Legal notice - Privacy Policy

The DKV Seguros Group not only insures its customers but it also protects their fundamental right to privacy. We have adapted to the new information requirements in this area required by the general data protection regulations (hereinafter, GDPR) and the Organic Law 03/2018 of personal data protection and guarantee of digital rights (hereinafter LOPDGDD). Below you will find important information on these requirements.

Basic information on data protection

Controller

>DKV Seguros y Reaseguros SAE

+ company info: https://eng.dkvseguros.com/informacion-corporativa/informe-corporativo

+ info personal data processing: dpogrupodkv@dkvseguros.es

Lawful basis for personal data processing

  • Design and preparation of the policy and supplements/appendices
  • Management of services
  • Management of legal communications as an insurance company
  • Fraud risk management for preventing, detecting, reporting and correcting irregularities and fraud 

Lawful processing of personal data

  • Performance of a contract
  • Fulfillment of legal obligations
  • Legitimate interest of the Controller
  • Consent of the data subject

"Beneficiaries" (of transfers)

  • Other companies of the DKV Seguros Group and ERGO Group
  • Managers of Processing and Outsourcing (call center, BPOs, etc.)
  • Other insurance, reinsurance and/or co-insurance companies
  • Medical suppliers and other suppliers (experts, repairers, brokers, etc.)
  • Directorate-General for Insurance, Authorities and Administrative Judicial Bodies

"Rights" (of the data subject)

Access and challenge to assessments, rectification, opposition, limitation, deletion and portability.

Origin of the data (when not obtained from the data subject)

  • Database providers
  • Personal data made public by data subjects on Internet or social networks
  • public sources of Official Bodies
  • Joint credit record
  • Medical centres and medical professionals and other general providers
  • Of other insurers (if you exercise the right to portability)

 

Detailed information on data protection

Scope

This privacy policy applies in general to all websites property of the DKV Group (DKV Seguros and its societies) and its mobile device applications. However, some applications and services offered by DKV may have specific privacy policies.

Our websites may contain links to third-party sites (external links). The respective owners of these websites shall be responsible thereof, as well as of the privacy policy established in each case.

If you find a link on our website that leads to content that infringes the current law, please notify us by email dpogrupodkv@dkvseguros.es. We will perform the appropriate checks and delete them from our website without delay.

Who is the Controller?

DKV Seguros y Reaseguros SAE (hereinafter, DKV)
Tax ID A50004209
Address: (Torre DKV) Avenida de María Zambrano 31, 50018 Zaragoza.

Information of interest: https://eng.dkvseguros.com/informacion-corporativa/informe-corporativo

Data Protection Officer (DPO): At the postal address specified above or by email: dpogrupodkv@dkvseguros.es

Depending on the insurance policy you have purchased, the Controller will be other companies of the DKV Group and those stated in the Legal Notice.

If, in addition to the insurance, you use digital health services complementary to your policy or products that include services such as the Health Club, telemedicine or self-healthcare applications and you register in their websites, DKV Servicios, another company from the DKV Group will control the data processing.

How does the Controller obtain my personal data?

DKV has obtained the personal data subject to processing through different channels:

  • As read:
    • When you access our services through different digital channels in order to design an insurance project, either through a broker or directly through the company.
    • Through your participation in events, talks and various sponsorship actions, campaigns and responsible business projects.
    • Subscription to DKV blogs through participation in actions, events
  • Through the information found in shared files created by insurance companies with legal authorization and those to which DKV is adhered, as well as through databases on credit records and money laundering and financing of terrorism, among others.
  • From public registers and/or publicly accessible sources if necessary and provided there is a legitimate interest.
  • If you are registered as an insured person or beneficiary in a policy, your personal data will have been obtained from the policyholder of this policy.

If you provide us with information on other data subjects, you must ensure that the information is accurate, complete, up-to-date and understandable. Thus, before you report this information to DKV, please read this privacy policy, especially the clauses containing information about the policy for other members of the policy and obtain their consent when required from subjects of legal age.

What is the lawful basis for personal data processing?

If you are a customer, policyholder, insured person or beneficiary, your personal data shall be processed for the aforementioned purposes, or any compatible reason, details of which are listed below:

  • Formalising and managing the requested insurance contract and/or project, for the purpose of complying with the contractual obligations, managing the insurance company's activity. This management involves, among other functions, assessing and defining risk areas, processing claims, charging premiums, paying for provisions, managing health promotion and prevention plans, as well as performing other additional services relating to insurance.
  • Profiling through cases of use with aggregated data for the purposes of business intelligence, statistics, use of digital channels, detection of misconduct, fraud prevention and market research. Under no circumstances will automated decisions be made based on segmentation if such decisions can entail negative legal effects for you.
  • Actions to promote customer retention, loyalty and detection of the flight risk of customers.
  • To keep you informed, through various channels, even by electronic channels (text messages or email) about promotions and improvements in the product you have purchased and other similar products and services and which we consider of your interest. Once the contractual relationship is over, you will continue to receive these communications for a maximum of one year, unless you exercise your right to oppose the processing for advertising purposes.
  • Information and service quality surveys, regarding the services provided at different points in time (contract date, a neutral time, post-claim), as well as reputation surveys with the company's different interest groups.
  • Complying with the sectoral regulation that applies to DKV based on its insurance activity and considering the services provided, especially the regulations on insurance, distribution, prevention of money laundering, where applicable, and fraud prevention and investigation.
  • Active management of information security.
  • Studies, actuarial and statistical calculations.
  • To ensure the effectiveness of compliance functions and attention to the rights to information and privacy.
  • To exercise or defend complaints or claims of all types that may arise from the contractual relationship.
  • To send you commercial information and/or promotional advertising on DKV insurance products and/or services and its investees.
  • With your consent, you will also be sent commercial communications, even via electronic means, adjusted to your profile, on products and services of other companies of the DKV Seguros Group.

If you carry out an economic project (already containing a minimum set of data), but you do not formalize it in a policy, your personal data will be processed for this end or compatible ends:

  • For the execution and management of the requested insurance project, after the validity of this proposal, your personal data will be deleted and you will be asked to resubmit it. If you have communicated specially protected data and you do not sign a contract, the data will be blocked until the waiting period established for this waiver expires.
  • Complying with the sectoral regulation that applies to DKV based on its insurance activity, especially the regulations on insurance and distribution.
  • Exercising or defending any claims that could arise from the relationship.

At DKV, specific processing may be subject to the adoption of automated decisions and/or the development of profiles. This means that certain decisions may be adopted automatically, without human intervention, where the data subject always has the right to request a review of the results reached, express their point of view and challenge the decision; in accordance with the applicable regulations at any time.

How long will my personal data be stored?

DKV has different storage periods according to the type of personal data processing used and the standards regulating it.

If you requested a quote but for some reason the insurance contract is not drawn up, your personal data will be blocked for the legal period observed for these cases and in the case of especially protected personal data, with the legal purpose of detection of malicious act or fraud until the expiry of the waiting period that gave rise to the invalidity or impossibility of entering into the contract.

If you are a customer of a policy, either policyholder, insured or beneficiary, your personal data will be stored in full while you are a customer and if you cease to be a customer, they will be blocked in accordance with the stipulations of the LOPDGDD for at least 5 years, as set forth in the Insurance Contract Act (art. 23) for insurance policies and for 10 years in Life insurance policies, based on articles 28 to 30 of Royal Decree 304/2014, which approves the regulations of Law 10/2010 on the Prevention of Money Laundering. After this term, they will be definitively deleted or irreversibly rendered anonymous.

Having elapsed these periods, their final deletion will be performed. The exercise of the right of deletion shall not reduce in any case the legally established storage periods.

To which suppliers is my personal data disclosed or transferred?

>DKV Seguros y Reaseguros SAE (DKV) will disclose your personal data to other affiliates of the insurance group. These are specified in our Legal Notice, as well as our DKV Integralia Private Foundation, which provides the contact centre service for all our customers.

Medical professionals are our largest supplier network. Details of these can be found in our website or in our mobile devices apps. The fact that we receive services from these providers does not necessarily mean that your personal data will be disclosed to them.

Your data may be transferred to the Directorate-General for Insurance and other Administrative and Legal authorities or bodies, according to their competencies, when these are required or this disclosure is necessary for safeguarding the legitimate rights and interests of DKV. DKV assures its customers that it always applies the principle of minimum data and privacy regarding requests for information from third parties.

In accordance with the legal empowerment established in article 99.7 of Act 20/2015, of 14 July, regulating the Organisation, Monitoring and Solvency of insurance and reinsurance companies, insurance companies have created fraud prevention files through their Corporate Association, UNESPA (with registered address at C/ Núñez de Balboa 101, 28006 Madrid), and DKV, as part of a legitimate interest, may use these files and communicate data if deemed necessary in the future.

Security and confidentiality in the processing of data

DKV complies with the security measures for personal data processing established in Royal Decree 1720/2007 of the repealed Law 15/99, as well as the provisions set forth in the GDPR and the nationally in the LOPDGDD.

DKV is one of the first insurance companies to adhere to the UNESPA guide to best practice in personal data processing. More information in www. UNESPA.es

When carrying out risk analysis, we rely on the provisions of international safety regulations such as the family of the ISO27000 group, the COBIT and Application Controls and the National Security Framework, among others, as well as internal compliance control models.

Our staff has been trained and informed regarding the legal requirements on data protection and privacy, and they have the obligation to maintain the duty of secrecy regarding the processed data, in accordance with the provisions set forth in the GDPR.

DKV Group companies have included a new text in the requests for information prior to contracting the insurance policies adjusted to the GDPR, which provides further transparency in the processing of personal data.

Email is not only one of the main channels to communicate personal data, but also the main attack vector by malicious third parties. Therefore, a special section in our privacy policy is devoted to it:

DKV will use the email you have provided to send an answer with the requested details. However, we only send personal or confidential information once it has been encrypted or, if this were not possible, by post.

Your email address will only be used to communicate with you and shall not be forwarded to any third party without your authorization.

If you receive an unsolicited email, and you have not provided us with your email address, please notify us. Next delete the email and do not open any suspicious links. If necessary, open them from your browser and not directly from your email.

Remember that DKV shall never ask you to send your username or password for your private customer area.

Before sending DKV an email that has not been encrypted or whose information is not protected, remember that its content will not be protected against other people who see it or may use it fraudulently. Only send information with especially protected data when absolutely necessary or requested by DKV.

If you receive an email from us that is not addressed to you, please delete it immediately and notify us so we can find out the reason for this incident. dpogrupodkv@dkvseguros.es and we will try to help you and also improve our security systems.

We recommend that you send all messages to DKV through the contact forms we provide or you perform any actions through your private customer area, which has the necessary security measures in place.

What is the lawful basis for processing my personal data?

The legal basis for the processing of your data is safeguarded by:

  • The formalisation, execution and management of the requested insurance contract and/or project (including the health data if necessary), in the terms set forth in the particular and special conditions. We require this data to be able to offer you a personalized rate or premium and also the best insurance cover for your situation.
  • Compliance with the insurance regulations and obligations affecting DKV, especially those set forth in the Insurance Contract Act, on the management, supervision and solvency of insurance and reinsurance companies (LOSSEAR and RDOSSEAR), the Insurance Distribution Directive and the Prevention of Money Laundering Act, where applicable.
  • The legitimate interest serves purposes such as: to carry out an analysis for the assumptions, limitations, and delimitation of risk and the prevention of fraud; internal administration and management control; intragroup transfers; the conducting of surveys and quality controls on the services provided; preparation of profiles for actuarial and market research purposes; security management; transfer to other entities for reinsurance and coinsurance and the dispatch of commercial communications and newsletters on DKV products and services.
  • Express consent if you are not a customer and you have requested the receipt of commercial communications on other products and services suitable for your profile.

What information rights do I have regarding the privacy of my personal data?

  1. The right to know if the company is in possession of your data and, if so, have access to all of it.
  2. The right to rectify your personal data if it is inaccurate or incomplete.
  3. The right to delete your personal data when it is no longer needed for the purposes it was collected, or that which you believe is not necessary for such purposes.
  4. The right to limit DKV from processing of all or part of your personal data in the circumstances established by the law.
  5. Oppose certain processing whose legal basis is the consent, such as the delivery of advertising or the drawing up profiles, among others.
  6. Request from you, or whoever you specify with the due precautions, the portability of your identifying personal data in an interoperable format.
  7. Withdraw, at any given time, the previously granted consents.

In accordance with the current regulation, the data subject may exercise their rights in writing, attaching a copy of a document attesting their identity (Spanish ID document, passport, driving licence or residence card), to the following postal address: (Torre DKV) Avenida Maria Zambrano 31, 50018 Zaragoza or at the email address arco@dkvseguros.es

You are advised to register and review your private customer area, from where you can carry out all procedures related to your personal data privacy, faster and more securely than by post.

DKV will always inform you on the decision, favourable or not, within 30 days or within two additional months, providing a reason for the delay.

If you do not receive a satisfactory response regarding exercising your rights, you can file a complaint with the Spanish Data Protection Authority, at the following address: C/ Jorge Juan, 6, 28001 Madrid.

You confirm that you have understood all the information in this privacy policy, and by clicking the "accept" button on the data collection form that refers you to this policy, you ACCEPT all the established terms and conditions.