as well as the right to challenge that decision.

We also process Personal Data in order to ensure compliance with the requirements of international legislation regulating the enforcement of sanctions. For that purpose, we may also use automated decision-making, including profiling, to assess whether a person is subject to international sanctions. Automated decision-making is carried out by assessing whether the Data Subject falls within the scope of persons (or is a specific person) subjected to international sanctions.

For the above purpose, we process your personal identification data (such as name, last name, date of birth, personal ID number, residence details, citizenship, state of residence, and so on) throughout the entire period of our relations with you.

To ensure the enforcement of international sanctions, we also process Personal Data of individuals related to corporate clients, identify the ultimate beneficiary (private individual(s)), whom we also check for compliance with international sanctions on a compulsory basis.

Sanctioned individuals and entities are not eligible to receive insurance services. If an individual or an entity is found to be subject to international sanctions, we notify the competent authorities (the Financial Crimes Investigation Service under the Interior Ministry) to the effect when we have an obligation to do so. If an individual or an entity matches against any international sanctions, we also have the right to terminate our contractual relations with that individual or entity, including termination of the insurance contract and insurance cover, and we may deny disbursement of the insurance benefit.

Compensa Life processes Personal Data to implement the requirements of the legislation regulating anti-money laundering and countering the financing of terrorism.

Personal Data is collected from you, as well as from external sources, such as public registers; we process data obtained when you use life insurance services, including data from the application of the Know Your Client principle and the monitoring of your transactions. When necessary, we transfer your Personal Data to the relevant authorities.

The legislation imposes an obligation on Compensa Life to carry out due diligence of its clients, including the Know Your Client procedure, and to understand the purpose and intended nature of the client’s business relation or one-time monetary transaction. We must also assess the risks associated with money laundering and the financing of terrorists. This helps us make sure that the services are used for legitimate purposes and prevent unauthorised use thereof. Therefore, both before and after entering into a business relation, we ask the client to provide basic information about themselves, their activities and sources of income, their financial transactions.

To achieve this goal, we must establish your identity and request that you provide accurate and correct information about yourself, as well as any supporting documents, when necessary. Compensa Life may use information obtained from public registers, such as the Population Register, the Register of Legal Entities, the Real Estate Register, as well as the data provided by you. To that end, we may also review publicly available information about you.

Whilst implementing the requirements of the legislation regulating anti-money laundering and the financing of terrorists, we ask you to indicate whether you or your close family members or close aides are politically exposed persons who are or have been entrusted with important public positions in the Republic of Lithuania, the European Union, international or foreign institutions.

In the course of our business relations, we regularly or on a case-by-case basis ask you to update the Personal Data provided, as well as to review whether the previous data from public registers is up to date. The legislation imposes an obligation on Compensa Life to carry out constant monitoring of business relations and transactions in order to make sure that they are not suspicious. The activities of due diligence and their schedule depends on the client’s risk profile in relation to money laundering and the financing of terrorism.

Any suspected instance of money laundering or terrorist financing is reported to the relevant authority (the Financial Crimes Investigation Service under the Interior Ministry of the Republic of Lithuania), ensuring the confidentiality of the report.

For the purposes of Know Your Client, we also process Personal Data of private individuals who are related to our corporate clients. We determine the identity of the representative of a legal entity (its manager, authorised representative, procurator, other persons who hold executive positions with the legal entity, such as an insolvency administrator), and for this purpose we collect their personal identity data, demographic data, contact details, data on their relationship with other legal entities. The identity and demographic data of the participants of the legal entity and its beneficiaries must be provided on a compulsory basis. We also collect data on the share of the capital of the legal entity as a percentage, data on other legal entities where the legal entity holds a stake. When necessary, we also collect and routinely update Personal Data of representatives, participants and beneficiaries of the legal entity from registers such as the Population Register, the Register of Legal Entities, including the information system of Participants of Legal Entities, the information subsystem of Beneficiaries of Legal Entities, the Real Estate Register, and use other open-source information. We request information about ultimate beneficiaries as we are legally obligated to understand the management structure of the client and to properly identify the private individuals controlling the company.

We may also control other mandatory Personal Data if necessary to comply with the applicable legal requirements or to defend our rights and legitimate interests.

We process Personal Data to manage risks and exercise prevention of fraud in compliance with the applicable legislation and in pursuit of the legitimate interests of Compensa and Compensa Life.

By managing risks, we aim to ensure that both before entering into the contract and during the investigation of the insured event, as well as in other cases, our clients provide us with correct, accurate, and reliable information about themselves, the object of insurance, the event, and so on, so that we can make an informed and correct decision to assume or not to assume the insured risk, to conclude or not to conclude an insurance contract, what the terms of the insurance contract should be determined, including the amount of the insurance premium, as well as whether or to recognise the event as insured or not, and on the amount of the insurance benefit to be paid.

By exercising fraud prevention, we strive to ensure that the insurance market operates in a transparent and reliable manner. We understand fraud as unduly receiving or trying to receive an insurance benefit for your own benefit or for the benefit of others, or raising the amount of the insurance benefit payable under the insurance contract, as well as knowingly providing misleading information to pay an unreasonably lower insurance premium for the insurance service, and so on. To be classified as such, fraud under this Privacy Policy need not have all the hallmarks of fraud or other kinds of criminal activity as defined in the Criminal Code of the Republic of Lithuania.

Therefore, in an effort to manage risks and exercise fraud prevention, we process your Personal Data in the following cases:

• in the course of pre-contractual assessment of the insured risk;
• in the process of managing risks as part of maintaining business relations;
• in the process of identifying, investigating, and/or reporting suspicious activities, such as documentary forgeries, fake events, misleading information, and similar cases aimed at obtaining an undue insurance benefit;
• to prevent fraud, identify and investigate potential fraud as part of insured risk assessment, investigation of insured events, as well as in the process of monitoring and supervision, evaluation of events that have been through the administration procedure, and application of relevant measures;
• in the course of releasing information to supervisory and other governmental bodies, both on our own initiative and on demand, as well as in the process of cooperation with the authorities in their performance of the supervisory functions and checks;
• while cooperating with and releasing information to external auditors.

So, to be able to manage the insured risks in a structured manner and to prevent various instances of fraud and carry out ongoing assessment of the related risks, monitor and prevent illegal actions and attempts to obtain an undue gain out of the insurance relationship, we collect and process information (including Personal Data) about potentially inappropriate use of our services, or attempts to use them inappropriately.

Please note that in certain cases we may exchange your Personal Data with other insurers for fraud prevention purposes. To that end, we may collect from other insurers or provide them with data of the policyholder, the insured person, the beneficiaries or other persons involved in or related to a particular event, as well as information about the circumstances of the event and the amount of losses and prior events and their consequences, since it is in the case of loss contracts that the principle of full compensation for damages, double insurance, and other matters of fair compensation for damages become relevant. We assure you that in any case, Personal Data is requested and provided only to the extent necessary to achieve a specific and legitimate purpose as clearly stated by the insurer as the data recipient. Besides, when exchanging data, this is always done at a separate request, clearly stating the purpose for which the Personal Data will be used, the legal basis for processing the Personal Data so provided and received under the GDPR, the Law on Insurance or other legal acts and the terms of insurance contracts. Also, information is requested and provided only to the extent necessary to investigate the circumstances laid down in the request at all time.

When you contact us by phone or, in some cases, when our employees call you on the phone, a recording of the call is made. We make records of phone calls and process Personal Data for the purposes of ensuring the quality and accuracy of the information, entering into and performing insurance contracts, so that we have evidence of communication in the event of a dispute.

Phone calls are recorded with us giving an advance notice to you and subject to your consent to the call being recorded only.

For the above purposes, we process data such as the caller's phone number, call metadata (date, time, duration of the connection), content of the call.

It is important for us to properly serve you and provide you with the necessary information when you contact us. We process your Personal Data when we serve you upon your arrival at our service locations, when you contact us by phone, e-mail, via self-service using the virtual chat functionality on our website, or in any other way. When we provide you with information and communicate with you in one of the above ways, in order to ensure the provision of services or to comply with the requirements that apply to us under the legislation, we must process your Personal Data, such as contact details, information about the services requested and/or provided, and information related to the entry into and the performance of contracts. For this purpose, we process Personal Data such as your name, surname, e-mail address and phone number, content of communication, date and time of contact, and other data that you provide to us.

Your Personal Data is processed with the aim of properly managing and organising the internal processes of the Companies and defending our legitimate interests.

Processing Personal Data is necessary for activities related to our main business, which is the provision of insurance services. These include the collection and accounting of insurance premiums, the payment of insurance claims, the recovery of amounts paid from the culprits, the collection of debt, the conduct of legal proceedings, the examination of complaints and claims, and so on. All Personal Data related to this is processed with a clear legal basis. The Personal Data processed depends on what category of Personal Data is processed, and for what purpose.

If you have overdue obligations, Personal Data may be transferred to the credit bureau UAB Creditinfo Lithuania. This credit bureau processes and issues your Personal Data to third parties in order to assess the person's creditworthiness and manage the debt, which in the future may affect your ability to conclude transactions. The following of your Personal Data is provided to the credit bureau: contact details and credit history, meaning information about financial and property-related obligations and the fulfilment thereof, debts and the payment thereof. The provision of information about your Personal Data does not relieve you of your responsibility to cover any debt that may exist.

We also carry out certain administrative activities to ensure the efficiency and suitability of our business operations. For instance, we have a duty to keep bookkeeping records when part of this process consists of your Personal Data: personal identity data, bank account data, insurance premium amounts, and so on. Furthermore, the Companies also organise the selection and are obliged to publish a list of insurance intermediaries. This list features such Personal Data of insurance intermediaries as name, surname, number of the certificate of the insurance agent or intermediary for additional insurance activities, date of listing, and so on. These duties are imposed on us by the legislation.

We process your Personal Data when we carry out auxiliary activities that are related to the provision of insurance services, such as deployment and maintenance of information systems, obtaining an opinion about the quality of services provided, administration of our website, and so on. This is one on the legal basis of our legitimate interests to maintain, expand, evaluate and improve our activities and services, and improve the client experience.

We also process Personal Data in order to establish, exercise, or defend legal claims. As a rule, this type of processing of Personal Data is limited to the storage of information for the examination of potential claims. When we need to defend our rights or when a claim has been made, we process information that is relevant to a particular case. Depending on the situation, this may include the transmission of information to judicial and extrajudicial bodies of dispute resolution for the purpose of resolving the dispute, and to companies and individuals providing legal services.

You have the rights spelled out in the GDPR and outlined below, and, as a Data Subject, you are entitled to approach us on matters pertaining to the processing of your Personal Data. Please note that some of your rights are not absolute and we may not necessarily enforce them.

You have the following rights:

The Manner of Exercising Your Rights

We will allow you to exercise the above rights following an identification and authentication procedure. You may exercise your rights by:

If the Data Subject fails to identify themselves, the Data Subject may not exercise their rights. This stipulation will not apply when the Data Subject files a request to be informed about the processing of the Personal Data under GDPR Art. 13 and 14 or withdraws the consent to direct marketing.

With direct marketing, you may exercise your right to object to processing by using the appropriate links available at the bottom of the marketing content, during the marketing call, or by simply contacting us in any way that may be convenient to you (see Direct Marketing above).

We will provide information about the processing of your Personal Data free of charge. For unreasonable, repeat, or disproportionate requests, we may establish a fee to offset our administrative expenses. We may also ask you to make your inquiry more specific so that we can expedite our reply. We will reply to your inquiry within 30 days of the date of receipt thereof. This deadline may be extended for up to two months if your inquiry is complex or if you have filed multiple inquires (in this case, we will notify you of the delay in a reply).

We may deny you conditions to exercise the above rights when we are legally obligated to ensure the prevention, investigation, and determination of offences and violations of company or professional ethics, as well as the protection of the rights and freedoms of other persons.

If you believe that your rights have been infringed or your Personal Data has been processed in deviation from this Policy, you may file a complaint to the State Data Protection Inspectorate; however, we recommend that you address us using the contact details provided below first.

You have the right to address Compensa and/or Compensa Life to file an inquiry, withdraw a prior consent, submit request regarding the exercise of the Data Subject’s rights, as well as complaints with respect to the processing of Personal Data.

The contact details of Compensa and Compensa Life are available online at www.compensa.lt. Depending on your insurance contracts, you may contact Compensa and/or Compensa Life by general e-mail addresses at Compensa info@compensa.lt or Compensa Life info@compensalife.lt, as appropriate considering the Company which is the counterparty of your insurance contracts, or by phone at 19111.

You may also contact Compensa’s Data Protection Officer by e-mail at dpo@compensa.lt, or Compensa Life’s Data Protection Officer at dpo@compensalife.lt, or write a letter to Ukmergės g. 280, 06115 Vilnius, Lithuania, depending on which company you wish to address.

Since we continuously aim to improve our services, we reserve the right to modify this Privacy Policy at any time. Any modifications and amendments will be published on this website without delay. Regardless of the generality of the above, you are advised to regularly revisit this website to check for any updates.

Last updated as of 31 July 2024.