Jesteś tutaj: Strona główna | Privacy Notice AWP P&C S.A. Branch in Poland

Privacy Notice AWP P&C S.A. Branch in Poland

Information on the processing of personal data of Insured Persons and Policyholders by AWP P&C Spółka Akcyjna Branch in Poland (GDPR Information clause)

The protection of Your personal data is important to us. Below, we provide information on how we process Your personal data and Your rights under data protection regulations.

This information clause may be updated periodically. Therefore, please review its provisions regularly. The date of the last update of this clause is indicated in the last line.

1. Who is the Data controller? (responsible for Your personal data)

AWP P&C Spółka Akcyjna Branch in Poland with its registered office at ul. Konstruktorska 12, 02-673 Warsaw (hereinafter also referred to as: “AWP P&C” or “Data controller”)

You can contact us by mail at the address provided above.

We have appointed a Data Protection Officer who can be contacted by email or mail at the following addresses:

Data Protection Officer

AWP P&C S.A. Branch in Poland

Konstruktorska 12, 02-673 Warszawa
e-mail address: iodopl@mondial-assistance.pl

2. List of personal data processing activities in which we act as the Data controller

Purposes of processing The legal basis
Activities performed prior to concluding the contract – preparation and presentation of the insurance offer

If You are acting as a Policyholder who is not the Insured Person, we process Your data on the basis of  Article 6 sec. 1 letter b) GDPR* i.e., data processing includes actions taken at Your request prior to the conclusion of the Contract.

If You are acting exclusively as the Insured Person, we process Your data on the basis of Article 6 sec. 1 letter f) GDPR, i.e. based on our legitimate interest in preparing and presenting an offer.
Activities undertaken prior to concluding a contract – insurance risk assessment and calculation of insurance premiums – also in an automated manner, including as part of profiling.

Article 6 sec. 1 letter c) GDPR, Article 9 sec. 2 letter g) GDPR in connection with Article 41 sec. 1 of the act on insurance and reinsurance activity, i.e. fulfillment of the legal obligations imposed on the Data controller under the insurance and reinsurance activity act.

Detailed information on the rules of automated data processing can be obtained in section 10 of this clause.

Conclusion and performance of insurance contracts, including the claims settlement process and the provision of benefits under the contract.

When it comes to insurance decisions, in some cases we may rely on automated processing, including profiling, which we will inform You about each time.

Article 6 sec. 1 letter b) and c) GDPR, Article 9 sec. 2 letter g) GDPR in connection with Article 41 sec. 1 of the act on insurance and reinsurance activity, i.e. data processing is necessary for the conclusion and performance of the insurance contract and fulfillment of the legal obligations imposed on the Data controller under the insurance and reinsurance activity act.

Detailed information on the rules of automated data processing can be obtained in section 10 of this clause.
Marketing of AWP P&C's own products and services

Article 6 sec. 1 letter f) GDPR, i.e. our legitimate interest consisting in the right to send You commercial information, including direct marketing, to the extent resulting from Your consent expressed in accordance with Article 398 of the act – electronic communications law, the so-called marketing consent.

If You wish to withdraw Your marketing consent, You can contact us at the address indicated in section 1 of this clause.
Fulfilling the legal obligations imposed on AWP P&C, in particular tax, accounting, and administrative obligations

Article 6 sec. 1 letter c) GDPR i.e. fulfillment of legal obligations incumbent on the Data controller resulting from legal regulations, in particular tax law and the accounting act.
Spreading insurance risk through reinsurance or co-insurance Article 6 sec. 1 letter f) GDPR i.e. our legitimate interest in reducing the insurance risk arising from the insurance contract concluded.
Verification of Customer presence on sanctions lists  Article 6 sec. 1 letter c) GDPR i.e. fulfillment of legal obligations incumbent on the Data controller under the provisions of law.
Prevention and detection of insurance fraud Article 6 sec. 1 letter f) GDPR i.e. our legitimate interest in preventing insurance fraud and defending against abuse that could result in the payment of undue benefits.
Customer satisfaction survey

Article 6 sec. 1 letter f) GDPR i.e. our legitimate interest in examining the quality of our services and the level of Customer satisfaction with those services.

The survey is conducted within the scope resulting from Your consent expressed in accordance with Article 398 of the act – electronic communications law, the so-called marketing consent.
Consideration of complaints, requests, and claims

The legal basis for processing is:

  • in the case of complaints - Article 6 sec. 1 letter c) GDPR, i.e. fulfillment of the legal obligation incumbent on AWP P&C resulting from the act on the handling of complaints by financial market entities and on the Financial Ombudsman
  • in the case of other claims and requests – Article 6 sec. 1 letter f) GDPR, i.e. our legitimate interest in handling requests and improving the quality of our services.

Collection of statistical data for the purpose of determining insurance premiums, reinsurance premiums, and technical insurance reserves for solvency purposes, as well as technical insurance reserves for accounting purposes.

Identification, pursuit (including collection) and defense against claims, as well as ensuring accountability

Article 6 sec. 1 letter c) GDPR, i.e. fulfillment of legal obligations incumbent on the Data controller under the provisions of law, in particular Article 33(3) of the insurance and reinsurance activity act.

Article 6 sec. 1 letter f) GDPR, i.e. our legitimate interest in being able to establish, pursue, and defend against potential claims, as well as in being able to demonstrate that we process Your data in accordance with the provisions of the GDPR.
Ensuring high-quality customer service and training call center operators, as well as for evidentiary purposes (the ability to demonstrate what has been agreed upon) – for these purposes, we will record and monitor conversations with customers. Article 6 sec. 1 letter f) GDPR, i.e. our legitimate interest in ensuring high standards of customer service, training call center staff, and being able to demonstrate the arrangements made during a telephone conversation.

3. Categories of data recipients

In connection with the pursuit of the above purposes, Your personal data may be disclosed to the following entities, which act as separate data controllers:

  • Public authorities, other entities from the Allianz Group, insurance companies, co-insurers, reinsurers, payment institutions, including banks, entities providing services to the insured (e.g., repair services, medical services, assistance services), lawyers, policyholder.

 In connection with the pursuit of the above purposes, we may also transfer Your personal data to the following entities, which act as data processors under our instructions:

  • Other entities from the Allianz Group, insurance brokers and agents, consultants, experts, claims adjusters, appraisers, entities providing services to the Data controller (IT services, including data hosting, telecommunications, postal services, document management and archiving, performance of a contract by providing services to an authorized person) or
  • Advertisers and advertising networks – to send You marketing communications, to the extent permitted by applicable law and in accordance with Your communication preferences. We do not share Your personal data with unrelated third parties for their own marketing purposes without Your consent.

 In addition, we may share Your personal data in the following instances:

  • in the event of a proposed or actual reorganization, merger, sale, joint venture, transfer, disposition, or other disposition of all or any portion of our business or assets (including in connection with any bankruptcy or similar proceedings); or
  • To comply with legal obligations, including providing data to the relevant authority if You file a complaint about a product or service we have provided to You.

4. Where is Your personal data processed?

Your personal data may be processed both within and outside the European Economic Area (EEA), but always in accordance with contractual confidentiality and security restrictions, in accordance with applicable data protection regulations.

Whenever we transfer Your personal data outside the EEA for processing by another Allianz Group entity, this is done on the basis of binding corporate rules approved by Allianz, known as the Allianz Binding Corporate Rules (BCR), which ensure an adequate level of personal data protection and are legally binding on all Allianz Group companies. The content of the BCR can be found at Binding Corporate Rules (allianz-partners.com).

When the BCRs do not apply in a given case, we will take other appropriate measures to ensure that the transfer of Your personal data outside the EEA is carried out with a level of protection equivalent to that applicable within the EEA.

Information about the safeguards used in connection with such data transfers (e.g., standard contractual clauses) can be obtained by contacting us as indicated in section 1 of this clause.

5. Data retention period

We will store Your personal data for as long as necessary to achieve the above-mentioned purposes specified in section 2 of this clause, in particular:

  1. for the purpose pursued prior to the conclusion of the insurance contract,e. the preparation and presentation of an insurance offer, the assessment of insurance risk, and the calculation of the premium:
    1. if the insurance contract is not concluded – for the period necessary to achieve this purpose,
    2. if the insurance contract is concluded – until the date of termination or expiry of the insurance contract or termination of the insurance arrangement;
  2. for the purpose of concluding and performing the insurance contract, including in particular the settlement of claims and the provision of benefits – until the date of termination or expiry of the insurance contract or the termination of the insurance arrangement;
  3. for marketing purposes – no longer than until the Data controller's legitimate interest ceases to exist, and in particular no longer than until the consent granted under the provisions of the Electronic Communications Law is withdrawn, an effective objection to the processing of personal data is made, or the purpose of processing ceases to exist – whichever of these events occurs first;
  4. in order to fulfill the legal obligations incumbent on the Data controller, in particular tax, accounting, and administrative obligations – for periods resulting from applicable law, including provisions specifying the retention periods for accounting documentation;
  5. in order to spread insurance risk through reinsurance or co-insurance – until the date of termination or expiry of the insurance contract or termination of the insurance arrangement;
  6. for the purpose of verification on sanction lists prevention and detection of insurance fraud – for the period resulting from the provisions of law imposing obligations on the Data controller in this regard;
  7. for the purpose of prevention and detection of insurance fraud - no longer than until the Data controller’s legitimate interest ceases to exist, and in particular no longer than until the completion of activities undertaken in connection with the prevention or detection of fraud or an effective objection to the processing of personal data is lodged – whichever of these events occurs first;
  8. for the purpose of customer satisfaction surveys – no longer than until the Data controller’s legitimate interest ceases to exist, and in particular no longer than until the consent granted under the provisions of the act is withdrawn – electronic communications law, an effective objection to the processing of personal data is lodged, or the purpose of processing ceases to exist – whichever of these events occurs first;
  9. for the purpose of handling complaints, claims, and requests – until the date of completion of proceedings concerning the complaint, claim, or request;
  10. for the purpose of collecting statistical data – for no longer than 12 years from the date of termination of the insurance contract;
  11. for the purpose of ensuring high quality customer service, including for training purposes – for no longer than until the Data controller's legitimate interest ceases to exist.

Once the above objectives have been achieved, we may store Your personal data for a period corresponding to the limitation period for any claims, only to the extent necessary to establish, pursue, or defend against claims and to ensure accountability—i.e., the ability to demonstrate that we process Your data in accordance with the provisions of the GDPR.

This period may be extended in the event of an interruption of the limitation period or the initiation of proceedings before a competent authority or court, until the proceedings are legally concluded. For more information, please contact us.

6. What are Your rights?

To the extent permitted by applicable law, You have the right to:

  • access Your personal data in our possession and learn about the origin of such data, the purposes for which it is processed, as well as information about the data controller and processor to whom it may be disclosed;
  • withdraw Your consent at any time if Your personal data is processed on the basis of consent;
  • update or correct Your personal data so that it is always accurate;
  • have Your personal data removed from our records if it is no longer needed for the purposes indicated above;
  • request the restriction of the processing of Your personal data in certain circumstances, e.g. when You contest the accuracy of Your personal data, for a period enabling us to verify its accuracy;
  • obtain Your personal data in electronic format for Your own needs or for a new insurer;
  • submit a complaint or claim to us or to the relevant data protection authority. In Poland, this authority is the President of the Personal Data Protection Office.

Furthermore, in relation to automated decision-making, You have the right to dispute it, obtain justification for it, present Your own position to us, or request that Your situation be analyzed and a decision be made by our employee.

You can exercise these rights by contacting us in accordance with the detailed information provided in section 1 of this clause, providing Your name, email address, and the subject of Your request.

7. Objection to data processing

To the extent permitted by applicable law, You have the right to object to our processing of Your personal data or to request that we cease processing it (including for direct marketing purposes). You may exercise this right in the same manner as the other rights set out in section 6 of this clause.

8. Safety

We use appropriate technical and organizational safety measures to protect Your data against accidental or intentional manipulation, partial or total loss, destruction, or unauthorized access by third parties. Our safety measures are continuously improved in line with technological developments.

9. Data sources

In principle, we obtain personal data directly from You.

In some cases, data may also come from other sources.

If You are the Insured, Your personal data may come from:

  • the Policyholder – if You are not also the Policyholder and Your data has been provided in connection with the conclusion of an insurance contract, within the scope of data indicated by the Policyholder, necessary for the conclusion and performance of the insurance contract,
  • from a third party reporting the damage – if the damage was reported by another person, within the scope of the data indicated when reporting the damage,
  • from entities providing medical services that have provided You with healthcare services – in the scope of information necessary to assess insurance risk, verify the health data You have provided, and determine Your entitlement to benefits under the insurance contract and the amount of such benefits (pursuant to Article 38(1) – (7) of the act on insurance and reinsurance activity and only with Your consent),
  • from the National Health Fund – in the scope of data concerning the names and addresses of healthcare providers who provided You with healthcare services in connection with an accident or fortuitous event which is the basis for determining the liability of the insurance company and the amount of compensation or benefit – (pursuant to Article 38(8) of the insurance and reinsurance activity act and only with Your consent),
  • from other insurance companies – to the extent necessary to assess the insurance risk and verify the data provided by the policyholder, the insured, or the person on whose behalf the insurance contract is to be concluded, to determine the insured's entitlement to benefits under the contract and the amount of such benefits, as well as information about the cause of death of the insured or information necessary to determine the right of the beneficiary under the insurance contract to benefits and the amount thereof (pursuant to Article 39 of the insurance and reinsurance activity act and only with Your consent),
  • from Your legal representative or legal guardian – if You are a minor, in the scope of data necessary to conclude and perform the insurance contract,
  • from entities providing services to You in connection with the performance of benefits under the insurance contract – in the scope of information concerning the performance of these services under the insurance contract (only with Your consent).

10. Information about automated decision-making, including profiling

For some of our products, when making decisions regarding:

  • insurance risk assessment and insurance premium amounts, we may use automated decision-making mechanisms, including profiling. This means that we will analyze the information You provide (e.g., regarding Your health, date of birth, value of the insured item, and in the case of travel insurance, also the length and purpose of Your stay) and assign it to appropriate profiles created on the basis of our statistical data;
  • determining the amount of compensation or the validity of granting benefits – in uncomplicated cases, we may use automated decision-making mechanisms. In such cases, You will be informed by us each time.

This means that in such cases, decisions may be made without human involvement.

In connection with automated decision-making, You have the right to challenge such a decision, obtain explanations regarding the rules for making it, present Your own position, and request that Your case be reconsidered and a decision be made by an employee.

11. Obligation to provide data

Providing personal data is necessary to assess insurance risk, enter into and perform an insurance contract, including settling reported claims and handling complaints, requests, or claims, as well as fulfilling the legal obligations incumbent on the Data controller.

If the personal data necessary to achieve the above-mentioned purposes is not provided, it will not be possible to achieve them.

The provision of data processed for marketing purposes is voluntary.

We regularly review and update this Information clause. We will ensure the most recent version is available on https://www.mondial-assistance.pl/biznes/dane.aspx and we will tell you directly when there’s an important change that may impact you.

This Information notice was last updated on March 19, 2026.

 

* Whenever we use the term “GDPR” in this clause, we refer to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (Journal EU L 119z 04.05.2016, p. 1 and EU Official Journal L 127 of 23.05.2018, p. 2)