Privacy Policy
Please read this document carefully as it contains details of how we will process and store your personal data. We will process and store your personally identifiable information in accordance with the Data Protection Act 25th May 2018, which incorporates the General Data Protection Regulation (GDPR) into Europe union law.
In this document, references to “We”, “Us” and “Our” mean the My Policy Group which includes Nova Assistance LTD (an Medical Assistance and Insurance distributor), and project Nova Help (a wholesale insurance Broker intermediary).
You should show this document to all parties related to this insurance policy. If you have given us information about someone else, you are deemed to have their permission to do so.
If you have any questions or need any further information you can email admin@novasist.net or write to the Data Protection Officer, Nova Assistance LTD, Republic of Moldova, Chisinau, st. Bucuresti 10.
Lawful Basis of Processing
Under Data Protection legislation, the lawful bases we rely on for processing your information are:
Insurance case opening – processing is necessary to enable you to check into an insurance contract with us and for us to administer your insurance case.
Legal Obligation – processing is necessary to comply with a legal or regulatory obligation.
Legitimate Interest – processing is necessary for our own legitimate interests or those of other data controllers or third parties (e.g. to search for you nearest hospital, contact them for you, emergency calls or other communications, for medical assistance research, analysis and your treatment problem) except where such interests are overridden by the interests, rights or freedoms of the data subject.
Consent – where you have given us permission to do so, we will use your personal information for Medical Assisstance purposes.
Collecting Your Information
We collect personal data which includes a variety of information about you (e.g. your name, address where are you at the moment, date of birth, Insurance policy number and your contact details). Where relevant, we will also collect information which indirectly relates to you by reference to an identifier (e.g. your Geolocation).
We will also collect more sensitive personal information including health information (medical conditions).
In certain circumstances, we will also collect data from other sources (e.g. publicly available sources such as hopital networks, third party databases available to the insurance services sector, tour operators, flying air companies), including information from you regarding your previous insurance arrangements.
Your personal information is primarily used for the purpose of providing insurance companies with an insurance quotation of medical insurance, arranging medical assistance from insurance policy, and the ongoing administration of your insurance contract, including assisting with making a claim. We record all telephone calls for training and monitoring purposes, therefore any personal information you give us during telephone calls is collected. If you do not provide the information we request, this may prevent us from being able to provide you with medical assistance.
Using Your Information
We will ensure that your personal information is processed lawfully, fairly and in an open and transparent manner. We will also ensure that appropriate security measures are in place against unauthorised or unlawful processing, or accidental loss, destruction or damage using appropriate technical or organisational measures e.g. restricting access to certain aspects of your information to key people within our organisation, and periodically checking the level of security in place to prevent unauthorised use, accidental loss or misuse of your information.
We are governed by and shall operate in accordance with contracts we have in place with our suppliers (e.g. insurers, software providers and other providers of services to us) which set out our relationship as a data processor as required by current data protection legislation.
As a data controller, we determine the purpose and means of processing personal data. In particular, the data processed by Nova Help and other processors e.g. when we act in our capacity as a wholesale insurance distributor and our Telematics data processor.
In certain circumstances, such as when you request information, or renew your insurance policy, our assessment may involve an automated decision to determine whether we are able to provide or continue to provide you with an insurance case information. You can object to us using an automated decision however, in those situations it may prevent us from being able to provide you with medical assistance.
As part of our activities as an insurance intermediary, a wholesale distributor of insurance or our actuarial activity, we may also process personal data for profiling or analytics purposes.
We will also use your information to enable us to comply with a legal obligation (e.g. for the prevention and detection of fraud and financial crime, which may include processes which profile you, and for the recording and monitoring of telephone calls for training and monitoring purposes).
Analytics (Aggregated Information)
When processing personal data for profiling or analytics purposes, we will have appropriate safeguards in place to ensure that:
Processing is fair and transparent, and provide meaningful information about the logic involved, as well as the significance and envisaged consequences.
Appropriate mathematical or statistical procedures are used for profiling.
Appropriate technical and organisational measures are in place to enable inaccuracies to be corrected and minimise the risk of errors.
Your personal data is secure in a way that is proportionate to the risk to your interests and rights and prevents discriminatory effects.
By collecting information regarding your current, ongoing, and past insurance cases we will use this to carry out research and analysis (including profiling). We do this in a way that involves large volumes of information being converted into statistical or aggregated data meaning that individuals cannot be identified. Some aspects of research and analysis we undertake are separate from using your information directly in connection with your insurance policy but are still compatible with our activities as an insurance provider.
Using our Website and Cookies
When using our website, you will be asked to accept a cookie, which is a small file of letters and numbers that is downloaded onto your computer. This will be explained to you when you visit our website, and you will typically have to accept the cookie to benefit from the services offered on our website.
Cookies are operated in strict accordance with the Privacy and Electronic Communications Regulations 2011 (PECR) and enable our website to remember your preferences by recording information you have entered. These rules also apply if you access or use any other technology to gain access to information stored electronically by us (e.g. your online dashboard).
Sharing Your Information
We will share information, including sensitive information about you and other parties related to this insurance where it is necessary to do so (see Lawful Basis of Processing section). The information will be shared with carefully selected third parties which provide a service to us, or on our behalf. This includes insurers, insurance companies websites, medical software providers, Nova Assistance LTD, and our telematics data provider.
Other than the reasons outlined, we will not share your personal information without good reason and without ensuring that appropriate safeguards are in place. In any other event, we will ask for your consent to share your information and explain the reasons why.
We store all your personal information in the Germany datacenter. No personal data will be processed or stored outside of the Germany datacenter without adequate data protection in place which is at least equivalent to current GDPR data protection legislation. If we are required to transfer your personal information outside the Germany, we will do this in compliance with the conditions of transfer set out in the Data Protection Act 2018 and/or restricted to a country which is considered to have adequate data protection laws. We will take all reasonable steps to ensure the firm has appropriate security standards in place to protect your information and provide you with details of the applicable safeguards.
Storing Your Information
We will only retain your personal information for as long as is necessary in providing our products or services, or for compliance with a legal or regulatory obligation, including our legitimate interests or those of other data controllers such as Nova Assistance, and/or our telematics data provider.
This means we will only keep information which is necessary to keep, deal with queries, claims or compliance with legal reasons for a maximum of 14 months for support which are not taken up, or 6 years from the date your insurance policy comes to an end. If we are required to retain information beyond this period (e.g. for legal reasons), we will ensure the data is minimised and limited to information which is adequate for these purposes.
During the data retention period, we will take further steps to safeguard your personal information with additional layers of security in place to prevent unauthorised access or misuse.
We will regularly review the length of time we retain your personal information and the purpose of retaining the information. Where information is no longer needed, we will ensure it is securely deleted and update, archive or delete outdated information.
Individual Rights
You have the following rights relating to the information we hold about you:
Right of Access – you have the right to request a copy of the personal information we hold about you.
Right to Rectification – if you believe the information we hold about you is inaccurate or incomplete, you have the right to ask us to rectify this.
Right to Erasure – you have the right to ask us to delete your personal information in certain circumstances e.g. where it is no longer necessary.
Right to Restriction – you have the right to ask us to restrict processing for your personal information in certain circumstances. When processing is restricted, we are permitted to store your information, but not use it.
Right to Object – you have the right to object to certain uses of your personal information.
Right to Data Portability – you have the right receive a copy of the personal data you have provided to us in a structured, commonly used and machine-readable format e.g. a CSV file. You can also request that we transfer a copy of your personal information directly to another data controller.
Right to Withdraw Consent – if you have previously given us permission to contact you for medical assistance, you have the right to withdraw this consent at any time.